docker 的gitlab数据迁移权限问题
潘驰
在做gitlab安装的时候,挂载了三个目录,基本上将gitlab的相关数据全部囊括,具体的docker编排脚如下。
version: '3'
services:
gitlab:
image: 'twang2218/gitlab-ce-zh:9.4'
restart: always
hostname: 'IP'
environment:
TZ: 'Asia/Shanghai'
GITLAB_OMNIBUS_CONFIG: |
external_url 'http://IP:8090'
#gitlab_rails['time_zone'] = 'Asia/Shanghai'
gitlab_rails['gitlab_shell_ssh_port'] = 2222
unicorn['port'] = 8888
nginx['listen_port'] = 8090
ports:
- '8090:8090'
- '8443:443'
- '2222:22'
volumes:
- ./gitlab/config:/etc/gitlab
- ./gitlab/data:/var/opt/gitlab
- ./gitlab/logs:/var/log/gitlab
可以看到以上的三个挂载文件,config, data, logs,当用户将各种代码,账户全部创建以后,公司突然宣布,服务器不能用了,要转一台服务器,这时已经意识到会有坑,果不其然,数据迁移后,出现502页面,log日志报权限不足,于是又做了一个昏招,把挂载文件的权限全部置为最大读写权限,然后是直接无法启动,查看日志。
* execute[/opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-keys check-permissions] action run
================================================================================
Error executing action `run` on resource 'execute[/opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-keys check-permissions]'
================================================================================
Errno::EACCES
-------------
Permission denied - /opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-keys
Resource Declaration:
---------------------
# In /opt/gitlab/embedded/cookbooks/cache/cookbooks/gitlab/recipes/gitlab-shell.rb
115: execute "#{gitlab_shell_keys_check} check-permissions" do
116: user git_user
117: group git_group
118: end
119:
Compiled Resource:
------------------
# Declared in /opt/gitlab/embedded/cookbooks/cache/cookbooks/gitlab/recipes/gitlab-shell.rb:115:in `from_file'
execute("/opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-keys check-permissions") do
action [:run]
retries 0
retry_delay 2
default_guard_interpreter :execute
command "/opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-keys check-permissions"
backup 5
group "git"
returns 0
user "git"
declared_type :execute
cookbook_name "gitlab"
recipe_name "gitlab-shell"
end
Platform:
---------
x86_64-linux
总之,按错误提示在挂载上修改了几个文件的权限,然后是其它目录权限不足,意识到这个不只是一个目录权限的问题,于是查找日志,发现日志上有解决方案提示。
For a comprehensive list of configuration options please see the Omnibus GitLab readme
https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/README.md
If this container fails to start due to permission problems try to fix it by executing:
docker exec -it gitlab update-permissions
docker restart gitlab
其实这个方法确实是最好的解决方案,只是当时认定一个理是页面显示502时还可以进入容器执行,但容器没法启动并持续重启时,docker exec应该是没法执行的,试了两次,没有成功,于是又调查了很长时间无果。最后查到一篇文章中写到,docker exec执行的命令,在容器启动中是可以执行的,于是试了一下,持续执行 docker exec -it gitlab update-permissions,最后成功重新构造权限并启动gitlab, 看来细节部分可以决定事情的成败!
类似资料: