GitLab教程(15): 备份与恢复
定期备份GitLab数据可以防止意外丢失。本文将详细介绍GitLab的备份策略和恢复方法。
备份内容
# GitLab备份包含的内容
1. 数据库 (PostgreSQL)
- 用户、组、项目元数据
- Issue、MR、评论
- CI/CD配置
2. 仓库数据
- Git仓库
- Wiki仓库
- LFS对象
3. 上传的文件
- 头像
- Issue附件
- 项目上传文件
4. CI/CD Artifacts
- 构建产物
- 缓存
# 不包含在备份中(需要单独备份)
- 配置文件 (/etc/gitlab/gitlab.rb)
- 密钥文件 (/etc/gitlab/gitlab-secrets.json)
- SSL证书创建备份
# 创建完整备份
sudo gitlab-backup create
# 备份输出
2026-02-08 12:00:00 +0000 -- Dumping database ...
2026-02-08 12:00:30 +0000 -- Dumping repositories ...
2026-02-08 12:01:00 +0000 -- Dumping uploads ...
2026-02-08 12:01:15 +0000 -- Dumping builds ...
2026-02-08 12:01:30 +0000 -- Dumping artifacts ...
2026-02-08 12:02:00 +0000 -- Dumping pages ...
2026-02-08 12:02:15 +0000 -- Dumping lfs objects ...
2026-02-08 12:02:30 +0000 -- Dumping container registry images ...
2026-02-08 12:03:00 +0000 -- Creating backup archive: 1707393600_2026_02_08_16.8.0_gitlab_backup.tar
2026-02-08 12:03:30 +0000 -- done
2026-02-08 12:03:30 +0000 -- Deleting old backups ...
2026-02-08 12:03:30 +0000 -- done
# 备份文件位置
ls -lh /var/opt/gitlab/backups/
-rw------- 1 git git 2.5G Feb 8 12:03 1707393600_2026_02_08_16.8.0_gitlab_backup.tar
# 备份特定内容
sudo gitlab-backup create SKIP=artifacts,lfs,registry
# 可跳过的选项
# db, uploads, builds, artifacts, lfs, registry, pages, repositories备份配置文件
# 配置文件必须单独备份!
# 重要文件
/etc/gitlab/gitlab.rb # 主配置文件
/etc/gitlab/gitlab-secrets.json # 加密密钥(非常重要!)
/etc/gitlab/ssl/ # SSL证书
# 备份配置文件
sudo cp /etc/gitlab/gitlab.rb /backup/gitlab.rb.$(date +%Y%m%d)
sudo cp /etc/gitlab/gitlab-secrets.json /backup/gitlab-secrets.json.$(date +%Y%m%d)
sudo tar -czvf /backup/gitlab-ssl-$(date +%Y%m%d).tar.gz /etc/gitlab/ssl/
# ⚠️ 警告
# 如果丢失 gitlab-secrets.json,将无法:
# - 解密数据库中的加密数据
# - 访问CI/CD变量
# - 使用双因素认证
# - 访问存储的凭据自动备份
# 配置自动备份
# /etc/gitlab/gitlab.rb
# 备份保留时间(秒)604800 = 7天
gitlab_rails['backup_keep_time'] = 604800
# 备份路径
gitlab_rails['backup_path'] = "/var/opt/gitlab/backups"
# 备份存档权限
gitlab_rails['backup_archive_permissions'] = 0600
# 应用配置
sudo gitlab-ctl reconfigure
# 添加定时任务
sudo crontab -e -u root
# 每天凌晨2点执行备份
0 2 * * * /opt/gitlab/bin/gitlab-backup create CRON=1 >> /var/log/gitlab/backup.log 2>&1
# 每天凌晨3点备份配置文件
0 3 * * * cp /etc/gitlab/gitlab.rb /backup/gitlab.rb.$(date +\%Y\%m\%d)
0 3 * * * cp /etc/gitlab/gitlab-secrets.json /backup/gitlab-secrets.json.$(date +\%Y\%m\%d)上传到远程存储
# 配置S3备份
# /etc/gitlab/gitlab.rb
gitlab_rails['backup_upload_connection'] = {
'provider' => 'AWS',
'region' => 'us-east-1',
