寫在開始：

公司之前的gitlab服務器，版本8.10.5，是由開發(fā)同學安裝、部署和維護。
官方安裝步驟教程好多頁，過程非常繁瑣。而且如果將來遷移或者系統(tǒng)損壞，又得重新部署一遍。
現(xiàn)在交接給運維部門維護，采用docker方式部署，方便快捷，而且將來遷移、升級方便、高效。

基本機器信息：

基本目錄約束：

總目錄：/home/data
docker-compose配置文件：/home/data/docker-compose.yml
docker數(shù)據(jù)：/home/data/gitlab/data
nginx：
    配置：/home/data/nginx/etc/sites
    ssl證書：/home/data/nginx/etc/ssl
    logs日志：/home/data/nginx/logs
haproxy配置文件：/home/data/haproxy/etc/haproxy.cfg
postgresql數(shù)據(jù)：/home/data/postgresql/data
redis數(shù)據(jù)：/home/data/redis/data

一、基本環(huán)境準備

1.關(guān)閉SELinux和防火墻

機器A、B：

#防火墻
#關(guān)閉防火墻
systemctl stop firewalld
#禁止開機啟動
systemctl disable firewalld

#SELinux
#關(guān)閉即時生效
setenforce 0
#永久有效
#修改/etc/selinux/config，“SELINUX=enforcing”修改為“SELINUX=disabled”，然后重啟。
sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config
#重啟生效修改
reboot

2.修改ssh登錄端口

機器A、B：

#編輯配置文件
vi /etc/ssh/sshd_config
#改成8822端口
Port 8822
#重啟ssh服務
systemctl restart sshd

二、安裝

1.docker安裝

#安裝
curl -sSL https://get.daocloud.io/docker | sh
#配置 Docker 加速器
curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s http://26109e56.m.daocloud.io
#啟動docker
systemctl start docker
#加入開機啟動docker
systemctl enable docker

2.docker-compose安裝

curl -L https://get.daocloud.io/docker/compose/releases/download/1.13.0/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose
chmod a+x /usr/local/bin/docker-compose

3.docker鏡像pull

機器A：

#因為遷移和升級是兩個部分，所有需要pull兩個版本，gitlab（https://github.com/sameersbn/docker-gitlab）
docker pull sameersbn/gitlab:8.10.5
docker pull sameersbn/gitlab:9.2.2

機器B：

#redis（https://github.com/sameersbn/docker-redis）
docker pull sameersbn/redis
#nginx（https://github.com/sameersbn/docker-nginx）
docker pull sameersbn/nginx
#postgresql（https://github.com/sameersbn/docker-postgresql）
docker pull sameersbn/postgresql:9.6-2
#haproxy（for gitlab ssh mode）
docker pull haproxy:1.7.6

三、配置

1.機器B

docker-compose配置文件

nginx:
  restart: always
  image: sameersbn/nginx:latest
  volumes:
    - /home/data/nginx/etc/sites:/etc/nginx/conf.d:Z
    - /home/data/nginx/etc/ssl:/etc/nginx/ssl:Z
    - /home/data/nginx/logs:/var/log/nginx:Z
  ports:
    - "80:80"
    - "443:443"

postgresql:
  restart: always
  image: sameersbn/postgresql:9.6-2
  environment:
    - DB_USER=gitlab
    - DB_PASS=hamgua!@#gitlab
    - DB_NAME=gitlabhq_production
    - DB_EXTENSION=pg_trgm
  volumes:
    - /home/data/postgresql/data:/var/lib/postgresql:Z
  ports:
    - "5432:5432"

redis:
  restart: always
  image: sameersbn/redis:latest
  volumes:
    - /home/data/redis/data:/var/lib/redis:Z
  ports:
    - "6379:6379"

haproxy:
  restart: always
  image: haproxy:1.7.6
  volumes:
    - /home/data/haproxy/etc:/usr/local/etc/haproxy:Z
  ports:
    - "22:80"    

nginx配置：

upstream git-hamgua {
  server 172.16.16.147:10080 max_fails=3 fail_timeout=30s weight=1;
}


server {
  listen   80;
  listen   443 ssl;
  server_name git.hamgua.com;

  ssl_certificate       /etc/nginx/ssl/git.hamgua.cn.crt;
  ssl_certificate_key   /etc/nginx/ssl/git.hamgua.cn.key;
  ssl_protocols         TLSv1 TLSv1.1 TLSv1.2;
  ssl_prefer_server_ciphers on;
  ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AES:RSA+3DES:!ADH:!AECDH:!MD5:!DSS;
  ssl_session_cache     shared:SSL:10m;
  ssl_session_timeout   10m;

  location / {
    proxy_pass http://git-hamgua;

    proxy_redirect          off;
    #proxy_next_upstream  error timeout invalid_header http_500 http_502 http_503 http_504;
    proxy_next_upstream off;
    proxy_set_header        Host $host;
    proxy_set_header        X-Real-IP $remote_addr;
    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
    #proxy_set_header       Accept-Encoding  "";
    proxy_connect_timeout   300;
    proxy_send_timeout      300;
    proxy_read_timeout      300;
    proxy_buffer_size       64k;
    proxy_buffers           16 64k;
    proxy_busy_buffers_size 128k;
    proxy_temp_file_write_size 128k;
    proxy_redirect          default;
    proxy_ignore_client_abort on;
    proxy_http_version 1.1;
    proxy_set_header Connection "";

