SlideShare ist ein Scribd-Unternehmen logo

GitLab on OpenShift

Als PPTX, PDF herunterladen
ConSol Consulting & Solutions Software GmbH
ConSol Consulting & Solutions Software GmbH

Presented by Markus Hansmair during the OpenShift Meetup (2019-11-25)

Technologie
1 von 24
GitLab on OpenShift Markus Hansmair 2019-11-25
GitLab on OpenShift Slide 2 Agenda • Installing GitLab on OpenShift • Preparational steps • Installation • Issues & fixes • Upgrading • Backup & Restore • Desaster recovery • Data migration
GitLab on OpenShift Slide 3 Installing GitLab on OpenShift https://labs.consol.de/ Thank you! Any questions?
GitLab on OpenShift Slide 4 Installing GitLab on OpenShift Just kidding :-)
GitLab on OpenShift Slide 5 Installing GitLab on OpenShift Preparational steps  Install required software on local host  Create an OpenShift project for GitLab  Tweak permissions  Provide TLS certificates  Provide LDAP credentials  Compose gitlab-values.yml
GitLab on OpenShift Slide 6 Installing GitLab on OpenShift Install required software on local host Get helm binary (https://github.com/helm/helm/releases/) (v2.12.x or above, but not v3.x) helm version helm init --client-only helm plugin install https://github.com/rimusz/helm-tiller helm repo add gitlab https://charts.gitlab.io/ helm repo update Create an OpenShift project for GitLab oc new-project gitlab
GitLab on OpenShift Slide 7 Installing GitLab on OpenShift Tweak permissions oc adm policy add-scc-to-user anyuid -z gitlab-shared-secrets oc adm policy add-scc-to-user anyuid -z gitlab-gitlab-runner oc adm policy add-scc-to-user anyuid -z gitlab-prometheus-server oc adm policy add-scc-to-user anyuid -z default Provide TLS certificates / LDAP credentials oc create secret tls gitlab-certs --cert=tls.crt --key=tls.key oc create secret generic gitlab-ldap-secret --from-literal=password=<ldap-password>
GitLab on OpenShift Slide 8 Installing GitLab on OpenShift Compose gitlab-values.yml global: appConfig: ldap: .... edition: ce email: from: <from-address-for-notifications> hosts: domain: <my-domain> # your TLS certificates must match gitlab.<my-domain> externalIP: <external-ip> # of gitlab.<my-domain> ingress: configureCertmanager: false tls: secretName: gitlab-certs smtp: ....
GitLab on OpenShift Slide 9 Installing GitLab on OpenShift Compose gitlab-values.yml (continued) certmanager: install: false nginx-ingress: enabled: false registry: enabled: false gitlab: sidekiq: registry: enabled: false task-runner: registry: enabled: false unicorn: registry: enabled: false
GitLab on OpenShift Slide 10 Installing GitLab on OpenShift Compose gitlab-values.yml (continued) global: .... psql: host: <fqdn-of-postgresql-server> port: 5432 username: <username> database: <database-name> password: secret: <secret-with-password-of-psql-username> key: <key-within-secret> A separate PostgreSQL database is recommended for production-ready installations.
GitLab on OpenShift Slide 11 Installing GitLab on OpenShift Actual installation helm tiller start gitlab helm upgrade --install -f gitlab-values.yml gitlab gitlab/gitlab --version 2.5.1 --timeout 600 For a complete mapping between chart versions and versions of GitLab see https://docs.gitlab.com/charts/installation/version_mappings.html oc get --export -o yaml secret gitlab-rails-secret > gitlab-rails-secret.yaml Save the secret keys created: YOU WILL NEED THEM IN CASE OF DESASTER RECOVERY!
GitLab on OpenShift Slide 12 Installing GitLab on OpenShift Issues & fixes  Fix GitLab Runner deployment  Configure data rentention for Prometheus  Fix s3cmd configuration for Task Runner pods
GitLab on OpenShift Slide 13 Installing GitLab on OpenShift Fix GitLab Runner deployment oc edit deployment gitlab-gitlab-runner Pods need server certificate provided by secret gitlab-certs created in preparational steps. - mountPath: /home/gitlab-runner/.gitlab-runner/certs name: volume-gitlab-certs readOnly: true - name: volume-gitlab-certs secret: defaultMode: 420 items: - key: tls.crt path: gitlab.<my-domain>.crt secretName: gitlab-certs
GitLab on OpenShift Slide 14 Installing GitLab on OpenShift Fix GitLab Runner deployment (continued) Change CI_SERVER_URL to use service URL (instead of route URL) - name: CI_SERVER_URL value: http://gitlab-unicorn.gitlab.svc:8181
GitLab on OpenShift Slide 15 Installing GitLab on OpenShift Configure data retention for Prometheus oc edit deployment gitlab-prometheus-server Prevent Prometheus‘ time series database to fill up its entire volume - args: - --config.file=/etc/config/prometheus.yml - --storage.tsdb.path=/data - --storage.tsdb.retention=7d - --web.console.libraries=/etc/prometheus/console_libraries - --web.console.templates=/etc/prometheus/consoles - --web.enable-lifecycle
GitLab on OpenShift Slide 16 Installing GitLab on OpenShift Fix s3cmd configuration for Task Runner pods oc edit configmap gitlab-task-runner Use service URL of minio (instead of route URL) to avoid TLS issues. host_base = gitlab-minio-svc:9000 host_bucket = gitlab-minio-svc:9000/%(bucket) .... website_endpoint = http://gitlab-minio-svc:9000 use_https = False oc delete pod <task-runner-pod> Restart Task Runner pod
GitLab on OpenShift Slide 17 Upgrading GitLab on OpenShift Upgrading helm repo update helm tiller start gitlab helm upgrade -f gitlab-values.yml gitlab gitlab/gitlab --version <chart-version> --timeout 600 DO NOT SKIP MINOR VERSIONS WHEN UPGRADING! 11.10.4 => 11.11.x => 12.0.x => 12.1.1 Check that modifications (see issues & fixes) are still in place after each upgrade step!
GitLab on OpenShift Slide 18 Backup & Restore Backup oc rsh <gitlab-task-runner-pod> backup-utility --backup Backup archive is stored in GitLab‘s own installation of Minio (e.g. 1563521329_2019_07_19_11.10.4_gitlab_backup.tar) Various options:  Separate S3 compatible object store with own backup strategy  Backup persistent volume used by Minio  Hand-crafted backup of backup archives oc exec $TASK_RUNNER_POD -- s3cmd get s3://gitlab-backups/$BACKUP_ARCHIVE /tmp oc cp $TASK_RUNNER_POD:/tmp/$BACKUP_ARCHIVE . oc exec $TASK_RUNNER_POD -- s3cmd rm s3://gitlab-backups/$BACKUP_ARCHIVE oc exec $TASK_RUNNER_POD -- sh -c "rm /tmp/*_gitlab_backup.tar"
GitLab on OpenShift Slide 19 Backup & Restore Restore oc rsh <gitlab-task-runner-pod> backup-utility --restore -t <backup-name> <backup-name> e.g. 1563521329_2019_07_19_11.10.4 In case backup archive is not stored in object store: oc cp $BACKUP_ARCHIVE $TASK_RUNNER_POD:/tmp/0_gitlab_backup.tar oc exec $TASK_RUNNER_POD -- backup-utility --restore -f /tmp/0_gitlab_backup.tar 0_gitlab_backup.tar is a work-around due to a bug in backup-utility
GitLab on OpenShift Slide 20 Desaster recovery Desaster recovery  Install the EXACT version of GitLab that was used for your latest backup  Restore the secret keys of your lost installation oc delete secret gitlab-rails-secret oc create -f gitlab-rails-secret.yaml  Do the actual restore (see previous slide)
GitLab on OpenShift Slide 21 Desaster recovery Desaster recovery (continued)  Recreate runner registration token secret  Log in as root and access https://gitlab.<mydomain>/admin/runners  Copy the token below Use the following registration token during setup:  Recreate the secret gitlab-gitlab-runner-secret. oc delete secret gitlab-gitlab-runner-secret oc create secret generic gitlab-gitlab-runner-secret --from-literal=runner-registration-token=<new-registration-token> --from-literal=runner-token=""  Restart pods oc delete pods -l app=unicorn oc delete pods -l app=sidekiq oc delete pods -l app=gitlab-gitlab-runner
GitLab on OpenShift Slide 22 Data migration Data migration  Recommended way for data migration is using a S3 compatible object store and backup-utility -t …  No luck due to TLS issues :-(  Alternative approach: Tweak backup archive from source installation  Extract backup archive into an empty folder tar -xvf ../<backup-archive>  Edit backup_information.yml  Change line with installation type :installation_type: gitlab-helm-chart  Repackage backup archive tar -cvf ../<backup-archive> *  Proceed with desaster recovery (see previous slides)
Thank you!
ConSol Consulting & Solutions Software GmbH St.-Cajetan-Straße 43 D-81669 Munich Germany Tel.: +49-89-45841-100 info@consol.de www.consol.com Twitter: @consol_de

