准备工作

手动安装

1
2
3
4
5
6
7
8
9

apk update
#安装ngix 和 ffmpeg
apk add nginx-mod-rtmp ffmpeg
#创建目录解决pid错误问题
mkdir /var/run/nginx
#启动nginx
nginx
#使用ffmpeg进行转流
ffmpeg -rtsp_transport tcp -i rtsp://admin:12345@192.168.1.193:554  -vcodec copy -acodec aac -ar 44100 -strict -2 -ac 1 -f flv -s 1280x720 -q 10 -f flv rtmp://127.0.0.1:1935/hls/video1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25

# /etc/nginx/nginx.conf
user nginx;
worker_processes 1;
#error_log /var/log/nginx/error.log warn;
# 包含插件rtmp
include /etc/nginx/modules/*.conf;
events {
	worker_connections 1024;
}
rtmp {    
        server {    
            listen 1935;    
        
            application myapp {    
                live on;    
            }    
            application hls {    
                live on;    
                hls on;    
                hls_path /tmp/hls;    
        				hls_fragment 1s;     
       	        hls_playlist_length 3s;   
	 				 }    
        }    
} 

成功输出：

dockerfile编写

方式一:集成版

1
2
3
4
5
6
7
8
9
10
11
12

# 生成镜像name:tomcat:8-alpine-ffmpeg
FROM tomcat:8-alpine

COPY nginx.conf /etc/nginx/nginx.conf
COPY supervisord.conf /conf/supervisord.conf

RUN  apk add --no-cache tzdata nginx-mod-rtmp ffmpeg supervisor \
	&& ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \
    && echo "Asia/Shanghai" > /etc/timezone \
    && mkdir -p /var/run/nginx 
ENTRYPOINT ["/usr/bin/supervisord"]
CMD ["-c", "/conf/supervisord.conf"] 

解决nginx重启端口占用

修改supervisord.conf中的command= nginx为

command= nginx -g "daemon off;"

supervisord.conf

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35

[supervisord]
; 启动到前端, 用于docker
nodaemon=true
; 设置pid文件路径
pidfile=/var/run/supervisord.pid

; 配置nginx
[program:nginx]
; 配置日志输出到控制台, 用于docker收集日志
stdout_logfile=/dev/stdout
; 去掉日志rotation
stdout_logfile_maxbytes=0
autorestart=true
priority=900
command= nginx

; 配置ffmpeg
[program:ffmpeg]
; 配置日志输出到控制台, 用于docker收集日志
stdout_logfile=/dev/stdout
; 去掉日志rotation
stdout_logfile_maxbytes=0
autorestart=true
priority=800
command=ffmpeg -rtsp_transport tcp -i rtsp://admin:12345@192.168.1.193:554  -vcodec copy -acodec aac -ar 44100 -strict -2 -ac 1 -f flv -s 1280x720 -q 10 -f flv rtmp://127.0.0.1:1935/hls/video1

; 配置tomcat
[program:tomcat]
; 配置日志输出到控制台, 用于docker收集日志
stdout_logfile=/dev/stdout
; 去掉日志rotation
stdout_logfile_maxbytes=0
autorestart=true
priority=700
command=catalina.sh run

nginx.conf

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25

# /etc/nginx/nginx.conf
user nginx;
worker_processes 1;
#error_log /var/log/nginx/error.log warn;
# 包含插件rtmp
include /etc/nginx/modules/*.conf;
events {
	worker_connections 1024;
}
rtmp {    
        server {    
            listen 1935;    
        
            application myapp {    
                live on;    
            }    
            application hls {    
                live on;    
                hls on;    
                hls_path /tmp/hls;    
        				hls_fragment 1s;     
       	        hls_playlist_length 3s;   
	 				 }    
        }    
} 

应用

1
2
3
4
5
6
7
8
9
10
11
12

#基础镜像选择alpine 小巧安全流行方便
FROM tomcat:8-alpine-ffmpeg
#复制固定路径下打包好的jar包(target/*.jar)并重命名到容器跟目录(/app.jar)，或ADD
COPY target/hikvision.war /usr/local/tomcat/webapps/
#覆写配置
COPY supervisord.conf /conf/supervisord.conf

#健康检查 -s 静默模式，不下载文件
#HEALTHCHECK CMD wget -s http://127.0.0.1:14030/actuator/health || exit 1
#启动容器执行的命令 java -jar app.jar ,如果加其他参数加 ,"-参数",
# 不需要该命令通过镜像上层的supervisor进行控制
#CMD ["catalina.sh", "run"]

部署

1
2
3
4
5
6
7
8

hikvision:
  restart: always
  image: manage/test/ygl/hikvision:latest
  volumes:
    - /logs/ygl-hikvision:/app/log
  ports:
    - 14085:8080
    - 14086:1935

测试

使用vle media player进行网络串流播放rtmp://192.168.1.230:14086/hls/video1

方式二:独立版(centos7)

资源准备

Nginx: https://nginx.org/download/

Pure(rewrite模块): https://ftp.pcre.org/pub/pcre/

zlib(gzip模块): http://www.zlib.net/fossils/

openssl(ssl 功能):https://www.openssl.org/source/

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

tar -zxvf nginx-1.15.12.tar.gz
tar -zxvf openssl-1.1.0l.tar.gz
tar -zxvf zlib-1.2.11.tar.gz
tar -zxvf pcre-8.43.tar.gz  

cd pcre-8.43/
./configure 
make && make install

cd ../zlib-1.2.11/
./configure 
make && make install

cd ../openssl-1.1.0l/
./config
make && make install

cd ../nginx-1.15.12/
./configure --prefix=/usr/local/nginx --with-pcre=../pcre-8.43 --with-zlib=../zlib-1.2.11 --with-openssl=../openssl-1.1.0l --add-module=../nginx-rtmp-module-1.2.1  
make && make install

安装ffpmeg

1
2
3
4
5
6
7
8
9
10
11
12
13
14

#安装epel包
yum install -y epel-release 
#导入签名
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
#导入签名
rpm --import http://li.nux.ro/download/nux/RPM-GPG-KEY-nux.ro 
#升级软件包
rpm -Uvh http://li.nux.ro/download/nux/dextop/el7/x86_64/nux-dextop-release-0-1.el7.nux.noarch.rpm
#更新软件包
yum update -y
#安装ffmpeg
yum install -y ffmpeg
#检查版本
ffmpeg -version

