简介:

gitlab现用版本为12.10.14由于版本漏洞，需升级为14 版本的gitlab，操作流程如下，通过docker-composer 启动gitlab，实现http,https,ssh访问和拉取代码.由于gitlab不可以直接升级到最新版本，故需要按gitlab官方升级流程进行升级（不可回退版本,回退版本会造成状态码：500报错）12.10.14--->13.0.14--->13.1.11--->13.8.8--->13.12.15--->14.0.12 操作步骤如下

1. 数据备份

进入正在运行的gitlab中备份数据信息。

gitlab-rake gitlab:backup:create

备份位置可在/etc/gitlab.rb中进行配置

2. 编写docker-composer.yaml

version: '3.7'
services:gitlab:image: 'gitlab/gitlab-ce:14.0.12-ce.0'  #升级修改版本号restart: alwayshostname: 'gitlabs'container_name: cs-gitlabenvironment:GITLAB_OMNIBUS_CONFIG: |external_url 'http://gitlab.域名.com'ports:- '9080:80'- '9443:443'- '9022:22'volumes:- '/data/cs-gitlab/config:/etc/gitlab'- '/data/cs-gitlab/logs:/var/log/gitlab'- '/data/cs-gitlab/data:/var/opt/gitlab'

启动服务

docker-compose up -d 

3. 导入数据

sudo mv  /data/gitlab/srv/gitlab/data/backups/1649333339_2022_04_07_12.10.14_gitlab_backup.tar  /data/cs-gitlab/data/backupsdocker exec -it cs-gitlab bash  #进入容器gitlab-rake gitlab:backup:restore  #选择yes

备份位置可在/etc/gitlab.rb中进行配置

4. 代理配置

server {listen  80;server_name     gitlab.域名.com;rewrite ^(.*)$  https://$host$1 permanent;
}server{listen 443;server_name gitlab.域名.com;client_max_body_size 10M;ssl on;ssl_certificate /etc/nginx/cert/tuyi.crt;ssl_certificate_key /etc/nginx/cert/tuyi.key;access_log  /etc/nginx/logs/gitlabs/access.log  main;error_log  /etc/nginx/logs/gitlabs/error.log;location / {proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_set_header Host $http_host;proxy_http_version 1.1;proxy_set_header Upgrade $http_upgrade;proxy_set_header Connection "upgrade";proxy_pass https://10.144.69.25:9443;}
}

5. 版本升级

docker exec -it cs-gitlab bash   #进入容器gitlab-ctl stop    #停止gitlab服务exit  #退出容器docker stop cs-gitlab #停止容器docker rm cs-gitlab #删除

修改docker-composer.yaml中的images

每次版本升级需登陆账号查看当前服务是否正确

6. 升级之后迁移原gitlab配置文件

cd /data/cs-gitlab/configmv gitlab.rb{,.bak}mv gitlab-secrets.json{,.bak}cd /data/gitlab/srv/gitlab/configcp -pr ./gitlab.rb ./gitlab-secrets.json /data/cs-gitlab/config/

7.报错解决

7.1 状态码502

vim /etc/gitlab/gitlab.rb# 设置服务响应URL
external_url 'http://ip:9080'
unicorn['listen'] = 'localhost'
# 设置监听端口
unicorn['port'] = 8080

重启服务即可

7.2 升级版本后

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:Udn6FJ6raK9NUCOBmHOUON3xiwXpZVgFZobNmMJ6lFg.
Please contact your system administrator.
Add correct host key in /Users/renteng/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /Users/renteng/.ssh/known_hosts:1
ECDSA host key for gitlab.intviu.cn has changed and you have requested strict checking.
Host key verification failed.
fatal: Could not read from remote repository.Please make sure you have the correct access rights
and the repository exists.

删除/Users/renteng/.ssh/known_hosts下第一行信息