Empfohlen

AWSによるグラフDB構築
AWSによるグラフDB構築AWSによるグラフDB構築
AWSによるグラフDB構築Alexander Patrikalakis
 
ニュースパスのクローラーアーキテクチャとマイクロサービス
ニュースパスのクローラーアーキテクチャとマイクロサービスニュースパスのクローラーアーキテクチャとマイクロサービス
ニュースパスのクローラーアーキテクチャとマイクロサービスmosa siru
 
今だからこそ知りたい Docker Compose/Swarm 入門
今だからこそ知りたい Docker Compose/Swarm 入門今だからこそ知りたい Docker Compose/Swarm 入門
今だからこそ知りたい Docker Compose/Swarm 入門Masahito Zembutsu
 
PostgreSQLのロール管理とその注意点(Open Source Conference 2022 Online/Osaka 発表資料)
PostgreSQLのロール管理とその注意点(Open Source Conference 2022 Online/Osaka 発表資料)PostgreSQLのロール管理とその注意点(Open Source Conference 2022 Online/Osaka 発表資料)
PostgreSQLのロール管理とその注意点(Open Source Conference 2022 Online/Osaka 発表資料)NTT DATA Technology & Innovation
 
pixivのインフラを支える技術
pixivのインフラを支える技術pixivのインフラを支える技術
pixivのインフラを支える技術Ryuta Kamizono
 
【AI:ML#16】Amazon Lexを用いたチャットボットの構築.pdf
【AI:ML#16】Amazon Lexを用いたチャットボットの構築.pdf【AI:ML#16】Amazon Lexを用いたチャットボットの構築.pdf
【AI:ML#16】Amazon Lexを用いたチャットボットの構築.pdfTakeshiFukae
 
