https://docs.gitlab.com/ee/administration/high_availability/gitlab.html

https://about.gitlab.com/high-availability/

https://www.oschina.net/translate/gitlab-high-availability?lang=chs

gitlab目录结构:

find / -name gitlab |grep -v "^/opt/"
/run/gitlab          # pid目录 
/etc/gitlab            # 配置目录
/var/log/gitlab     # 日志目录
/var/opt/gitlab     # 应用数据保存目录,要同步的主要是这里的部分数据
/opt/gitlab           # bin程序目录

架构图:

git1

git2:

(gitlab 允许多个节点,多活)

postgresql集群:

redis集群(哨兵模式)

MFS网络文件存储

# MFS集群部署见 http://www.cnblogs.com/linkenpark/p/7416998.html

redis集群(哨兵模式):http://blog.51cto.com/tianshili/1759289

# PostgreSQL 主从集群部署 http://www.cnblogs.com/linkenpark/p/8339936.html

安装postgresql扩展pg_trgm

yum -y install postgresql96-contrib-9.6.8    # 默认的 yum -y install postgresql-contrib

创建用户及库

su - postgres

psql

create role gitlab login encrypted password 'pass';

\du   ;显示用户

create database gitlabhq_production owner=gitlab ENCODING = 'UTF8';

\l     ;列出数据库

;添加pg_trgm扩展

CREATE EXTENSION pg_trgm;

在MFS服务端根目录下创建一个项目给gitlab用

mkdir gitlab

cd gitlab; mkdir -p .ssh gitlab-rails/uploads gitlab-rails/shared gitlab-ci/builds git-data

git1、git2 挂载MFS目录

mkdir -p /var/opt/gitlab/.ssh /var/opt/gitlab/gitlab-rails/uploads /var/opt/gitlab/gitlab-rails/shared /var/opt/gitlab/gitlab-ci/builds /var/opt/gitlab/git-data

cat /etc/fstab

mfsmount /var/opt/gitlab/.ssh    fuse    mfsmaster=mfsmaster,mfsport=9421,mfssubfolder=/gitlab/.ssh,mfspassword=passwd,_netdev 0 0

mfsmount /var/opt/gitlab/gitlab-rails/uploads    fuse    mfsmaster=mfsmaster,mfsport=9421,mfssubfolder=/gitlab/gitlab-rails/uploads,mfspassword=passwd,_netdev 0 0

mfsmount /var/opt/gitlab/gitlab-rails/shared    fuse    mfsmaster=mfsmaster,mfsport=9421,mfssubfolder=/gitlab/gitlab-rails/shared,mfspassword=passwd,_netdev 0 0

mfsmount /var/opt/gitlab/gitlab-ci/builds    fuse    mfsmaster=mfsmaster,mfsport=9421,mfssubfolder=/gitlab/gitlab-ci/builds,mfspassword=passwd,_netdev 0 0

mfsmount /var/opt/gitlab/git-data    fuse    mfsmaster=mfsmaster,mfsport=9421,mfssubfolder=/gitlab/git-data,mfspassword=passwd,_netdev 0 0

git1、git2安装gitlab

添加gitlab yum源

cat /etc/yum.repos.d/gitlab-ce.repo

[gitlab-ce]

name=Gitlab CE Repository

baseurl=https://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/yum/el$releasever/

gpgcheck=0

enabled=1
yum install -y curl policycoreutils-python openssh-server sudo systemctl enable sshd 
systemctl start sshd 
firewall-cmd --permanent --add-service=http 
systemctl reload firewalld

yum -y install postfix 
systemctl enable postfix 
systemctl start postfix

yum install -y gitlab-ce

gitlab启动脚本
cat /etc/systemd/system/gitlab.service
[Unit]

Description=gitlab

[Service]

Type=oneshot

RemainAfterExit=yes

ExecStart=/bin/gitlab-ctl start

ExecStop=/bin/gitlab-ctl stop

[Install]

WantedBy=multi-user.target

systemctl enable gitlab


git1配置
grep -Ev "^#|^$" /etc/gitlab/gitlab.rb
external_url 'http://git.conf.com'

gitlab_rails['time_zone'] = 'Asia/Shanghai'

# Disable components that will not be on the GitLab application server

roles ['application_role']

# Prevent GitLab from starting if MFS data mounts are not available

high_availability['mountpoint'] = '/var/opt/gitlab/git-data'

