Gitlab 定时备份

要求

1.为了能够备份和恢复，请确保你的系统上安装了Rsync

#Debian/Ubauntu
sudo apt-get install rsync
#  RHEL/Centos
sudo yum install rsync

2.配置了与备份目标机器之间的免密认证

修改gitlab配置文件：

vim /etc/gitlab/gitlab.rb

#指定备份后数据存放的路径、权限、时间配置
gitlab_rails['manage_backup_path'] = true                  #292行      开启备份功能
gitlab_rails['backup_path'] = "/opt/gitlab_backups"        #293行      指定备份的路径
gitlab_rails['backup_archive_permissions'] = 0644          #296行      备份文件的权限
gitlab_rails['backup_keep_time'] = 7776000                 #301行      备份保留时间（保留90天 单位：秒

注意备份路径，备份主机要与本机一致，修改后记得执行gitlab-ctl reconfigure

创建备份目录并授权：

mkdir /opt/gitlab_backups && chown -R git.git /opt/gitlab_backups/

重新生效Gitlabb配置：

gitlab-ctl reconfigure

手动备份：

[root@gitlabdev ~]# gitlab-backup create
2021-06-15 10:37:09 +0800 -- Dumping database ...
Dumping PostgreSQL database gitlabhq_production ... [DONE]
2021-06-15 10:37:12 +0800 -- done
2021-06-15 10:37:12 +0800 -- Dumping repositories ...
 * eda_groups/naura_eda (@hashed/3f/db/3fdba35f04dc8c462986c992bcf875546257113072a909c162f7e470e581e278) ...
 * eda_groups/naura_eda (@hashed/3f/db/3fdba35f04dc8c462986c992bcf875546257113072a909c162f7e470e581e278) ... [DONE]
 * eda_groups/naura_eda.wiki (@hashed/3f/db/3fdba35f04dc8c462986c992bcf875546257113072a909c162f7e470e581e278.wiki) ...
 * eda_groups/naura_eda.wiki (@hashed/3f/db/3fdba35f04dc8c462986c992bcf875546257113072a909c162f7e470e581e278.wiki) ... [EMPTY] [SKIPPED]
 * eda_groups/naura_eda.design (@hashed/3f/db/3fdba35f04dc8c462986c992bcf875546257113072a909c162f7e470e581e278.design) ...
 * eda_groups/naura_eda.design (@hashed/3f/db/3fdba35f04dc8c462986c992bcf875546257113072a909c162f7e470e581e278.design) ... [EMPTY] [SKIPPED]
2021-06-15 10:37:15 +0800 -- done
2021-06-15 10:37:15 +0800 -- Dumping uploads ...
2021-06-15 10:37:15 +0800 -- done
2021-06-15 10:37:15 +0800 -- Dumping builds ...
2021-06-15 10:37:15 +0800 -- done
2021-06-15 10:37:15 +0800 -- Dumping artifacts ...
2021-06-15 10:37:15 +0800 -- done
2021-06-15 10:37:15 +0800 -- Dumping pages ...
2021-06-15 10:37:15 +0800 -- done
2021-06-15 10:37:15 +0800 -- Dumping lfs objects ...
2021-06-15 10:37:15 +0800 -- done
2021-06-15 10:37:15 +0800 -- Dumping container registry images ...
2021-06-15 10:37:15 +0800 -- [DISABLED]
Creating backup archive: 1623724635_2021_06_15_13.12.3_gitlab_backup.tar ... done
Uploading backup archive to remote storage  ... skipped
Deleting tmp directories ... done
done
done
done
done
done
done
done
Deleting old backups ... done. (0 removed)
Warning: Your gitlab.rb and gitlab-secrets.json files contain sensitive data
and are not included in this backup. You will need these files to restore a backup.
Please back them up manually.
Backup task is done.

ps:这里提示 gitlab.rb 和 gitlab-secrets.json 包涵敏感数据需要手动备份

查看备份：

ll -sh /opt/gitlab_backups/

编写备份脚本，结合crontab实施自动定时备份，比如每天0点、6点、12点、18点各备份一次

编写备份脚本：

#!/usr/bin/bash

#获取当前时间
locale_date=`date +%Y-%m-%d.%H.%M.%S`

#远端IP备份主机ip
backup_host=192.168.101.133

#本地备份路径
backup_path=/opt/gitlab_backups

#日志路径
backup_log=/opt/gitlab_backups/gitlab_back.log

#CRON=1 环境变量CRON=1的作用是如果没有任何错误发生时， 抑制备份脚本的所有进度输出
#BACKUP=${locale_date}改变backup文件名称 例: 2021-06-15_11:22:52_gitlab_backup.tar