Fiberの使いどころ
Fiberの使いどころFiberの使いどころ
Fiberの使いどころTomoya Kawanishi
 
Rootlessコンテナ
RootlessコンテナRootlessコンテナ
RootlessコンテナAkihiro Suda
 

Empfohlen

AWSによるグラフDB構築
AWSによるグラフDB構築AWSによるグラフDB構築
AWSによるグラフDB構築Alexander Patrikalakis
 
ニュースパスのクローラーアーキテクチャとマイクロサービス
ニュースパスのクローラーアーキテクチャとマイクロサービスニュースパスのクローラーアーキテクチャとマイクロサービス
ニュースパスのクローラーアーキテクチャとマイクロサービスmosa siru
 
今だからこそ知りたい Docker Compose/Swarm 入門
今だからこそ知りたい Docker Compose/Swarm 入門今だからこそ知りたい Docker Compose/Swarm 入門
今だからこそ知りたい Docker Compose/Swarm 入門Masahito Zembutsu
 
PostgreSQLのロール管理とその注意点(Open Source Conference 2022 Online/Osaka 発表資料)
PostgreSQLのロール管理とその注意点(Open Source Conference 2022 Online/Osaka 発表資料)PostgreSQLのロール管理とその注意点(Open Source Conference 2022 Online/Osaka 発表資料)
PostgreSQLのロール管理とその注意点(Open Source Conference 2022 Online/Osaka 発表資料)NTT DATA Technology & Innovation
 
pixivのインフラを支える技術
pixivのインフラを支える技術pixivのインフラを支える技術
pixivのインフラを支える技術Ryuta Kamizono
 
【AI:ML#16】Amazon Lexを用いたチャットボットの構築.pdf
【AI:ML#16】Amazon Lexを用いたチャットボットの構築.pdf【AI:ML#16】Amazon Lexを用いたチャットボットの構築.pdf
【AI:ML#16】Amazon Lexを用いたチャットボットの構築.pdfTakeshiFukae
 
Fiberの使いどころ
Fiberの使いどころFiberの使いどころ
Fiberの使いどころTomoya Kawanishi
 
Rootlessコンテナ
RootlessコンテナRootlessコンテナ
RootlessコンテナAkihiro Suda
 
わたくし、やっぱりCDKを使いたいですわ〜CDK import編〜.pdf
わたくし、やっぱりCDKを使いたいですわ〜CDK import編〜.pdfわたくし、やっぱりCDKを使いたいですわ〜CDK import編〜.pdf
わたくし、やっぱりCDKを使いたいですわ〜CDK import編〜.pdfssuser868e2d
 
Development myshoes and Provide Cycloud-hosted runner -- GitHub Actions with ...
Development myshoes and Provide Cycloud-hosted runner -- GitHub Actions with ...Development myshoes and Provide Cycloud-hosted runner -- GitHub Actions with ...
Development myshoes and Provide Cycloud-hosted runner -- GitHub Actions with ...whywaita
 
Sphinxでまとめる多言語環境APIドキュメント
Sphinxでまとめる多言語環境APIドキュメントSphinxでまとめる多言語環境APIドキュメント
Sphinxでまとめる多言語環境APIドキュメントIosif Takakura
 
暗号技術の実装と数学
暗号技術の実装と数学暗号技術の実装と数学
暗号技術の実装と数学MITSUNARI Shigeo
 
コンテナとimmutableとわたし。あとセキュリティ。(Kubernetes Novice Tokyo #15 発表資料)
コンテナとimmutableとわたし。あとセキュリティ。(Kubernetes Novice Tokyo #15 発表資料)コンテナとimmutableとわたし。あとセキュリティ。(Kubernetes Novice Tokyo #15 発表資料)
コンテナとimmutableとわたし。あとセキュリティ。(Kubernetes Novice Tokyo #15 発表資料)NTT DATA Technology & Innovation
 
AWSでDockerを扱うためのベストプラクティス
AWSでDockerを扱うためのベストプラクティスAWSでDockerを扱うためのベストプラクティス
AWSでDockerを扱うためのベストプラクティスAmazon Web Services Japan
 
ruby-ffiについてざっくり解説
ruby-ffiについてざっくり解説ruby-ffiについてざっくり解説
ruby-ffiについてざっくり解説ota42y
 
BuildKitによる高速でセキュアなイメージビルド
BuildKitによる高速でセキュアなイメージビルドBuildKitによる高速でセキュアなイメージビルド
BuildKitによる高速でセキュアなイメージビルドAkihiro Suda
 
監視ってなんだっけ?
監視ってなんだっけ?監視ってなんだっけ?
監視ってなんだっけ?Ryotaro Kobayashi
 
DeNA の AWS アカウント管理とセキュリティ監査自動化
DeNA の AWS アカウント管理とセキュリティ監査自動化DeNA の AWS アカウント管理とセキュリティ監査自動化
DeNA の AWS アカウント管理とセキュリティ監査自動化DeNA
 
20201008 AWS独自設計推論チップInferentiaとInf1インスタンス
20201008 AWS独自設計推論チップInferentiaとInf1インスタンス20201008 AWS独自設計推論チップInferentiaとInf1インスタンス
20201008 AWS独自設計推論チップInferentiaとInf1インスタンスHiroshi Tokoyo
 
What's New in MySQL 5.7 InnoDB
What's New in MySQL 5.7 InnoDBWhat's New in MySQL 5.7 InnoDB
What's New in MySQL 5.7 InnoDBMikiya Okuno
 
今さら聞けない人のためのGitLabの始め方 Ubuntu編
今さら聞けない人のためのGitLabの始め方 Ubuntu編今さら聞けない人のためのGitLabの始め方 Ubuntu編
今さら聞けない人のためのGitLabの始め方 Ubuntu編VirtualTech Japan Inc./Begi.net Inc.
 