# PostgreSQL connection details

postgresql['enable'] = false

gitlab_rails['db_adapter'] = "postgresql"

gitlab_rails['db_encoding'] = "utf8"

gitlab_rails['db_database'] = "gitlabhq_production"

gitlab_rails['db_username'] = "gitlab"

gitlab_rails['db_password'] = "db_password"

gitlab_rails['db_host'] = "172.16.3.203"

gitlab_rails['db_port'] = 5432

# Redis connection details(单实例、或主从集群)

redis['enable'] = false

gitlab_rails['redis_host'] = "172.16.3.203"

gitlab_rails['redis_port'] = 6379

gitlab_rails['redis_password'] = "redis_password"

gitlab_rails['redis_database'] = 0

# Redis connection details(哨兵集群)

# redis连接方式只设置一种就可以,CE版也可以连接redis sentinel集群

redis['enable'] = false

gitlab_rails['redis_sentinels'] = [

    {'host' => 'sentinel-0.conf.com', 'port' => 26379},

    {'host' => 'sentinel-1.conf.com', 'port' => 26379},

    {'host' => 'sentinel-2.conf.com', 'port' => 26379},

    {'host' => 'sentinel-3.conf.com', 'port' => 26379},

]

redis['master_name'] = 'mymaster'

redis['master_password'] = 'redis_auth_pass'

gitlab_rails['redis_database'] = 0

# nginx enable

nginx['enable'] = true

使配置生效

gitlab-ctl reconfigure

如要再次初始化数据,运行 gitlab-rake gitlab:setup(一般前面执行了gitlab-ctl reconfigure已经初始化发数据)

gitlab-ctl start

git2配置

从git1把/etc/gitlab/gitlab-secrets.json 复制到 git2的/etc/gitlab目录下

touch /etc/gitlab/skip-auto-migrations

grep -v "^#" /etc/gitlab/gitlab.rb

external_url 'http://git.conf.com'


gitlab_rails['time_zone'] = 'Asia/Shanghai'

# Disable components that will not be on the GitLab application server

roles ['application_role']

# Prevent GitLab from starting if MFS data mounts are not available

high_availability['mountpoint'] = '/var/opt/gitlab/git-data'

# disable automatic database migrations

gitlab_rails['auto_migrate'] = false

# PostgreSQL connection details

postgresql['enable'] = false

gitlab_rails['db_adapter'] = "postgresql"

gitlab_rails['db_encoding'] = "utf8"

gitlab_rails['db_database'] = "gitlabhq_production"

gitlab_rails['db_username'] = "gitlab"

gitlab_rails['db_password'] = "db_password"

gitlab_rails['db_host'] = "172.16.3.203"

gitlab_rails['db_port'] = 5432

# Redis connection details(单实例、或主从集群)

redis['enable'] = false

gitlab_rails['redis_host'] = "172.16.3.203"

gitlab_rails['redis_port'] = 6379

gitlab_rails['redis_password'] = "redis_password"

gitlab_rails['redis_database'] = 0

# Redis connection details(哨兵集群)

# redis连接方式只设置一种就可以,CE版也可以连接redis sentinel集群

redis['enable'] = false

gitlab_rails['redis_sentinels'] = [

    {'host' => 'sentinel-0.conf.com', 'port' => 26379},

    {'host' => 'sentinel-1.conf.com', 'port' => 26379},

    {'host' => 'sentinel-2.conf.com', 'port' => 26379},

    {'host' => 'sentinel-3.conf.com', 'port' => 26379},

]

redis['master_name'] = 'mymaster'

redis['master_password'] = 'redis_auth_pass'

gitlab_rails['redis_database'] = 0

# nginx enable

nginx['enable'] = true

gitlab-ctl reconfigure

gitlab-ctl start

如有更多的 second app 请参照git2配置

# 前端负载均衡

前端再分别对http负载(可用nginx反向代理)

ssh(可用HAproxy代理,或nginx TCP代理)

由其他gitlab服务器数据迁移到此gitlab集群

原gitlab服务器数据备份

可以通过/etc/gitlab/gitlab.rb配置文件来修改默认存放备份文件的目录

 gitlab_rails['backup_path'] = "/var/opt/gitlab/backups"

/var/opt/gitlab/backups修改为你想存放备份的目录即可, 修改完成之后使用gitlab-ctl reconfigure命令重载配置文件即可.

