gitlab 版本升级

简介:

gitlab现用版本为12.10.14由于版本漏洞，需升级为14 版本的gitlab，操作流程如下，通过docker-composer 启动gitlab，实现http,https,ssh访问和拉取代码.由于gitlab不可以直接升级到最新版本，故需要按gitlab官方升级流程进行升级（不可回退版本,回退版本会造成状态码：500报错）12.10.14--->13.0.14--->13.1.11--->13.8.8--->13.12.15--->14.0.12 操作步骤如下

1. 数据备份

进入正在运行的gitlab中备份数据信息。

gitlab-rake gitlab:backup:create

备份位置可在/etc/gitlab.rb中进行配置

2. 编写docker-composer.yaml

version: '3.7'
services:
  gitlab:
    image: 'gitlab/gitlab-ce:14.0.12-ce.0'  #升级修改版本号
    restart: always
    hostname: 'gitlabs'
    container_name: cs-gitlab
    environment:
      GITLAB_OMNIBUS_CONFIG: |
        external_url 'http://gitlab.域名.com'
    ports:
      - '9080:80'
      - '9443:443'
      - '9022:22'
    volumes:
      - '/data/cs-gitlab/config:/etc/gitlab'
      - '/data/cs-gitlab/logs:/var/log/gitlab'
      - '/data/cs-gitlab/data:/var/opt/gitlab'

启动服务

docker-compose up -d 

3. 导入数据

sudo mv  /data/gitlab/srv/gitlab/data/backups/1649333339_2022_04_07_12.10.14_gitlab_backup.tar  /data/cs-gitlab/data/backups

docker exec -it cs-gitlab bash  #进入容器

gitlab-rake gitlab:backup:restore  #选择yes

备份位置可在/etc/gitlab.rb中进行配置

4. 代理配置

server {
        listen  80;
        server_name     gitlab.域名.com;
        rewrite ^(.*)$  https://$host$1 permanent;
}


server{
    listen 443;
    server_name gitlab.域名.com;
    client_max_body_size 10M;
    ssl on;
    ssl_certificate /etc/nginx/cert/tuyi.crt;
    ssl_certificate_key /etc/nginx/cert/tuyi.key;
    access_log  /etc/nginx/logs/gitlabs/access.log  main;
    error_log  /etc/nginx/logs/gitlabs/error.log;

    location / {
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header Host $http_host;
       proxy_http_version 1.1;
       proxy_set_header Upgrade $http_upgrade;
       proxy_set_header Connection "upgrade";
       proxy_pass https://10.144.69.25:9443;
    }
}

5. 版本升级

docker exec -it cs-gitlab bash   #进入容器

gitlab-ctl stop    #停止gitlab服务

exit  #退出容器

docker stop cs-gitlab #停止容器

docker rm cs-gitlab #删除

修改docker-composer.yaml中的images

每次版本升级需登陆账号查看当前服务是否正确

6. 升级之后迁移原gitlab配置文件

cd /data/cs-gitlab/config

mv gitlab.rb{,.bak}

mv gitlab-secrets.json{,.bak}

cd /data/gitlab/srv/gitlab/config

cp -pr ./gitlab.rb ./gitlab-secrets.json /data/cs-gitlab/config/

7.报错解决

7.1 状态码502

vim /etc/gitlab/gitlab.rb

# 设置服务响应URL
external_url 'http://ip:9080'
unicorn['listen'] = 'localhost'
# 设置监听端口
unicorn['port'] = 8080

重启服务即可

7.2 升级版本后

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:Udn6FJ6raK9NUCOBmHOUON3xiwXpZVgFZobNmMJ6lFg.
Please contact your system administrator.
Add correct host key in /Users/renteng/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /Users/renteng/.ssh/known_hosts:1
ECDSA host key for gitlab.intviu.cn has changed and you have requested strict checking.
Host key verification failed.
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

删除/Users/renteng/.ssh/known_hosts下第一行信息