  }

}

haproxy配置：

global
    pidfile /var/run/haproxy.pid
    maxconn 81920
    nbproc 10
    daemon
    quiet

defaults
    log global
    mode http
    option httplog
    option dontlognull
    retries 3
    option redispatch
    maxconn 10240
    timeout connect 5000ms
    timeout client 60000ms
    timeout server 60000ms

frontend git
    bind 0.0.0.0:80
    mode tcp
    default_backend gitlab-ssh

backend gitlab-ssh
    option tcpka
    balance roundrobin
    mode tcp
    server gitlab-ssh1 172.16.16.147:10022 weight 1 check port 10022 inter 1s rise 2 fall 2

2.機器A

docker-compose配置文件（8.10.5版本）

gitlab:
  restart: always
  image: sameersbn/gitlab:8.10.5
  ports:
    - "10080:80"
    - "10022:22"
  environment:
    #postgresql
    - DB_ADAPTER=postgresql
    - DB_HOST=172.16.16.148
    - DB_PORT=5432
    - DB_USER=gitlab
    - DB_PASS=hamgua!@#gitlab
    - DB_NAME=gitlabhq_production
    #redis
    - REDIS_HOST=172.16.16.148
    - REDIS_PORT=6379

    #global config
    - DEBUG=false
    - TZ=Asia/Shanghai
    - GITLAB_TIMEZONE=Shanghai
    - GITLAB_ROOT_EMAIL=hamgua@hamgua.com
    - GITLAB_SECRETS_DB_KEY_BASE=mjztzlfksTvRz5wNXjVDstTJZklGKDWsHX6Q9s55ZVc9v7TdGvDs3DHzFLxsKWsT

    - GITLAB_HOST=git.hamgua.com
    #ssl port
    - GITLAB_PORT=443
    #ssh port
    - GITLAB_SSH_PORT=22
    - GITLAB_HTTPS=true
    - GITLAB_NOTIFY_ON_BROKEN_BUILDS=true
    - GITLAB_NOTIFY_PUSHER=false
    - GITLAB_PAGES_ENABLED=true
    - GITLAB_PAGES_DOMAIN=git.hamgua.com
    - GITLAB_EMAIL=hamgua@hamgua.com
    - GITLAB_EMAIL_REPLY_TO=hamgua@hamgua.com
    - GITLAB_INCOMING_EMAIL_ADDRESS=hamgua@hamgua.com
    
    #backup
    #every day    
    - GITLAB_BACKUP_SCHEDULE=daily
    - GITLAB_BACKUP_TIME=01:00
    #7 days
    - GITLAB_BACKUP_EXPIRY=604800
    
    #smtp
    - SMTP_ENABLED=true
    - SMTP_DOMAIN=hamgua.com
    - SMTP_HOST=smtp.exmail.qq.com
    - SMTP_PORT=587
    - SMTP_USER=hamgua@hamgua.com
    - SMTP_PASS=hamgua
    - SMTP_STARTTLS=true
    - SMTP_AUTHENTICATION=plain
    - IMAP_ENABLED=false
  volumes:
    - /home/data/gitlab/data:/home/git/data:Z

四、初始化和啟動

1.docker初始化

機器B：

cd /home/data
docker-compose create nginx redis postgresql

機器A：

cd /home/data
docker-compose create gitlab

2.docker啟動

(注意必須先啟動機器B的redis、postgresql服務)
機器B：

cd /home/data
docker-compose start nginx redis postgresql

機器A：

cd /home/data
docker-compose start gitlab

五、備份和恢復

1.備份（機器O）

#登錄機器O，執(zhí)行備份，會生成類似1497291058_gitlab_backup.tar的備份文件
cd /var/opt/gitlab/backups/
gitlab-rake gitlab:backup:create RAILS_ENV=production
#發(fā)送到docker gitlab服務器的備份目錄
scp 1497291058_gitlab_backup.tar root@172.16.16.147:/home/data/gitlab/data/backups/

2.恢復（機器A）

#登錄gitlab容器
docker exec -ti data_gitlab_1 bash
#執(zhí)行恢復
sudo -u git -H bundle exec rake gitlab:backup:restore RAILS_ENV=production

恢復輸入確認

#一共有兩個部分需要確認
1.恢復git數(shù)據(jù)
Before restoring the database we recommend removing all existing
tables to avoid future upgrade problems. Be aware that if you have
custom tables in the GitLab database these tables and all data will be
removed.

