源码安装gitlab

GitLab服务构成

GitLab由以下服务构成：

 

nginx：静态Web服务器

gitlab-shell：用于处理Git命令和修改authorized keys列表

gitlab-workhorse:轻量级的反向代理服务器

logrotate：日志文件管理工具

postgresql：数据库

redis：缓存数据库

sidekiq：用于在后台执行队列任务（异步执行）

unicorn：An HTTP server for Rack applications，GitLab Rails应用是托管在这个服务器上面的。

Gitlab Shell

GitLab Shell有两个作用：为GitLab处理Git命令、修改authorized keys列表。

 

当通过SSH访问GitLab Server时，GitLab Shell会：

 

限制执行预定义好的Git命令（git push, git pull, git annex）

调用GitLab Rails API 检查权限

执行pre-receive钩子（在GitLab企业版中叫做Git钩子）

执行你请求的动作

处理GitLab的post-receive动作

处理自定义的post-receive动作

当通过http(s)访问GitLab Server时，工作流程取决于你是从Git仓库拉取(pull)代码还是向git仓库推送(push)代码。如果你是从Git仓库拉取(pull)代码，GitLab Rails应用会全权负责处理用户鉴权和执行Git命令的工作；如果你是向Git仓库推送(push)代码，GitLab Rails应用既不会进行用户鉴权也不会执行Git命令，它会把以下工作交由GitLab Shell进行处理：

 

调用GitLab Rails API 检查权限

执行pre-receive钩子（在GitLab企业版中叫做Git钩子）

执行你请求的动作

处理GitLab的post-receive动作

处理自定义的post-receive动作

也许你会奇怪在通过http(s)推送(push)代码的情况下，GitLab Rails应用为什么不在GitLab Shell之前进行鉴权。这是因为GitLab Rails应用没有解析git push命令的逻辑。好的方法是将这些解析代码放在一个地方，这个地方就是GitLab Shell，这样我们就可以在通过SSH进行访问时重用这段代码。实际上，GitLabShell在执行git push命令时根本不会进行权限检查，它是依赖于pre-receive钩子进行权限检查的。而当你执行git pull命令时，权限检查是在命令执行之前的。对git pull命令的权限检查要简单得多，因为你只需要检查一个用户是否可以访问这个仓库就可以了（不需要检查分支权限）。

 

好吧，GitLab Shell这段话都是翻译官网的。链接在这里

https://gitlab.com/gitlab-org/gitlab-shell/blob/master/README.md

 

最后一段话有点拗口，我对此还是有一点问题的：既然你把git push的逻辑都放在GitLab Shell里面了，为什么不把git pull的逻辑也都放在里面提供重用呢？

猜想：git pull这段逻辑无法重用，因为通过http(s)方式访问时，要读取仓库的数据并且把这些数据封装成http包返回给客户端；而通过ssh方式访问时，仓库代码数据是通过ssh数据包返回的。两种访问方式返回数据的封装方式不一样，所以也没有必要提供重用。但是我觉得读取仓库数据这段逻辑应该还是重用了的。

GitLab Workhorse

GitLab Workhorse是一个敏捷的反向代理。它会处理一些大的HTTP请求，比如文件上传、文件下载、Git push/pull和Git包下载。其它请求会反向代理到GitLab Rails应用，即反向代理给后端的unicorn。官网对GitLab Workhorse的介绍在这里：https://gitlab.com/gitlab-org/gitlab-workhorse/

 

六、GitLab工作流程

 

GitLab工作流程图

Gitlab Shell

GitLab Shell有两个作用：为GitLab处理Git命令、修改authorized keys列表。

当通过SSH访问GitLab Server时，GitLab Shell会：

1. 限制执行预定义好的Git命令（git push, git pull, git annex）
2. 调用GitLab Rails API 检查权限
3. 执行pre-receive钩子（在GitLab企业版中叫做Git钩子）
4. 执行你请求的动作
5. 处理GitLab的post-receive动作
6. 处理自定义的post-receive动作