暗認本読書会11
暗認本読書会11暗認本読書会11
暗認本読書会11MITSUNARI Shigeo
 
TLS, HTTP/2演習
TLS, HTTP/2演習TLS, HTTP/2演習
TLS, HTTP/2演習shigeki_ohtsu
 
AWS Black Belt Techシリーズ AWS IAM
AWS Black Belt Techシリーズ AWS IAMAWS Black Belt Techシリーズ AWS IAM
AWS Black Belt Techシリーズ AWS IAMAmazon Web Services Japan
 
PostgreSQL Unconference #29 Unicode IVS
PostgreSQL Unconference #29 Unicode IVSPostgreSQL Unconference #29 Unicode IVS
PostgreSQL Unconference #29 Unicode IVSNoriyoshi Shinoda
 
WebAssemblyのWeb以外のことぜんぶ話す
WebAssemblyのWeb以外のことぜんぶ話すWebAssemblyのWeb以外のことぜんぶ話す
WebAssemblyのWeb以外のことぜんぶ話すTakaya Saeki
 
Goの時刻に関するテスト
Goの時刻に関するテストGoの時刻に関するテスト
Goの時刻に関するテストKentaro Kawano
 
WebAssembly向け多倍長演算の実装
WebAssembly向け多倍長演算の実装WebAssembly向け多倍長演算の実装
WebAssembly向け多倍長演算の実装MITSUNARI Shigeo
 
Becoming a Git Master
Becoming a Git MasterBecoming a Git Master
Becoming a Git MasterNicola Paolucci
 
Breaking bad habits with GitLab CI
Breaking bad habits with GitLab CIBreaking bad habits with GitLab CI
Breaking bad habits with GitLab CIIvan Nemytchenko
 

Weitere ähnliche Inhalte

Was ist angesagt?

わたくし、やっぱりCDKを使いたいですわ〜CDK import編〜.pdf
わたくし、やっぱりCDKを使いたいですわ〜CDK import編〜.pdfわたくし、やっぱりCDKを使いたいですわ〜CDK import編〜.pdf
わたくし、やっぱりCDKを使いたいですわ〜CDK import編〜.pdfssuser868e2d
 
Development myshoes and Provide Cycloud-hosted runner -- GitHub Actions with ...
Development myshoes and Provide Cycloud-hosted runner -- GitHub Actions with ...Development myshoes and Provide Cycloud-hosted runner -- GitHub Actions with ...
Development myshoes and Provide Cycloud-hosted runner -- GitHub Actions with ...whywaita
 
Sphinxでまとめる多言語環境APIドキュメント
Sphinxでまとめる多言語環境APIドキュメントSphinxでまとめる多言語環境APIドキュメント
Sphinxでまとめる多言語環境APIドキュメントIosif Takakura
 
暗号技術の実装と数学
暗号技術の実装と数学暗号技術の実装と数学
暗号技術の実装と数学MITSUNARI Shigeo
 
コンテナとimmutableとわたし。あとセキュリティ。(Kubernetes Novice Tokyo #15 発表資料)
コンテナとimmutableとわたし。あとセキュリティ。(Kubernetes Novice Tokyo #15 発表資料)コンテナとimmutableとわたし。あとセキュリティ。(Kubernetes Novice Tokyo #15 発表資料)
コンテナとimmutableとわたし。あとセキュリティ。(Kubernetes Novice Tokyo #15 発表資料)NTT DATA Technology & Innovation
 
AWSでDockerを扱うためのベストプラクティス
AWSでDockerを扱うためのベストプラクティスAWSでDockerを扱うためのベストプラクティス
AWSでDockerを扱うためのベストプラクティスAmazon Web Services Japan
 
ruby-ffiについてざっくり解説
ruby-ffiについてざっくり解説ruby-ffiについてざっくり解説
ruby-ffiについてざっくり解説ota42y
 
BuildKitによる高速でセキュアなイメージビルド
BuildKitによる高速でセキュアなイメージビルドBuildKitによる高速でセキュアなイメージビルド
BuildKitによる高速でセキュアなイメージビルドAkihiro Suda
 
監視ってなんだっけ?
監視ってなんだっけ?監視ってなんだっけ?
監視ってなんだっけ?Ryotaro Kobayashi
 
DeNA の AWS アカウント管理とセキュリティ監査自動化
DeNA の AWS アカウント管理とセキュリティ監査自動化DeNA の AWS アカウント管理とセキュリティ監査自動化
DeNA の AWS アカウント管理とセキュリティ監査自動化DeNA
 
20201008 AWS独自設計推論チップInferentiaとInf1インスタンス
20201008 AWS独自設計推論チップInferentiaとInf1インスタンス20201008 AWS独自設計推論チップInferentiaとInf1インスタンス
20201008 AWS独自設計推論チップInferentiaとInf1インスタンスHiroshi Tokoyo
 
What's New in MySQL 5.7 InnoDB
What's New in MySQL 5.7 InnoDBWhat's New in MySQL 5.7 InnoDB
What's New in MySQL 5.7 InnoDBMikiya Okuno
 
