From 32036f7ac8e892a02072c08fa4f41aced1ea517c Mon Sep 17 00:00:00 2001 From: Kazunori Kimura Date: Mon, 24 Oct 2022 18:19:05 +0900 Subject: [PATCH 01/47] Sync config v7.9.0 : Sync comment in smtp_settings.rb Just to reduce noisy diff Original commit: https://gitlab.com/gitlab-org/gitlab/-/commit/890f14786a49cb715d8856c1a6917003649796c5 First contain gitalb v7.9.0 --- assets/runtime/config/gitlabhq/smtp_settings.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/assets/runtime/config/gitlabhq/smtp_settings.rb b/assets/runtime/config/gitlabhq/smtp_settings.rb index d7dffbde0..e862d7e5b 100644 --- a/assets/runtime/config/gitlabhq/smtp_settings.rb +++ b/assets/runtime/config/gitlabhq/smtp_settings.rb @@ -19,7 +19,7 @@ domain: "{{SMTP_DOMAIN}}", authentication: "{{SMTP_AUTHENTICATION}}", enable_starttls_auto: {{SMTP_STARTTLS}}, - openssl_verify_mode: '{{SMTP_OPENSSL_VERIFY_MODE}}', + openssl_verify_mode: '{{SMTP_OPENSSL_VERIFY_MODE}}', # See ActionMailer documentation for other possible options ca_path: "{{SMTP_CA_PATH}}", ca_file: "{{SMTP_CA_FILE}}", tls: {{SMTP_TLS}} From 946ed85346cc89eb917a411723b69a6b8090bdcc Mon Sep 17 00:00:00 2001 From: Kazunori Kimura Date: Mon, 24 Oct 2022 18:19:05 +0900 Subject: [PATCH 02/47] Sync config v13.0.0 : Change usage of Redis slave to replica in resque.yml This commit is imported from upstream. For moredetail, see corresponding merge request. https://gitlab.com/gitlab-org/gitlab/-/merge_requests/32275 --- assets/runtime/config/gitlabhq/resque.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/assets/runtime/config/gitlabhq/resque.yml b/assets/runtime/config/gitlabhq/resque.yml index 7a6681536..38ab4cfb3 100644 --- a/assets/runtime/config/gitlabhq/resque.yml +++ b/assets/runtime/config/gitlabhq/resque.yml @@ -8,7 +8,7 @@ development: # host: localhost # port: 26380 # point to sentinel, not to redis port # - - # host: slave2 + # host: replica2 # port: 26381 # point to sentinel, not to redis port test: url: redis://localhost:6379 @@ -27,8 +27,8 @@ production: # url: redis://master:6379 # sentinels: # - - # host: slave1 + # host: replica1 # port: 26379 # point to sentinel, not to redis port # - - # host: slave2 + # host: replica2 # port: 26379 # point to sentinel, not to redis port From 67bef4f2688642ebfc6db308062e6ea5c33079db Mon Sep 17 00:00:00 2001 From: Kazunori Kimura Date: Mon, 24 Oct 2022 18:19:05 +0900 Subject: [PATCH 03/47] Sync config v11.0.0 : Add db: load_balancing Currently commented-out and no effect. See corresponding MR and commit: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/5883 https://gitlab.com/gitlab-org/gitlab/-/commit/0cab88ef72fe2c41cb2f1df2f619741e335887a0 --- assets/runtime/config/gitlabhq/database.yml | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/assets/runtime/config/gitlabhq/database.yml b/assets/runtime/config/gitlabhq/database.yml index 0423a57c4..f1e8724b5 100644 --- a/assets/runtime/config/gitlabhq/database.yml +++ b/assets/runtime/config/gitlabhq/database.yml @@ -12,4 +12,12 @@ production: password: "{{DB_PASS}}" pool: {{DB_POOL}} prepared_statements: {{DB_PREPARED_STATEMENTS}} - + # load_balancing: + # hosts: + # - host1.example.com + # - host2.example.com + # discover: + # nameserver: 1.2.3.4 + # port: 8600 + # record: secondary.postgresql.service.consul + # interval: 300 From e31cb7fc1c57c911f2b1a429ccf9695ce4385205 Mon Sep 17 00:00:00 2001 From: Kazunori Kimura Date: Mon, 24 Oct 2022 18:19:05 +0900 Subject: [PATCH 04/47] Sync config v13.2.0 : gitaly: Fix double quote for `tls_listen_addr` Just fixing commented-out config, no effect See upstream commit: https://gitlab.com/gitlab-org/gitaly/-/commit/4290807efcf2de64d5c1e8abce15399361da42f9 Note : I have checked which version contains the commit using `git tag --contains | sort --version-sort` v13.1.0-rc4 and v13.2.0 or above contains the commit, but v13.1.0 does not. I have no idea why First contains (stable) gitlay v13.2.0 Corresponding gitlab v13.2.0 --- assets/runtime/config/gitaly/config.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/assets/runtime/config/gitaly/config.toml b/assets/runtime/config/gitaly/config.toml index 0b070505e..aeb1abe37 100644 --- a/assets/runtime/config/gitaly/config.toml +++ b/assets/runtime/config/gitaly/config.toml @@ -9,7 +9,7 @@ bin_dir = "/usr/local/bin/" # # Optional: listen on a TCP socket. This is insecure (no authentication) # listen_addr = "localhost:9999" -# tls_listen_addr = "localhost:8888 +# tls_listen_addr = "localhost:8888" # # Optional: export metrics via Prometheus # prometheus_listen_addr = "localhost:9236" From a0d906c01186b9a32e84625898af9045bd513ad9 Mon Sep 17 00:00:00 2001 From: Kazunori Kimura Date: Mon, 24 Oct 2022 18:19:05 +0900 Subject: [PATCH 05/47] SYnc config v13.2.0 : Add consolidated object_storage config in one place (commented-out) See https://gitlab.com/gitlab-org/gitlab/-/merge_requests/34460 --- assets/runtime/config/gitlabhq/gitlab.yml | 27 +++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/assets/runtime/config/gitlabhq/gitlab.yml b/assets/runtime/config/gitlabhq/gitlab.yml index 49502277e..ddfce2bcf 100644 --- a/assets/runtime/config/gitlabhq/gitlab.yml +++ b/assets/runtime/config/gitlabhq/gitlab.yml @@ -211,6 +211,33 @@ production: &base # Whether to expunge (permanently remove) messages from the mailbox when they are deleted after delivery expunge_deleted: false + ## Consolidated object store config + ## This will only take effect if the object_store sections are not defined + ## within the types (e.g. artifacts, lfs, etc.). + # object_store: + # enabled: false + # proxy_download: false # Passthrough all downloads via GitLab instead of using Redirects to Object Storage + # connection: + # provider: AWS # Only AWS supported at the moment + # aws_access_key_id: AWS_ACCESS_KEY_ID + # aws_secret_access_key: AWS_SECRET_ACCESS_KEY + # region: us-east-1 + # aws_signature_version: 4 # For creation of signed URLs. Set to 2 if provider does not support v4. + # endpoint: 'https://s3.amazonaws.com' # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces + # objects: + # artifacts: + # bucket: artifacts + # external_diffs: + # bucket: external-diffs + # lfs: + # bucket: lfs-objects + # uploads: + # bucket: uploads + # packages: + # bucket: packages + # dependency_proxy: + # bucket: dependency_proxy + ## Build Artifacts artifacts: enabled: {{GITLAB_ARTIFACTS_ENABLED}} From 74cfc7ae6b043b18fab7187bc2f65e9deffc354b Mon Sep 17 00:00:00 2001 From: Kazunori Kimura Date: Mon, 24 Oct 2022 18:19:05 +0900 Subject: [PATCH 06/47] Sync config v13.3.0 : remove DB_POOL This is imported from upstream. See corresponding merge request: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/38049 First tag contains this change: v13.3.0-ee $ git tag --contain ce37ceb7 | sort --version-sort | head -n 1 --- README.md | 4 ---- assets/runtime/config/gitlabhq/database.yml | 1 - assets/runtime/env-defaults | 4 +++- assets/runtime/functions | 1 - 4 files changed, 3 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 9a732da7d..815c563d5 100644 --- a/README.md +++ b/README.md @@ -1780,10 +1780,6 @@ The database database user. Defaults to `root` The database database password. Defaults to no password -##### `DB_POOL` - -The database database connection pool count. Defaults to `10`. - ##### `DB_PREPARED_STATEMENTS` Whether use database prepared statements. No defaults. But set to `false` if you want to use with [PgBouncer](https://pgbouncer.github.io/) diff --git a/assets/runtime/config/gitlabhq/database.yml b/assets/runtime/config/gitlabhq/database.yml index f1e8724b5..bbd918de2 100644 --- a/assets/runtime/config/gitlabhq/database.yml +++ b/assets/runtime/config/gitlabhq/database.yml @@ -10,7 +10,6 @@ production: port: {{DB_PORT}} username: {{DB_USER}} password: "{{DB_PASS}}" - pool: {{DB_POOL}} prepared_statements: {{DB_PREPARED_STATEMENTS}} # load_balancing: # hosts: diff --git a/assets/runtime/env-defaults b/assets/runtime/env-defaults index 46624eafc..634806d8b 100644 --- a/assets/runtime/env-defaults +++ b/assets/runtime/env-defaults @@ -46,7 +46,9 @@ DB_PORT=${DB_PORT:-} DB_NAME=${DB_NAME:-} DB_USER=${DB_USER:-} DB_PASS=${DB_PASS:-} -DB_POOL=${DB_POOL:-10} +if [[ -v DB_POOL ]]; then + echo "configuration parameter DB_POOL is removed and has no effect." +fi DB_PREPARED_STATEMENTS=${DB_PREPARED_STATEMENTS:-true} # backward compatibility diff --git a/assets/runtime/functions b/assets/runtime/functions index 787ce5c8a..65e8b2d82 100644 --- a/assets/runtime/functions +++ b/assets/runtime/functions @@ -180,7 +180,6 @@ gitlab_configure_database() { DB_NAME \ DB_USER \ DB_PASS \ - DB_POOL \ DB_PREPARED_STATEMENTS } From 290cff5f07f0848888306b1ef01b2dc515caaf62 Mon Sep 17 00:00:00 2001 From: Kazunori Kimura Date: Mon, 24 Oct 2022 18:19:05 +0900 Subject: [PATCH 07/47] Sync config v13.3.0 : Add commented-out configs for AWS S3 server side encryption See corresponding MR: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/38240 --- assets/runtime/config/gitlabhq/gitlab.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/assets/runtime/config/gitlabhq/gitlab.yml b/assets/runtime/config/gitlabhq/gitlab.yml index ddfce2bcf..01edfa63e 100644 --- a/assets/runtime/config/gitlabhq/gitlab.yml +++ b/assets/runtime/config/gitlabhq/gitlab.yml @@ -224,6 +224,9 @@ production: &base # region: us-east-1 # aws_signature_version: 4 # For creation of signed URLs. Set to 2 if provider does not support v4. # endpoint: 'https://s3.amazonaws.com' # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces + # storage_options: + # server_side_encryption: AES256 # AES256, aws:kms + # server_side_encryption_kms_key_id: # Amazon Resource Name. See https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html # objects: # artifacts: # bucket: artifacts From a2e37f9e7b1a9db22d0c25ffa6de24ea04d39c8d Mon Sep 17 00:00:00 2001 From: Kazunori Kimura Date: Mon, 24 Oct 2022 18:19:05 +0900 Subject: [PATCH 08/47] Sync config v13.3.0 : gitlab-shell: Add commented out config ssl_cert_dir See upstream merge request: https://gitlab.com/gitlab-org/gitlab-shell/-/merge_requests/393 First contain gitlab-shell v13.4.0 Corresponding gitlab v13.3.0 (Corresponding MR : https://gitlab.com/gitlab-org/gitlab/-/merge_requests/37677) --- assets/runtime/config/gitlab-shell/config.