Do you want to continue (yes/no)? 輸入yes

2.恢復authorized_keys文件
This will rebuild an authorized_keys file.
You will lose any data stored in authorized_keys file.
Do you want to continue (yes/no)? 輸入no

3.清除緩存

#登錄gitlab容器
docker exec -ti data_gitlab_1 bash
#清除緩存
sudo -u git -H bundle exec rake cache:clear RAILS_ENV=production

六、升級gitlab

1.關(guān)閉和刪除8.10.5版本的gitlab docker容器(機器A)

docker-compose stop gitlab
docker-compose rm gitlab

2.啟動9.2.2版本gitlab docker容器(機器A)

9.2.2的docker-compose配置文件：

gitlab:
  restart: always
  image: sameersbn/gitlab:9.2.2
  ports:
    - "10080:80"
    - "10022:22"
  environment:
    #postgresql
    - DB_ADAPTER=postgresql
    - DB_HOST=172.16.16.148
    - DB_PORT=5432
    - DB_USER=gitlab
    - DB_PASS=hamgua!@#gitlab
    - DB_NAME=gitlabhq_production

    #redis
    - REDIS_HOST=172.16.16.148
    - REDIS_PORT=6379

    #global config
    - DEBUG=false
    
    - TZ=Asia/Shanghai
    - GITLAB_TIMEZONE=Shanghai

    - GITLAB_HOST=git.hamgua.com
    #ssl port
    - GITLAB_PORT=443
    #ssh port
    - GITLAB_SSH_PORT=22
    - GITLAB_HTTPS=true
    - GITLAB_NOTIFY_ON_BROKEN_BUILDS=true
    - GITLAB_NOTIFY_PUSHER=false
    - GITLAB_PAGES_ENABLED=true
    - GITLAB_PAGES_DOMAIN=git.hamgua.com
    
    - GITLAB_RELATIVE_URL_ROOT=
    - GITLAB_SECRETS_DB_KEY_BASE=mjztzlfksTvRz5wNXjVDstTJZklGKDWsHX6Q9s55ZVc9v7TdGvDs3DHzFLxsKWsT
    - GITLAB_SECRETS_SECRET_KEY_BASE=RWNLdwXfsGHdGGjwSw678sWxztJ3sPJbfVm2BRrHq5Ql9XCZVXVLTHN7vpSdWmKF2DJ4qV2s5NJgZwcxPjZw5wJ9PwvdhjsQ99dWjmLDXvwBsWV3K227573vVQCmwZ5R
    - GITLAB_SECRETS_OTP_KEY_BASE=LrC872vHQ5bnjB6m7xBHPF99H9NPvqcFJlbf47TVZN835FnGG5kJvFtRwQQVRmBfcW96TJtJF5sxWKBKmm6QWf2RNddScLXMnwmmtGcDptRclZ97GLx8SxVSjdgm88WG    
    
    - GITLAB_ROOT_EMAIL=hamgua@hamgua.com
    - GITLAB_EMAIL=hamgua@hamgua.com
    - GITLAB_EMAIL_REPLY_TO=hamgua@hamgua.com
    - GITLAB_INCOMING_EMAIL_ADDRESS=hamgua@hamgua.com
    
    #backup
    #every day
    - GITLAB_BACKUP_SCHEDULE=daily
    - GITLAB_BACKUP_TIME=01:00
    #7 days
    - GITLAB_BACKUP_EXPIRY=604800
    
    #smtp
    - SMTP_ENABLED=true
    - SMTP_DOMAIN=hamgua.com
    - SMTP_HOST=smtp.exmail.qq.com
    - SMTP_PORT=587
    - SMTP_USER=hamgua@hamgua.com
    - SMTP_PASS=hamgua
    - SMTP_STARTTLS=true
    - SMTP_AUTHENTICATION=plain
    - IMAP_ENABLED=false
  volumes:
    - /home/data/gitlab/data:/home/git/data:Z

初始化(機器A)

cd /home/data
docker-compose create gitlab

啟動(機器A)

cd /home/data
docker-compose start gitlab

清除緩存

#登錄gitlab容器
docker exec -ti data_gitlab_1 bash
#清除緩存
sudo -u git -H bundle exec rake cache:clear RAILS_ENV=production

七、登錄驗證

登錄驗證，確保數(shù)據(jù)遷移完整誤和版本升級完成。

八、git高可用方案

gitlab：inotify+unison雙向文件同步，實現(xiàn)git提交倉庫自動同步到另一臺git服務器。參考：http://leanote.com/blog/post/591d50b4ab64412be900163d
postgresql：主從流復制。參考：http://www.itdecent.cn/p/2d07339774c0

總結(jié)：

1.gitlab遷移必須要跟原版本保持一致，否則備份恢復會提醒版本不兼容。
2.遷移完畢，需要先簡單驗證數(shù)據(jù)，然后再進行升級，防止數(shù)據(jù)丟失。
3.高可用方案機器A、B都需要double部署。
4.萬事小心，想好遷移回滾方案。