PostgreSQL Unconference #29 Unicode IVS
PostgreSQL Unconference #29 Unicode IVSPostgreSQL Unconference #29 Unicode IVS
PostgreSQL Unconference #29 Unicode IVSNoriyoshi Shinoda
 
WebAssemblyのWeb以外のことぜんぶ話す
WebAssemblyのWeb以外のことぜんぶ話すWebAssemblyのWeb以外のことぜんぶ話す
WebAssemblyのWeb以外のことぜんぶ話すTakaya Saeki
 
Goの時刻に関するテスト
Goの時刻に関するテストGoの時刻に関するテスト
Goの時刻に関するテストKentaro Kawano
 
WebAssembly向け多倍長演算の実装
WebAssembly向け多倍長演算の実装WebAssembly向け多倍長演算の実装
WebAssembly向け多倍長演算の実装MITSUNARI Shigeo
 

Was ist angesagt? (20)

わたくし、やっぱりCDKを使いたいですわ〜CDK import編〜.pdf
わたくし、やっぱりCDKを使いたいですわ〜CDK import編〜.pdfわたくし、やっぱりCDKを使いたいですわ〜CDK import編〜.pdf
わたくし、やっぱりCDKを使いたいですわ〜CDK import編〜.pdf
 
Development myshoes and Provide Cycloud-hosted runner -- GitHub Actions with ...
Development myshoes and Provide Cycloud-hosted runner -- GitHub Actions with ...Development myshoes and Provide Cycloud-hosted runner -- GitHub Actions with ...
Development myshoes and Provide Cycloud-hosted runner -- GitHub Actions with ...
 
Sphinxでまとめる多言語環境APIドキュメント
Sphinxでまとめる多言語環境APIドキュメントSphinxでまとめる多言語環境APIドキュメント
Sphinxでまとめる多言語環境APIドキュメント
 
暗号技術の実装と数学
暗号技術の実装と数学暗号技術の実装と数学
暗号技術の実装と数学
 
コンテナとimmutableとわたし。あとセキュリティ。(Kubernetes Novice Tokyo #15 発表資料)
コンテナとimmutableとわたし。あとセキュリティ。(Kubernetes Novice Tokyo #15 発表資料)コンテナとimmutableとわたし。あとセキュリティ。(Kubernetes Novice Tokyo #15 発表資料)
コンテナとimmutableとわたし。あとセキュリティ。(Kubernetes Novice Tokyo #15 発表資料)
 
AWSでDockerを扱うためのベストプラクティス
AWSでDockerを扱うためのベストプラクティスAWSでDockerを扱うためのベストプラクティス
AWSでDockerを扱うためのベストプラクティス
 
ruby-ffiについてざっくり解説
ruby-ffiについてざっくり解説ruby-ffiについてざっくり解説
ruby-ffiについてざっくり解説
 
BuildKitによる高速でセキュアなイメージビルド
BuildKitによる高速でセキュアなイメージビルドBuildKitによる高速でセキュアなイメージビルド
BuildKitによる高速でセキュアなイメージビルド
 
監視ってなんだっけ?
監視ってなんだっけ?監視ってなんだっけ?
監視ってなんだっけ?
 
DeNA の AWS アカウント管理とセキュリティ監査自動化
DeNA の AWS アカウント管理とセキュリティ監査自動化DeNA の AWS アカウント管理とセキュリティ監査自動化
DeNA の AWS アカウント管理とセキュリティ監査自動化
 
20201008 AWS独自設計推論チップInferentiaとInf1インスタンス
20201008 AWS独自設計推論チップInferentiaとInf1インスタンス20201008 AWS独自設計推論チップInferentiaとInf1インスタンス
20201008 AWS独自設計推論チップInferentiaとInf1インスタンス
 
What's New in MySQL 5.7 InnoDB
What's New in MySQL 5.7 InnoDBWhat's New in MySQL 5.7 InnoDB
What's New in MySQL 5.7 InnoDB
 
今さら聞けない人のためのGitLabの始め方 Ubuntu編
今さら聞けない人のためのGitLabの始め方 Ubuntu編今さら聞けない人のためのGitLabの始め方 Ubuntu編
今さら聞けない人のためのGitLabの始め方 Ubuntu編
 
暗認本読書会11
暗認本読書会11暗認本読書会11
暗認本読書会11
 
TLS, HTTP/2演習
TLS, HTTP/2演習TLS, HTTP/2演習
TLS, HTTP/2演習
 
AWS Black Belt Techシリーズ AWS IAM
AWS Black Belt Techシリーズ AWS IAMAWS Black Belt Techシリーズ AWS IAM
AWS Black Belt Techシリーズ AWS IAM
 
PostgreSQL Unconference #29 Unicode IVS
PostgreSQL Unconference #29 Unicode IVSPostgreSQL Unconference #29 Unicode IVS
PostgreSQL Unconference #29 Unicode IVS
 
WebAssemblyのWeb以外のことぜんぶ話す
WebAssemblyのWeb以外のことぜんぶ話すWebAssemblyのWeb以外のことぜんぶ話す
WebAssemblyのWeb以外のことぜんぶ話す
 
Goの時刻に関するテスト
Goの時刻に関するテストGoの時刻に関するテスト
Goの時刻に関するテスト
 
WebAssembly向け多倍長演算の実装
WebAssembly向け多倍長演算の実装WebAssembly向け多倍長演算の実装
WebAssembly向け多倍長演算の実装
 