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/assets/runtime/config/gitlab-shell/config.yml b/assets/runtime/config/gitlab-shell/config.yml index 5719b9357..8c36d8d6d 100644 --- a/assets/runtime/config/gitlab-shell/config.yml +++ b/assets/runtime/config/gitlab-shell/config.yml @@ -27,6 +27,10 @@ http_settings: # File used as authorized_keys for gitlab user auth_file: "{{GITLAB_HOME}}/.ssh/authorized_keys" +# SSL certificate dir where custom certificates can be placed +# https://golang.org/pkg/crypto/x509/ +# ssl_cert_dir: /opt/gitlab/embedded/ssl/certs/ + # File that contains the secret key for verifying access to GitLab. # Default is .gitlab_shell_secret in the gitlab-shell directory. secret_file: "{{GITLAB_SHELL_INSTALL_DIR}}/.gitlab_shell_secret" From 9eb17ccdef88b5498402bcbdcfb0d9413adb8d4c Mon Sep 17 00:00:00 2001 From: Kazunori Kimura Date: Mon, 24 Oct 2022 18:19:06 +0900 Subject: [PATCH 09/47] Sync config v13.4.2 : gitlab-shell: Add commented-out config gitlab_relative_url_root Only affected if UNIX sockets are used for gitlab_url. sameersbn/gitlab uses http:// and is not affected. See upstream merge request: https://gitlab.com/gitlab-org/gitlab-shell/-/merge_requests/406 First contain gitlab-shell v13.7.0 Corresponding gitlab v13.4.2 --- assets/runtime/config/gitlab-shell/config.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/assets/runtime/config/gitlab-shell/config.yml b/assets/runtime/config/gitlab-shell/config.yml index 8c36d8d6d..a24b06dbf 100644 --- a/assets/runtime/config/gitlab-shell/config.yml +++ b/assets/runtime/config/gitlab-shell/config.yml @@ -15,6 +15,10 @@ user: git # "http+unix://%2Fpath%2Fto%2Fsocket" gitlab_url: "http://localhost:8080{{GITLAB_RELATIVE_URL_ROOT}}" +# When a http+unix:// is used in gitlab_url, this is the relative URL root to GitLab. +# Not used if gitlab_url is http:// or https://. +# gitlab_relative_url_root: "/" + # See installation.md#using-https for additional HTTPS configuration details. http_settings: # read_timeout: 300 From 8c02e965232b6ca9eaeb0a2a83c6634efaec0d68 Mon Sep 17 00:00:00 2001 From: Kazunori Kimura Date: Mon, 24 Oct 2022 18:19:06 +0900 Subject: [PATCH 10/47] Sync config v13.5.0 : Update link to redis docs in config/resque.yml This commit is imported from upstream. For more detail, see corresponding merge request: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/44533 --- assets/runtime/config/gitlabhq/resque.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/assets/runtime/config/gitlabhq/resque.yml b/assets/runtime/config/gitlabhq/resque.yml index 38ab4cfb3..51824fcb1 100644 --- a/assets/runtime/config/gitlabhq/resque.yml +++ b/assets/runtime/config/gitlabhq/resque.yml @@ -22,7 +22,7 @@ production: # http://redis.io/topics/sentinel # # You must specify a list of a few sentinels that will handle client connection - # please read here for more information: https://docs.gitlab.com/ce/administration/high_availability/redis.html + # please read here for more information: https://docs.gitlab.com/ee/administration/redis/index.html ## # url: redis://master:6379 # sentinels: From 1d78bba71cdd013f33f7ad0c323b39db3b650d0e Mon Sep 17 00:00:00 2001 From: Kazunori Kimura Date: Mon, 24 Oct 2022 18:19:06 +0900 Subject: [PATCH 11/47] Sync config v13.5.0 : gitlab-shell: Add commented-out config `secret` See corresponding commit: https://gitlab.com/gitlab-org/gitlab-shell/-/commit/6cef08511b8c830fcb67879118e4be8747f07cc6 This configuration have been introduced without MR, but handling is introduced in the MR: https://gitlab.com/gitlab-org/gitlab-shell/-/merge_requests/284 First contain gitlab-shell v13.8.0 Corresponding gitlab v13.5.0 (MR : https://gitlab.com/gitlab-org/gitlab/-/merge_requests/44852) --- assets/runtime/config/gitlab-shell/config.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/assets/runtime/config/gitlab-shell/config.yml b/assets/runtime/config/gitlab-shell/config.yml index a24b06dbf..05b39d32c 100644 --- a/assets/runtime/config/gitlab-shell/config.yml +++ b/assets/runtime/config/gitlab-shell/config.yml @@ -38,6 +38,10 @@ auth_file: "{{GITLAB_HOME}}/.ssh/authorized_keys" # File that contains the secret key for verifying access to GitLab. # Default is .gitlab_shell_secret in the gitlab-shell directory. secret_file: "{{GITLAB_SHELL_INSTALL_DIR}}/.gitlab_shell_secret" +# +# The secret field supersedes the secret_file, and if set that +# file will not be read. +# secret: "supersecret" # Parent directory for global custom hook directories (pre-receive.d, update.d, post-receive.d) # Default is hooks in the gitlab-shell directory. From 495291bdb4ac11d2cc46acec6810d0ee35d45041 Mon Sep 17 00:00:00 2001 From: Kazunori Kimura Date: Mon, 24 Oct 2022 18:19:06 +0900 Subject: [PATCH 12/47] Sync config v13.7.0 : Rename PIWIK_* to MATOMO_* Legacy configuration parameter still works as fallback. See corresponding MR: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/45658 --- README.md | 24 ++++++++++++++++------- assets/runtime/config/gitlabhq/gitlab.yml | 6 +++--- assets/runtime/env-defaults | 8 +++++--- assets/runtime/functions | 16 +++++++-------- 4 files changed, 33 insertions(+), 21 deletions(-) diff --git a/README.md b/README.md index 815c563d5..7a6554010 100644 --- a/README.md +++ b/README.md @@ -49,7 +49,7 @@ - [Gitlab Pages](#gitlab-pages) - [External Issue Trackers](#external-issue-trackers) - [Host UID / GID Mapping](#host-uid--gid-mapping) - - [Piwik](#piwik) + - [Matomo](#matomo) - [Exposing ssh port in dockerized gitlab-ce](docs/exposing-ssh-port.md) - [Available Configuration Parameters](#available-configuration-parameters) - [Maintenance](#maintenance) @@ -770,13 +770,15 @@ docker run --name gitlab -d [OPTIONS] \ sameersbn/gitlab:15.5.0 app:sanitize ``` -#### Piwik +#### Matomo -If you want to monitor your gitlab instance with [Piwik](http://piwik.org/), there are two options to setup: `PIWIK_URL` and `PIWIK_SITE_ID`. +If you want to monitor your gitlab instance with [Matomo](https://matomo.org/), there are two options to setup: `MATOMO_URL` and `MATOMO_SITE_ID`. These options should contain something like: -- `PIWIK_URL=piwik.example.org` -- `PIWIK_SITE_ID=42` +- `MATOMO_URL=matomo.example.org` +- `MATOMO_SITE_ID=42` + +[Piwik have been changed the name to Matomo on Jan 2018](https://matomo.org/blog/2018/01/piwik-is-now-matomo/). Legacy configuration parameter `PIWIK_URL` and `PIWIK_SITE_ID` still works as fallback for corresponding parameter. #### Available Configuration Parameters @@ -2280,13 +2282,21 @@ Sets the gid for group `git` to the specified gid. Defaults to `USERMAP_UID` if Google Analytics ID. No defaults. +##### `MATOMO_URL` + +Sets the Matomo URL. No defaults. + ##### `PIWIK_URL` -Sets the Piwik URL. No defaults. +Works as Matomo URL fallback only when `MATOMO_URL` is not set. No defaults. + +##### `MATOMO_SITE_ID` + +Sets the Matomo site ID. No defaults. ##### `PIWIK_SITE_ID` -Sets the Piwik site ID. No defaults. +Works as Matomo URL fallback only when `MATOMO_SITE_ID` is not set. No defaults. ##### `AWS_BACKUPS` diff --git a/assets/runtime/config/gitlabhq/gitlab.yml b/assets/runtime/config/gitlabhq/gitlab.yml index 01edfa63e..1b3894906 100644 --- a/assets/runtime/config/gitlabhq/gitlab.yml +++ b/assets/runtime/config/gitlabhq/gitlab.yml @@ -1251,9 +1251,9 @@ production: &base ## Google analytics. Uncomment if you want it google_analytics_id: '{{GOOGLE_ANALYTICS_ID}}' - ## Piwik analytics. - piwik_url: '{{PIWIK_URL}}' - piwik_site_id: '{{PIWIK_SITE_ID}}' + ## Matomo analytics. + matomo_url: '{{MATOMO_URL}}' + matomo_site_id: '{{MATOMO_SITE_ID}}' rack_attack: git_basic_auth: diff --git a/assets/runtime/env-defaults b/assets/runtime/env-defaults index 634806d8b..8c33e13e3 100644 --- a/assets/runtime/env-defaults +++ b/assets/runtime/env-defaults @@ -540,9 +540,11 @@ OAUTH2_GENERIC_NAME=${OAUTH2_GENERIC_NAME:-} ### GOOGLE GOOGLE_ANALYTICS_ID=${GOOGLE_ANALYTICS_ID:-} -### PIWIK -PIWIK_URL=${PIWIK_URL:-} -PIWIK_SITE_ID=${PIWIK_SITE_ID:-} +### MATOMO +PIWIK_URL=${PIWIK_URL:-} # backward compatibility +PIWIK_SITE_ID=${PIWIK_SITE_ID:-} # backward compatibility +MATOMO_URL=${MATOMO_URL:-PIWIKI_URL} +MATOMO_SITE_ID=${MATOMO_SITE_ID:-PIWIK_SITE_ID} ## RACK ATTACK RACK_ATTACK_ENABLED=${RACK_ATTACK_ENABLED:-true} diff --git a/assets/runtime/functions b/assets/runtime/functions index 65e8b2d82..2e24f8b51 100644 --- a/assets/runtime/functions +++ b/assets/runtime/functions @@ -959,23 +959,23 @@ gitlab_configure_analytics_google() { fi } -gitlab_configure_analytics_piwik() { - if [[ -n ${PIWIK_URL} && -n ${PIWIK_SITE_ID} ]]; then - echo "Configuring gitlab::analytics:piwik..." +gitlab_configure_analytics_matomo() { + if [[ -n ${MATOMO_URL} && -n ${MATOMO_SITE_ID} ]]; then + echo "Configuring gitlab::analytics:matomo..." update_template ${GITLAB_CONFIG} \ - PIWIK_URL \ - PIWIK_SITE_ID + MATOMO_URL \ + MATOMO_SITE_ID else exec_as_git sed -i \ - -e "/{{PIWIK_URL}}/d" \ - -e "/{{PIWIK_SITE_ID}}/d" \ + -e "/{{MATOMO_URL}}/d" \ + -e "/{{MATOMO_SITE_ID}}/d" \ ${GITLAB_CONFIG} fi } gitlab_configure_analytics() { gitlab_configure_analytics_google - gitlab_configure_analytics_piwik + gitlab_configure_analytics_matomo } gitlab_configure_rack_attack() { From a5482182e2f0c61b87e4d1e49f730b9600bbcedc Mon Sep 17 00:00:00 2001 From: Kazunori Kimura Date: Mon, 24 Oct 2022 18:19:06 +0900 Subject: [PATCH 13/47] Sync config v13.8.0 : Update puma.rb: upstream/48897 See corresponding merge request: Update puma & puma_worker_killer to upstream (5.1.1) https://gitlab.com/gitlab-org/gitlab/-/merge_requests/48897 --- assets/runtime/config/gitlabhq/puma.rb | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/assets/runtime/config/gitlabhq/puma.rb b/assets/runtime/config/gitlabhq/puma.rb index f48ff788a..0bf144c77 100644 --- a/assets/runtime/config/gitlabhq/puma.rb +++ b/assets/runtime/config/gitlabhq/puma.rb @@ -72,6 +72,11 @@ # worker_timeout {{PUMA_TIMEOUT}} +# https://github.com/puma/puma/blob/master/5.0-Upgrade.md#lower-latency-better-throughput +if defined?(wait_for_less_busy_worker) + wait_for_less_busy_worker ENV.fetch('PUMA_WAIT_FOR_LESS_BUSY_WORKER', 0.001).to_f +end + # Use json formatter require_relative "{{GITLAB_INSTALL_DIR}}/lib/gitlab/puma_logging/json_formatter" From 1f922e3dfb21f068eda1590a1b7168492bc4f9eb Mon Sep 17 00:00:00 2001 From: Kazunori Kimura Date: Mon, 24 Oct 2022 18:19:06 +0900 Subject: [PATCH 14/47] Sync config v13.8.0 : Update puma.rb: upstream/51467 See corresponding merge request: Use Puma `nakayoshi_fork` https://gitlab.com/gitlab-org/gitlab/-/merge_requests/51467 --- assets/runtime/config/gitlabhq/puma.rb | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/assets/runtime/config/gitlabhq/puma.rb b/assets/runtime/config/gitlabhq/puma.rb index 0bf144c77..974897e4e 100644 --- a/assets/runtime/config/gitlabhq/puma.rb +++ b/assets/runtime/config/gitlabhq/puma.rb @@ -77,6 +77,11 @@ wait_for_less_busy_worker ENV.fetch('PUMA_WAIT_FOR_LESS_BUSY_WORKER', 0.001).to_f end +# https://github.com/puma/puma/blob/master/5.0-Upgrade.md#nakayoshi_fork +if defined?(nakayoshi_fork) + nakayoshi_fork unless ENV['DISABLE_PUMA_NAKAYOSHI_FORK'] == 'true' +end + # Use json formatter require_relative "{{GITLAB_INSTALL_DIR}}/lib/gitlab/puma_logging/json_formatter" From 9afe65bb4849690cc07962626e0d97a186c4c5d6 Mon Sep 17 00:00:00 2001 From: Kazunori Kimura Date: Mon, 24 Oct 2022 18:19:06 +0900 Subject: [PATCH 15/47] Sync config v13.9.0 : Update comment: URL for feature flag docs in gitlab.yml See corresponding merge request: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/53004 --- assets/runtime/config/gitlabhq/gitlab.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/assets/runtime/config/gitlabhq/gitlab.yml b/assets/runtime/config/gitlabhq/gitlab.yml index 1b3894906..d03c782eb 100644 --- a/assets/runtime/config/gitlabhq/gitlab.yml +++ b/assets/runtime/config/gitlabhq/gitlab.yml @@ -605,7 +605,7 @@ production: &base # enabled: true # primary_api_url: http://localhost:5000/ # internal address to the primary registry, will be used by GitLab to directly communicate with primary registry API - ## Feature Flag https://docs.gitlab.com/ee/user/project/operations/feature_flags.html + ## Feature Flag https://docs.gitlab.com/ee/operations/feature_flags.html feature_flags: unleash: # enabled: false From cdf9cd0beb26307dad055aaaffd5d293955b7cfc Mon Sep 17 00:00:00 2001 From: Kazunori Kimura Date: Mon, 24 Oct 2022 18:19:06 +0900 Subject: [PATCH 16/47] Sync config v13.9.0 : gitlab: Add commented-out config `application_settings_cache_seconds` See upstream merge request: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/51889 --- assets/runtime/config/gitlabhq/gitlab.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/assets/runtime/config/gitlabhq/gitlab.yml b/assets/runtime/config/gitlabhq/gitlab.yml index d03c782eb..de7cc9d59 100644 --- a/assets/runtime/config/gitlabhq/gitlab.yml +++ b/assets/runtime/config/gitlabhq/gitlab.yml @@ -170,6 +170,9 @@ production: &base ## Disable jQuery and CSS animations # disable_animations: true + ## Application settings cache expiry in seconds (default: 60) + # application_settings_cache_seconds: 60 + ## Reply by email # Allow users to comment on issues and merge requests by replying to notification emails. # For documentation on how to set this up, see http://doc.gitlab.com/ce/administration/reply_by_email.html From 4735b15756c10e42d4afc69a361934f1b0e54ac8 Mon Sep 17 00:00:00 2001 From: Kazunori Kimura Date: Mon, 24 Oct 2022 18:19:06 +0900 Subject: [PATCH 17/47] Sync config v13.10.0 : Add default config for matomo_disable_cookies (false) Not parameterized yet. See corresponding MR: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/53811 --- assets/runtime/config/gitlabhq/gitlab.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/assets/runtime/config/gitlabhq/gitlab.yml b/assets/runtime/config/gitlabhq/gitlab.yml index de7cc9d59..d01d5e39e 100644 --- a/assets/runtime/config/gitlabhq/gitlab.yml +++ b/assets/runtime/config/gitlabhq/gitlab.yml @@ -1257,6 +1257,7 @@ production: &base ## Matomo analytics. matomo_url: '{{MATOMO_URL}}' matomo_site_id: '{{MATOMO_SITE_ID}}' + matomo_disable_cookies: false rack_attack: git_basic_auth: From 3c6fd1d42a78aa90d76a49a0a0e481f2ec235478 Mon Sep 17 00:00:00 2001 From: Kazunori Kimura Date: Mon, 24 Oct 2022 18:19:07 +0900 Subject: [PATCH 18/47] Sync config v13.10.0 : gitlab: Add `allowed_hosts` setting (not parameterized) See corresponding Merge Request: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/55491 --- assets/runtime/config/gitlabhq/gitlab.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/assets/runtime/config/gitlabhq/gitlab.yml b/assets/runtime/config/gitlabhq/gitlab.yml index d01d5e39e..75102903b 100644 --- a/assets/runtime/config/gitlabhq/gitlab.yml +++ b/assets/runtime/config/gitlabhq/gitlab.yml @@ -73,6 +73,8 @@ production: &base worker_src: "{{GITLAB_CONTENT_SECURITY_POLICY_DIRECTIVES_WORKER_SRC}}" report_uri: "{{GITLAB_CONTENT_SECURITY_POLICY_DIRECTIVES_REPORT_URI}}" + allowed_hosts: [] + # Trusted Proxies # Customize if you have GitLab behind a reverse proxy which is running on a different machine. # Add the IP address for your reverse proxy to the list, otherwise users will appear signed in from that address. From c6e6b9bec093a7bfef7d1d700206aa25c3761c1f Mon Sep 17 00:00:00 2001 From: Kazunori Kimura Date: Mon, 24 Oct 2022 18:19:07 +0900 Subject: [PATCH 19/47] Sync config v13.11.0 : Fix code comments with bad capitalization This commit is imported from upstream. For more detail, see corresponding merge request: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/58911 --- assets/runtime/config/gitlabhq/gitlab.yml | 2 +- assets/runtime/config/gitlabhq/resque.yml | 4 ++-- assets/runtime/config/gitlabhq/smtp_settings.rb | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/assets/runtime/config/gitlabhq/gitlab.yml b/assets/runtime/config/gitlabhq/gitlab.yml index 75102903b..cfc2f4ca3 100644 --- a/assets/runtime/config/gitlabhq/gitlab.yml +++ b/assets/runtime/config/gitlabhq/gitlab.yml @@ -6,7 +6,7 @@ # This file should not receive new settings. All configuration options # # * are being moved to ApplicationSetting model! # # If a setting requires an application restart say so in that screen. # -# If you change this file in a Merge Request, please also create # +# If you change this file in a merge request, please also create # # a MR on https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests. # # For more details see https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/gitlab.yml.md # ######################################################################## diff --git a/assets/runtime/config/gitlabhq/resque.yml b/assets/runtime/config/gitlabhq/resque.yml index 51824fcb1..20b4bab7f 100644 --- a/assets/runtime/config/gitlabhq/resque.yml +++ b/assets/runtime/config/gitlabhq/resque.yml @@ -1,5 +1,5 @@ -# If you change this file in a Merge Request, please also create -# a Merge Request on https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests +# If you change this file in a merge request, please also create +# a merge request on https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests # development: url: redis://localhost:6379 diff --git a/assets/runtime/config/gitlabhq/smtp_settings.rb b/assets/runtime/config/gitlabhq/smtp_settings.rb index e862d7e5b..daf3f221a 100644 --- a/assets/runtime/config/gitlabhq/smtp_settings.rb +++ b/assets/runtime/config/gitlabhq/smtp_settings.rb @@ -5,7 +5,7 @@ # # For full list of options and their values see http://api.rubyonrails.org/classes/ActionMailer/Base.html # -# If you change this file in a Merge Request, please also create a Merge Request on https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests +# If you change this file in a merge request, please also create a merge request on https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests if Rails.env.production? Rails.application.config.action_mailer.delivery_method = :smtp From 8f3956bc7810afda27cb708fdd7a37b5bcb6fbf6 Mon Sep 17 00:00:00 2001 From: Kazunori Kimura Date: Mon, 24 Oct 2022 18:19:07 +0900 Subject: [PATCH 20/47] Sync config v13.11.0 : gitaly: Add commented out settings [git.config] See upstream merge request: https://gitlab.com/gitlab-org/gitaly/-/merge_requests/3279 --- assets/runtime/config/gitaly/config.toml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/assets/runtime/config/gitaly/config.toml b/assets/runtime/config/gitaly/config.toml index aeb1abe37..eb10d2ef4 100644 --- a/assets/runtime/config/gitaly/config.toml +++ b/assets/runtime/config/gitaly/config.toml @@ -32,6 +32,10 @@ bin_dir = "/usr/local/bin/" # [git] # bin_path = "/usr/bin/git" # catfile_cache_size = 100 +# +# [[git.config]] +# key = fetch.fsckObjects +# value = true [[storage]] name = "default" From 92a534fe82e20b4db868841f24b1adc2f5c1e251 Mon Sep 17 00:00:00 2001 From: Kazunori Kimura Date: Mon, 24 Oct 2022 18:19:07 +0900 Subject: [PATCH 21/47] Sync config v13.11.0 : gitlab: Add commented-out config for SMTP connection pool See upstream config: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/57805 --- .../runtime/config/gitlabhq/smtp_settings.rb | 25 +++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/assets/runtime/config/gitlabhq/smtp_settings.rb b/assets/runtime/config/gitlabhq/smtp_settings.rb index daf3f221a..32b57f4a1 100644 --- a/assets/runtime/config/gitlabhq/smtp_settings.rb +++ b/assets/runtime/config/gitlabhq/smtp_settings.rb @@ -25,3 +25,28 @@ tls: {{SMTP_TLS}} } end + +# To use an SMTP connection pool, uncomment the following section: +# +# require 'mail/smtp_pool' +# +# ActionMailer::Base.add_delivery_method :smtp_pool, Mail::SMTPPool +# +# if Rails.env.production? +# Rails.application.config.action_mailer.delivery_method = :smtp_pool +# +# ActionMailer::Base.delivery_method = :smtp_pool +# ActionMailer::Base.smtp_pool_settings = { +# pool: Mail::SMTPPool.create_pool( +# pool_size: Gitlab::Runtime.max_threads, +# address: "email.server.com", +# port: 465, +# user_name: "smtp", +# password: "123456", +# domain: "gitlab.company.com", +# authentication: :login, +# enable_starttls_auto: true, +# openssl_verify_mode: 'peer' # See ActionMailer documentation for other possible options +# ) +# } +# end From 66dfc37f60032470cf02e2a238f9ae1a1be47d18 Mon Sep 17 00:00:00 2001 From: Kazunori Kimura Date: Mon, 24 Oct 2022 18:19:07 +0900 Subject: [PATCH 22/47] Sync config v13.12.0 : Update comment: use 32 byte long version of db_key_base This commit is imported from upstream. For more detail, see corresponding merge request: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/53602 --- assets/runtime/config/gitlabhq/secrets.