当通过http(s)访问GitLab Server时，工作流程取决于你是从Git仓库拉取(pull)代码还是向git仓库推送(push)代码。如果你是从Git仓库拉取(pull)代码，GitLab Rails应用会全权负责处理用户鉴权和执行Git命令的工作；如果你是向Git仓库推送(push)代码，GitLab Rails应用既不会进行用户鉴权也不会执行Git命令，它会把以下工作交由GitLab Shell进行处理：

1. 调用GitLab Rails API 检查权限
2. 执行pre-receive钩子（在GitLab企业版中叫做Git钩子）
3. 执行你请求的动作
4. 处理GitLab的post-receive动作
5. 处理自定义的post-receive动作

也许你会奇怪在通过http(s)推送(push)代码的情况下，GitLab Rails应用为什么不在GitLab Shell之前进行鉴权。这是因为GitLab Rails应用没有解析git push命令的逻辑。好的方法是将这些解析代码放在一个地方，这个地方就是GitLab Shell，这样我们就可以在通过SSH进行访问时重用这段代码。实际上，GitLabShell在执行git push命令时根本不会进行权限检查，它是依赖于pre-receive钩子进行权限检查的。而当你执行git pull命令时，权限检查是在命令执行之前的。对git pull命令的权限检查要简单得多，因为你只需要检查一个用户是否可以访问这个仓库就可以了（不需要检查分支权限）。

好吧，GitLab Shell这段话都是翻译官网的。链接在这里

https://gitlab.com/gitlab-org/gitlab-shell/blob/master/README.md

最后一段话有点拗口，我对此还是有一点问题的：既然你把git push的逻辑都放在GitLab Shell里面了，为什么不把git pull的逻辑也都放在里面提供重用呢？

猜想：git pull这段逻辑无法重用，因为通过http(s)方式访问时，要读取仓库的数据并且把这些数据封装成http包返回给客户端；而通过ssh方式访问时，仓库代码数据是通过ssh数据包返回的。两种访问方式返回数据的封装方式不一样，所以也没有必要提供重用。但是我觉得读取仓库数据这段逻辑应该还是重用了的。

GitLab Workhorse

GitLab Workhorse是一个敏捷的反向代理。它会处理一些大的HTTP请求，比如文件上传、文件下载、Git push/pull和Git包下载。其它请求会反向代理到GitLab Rails应用，即反向代理给后端的unicorn。官网对GitLab Workhorse的介绍在这里：https://gitlab.com/gitlab-org/gitlab-workhorse/

六、GitLab工作流程

 

#https://gitlab.com/gitlab-org/gitlab-ce/blob/8-9-stable/doc/install/installation.md

#http://www.fanzicai.com/blog_hexo/Program/20160520-CentOS7%E4%B8%8A%E5%AE%89%E8%A3%85GitLab%EF%BC%88SRC%EF%BC%89.html

#https://segmentfault.com/a/1190000002729796

 

 

#1.安装软件包及解决依赖项,升级系统

yum -y update

#2.安装必须的软件

yum -y install gcc autoconf cmake unzip vim libcurl-devel zlib-devel curl-devel expat-devel gettext-devel openssl-devel perl-devel nodejs libicu-devel wget curl

#安装git

wget https://www.kernel.org/pub/software/scm/git/git-2.9.0.tar.gz

[root@t1 ~]# tar xf git-2.9.0.tar.gz
[root@t1 ~]# cd git-2.9.0
[root@t1 git-2.9.0]# ./configure
[root@t1 git-2.9.0]# make prefix=/usr/local all
# 安装到/usr/local/bin
[root@t1 git-2.9.0]# make prefix=/usr/local install
[root@t1 git-2.9.0]# source /etc/profile
# 验证git版本号
[root@t1 git-2.9.0]# git --version
#查看git安装路径
[root@t1 git-2.9.0]# which git

# 编辑 config/gitlab.yml (第7步中gitlab), 修改 git 路径为 /usr/local/bin/git ！！！

#2.添加系统用户

#我们添加一个用来管理运行Gitlab的用户git

[root@t1 ~]# useradd -c 'Gitlab' -s /bin/bash git

#为了包含/usr/local/bin到git用户的$PATH，一个方法是编辑超级用户文件。以管理员身份运行：

$ visudo

#然后搜索：
Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin
#将其改成：
Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin

#3.安装postfix

yum -y install postfix

#4. Ruby

#Note: The current supported Ruby version is 2.1.x. Ruby 2.2 and 2.3 are currently not supported.