配置测试

nginx配置vim /usr/local/nginx/conf/nginx.conf

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44

user root;
worker_processes 1;
events {
	worker_connections 1024;
}
# rtmp流
rtmp {
        server {
            listen 1935;

            application myapp {
                live on;
            }
            application hls {
                live on;
                hls on;
                hls_path /tmp/hls;
        	hls_fragment 1s;
       	        hls_playlist_length 3s;
	    }
        }
}
# hls流
http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;
    server {
        listen       8888;
        server_name  localhost;
        location / {
            root   /tmp/hikvision/video;
        }
        location /hls {
           types {
             application/vnd.apple.mpegurl m3u8;
             video/mp2t ts;
           }
           root /tmp;
           add_header Cache-Control no-cache;
        }
    }
}

测试

1
2
3
4
5
6
7

#本地视频测试rtmp://10.30.11.150:1935/myapp/test1
ffmpeg -re -i "/root/nginxbuild/test.mp4" -vcodec libx264 -vprofile baseline -acodec aac  -ar 44100 -strict -2 -ac 1 -f flv -s 1280x720 -q 10 rtmp://10.30.11.150:1935/myapp/test1
#rtmp视频测试rtmp://10.30.11.150:1935/myapp/video1
ffmpeg -rtsp_transport tcp -i rtsp://admin:admin@10.30.11.119:554/h264/ch1/main/av_stream  -vcodec copy -acodec aac -ar 44100 -strict -2 -ac 1 -f flv -s 704x576 -q 10 -f flv rtmp://10.30.11.150:1935/myapp/video1
ffmpeg -i rtsp://admin:admin@10.30.11.119:554/h264/ch1/main/av_stream -tune zerolatency -vcodec libx264 -preset ultrafast -b:v 400k -s 720x576 -r 25 -acodec libfaac -b:a 64k -f flv rtmp://10.30.11.150:1935/myapp/video1
#hls测试http://10.30.11.150:8888/hls/video1.m3u8
ffmpeg -rtsp_transport tcp -i rtsp://admin:admin@10.30.11.119:554/h264/ch1/sub/av_stream  -vcodec copy -acodec aac -ar 44100 -strict -2 -ac 1 -f flv -s 704x576 -q 10 -f flv rtmp://10.30.11.150:1935/hls/video1

supervisor多服务

supervisor

Alpine Linux Repository本地镜像制作 v2

centos7+nginx+rtmp+ffmpeg搭建流媒体服务器

alpine 安装nginx

1
2
3
4
5

apk update
#apk add nginx #安装
apk add nginx-mod-rtmp #安装带rtmp插件的nginx
ps aux | grep nginx #查看是否运行
vi /etc/nginx/nginx.conf #修改配置文件

问题1 nginx: [emerg] open() "/run/nginx/nginx.pid" failed (2: No such file or directory)

解决：mkdir /var/run/nginx

问题2 nginx: [emerg] unknown directive "rtmp" in /etc/nginx/nginx.conf:16

解决：在/etc/nginx/nginx.conf添加include /etc/nginx/modules/*.conf;

nginx常用调试

1
2
3
4
5
6
7
8
9
10
11
12
13
14

#查看ngixn是否启动
ps -ef|grep nginx
#查看错误日志,需要开启error_log /var/log/nginx/error.log warn;
cat /var/log/nginx/error.log
#重新加载配置
nginx -s reload
#重启nginx
nginx -s reopen
#停止nginx
nginx -s stop
#启动nginx
nginx
#测试配置文件语法问题
nginx -t

nginx路径配置解释

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29

location /test {        
            root   /tmp/video;
        }
#用http://<url>/test/...访问的文件地址为/tmp/video/test
location /video {        
            root   /tmp/video;
        }
#用http://<url>/video/...访问的文件地址为/tmp/video/video
location / {        
            root   /tmp/video;
        }
#用http://<url>/...访问的文件地址为/tmp/video/


location /test/ {
      proxy_pass http://127.0.0.1:9266/;
        }
#访问地址 http://<url>/test/....转发地址 http://127.0.0.1:9266/...

location /test {
      proxy_pass http://127.0.0.1:9266/;
        }
#访问地址 http://<url>/test/....转发地址 http://127.0.0.1:9266//...

location /test/ {
      proxy_pass http://127.0.0.1:9266;
        }
#访问地址 http://<url>/test/....转发地址 http://127.0.0.1:9266/test/...

常用配置文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21

http {                                    
    include       mime.types;             
    default_type  application/octet-stream;
                                           
    #access_log  logs/access.log  main;    
                                           
    sendfile        on;                    
                                           
    keepalive_timeout  65;                 
                                           
    #gzip  on;                             
                                           
    server {                               
        listen       8888;             
        server_name  localhost;        
        location / {           
            root   /tmp/hikvision/video;
        }                               
    }                                   
                                        
} 

nginx 代理

参考 简明 Nginx Location Url 配置笔记

• 正则匹配(~),URL包含weather都会走代理

  1 2 3

  location ~ /weather/ { proxy_pass http://apicloud.mob.com; }

• 前缀匹配(^~),前缀是/v1/weather/开头的才走代理

  1 2 3

  location ^~ /v1/weather/ { proxy_pass http://apicloud.mob.com; }

• 精确匹配(=),URL是/demo 多了少了都不行，才能进代理

  1 2 3

  location = /demo/ { proxy_pass http://apicloud.mob.com; }

JVM 基本参数

• -Xmx : 运行最大内存（memory maximum）

  是指设定程序运行期间最大可占用的内存大小。如果程序运行需要占用更多的内存，超出了这个设置值，就会抛出OutOfMemory异常。堆的最大内存数，等同于-XX:MaxHeapSize

• -Xms：启动内存(memory startup)

  是指设定程序启动时占用内存大小。一般来讲，大点，程序会启动的快一点，但是也可能会导致机器暂时间变慢。堆的初始化初始化大小

• -Xmn ：(memory nursery/new)

  堆中新生代初始及最大大小，如果需要进一步细化，初始化大小用-XX:NewSize，最大大小用-XX:MaxNewSize

• -Xss ：(stack size)

  线程栈大小，等同于-XX:ThreadStackSize

jvm设置的值查看

执行ps -ef | grep tomcat或ps -ef | grep java输出如下

1
2
3
4
5

root      1882     1  0 8月02 ?       01:39:42 /root/SoftwareInstall/jdk/bin/java -Djava.util.logging.config.file=/usr/local/tomcat-geoserver/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -server 
-Xms3072M -Xmx3072M -Xmn512M -Xss512k 
-XX:+AggressiveOpts -
.....    
org.apache.catalina.startup.Bootstrap start