'aws_access_key_id' => 'AKIAXXXXXXXXXXXXXXXX',
'aws_secret_access_key' => 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
}
gitlab_rails['backup_upload_remote_directory'] = 'gitlab-backups'
gitlab_rails['backup_multipart_chunk_size'] = 104857600 # 100MB
# 配置Google Cloud Storage
gitlab_rails['backup_upload_connection'] = {
'provider' => 'Google',
'google_project' => 'my-project',
'google_json_key_location' => '/path/to/service-account.json'
}
gitlab_rails['backup_upload_remote_directory'] = 'gitlab-backups'
# 配置Azure Blob Storage
gitlab_rails['backup_upload_connection'] = {
'provider' => 'AzureRM',
'azure_storage_account_name' => 'mystorageaccount',
'azure_storage_access_key' => 'your-access-key'
}
gitlab_rails['backup_upload_remote_directory'] = 'gitlab-backups'
# 应用配置
sudo gitlab-ctl reconfigure恢复备份
# 恢复前准备
# 1. 确保GitLab版本与备份版本一致
sudo gitlab-rake gitlab:env:info
# GitLab: 16.8.0
# 2. 停止需要停止的服务
sudo gitlab-ctl stop puma
sudo gitlab-ctl stop sidekiq
# 验证服务已停止
sudo gitlab-ctl status
# 3. 确保备份文件在正确位置
ls -la /var/opt/gitlab/backups/
# 确保文件权限正确
sudo chown git:git /var/opt/gitlab/backups/1707393600_2026_02_08_16.8.0_gitlab_backup.tar
# 4. 恢复配置文件(如果需要)
sudo cp /backup/gitlab.rb.20260208 /etc/gitlab/gitlab.rb
sudo cp /backup/gitlab-secrets.json.20260208 /etc/gitlab/gitlab-secrets.json
sudo gitlab-ctl reconfigure
# 5. 执行恢复
sudo gitlab-backup restore BACKUP=1707393600_2026_02_08_16.8.0
# 恢复过程输出
Unpacking backup ...
Restoring database ...
Restoring repositories ...
Restoring uploads ...
Restoring builds ...
Restoring artifacts ...
Restoring pages ...
Restoring lfs objects ...
This task will now rebuild the authorized_keys file.
You will lose any data stored in the authorized_keys file.
Do you want to continue (yes/no)? yes
# 6. 重启服务
sudo gitlab-ctl restart
# 7. 验证恢复
sudo gitlab-rake gitlab:check SANITIZE=trueDocker备份恢复
# Docker环境备份
# 创建备份
docker exec -t gitlab gitlab-backup create
# 备份配置文件
docker cp gitlab:/etc/gitlab/gitlab.rb ./backup/
docker cp gitlab:/etc/gitlab/gitlab-secrets.json ./backup/
# 复制备份文件到主机
docker cp gitlab:/var/opt/gitlab/backups/1707393600_2026_02_08_16.8.0_gitlab_backup.tar ./backup/
# Docker环境恢复
# 1. 停止服务
docker exec -it gitlab gitlab-ctl stop puma
docker exec -it gitlab gitlab-ctl stop sidekiq
# 2. 复制备份文件到容器
docker cp ./backup/1707393600_2026_02_08_16.8.0_gitlab_backup.tar gitlab:/var/opt/gitlab/backups/
docker cp ./backup/gitlab.rb gitlab:/etc/gitlab/
docker cp ./backup/gitlab-secrets.json gitlab:/etc/gitlab/