[root@t1 ~]# yum -y remove ruby*

[root@t1 ~]# curl -O --progress https://cache.ruby-lang.org/pub/ruby/2.1/ruby-2.1.8.tar.gz
[root@t1 ~]# tar xf ruby-2.1.8.tar.gz
[root@t1 ~]# cd ruby-2.1.8
[root@t1 ~]# ./configure --disable-install-rdoc
[root@t1 ~]# make
[root@t1 ~]# make install

#Install the Bundler Gem:
[root@t1 ~]# sudo gem install bundler --no-ri --no-rdoc

#5. Go

#Since GitLab 8.0, Git HTTP requests are handled by gitlab-workhorse (formerly gitlab-git-http-server). This is a small daemon written in Go. To install gitlab-workhorse we need a Go compiler. The instructions below assume you use 64-bit Linux. You can find downloads for other platforms at the Go download page.

[root@t1 ~]# curl -O --progress https://storage.googleapis.com/golang/go1.5.3.linux-amd64.tar.gz
[root@t1 ~]# tar -C /usr/local -xzf go1.5.3.linux-amd64.tar.gz
[root@t1 ~]# ln -sf /usr/local/go/bin/{go,godoc,gofmt} /usr/local/bin/
[root@t1 ~]# rm go1.5.3.linux-amd64.tar.gz

修改数据库

#创建数据库，用户，添加权限
MariaDB [(none)]> CREATE USER 'git'@'localhost' IDENTIFIED BY 'gitlab';
mysql> SET storage_engine=INNODB;
mysql> CREATE DATABASE IF NOT EXISTS `gitlabhq_production` DEFAULT CHARACTER SET `utf8` COLLATE `utf8_unicode_ci`;
mysql> GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, CREATE TEMPORARY TABLES, DROP, INDEX, ALTER, LOCK TABLES, REFERENCES ON `gitlabhq_production`.* TO 'git'@'localhost';

#安装Redis

yum install redis -y
cp /etc/redis.conf /etc/redis.conf.orig
#sed 's/^port .*/port 0/' /etc/redis.conf.orig |tee /etc/redis.conf #不需要执行
echo 'unixsocket /var/run/redis/redis.sock' | sudo tee -a /etc/redis.conf
echo 'unixsocketperm 770' | sudo tee -a /etc/redis.conf
mkdir /var/run/redis
chown redis:redis /var/run/redis
chmod 755 /var/run/redis

# Persist the directory which contains the socket, if applicable
if [ -d /etc/tmpfiles.d ]; then
echo 'd /var/run/redis 0755 redis redis 10d -' | sudo tee -a /etc/tmpfiles.d/redis.conf
fi

systemctl start redis
chkconfig redis on
usermod -aG redis git

#7. GitLab

# We'll install GitLab into home directory of the user "git"
cd /home/git

#Clone the Source
# Clone GitLab repository
sudo -u git -H git clone https://gitlab.com/gitlab-org/gitlab-ce.git -b 8-9-stable gitlab #注意gitlab的版本

#Configure It
# Go to GitLab installation folder
cd /home/git/gitlab

# Copy the example GitLab config
sudo -u git -H cp config/gitlab.yml.example config/gitlab.yml

# Update GitLab config file, follow the directions at top of file
sudo -u git -H vim config/gitlab.yml

gitlab:
## Web server settings (note: host is the FQDN, do not include http://)
host: gitlabtest.ptmind.com
port: 443 # Set to 443 if using HTTPS, see installation.md#using-https for additional HTTPS configuration details
https: true # Set to true if using HTTPS, see installation.md#using-https for additional HTTPS configuration details

bin_path: /usr/local/bin/git

# Copy the example secrets file #注意：如果将备份文件在异地恢复，需要将老版的secrets.yml拷贝到新版的对应目录下
sudo -u git -H cp config/secrets.yml.example config/secrets.yml
sudo -u git -H chmod 0600 config/secrets.yml