如果没有设置，默认是不会有-Xms3072M -Xmx3072M -Xmn512M -Xss512k值打印

docker-compose设置jvm

1
2

environment:
  - JAVA_OPTS= '-Xmx3072m' 

JVM问题总结

1. geoserver添加图层预览时提示java.lang.OutOfMemoryError: GC overhead limit exceeded该错误

   解决把-Xmx设置更大

安装

镜像地址：kartoza/geoserver:latest

环境要求：最小内存4g

docker-compose.yml

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18

version: '3'

services:
  geoserver:
    restart: always
    image: 	kartoza/geoserver:latest	
    ports:
      - "14018:8080"
    volumes:
      - "/dockerdata/v-geoserver/data:/opt/geoserver/data_dir"
    environment:
      - JAVA_OPTS= '-Xmx3072m' 
    deploy:
      replicas: 1
      restart_policy:
        condition: on-failure
      placement:
        constraints: [node.hostname == worker]

使用

1. 登陆

   访问http://192.168.204.182:14018/geoserver/web/使用[admin](geoserver)登陆

2. 创建工作区

   命名：xuan(自定义)

   命名空间URI：http://geoserver.org/xuan

   • 默认工作区

3. 新建数据存储

   选栅格数据源->ImagePyramid

   复制图层数据（该数据可以用Fwtools切图）到挂载目录/dockerdata/v-geoserver/data

   点击浏览找到数据目录，然后保存

4. 发布图层

   保存成功后，点击发布按钮

   默认设置，保存

5. 测试预览图层

   点击Layer Preview 选择图层进行预览

字体安装

1. 查看支持的中文字体命令fc-list :lang=zh
2. 命令没有找到需要安装字体管理器yum -y install fontconfig
3. 字体目录/usr/share/fontconfig和/usr/share/fonts
4. 将window下或者下载字体文件ttc、ttf文件复制到fonts目录

问题

1. geoserver添加图层预览时提示java.lang.OutOfMemoryError: GC overhead limit exceeded该错误

   解决把-Xmx设置更大，如果是虚拟机最小内存必须设置4g

2. 跨域问题和添加插件

   1 2 3 4 5 6 7 8 9 10

   FROM kartoza/geoserver:latest #安装mysql插件 ADD gt-jdbc-mysql-19.2.jar $CATALINA_HOME/webapps/geoserver/WEB-INF/lib/ ADD mysql-connector-java-5.1.46.jar $CATALINA_HOME/webapps/geoserver/WEB-INF/lib/ #解决跨域问题 ADD web.xml $CATALINA_HOME/webapps/geoserver/WEB-INF/ ADD java-property-utils-1.9.jar $CATALINA_HOME/webapps/geoserver/WEB-INF/lib/ ADD cors-filter-1.7.jar $CATALINA_HOME/webapps/geoserver/WEB-INF/lib/ #添加中文字体 ADD chinese /usr/share/fonts/chinese/

   web.xml添加如下

   1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29

   <filter> <filter-name>CORS</filter-name> <filter-class>com.thetransactioncompany.cors.CORSFilter</filter-class> <init-param> <param-name>cors.allowOrigin</param-name> <param-value>*</param-value> </init-param> <init-param> <param-name>cors.supportedMethods</param-name> <param-value>GET, POST, HEAD, PUT, DELETE</param-value> </init-param> <init-param> <param-name>cors.supportedHeaders</param-name> <param-value>Accept, Origin, X-Requested-With, Content-Type, Last-Modified</param-value> </init-param> <init-param> <param-name>cors.exposedHeaders</param-name> <param-value>Set-Cookie</param-value> </init-param> <init-param> <param-name>cors.supportsCredentials</param-name> <param-value>true</param-value> </init-param> </filter> <filter-mapping> <filter-name>CORS</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>

FWTools 切图

tif切图

1. 下载FWTools-linux-2.0.6.tar.gz,复制文件到cp FWTools-linux-2.0.6.tar.gz ~/,然后解压文件tar -zxvf FWTools-linux-2.0.6.tar.gz
2. 使用wsl沙河系统安装，执行sudo apt update然后安装sudo apt install python安装默认的2.x版本
3. 修改安装脚本vim install.sh修改最后一行/bin/python为/usr/bin/python
4. 安装sudo apt install python-gdal插件
5. 测试，执行gdal_retile.py -v -r bilinear -levels 10 -ps 256 256 -co "TILED=YES" -co COMPRESS=LZW -targetDir /mnt/c/Users/xuan/Desktop/tse/ /mnt/c/Users/xuan/Desktop/kongjiang.tif

shp转mysql

1. 安装sudo apt install gdal-bin
2. 执行ogr2ogr -f "GeoJSON" china.json 保护动物.shp先把shp文件转为json，检查json文件编码是否为utf-8
3. 再把json导入数据库ogr2ogr -f "MySQL" MySQL:"yglgeoserver,user=root,host=192.168.1.230,password=lfadmin" -lco engine=INNODB china.json，不直接将shp导入数据库是因为编码问题，导致导入报错

编写批量导入数据shell脚本

1
2
3
4
5
6
7
8
9
10
11
12

#! /bin/bash
for FILE in *.shp
do
        echo "printf file: $FILE..."
        #${FILE%.*}.json为新的名字，例如文件名（$FILE）为 ss.shp 那么新的名字（${FILE%.*}.json）为ss.json
        ogr2ogr -f "GeoJSON" "${FILE%.*}.json" "$FILE"
        #批量替换id为shpId字段，i为忽略大小写，见问题1
        sed -i 's/"Id"/"shpId"/i' "${FILE%.*}.json"
        ogr2ogr -f "MySQL" MySQL:"wzsgeoserver,user=root,host=192.168.1.230,password=lfadmin" -lco engine=INNODB "${FILE%.*}.json"

done
exit

问题

1. 批量转换时提示Warning 1: Feature id not preserved

   原因:是因为json数据中含有id，且id字段的值重复，导致识别为相同数据例如

   1 2 3 4 5 6 7 8

   { "type": "FeatureCollection", "name": "橡胶天然林样地", "crs": { "type": "name", "properties": { "name": "urn:ogc:def:crs:OGC:1.3:CRS84" } }, "features": [ { "type": "Feature", "properties": { "Id": 0, "坐标点": "aa", "编号": null, "树种": null, "胸径": null, "树高": null, "东西": null, "南北": null, "序号": 3, "X坐标": 109.33121961000001, "Y坐标": 18.9831775639 }, "geometry": { "type": "Point", "coordinates": [ 107.331219609524425, 18.973177563938192 ] } }, { "type": "Feature", "properties": { "Id": 0, "坐标点": "ab", "编号": null, "树种": null, "胸径": null, "树高": null, "东西": null, "南北": null, "序号": 3, "X坐标": 109.331143725, "Y坐标": 18.983130045799999 }, "geometry": { "type": "Point", "coordinates": [ 109.331143724995911, 18.973130045772864 ] } } ]}