/opt/gitlab/bin/gitlab-rake gitlab:backup:create        #执行备份命令

如 /var/opt/gitlab/backups/1524449406_2018_04_23_10.6.4_gitlab_backup.tar

把 备份的数据 1524449406_2018_04_23_10.6.4_gitlab_backup.tar 复制到 gitlab集群的第一个节点的/var/opt/gitlab/backups目录下

chmod 777  /var/opt/gitlab/backups/1524449406_2018_04_23_10.6.4_gitlab_backup.tar

    # 停止相关数据连接服务

    gitlab-ctl stop unicorn

    gitlab-ctl stop sidekiq

umount /var/opt/gitlab/gitlab-rails/uploads       # 由于恢复时会把该目录重启命令成 /var/opt/gitlab/gitlab-rails/uploads.时间戳 ,生产新的/var/opt/gitlab/gitlab-rails/uploads目录,但该目录被挂载了会提示设备busy

umount /var/opt/gitlab/gitlab-ci/builds          # 由于恢复时会把该目录重启命令成/var/opt/gitlab/gitlab-ci/builds.时间戳 ,生产新的/var/opt/gitlab/gitlab-ci/builds目录,但该目录被挂载了会提示设备busy

gitlab-rake gitlab:backup:restore BACKUP=1524449406_2018_04_23_10.6.4    #执行恢复备份

mv /var/opt/gitlab/gitlab-rails/uploads /var/opt/gitlab/gitlab-rails/uploads_ok

mkdir -p  /var/opt/gitlab/gitlab-rails/uploads

mount /var/opt/gitlab/gitlab-rails/uploads

cp -ap /var/opt/gitlab/gitlab-rails/uploads_ok/* /var/opt/gitlab/gitlab-rails/uploads

mv /var/opt/gitlab/gitlab-ci/builds  /var/opt/gitlab/gitlab-ci/builds_ok

mkdir -p /var/opt/gitlab/gitlab-ci/builds

mount /var/opt/gitlab/gitlab-ci/builds

cp -rp /var/opt/gitlab/gitlab-ci/builds_ok/* /var/opt/gitlab/gitlab-ci/builds

gitlab-ctl start unicorn

gitlab-ctl start sidekiq

完成恢复

# key认证问题

可能报错:

报错情况1:(key没有从master复制过来)

IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:9DdK4jo9LPLg7snd/vueT3wI2dy0hb7CVYRRGOTU8TY.
Please contact your system administrator.
Add correct host key in /c/Users/cd/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /c/Users/cd/.ssh/known_hosts:4
ECDSA host key for git.tuandai888.com has changed and you have requested strict checking.
Host key verification failed.
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

报错情况2:(从master复制过来的key权限没设置好)

ssh_exchange_identification: Connection closed by remote host
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

解决方法:

把master的 /etc/ssh/*key* 文件全部复制到从节点来,并注意权限与master的设置一样,

scp root@[master_IP]:/etc/ssh/*key* /etc/ssh

chown root:ssh_keys ssh_host_ecdsa_key ssh_host_ed25519_key ssh_host_rsa_key

# 注意

只有连接Postgresql master库, gitlab才能正常使用。因为gitlab web登录时就要求写数据库。连接到postgresql从库,gitlab web登录失败,报500错。ssh连接仓库正常。

												


											
gitlab HA集群的更多相关文章
	

    
								
  1. 安装spark ha集群
		
    安装spark ha集群 1.默认安装好hadoop+zookeeper 2.安装scala 1.解压安装包 tar zxvf scala-2.11.7.tgz 2.配置环境变量 vim /etc/p ...
    
		
    2. 
						
  2. Hadoop的HA集群启动和停止流程
		
    假设我们有3台虚拟机,主机名分别是hadoop01.hadoop02和hadoop03. 这3台虚拟机的Hadoop的HA集群部署计划如下: 3台虚拟机的Hadoop的HA集群部署计划 hadoop0 ...
    
		
    3. 
						
  3. corosync+pacemaker实现高可用(HA)集群
		
    corosync+pacemaker实现高可用(HA)集群(一)     重要概念 在准备部署HA集群前,需要对其涉及的大量的概念有一个初步的了解,这样在实际部署配置时,才不至于不知所云 资源.服务与 ...
    
		
    4. 
						
  4. 使用QJM部署HDFS HA集群
		
    一.所需软件 1. JDK版本 下载地址:http://www.oracle.com/technetwork/java/javase/index.html 版本: jdk-7u79-linux-x64 ...
    
		
    5. 
						