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/assets/runtime/config/gitlabhq/secrets.yml b/assets/runtime/config/gitlabhq/secrets.yml index 769d956a2..175cbebdf 100644 --- a/assets/runtime/config/gitlabhq/secrets.yml +++ b/assets/runtime/config/gitlabhq/secrets.yml @@ -1,7 +1,7 @@ production: # db_key_base is used to encrypt for Variables. Ensure that you don't lose it. # If you change or lose this key you will be unable to access variables stored in database. - # Make sure the secret is at least 30 characters and all random, + # Make sure the secret is at least 32 characters and all random, # no regular words or you'll be exposed to dictionary attacks. db_key_base: {{GITLAB_SECRETS_DB_KEY_BASE}} secret_key_base: {{GITLAB_SECRETS_SECRET_KEY_BASE}} From 8d5997907641517808966fe4f94036b8b3f7c70f Mon Sep 17 00:00:00 2001 From: Kazunori Kimura Date: Mon, 24 Oct 2022 18:19:07 +0900 Subject: [PATCH 23/47] Sync config v13.12.0 : Update puma.rb: upstream/61572 See corresponding upstream merge request: Cleanup Puma 5 upgrade transition code https://gitlab.com/gitlab-org/gitlab/-/merge_requests/61572 --- assets/runtime/config/gitlabhq/puma.rb | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/assets/runtime/config/gitlabhq/puma.rb b/assets/runtime/config/gitlabhq/puma.rb index 974897e4e..f5564ab72 100644 --- a/assets/runtime/config/gitlabhq/puma.rb +++ b/assets/runtime/config/gitlabhq/puma.rb @@ -73,14 +73,10 @@ worker_timeout {{PUMA_TIMEOUT}} # https://github.com/puma/puma/blob/master/5.0-Upgrade.md#lower-latency-better-throughput -if defined?(wait_for_less_busy_worker) - wait_for_less_busy_worker ENV.fetch('PUMA_WAIT_FOR_LESS_BUSY_WORKER', 0.001).to_f -end +wait_for_less_busy_worker ENV.fetch('PUMA_WAIT_FOR_LESS_BUSY_WORKER', 0.001).to_f # https://github.com/puma/puma/blob/master/5.0-Upgrade.md#nakayoshi_fork -if defined?(nakayoshi_fork) - nakayoshi_fork unless ENV['DISABLE_PUMA_NAKAYOSHI_FORK'] == 'true' -end +nakayoshi_fork unless ENV['DISABLE_PUMA_NAKAYOSHI_FORK'] == 'true' # Use json formatter require_relative "{{GITLAB_INSTALL_DIR}}/lib/gitlab/puma_logging/json_formatter" From 262658e3807080d74d9c8faa9bf5743df3111c8b Mon Sep 17 00:00:00 2001 From: Kazunori Kimura Date: Mon, 24 Oct 2022 18:19:07 +0900 Subject: [PATCH 24/47] Sync config v14.0.0 : gitlab.yml: Unify unicon/puma to puma Also removes GITLAB_MONITORING_UNICORN_SAMPLER_INTERVAL unicorn have been removed in v14.0 See corresponding merge request: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/62090 --- README.md | 4 ---- assets/runtime/config/gitlabhq/gitlab.yml | 10 +++------- assets/runtime/env-defaults | 1 - assets/runtime/functions | 1 - 4 files changed, 3 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index 7a6554010..4055b8218 100644 --- a/README.md +++ b/README.md @@ -1506,10 +1506,6 @@ Set default path for gitaly. defaults to `/home/git/gitaly` Set a gitaly token, blank by default. -##### `GITLAB_MONITORING_UNICORN_SAMPLER_INTERVAL` - -Time between sampling of unicorn socket metrics, in seconds, defaults to `10` - ##### `GITLAB_MONITORING_IP_WHITELIST` IP whitelist to access monitoring endpoints, defaults to `0.0.0.0/8` diff --git a/assets/runtime/config/gitlabhq/gitlab.yml b/assets/runtime/config/gitlabhq/gitlab.yml index cfc2f4ca3..65862725a 100644 --- a/assets/runtime/config/gitlabhq/gitlab.yml +++ b/assets/runtime/config/gitlabhq/gitlab.yml @@ -33,7 +33,7 @@ production: &base host: {{GITLAB_HOST}} port: {{GITLAB_PORT}} # Set to 443 if using HTTPS, see installation.md#using-https for additional HTTPS configuration details https: {{GITLAB_HTTPS}} # Set to true if using HTTPS, see installation.md#using-https for additional HTTPS configuration details - # The maximum time unicorn/puma can spend on the request. This needs to be smaller than the worker timeout. + # The maximum time Puma can spend on the request. This needs to be smaller than the worker timeout. # Default is 95% of the worker timeout max_request_duration_seconds: 57 @@ -158,7 +158,7 @@ production: &base ### GraphQL Settings # Tells the rails application how long it has to complete a GraphQL request. # We suggest this value to be higher than the database timeout value - # and lower than the worker timeout set in unicorn/puma. (default: 30) + # and lower than the worker timeout set in Puma. (default: 30) # graphql_timeout: 30 ## Repository downloads directory @@ -1208,10 +1208,6 @@ production: &base ## Monitoring # Built in monitoring settings monitoring: - # Time between sampling of unicorn socket metrics, in seconds - unicorn_sampler_interval: {{GITLAB_MONITORING_UNICORN_SAMPLER_INTERVAL}} - # Time between sampling of Puma metrics, in seconds - # puma_sampler_interval: 5 # IP whitelist to access monitoring endpoints ip_whitelist: - 127.0.0.0/8 @@ -1223,7 +1219,7 @@ production: &base address: {{GITLAB_MONITORING_SIDEKIQ_EXPORTER_ADDRESS}} port: {{GITLAB_MONITORING_SIDEKIQ_EXPORTER_PORT}} - # Web exporter is webserver built in to Unicorn/Puma to expose Prometheus metrics + # Web exporter is a dedicated Rack server running alongside Puma to expose Prometheus metrics # It runs alongside the `/metrics` endpoints to ease the publish of metrics web_exporter: # enabled: true diff --git a/assets/runtime/env-defaults b/assets/runtime/env-defaults index 8c33e13e3..f6704efd0 100644 --- a/assets/runtime/env-defaults +++ b/assets/runtime/env-defaults @@ -582,7 +582,6 @@ GITALY_ADDRESS=${GITALY_ADDRESS:-unix:$GITALY_SOCKET_PATH} GITLAB_SHELL_CUSTOM_HOOKS_DIR=${GITLAB_SHELL_CUSTOM_HOOKS_DIR:-"$GITLAB_SHELL_INSTALL_DIR/hooks"} ## MONITORING -GITLAB_MONITORING_UNICORN_SAMPLER_INTERVAL=${GITLAB_MONITORING_UNICORN_SAMPLER_INTERVAL:-10} GITLAB_MONITORING_IP_WHITELIST=${GITLAB_MONITORING_IP_WHITELIST:-"0.0.0.0/8"} GITLAB_MONITORING_SIDEKIQ_EXPORTER_ENABLED=${GITLAB_MONITORING_SIDEKIQ_EXPORTER_ENABLED:-true} GITLAB_MONITORING_SIDEKIQ_EXPORTER_ADDRESS=${GITLAB_MONITORING_SIDEKIQ_EXPORTER_ADDRESS:-"0.0.0.0"} diff --git a/assets/runtime/functions b/assets/runtime/functions index 2e24f8b51..485afa808 100644 --- a/assets/runtime/functions +++ b/assets/runtime/functions @@ -264,7 +264,6 @@ gitlab_configure_monitoring() { echo "Configuring gitlab::monitoring..." update_template ${GITLAB_CONFIG} \ - GITLAB_MONITORING_UNICORN_SAMPLER_INTERVAL \ GITLAB_MONITORING_IP_WHITELIST \ GITLAB_MONITORING_SIDEKIQ_EXPORTER_ENABLED \ GITLAB_MONITORING_SIDEKIQ_EXPORTER_ADDRESS \ From 2cf61704564fa4f3636dab84002b97cf32078525 Mon Sep 17 00:00:00 2001 From: Kazunori Kimura Date: Mon, 24 Oct 2022 18:19:07 +0900 Subject: [PATCH 25/47] Sync config v14.0.0 : Add commented-out config `display_initial_root_password` and set to false. Squash of following MR and commits: - Add option to disable printing of root password during DB seeding https://gitlab.com/gitlab-org/gitlab/-/merge_requests/63271 - Do not display the root password by default https://gitlab.com/gitlab-org/gitlab/-/commit/b4b8d80d00780fbb80ecac7506dcdcfb328d4f03 Note that the first release contains this commit is v14.5.0 --- assets/runtime/config/gitlabhq/gitlab.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/assets/runtime/config/gitlabhq/gitlab.yml b/assets/runtime/config/gitlabhq/gitlab.yml index 65862725a..1522e0352 100644 --- a/assets/runtime/config/gitlabhq/gitlab.yml +++ b/assets/runtime/config/gitlabhq/gitlab.yml @@ -175,6 +175,11 @@ production: &base ## Application settings cache expiry in seconds (default: 60) # application_settings_cache_seconds: 60 + ## Print initial root password to stdout during initialization (default: false) + # WARNING: setting this to true means that the root password will be printed in + # plaintext. This can be a security risk. + # display_initial_root_password: false + ## Reply by email # Allow users to comment on issues and merge requests by replying to notification emails. # For documentation on how to set this up, see http://doc.gitlab.com/ce/administration/reply_by_email.html From a03c26730566aa8e60c755a9c0b0426e7f3e8ae6 Mon Sep 17 00:00:00 2001 From: Kazunori Kimura Date: Mon, 24 Oct 2022 18:19:07 +0900 Subject: [PATCH 26/47] Sync config v14.2.0 : Update puma.rb: upstream/66712 This is imported from upstream. See corresponding merge request: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/66712 --- assets/runtime/config/gitlabhq/puma.rb | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/assets/runtime/config/gitlabhq/puma.rb b/assets/runtime/config/gitlabhq/puma.rb index f5564ab72..29c541cb2 100644 --- a/assets/runtime/config/gitlabhq/puma.rb +++ b/assets/runtime/config/gitlabhq/puma.rb @@ -85,3 +85,12 @@ log_formatter do |str| json_formatter.call(str) end + +lowlevel_error_handler do |ex, env| + if Raven.configuration.capture_allowed? + Raven.capture_exception(ex, tags: { 'handler': 'puma_low_level' }, extra: { puma_env: env }) + end + + # note the below is just a Rack response + [500, {}, ["An error has occurred and reported in the system's low-level error handler."]] +end From b10e6d6ab2c5b9d17568970e175861aa081c88e3 Mon Sep 17 00:00:00 2001 From: Kazunori Kimura Date: Mon, 24 Oct 2022 18:19:08 +0900 Subject: [PATCH 27/47] Sync config v14.3.0 : Update comment: default gitlab-shell log format is "json" This commit is imported from upstream. For more detail, check corresponding merge request: https://gitlab.com/gitlab-org/gitlab-shell/-/merge_requests/476 First contain : gitlab-shell v13.21.0 Corresponding gitlab v14.3.0 --- assets/runtime/config/gitlab-shell/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/assets/runtime/config/gitlab-shell/config.yml b/assets/runtime/config/gitlab-shell/config.yml index 05b39d32c..284c582a7 100644 --- a/assets/runtime/config/gitlab-shell/config.yml +++ b/assets/runtime/config/gitlab-shell/config.yml @@ -54,7 +54,7 @@ log_file: "{{GITLAB_LOG_DIR}}/gitlab-shell/gitlab-shell.log" # Log level. INFO by default log_level: INFO -# Log format. 'text' by default +# Log format. 'json' by default, can be changed to 'text' if needed # log_format: json # Audit usernames. From c5527a3b42b307249dec1b58af4739b14481fa07 Mon Sep 17 00:00:00 2001 From: Kazunori Kimura Date: Mon, 24 Oct 2022 18:19:08 +0900 Subject: [PATCH 28/47] Sync config v14.7.0 : gitlab.yml: Add note about updating GDK settings This is imported from upstream See corresponding merge request: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/78346 --- assets/runtime/config/gitlabhq/gitlab.