   解决:用文本工具批量删除或替换掉id字段，会自动生产id，如果有这字段就不会自动生成

she 转 kml

1

ogr2ogr -f KML output.kml input.shp 

geoserver

所有版本

idea运行 从github的src目录

https://github.com/NASAWorldWind/WorldWindJava

geoserver 安装dds/bls扩展

高层数据https://www.jianshu.com/p/d68fffeb8e33未实验

回滚

回退 reset (未push)

• –soft 保留源码,只回退到commit 信息到某个版本.不涉及index的回退,如果还需要提交,直接commit即可.
• –hard 源码也会回退到某个版本,commit和index 都回回退到某个版本.(注意,这种方式是改变本地代码仓库源码)
• –mixed 会保留源码,只是将git commit和index 信息回退到了某个版本.

回退revert(已push)

git revert用于反转提交,执行evert命令时要求工作树必须是干净的.

git revert用一个新提交来消除一个历史提交所做的任何修改.

revert 之后你的本地代码会回滚到指定的历史版本,这时你再 git push 既可以把线上的代码更新.(这里不会像reset造成冲突的问题)

1

git revert c011eb3c20ba6fb38cc94fe5a8dda366a3990c61

清除已提交内容，解决.gitignore无效

添加.gitignore执行如下

1
2
3

git rm -r --cached .
git add .
git commit -m 'clear track'

初始化工程

Git global setup

1
2

git config --global user.name "liangxuan"
git config --global user.email "liangx@3sreform.com"

Create a new repository

1
2
3
4
5
6

git clone ssh://git@192.168.1.230:14020/xuan/test.git
cd test
touch README.md
git add README.md
git commit -m "add README"
git push -u origin master

Existing folder

1
2
3
4
5
6

cd existing_folder
git init
git remote add origin ssh://git@192.168.1.230:14020/xuan/test.git
git add .
git commit -m "Initial commit"
git push -u origin master

Existing Git repository

1
2
3
4
5

cd existing_repo
git remote rename origin old-origin
git remote add origin ssh://git@192.168.1.230:14020/xuan/test.git
git push -u origin --all
git push -u origin --tags

分支覆盖

属于分支回滚的一部分

idea操作

idea操作，切换到被覆盖的分支，然后在git->log里面找到需要覆盖到本分支的提交，然后右键点击Reset Current Branch to Here,在弹出的选项里面选择hard

命令操作

1
2
3
4

#切换到被覆盖的分支(master),然后执行
git reset --hard origin/test
#然后推送就行了，到此test分支内容就完全替换了master分支了
git push -f

分支归档

分支归档主要用于，分支太多，想删除，但是又怕以后会用到，因此就可以使用归档

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19

#deploy150换成你要归档的分支名
#----------------------------------归档--------------------------------------
#切换到要归档的分支
git checkout deploy150 
#给当前分支打标签，标签规范archive/>分支名>,archive归档的意思，也就是创建一个归档标签，-m注释参数可选
git tag archive/deploy150 deploy150 -m "deploy150分支备份归档"
#切出要归档的分支，这里随便切换一个分支出去
git checkout master
#删除要归档的分支，之所以要切换出去，因为不能在要删除的分支上删除自己
git branch -D deploy150
#删除要归档的远程分支
git branch -d -r origin/deploy150 
#推送归档的标签
git push --tags 
#推送删除的分支记录，用于删除服务端的分支
git push origin :deploy150 
#---------------------------------恢复---------------------------------------
#从备份标签恢复到分支，并切换到该分支上，这里恢复只是恢复本地，要恢复服务器push就可以了
git checkout -b deploy150 archive/deploy150

标签删除

1
2
3
4

#删除本地，本地没有也可以执行删除，test1是tag名字，要删除指定tag，替换成自己的就行
git tag -d test1
#推送删除服务器上面的
git push origin :refs/tags/test1

常见问题

1. idea使用git导入项目时提示ssh variant 'simple' does not support setting port

   解决：执行git config --global ssh.variant ssh，详细见fatal: ssh variant ‘simple’ does not support setting port

参考

git reset revert 回退回滚取消提交返回上一版本

自定义镜像

docker alpine-docker-cli镜像

1
2
3
4
5
6
7

FROM gitlab/gitlab-runner:alpine
RUN apk add --no-cache curl

ENV VERSION "18.06.0-ce"
RUN curl -L -o /tmp/docker-$VERSION.tgz https://download.docker.com/linux/static/stable/x86_64/docker-$VERSION.tgz \
    && tar -xz -C /tmp -f /tmp/docker-$VERSION.tgz \
    && mv /tmp/docker/docker /usr/bin \

gitlab-runner

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36

FROM alpine:3.7

RUN adduser -D -S -h /home/gitlab-runner gitlab-runner

RUN apk add --update \
    bash \
    ca-certificates \
    git \
    openssl \
    tzdata \
    wget

ARG DOCKER_MACHINE_VERSION
ARG DUMB_INIT_VERSION

COPY gitlab-runner-linux-amd64 /usr/bin/gitlab-runner
COPY checksums /tmp/
RUN chmod +x /usr/bin/gitlab-runner && \
    ln -s /usr/bin/gitlab-runner /usr/bin/gitlab-ci-multi-runner && \
    gitlab-runner --version && \
    mkdir -p /etc/gitlab-runner/certs && \
    chmod -R 700 /etc/gitlab-runner && \
    wget -q https://github.com/docker/machine/releases/download/v${DOCKER_MACHINE_VERSION}/docker-machine-Linux-x86_64 -O /usr/bin/docker-machine && \
    chmod +x /usr/bin/docker-machine && \
    docker-machine --version && \
    wget -q https://github.com/Yelp/dumb-init/releases/download/v${DUMB_INIT_VERSION}/dumb-init_${DUMB_INIT_VERSION}_amd64 -O /usr/bin/dumb-init && \
    chmod +x /usr/bin/dumb-init && \
    dumb-init --version && \
    sha256sum -c -w /tmp/checksums

