GitLab作为开源代码托管与DevOps平台,其在Ubuntu上的自动化运维主要围绕自动化部署、持续集成/持续部署(CI/CD)、数据备份、监控告警四大核心场景展开,以下是具体实施方案:
自动化部署是GitLab最常用的自动化运维场景,通过GitLab Runner与**.gitlab-ci.yml**文件实现代码提交后的自动构建、测试、部署流程。
GitLab Runner是执行CI/CD任务的工具,需先在Ubuntu服务器上安装:
# 添加GitLab Runner软件源并安装
curl -L --output /etc/apt/trusted.gpg.d/gitlab.asc https://packages.gitlab.com/gitlab/gitlab-runner/gpgkey
echo "deb https://packages.gitlab.com/gitlab/gitlab-runner/ubuntu $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/gitlab-runner.list
sudo apt-get update
sudo apt-get install gitlab-runner -y
通过GitLab项目页面或命令行注册Runner,获取唯一token并关联:
# 命令行注册(交互式)
sudo gitlab-runner register
# 按提示输入GitLab实例URL(如http://gitlab.example.com)、注册token(从项目Settings->CI/CD->Runners获取)
# 选择Executor类型(推荐Shell或Docker,Shell适合简单脚本,Docker适合容器化环境)
# 输入Runner描述(如ubuntu-runner)和标签(如deploy)
在项目根目录创建.gitlab-ci.yml,定义流水线阶段(build/test/deploy)与任务:
stages:
- build
- test
- deploy
# 构建阶段:编译代码(以Java项目为例)
build_job:
stage: build
script:
- echo "Building project..."
- ./mvnw clean package
artifacts:
paths:
- target/*.jar # 保存构建产物供后续阶段使用
# 测试阶段:运行单元测试
test_job:
stage: test
script:
- echo "Running tests..."
- ./mvnw test
# 部署阶段:仅master分支触发,将构建产物部署到服务器
deploy_job:
stage: deploy
script:
- echo "Deploying to production..."
- scp target/*.jar user@gitlab-server:/opt/app.jar # 复制文件到目标服务器
- ssh user@gitlab-server "systemctl restart app.service" # 重启服务
only:
- master # 仅master分支提交时触发
为避免Runner执行scp/ssh时输入密码,需配置GitLab Runner服务器与目标服务器的SSH密钥:
# 在GitLab Runner服务器上生成密钥
ssh-keygen -t rsa -b 4096 -N "" -f ~/.ssh/id_rsa
# 将公钥复制到目标服务器
ssh-copy-id user@gitlab-server
# 测试无密码登录
ssh user@gitlab-server
CI/CD是自动化运维的核心,通过合理配置提升流水线效率:
在.gitlab-ci.yml中配置缓存,避免每次构建都重新下载依赖(以Node.js项目为例):
cache:
paths:
- node_modules/ # 缓存node_modules目录
通过parallel关键字并行运行测试任务,缩短流水线时间:
test_job:
stage: test
script:
- echo "Running unit tests..."
- ./mvnw test
parallel: 4 # 并行运行4个测试任务
将敏感信息(如服务器IP、数据库密码)存储为CI/CD变量(项目Settings->CI/CD->Variables),避免硬编码:
deploy_job:
script:
- scp target/*.jar ${DEPLOY_SERVER_USER}@${DEPLOY_SERVER_IP}:/opt/app.jar
使用Docker构建镜像并通过Kubernetes部署(需安装Docker/Docker-in-Docker Executor):
build_image:
stage: build
image: docker:20.10
services:
- docker:20.10-dind # 启用Docker-in-Docker
script:
- docker login -u ${CI_REGISTRY_USER} -p ${CI_REGISTRY_PASSWORD} ${CI_REGISTRY}
- docker build -t ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHORT_SHA} .