# 3. 设置权限
docker exec -it gitlab chown git:git /var/opt/gitlab/backups/*.tar
# 4. 恢复
docker exec -it gitlab gitlab-backup restore BACKUP=1707393600_2026_02_08_16.8.0
# 5. 重启
docker restart gitlab迁移到新服务器
# 1. 在旧服务器上创建备份
sudo gitlab-backup create
# 2. 复制文件到新服务器
scp /var/opt/gitlab/backups/1707393600_2026_02_08_16.8.0_gitlab_backup.tar user@new-server:/tmp/
scp /etc/gitlab/gitlab.rb user@new-server:/tmp/
scp /etc/gitlab/gitlab-secrets.json user@new-server:/tmp/
# 3. 在新服务器上安装相同版本的GitLab
sudo apt-get install gitlab-ce=16.8.0-ce.0
# 4. 恢复配置
sudo cp /tmp/gitlab.rb /etc/gitlab/
sudo cp /tmp/gitlab-secrets.json /etc/gitlab/
sudo cp /tmp/*.tar /var/opt/gitlab/backups/
sudo chown git:git /var/opt/gitlab/backups/*.tar
# 5. 应用配置并恢复
sudo gitlab-ctl reconfigure
sudo gitlab-ctl stop puma
sudo gitlab-ctl stop sidekiq
sudo gitlab-backup restore BACKUP=1707393600_2026_02_08_16.8.0
sudo gitlab-ctl restart
# 6. 验证
sudo gitlab-rake gitlab:check SANITIZE=true备份脚本
#!/bin/bash
# /opt/scripts/gitlab-backup.sh
set -e
DATE=$(date +%Y%m%d)
BACKUP_DIR="/backup/gitlab"
LOG_FILE="/var/log/gitlab/backup-${DATE}.log"
echo "=== GitLab Backup Started: $(date) ===" | tee -a $LOG_FILE
# 创建备份目录
mkdir -p ${BACKUP_DIR}/{data,config}
# 备份数据
echo "Creating data backup..." | tee -a $LOG_FILE
/opt/gitlab/bin/gitlab-backup create CRON=1 2>&1 | tee -a $LOG_FILE
# 复制备份文件
LATEST_BACKUP=$(ls -t /var/opt/gitlab/backups/*.tar | head -1)
cp $LATEST_BACKUP ${BACKUP_DIR}/data/ | tee -a $LOG_FILE
# 备份配置文件
echo "Backing up configuration..." | tee -a $LOG_FILE
cp /etc/gitlab/gitlab.rb ${BACKUP_DIR}/config/gitlab.rb.${DATE}
cp /etc/gitlab/gitlab-secrets.json ${BACKUP_DIR}/config/gitlab-secrets.json.${DATE}
# 上传到S3(可选)
if command -v aws &> /dev/null; then
echo "Uploading to S3..." | tee -a $LOG_FILE
aws s3 cp $LATEST_BACKUP s3://gitlab-backups/${DATE}/
aws s3 cp ${BACKUP_DIR}/config/ s3://gitlab-backups/${DATE}/config/ --recursive
fi
# 清理旧备份(保留7天)
echo "Cleaning old backups..." | tee -a $LOG_FILE
find ${BACKUP_DIR} -type f -mtime +7 -delete
echo "=== GitLab Backup Completed: $(date) ===" | tee -a $LOG_FILE备份检查清单
# GitLab备份检查清单
[ ] 定期创建数据备份
[ ] 备份gitlab.rb配置文件
[ ] 备份gitlab-secrets.json(最重要!)
[ ] 备份SSL证书
[ ] 将备份复制到远程存储
[ ] 定期测试恢复流程
[ ] 监控备份任务执行状态
[ ] 验证备份文件完整性
[ ] 记录GitLab版本号总结
本文介绍了GitLab的备份与恢复方法,包括手动备份、自动备份、远程存储和恢复步骤。定期备份是保护数据安全的关键措施。
下一篇我们将学习GitLab高可用部署。
声明:本站所有文章,如无特殊说明或标注,均为本站原创发布。任何个人或组织,在未征得本站同意时,禁止复制、盗用、采集、发布本站内容到任何网站、书籍等各类媒体平台。如若本站内容侵犯了原著者的合法权益,可联系我们进行处理。