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/assets/runtime/config/gitlabhq/gitlab.yml b/assets/runtime/config/gitlabhq/gitlab.yml index 1522e0352..6a885c3c3 100644 --- a/assets/runtime/config/gitlabhq/gitlab.yml +++ b/assets/runtime/config/gitlabhq/gitlab.yml @@ -9,6 +9,8 @@ # If you change this file in a merge request, please also create # # a MR on https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests. # # For more details see https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/gitlab.yml.md # +# Be sure to create a MR against the GDK configuration # +# file (https://gitlab.com/gitlab-org/gitlab-development-kit/-/blob/main/support/templates/gitlab/config/gitlab.yml.erb) too. # ######################################################################## # # From 77558c155b5405916d181fe3a48344a427a185e0 Mon Sep 17 00:00:00 2001 From: Kazunori Kimura Date: Mon, 24 Oct 2022 18:19:08 +0900 Subject: [PATCH 29/47] Sync config v14.8.0 : Remove deprecated config `SSL_SELF_CERT` This is imported from upstream. See corresponding merge requests: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/78078 https://gitlab.com/gitlab-org/gitaly/-/merge_requests/4690 https://gitlab.com/gitlab-org/gitlab-shell/-/merge_requests/602 --- README.md | 16 ++++++---------- assets/runtime/config/gitlab-shell/config.yml | 2 +- assets/runtime/env-defaults | 5 ++++- assets/runtime/functions | 1 - contrib/docker-swarm/docker-compose.yml | 1 - docker-compose.swarm.yml | 1 - docker-compose.yml | 1 - docs/docker-compose-keycloak.yml | 1 - docs/docker-compose-registry.yml | 1 - docs/s3_compatible_storage.md | 8 ++++---- 10 files changed, 15 insertions(+), 22 deletions(-) diff --git a/README.md b/README.md index 4055b8218..174789b83 100644 --- a/README.md +++ b/README.md @@ -483,13 +483,14 @@ Great! we are now just one step away from having our application secured. ##### Enabling HTTPS support -HTTPS support can be enabled by setting the `GITLAB_HTTPS` option to `true`. Additionally, when using self-signed SSL certificates you need to the set `SSL_SELF_SIGNED` option to `true` as well. Assuming we are using self-signed certificates +HTTPS support can be enabled by setting the `GITLAB_HTTPS` option to `true`. +Since corresponding setting `self_signed_cert` was removed in the gitlab-shell 13.26.0 release, the option `SSL_SELF_SIGNED`, that was used to indicate to use a self-signed certificate, is not used anymore. You don't need to set this option even if you're using a self-signed certificate. ```bash docker run --name gitlab -d \ --publish 10022:22 --publish 10080:80 --publish 10443:443 \ --env 'GITLAB_SSH_PORT=10022' --env 'GITLAB_PORT=10443' \ - --env 'GITLAB_HTTPS=true' --env 'SSL_SELF_SIGNED=true' \ + --env 'GITLAB_HTTPS=true' \ --volume /srv/docker/gitlab/gitlab:/home/git/data \ sameersbn/gitlab:15.5.0 ``` @@ -504,7 +505,7 @@ With `NGINX_HSTS_MAXAGE` you can configure that value. The default value is `315 ```bash docker run --name gitlab -d \ - --env 'GITLAB_HTTPS=true' --env 'SSL_SELF_SIGNED=true' \ + --env 'GITLAB_HTTPS=true' \ --env 'NGINX_HSTS_MAXAGE=2592000' \ --volume /srv/docker/gitlab/gitlab:/home/git/data \ sameersbn/gitlab:15.5.0 @@ -516,7 +517,7 @@ If you want to completely disable HSTS set `NGINX_HSTS_ENABLED` to `false`. Load balancers like nginx/haproxy/hipache talk to backend applications over plain http and as such the installation of ssl keys and certificates are not required and should **NOT** be installed in the container. The SSL configuration has to instead be done at the load balancer. -However, when using a load balancer you **MUST** set `GITLAB_HTTPS` to `true`. Additionally you will need to set the `SSL_SELF_SIGNED` option to `true` if self signed SSL certificates are in use. +However, when using a load balancer you **MUST** set `GITLAB_HTTPS` to `true`. With this in place, you should configure the load balancer to support handling of https requests. But that is out of the scope of this document. Please refer to [Using SSL/HTTPS with HAProxy](http://seanmcgary.com/posts/using-sslhttps-with-haproxy) for information on the subject. @@ -528,12 +529,11 @@ In summation, when using a load balancer, the docker command would look for the docker run --name gitlab -d \ --publish 10022:22 --publish 10080:80 \ --env 'GITLAB_SSH_PORT=10022' --env 'GITLAB_PORT=443' \ - --env 'GITLAB_HTTPS=true' --env 'SSL_SELF_SIGNED=true' \ + --env 'GITLAB_HTTPS=true' \ --volume /srv/docker/gitlab/gitlab:/home/git/data \ sameersbn/gitlab:15.5.0 ``` -Again, drop the `--env 'SSL_SELF_SIGNED=true'` option if you are using CA certified SSL certificates. In case GitLab responds to any kind of POST request (login, OAUTH, changing settings etc.) with a 422 HTTP Error, consider adding this to your reverse proxy configuration: @@ -1594,10 +1594,6 @@ The value of the `worker-src` directive in the `Content-Security-Policy` header. The value of the `report-uri` directive in the `Content-Security-Policy` header -##### `SSL_SELF_SIGNED` - -Set to `true` when using self signed ssl certificates. `false` by default. - ##### `SSL_CERTIFICATE_PATH` Location of the ssl certificate. Defaults to `/home/git/data/certs/gitlab.crt` diff --git a/assets/runtime/config/gitlab-shell/config.yml b/assets/runtime/config/gitlab-shell/config.yml index 284c582a7..2e1c5e343 100644 --- a/assets/runtime/config/gitlab-shell/config.yml +++ b/assets/runtime/config/gitlab-shell/config.yml @@ -26,7 +26,7 @@ http_settings: # password: somepass # ca_file: /etc/ssl/cert.pem # ca_path: /etc/pki/tls/certs - self_signed_cert: {{SSL_SELF_SIGNED}} +# # File used as authorized_keys for gitlab user auth_file: "{{GITLAB_HOME}}/.ssh/authorized_keys" diff --git a/assets/runtime/env-defaults b/assets/runtime/env-defaults index f6704efd0..210d99f32 100644 --- a/assets/runtime/env-defaults +++ b/assets/runtime/env-defaults @@ -272,7 +272,10 @@ GITLAB_REGISTRY_ISSUER=${GITLAB_REGISTRY_ISSUER:-gitlab-issuer} GITLAB_REGISTRY_GENERATE_INTERNAL_CERTIFICATES=${GITLAB_REGISTRY_GENERATE_INTERNAL_CERTIFICATES:-false} ## SSL -SSL_SELF_SIGNED=${SSL_SELF_SIGNED:-false} +### removed +if [ -v SSL_SELF_SIGNED ]; then + echo "The configuration parameter SSL_SELF_SIGNED is removed and not used anymore." +fi SSL_CERTIFICATE_PATH=${SSL_CERTIFICATE_PATH:-$GITLAB_DATA_DIR/certs/gitlab.crt} SSL_KEY_PATH=${SSL_KEY_PATH:-$GITLAB_DATA_DIR/certs/gitlab.key} SSL_DHPARAM_PATH=${SSL_DHPARAM_PATH:-$GITLAB_DATA_DIR/certs/dhparam.pem} diff --git a/assets/runtime/functions b/assets/runtime/functions index 485afa808..6b88e8e32 100644 --- a/assets/runtime/functions +++ b/assets/runtime/functions @@ -1898,7 +1898,6 @@ configure_gitlab_shell() { GITLAB_HOME \ GITLAB_LOG_DIR \ GITLAB_SHELL_INSTALL_DIR \ - SSL_SELF_SIGNED \ REDIS_HOST \ REDIS_PORT \ REDIS_DB_NUMBER diff --git a/contrib/docker-swarm/docker-compose.yml b/contrib/docker-swarm/docker-compose.yml index 4e7b0eae4..d517f159e 100644 --- a/contrib/docker-swarm/docker-compose.yml +++ b/contrib/docker-swarm/docker-compose.yml @@ -52,7 +52,6 @@ services: - GITLAB_TIMEZONE=Kolkata - GITLAB_HTTPS=false - - SSL_SELF_SIGNED=false - GITLAB_HOST=localhost - GITLAB_PORT=10080 diff --git a/docker-compose.swarm.yml b/docker-compose.swarm.yml index 23991fa68..13dcf65d9 100644 --- a/docker-compose.swarm.yml +++ b/docker-compose.swarm.yml @@ -114,7 +114,6 @@ services: - GITLAB_TIMEZONE=Kolkata - GITLAB_HTTPS=true - - SSL_SELF_SIGNED=false - GITLAB_HOST=${GITLAB_HOST?Variable not set} - GITLAB_PORT=443 diff --git a/docker-compose.yml b/docker-compose.yml index a0983b7a6..dbb60c6f8 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -54,7 +54,6 @@ services: - GITLAB_TIMEZONE=Kolkata - GITLAB_HTTPS=false - - SSL_SELF_SIGNED=false - GITLAB_HOST=localhost - GITLAB_PORT=10080 diff --git a/docs/docker-compose-keycloak.yml b/docs/docker-compose-keycloak.yml index 1e9e631fc..f48939018 100644 --- a/docs/docker-compose-keycloak.yml +++ b/docs/docker-compose-keycloak.yml @@ -48,7 +48,6 @@ services: - GITLAB_TIMEZONE=Kolkata - GITLAB_HTTPS=false - - SSL_SELF_SIGNED=false - GITLAB_HOST='' - GITLAB_PORT=10080 diff --git a/docs/docker-compose-registry.yml b/docs/docker-compose-registry.yml index e4495d4fb..88b8d299c 100644 --- a/docs/docker-compose-registry.yml +++ b/docs/docker-compose-registry.yml @@ -49,7 +49,6 @@ services: - REDIS_PORT=6379 - GITLAB_HTTPS=false - - SSL_SELF_SIGNED=false - GITLAB_HOST=gitlab.example.com - GITLAB_PORT=80 diff --git a/docs/s3_compatible_storage.md b/docs/s3_compatible_storage.md index b6e9f3db8..a3898074b 100644 --- a/docs/s3_compatible_storage.md +++ b/docs/s3_compatible_storage.md @@ -7,11 +7,12 @@ This is an extend of AWS Remote Backups. As explained in [doc.gitlab.com](https://docs.gitlab.com/ce/raketasks/backup_restore.html#upload-backups-to-remote-cloud-storage), it uses [Fog library](http://fog.io) and the module fog-aws. More details on [s3 supported parameters](https://github.com/fog/fog-aws/blob/master/lib/fog/aws/storage.rb) +- [GitLab Backup to s3 compatible storage](#gitlab-backup-to-s3-compatible-storage) - [Available Parameters](#available-parameters) - [Installation](#installation) -- [Maintenance](#maintenance) - - [Creating Backups](#creating-backups) - - [Restoring Backups](#restoring-backups) + - [Docker Compose](#docker-compose) + - [Creating Backups](#creating-backups) + - [Restoring Backups](#restoring-backups) # Available Parameters @@ -114,7 +115,6 @@ services: - TZ=Asia/Kolkata - GITLAB_TIMEZONE=Kolkata - GITLAB_HTTPS=false - - SSL_SELF_SIGNED=false - GITLAB_HOST=localhost - GITLAB_PORT=10080 - GITLAB_SSH_PORT=10022 From 3e5fa9fc4ddb29ada49e80f51b9c8c1f09c091b3 Mon Sep 17 00:00:00 2001 From: Kazunori Kimura Date: Mon, 24 Oct 2022 18:19:08 +0900 Subject: [PATCH 30/47] Sync config v14.9.0 : Move custom_hooks_dir from gitlab-shell to gitaly This is done in gitlab 14.9 release. See corresponding merge requests: gitlab-shell side https://gitlab.com/gitlab-org/gitlab-shell/-/merge_requests/378 gitaly side: First introduced in MR 2066 for [gitlab-shell] scope https://gitlab.com/gitlab-org/gitaly/-/merge_requests/2066 Then moved to [hook] scope in MR 2187, https://gitlab.com/gitlab-org/gitaly/-/merge_requests/2187 but reverted and moved back