# Make sure GitLab can write to the log/ and tmp/ directories
sudo chown -R git log/
sudo chown -R git tmp/
sudo chmod -R u+rwX,go-w log/
sudo chmod -R u+rwX tmp/

# Make sure GitLab can write to the tmp/pids/ and tmp/sockets/ directories
sudo chmod -R u+rwX tmp/pids/
sudo chmod -R u+rwX tmp/sockets/

# Create the public/uploads/ directory
sudo -u git -H mkdir public/uploads/

# Make sure only the GitLab user has access to the public/uploads/ directory
# now that files in public/uploads are served by gitlab-workhorse
sudo chmod 0700 public/uploads

# Change the permissions of the directory where CI build traces are stored
sudo chmod -R u+rwX builds/

# Change the permissions of the directory where CI artifacts are stored
sudo chmod -R u+rwX shared/artifacts/

# Copy the example Unicorn config
sudo -u git -H cp config/unicorn.rb.example config/unicorn.rb

# Find number of cores
nproc

# Enable cluster mode if you expect to have a high load instance
# Set the number of workers to at least the number of cores
# Ex. change amount of workers to 3 for 2GB RAM server
sudo -u git -H vim config/unicorn.rb
worker_processes 10
listen "127.0.0.1:8030", :tcp_nopush => true

# Copy the example Rack attack config
sudo -u git -H cp config/initializers/rack_attack.rb.example config/initializers/rack_attack.rb

# Configure Git global settings for git user
# 'autocrlf' is needed for the web editor
sudo -u git -H git config --global core.autocrlf input

# Disable 'git gc --auto' because GitLab already runs 'git gc' when needed
sudo -u git -H git config --global gc.auto 0

# Configure Redis connection settings
sudo -u git -H cp config/resque.yml.example config/resque.yml

# Change the Redis socket path if you are not using the default Debian / Ubuntu configuration
# 修改Redis访问路径
sudo -u git -H vim config/resque.yml

#Important Note: Make sure to edit both gitlab.yml and unicorn.rb to match your setup.
#Note: If you want to use HTTPS, see Using HTTPS for the additional steps.

##Configure GitLab DB Settings
# MySQL only:
sudo -u git cp config/database.yml.mysql config/database.yml

# Change 'secure password' with the value you have given to $password
# You can keep the double quotes around the password
sudo -u git -H vim config/database.yml

# MySQL:
# Make config/database.yml readable to git only
sudo -u git -H chmod o-rwx config/database.yml

安装 Gems

cd /home/git/gitlab

# For users from China mainland only
# 仅限中国大陆用户
# vim /home/git/gitlab/Gemfile
# source "https://ruby.taobao.org" // 原始 source "https://rubygems.org/"

# For MySQL (note, the option says "without ... postgres")

#修改ruby路径
vim /usr/local/bin/bundle
#!/usr/local/bin/ruby

# Or if you use MySQL (note, the option says "without ... postgres")
sudo -u git -H bundle install -j5 --deployment --without development test postgres aws

报错：
Installing org-ruby 0.9.12
Gem::Ext::BuildError: ERROR: Failed to build gem native extension.

/usr/local/bin/ruby extconf.rb
checking for ruby/thread.h... yes
checking for rb_thread_call_without_gvl() in ruby/thread.h... yes
checking for rb_thread_blocking_region()... yes
checking for rb_wait_for_single_fd()... yes
checking for rb_hash_dup()... yes
checking for rb_intern3()... yes
checking for mysql_query() in -lmysqlclient... no
-----
libmysqlclient is missing. Trying again with extra runtime libraries...
-----

解决：
yum -y install mysql-devel

Install GitLab Shell
#GitLab Shell is an SSH access and repository management software developed specially for GitLab.
# Run the installation task for gitlab-shell (replace `REDIS_URL` if needed):