COPY entrypoint /
RUN chmod +x /entrypoint

VOLUME ["/etc/gitlab-runner", "/home/gitlab-runner"]
ENTRYPOINT ["/usr/bin/dumb-init", "/entrypoint"]
CMD ["run", "--user=gitlab-runner", "--working-directory=/home/gitlab-runner"]

maven

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

FROM openjdk:8-jdk-alpine

RUN apk add --no-cache curl tar bash procps

ARG MAVEN_VERSION=3.5.4
ARG USER_HOME_DIR="/root"
ARG SHA=ce50b1c91364cb77efe3776f756a6d92b76d9038b0a0782f7d53acf1e997a14d
ARG BASE_URL=https://apache.osuosl.org/maven/maven-3/${MAVEN_VERSION}/binaries

RUN mkdir -p /usr/share/maven /usr/share/maven/ref \
  && curl -fsSL -o /tmp/apache-maven.tar.gz ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz \
  && echo "${SHA}  /tmp/apache-maven.tar.gz" | sha256sum -c - \
  && tar -xzf /tmp/apache-maven.tar.gz -C /usr/share/maven --strip-components=1 \
  && rm -f /tmp/apache-maven.tar.gz \
  && ln -s /usr/share/maven/bin/mvn /usr/bin/mvn

ENV MAVEN_HOME /usr/share/maven
ENV MAVEN_CONFIG "$USER_HOME_DIR/.m2"

COPY mvn-entrypoint.sh /usr/local/bin/mvn-entrypoint.sh
COPY settings-docker.xml /usr/share/maven/ref/

ENTRYPOINT ["/usr/local/bin/mvn-entrypoint.sh"]
CMD ["mvn"]

java

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45

#
# NOTE: THIS DOCKERFILE IS GENERATED VIA "update.sh"
#
# PLEASE DO NOT EDIT IT DIRECTLY.
#

FROM alpine:3.8

# A few reasons for installing distribution-provided OpenJDK:
#
#  1. Oracle.  Licensing prevents us from redistributing the official JDK.
#
#  2. Compiling OpenJDK also requires the JDK to be installed, and it gets
#     really hairy.
#
#     For some sample build times, see Debian's buildd logs:
#       https://buildd.debian.org/status/logs.php?pkg=openjdk-8

# Default to UTF-8 file.encoding
ENV LANG C.UTF-8

# add a simple script that can auto-detect the appropriate JAVA_HOME value
# based on whether the JDK or only the JRE is installed
RUN { \
		echo '#!/bin/sh'; \
		echo 'set -e'; \
		echo; \
		echo 'dirname "$(dirname "$(readlink -f "$(which javac || which java)")")"'; \
	} > /usr/local/bin/docker-java-home \
	&& chmod +x /usr/local/bin/docker-java-home
ENV JAVA_HOME /usr/lib/jvm/java-1.8-openjdk
ENV PATH $PATH:/usr/lib/jvm/java-1.8-openjdk/jre/bin:/usr/lib/jvm/java-1.8-openjdk/bin

ENV JAVA_VERSION 8u171
ENV JAVA_ALPINE_VERSION 8.171.11-r0

RUN set -x \
	&& apk add --no-cache \
		openjdk8="$JAVA_ALPINE_VERSION" \
	&& [ "$JAVA_HOME" = "$(docker-java-home)" ]

# If you're reading this and have any feedback on how this image could be
# improved, please open an issue or a pull request so we can discuss it!
#
#   https://github.com/docker-library/openjdk/issues

gitrunner+docker+ jdk+maven+npm(采用)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55

FROM gitlab/gitlab-runner:alpine
# 公共需求+npm安装（nodejs nodejs-npm）(shadow 是 权限usermod修改)
RUN echo http://dl-2.alpinelinux.org/alpine/edge/community/ >> /etc/apk/repositories \ 
&& apk add --no-cache curl tar bash procps nodejs nodejs-npm shadow \
&& npm install -g cnpm --registry=https://registry.npm.taobao.org
# docker
ENV VERSION "18.06.0-ce"
RUN curl -L -o /tmp/docker-$VERSION.tgz https://download.docker.com/linux/static/stable/x86_64/docker-$VERSION.tgz \
    && tar -xz -C /tmp -f /tmp/docker-$VERSION.tgz \
    && mv /tmp/docker/docker /usr/bin \
    && rm -rf /tmp/docker-$VERSION.tgz /tmp/docker \
    && usermod -g root gitlab-runner

# java
ENV LANG C.UTF-8

# add a simple script that can auto-detect the appropriate JAVA_HOME value
# based on whether the JDK or only the JRE is installed
RUN { \
		echo '#!/bin/sh'; \
		echo 'set -e'; \
		echo; \
		echo 'dirname "$(dirname "$(readlink -f "$(which javac || which java)")")"'; \
	} > /usr/local/bin/docker-java-home \
	&& chmod +x /usr/local/bin/docker-java-home
ENV JAVA_HOME /usr/lib/jvm/java-1.8-openjdk
ENV PATH $PATH:/usr/lib/jvm/java-1.8-openjdk/jre/bin:/usr/lib/jvm/java-1.8-openjdk/bin

ENV JAVA_VERSION 8u171
ENV JAVA_ALPINE_VERSION 8.171.11-r0

RUN set -x \
	&& apk add --no-cache \
		openjdk8="$JAVA_ALPINE_VERSION" \
	&& [ "$JAVA_HOME" = "$(docker-java-home)" ]

# maven

ARG MAVEN_VERSION=3.5.4
ARG USER_HOME_DIR="/root"
ARG SHA=ce50b1c91364cb77efe3776f756a6d92b76d9038b0a0782f7d53acf1e997a14d
ARG BASE_URL=https://apache.osuosl.org/maven/maven-3/${MAVEN_VERSION}/binaries

RUN mkdir -p /usr/share/maven /usr/share/maven/ref \
  && curl -fsSL -o /tmp/apache-maven.tar.gz ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz \
  && echo "${SHA}  /tmp/apache-maven.tar.gz" | sha256sum -c - \
  && tar -xzf /tmp/apache-maven.tar.gz -C /usr/share/maven --strip-components=1 \
  && rm -f /tmp/apache-maven.tar.gz \
  && ln -s /usr/share/maven/bin/mvn /usr/bin/mvn