Ähnlich wie GitLab on OpenShift

Breaking bad habits with GitLab CI
Breaking bad habits with GitLab CIBreaking bad habits with GitLab CI
Breaking bad habits with GitLab CIIvan Nemytchenko
 
DWX 2022 - DevSecOps mit GitHub
DWX 2022 - DevSecOps mit GitHubDWX 2022 - DevSecOps mit GitHub
DWX 2022 - DevSecOps mit GitHubMarc Müller
 
How To Install GitLab As Your Private GitHub Clone
How To Install GitLab As Your Private GitHub CloneHow To Install GitLab As Your Private GitHub Clone
How To Install GitLab As Your Private GitHub CloneVEXXHOST Private Cloud
 
ActiveLAMP Process
ActiveLAMP ProcessActiveLAMP Process
ActiveLAMP ProcessTom Friedhof
 
Dependencies Managers in C/C++. Using stdcpp 2014
Dependencies Managers in C/C++. Using stdcpp 2014Dependencies Managers in C/C++. Using stdcpp 2014
Dependencies Managers in C/C++. Using stdcpp 2014biicode
 
#5 - Git - Contribuindo com um repositório remoto
#5 - Git - Contribuindo com um repositório remoto#5 - Git - Contribuindo com um repositório remoto
#5 - Git - Contribuindo com um repositório remotoRodrigo Branas
 
GTFO: Git Theory For OpenSource
GTFO: Git Theory For OpenSourceGTFO: Git Theory For OpenSource
GTFO: Git Theory For OpenSourceForest Mars
 
Gitlab ci, cncf.sk
Gitlab ci, cncf.skGitlab ci, cncf.sk
Gitlab ci, cncf.skJuraj Hantak
 
Using Git as your VCS with Bioconductor
Using Git as your VCS with BioconductorUsing Git as your VCS with Bioconductor
Using Git as your VCS with Bioconductortimyates
 
Instrumentación de entrega continua con Gitlab
Instrumentación de entrega continua con GitlabInstrumentación de entrega continua con Gitlab
Instrumentación de entrega continua con GitlabSoftware Guru
 
Git Distributed Version Control System
Git Distributed Version Control SystemGit Distributed Version Control System
Git Distributed Version Control SystemVictor Wong
 
Git - An Introduction
Git - An IntroductionGit - An Introduction
Git - An IntroductionBehzad Altaf
 
Transformative Git Practices
Transformative Git PracticesTransformative Git Practices
Transformative Git PracticesNicola Paolucci
 

Ähnlich wie GitLab on OpenShift (20)

Becoming a Git Master
Becoming a Git MasterBecoming a Git Master
Becoming a Git Master
 
Breaking bad habits with GitLab CI
Breaking bad habits with GitLab CIBreaking bad habits with GitLab CI
Breaking bad habits with GitLab CI
 
Git
GitGit
Git
 
DWX 2022 - DevSecOps mit GitHub
DWX 2022 - DevSecOps mit GitHubDWX 2022 - DevSecOps mit GitHub
DWX 2022 - DevSecOps mit GitHub
 
F3X12 FLOW3 Project Lifecycle
F3X12 FLOW3 Project LifecycleF3X12 FLOW3 Project Lifecycle
F3X12 FLOW3 Project Lifecycle
 
How To Install GitLab As Your Private GitHub Clone
How To Install GitLab As Your Private GitHub CloneHow To Install GitLab As Your Private GitHub Clone
How To Install GitLab As Your Private GitHub Clone
 
ActiveLAMP Process
ActiveLAMP ProcessActiveLAMP Process
ActiveLAMP Process
 
Dependencies Managers in C/C++. Using stdcpp 2014
Dependencies Managers in C/C++. Using stdcpp 2014Dependencies Managers in C/C++. Using stdcpp 2014
Dependencies Managers in C/C++. Using stdcpp 2014
 
Wokshop de Git
Wokshop de Git Wokshop de Git
Wokshop de Git
 
#5 - Git - Contribuindo com um repositório remoto
#5 - Git - Contribuindo com um repositório remoto#5 - Git - Contribuindo com um repositório remoto
#5 - Git - Contribuindo com um repositório remoto
 
GTFO: Git Theory For OpenSource
GTFO: Git Theory For OpenSourceGTFO: Git Theory For OpenSource
GTFO: Git Theory For OpenSource
 
Gitlab ci, cncf.sk
Gitlab ci, cncf.skGitlab ci, cncf.sk
Gitlab ci, cncf.sk
 
Optimizing Your CI Pipelines
Optimizing Your CI PipelinesOptimizing Your CI Pipelines
Optimizing Your CI Pipelines
 
Using Git as your VCS with Bioconductor
Using Git as your VCS with BioconductorUsing Git as your VCS with Bioconductor
Using Git as your VCS with Bioconductor
 
Instrumentación de entrega continua con Gitlab
Instrumentación de entrega continua con GitlabInstrumentación de entrega continua con Gitlab
Instrumentación de entrega continua con Gitlab
 
Git Distributed Version Control System
Git Distributed Version Control SystemGit Distributed Version Control System
Git Distributed Version Control System
 
Switching to Git
Switching to GitSwitching to Git
Switching to Git
 
Git submodule
Git submoduleGit submodule
Git submodule
 
Git - An Introduction
Git - An IntroductionGit - An Introduction
Git - An Introduction
 
Transformative Git Practices
Transformative Git PracticesTransformative Git Practices
Transformative Git Practices
 

Mehr von ConSol Consulting & Solutions Software GmbH

Mehr von ConSol Consulting & Solutions Software GmbH (8)

Operator development made easy with helm
Operator development made easy with helmOperator development made easy with helm
Operator development made easy with helm
 
OpenShift Meetup - Red Hat OpenShift Container Storage explained
OpenShift Meetup - Red Hat OpenShift Container Storage explainedOpenShift Meetup - Red Hat OpenShift Container Storage explained
OpenShift Meetup - Red Hat OpenShift Container Storage explained
 
OpenShift Meetup - Summit 2021 (Part 1)
OpenShift Meetup - Summit 2021 (Part 1)OpenShift Meetup - Summit 2021 (Part 1)
OpenShift Meetup - Summit 2021 (Part 1)
 
Meetup talk Red Hat OpenShift service mesh
Meetup talk Red Hat OpenShift service meshMeetup talk Red Hat OpenShift service mesh
Meetup talk Red Hat OpenShift service mesh
 
Meetup talk about the Red Hat OpenShift Service Mesh
Meetup talk about the Red Hat OpenShift Service MeshMeetup talk about the Red Hat OpenShift Service Mesh
Meetup talk about the Red Hat OpenShift Service Mesh
 
Remote debugging of Application in Kubernetes
Remote debugging of Application in KubernetesRemote debugging of Application in Kubernetes
Remote debugging of Application in Kubernetes
 
Monitoring Cockpit for OpenShift Clusters
Monitoring Cockpit for OpenShift ClustersMonitoring Cockpit for OpenShift Clusters
Monitoring Cockpit for OpenShift Clusters
 
K8s debugging talk
K8s debugging talkK8s debugging talk
K8s debugging talk
 

Kürzlich hochgeladen

MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfOverkill Security
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 

Kürzlich hochgeladen (20)

MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 

GitLab on OpenShift

  • 1. GitLab on OpenShift Markus Hansmair 2019-11-25
  • 2. GitLab on OpenShift Slide 2 Agenda • Installing GitLab on OpenShift • Preparational steps • Installation • Issues & fixes • Upgrading • Backup & Restore • Desaster recovery • Data migration
  • 3. GitLab on OpenShift Slide 3 Installing GitLab on OpenShift https://labs.consol.de/ Thank you! Any questions?
  • 4. GitLab on OpenShift Slide 4 Installing GitLab on OpenShift Just kidding :-)
  • 5. GitLab on OpenShift Slide 5 Installing GitLab on OpenShift Preparational steps  Install required software on local host  Create an OpenShift project for GitLab  Tweak permissions  Provide TLS certificates  Provide LDAP credentials  Compose gitlab-values.yml
  • 6. GitLab on OpenShift Slide 6 Installing GitLab on OpenShift Install required software on local host Get helm binary (https://github.com/helm/helm/releases/) (v2.12.x or above, but not v3.x) helm version helm init --client-only helm plugin install https://github.com/rimusz/helm-tiller helm repo add gitlab https://charts.gitlab.io/ helm repo update Create an OpenShift project for GitLab oc new-project gitlab
  • 7. GitLab on OpenShift Slide 7 Installing GitLab on OpenShift Tweak permissions oc adm policy add-scc-to-user anyuid -z gitlab-shared-secrets oc adm policy add-scc-to-user anyuid -z gitlab-gitlab-runner oc adm policy add-scc-to-user anyuid -z gitlab-prometheus-server oc adm policy add-scc-to-user anyuid -z default Provide TLS certificates / LDAP credentials oc create secret tls gitlab-certs --cert=tls.crt --key=tls.key oc create secret generic gitlab-ldap-secret --from-literal=password=<ldap-password>
  • 8. GitLab on OpenShift Slide 8 Installing GitLab on OpenShift Compose gitlab-values.yml global: appConfig: ldap: .... edition: ce email: from: <from-address-for-notifications> hosts: domain: <my-domain> # your TLS certificates must match gitlab.<my-domain> externalIP: <external-ip> # of gitlab.<my-domain> ingress: configureCertmanager: false tls: secretName: gitlab-certs smtp: ....
  • 9. GitLab on OpenShift Slide 9 Installing GitLab on OpenShift Compose gitlab-values.yml (continued) certmanager: install: false nginx-ingress: enabled: false registry: enabled: false gitlab: sidekiq: registry: enabled: false task-runner: registry: enabled: false unicorn: registry: enabled: false
  • 10. GitLab on OpenShift Slide 10 Installing GitLab on OpenShift Compose gitlab-values.yml (continued) global: .... psql: host: <fqdn-of-postgresql-server> port: 5432 username: <username> database: <database-name> password: secret: <secret-with-password-of-psql-username> key: <key-within-secret> A separate PostgreSQL database is recommended for production-ready installations.
  • 11. GitLab on OpenShift Slide 11 Installing GitLab on OpenShift Actual installation helm tiller start gitlab helm upgrade --install -f gitlab-values.yml gitlab gitlab/gitlab --version 2.5.1 --timeout 600 For a complete mapping between chart versions and versions of GitLab see https://docs.gitlab.com/charts/installation/version_mappings.html oc get --export -o yaml secret gitlab-rails-secret > gitlab-rails-secret.yaml Save the secret keys created: YOU WILL NEED THEM IN CASE OF DESASTER RECOVERY!
  • 12. GitLab on OpenShift Slide 12 Installing GitLab on OpenShift Issues & fixes  Fix GitLab Runner deployment  Configure data rentention for Prometheus  Fix s3cmd configuration for Task Runner pods
  • 13. GitLab on OpenShift Slide 13 Installing GitLab on OpenShift Fix GitLab Runner deployment oc edit deployment gitlab-gitlab-runner Pods need server certificate provided by secret gitlab-certs created in preparational steps. - mountPath: /home/gitlab-runner/.gitlab-runner/certs name: volume-gitlab-certs readOnly: true - name: volume-gitlab-certs secret: defaultMode: 420 items: - key: tls.crt path: gitlab.<my-domain>.crt secretName: gitlab-certs
  • 14. GitLab on OpenShift Slide 14 Installing GitLab on OpenShift Fix GitLab Runner deployment (continued) Change CI_SERVER_URL to use service URL (instead of route URL) - name: CI_SERVER_URL value: http://gitlab-unicorn.gitlab.svc:8181
  • 15. GitLab on OpenShift Slide 15 Installing GitLab on OpenShift Configure data retention for Prometheus oc edit deployment gitlab-prometheus-server Prevent Prometheus‘ time series database to fill up its entire volume - args: - --config.file=/etc/config/prometheus.yml - --storage.tsdb.path=/data - --storage.tsdb.retention=7d - --web.console.libraries=/etc/prometheus/console_libraries - --web.console.templates=/etc/prometheus/consoles - --web.enable-lifecycle
  • 16. GitLab on OpenShift Slide 16 Installing GitLab on OpenShift Fix s3cmd configuration for Task Runner pods oc edit configmap gitlab-task-runner Use service URL of minio (instead of route URL) to avoid TLS issues. host_base = gitlab-minio-svc:9000 host_bucket = gitlab-minio-svc:9000/%(bucket) .... website_endpoint = http://gitlab-minio-svc:9000 use_https = False oc delete pod <task-runner-pod> Restart Task Runner pod
  • 17. GitLab on OpenShift Slide 17 Upgrading GitLab on OpenShift Upgrading helm repo update helm tiller start gitlab helm upgrade -f gitlab-values.yml gitlab gitlab/gitlab --version <chart-version> --timeout 600 DO NOT SKIP MINOR VERSIONS WHEN UPGRADING! 11.10.4 => 11.11.x => 12.0.x => 12.1.1 Check that modifications (see issues & fixes) are still in place after each upgrade step!
  • 18. GitLab on OpenShift Slide 18 Backup & Restore Backup oc rsh <gitlab-task-runner-pod> backup-utility --backup Backup archive is stored in GitLab‘s own installation of Minio (e.g. 1563521329_2019_07_19_11.10.4_gitlab_backup.tar) Various options:  Separate S3 compatible object store with own backup strategy  Backup persistent volume used by Minio  Hand-crafted backup of backup archives oc exec $TASK_RUNNER_POD -- s3cmd get s3://gitlab-backups/$BACKUP_ARCHIVE /tmp oc cp $TASK_RUNNER_POD:/tmp/$BACKUP_ARCHIVE . oc exec $TASK_RUNNER_POD -- s3cmd rm s3://gitlab-backups/$BACKUP_ARCHIVE oc exec $TASK_RUNNER_POD -- sh -c "rm /tmp/*_gitlab_backup.tar"
  • 19. GitLab on OpenShift Slide 19 Backup & Restore Restore oc rsh <gitlab-task-runner-pod> backup-utility --restore -t <backup-name> <backup-name> e.g. 1563521329_2019_07_19_11.10.4 In case backup archive is not stored in object store: oc cp $BACKUP_ARCHIVE $TASK_RUNNER_POD:/tmp/0_gitlab_backup.tar oc exec $TASK_RUNNER_POD -- backup-utility --restore -f /tmp/0_gitlab_backup.tar 0_gitlab_backup.tar is a work-around due to a bug in backup-utility
  • 20. GitLab on OpenShift Slide 20 Desaster recovery Desaster recovery  Install the EXACT version of GitLab that was used for your latest backup  Restore the secret keys of your lost installation oc delete secret gitlab-rails-secret oc create -f gitlab-rails-secret.yaml  Do the actual restore (see previous slide)
  • 21. GitLab on OpenShift Slide 21 Desaster recovery Desaster recovery (continued)  Recreate runner registration token secret  Log in as root and access https://gitlab.<mydomain>/admin/runners  Copy the token below Use the following registration token during setup:  Recreate the secret gitlab-gitlab-runner-secret. oc delete secret gitlab-gitlab-runner-secret oc create secret generic gitlab-gitlab-runner-secret --from-literal=runner-registration-token=<new-registration-token> --from-literal=runner-token=""  Restart pods oc delete pods -l app=unicorn oc delete pods -l app=sidekiq oc delete pods -l app=gitlab-gitlab-runner
  • 22. GitLab on OpenShift Slide 22 Data migration Data migration  Recommended way for data migration is using a S3 compatible object store and backup-utility -t …  No luck due to TLS issues :-(  Alternative approach: Tweak backup archive from source installation  Extract backup archive into an empty folder tar -xvf ../<backup-archive>  Edit backup_information.yml  Change line with installation type :installation_type: gitlab-helm-chart  Repackage backup archive tar -cvf ../<backup-archive> *  Proceed with desaster recovery (see previous slides)
  • 24. ConSol Consulting & Solutions Software GmbH St.-Cajetan-Straße 43 D-81669 Munich Germany Tel.: +49-89-45841-100 info@consol.de www.consol.com Twitter: @consol_de