#如果redis在本地，可使用如下方式
sudo -u git -H bundle exec rake gitlab:shell:install REDIS_URL=unix:/var/run/redis/redis.sock RAILS_ENV=production

#如果redis在其他服务器，可使用如下方式：
sudo -u git -H bundle exec rake gitlab:shell:install REDIS_URL=redis://172.16.5.101:6379 RAILS_ENV=production

# By default, the gitlab-shell config is generated from your main GitLab config.
# You can review (and modify) the gitlab-shell config as follows:
sudo -u git -H vim /home/git/gitlab-shell/config.yml
---
user: git
gitlab_url: http://127.0.0.1:8030/ ######注意修改端口，修改主机名，并在hosts中添加解析！！！！
http_settings:
self_signed_cert: false
repos_path: "/home/git/repositories/"
auth_file: "/home/git/.ssh/authorized_keys"
redis:
bin: "/bin/redis-cli"
namespace: resque:gitlab
socket: "/var/run/redis/redis.sock"
log_level: INFO
audit_usernames: false

Install gitlab-workhorse

cd /home/git
sudo -u git -H git clone https://gitlab.com/gitlab-org/gitlab-workhorse.git
cd gitlab-workhorse
sudo -u git -H git checkout v0.7.5
sudo -u git -H make

配置repositories
因为修改了repositories路径，因此使用下面的/data/repositories/
sudo chmod -R ug+rwX,o-rwx /home/git/repositories/
sudo chmod -R ug-s /home/git/repositories/
sudo find /home/git/repositories/ -type d -print0 | sudo xargs -0 chmod g+s

sudo chmod -R ug+rwX,o-rwx /data/git/repositories/
sudo chmod -R ug-s /data/git/repositories/
sudo find /data/git/repositories/ -type d -print0 | sudo xargs -0 chmod g+s

Initialize Database and Activate Advanced Features
# Go to GitLab installation folder

cd /home/git/gitlab

#sudo -u git -H bundle exec rake gitlab:setup RAILS_ENV=production
sudo -u git -H bundle exec rake gitlab:setup RAILS_ENV=production GITLAB_ROOT_PASSWORD=yourpassword GITLAB_ROOT_EMAIL=youremail

# Type 'yes' to create the database tables.

# When done you see 'Administrator account created:'

#Secure secrets.yml
# The secrets.yml file stores encryption keys for sessions and secure variables. Backup secrets.yml someplace safe, but don't store it in the same place as your database backups. Otherwise your secrets are exposed if one of your backups is compromised.

ls /home/git/gitlab/config/secrets.yml

# Install Init Script
# Download the init script (will be /etc/init.d/gitlab):

sudo cp lib/support/init.d/gitlab /etc/init.d/gitlab

# 修改workhorse访问gitlab-shell端口
vim /etc/init.d/gitlab
gitlab_workhorse_options="-listenUmask 0 -listenNetwork unix -listenAddr $socket_path/gitlab-workhorse.socket -authBackend http://127.0.0.1:8030 -authSocket $rails_socket -documentRoot $app_root/public"

#And if you are installing with a non-default folder or user copy and edit the defaults file:

sudo cp lib/support/init.d/gitlab.default.example /etc/default/gitlab

# 修改workhorse访问gitlab-shell端口
vim /etc/default/gitlab
gitlab_workhorse_options="-listenUmask 0 -listenNetwork unix -listenAddr $socket_path/gitlab-workhorse.socket -authBackend http://127.0.0.1:8030 -authSocket $rails_socket -documentRoot $app_root/public"

#If you installed GitLab in another directory or as a user other than the default you should change these settings in /etc/default/gitlab. Do not edit /etc/init.d/gitlab as it will be changed on upgrade.

