Moving GitLab to Another Server and Upgrading GitLab

There is GitLab version 7.4.1 installed from source. It is necessary to update it to the current version with the transfer of all data.

The action plan is as follows:

  • Install on the new server GitLab of the same version as on the old server
  • Back up data on the old server using GitLab
  • Deploy the backup on a new server
  • Update GitLab to the latest version

Install on the new server GitLab of the same version as on the old server

Add EPEL repository and update

[[email protected]]# yum -y install epel-release
[[email protected]]# yum update

We put the software

[[email protected]]# yum -y install curl openssh-server openssh-clients postfix policycoreutils-python
[[email protected]]# yum -y install mc nano wget htop git rsync p7zip ntpdate

Disable SeLinux

[[email protected]]# setenforce 0
[[email protected]]# nano /etc/selinux/config
	SELINUX=disabled

On the new server, install gitlab of the same version as on the old server

Archives of old versions: https://about.gitlab.com/downloads/archives/

Download the distribution and install it

[[email protected]]# cd /home
[[email protected]]# wget https://downloads-packages.s3.amazonaws.com/centos-7.0.1406/gitlab-7.4.1_omnibus-1.el7.x86_64.rpm
[[email protected]]# rpm -ivh gitlab-7.4.1_omnibus-1.el7.x86_64.rpm
  • i – Install package
  • v – show debug information
  • h – display hash marks on installation

Adding rules to the firewall

[[email protected]]# firewall-cmd --permanent --add-service=http
[[email protected]]# firewall-cmd --permanent --add-service=https
[[email protected]]# firewall-cmd --reload

Editing the file gitlab.rb for the subsequent generation of the gitlab config

[[email protected]]# cd /etc/gitlab/
[[email protected]]# nano gitlab.rb
external_url 'http://git.sitename.ru'

Sample file gitlab.rb, in which LDAP authorization is connected and a connection to the mail server is configured

[[email protected]]# cat gitlab.rb 

## GitLab URL
##! URL on which GitLab will be reachable.
##! For more details on configuring external_url see:
##! https://docs.gitlab.com/omnibus/settings/configuration.html#configuring-the-external-url-for-gitlab
external_url 'http://git.sitename.ru'


### Email Settings
 gitlab_rails['gitlab_email_enabled'] = true
 gitlab_rails['gitlab_email_from'] = '[email protected]'
 gitlab_rails['gitlab_email_display_name'] = 'noreply'
 gitlab_rails['gitlab_email_reply_to'] = '[email protected]'
# gitlab_rails['gitlab_email_subject_suffix'] = ''


### LDAP Settings
###! Docs: https://docs.gitlab.com/omnibus/settings/ldap.html
###! **Be careful not to break the indentation in the ldap_servers block. It is
###!   in yaml format and the spaces must be retained. Using tabs will not work.**

 gitlab_rails['ldap_enabled'] = true

###! **remember to close this block with 'EOS' below**
 gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
   main: # 'main' is the GitLab 'provider ID' of this LDAP server
     label: 'LDAP'
     host: '192.168.0.6'
     port: 389
     uid: 'sAMAccountName'
     bind_dn: 'CN=Admin,CN=Users,DC=domain,DC=local'
     password: 'password'
#     timeout: 10
     encryption: 'plain"https://itdraft.ru/2018/06/05/perenos-gitlab-na-drugoj-server-i-obnovlenie-gitlab/#"start_tls" or "simple_tls" or "plain"
#     verify_certificates: true
     active_directory: true
#     allow_username_or_email_login: false
#     lowercase_usernames: false
#     block_auto_created_users: false
     base: 'OU=Users,OU=Office,DC=domain,DC=local'
     user_filter: ''
#     attributes:
#     username: ['uid', 'userid', 'sAMAccountName']
#     email: ['mail', 'email', 'userPrincipalName']
#     name: 'cn'
#     first_name: 'givenName'
#     last_name:  'sn'
#     ## EE only
#     group_base: ''
#     admin_group: ''
#     sync_ssh_keys: false
#
#   secondary: # 'secondary' is the GitLab 'provider ID' of second LDAP server
#     label: 'LDAP'
#     host: '_your_ldap_server'
#     port: 389
#     uid: 'sAMAccountName'
#     bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
#     password: '_the_password_of_the_bind_user'
#     encryption: 'plain"https://itdraft.ru/2018/06/05/perenos-gitlab-na-drugoj-server-i-obnovlenie-gitlab/#"start_tls" or "simple_tls" or "plain"
#     verify_certificates: true
#     active_directory: true
#     allow_username_or_email_login: false
#     lowercase_usernames: false
#     block_auto_created_users: false
#     base: ''
#     user_filter: ''
#     ## EE only
#     group_base: ''
#     admin_group: ''
#     sync_ssh_keys: false
 EOS


