gitlab

Gitlab升级之路10.8.7 -> 11.11.8 -> 12.0.12 -> 12.1.17 -> 12.10.14 -> 13.0.14 -> 13.1.11 -> 13.5.4 -> 13.10.3

Gitlab因存在漏洞,必须进行升级。

https://help.aliyun.com/noticelist/articleid/1060824788.html
https://help.aliyun.com/noticelist/articleid/1060819310.html

本文以Gitlab的Omnibus方便版本来说明从低版本10.8.7 升级到13.10.3 的步骤

官方升级文档:https://docs.gitlab.com/omnibus/update/
重点在这里,版本升级要按部就班,不能步子迈的太大,扯到蛋:
https://docs.gitlab.com/ee/policy/maintenance.html#upgrade-recommendations
于是最终决定的升级路径:
10.8.7 -> 11.11.8 -> 12.0.12 -> 12.1.17 -> 12.10.14 -> 13.0.14 -> 13.1.11 -> 13.5.4 -> 13.10.3

从下载地址把上面所有的安装包下载下来:
https://packages.gitlab.com/gitlab/gitlab-ce

例如我的下载列表:
gitlab-ce-10.8.7-ce.0.el7.x86_64.rpm
gitlab-ce-12.10.14-ce.0.el7.x86_64.rpm
gitlab-ce-13.10.3-ce.0.el7.x86_64.rpm
gitlab-ce-11.11.8-ce.0.el7.x86_64.rpm
gitlab-ce-12.1.17-ce.0.el7.x86_64.rpm
gitlab-ce-13.1.11-ce.0.el7.x86_64.rpm
gitlab-ce-12.0.12-ce.0.el7.x86_64.rpm
gitlab-ce-13.0.14-ce.0.el7.x86_64.rpm
gitlab-ce-13.5.4-ce.0.el7.x86_64.rpm

在你有能力升级之前,请确定你先有能力备份恢复,并且亲自测试!
备份恢复的文档: https://docs.gitlab.com/ee/raketasks/backup_restore.html
备份恢复的重点是这些配置文件:
For Omnibus:
/etc/gitlab/gitlab-secrets.json
/etc/gitlab/gitlab.rb

####### 备份命令需要注意!,不同版本的命令不一样! #########
在使用 Omnibus package的情况下:
GitLab 12.2 or later:
gitlab-backup create
GitLab 12.1 and earlier:
gitlab-rake gitlab:backup:create
##############################################

如果你现在版本是10.8之前的,需要升级PostgreSQL数据库:
10.0 GitLab requires the version of PostgreSQL to be 9.6 or higher.
执行操作:gitlab-ctl pg-upgrade
确定升级后的PostgreSQL版本是9.6:
/opt/gitlab/embedded/bin/psql –version

#################### 升级到10.8.7 ##########################
现在开始升级,先关几个服务:
gitlab-ctl stop unicorn
gitlab-ctl stop sidekiq

开始升级:
#yum update gitlab-ce-10.8.7-ce.0.el7.x86_64.rpm
可能有些参数报错,是因为有些参数更改或者不需要了,根据提示修改 /etc/gitlab/gitlab.rb
重新生成配置文件:
# gitlab-ctl reconfigure
再次执行升级命令:
#yum update gitlab-ce-10.8.7-ce.0.el7.x86_64.rpm
升级成功后,查看最新版本:
cat /opt/gitlab/embedded/service/gitlab-rails/VERSION

################## 从10.8.7 升级到 11.11.8 #######################
gitlab-ctl stop unicorn
gitlab-ctl stop sidekiq

根据:https://docs.gitlab.com/omnibus/update/gitlab_11_changes.html
11.11.8大版本需要修改 gitlab.rb的2个地方:
1、增加 nginx[‘ssl_protocols’] = “TLSv1.2”
2、旧格式去掉 git_data_dir “/data/git-data” 增加新格式 git_data_dirs({ “default” => { “path” => “/data/git-data” } })
然后执行:
gitlab-ctl reconfigure
开始升级:大概2分钟
rpm -Uvh gitlab-ce-11.11.8-ce.0.el7.x86_64.rpm

升级完成,有提示:
Warnings:
The version of the running postgresql service is different than what is installed.
Please restart postgresql to start the new version.
sudo gitlab-ctl restart postgresql

按提示执行:gitlab-ctl restart postgresql

gitlab-ctl restart
gitlab-ctl status 查看应该正常了。

查看版本号:
[root@gitlab soft]# rpm -qa|grep gitlab
gitlab-ce-11.11.8-ce.0.el7.x86_64
[root@gitlab soft]# cat /opt/gitlab/embedded/service/gitlab-rails/VERSION
11.11.8