#Make GitLab start on boot:

chkconfig gitlab on

#Setup Logrotate

sudo cp lib/support/logrotate/gitlab /etc/logrotate.d/gitlab

#Check Application Status

#Check if GitLab and its environment are configured correctly:

sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production

Compile Assets 编译静态文件

sudo -u git -H bundle exec rake assets:precompile RAILS_ENV=production

# Start Your GitLab Instance

sudo service gitlab start

Nginx配置

yum -y install nginx

sudo cp lib/support/nginx/gitlab /etc/nginx/conf.d/gitlab.conf

vim /etc/nginx/conf.d/gitlab.conf
## GitLab

## See installation.md#using-https for additional HTTPS configuration details.

upstream gitlab-workhorse {
server unix:/home/git/gitlab/tmp/sockets/gitlab-workhorse.socket fail_timeout=0;
}

## Normal HTTP host
server {
## Either remove "default_server" from the listen line below,
## or delete the /etc/nginx/sites-enabled/default file. This will cause gitlab
## to be served if you visit any address that your server responds to, eg.
## the ip address of the server (http://x.x.x.x/)n 0.0.0.0:80 default_server;
# listen 0.0.0.0:80 default_server;
# listen [::]:80 default_server;
listen 80;
server_name gitlabtest.ptmind.com; ## Replace this with something like gitlab.example.com
server_tokens off; ## Don't show the nginx version number, a security best practice

## See app/controllers/application_controller.rb for headers set

## Individual nginx logs for this GitLab vhost
access_log /var/log/nginx/gitlab_access.log;
error_log /var/log/nginx/gitlab_error.log;

location / {
client_max_body_size 0;
gzip off;

## https://github.com/gitlabhq/gitlabhq/issues/694
## Some requests take more than 30 seconds.
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_redirect off;

proxy_http_version 1.1;

proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

proxy_pass http://gitlab-workhorse;
}

error_page 404 /404.html;
error_page 422 /422.html;
error_page 500 /500.html;
error_page 502 /502.html;
error_page 503 /503.html;
location ~ ^/(404|422|500|502|503)\.html$ {
root /home/git/gitlab/public;
internal;
}

}

################Nginx ssl 配置文件####################
upstream gitlab-workhorse {
server unix:/home/git/gitlab/tmp/sockets/gitlab-workhorse.socket fail_timeout=0;
}
server {
listen 0.0.0.0:80;
server_name gitlab.ptengine.jp; ## Replace this with something like gitlab.example.com
server_tokens off; ## Don't show the nginx version number, a security best practice
return 301 https://$http_host$request_uri;
access_log /var/log/nginx/gitlab_access.log;
error_log /var/log/nginx/gitlab_error.log;
}
server {
listen 0.0.0.0:443 ssl;
server_name gitlab.ptengine.jp; ## Replace this with something like gitlab.example.com
server_tokens off; ## Don't show the nginx version number, a security best practice
ssl on;
ssl_certificate /usr/local/nginx/ssl/www.ptengine.jp.pem;
ssl_certificate_key /usr/local/nginx/ssl/www.ptengine.jp.key;
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
access_log /var/log/nginx/gitlab_access.log;
error_log /var/log/nginx/gitlab_error.log;
location / {
client_max_body_size 0;
gzip off;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://gitlab-workhorse;
}
error_page 404 /404.html;
error_page 422 /422.html;
error_page 500 /500.html;
error_page 502 /502.html;
error_page 503 /503.html;
location ~ ^/(404|422|500|502|503)\.html$ {
root /home/git/gitlab/public;
internal;
}
}
##############################################################

# 修改/home/git权限

chmod 755 /home/git

# 检查安装

cd /home/git/gitlab
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production

# 备份：

##修改默认的备份目录
vim /home/git/gitlab/config/gitlab.yml
backup:
path: "/data/git/gitlab-backup/"

mkdir -p /data/git/gitlab-backup/
chown -R git.git /data/git/gitlab-backup/

#重启 gitlab
service gitlab restart

#执行备份
sudo -u git -H bundle exec rake gitlab:backup:create RAILS_ENV=production

# 遇到的问题，执行备份失败，原因是读取config/database.yml文件中的password有问题,需要修改/home/git/gitlab/lib/backup/database.rb

[root@nexus-5-101 gitlab]# sudo -u git -H bundle exec rake gitlab:backup:create RAILS_ENV=production
Dumping database ...
Dumping MySQL database gitlabhq_production ... mysqldump: Got error: 1045: "Access denied for user 'git'@'172.16.3.65' (using password: YES)" when trying to connect
[FAILED]
Backup failed