### Backup Settings
###! Docs: https://docs.gitlab.com/omnibus/settings/backups.html

#gitlab_rails['manage_backup_path'] = true
#gitlab_rails['backup_path'] = "/mnt/nfs"

###! Docs: https://docs.gitlab.com/ce/raketasks/backup_restore.html#backup-archive-permissions
# gitlab_rails['backup_archive_permissions'] = 0644

# gitlab_rails['backup_pg_schema'] = 'public'

###! The duration in seconds to keep backups before they are allowed to be deleted
#gitlab_rails['backup_keep_time'] = 604800


# localhost
# gitlab_rails['smtp_enable'] = true;
# gitlab_rails['smtp_address'] = 'localhost';
# gitlab_rails['smtp_port'] = 25;
## gitlab_rails['smtp_user_name'] = "root"
## gitlab_rails['smtp_password'] = "password"
# gitlab_rails['smtp_domain'] = 'localhost';
## gitlab_rails['smtp_authentication'] = "login"
# gitlab_rails['smtp_tls'] = false;
# gitlab_rails['smtp_openssl_verify_mode'] = 'none'
# gitlab_rails['smtp_enable_starttls_auto'] = false
# gitlab_rails['smtp_ssl'] = false
# gitlab_rails['smtp_force_ssl'] = false

# mx.sitename.ru
gitlab_rails['smtp_enable'] = true;
gitlab_rails['smtp_address'] = 'mx.sitename.ru';
gitlab_rails['smtp_port'] = 587;
gitlab_rails['smtp_user_name'] = 'noreply';
gitlab_rails['smtp_password'] = 'passwopd';
gitlab_rails['smtp_domain'] = 'sitename.ru';
gitlab_rails['smtp_authentication'] = 'login';
gitlab_rails['smtp_tls'] = false;
gitlab_rails['smtp_enable_starttls_auto'] = true;
gitlab_rails['smtp_openssl_verify_mode'] = 'none';
#gitlab_rails['smtp_ssl'] = true;
#gitlab_rails['smtp_force_ssl'] = true;

Generating a config

[[email protected]]# sudo gitlab-ctl reconfigure

Run gitlab

[[email protected]]# sudo gitlab-ctl start

Open the browser:

http://192.168.1.49
login: root
password: 5iveL!fe

Log in, change the password

Back up data on the old server using GitLab

I did not have a backup, because the script did not like the psql version, we make a link to the fresher version that was already installed on the server

[[email protected]]# ln -s /usr/pgsql-9.3/bin/pg_dump /usr/bin/pg_dump --force

Making a backup

[[email protected]]# cd /home/git/gitlab
[[email protected]]# bundle exec rake gitlab:backup:create RAILS_ENV=production;
  • Backup files on the old server: / home / git / gitlab / tmp / backups

Transferring the backup file from the old server to the new one

  • Backup files on the new server: / var / opt / gitlab / backups

Deploy the backup on a new server

Stop services

[[email protected]]# sudo gitlab-ctl stop unicorn
[[email protected]]# sudo gitlab-ctl stop sidekiq
[[email protected]]# sudo gitlab-ctl status

Deploying a backup to a new server

[[email protected]]# sudo gitlab-rake gitlab:backup:restore BACKUP=1526552248

or

[[email protected]]# sudo gitlab-rake gitlab:backup:restore RAILS_ENV=production

We start the services

[[email protected]]# gitlab-ctl start unicorn
[[email protected]]# gitlab-ctl start sidekiq
[[email protected]]# gitlab-ctl status

An error occurred during deployment. Empty projects have not been deployed from the backup, so you must first delete them, then make a backup.

