本文作者:徐晓伟

GitLab 是一个全球知名的一体化 DevOps 平台,很多人都通过私有化部署 GitLab 来进行源代码托管。极狐GitLab GitLab 在中国的发行版,专门为中国程序员服务。可以一键式部署极狐GitLab。

本文主要讲述了如何极狐GitLab 自动/手动备份功能、MinIO 域名解析。

文档

查看现有备份

kubectl -n gitlab-test get cronjobs.batch
# 默认没有开启
[root@k8s ~]# kubectl -n gitlab-test get cronjobs.batch
No resources found in gitlab-test namespace.
[root@k8s ~]# 

开启自动备份功能

# 将已配置的值导出到文件中
helm -n gitlab-test get values my-gitlab > my-gitlab.yaml

# 开启备份功能
# gitlab.toolbox.backups.cron.enabled:是否开启备份功能
# gitlab.toolbox.backups.cron.schedule:备份的计划,每天的 1:00(UTC) 备份
# -f gitlab-helm.yaml:指定已配置的值
helm upgrade -n gitlab-test --install my-gitlab gitlab/gitlab \
  --set gitlab.toolbox.backups.cron.enabled=true \
  --set gitlab.toolbox.backups.cron.schedule="0 1 * * *" \
  -f my-gitlab.yaml \
  --timeout 600s \
  --version 7.7.0
# 等待时间到了,就能自动备份了
[root@k8s ~]# kubectl -n gitlab-test get cronjobs.batch
NAME                       SCHEDULE    SUSPEND   ACTIVE   LAST SCHEDULE   AGE
my-gitlab-toolbox-backup   0 1 * * *   False     0        <none>          11s
[root@k8s ~]# 

创建手动备份

# -n gitlab-test:指定命名空间
# --from=cronjob/my-gitlab-toolbox-backup:指定 cronjob 名称,其中 gitlab-test 是安装时设置 gitlab 的名称
# manual-backup-1:手动备份名称,名称不可以重复
kubectl -n gitlab-test create job --from=cronjob/my-gitlab-toolbox-backup manual-backup-1

查看备份

kubectl -n gitlab-test get jobs.batch

搜索手动备份的job的pod

kubectl -n gitlab-test get pod | grep manual-backup-1
# Running:代表正在运行
# Completed:代表执行完成
[root@k8s ~]# kubectl -n gitlab-test get pod | grep manual-backup-1
manual-backup-1-r7qlj                                1/1     Running     0                15s
[root@k8s ~]#

查看手动备份的job的pod日志

kubectl -n gitlab-test logs -f manual-backup-1-r7qlj

无法解析域名异常处理

# 无法解析域名异常
Packing up backup tar
ERROR: [Errno -5] No address associated with hostname
ERROR: Connection Error: Error resolving a server hostname.
Please check the servers address specified in 'host_base', 'host_bucket', 'cloudfront_host', 'website_endpoint'
# 无法解析域名异常
Packing up backup tar
WARNING: Retrying failed request: /1698382139_2023_10_27_16.4.1-ee_gitlab_backup.tar ([Errno -2] Name or service not known)
WARNING: Waiting 3 sec...
WARNING: Retrying failed request: /1698382139_2023_10_27_16.4.1-ee_gitlab_backup.tar ([Errno -2] Name or service not known)
WARNING: Waiting 6 sec...
WARNING: Retrying failed request: /1698382139_2023_10_27_16.4.1-ee_gitlab_backup.tar ([Errno -2] Name or service not known)
WARNING: Waiting 9 sec...
WARNING: Retrying failed request: /1698382139_2023_10_27_16.4.1-ee_gitlab_backup.tar ([Errno -2] Name or service not known)
WARNING: Waiting 12 sec...
WARNING: Retrying failed request: /1698382139_2023_10_27_16.4.1-ee_gitlab_backup.tar ([Errno -2] Name or service not known)
WARNING: Waiting 15 sec...
ERROR: Upload of '/srv/gitlab/tmp/backup_tars/1698382139_2023_10_27_16.4.1-ee_gitlab_backup.tar' failed too many times (Last reason: Upload failed for: /1698382139_2023_10_27_16.4.1-ee_gitlab_backup.tar)

修改 定时任务

kubectl -n gitlab-test edit cronjobs.batch my-gitlab-toolbox-backup

增加 域名解析

          # 增加自定义域名解析,放在 dnsPolicy 后面
          hostAliases:
            - hostnames:
                - minio.test.helm.xuxiaowei.cn
              ip: 172.25.25.32
  • 删除手动备份 job(若已完成备份,则备份数据已上传至 minio 存储,此处不会删除备份数据),重新创建手动备份 job,即可使用自定义域名解析了
kubectl -n gitlab-test delete job manual-backup-1

证书验证异常

WARNING: Retrying failed request: /1698383376_2023_10_27_16.4.1-ee_gitlab_backup.tar ([SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129))
WARNING: Waiting 3 sec...
WARNING: Retrying failed request: /1698383376_2023_10_27_16.4.1-ee_gitlab_backup.tar ([SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129))
WARNING: Waiting 6 sec...
WARNING: Retrying failed request: /1698383376_2023_10_27_16.4.1-ee_gitlab_backup.tar ([SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129))
WARNING: Waiting 9 sec...
WARNING: Retrying failed request: /1698383376_2023_10_27_16.4.1-ee_gitlab_backup.tar ([SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129))
WARNING: Waiting 12 sec...
WARNING: Retrying failed request: /1698383376_2023_10_27_16.4.1-ee_gitlab_backup.tar ([SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129))
WARNING: Waiting 15 sec...
ERROR: Upload of '/srv/gitlab/tmp/backup_tars/1698383376_2023_10_27_16.4.1-ee_gitlab_bac

号外号外!
极狐GitLab 正在推出DevSecOps 成熟度测评!链接:https://gitlab.cn/devsecops-assessment/ 测评非常全面并提供了可靠建议,即使不付费买产品,对自己想要落地 DevSecOps 的用户具有很高的参考意义!快来动手试试吧!

DevSecOps 成熟度评估.png


极狐GitLab
64 声望36 粉丝

极狐(GitLab) 以“核心开放”为原则,面向中国市场,提供开箱即用的开放式一体化安全DevOps平台——极狐GitLab。通过业界领先的优先级管理、安全、风险和合规性功能,实现产品、开发、QA、安全和运维团队间的高效协同...