ENV MAVEN_HOME /usr/share/maven
ENV MAVEN_CONFIG "$USER_HOME_DIR/.m2"

COPY mvn-entrypoint.sh /usr/local/bin/mvn-entrypoint.sh
COPY settings-docker.xml /usr/share/maven/ref/

/usr/share/maven/ref/repository

maven+docker+gitlab-runner+jdk(感觉不对废弃,找不到apline安装包)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44

FROM maven:alpine

RUN apk add --update --no-cache \
    bash \
    ca-certificates \
    git \
    openssl \
    tzdata \
    wget \
    curl

# docker
ENV VERSION "18.06.0-ce"
RUN curl -L -o /tmp/docker-$VERSION.tgz https://download.docker.com/linux/static/stable/x86_64/docker-$VERSION.tgz \
    && tar -xz -C /tmp -f /tmp/docker-$VERSION.tgz \
    && mv /tmp/docker/docker /usr/bin \
 
# gitlab-runner 
RUN adduser -D -S -h /home/gitlab-runner gitlab-runner

ARG DOCKER_MACHINE_VERSION
ARG DUMB_INIT_VERSION

COPY gitlab-runner-linux-amd64 /usr/bin/gitlab-runner
COPY checksums /tmp/
RUN chmod +x /usr/bin/gitlab-runner && \
    ln -s /usr/bin/gitlab-runner /usr/bin/gitlab-ci-multi-runner && \
    gitlab-runner --version && \
    mkdir -p /etc/gitlab-runner/certs && \
    chmod -R 700 /etc/gitlab-runner && \
    wget -q https://github.com/docker/machine/releases/download/v${DOCKER_MACHINE_VERSION}/docker-machine-Linux-x86_64 -O /usr/bin/docker-machine && \
    chmod +x /usr/bin/docker-machine && \
    docker-machine --version && \
    wget -q https://github.com/Yelp/dumb-init/releases/download/v${DUMB_INIT_VERSION}/dumb-init_${DUMB_INIT_VERSION}_amd64 -O /usr/bin/dumb-init && \
    chmod +x /usr/bin/dumb-init && \
    dumb-init --version && \
    sha256sum -c -w /tmp/checksums

COPY entrypoint /
RUN chmod +x /entrypoint

VOLUME ["/etc/gitlab-runner", "/home/gitlab-runner"]
ENTRYPOINT ["/usr/bin/dumb-init", "/entrypoint"]
CMD ["run", "--user=gitlab-runner", "--working-directory=/home/gitlab-runner"] 

常见问题总结

1. 注册之后，运行时找不到runner,一直提示pending

   解决：在runner设置里勾选上Run untagged jobs

   • Indicates whether this runner can pick jobs without tags

2. 使用docker注册时，镜像用docker:stable在配置文件config.toml添加 volumes = ["/var/run/docker.sock:/var/run/docker.sock","/cache"]

   1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16

   concurrent = 1 check_interval = 0 [[runners]] name = "test" url = "http://gitlab/" token = "8db125c537f652e20349100517a4d6" executor = "docker" [runners.docker] tls_verify = false image = "docker:stable" privileged = false disable_cache = false volumes = ["/var/run/docker.sock:/var/run/docker.sock","/cache"] shm_size = 0 [runners.cache]

3. 注册后，无权限操作mkdir: can't create directory '/home/gitlab-runner/builds/': Permission denied

   解决：通过gitlab-runner 用户进行注册，官网注册教程

   1	docker run --rm -t -i -v /dockerdata/v-gitlab-runner/config:/etc/gitlab-runner --name gitlab_gitlab-runner gitlab/gitlab-runner register

脚本语法：

https://docs.gitlab.com/ee/ci/yaml/README.html

安装usermode

1
2

RUN echo http://dl-2.alpinelinux.org/alpine/edge/community/ >> /etc/apk/repositories
RUN apk --no-cache add shadow 

使用usermode

1
2
3
4
5
6

#修改用户gitlab-runner到root组
usermod -g root gitlab-runner
#查看用户属于的组
id gitlab-runner
#改变文件的组为root,原来的组为docker
chown :root /var/run/docker.sock

docker添加组

https://stackoverflow.com/questions/49955097/how-to-add-a-user-group-in-alpine-linux-to-prevent-your-app-to-run-as-root

mac stm32串口调试

方式一（使用mbed os但是不是集成板子，需要更改很多配置）

1. mbed是一个在线编辑编译代码的工具,上面有很多源码下载里面项目ST/Nucleo_printf,点击编译，下载bin文件
2. 将下载的bin文件写入开发板，执行st-flash write Nucleo_printf_NUCLEO_F401RE.bin 0x8000000
3. 打开CLion软件在插件管理界面添加Serial Port Monitor
4. 然后在左下角Serial Monitor点击设置，选择usbmodem，设置波特率9600，就可以看到打印的hello world

方式二（Cubemx）：使用hal库函数进行串口输出

串口发送(在main函数添加)：

1
2

//把"hello world"的内容通过uart2发送出去，长度是11，timeout的时间是最大值0xffff
HAL_UART_Transmit(&huart2, "hello world", 11,0xFFFF);

参考

STM32L0 HAL库 UART 串口读写功能

【STM32CubeMX】HAL库中断方式UART串口通信

docker运行安装svn服务器

elleflorio/svn-server

1
2
3
4
5
6
7
8
9
10
11

version: '3'

services:
  svn:
    restart: always
    image: elleflorio/svn-server
    volumes:
    - /dockerdata/v-svn:/home/svn
    ports:
    - "14009:3690"
    - "14008:80"

1. 创建仓库，进入容器执行svnadmin create --pre-1.6-compatible /home/svn/rep不考虑兼容,可以不加--pre-1.6-compatible

2. 添加用户名和密码htpasswd -bc /etc/subversion/passwd lx 123456 其中lx是用户名，123456是密码，其中httpasswd命令参数

   1 2 3 4 5 6 7 8

   -c：创建一个加密文件； -n：不更新加密文件，只将加密后的用户名密码显示在屏幕上； -m：默认采用MD5算法对密码进行加密； -d：采用CRYPT算法对密码进行加密； -p：不对密码进行进行加密，即明文密码； -s：采用SHA算法对密码进行加密； -b：在命令行中一并输入用户名和密码而不是根据提示输入密码； -D：删除指定的用户。

3. 然后访问192.168.1.230:14008/svn就会弹出输入用户名和密码窗口

4. 使用svn客户端输入http://192.168.1.230:14008/svn/rep/就可以检出了

注意

1. 由于配置文件放在容器的，因此容器重启会重新设置密码

   解决：

   1. 挂载密码的文件目录
   2. 重新编译dockerfile

参考：5-使用docker-svn镜像

官方版gitlab安装使用

官网教程

docker-statck.yml文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38

version: "3.6"
services:
  gitlab:
    image: gitlab/gitlab-ce:latest
    ports:
      - "14020:22"
      - "14018:80"
#https      - "14019:443"
    volumes:
      - /dockerdata/v-gitlab-ce/data:/var/opt/gitlab
      - /dockerdata/v-gitlab-ce/logs:/var/log/gitlab
      - /dockerdata/v-gitlab-ce/config:/etc/gitlab
    environment:
      GITLAB_OMNIBUS_CONFIG: "from_file('/omnibus_config.rb')"
    configs:
      - source: gitlab_rb
        target: /omnibus_config.rb
    secrets:
      - gitlab_root_password
    deploy:
      replicas: 1
      restart_policy:
        condition: on-failure
      resources:
        limits:
          cpus: '2.00'  #限制为2核，设置0.50会启动失败，且不报错
          memory: 8192M   #限制为8g，8g2核为推荐配置，设置为4g，使用卡顿     
  gitlab-runner:
    image: gitlab/gitlab-runner:alpine
    deploy:
      mode: replicated
      replicas: 1
configs:
  gitlab_rb:
    external: true
secrets:
  gitlab_root_password:
    external: true

portainer->config->name: gitlab_rb

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29

external_url 'http://192.168.1.230:14018/'
#这里必须设置监听为80，因为是监听容器内的端口
nginx['listen_port'] = 80
#这里要设置ssh端口，不然ssh不能使用
gitlab_rails['gitlab_shell_ssh_port'] = 14020
gitlab_rails['initial_root_password'] = File.read('/run/secrets/gitlab_root_password')
gitlab_rails['time_zone'] = 'Asia/Shanghai'
#cron时间表达式每天三点
gitlab_rails['backup_cron'] = '0 0 3 * * ?'
# 默认备份目录/var/opt/gitlab/backups
# gitlab_rails['backup_path'] = '/var/opt/gitlab/backups'
# limit backup lifetime to 7 days - 604800 seconds
gitlab_rails['backup_keep_time'] = 604800

# ----优化内存配置-------------
#数据库缓存大小
postgresql['shared_buffers'] = "256MB"
#数据库并发
postgresql['max_worker_processes'] = 6
#进程数
unicorn['worker_processes'] = 2
#
unicorn['worker_memory_limit_min'] = "200 * 1 << 20"
unicorn['worker_memory_limit_max'] = "300 * 1 << 20"
#减少并发
sidekiq['concurrency'] = 10

portainer->secrets->name: gitlab_root_password

1

MySuperSecretAndSecurePass0rd!

登陆时用户名为root，密码为gitlab_root_password的内容

备份

1

docker exec -t <your container name> gitlab-rake gitlab:backup:create

恢复

1550500433_2019_02_18_11.6.2_gitlab_backup.tar文件名分析

11.6.2gitlab版本号，备份还原版本号要一致

1550500433_2019_02_18_11.6.2备份文件编号

1
2
3
4
5

# 移动到目录/var/opt/gitlab/backups并修改权限
chmod 777 1550500433_2019_02_18_11.6.2_gitlab_backup.tar
#进入容器执行
gitlab-rake gitlab:backup:restore BACKUP=1550500433_2019_02_18_11.6.2
#同意几个yes

重置管理员密码

进入容器执行

1
2
3
4
5
6
7
8
9
10
11

gitlab-rails console production
#进入console,查询用户1的用户名，@符号后面为用户名
irb(main):004:0> user = User.where(id:1).first
=> #<User id:1 @root>
#重置密码为xxxx
irb(main):005:0> user.password = 'xxxx'
=> "xxxx"
#保存设置
irb(main):006:0> user.save!
Enqueued ActionMailer::DeliveryJob (Job ID: efc41db4-43bb-4f0f-83ca-7481611c2ff4) to Sidekiq(mailers) with arguments: "DeviseMailer", "password_change", "deliver_now", #<GlobalID:0x00007fea66e486f0 @uri=#<URI::GID gid://gitlab/User/1>>
=> true

到此用root用户登录即可

定时备份

1
2
3
4
5
6
7
8
9

docker exec -t $(docker ps | grep "gitlab_mygitlab" | awk '{ print $1 }') gitlab-backup create
#对于GitLab 12.1和更早版本，请使用
docker exec -t $(docker ps | grep "gitlab_mygitlab" | awk '{ print $1 }')  gitlab-rake gitlab:backup:create
## 添加定时任务
crontab -e
# i进行编辑，esc然后:wq
0  4  *  *  *  docker exec -t $(docker ps | grep "gitlab_mygitlab" | awk '{ print $1 }') gitlab-backup create
## 然后查看
crontab -l

centos7 crontab 定时任务

1
2
3
4
5
6
7
8
9
10
11
12

# （查看状态）
systemctl status crond
# （设为开机启动）
systemctl enable crond
# （启动crond服务）
systemctl start crond
#添加定时任务
crontab -e
#查看定时任务
crontab -l
#删除当前用户的定时任务
crontab -r

备份会有如下警告：

因为配置文件和密码文件需要自己手动备份，为了数据安全

1
2
3

Warning: Your gitlab.rb and gitlab-secrets.json files contain sensitive data
and are not included in this backup. You will need these files to restore a backup.
Please back them up manually.

gitlab 升级

详细升级路径见GitLab release and maintenance policy

版本介绍：

规则：(Major).(Minor).(Patch)=(主要版本).(次要版本).(补丁号)

例如，Gitlab版本12.10.6:

• 12代表主要版本。主要版本是12.0.0，但通常称为12.0。
• 10代表次要版本。次要版本是12.10.0，但通常称为12.10。
• 6 代表补丁号。

升级路径为12.10.6->12.10.14->13.0.12->13.2.3

我的理解(仅供参考做好备份):

