1 迁移规划

  1. 提前把数据库迁移到外部,参考: GitLab 迁移到外部数据库 | 云原生基站
  2. 准备 gitlab 集群,参考: GitLab Cluster | 云原生基站(里面别按照这文档写数据,都是测试用的)
  3. 同步原有 gitlab 数据到 nfs (因为数据量比较大,这部操作可能要一天作用)
  4. 修改原有 gialab 服务配置,使其变成 gitaly
  5. 测试没问题,切换 dns 解析到 rails 角色的负载均衡

2 同步数据

原有 gitlab 节点执行

2.1 安装工具

yum install rsync nfs-utils -y

2.2 挂载 NFS

mount -t nfs 10.1.1.1:/gitlab-data /gitlab-dat

2.3 查看目录结构

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
├── config
│   ├── docker-compose.yaml
│   ├── gitlab.rb
│   ├── ssl
│   │   ├── gitlab-tst.ccops.cc.crt
│   │   └── gitlab-tst.ccops.cc.key
│   └── trusted-certs
│       ├── 9dc3655b.0 -> server-3.pem
│       ├── cd04d627.0 -> server-1.pem
│       ├── f4bdbc0a.0 -> server-2.pem
│       ├── server-1.pem
│       ├── server-2.pem
│       └── server-3.pem
├── gitlab-ci
│   └── builds
└── gitlab-rails
    ├── share
    ├── shared
    └── uploads

2.4 同步数据

参考: 文件同步笔记 | 云原生基站

2.4.1 同步秘钥

1
rsync -avPz --progress --delete /home/git/.ssh/authorized_keys /gitlab-data/.ssh

3 修改原有的 gitlab 节点

3.1 新增配置文件

注意git_data_dirs, 要写原有节点的目录

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
# Avoid running unnecessary services on the Gitaly server
postgresql['enable'] = false
redis['enable'] = false
nginx['enable'] = false
puma['enable'] = false
unicorn['enable'] = false
sidekiq['enable'] = false
gitlab_workhorse['enable'] = false
grafana['enable'] = false

# If you run a separate monitoring node you can disable these services
alertmanager['enable'] = false
prometheus['enable'] = false

# Prevent database migrations from running on upgrade automatically
gitlab_rails['auto_migrate'] = false

# Enable only the Gitaly service
gitaly['enable'] = true

# Configure the gitlab-shell API callback URL. Without this, `git push` will
# fail. This can be your 'front door' GitLab URL or an internal load
# balancer.
# Don't forget to copy `/etc/gitlab/gitlab-secrets.json` from web server to Gitaly server
gitlab_rails['internal_api_url'] = 'https://gitlab-tst.ccops.cc'

# Make Gitaly accept connections on all network interfaces. You must use
# firewalls to restrict access to this address/port.
# Comment out following line if you only want to support TLS connections
gitaly['tls_listen_addr'] = "0.0.0.0:9999"
gitaly['certificate_path'] = "/etc/gitlab/ssl/server-1.pem"
gitaly['key_path'] = "/etc/gitlab/ssl/server.key"

# Enable service discovery for Prometheus
consul['enable'] = false
consul['monitoring_service_discovery'] =  false

# Set the network addresses that the exporters will listen on for monitoring
gitaly['prometheus_listen_addr'] = "0.0.0.0:9236"

# Gitaly Auth Token
# Should be the same as praefect_internal_token
gitaly['auth_token'] = 'LYIddgqhn91xxxxxDtLSTnO'
gitlab_shell['secret_token'] = 'vIH3gfTxxxxxxnY3ZH7DDVX17YJ'

git_data_dirs({
  'default' => {'gitaly_address' => 'tls://gitaly-1-.ccops.cc:9999','path' => '/git-repos'},
})

3.2 新增证书

mkdir ssl

拷贝以前准备的证书

cp -r /data/gitlab/config/ssl/ .

cp ssl/server-1.pem trusted-certs/

3.3 启动服务

docker-compose up -d

4 修改集群配置

4.1 拷贝原有 gitlab 秘钥文件 (原有节点操作)

tar -cvf key.tar gitlab-secrets.json ssh_host_ecdsa_key ssh_host_ecdsa_key.pub ssh_host_ed13245_key ssh_host_ed13245_key.pub ssh_host_rsa_key ssh_host_rsa_key.pub

4.2 上传秘钥文件(所有节点操作)

cd /gitlab-data/config

tar -xvf key.tar

4.3 启动其他 gitaly 节点

5 启动 rails 节点进行测试

5.1 查看集群状态

image-20220610155640637

5.2 如果状态不对

gitaly 容器执行

docker exec -it <name}/opt/gitlab/embedded/bin/gitaly-hooks check /var/opt/gitlab/gitaly/config.toml

5.3 配置 gitaly 权重

默认情况 default 权重是 100,创建的所有 project 都分配到 default,需要手动改下

image-20220610163738368

6 测试

6.1 新建项目查看在哪个 gitaly 节点

已经分配到其他 gitaly 说明集群正常

image-20220614105457325

7 问题记录

7.1 rails 报错 OpenSSL::Cipher::CipherError

没有导入原来的秘钥导致,上传下即可