  5. Storm-1.0.1+ZooKeeper-3.4.8+Netty-4.1.3 HA集群安装
		
    Storm-1.0.1+ZooKeeper-3.4.8+Netty-4.1.3 HA集群安装 下载Storm-1.0.1 http://mirrors.tuna.tsinghua.edu.cn/apa ...
    
		
    6. 
						
  6. 菜鸟玩云计算之十九:Hadoop 2.5.0 HA 集群安装第2章
		
    菜鸟玩云计算之十九:Hadoop 2.5.0 HA 集群安装第2章 cheungmine, 2014-10-26 在上一章中,我们准备好了计算机和软件.本章开始部署hadoop 高可用集群. 2 部署 ...
    
		
    7. 
						
  7. 菜鸟玩云计算之十八:Hadoop 2.5.0 HA 集群安装第1章
		
    菜鸟玩云计算之十八:Hadoop 2.5.0 HA 集群安装第1章 cheungmine, 2014-10-25 0 引言 在生产环境上安装Hadoop高可用集群一直是一个需要极度耐心和体力的细致工作 ...
    
		
    8. 
						
  8. 架构之高可用性(HA)集群(Keepalived)
		
    Keepalived简介 Keepalived是Linux下一个轻量级别的高可用解决方案.高可用(High Avalilability,HA),其实两种不同的含义:广义来讲,是指整个系统的高可用行,狭 ...
    
		
    9. 
						
  9. 手动部署 kubernetes HA 集群
		
    前言 关于kubernetes HA集群部署的方式有很多种(这里的HA指的是master apiserver的高可用),比如通过keepalived vip漂移的方式.haproxy/nginx负载均 ...
    
		
    10. 
		

	


随机推荐
	

    
									
  1. HttpServletRequest解决中文乱码的问题
			
    HTTP请求有get和post,这两中方式解决中文乱码的方式如下: 1.Post方式请求 //这句话是设置post请求体的编码为utf-8 request.setCharacterEncoding(& ...
    
			
    2. 
						
  2. spark RDD操作的底层实现原理
			
    RDD操作闭包外部变量原则 RDD相关操作都需要传入自定义闭包函数(closure),如果这个函数需要访问外部变量,那么需要遵循一定的规则,否则会抛出运行时异常.闭包函数传入到节点时,需要经过下面的步 ...
    
			
    3. 
						
  3. forget word a out 1
			
      a 1★ a 不,非,无;在~ 的   2★ ab 相反,变坏,离去     3★ abs 相反,变坏,离去      
    
			
    4. 
						
  4. PHP:第二章——PHP中的break一continue一return语句
			
    知识点一:break语句     break 结束当前 for,foreach,while,do-while 或者 switch 结构的执行.     break 可以接受一个可选的数字参数来决定跳出 ...
    
			
    5. 
						
  5. SPOJ UMR 10A 计算几何
			
    DES:顺时针给出构成凸多边形的点.然后有Q个询问任意给出两个点的编号,询问由这两个点的连线将多边形分成的两部分面积较小的部分面积大小. 比赛时直接每次连线后求多边形求面积超时了.正确解法是求出利用叉 ...
    
			
    6. 
						
  6. gitlba的搭建与使用
			
    实验环境继续使用git的实验环境,详情请点击连接https://www.cnblogs.com/cash-su/p/10131632.html 首先给服务器做一个本机的映射 [root@git1 ~] ...
    
			
    7. 
						
  7. Thinking in Java 之classpath理解
			
    等待写: <Thinking in Java> page127
    
			
    8. 
						
  8. iOS9 http 不能连接的解决办法
			
    iOS9要求App内访问的网络必须使用HTTPS协议.原有的HTTP请求会报错,适配方法如下. 打开TARGETS-Build Phases, 添加New Run Script Phase,代码如下: ...
    
			
    9. 
						
  9. git add && git add -u && git add -A
			
    git add将当前工作目录中更改或者新增的文件加入到Git的索引中,加入到Git的索引中就表示记入了版本历史中,这也是提交之前所需要执行的一步.可以递归添加,即如果后面跟的是一个目录作为参数,则会递 ...
    
			
    10. 
						
  10. 接收一条音频(系统音频)彩信,点菜单键选择View slideshow,不能播放,提示是否导入vCard
			
    [前提条件]: [操作步骤]:接收一条音频(系统音频,格式为ogg),点菜单键选择View slideshow [测试结果]:不能播放,提示是否导入vCard [预期结果]:可以播放 [备注]:附lo ...
    
			
    11.