先将补丁版本升级到最高，然后升级次要版本升级到最高，最后主要版本一级一级的升

可以利用dockerhub的搜索功能,例如搜索框输入12.10，找到最大的补丁版本12.10.14，次要版本的最大输入12.找到次要版本的最大版本

额外

1. 进入容器可以执行命令gitlab-rake gitlab:env:info更多命令见rake
2. 备份文件repositories中xxx.bundle可以用git命令解压git clone xxx.bundle xxx,详情见git bundle打包

常见问题

1. gitlab runner 500 error

   1 2 3 4 5 6 7 8 9 10 11 12 13

   ActionView::Template::Error (): 36: 37: .col-sm-6 38: .bs-callout 39: = render partial: 'ci/runner/how_to_setup_runner', 40: locals: { registration_token: Gitlab::CurrentSettings.runners_registration_token, 41: type: 'shared', 42: reset_token_url: reset_registration_token_admin_application_settings_path } lib/gitlab/crypto_helper.rb:27:in `aes256_gcm_decrypt' app/models/concerns/token_authenticatable_strategies/encrypted.rb:45:in `get_token' app/models/concerns/token_authenticatable_strategies/base.rb:33:in `ensure_token!' app/models/concerns/token_authenticatable.rb:48:in `block in add_authentication_token_field' app/models/application_setting_implementation.rb:326:in `runners_registration_token'

   解决:

   1 2 3 4 5

   #需要先还原gtilabb容器的config挂载目录的gitlab-secrets.json，我这里是整个恢复config目录 #进入gitlab容器，执行 root@f51be17d113b:/# gitlab-rails console 然后进入命令行后执行 irb(main):001:0> ApplicationSetting.current.reset_runners_registration_token!

参考

gitlab.rb配置文件

gitlab 升级迁移

方式一：挂在卷复制迁移（镜像版本相同）

直接复制所有挂在卷，但是有可能出现问题1

方式二：备份打包迁移

注意：docker-compose.yml里面的镜像版本要和之前的版本一致

更多rake命令具体看官网

1. gitlab停止运行，并删除挂掉的容器（未成功，因为存在问题1）

   1 2 3 4

   #创建备份 docker-compose run --rm gitlab app:rake gitlab:backup:create #恢复备份 docker-compose run --rm gitlab app:rake gitlab:backup:restore

2. gitlab运行的情况

   1 2 3 4 5 6 7 8

   #查看环境信息 docker-compose exec --user git gitlab bundle exec rake gitlab:env:info RAILS_ENV=production #创建备份（采用） docker-compose exec --user git gitlab bundle exec rake gitlab:backup:create RAILS_ENV=production #查看备份 docker-compose exec --user git gitlab bundle exec rake gitlab:backup:restore RAILS_ENV=production #恢复备份 docker-compose exec --user git gitlab bundle exec rake gitlab:backup:restore BACKUP=1532580339_2018_07_26_10.7.3 RAILS_ENV=production

方式四

进入gitlab容器执行

1
2
3
4

#恢复
/sbin/entrypoint.sh app:rake gitlab:backup:restore
#备份
/sbin/entrypoint.sh app:rake gitlab:backup:create

1
2
3
4
5

Starting the gitlab container
Enter the gitlab's bash shell
Execute /sbin/entrypoint.sh app:rake gitlab:backup:restore to restore a backup
When restore finish, just restart gitlab container, and all is done.
For backup procedure, simply execute /sbin/entrypoint.sh app:rake gitlab:backup:create command when you're in gitlab container's shell.

问题

1. 迁移时，重启时,报500错误,日志提示

   1 2 3 4 5

   2018-07-26 05:53:41,648 INFO spawned: 'sidekiq' with pid 1066, 2018-07-26 05:53:42,649 INFO success: sidekiq entered RUNNING state, process has stayed up for > than 1 seconds (startsecs), 2018-07-26 05:53:50,996 INFO exited: sidekiq (exit status 1; not expected), 2018-07-26 05:53:51,998 INFO spawned: 'sidekiq' with pid 1075, 2018-07-26 05:53:52,999 INFO success: sidekiq entered RUNNING state, process has stayed up for > than 1 seconds (startsecs),

   具体原因进入容器cat /var/log/gitlab/gitlab/production.log查看日志，内容如下

   1 2 3 4 5 6 7 8 9 10 11 12

   Redis::CommandError (DENIED Redis is running in protected mode because protected mode is enabled, no bind address was specified, no authentication password is requested to clients. In this mode connections are only accepted from the loopback interface. If you want to connect from external computers to Redis you may adopt one of the following solutions: 1) Just disable protected mode sending the command 'CONFIG SET protected-mode no' from the loopback interface by connecting to Redis from the same host the server is running, however MAKE SURE Redis is not publicly accessible from internet if you do so. Use CONFIG REWRITE to make this change permanent. 2) Alternatively you can just disable the protected mode by editing the Redis configuration file, and setting the protected mode option to 'no', and then restarting the server. 3) If you started the server manually just for testing, restart it with the '--protected-mode no' option. 4) Setup a bind address or an authentication password. NOTE: You only need to do one of the abovethings in order for the server to start accepting connections from the outside.): lib/gitlab/middleware/multipart.rb:95:in `call' lib/gitlab/request_profiler/middleware.rb:14:in `call' lib/gitlab/middleware/go.rb:17:in `call' lib/gitlab/etag_caching/middleware.rb:11:in `call' lib/gitlab/middleware/read_only/controller.rb:28:in `call' lib/gitlab/middleware/read_only.rb:16:in `call' lib/gitlab/request_context.rb:18:in `call' lib/gitlab/metrics/requests_rack_middleware.rb:27:in `call' lib/gitlab/middleware/release_env.rb:10:in `call' config.ru:23:in `block (2 levels) in <main>' config.ru:31:in `<main>'

   解决：从日志可以看出是安全原因，因此进入redis容器执行redis-cli然后执行命令CONFIG SET protected-mode no到此就可以了，这样更改下次重启又会失效，如果要永久生效，多执行一条CONFIG REWRITE,但是删除死掉的容器会失效

2. redis版本过高，初始化时用低版本，latest如果时最新的存在权限问题也就是问题1

   解决，重新用指定版本号3.0.6的docker-compose启动，然后redis容器挂在卷下的dump.rdb单独复制进去，如果存在权限问题，把旧的删了，重新复制进去，然后在redis容器/var/lib/redis/执行chown redis:redis -R dump.rdb

总结数据升级麻烦

参考

GitLab升级失败恢复

sameersbn/gitlab官方Rake Tasks

https://github.com/sameersbn/docker-gitlab/issues/1655