to [gitlab-shell] scope. https://gitlab.com/gitlab-org/gitaly/-/merge_requests/2196 If the value is empty or not set, it fallback to {gitlab-shell install directory} See https://gitlab.com/gitlab-org/gitaly/-/blob/16b38f034eb38253006a2e69a4b4220717b45a99/internal/gitaly/config/config.go#L231-233 Also note that there was a issue for 13-0 stable about default value (already fixed in later release) https://gitlab.com/gitlab-org/gitaly/-/merge_requests/2275 First contained tag: v13.0.0 (gitlab-shell, gitaly, gitlab) --- assets/runtime/config/gitaly/config.toml | 4 ++++ assets/runtime/config/gitlab-shell/config.yml | 4 ---- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/assets/runtime/config/gitaly/config.toml b/assets/runtime/config/gitaly/config.toml index eb10d2ef4..c2909a6ce 100644 --- a/assets/runtime/config/gitaly/config.toml +++ b/assets/runtime/config/gitaly/config.toml @@ -91,6 +91,10 @@ dir = "{{GITLAB_GITALY_INSTALL_DIR}}/ruby" # The directory where gitlab-shell is installed dir = "{{GITLAB_SHELL_INSTALL_DIR}}" +[hooks] +custom_hooks_dir = "{{GITLAB_SHELL_INSTALL_DIR}}/hooks" + + # # You can adjust the concurrency of each RPC endpoint # [[concurrency]] # rpc = "/gitaly.RepositoryService/GarbageCollect" diff --git a/assets/runtime/config/gitlab-shell/config.yml b/assets/runtime/config/gitlab-shell/config.yml index 2e1c5e343..63d2b6dbc 100644 --- a/assets/runtime/config/gitlab-shell/config.yml +++ b/assets/runtime/config/gitlab-shell/config.yml @@ -43,10 +43,6 @@ secret_file: "{{GITLAB_SHELL_INSTALL_DIR}}/.gitlab_shell_secret" # file will not be read. # secret: "supersecret" -# Parent directory for global custom hook directories (pre-receive.d, update.d, post-receive.d) -# Default is hooks in the gitlab-shell directory. -custom_hooks_dir: "{{GITLAB_SHELL_INSTALL_DIR}}/hooks" - # Log file. # Default is gitlab-shell.log in the root directory. log_file: "{{GITLAB_LOG_DIR}}/gitlab-shell/gitlab-shell.log" From 872a6b7c6d26ac1a8094a97e3778ceff33fe3081 Mon Sep 17 00:00:00 2001 From: Kazunori Kimura Date: Mon, 24 Oct 2022 18:19:08 +0900 Subject: [PATCH 31/47] Sync config v14.2.0 : gitlab: Add commented-out config cdn_host See upstream Merge request: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/67710 --- assets/runtime/config/gitlabhq/gitlab.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/assets/runtime/config/gitlabhq/gitlab.yml b/assets/runtime/config/gitlabhq/gitlab.yml index 6a885c3c3..aaba7b124 100644 --- a/assets/runtime/config/gitlabhq/gitlab.yml +++ b/assets/runtime/config/gitlabhq/gitlab.yml @@ -35,6 +35,10 @@ production: &base host: {{GITLAB_HOST}} port: {{GITLAB_PORT}} # Set to 443 if using HTTPS, see installation.md#using-https for additional HTTPS configuration details https: {{GITLAB_HTTPS}} # Set to true if using HTTPS, see installation.md#using-https for additional HTTPS configuration details + + # Uncomment this line if you want to configure the Rails asset host for a CDN. + # cdn_host: localhost + # The maximum time Puma can spend on the request. This needs to be smaller than the worker timeout. # Default is 95% of the worker timeout max_request_duration_seconds: 57 From c95365c94b4ad21d03fbbbb78e73f80b9a2c7459 Mon Sep 17 00:00:00 2001 From: Kazunori Kimura Date: Mon, 24 Oct 2022 18:19:08 +0900 Subject: [PATCH 32/47] Sync config v14.2.0 : gitlab: Add commented-out config for encrypted SMTP credentials See corresponding MR: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/67802 --- assets/runtime/config/gitlabhq/gitlab.yml | 3 ++- assets/runtime/config/gitlabhq/smtp_settings.rb | 10 ++++++++++ assets/runtime/functions | 10 +++++++++- 3 files changed, 21 insertions(+), 2 deletions(-) diff --git a/assets/runtime/config/gitlabhq/gitlab.yml b/assets/runtime/config/gitlabhq/gitlab.yml index aaba7b124..cecf1eac7 100644 --- a/assets/runtime/config/gitlabhq/gitlab.yml +++ b/assets/runtime/config/gitlabhq/gitlab.yml @@ -123,11 +123,12 @@ production: &base # ca_certs_file: /home/git/gitlab/.gitlab_smime_ca_certs # Email server smtp settings are in config/initializers/smtp_settings.rb.sample + # File location to read encrypted SMTP secrets from + # email_smtp_secret_file: /mnt/gitlab/smtp.yaml.enc # Default: shared/encrypted_settings/smtp.yaml.enc default_projects_limit: {{GITLAB_PROJECTS_LIMIT}} default_can_create_group: {{GITLAB_CREATE_GROUP}} # default: true username_changing_enabled: {{GITLAB_USERNAME_CHANGE}} # default: true - User can change their username/namespace - signup_enabled: {{GITLAB_SIGNUP_ENABLED}} ## Default theme ID ## 1 - Indigo ## 2 - Dark diff --git a/assets/runtime/config/gitlabhq/smtp_settings.rb b/assets/runtime/config/gitlabhq/smtp_settings.rb index 32b57f4a1..be128b7a6 100644 --- a/assets/runtime/config/gitlabhq/smtp_settings.rb +++ b/assets/runtime/config/gitlabhq/smtp_settings.rb @@ -9,6 +9,7 @@ if Rails.env.production? Rails.application.config.action_mailer.delivery_method = :smtp + secrets = Gitlab::Email::SmtpConfig.secrets ActionMailer::Base.delivery_method = :smtp ActionMailer::Base.smtp_settings = { @@ -16,6 +17,10 @@ port: {{SMTP_PORT}}, user_name: "{{SMTP_USER}}", password: "{{SMTP_PASS}}", + ## If you are using encrypted smtp credentials then you should instead use the secrets user_name/password + ## See: https://docs.gitlab.com/ee/administration/raketasks/smtp.html#secrets + # user_name: secrets.username, + # password: secrets.password, domain: "{{SMTP_DOMAIN}}", authentication: "{{SMTP_AUTHENTICATION}}", enable_starttls_auto: {{SMTP_STARTTLS}}, @@ -34,6 +39,7 @@ # # if Rails.env.production? # Rails.application.config.action_mailer.delivery_method = :smtp_pool +# secrets = Gitlab::Email::SmtpConfig.secrets # # ActionMailer::Base.delivery_method = :smtp_pool # ActionMailer::Base.smtp_pool_settings = { @@ -43,6 +49,10 @@ # port: 465, # user_name: "smtp", # password: "123456", +# ## If you are using encrypted smtp credentials then you should instead use the secrets user_name/password +# ## See: https://docs.gitlab.com/ee/administration/raketasks/smtp.html#secrets +# # user_name: secrets.username, +# # password: secrets.password, # domain: "gitlab.company.com", # authentication: :login, # enable_starttls_auto: true, diff --git a/assets/runtime/functions b/assets/runtime/functions index 6b88e8e32..868952359 100644 --- a/assets/runtime/functions +++ b/assets/runtime/functions @@ -1843,7 +1843,6 @@ configure_gitlab() { GITLAB_SSH_HOST \ GITLAB_SSH_LISTEN_PORT \ GITLAB_SSH_PORT \ - GITLAB_SIGNUP_ENABLED \ GITLAB_IMPERSONATION_ENABLED \ GITLAB_PROJECTS_LIMIT \ GITLAB_USERNAME_CHANGE \ @@ -1887,6 +1886,15 @@ configure_gitlab() { generate_healthcheck_script gitlab_configure_content_security_policy + # some configurations are stored in database + ## GITLAB_SIGNUP_ENABLED : `signup_enabled` in `application_settings` table + ## avoid injection: set to false unless explicitly specified to be true + if [[ "${GITLAB_SIGNUP_ENABLED}" != true ]]; then + GITLAB_SIGNUP_ENABLED=false + fi + printf "Configurating application_settings.signup_enabled=%s :" ${GITLAB_SIGNUP_ENABLED} + PGPASSWORD="${DB_PASS}" psql -h "${DB_HOST}" -p "${DB_PORT}" -U "${DB_USER}" -d "${DB_NAME}" -Atw -c "UPDATE application_settings SET signup_enabled = ${GITLAB_SIGNUP_ENABLED}" + # remove stale gitlab.socket rm -rf ${GITLAB_INSTALL_DIR}/tmp/sockets/gitlab.socket } From 91c2e0c6fa7fe518c066c3b4920a760f0518f65a Mon Sep 17 00:00:00 2001 From: Kazunori Kimura Date: Mon, 24 Oct 2022 18:19:08 +0900 Subject: [PATCH 33/47] Sync config v14.9.0 : Update docs link in mail_room yml section See upstream merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/81130 --- assets/runtime/config/gitlabhq/gitlab.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/assets/runtime/config/gitlabhq/gitlab.yml b/assets/runtime/config/gitlabhq/gitlab.yml index cecf1eac7..023a1fc94 100644 --- a/assets/runtime/config/gitlabhq/gitlab.yml +++ b/assets/runtime/config/gitlabhq/gitlab.yml @@ -189,7 +189,7 @@ production: &base ## Reply by email # Allow users to comment on issues and merge requests by replying to notification emails. - # For documentation on how to set this up, see http://doc.gitlab.com/ce/administration/reply_by_email.html + # For documentation on how to set this up, see https://docs.gitlab.com/ee/administration/reply_by_email.html incoming_email: enabled: {{GITLAB_INCOMING_EMAIL_ENABLED}} From 9b31de540bfa21617270efa797f33e5b888ea38f Mon Sep 17 00:00:00 2001 From: Kazunori Kimura Date: Mon, 24 Oct 2022 18:19:08 +0900 Subject: [PATCH 34/47] Sync config v14.10.0 : Add commented-out potions for gitaly: runtime_dir See upstream merge request: https://gitlab.com/gitlab-org/gitaly/-/merge_requests/4415 First contain gitaly v14.10.0 Corresponding gitlab v14.10.0 --- assets/runtime/config/gitaly/config.toml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/assets/runtime/config/gitaly/config.toml b/assets/runtime/config/gitaly/config.toml index c2909a6ce..8e5a6e4f5 100644 --- a/assets/runtime/config/gitaly/config.toml +++ b/assets/runtime/config/gitaly/config.toml @@ -7,6 +7,11 @@ socket_path = "{{GITALY_SOCKET_PATH}}" # The directory where Gitaly's executables are stored bin_dir = "/usr/local/bin/" +# # Optional: The directory where Gitaly can create all files required to +# # properly operate at runtime. If not set, Gitaly will create a directory in +# # the global temporary directory. This directory must exist. +# runtime_dir = "/home/git/gitaly/run" + # # Optional: listen on a TCP socket. This is insecure (no authentication) # listen_addr = "localhost:9999" # tls_listen_addr = "localhost:8888" From 06ce2a089a39cd49fe42c79c6e057ee501a36587 Mon Sep 17 00:00:00 2001 From: Kazunori Kimura Date: Mon, 24 Oct 2022 18:19:09 +0900 Subject: [PATCH 35/47] Sync config v15.0.0 : remove Pseudonymizer code See upstream MR: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/86087 --- assets/runtime/config/gitlabhq/gitlab.yml | 29 ----------------------- 1 file changed, 29 deletions(-) diff --git a/assets/runtime/config/gitlabhq/gitlab.yml b/assets/runtime/config/gitlabhq/gitlab.yml index 023a1fc94..18318bf2b 100644 --- a/assets/runtime/config/gitlabhq/gitlab.yml +++ b/assets/runtime/config/gitlabhq/gitlab.yml @@ -572,10 +572,6 @@ production: &base geo_migrated_local_files_clean_up_worker: cron: "15 */6 * * *" - # Export pseudonymized