/opt/gitlab/bin/gitlab-backup create BACKUP=${locale_date} CRON=1
if [ $? -eq 0 ];then
        echo "${locale_date} ${backup_path}_gitlab_backup.tar 备份创建成功." >> ${backup_log}
else
        echo "${locale_date} ${backup_path}_gitlab_backup.tar 备份创建失败." >>  ${backup_log}
        exit 1
fi

#判断/opt/gitlab_backups目录是否存在，否则创建
if [ ! -d ${backup_path} ]; then
  mkdir ${backup_path}
fi

#拷贝配置文件至本地备份目录/opt/gitlab_backups
cp -af /etc/gitlab/gitlab-secrets.json ${backup_path}/${locale_date}_gitlab-secrets.json >> ${backup_log}
cp -af /etc/gitlab/gitlab.rb ${backup_path}/${locale_date}_gitlab.rb >> ${backup_log}

#同步本地 /opt/gitlab_backups目录到远端/opt/目录下
rsync -avzPr --delete /opt/gitlab_backups root@${backup_host}:/opt/  >> ${backup_log}

[root@gitlabdev ~]# chmod +x /opt/gitlab_backups/gitlab_back.sh

加入定时任务：

crontab -e #添加定时任务
crontab -l #查看已添加定时任务
[root@gitlabdev ~]# crontab -l
0 0,6,12,18 * * * /bin/bash /opt/gitlab_backups/gitlab_back.sh > /dev/null 2>&1

GItlab只能还原到与备份文件相同的gitlab版本。

备份恢复脚本

#!/bin/bash

local_ip=`/sbin/ifconfig -a|grep inet|grep -v 127.0.0.1|grep -v inet6|awk '{print $2}'|tr -d "addr:"`
echo -e "本机IP:${local_ip} \n"

echo -e  "\033[36m发现以下下备份文件:\n \033[0m"
ls  -lt /opt/gitlab_backups/*.tar|awk -F '/' '{print $4}'
echo -e "\n\033[36m请输入要恢复的文件或时间节点:\033[0m"
read input

gitlab_backup=${input%%_*}
gitlab_rb=/opt/gitlab_backups/${gitlab_backup}_gitlab.rb
secrets_json=/opt/gitlab_backups/${gitlab_backup}_gitlab-secrets.json

echo -e "\n\033[36m即将恢复以下文件：\033[0m"
echo "/opt/gitlab_backups/${gitlab_backup}_gitlab_backup.tar"
echo ${gitlab_rb}
echo ${secrets_json}

sed  -i  "s#\(^external_url .*\)#external_url 'http://${local_ip}' #g" ${gitlab_rb}

chown -Rf git:git /opt/gitlab_backups

#/bin/cp -f /etc/gitlab/gitlab.rb /etc/gitlab/gitlab.rb-`date +%Y-%m-%d_%H_%M_%S`-backup
#/bin/cp -f /etc/gitlab/gitlab-secrets.json  /etc/gitlab/gitlab-secrets.json-`date +%Y-%m-%d_%H_%M_%S`-backup
#/bin/cp -f ${gitlab_rb} /etc/gitlab/gitlab.rb
#/bin/cp -f ${secrets_json} /etc/gitlab/gitlab-secrets.json
#/opt/gitlab/bin/gitlab-ctl reconfigure
echo -e "\n\033[36m停止数据库服务\033[0m"

/opt/gitlab/bin/gitlab-ctl stop unicorn
/opt/gitlab/bin/gitlab-ctl stop puma
/opt/gitlab/bin/gitlab-ctl stop sidekiq

echo -e "\n\033[36m开始恢复${gitlab_backup}备份：\033[0m"
/opt/gitlab/bin/gitlab-backup restore BACKUP=${gitlab_backup}

echo -e "\n\033[36m备份本机配置文件\033[0m"
/bin/cp -f /etc/gitlab/gitlab.rb /etc/gitlab/gitlab.rb-`date +%Y-%m-%d_%H_%M_%S`-backup
/bin/cp -f /etc/gitlab/gitlab-secrets.json  /etc/gitlab/gitlab-secrets.json-`date +%Y-%m-%d_%H_%M_%S`-backup
ls -lt  /etc/gitlab/|grep `date +%Y-%m-%d_%H_%M_%S`

echo -e "\n\033[36m覆盖本机配置文件\033[0m"
/bin/cp -f ${gitlab_rb} /etc/gitlab/gitlab.rb
/bin/cp -f ${secrets_json} /etc/gitlab/gitlab-secrets.json
echo "/etc/gitlab/gitlab.rb"
echo "/etc/gitlab/gitlab-secrets.json"

echo -e "\n\033[36m重新加载配置文件并重启服务\033[0m"
/opt/gitlab/bin/gitlab-ctl reconfigure
/opt/gitlab/bin/gitlab-ctl restart