You can also manually transfer everything that was not transferred after:

[[email protected]]# git clone --mirror /var/opt/gitlab/backups/repositories/%username%/%project%.bundle /var/opt/gitlab/git-data/repositories/%username%/%project%.git

Change directory owner

[[email protected]]# chown -R git:git /var/opt/gitlab/git-data/repositories

Trying to make a backup on a new server and deploy it

Making a backup

[[email protected]]# sudo gitlab-rake gitlab:backup:create

Stop services

[[email protected]]# gitlab-ctl stop unicorn
[[email protected]]# gitlab-ctl stop sidekiq
[[email protected]]# gitlab-ctl status

Deploying the backup

[[email protected]]# sudo gitlab-rake gitlab:backup:restore BACKUP=1526552248

We start the services

[[email protected]]# gitlab-ctl start unicorn
[[email protected]]# gitlab-ctl start sidekiq
[[email protected]]# gitlab-ctl status

Update GitLab to the latest version

Because our version is quite old, we will update along the following chain:

7.4.1 -> 7.14.x -> 8.0.x -> 8.17.x -> 9.0 -> 9.5 -> 10.0 -> 10.7 -> 10.8.3

Download the distribution kit version 7.14.2

[[email protected]]# wget --content-disposition https://packages.gitlab.com/gitlab/gitlab-ce/packages/el/7/gitlab-ce-7.14.2-ce.1.el7.x86_64.rpm/download.rpm

Updating

[[email protected]]# rpm -Uvh gitlab-ce-7.14.2-ce.1.el7.x86_64.rpm
  • U – update package
  • v – show debug information
  • h – display hash marks on installation

Restart

[[email protected]]# sudo gitlab-ctl restart

Etc

Opening access to GitLab from the outside

Because we have a limited number of external IP-addresses, and since our GitLab is running on a separate virtual server, we configure port forwarding so that we have access to GitLab from the outside

On the server where the external IP is registered, you need to reconfigure ssh, iptables, apache

Configuring ssh

[[email protected]]# cat /etc/ssh/sshd_config
ListenAddress 192.168.1.38
[[email protected]]# service ssh restart

now access to this server via ssh only inside the network

Configuring Configuring iptables, forwarding port 22

[[email protected]]# iptables -A FORWARD -d 192.168.1.49 -i eth1 -p tcp -m tcp --dport 22 -j ACCEPT
[[email protected]]# iptables -t nat -A PREROUTING -d внешний_IP -p tcp -m tcp --dport 22 -j DNAT --to-destination 192.168.1.49:22
[[email protected]]# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
[[email protected]]# service iptables save
[[email protected]]# service iptables reload

You also need to comment out one rule, otherwise the forwarding will not work

#-A FORWARD -j REJECT --reject-with icmp-host-prohibited

Configure apache, forward port 80 and 443:

[[email protected]]# cat /etc/httpd/virtual/git.sitename.ru.conf
    ServerName git.sitename.ru
    ServerSignature Off
    ProxyPreserveHost On

    Redirect / https://git.sitename.ru/

    ServerName git.sitename.ru
    ServerSignature Off
  
    Order deny,allow
    Allow from all

    ProxyPassReverse http://192.168.1.49:80
    ProxyPassReverse http://git.sitename.ru/
  
    SSLEngine on
    SSLCertificateFile /etc/httpd/ssl/sitename.ru/certificate.crt
    SSLCertificateKeyFile /etc/httpd/ssl/sitename.ru/private.key

    SSLProxyEngine On
    SSLProxyCheckPeerCN on
    SSLProxyCheckPeerExpire on

    RewriteEngine on
    RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
    RewriteRule .* http://192.168.1.49:80%{REQUEST_URI} [P,QSA]
    RequestHeader set X_FORWARDED_PROTO 'https'

    ErrorLog /var/www/vhosts/git.sitename.ru/logs/error_ssl.log
    CustomLog /var/www/vhosts/git.sitename.ru/logs/access_ssl.log combined

Restart apache

[[email protected]]# service httpd restart
Sidebar