############ 11.11.8 升级到 12.0.12 ##############
Sidekiq 是Ruby 和Rails 项目中常用的后台任务处理系统,查看方法:https://你的gitlab域名.com/admin/sidekiq
记录一下PostgreSQL的版本为9.6:
# /opt/gitlab/embedded/bin/psql –version
psql (PostgreSQL) 9.6.11

开始升级,照例停几个服务:
gitlab-ctl stop unicorn
gitlab-ctl stop sidekiq

这个版本需要升级prometheus,大概15分钟

[root@gitlab ~]# gitlab-ctl prometheus-upgrade
Converting existing data to new format is a time consuming process and can take hours.
If you prefer not to migrate existing data, press Ctrl-C now and re-run the command with –skip-data-migration flag.
Waiting for 30 seconds for input.

Please hit Ctrl-C now if you want to cancel the operation.
…………………………
会人性化显示大概的时间倒计时:(120G 数据量,预估1个半小时)
326 / 1440 22.64% 1h11m39s
。。。
Running handlers:
Running handlers complete
Chef Client finished, 11/663 resources updated in 10 seconds
Starting prometheus
ok: run: prometheus: (pid 32372) 0s
Prometheus upgrade completed. You are now running Prometheus version 2
Old data directory has been backed up to /var/opt/gitlab/prometheus/data_tmp.
prometheus升级完成,看到已经运行版本2.

执行:
gitlab-ctl reconfigure

正式开始升级:
[root@gitlab soft]# rpm -Uvh gitlab-ce-12.0.12-ce.0.el7.x86_64.rpm
。。。

==== Upgrade has completed ====
Please verify everything is working and run the following if so
rm -rf /var/opt/gitlab/postgresql/data.9.6
。。。
完成。
查看版本号:
[root@gitlab soft]# rpm -qa|grep gitlab
gitlab-ce-12.0.12-ce.0.el7.x86_64
[root@gitlab soft]# cat /opt/gitlab/embedded/service/gitlab-rails/VERSION
12.0.12

Gitlab-ctl restart 如果遇到报错 FATAL: terminating connection due to administrator command
重启 gitlab-ctl restart unicorn
这个版本注意,要关闭runner的自动运行,否则任何项目都会使用runner:
settings CI/CD auto devops,关闭《Default to Auto DevOps pipeline》和《Enable shared runners for new projects》。

如果使用runner,必须升级相应的gitlab-runner

############################## 12.0.12 升级到 12.1.17 测试 #####################
查看PostgreSQL的版本:
[root@gitlab soft]# /opt/gitlab/embedded/bin/psql –version
psql (PostgreSQL) 10.7

开始升级:
gitlab-ctl stop unicorn
gitlab-ctl stop sidekiq
gitlab-ctl stop nginx
rpm -Uvh gitlab-ce-12.1.17-ce.0.el7.x86_64.rpm
大概2分钟后完成。
查看版本:
[root@gitlab soft]# rpm -qa|grep gitlab
gitlab-ce-12.1.17-ce.0.el7.x86_64
[root@gitlab soft]# cat /opt/gitlab/embedded/service/gitlab-rails/VERSION
12.1.17

########################## 12.1.17 升级到 12.10.14 测试 ###############
当前PostgreSQL的版本:
[root@gitlab soft]# /opt/gitlab/embedded/bin/psql –version
psql (PostgreSQL) 10.7
gitlab-ctl stop unicorn
gitlab-ctl stop sidekiq
gitlab-ctl stop nginx
这个版本的PostgreSQL会自动升级:PostgreSQL will automatically be upgraded to 11.x
开始升级:
rpm -Uvh gitlab-ce-12.10.14-ce.0.el7.x86_64.rpm
gitlab-ctl restart
升级后的PostgreSQL 的版本:
[root@gitlab soft]# /opt/gitlab/embedded/bin/psql –version
psql (PostgreSQL) 11.7

同时注意!!!! 12.2版本以后备份的命令变为 gitlab-backup create

######################### 12.10.14 升级到 13.0.14 #########################

此版本变动如下:
1、Puma becoming default web server instead of Unicorn
2、PostgreSQL 11 becoming minimum required version,这个我们搞定了已经。

开始升级:
gitlab-ctl stop unicorn
gitlab-ctl stop sidekiq
gitlab-ctl stop nginx

rpm -Uvh gitlab-ce-13.0.14-ce.0.el7.x86_64.rpm
gitlab-ctl restart

查看版本:
[root@gitlab soft]# cat /opt/gitlab/embedded/service/gitlab-rails/VERSION
13.0.14
[root@gitlab ~]# rpm -qa|grep gitlab
gitlab-ce-13.0.14-ce.0.el7.x86_64

升级后运行check脚本:
gitlab-rake gitlab:check SANITIZE=true
。。。。。
818/4072 … yes
819/4073 … yes
484/4074 … yes
153/4075 … yes
Redis version >= 4.0.0? … yes
Ruby version >= 2.5.3 ? … yes (2.6.6)
Git version >= 2.22.0 ? … yes (2.26.2)
Git user has default SSH configuration? … yes
Active users: … 561
Is authorized keys file accessible? … yes
GitLab configured to store new projects in hashed storage? … yes
All projects are in hashed storage? … no
Try fixing it:
Please migrate all projects to hashed storage
as legacy storage is deprecated in 13.0 and support will be removed in 14.0.
For more information see:
doc/administration/repository_storage_types.md

Checking GitLab App … Finished
Checking GitLab subtasks … Finished

一切正常,Git version显示为2.26.2

########################## 13.0.14 升级到 13.1.11 #################
关闭服务
gitlab-ctl stop unicorn
gitlab-ctl stop puma
gitlab-ctl stop sidekiq

升级:
rpm -Uvh gitlab-ce-13.1.11-ce.0.el7.x86_64.rpm

执行check:
gitlab-rake gitlab:check SANITIZE=true
。。。。
825/4100 … yes
825/4101 … yes
521/4102 … yes
Redis version >= 4.0.0? … yes
Ruby version >= 2.5.3 ? … yes (2.6.6)
Git version >= 2.22.0 ? … yes (2.27.0)
Git user has default SSH configuration? … yes
Active users: … 560
Is authorized keys file accessible? … yes
GitLab configured to store new projects in hashed storage? … yes
All projects are in hashed storage? … no
Try fixing it:
Please migrate all projects to hashed storage
as legacy storage is deprecated in 13.0 and support will be removed in 14.0.
For more information see:
doc/administration/repository_storage_types.md

Checking GitLab App … Finished
Checking GitLab subtasks … Finished

一切正常,Git version显示为2.27.0

################## 13.1.11 升级到 13.5.4 #############
gitlab-ctl stop puma
gitlab-ctl stop sidekiq

rpm -Uvh gitlab-ce-13.5.4-ce.0.el7.x86_64.rpm
安装完成后
gitlab-rake gitlab:check SANITIZE=true

153/4075 … yes
Redis version >= 4.0.0? … yes
Ruby version >= 2.5.3 ? … yes (2.6.6)
Git version >= 2.24.0 ? … yes (2.28.0)
Git user has default SSH configuration? … yes
Active users: … 561
Is authorized keys file accessible? … yes
GitLab configured to store new projects in hashed storage? … yes
All projects are in hashed storage? … no
Try fixing it:
Please migrate all projects to hashed storage
as legacy storage is deprecated in 13.0 and support will be removed in 14.0.
For more information see:
doc/administration/repository_storage_types.md

Checking GitLab App … Finished
Checking GitLab subtasks … Finished

一切正常,Git version显示为2.27.0

####### 13.5.4 升级到 13.10.3 #########
gitlab-ctl stop puma
gitlab-ctl stop sidekiq

rpm -Uvh gitlab-ce-13.10.3-ce.0.el7.x86_64.rpm

[root@gitlab soft]# /opt/gitlab/embedded/bin/psql –version
psql (PostgreSQL) 12.6
[root@gitlab soft]# cat /opt/gitlab/embedded/service/gitlab-rails/VERSION
13.10.3

执行检查:
[root@gitlab soft]# gitlab-rake gitlab:check SANITIZE=true

819/4073 … yes
484/4074 … yes
153/4075 … yes
Redis version >= 4.0.0? … yes
Ruby version >= 2.7.2 ? … yes (2.7.2)
Git version >= 2.29.0 ? … yes (2.29.0)
Git user has default SSH configuration? … yes
Active users: … 561
Is authorized keys file accessible? … yes
GitLab configured to store new projects in hashed storage? … yes
All projects are in hashed storage? … yes

Checking GitLab App … Finished
Checking GitLab subtasks … Finished

一切正常,Git version显示为2.28.0 ,同时存储变为 hashed storage

https://moneyslow.com/gitlab如何安装gitlab-runner?.html