一、问题描述
见标题
二、问题分析
错误日志:
Started GET "/admin/runners" for 172.21.0.2 at 2025-10-28 03:34:18 +0000 Processing by Admin::RunnersController#index as HTML Rendered layout layouts/admin.html.haml (Duration: 2.8ms | Allocations: 2032) Completed 500 Internal Server Error in 22ms (ActiveRecord: 1.6ms | Elasticsearch: 0.0ms | Allocations: 8562) ActionView::Template::Error (): 1: - breadcrumb_title _('Runners') 2: - page_title _('Runners') 3: 4: #js-admin-runners{ data: admin_runners_data_attributes } lib/gitlab/crypto_helper.rb:28:in aes256_gcm_decrypt' app/models/concerns/token_authenticatable_strategies/encryption_helper.rb:18:in decrypt_token' app/models/concerns/token_authenticatable_strategies/encrypted.rb:78:in get_encrypted_token'手动执行gitlab-rake gitlab:backup:create的时候,发现了日志。
Warning: Your gitlab.rb and gitlab-secrets.json files contain sensitive data
and are not included in this backup. You will need these files to restore a backup.
Please back them up manually.
GitLab 备份命令只会备份:
数据库(PostgreSQL)
Git 仓库(repositories)
上传文件(uploads)
构件、CI 结果等(artifacts, lfs, registry 等)
但 不会自动备份 GitLab 的配置文件和加密密钥,即:
/etc/gitlab/gitlab.rb
/etc/gitlab/gitlab-secrets.json
这是因为这些文件中包含敏感信息,例如:
数据库连接密码
外部 SMTP 凭据
加密密钥(包括用于加密 Runner token、用户 2FA 密钥等)
GitLab 出于安全考虑,不会自动将这些文件包含进 .tar 备份包中(以防备份文件泄漏造成更大安全风险)。
解决方法
将旧服务器上的/etc/gitlab/gitlab.rb和/etc/gitlab/gitlab-secrets.json 迁移到新服务器。
# 1. 停止相关服务
sudo gitlab-ctl stop puma
sudo gitlab-ctl stop sidekiq
# 2. 恢复数据库和仓库
sudo gitlab-rake gitlab:backup:restore BACKUP=1730083200_2025_10_28
# 3. 恢复配置文件
sudo cp gitlab.rb /etc/gitlab/gitlab.rb
sudo cp gitlab-secrets.json /etc/gitlab/gitlab-secrets.json
# 4. 重新配置 GitLab
sudo gitlab-ctl reconfigure
# 5. 重启服务
sudo gitlab-ctl restart
其它页面依然报错:
sudo gitlab-rake gitlab:check SANITIZE=true
sudo tail -n 100 /var/log/gitlab/gitlab-rails/production.log