vim /home/git/gitlab/lib/backup/database.rb
#第23行，将关于mysql的ENV['MYSQL_PWD']注销
#第75行，mysql_args下面添加'password' => '--password',
#########################################################################
vim /home/git/gitlab/lib/backup/database.rb

require 'yaml'

module Backup
class Database
attr_reader :config, :db_file_name

def initialize
@config = YAML.load_file(File.join(Rails.root,'config','database.yml'))[Rails.env]
@db_file_name = File.join(Gitlab.config.backup.path, 'db', 'database.sql.gz')
end

def dump
FileUtils.mkdir_p(File.dirname(db_file_name))
FileUtils.rm_f(db_file_name)
compress_rd, compress_wr = IO.pipe
compress_pid = spawn(*%W(gzip -1 -c), in: compress_rd, out: [db_file_name, 'w', 0600])
compress_rd.close

dump_pid = case config["adapter"]
when /^mysql/ then
$progress.print "Dumping MySQL database #{config['database']} ... "
# Workaround warnings from MySQL 5.6 about passwords on cmd line
# ENV['MYSQL_PWD'] = config["password"].to_s if config["password"]
spawn('mysqldump', *mysql_args, config['database'], out: compress_wr)
when "postgresql" then
$progress.print "Dumping PostgreSQL database #{config['database']} ... "
pg_env
pgsql_args = ["--clean"] # Pass '--clean' to include 'DROP TABLE' statements in the DB dump.
if Gitlab.config.backup.pg_schema
pgsql_args << "-n"
pgsql_args << Gitlab.config.backup.pg_schema
end
spawn('pg_dump', *pgsql_args, config['database'], out: compress_wr)
end
compress_wr.close

success = [compress_pid, dump_pid].all? { |pid| Process.waitpid(pid); $?.success? }

report_success(success)
abort 'Backup failed' unless success
end

def restore
decompress_rd, decompress_wr = IO.pipe
decompress_pid = spawn(*%W(gzip -cd), out: decompress_wr, in: db_file_name)
decompress_wr.close

restore_pid = case config["adapter"]
when /^mysql/ then
$progress.print "Restoring MySQL database #{config['database']} ... "
# Workaround warnings from MySQL 5.6 about passwords on cmd line
ENV['MYSQL_PWD'] = config["password"].to_s if config["password"]
spawn('mysql', *mysql_args, config['database'], in: decompress_rd)
when "postgresql" then
$progress.print "Restoring PostgreSQL database #{config['database']} ... "
pg_env
spawn('psql', config['database'], in: decompress_rd)
end
decompress_rd.close

success = [decompress_pid, restore_pid].all? { |pid| Process.waitpid(pid); $?.success? }

report_success(success)
abort 'Restore failed' unless success
end

protected

def mysql_args
args = {
'host' => '--host',
'port' => '--port',
'socket' => '--socket',
'username' => '--user',
'password' => '--password',
'encoding' => '--default-character-set'
}
args.map { |opt, arg| "#{arg}=#{config[opt]}" if config[opt] }.compact
end

def pg_env
ENV['PGUSER'] = config["username"] if config["username"]
ENV['PGHOST'] = config["host"] if config["host"]
ENV['PGPORT'] = config["port"].to_s if config["port"]
ENV['PGPASSWORD'] = config["password"].to_s if config["password"]
end

def report_success(success)
if success
$progress.puts '[DONE]'.color(:green)
else
$progress.puts '[FAILED]'.color(:red)
end
end
end
end
#########################################################################

#再次执行备份：

sudo -u git -H bundle exec rake gitlab:backup:create RAILS_ENV=production

#恢复

恢复时要确保两边的gitlab版本是一样的

# Stop processes that are connected to the database
sudo service gitlab stop

sudo -u git -H bundle exec rake gitlab:backup:restore RAILS_ENV=production BACKUP=1474170453

# Options:
BACKUP=timestamp_of_backup (required if more than one backup exists)
force=yes (do not ask if the authorized_keys file should get regenerated)