I am trying to follow the gitlab documentation to upload a backup to the cloud, but I find it sparse, and it isn't exactly straight forward.
Creating the tar is straight forward enough.
My problems start with
For omnibus packages:
gitlab_rails['backup_upload_connection'] = {
'provider' => 'AWS',
'region' => 'eu-west-1',
'aws_access_key_id' => 'AKIAKIAKI',
'aws_secret_access_key' => 'secret123'
}
gitlab_rails['backup_upload_remote_directory'] = 'my.s3.bucket'
What am I supposed to do with this? I place it inside /var/opt/gitlab/gitlab-rails/etc/gitlab.yml
just so, is that what I do?
multipart_chunk_size:
encryption:
gitlab_rails['backup_upload_connection'] = {
'provider' => 'AWS',
'region' => 'eu-west-1',
'aws_access_key_id' => 'AKIAKIAKI',
'aws_secret_access_key' => 'secret123'
}
gitlab_rails['backup_upload_remote_directory'] = 'gitlabbackupxan1234'
## GitLab Shell settings
gitlab_shell:
path: /opt/gitlab/embedded/service/gitlab-shell/
Then we come to
If you are uploading your backups to S3 you will probably want to create a new IAM user with restricted access rights. To give the upload user access only for uploading backups create the following IAM profile, replacing my.s3.bucket with the name of your bucket:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1412062044000",
"Effect": "Allow",
...
"Resource": [
"arn:aws:s3:::my.s3.bucket"
]
}
]
}
Again, how? I started reading about AIM but it is a big topic and I am not quite sure what to do with this.
You should follow the instructions on http://cloudkul.com/blog/automate-gitlab-backups-within-amazon-s3-bucket/
No you are supposed to place 'backup_upload_connection' and 'backup_upload_remote_directory' settings inside /etc/gitlab/gitlab.rb ... you should also uncomment some other settings -- as you can see from the link above. Then you should reconfigure.
You go to IAM -> new User -> create -> Policies -> create user policy -> paste in the policy given -> replace with the name of the s3 bucket you create (2 locations to replace). After the new user step you will get to know the aws_access_key_id and aws_secret_access_key.
You should also setup the cron as they describe.