- docker push ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHORT_SHA}
deploy_k8s:
stage: deploy
image: bitnami/kubectl:latest
script:
- kubectl set image deployment/app app=${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHORT_SHA} -n default
only:
- master
定期备份GitLab数据是运维的关键环节,确保数据安全。
GitLab提供gitlab-rake命令备份数据,通过crontab设置定时任务:
# 编辑备份配置文件
sudo vim /etc/gitlab/gitlab.rb
# 设置备份路径(需确保git用户有写入权限)和保留时间(7天)
gitlab_rails['backup_path'] = "/var/opt/gitlab/backups"
gitlab_rails['backup_keep_time'] = 604800 # 单位:秒(7天)
sudo gitlab-ctl reconfigure # 重载配置
# 创建定时任务(每天凌晨2点执行全量备份)
sudo crontab -e
# 添加以下内容
0 2 * * * /usr/bin/gitlab-rake gitlab:backup:create
/var/opt/gitlab/backups目录):sudo gitlab-rake gitlab:backup:create
sudo gitlab-ctl stop unicorn
sudo gitlab-ctl stop sidekiq
sudo cp /path/to/backup_file.tar /var/opt/gitlab/backups/
sudo chmod 777 /var/opt/gitlab/backups/backup_file.tar
sudo gitlab-rake gitlab:backup:restore BACKUP=timestamp_of_backup_file
sudo gitlab-ctl start # 启动服务
通过监控工具实时掌握GitLab运行状态,及时发现异常。
Prometheus负责采集指标,Grafana负责可视化与告警。
# 下载并解压Prometheus
wget https://github.com/prometheus/prometheus/releases/download/v2.48.1/prometheus-2.48.1.linux-amd64.tar.gz
sudo tar xvf prometheus-*.tar.gz -C /opt
sudo mv /opt/prometheus-* /opt/prometheus
sudo chown -R prometheus:prometheus /opt/prometheus
# 配置Prometheus抓取GitLab指标
sudo vim /opt/prometheus/prometheus.yml
# 添加以下内容(替换为GitLab服务器IP)
scrape_configs:
- job_name: 'gitlab'
static_configs:
- targets: ['gitlab.example.com:9090']
# 启动Prometheus
sudo systemctl start prometheus
sudo systemctl enable prometheus
# 下载并解压Grafana
wget https://dl.grafana.com/oss/release/grafana-10.2.3.linux-amd64.tar.gz
sudo tar -zxvf grafana-*.tar.gz -C /opt
sudo mv grafana-* /opt/grafana
sudo chown -R grafana:grafana /opt/grafana
# 配置Grafana
sudo vim /opt/grafana/conf/defaults.ini
# 修改HTTP端口(可选)
[server]
http_port = 3000
# 启动Grafana
sudo systemctl start grafana-server
sudo systemctl enable grafana-server
http://gitlab-server-ip:3000,登录Grafana(默认账号admin/admin)。http://gitlab-server-ip:9090)。4379)。在Prometheus中创建告警规则文件/etc/prometheus/alerts.yml:
groups:
- name: gitlab_alerts
rules:
- alert: HighCPUUsage
expr: rate(node_cpu_seconds_total{job="gitlab"}[1m]) > 0.8 # CPU使用率超过80%
for: 1m # 持续1分钟触发
labels:
severity: warning
annotations:
summary: "High CPU usage on GitLab server"
description: "GitLab server CPU usage is above 80% for 1 minute"
- alert: HighMemoryUsage
expr: (node_memory_MemTotal_bytes - node_memory_MemAvailable_bytes) / node_memory_MemTotal_bytes > 0.8 # 内存使用率超过80%
for: 1m
labels:
severity: warning
annotations:
summary: "High memory usage on GitLab server"
description: "GitLab server memory usage is above 80% for 1 minute"
加载告警规则并配置通知(如邮件、Slack):
# 编辑Prometheus配置文件
sudo vim /opt/prometheus/prometheus.yml
# 添加告警规则文件路径
rule_files:
- "/etc/prometheus/alerts.yml"
# 重启Prometheus
sudo systemctl restart prometheus
在Grafana中创建告警通道(Alerting->Notification channels),配置通知方式(如邮件、Slack),并将告警通道关联到告警规则。
通过以上方案,可实现Ubuntu环境下GitLab的自动化部署、高效CI/CD、安全备份、实时监控,大幅提升运维效率与系统稳定性。