data in CSV format for analysis - pseudonymizer_worker: - cron: "0 * * * *" - # Elasticsearch bulk updater for incremental updates. # NOTE: This will only take effect if elasticsearch is enabled. elastic_index_bulk_cron_worker: @@ -1154,20 +1150,6 @@ production: &base remote_directory: '{{GCS_BACKUP_BUCKET}}' #end-gcs - ## Pseudonymizer exporter - pseudonymizer: - # Tables manifest that specifies the fields to extract and pseudonymize. - manifest: config/pseudonymizer.yml - upload: - remote_directory: 'gitlab-elt' - # Fog storage connection settings, see http://fog.io/storage/ . - connection: - # provider: AWS - # region: eu-west-1 - # aws_access_key_id: AKIAKIAKI - # aws_secret_access_key: 'secret123' - # # The remote 'directory' to store the CSV files. For S3, this would be the bucket name. - ## GitLab Shell settings gitlab_shell: path: {{GITLAB_SHELL_INSTALL_DIR}}/ @@ -1416,17 +1398,6 @@ test: secret_file: tmp/gitlab_workhorse_test_secret backup: path: tmp/tests/backups - pseudonymizer: - manifest: config/pseudonymizer.yml - upload: - # The remote 'directory' to store the CSV files. For S3, this would be the bucket name. - remote_directory: gitlab-elt.test - # Fog storage connection settings, see http://fog.io/storage/ - connection: - provider: AWS # Only AWS supported at the moment - aws_access_key_id: AWS_ACCESS_KEY_ID - aws_secret_access_key: AWS_SECRET_ACCESS_KEY - region: us-east-1 gitlab_shell: path: tmp/tests/gitlab-shell/ authorized_keys_file: tmp/tests/authorized_keys From 47115b27dd6cf151b946f84096dcd9dd66402261 Mon Sep 17 00:00:00 2001 From: Kazunori Kimura Date: Mon, 24 Oct 2022 18:19:09 +0900 Subject: [PATCH 36/47] Sync config v15.0.0 : Remove `direct_upload` and `background_upload` Also remove corresponding configuration parameters: - GITLAB_ARTIFACTS_OBJECT_STORE_DIRECT_UPLOAD - GITLAB_ARTIFACTS_OBJECT_STORE_BACKGROUND_UPLOAD - GITLAB_PACKAGES_OBJECT_STORE_DIRECT_UPLOAD - GITLAB_PACKAGES_OBJECT_STORE_BACKGROUND_UPLOAD - GITLAB_LFS_OBJECT_STORE_DIRECT_UPLOAD - GITLAB_LFS_OBJECT_STORE_BACKGROUND_UPLOAD - GITLAB_UPLOADS_OBJECT_STORE_DIRECT_UPLOAD - GITLAB_UPLOADS_OBJECT_STORE_BACKGROUND_UPLOAD This is introduced with v15.0 release See corresponding merge request: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/86905 --- README.md | 24 ----------------------- assets/runtime/config/gitlabhq/gitlab.yml | 12 ------------ assets/runtime/env-defaults | 8 -------- assets/runtime/functions | 8 -------- 4 files changed, 52 deletions(-) diff --git a/README.md b/README.md index 174789b83..50aadfb5e 100644 --- a/README.md +++ b/README.md @@ -1026,14 +1026,6 @@ Enables Object Store for Artifacts that will be remote stored. Defaults to `fals Bucket name to store the artifacts. Defaults to `artifacts` -##### `GITLAB_ARTIFACTS_OBJECT_STORE_DIRECT_UPLOAD` - -Set to true to enable direct upload of Artifacts without the need of local shared storage. Defaults to `false` - -##### `GITLAB_ARTIFACTS_OBJECT_STORE_BACKGROUND_UPLOAD` - -Temporary option to limit automatic upload. Defaults to `false` - ##### `GITLAB_ARTIFACTS_OBJECT_STORE_PROXY_DOWNLOAD` Passthrough all downloads via GitLab instead of using Redirects to Object Storage. Defaults to `false` @@ -1102,10 +1094,6 @@ Enables Object Store for LFS that will be remote stored. Defaults to `false` Bucket name to store the LFS. Defaults to `lfs-object` -##### `GITLAB_LFS_OBJECT_STORE_BACKGROUND_UPLOAD` - -Temporary option to limit automatic upload. Defaults to `false` - ##### `GITLAB_LFS_OBJECT_STORE_PROXY_DOWNLOAD` Passthrough all downloads via GitLab instead of using Redirects to Object Storage. Defaults to `false` @@ -1170,14 +1158,6 @@ Enables Object Store for Packages that will be remote stored. Defaults to `false Bucket name to store the packages. Defaults to `packages` -##### `GITLAB_PACKAGES_OBJECT_STORE_DIRECT_UPLOAD` - -Set to true to enable direct upload of Packages without the need of local shared storage. Defaults to `false` - -##### `GITLAB_PACKAGES_OBJECT_STORE_BACKGROUND_UPLOAD` - -Temporary option to limit automatic upload. Defaults to `false` - ##### `GITLAB_PACKAGES_OBJECT_STORE_PROXY_DOWNLOAD` Passthrough all downloads via GitLab instead of using Redirects to Object Storage. Defaults to `false` @@ -1294,10 +1274,6 @@ Enables Object Store for UPLOADS that will be remote stored. Defaults to `false` Bucket name to store the UPLOADS. Defaults to `uploads` -##### `GITLAB_UPLOADS_OBJECT_STORE_BACKGROUND_UPLOAD` - -Temporary option to limit automatic upload. Defaults to `false` - ##### `GITLAB_UPLOADS_OBJECT_STORE_PROXY_DOWNLOAD` Passthrough all downloads via GitLab instead of using Redirects to Object Storage. Defaults to `false` diff --git a/assets/runtime/config/gitlabhq/gitlab.yml b/assets/runtime/config/gitlabhq/gitlab.yml index 18318bf2b..675df11c6 100644 --- a/assets/runtime/config/gitlabhq/gitlab.yml +++ b/assets/runtime/config/gitlabhq/gitlab.yml @@ -266,8 +266,6 @@ production: &base object_store: enabled: {{GITLAB_ARTIFACTS_OBJECT_STORE_ENABLED}} remote_directory: {{GITLAB_ARTIFACTS_OBJECT_STORE_REMOTE_DIRECTORY}} # The bucket name - direct_upload: {{GITLAB_ARTIFACTS_OBJECT_STORE_DIRECT_UPLOAD}} # Set to true to enable direct upload of Artifacts without the need of local shared storage. - background_upload: {{GITLAB_ARTIFACTS_OBJECT_STORE_BACKGROUND_UPLOAD}} # Temporary option to limit automatic upload (Default: true) proxy_download: {{GITLAB_ARTIFACTS_OBJECT_STORE_PROXY_DOWNLOAD}} # Passthrough all downloads via GitLab instead of using Redirects to Object Storage connection: provider: {{GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_PROVIDER}} # Only AWS supported at the moment @@ -296,7 +294,6 @@ production: &base # object_store: # enabled: false # remote_directory: external-diffs - # background_upload: false # proxy_download: false # connection: # provider: AWS @@ -312,8 +309,6 @@ production: &base object_store: enabled: {{GITLAB_LFS_OBJECT_STORE_ENABLED}} remote_directory: {{GITLAB_LFS_OBJECT_STORE_REMOTE_DIRECTORY}} # Bucket name - direct_upload: {{GITLAB_LFS_OBJECT_STORE_DIRECT_UPLOAD}} # Use Object Storage directly for uploads instead of background uploads if enabled (Default: false) - background_upload: {{GITLAB_LFS_OBJECT_STORE_BACKGROUND_UPLOAD}} # Temporary option to limit automatic upload (Default: true) proxy_download: {{GITLAB_LFS_OBJECT_STORE_PROXY_DOWNLOAD}} # Passthrough all downloads via GitLab instead of using Redirects to Object Storage connection: provider: {{GITLAB_LFS_OBJECT_STORE_CONNECTION_PROVIDER}} @@ -346,8 +341,6 @@ production: &base object_store: enabled: {{GITLAB_UPLOADS_OBJECT_STORE_ENABLED}} remote_directory: {{GITLAB_UPLOADS_OBJECT_STORE_REMOTE_DIRECTORY}} # Bucket name - direct_upload: {{GITLAB_UPLOADS_OBJECT_STORE_DIRECT_UPLOAD}} # Use Object Storage directly for uploads instead of background uploads if enabled (Default: false) - background_upload: {{GITLAB_UPLOADS_OBJECT_STORE_BACKGROUND_UPLOAD}} # Temporary option to limit automatic upload (Default: true) proxy_download: {{GITLAB_UPLOADS_OBJECT_STORE_PROXY_DOWNLOAD}} # Passthrough all downloads via GitLab instead of using Redirects to Object Storage connection: provider: {{GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_PROVIDER}} @@ -374,8 +367,6 @@ production: &base object_store: enabled: {{GITLAB_PACKAGES_OBJECT_STORE_ENABLED}} remote_directory: {{GITLAB_PACKAGES_OBJECT_STORE_REMOTE_DIRECTORY}} # The bucket name - direct_upload: {{GITLAB_PACKAGES_OBJECT_STORE_DIRECT_UPLOAD}} # Set to true to enable direct upload of Packages without the need of local shared storage. - background_upload: {{GITLAB_PACKAGES_OBJECT_STORE_BACKGROUND_UPLOAD}} # Temporary option to limit automatic upload (Default: true) proxy_download: {{GITLAB_PACKAGES_OBJECT_STORE_PROXY_DOWNLOAD}} # Passthrough all downloads via GitLab instead of using Redirects to Object Storage connection: provider: {{GITLAB_PACKAGES_OBJECT_STORE_CONNECTION_PROVIDER}} # Only AWS supported at the moment @@ -403,8 +394,6 @@ production: &base object_store: enabled: false remote_directory: dependency_proxy # The bucket name - # direct_upload: false # Use Object Storage directly for uploads instead of background uploads if enabled (Default: false) - # background_upload: false # Temporary option to limit automatic upload (Default: true) # proxy_download: false # Passthrough all downloads via GitLab instead of using Redirects to Object Storage connection: provider: AWS @@ -1326,7 +1315,6 @@ test: object_store: enabled: false remote_directory: artifacts # The bucket name - background_upload: false connection: provider: AWS # Only AWS supported at the moment aws_access_key_id: AWS_ACCESS_KEY_ID diff --git a/assets/runtime/env-defaults b/assets/runtime/env-defaults index 210d99f32..a21994e81 100644 --- a/assets/runtime/env-defaults +++ b/assets/runtime/env-defaults @@ -128,8 +128,6 @@ GITLAB_ARTIFACTS_DIR="${GITLAB_ARTIFACTS_DIR:-$GITLAB_SHARED_DIR/artifacts}" GITLAB_ARTIFACTS_OBJECT_STORE_ENABLED=${GITLAB_ARTIFACTS_OBJECT_STORE_ENABLED:-false} GITLAB_ARTIFACTS_OBJECT_STORE_REMOTE_DIRECTORY=${GITLAB_ARTIFACTS_OBJECT_STORE_REMOTE_DIRECTORY:-artifacts} -GITLAB_ARTIFACTS_OBJECT_STORE_DIRECT_UPLOAD=${GITLAB_ARTIFACTS_OBJECT_STORE_DIRECT_UPLOAD:-false} -GITLAB_ARTIFACTS_OBJECT_STORE_BACKGROUND_UPLOAD=${GITLAB_ARTIFACTS_OBJECT_STORE_BACKGROUND_UPLOAD:-false} GITLAB_ARTIFACTS_OBJECT_STORE_PROXY_DOWNLOAD=${GITLAB_ARTIFACTS_OBJECT_STORE_PROXY_DOWNLOAD:-false} GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_PROVIDER=${GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_PROVIDER:-$GITLAB_OBJECT_STORE_CONNECTION_PROVIDER} @@ -154,8 +152,6 @@ GITLAB_PACKAGES_DIR="${GITLAB_PACKAGES_DIR:-$GITLAB_SHARED_DIR/packages}" GITLAB_PACKAGES_OBJECT_STORE_ENABLED=${GITLAB_PACKAGES_OBJECT_STORE_ENABLED:-false} GITLAB_PACKAGES_OBJECT_STORE_REMOTE_DIRECTORY=${GITLAB_PACKAGES_OBJECT_STORE_REMOTE_DIRECTORY:-packages} -GITLAB_PACKAGES_OBJECT_STORE_DIRECT_UPLOAD=${GITLAB_PACKAGES_OBJECT_STORE_DIRECT_UPLOAD:-false} -GITLAB_PACKAGES_OBJECT_STORE_BACKGROUND_UPLOAD=${GITLAB_PACKAGES_OBJECT_STORE_BACKGROUND_UPLOAD:-false} GITLAB_PACKAGES_OBJECT_STORE_PROXY_DOWNLOAD=${GITLAB_PACKAGES_OBJECT_STORE_PROXY_DOWNLOAD:-false} GITLAB_PACKAGES_OBJECT_STORE_CONNECTION_PROVIDER=${GITLAB_PACKAGES_OBJECT_STORE_CONNECTION_PROVIDER:-$GITLAB_OBJECT_STORE_CONNECTION_PROVIDER} @@ -204,8 +200,6 @@ GITLAB_LFS_OBJECTS_DIR="${GITLAB_LFS_OBJECTS_DIR:-$GITLAB_SHARED_DIR/lfs-objects GITLAB_LFS_OBJECT_STORE_ENABLED=${GITLAB_LFS_OBJECT_STORE_ENABLED:-false} GITLAB_LFS_OBJECT_STORE_REMOTE_DIRECTORY=${GITLAB_LFS_OBJECT_STORE_REMOTE_DIRECTORY:-lfs-objects} -GITLAB_LFS_OBJECT_STORE_DIRECT_UPLOAD=${GITLAB_LFS_OBJECT_STORE_DIRECT_UPLOAD:-false} -GITLAB_LFS_OBJECT_STORE_BACKGROUND_UPLOAD=${GITLAB_LFS_OBJECT_STORE_BACKGROUND_UPLOAD:-false} GITLAB_LFS_OBJECT_STORE_PROXY_DOWNLOAD=${GITLAB_LFS_OBJECT_STORE_PROXY_DOWNLOAD:-false} GITLAB_LFS_OBJECT_STORE_CONNECTION_PROVIDER=${GITLAB_LFS_OBJECT_STORE_CONNECTION_PROVIDER:-$GITLAB_OBJECT_STORE_CONNECTION_PROVIDER} @@ -229,8 +223,6 @@ GITLAB_UPLOADS_BASE_DIR="${GITLAB_UPLOADS_BASE_DIR:-uploads/-/system}" GITLAB_UPLOADS_OBJECT_STORE_ENABLED=${GITLAB_UPLOADS_OBJECT_STORE_ENABLED:-false} GITLAB_UPLOADS_OBJECT_STORE_REMOTE_DIRECTORY=${GITLAB_UPLOADS_OBJECT_STORE_REMOTE_DIRECTORY:-uploads} -GITLAB_UPLOADS_OBJECT_STORE_DIRECT_UPLOAD=${GITLAB_UPLOADS_OBJECT_STORE_DIRECT_UPLOAD:-false} -GITLAB_UPLOADS_OBJECT_STORE_BACKGROUND_UPLOAD=${GITLAB_UPLOADS_OBJECT_STORE_BACKGROUND_UPLOAD:-false} GITLAB_UPLOADS_OBJECT_STORE_PROXY_DOWNLOAD=${GITLAB_UPLOADS_OBJECT_STORE_PROXY_DOWNLOAD:-false} GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_PROVIDER=${GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_PROVIDER:-$GITLAB_OBJECT_STORE_CONNECTION_PROVIDER} diff --git a/assets/runtime/functions b/assets/runtime/functions index 868952359..203181b5f 100644 --- a/assets/runtime/functions +++ b/assets/runtime/functions @@ -1016,8 +1016,6 @@ gitlab_configure_artifacts() { update_template ${GITLAB_CONFIG} \ GITLAB_ARTIFACTS_OBJECT_STORE_REMOTE_DIRECTORY \ - GITLAB_ARTIFACTS_OBJECT_STORE_DIRECT_UPLOAD \ - GITLAB_ARTIFACTS_OBJECT_STORE_BACKGROUND_UPLOAD \ GITLAB_ARTIFACTS_OBJECT_STORE_PROXY_DOWNLOAD \ GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_PROVIDER \ GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_ACCESS_KEY_ID \ @@ -1063,8 +1061,6 @@ gitlab_configure_packages() { update_template ${GITLAB_CONFIG} \ GITLAB_PACKAGES_OBJECT_STORE_REMOTE_DIRECTORY \ - GITLAB_PACKAGES_OBJECT_STORE_DIRECT_UPLOAD \ - GITLAB_PACKAGES_OBJECT_STORE_BACKGROUND_UPLOAD \ GITLAB_PACKAGES_OBJECT_STORE_PROXY_DOWNLOAD \ GITLAB_PACKAGES_OBJECT_STORE_CONNECTION_PROVIDER \ GITLAB_PACKAGES_OBJECT_STORE_CONNECTION_AWS_ACCESS_KEY_ID \ @@ -1152,8 +1148,6 @@ gitlab_configure_lfs() { update_template ${GITLAB_CONFIG} \ GITLAB_LFS_OBJECT_STORE_REMOTE_DIRECTORY \ - GITLAB_LFS_OBJECT_STORE_DIRECT_UPLOAD \ - GITLAB_LFS_OBJECT_STORE_BACKGROUND_UPLOAD \ GITLAB_LFS_OBJECT_STORE_PROXY_DOWNLOAD \ GITLAB_LFS_OBJECT_STORE_CONNECTION_PROVIDER \ GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_ACCESS_KEY_ID \ @@ -1198,8 +1192,6 @@ gitlab_configure_uploads() { update_template ${GITLAB_CONFIG} \ GITLAB_UPLOADS_OBJECT_STORE_REMOTE_DIRECTORY \ - GITLAB_UPLOADS_OBJECT_STORE_DIRECT_UPLOAD \ - GITLAB_UPLOADS_OBJECT_STORE_BACKGROUND_UPLOAD \ GITLAB_UPLOADS_OBJECT_STORE_PROXY_DOWNLOAD \ GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_PROVIDER \ GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_ACCESS_KEY_ID \ From eca60f43a5747d50add2abea1d6db605b7ab2640 Mon Sep 17 00:00:00 2001 From: Kazunori Kimura Date: Mon, 24 Oct 2022 18:19:09 +0900 Subject: [PATCH 37/47] Sync config v15.0.0 : Update comment: Clarify expunged vs deleted in incoming email docs See https://gitlab.com/gitlab-org/gitlab/-/merge_requests/86747/ --- assets/runtime/config/gitlabhq/gitlab.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/assets/runtime/config/gitlabhq/gitlab.yml b/assets/runtime/config/gitlabhq/gitlab.yml index 675df11c6..884655ca6 100644 --- a/assets/runtime/config/gitlabhq/gitlab.yml +++ b/assets/runtime/config/gitlabhq/gitlab.yml @@ -225,7 +225,7 @@ production: &base # # log_path: log/mail_room_json.log - # Whether to expunge (permanently remove) messages from the mailbox when they are deleted after delivery + # Whether to expunge (permanently remove) messages from the mailbox when they are marked as deleted after delivery expunge_deleted: false ## Consolidated object store config From 9d1fa6200175e3a091df14cdd4d8e12ee2673263 Mon Sep 17 00:00:00 2001 From: Kazunori Kimura Date: Mon, 24 Oct 2022 18:19:09 +0900 Subject: [PATCH 38/47] Sync config v15.1.0 : gitaly: Add commented out setting ignore_gitconfig See upstream merge request: https://gitlab.com/gitlab-org/gitaly/-/merge_requests/4588 --- assets/runtime/config/gitaly/config.toml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/assets/runtime/config/gitaly/config.toml b/assets/runtime/config/gitaly/config.toml index 8e5a6e4f5..00c0dd894 100644 --- a/assets/runtime/config/gitaly/config.toml +++ b/assets/runtime/config/gitaly/config.toml @@ -38,6 +38,13 @@ bin_dir = "/usr/local/bin/" # bin_path = "/usr/bin/git" # catfile_cache_size = 100 # +# # Set this setting to `true` to start ignoring gitconfig files installed in +# # the system. This includes both system-level (e.g. '/etc/gitconffig') and +# # global-level (e.g. `$HOME/.gitconfig`) files. This setting will become the +# # default with v16.0. If you intend to override Git configuration you can do +# # so via `[[git.config]]`. The default value is `false`. +# ignore_gitconfig = false +# # [[git.config]] # key = fetch.fsckObjects # value = true From c502882c082863bf9e141a9032e2920a679fd5b9 Mon Sep 17 00:00:00 2001 From: Kazunori Kimura Date: Mon, 24 Oct 2022 18:19:09 +0900 Subject: [PATCH 39/47] Sync config v15.2.0 : Remove GITLAB_NOTIFY_{ON_BROKEN_BUILDS, PUSHER} Introduced in v15.2.0 See upstream merge request: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/91024 --- README.md | 8 -------- assets/runtime/config/gitlabhq/gitlab.yml | 6 ------ assets/runtime/env-defaults | 8 ++++++-- assets/runtime/functions | 3 +-- contrib/docker-swarm/docker-compose.yml | 3 --- docker-compose.swarm.yml | 3 --- docker-compose.yml | 3 --- docs/docker-compose-keycloak.yml | 3 --- docs/s3_compatible_storage.md | 2 -- kubernetes/gitlab-rc.yml | 5 ----- 10 files changed, 7 insertions(+), 37 deletions(-) diff --git a/README.md b/README.md index 50aadfb5e..09652d61d 100644 --- a/README.md +++ b/README.md @@ -930,14 +930,6 @@ Global custom hooks directory. Defaults to `/home/git/gitlab-shell/hooks`. Sets the timeout for webhooks. Defaults to `10` seconds. -##### `GITLAB_NOTIFY_ON_BROKEN_BUILDS` - -Enable or disable broken build notification emails. Defaults to `true` - -##### `GITLAB_NOTIFY_PUSHER` - -Add pusher to recipients list of broken build notification emails. Defaults to `false` - ##### `GITLAB_REPOS_DIR` The git repositories folder in the container. Defaults to `/home/git/data/repositories` diff --git a/assets/runtime/config/gitlabhq/gitlab.yml b/assets/runtime/config/gitlabhq/gitlab.yml index 884655ca6..4a032f2c1 100644 --- a/assets/runtime/config/gitlabhq/gitlab.yml +++ b/assets/runtime/config/gitlabhq/gitlab.yml @@ -621,12 +621,6 @@ production: &base gitlab_ci: # Default project notifications settings: - # - # Send emails only on broken builds (default: true) - all_broken_builds: {{GITLAB_NOTIFY_ON_BROKEN_BUILDS}} - # - # Add pusher to recipients list (default: false) - add_pusher: {{GITLAB_NOTIFY_PUSHER}} # The location where build traces are stored (default: builds/). Relative paths are relative to Rails.root builds_path: {{GITLAB_BUILDS_DIR}} diff --git a/assets/runtime/env-defaults b/assets/runtime/env-defaults index a21994e81..1aaec4c51 100644 --- a/assets/runtime/env-defaults +++ b/assets/runtime/env-defaults @@ -248,8 +248,12 @@ GITLAB_MATTERMOST_URL=${GITLAB_MATTERMOST_URL:-https://mattermost.example.com} GITLAB_SECRETS_DB_KEY_BASE=${GITLAB_SECRETS_DB_KEY_BASE:-} GITLAB_SECRETS_SECRET_KEY_BASE=${GITLAB_SECRETS_SECRET_KEY_BASE:-} GITLAB_SECRETS_OTP_KEY_BASE=${GITLAB_SECRETS_OTP_KEY_BASE:-} -GITLAB_NOTIFY_ON_BROKEN_BUILDS=${GITLAB_NOTIFY_ON_BROKEN_BUILDS:-true} -GITLAB_NOTIFY_PUSHER=${GITLAB_NOTIFY_PUSHER:-false} +if [[ -v GITLAB_NOTIFY_ON_BROKEN_BUILDS ]]; then + echo "GITLAB_NOTIFY_ON_BROKEN_BUILDS is removed in gitlab v15.2.0 and has no effect." +fi +if [[ -v GITLAB_NOTIFY_PUSHER ]]; then + echo "GITLAB_NOTIFY_PUSHER is removed in gitlab v15.2.0 and has no effect." +fi GITLAB_ROBOTS_PATH=${GITLAB_ROBOTS_PATH:-${USERCONF_TEMPLATES_DIR}/gitlabhq/robots.txt} diff --git a/assets/runtime/functions b/assets/runtime/functions index 203181b5f..0dde1e52f 100644 --- a/assets/runtime/functions +++ b/assets/runtime/functions @@ -990,8 +990,7 @@ gitlab_configure_rack_attack() { gitlab_configure_ci() { echo "Configuring gitlab::ci..." update_template ${GITLAB_CONFIG} \ - GITLAB_NOTIFY_ON_BROKEN_BUILDS \ - GITLAB_NOTIFY_PUSHER GITLAB_BUILDS_DIR + GITLAB_NOTIFY_ON_BROKEN_BUILDS } gitlab_configure_artifacts() { diff --git a/contrib/docker-swarm/docker-compose.yml b/contrib/docker-swarm/docker-compose.yml index d517f159e..5376bc1aa 100644 --- a/contrib/docker-swarm/docker-compose.yml +++ b/contrib/docker-swarm/docker-compose.yml @@ -64,9 +64,6 @@ services: - GITLAB_ROOT_PASSWORD= - GITLAB_ROOT_EMAIL= - - GITLAB_NOTIFY_ON_BROKEN_BUILDS=true - - GITLAB_NOTIFY_PUSHER=false - - GITLAB_EMAIL=notifications@example.com - GITLAB_EMAIL_REPLY_TO=noreply@example.com - GITLAB_INCOMING_EMAIL_ADDRESS=reply@example.com diff --git a/docker-compose.swarm.yml b/docker-compose.swarm.yml index 13dcf65d9..b156a625a 100644 --- a/docker-compose.swarm.yml +++ b/docker-compose.swarm.yml @@ -126,9 +126,6 @@ services: - GITLAB_ROOT_PASSWORD= - GITLAB_ROOT_EMAIL= - - GITLAB_NOTIFY_ON_BROKEN_BUILDS=true - - GITLAB_NOTIFY_PUSHER=false - - GITLAB_EMAIL=notifications@example.com - GITLAB_EMAIL_REPLY_TO=noreply@example.com - GITLAB_INCOMING_EMAIL_ADDRESS=reply@example.com diff --git a/docker-compose.yml b/docker-compose.yml index dbb60c6f8..1303c043e 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -66,9 +66,6 @@ services: - GITLAB_ROOT_PASSWORD= - GITLAB_ROOT_EMAIL= - - GITLAB_NOTIFY_ON_BROKEN_BUILDS=true - - GITLAB_NOTIFY_PUSHER=false - - GITLAB_EMAIL=notifications@example.com - GITLAB_EMAIL_REPLY_TO=noreply@example.com - GITLAB_INCOMING_EMAIL_ADDRESS=reply@example.com diff --git a/docs/docker-compose-keycloak.yml b/docs/docker-compose-keycloak.yml index f48939018..2cc35c356 100644 --- a/docs/docker-compose-keycloak.yml +++ b/docs/docker-compose-keycloak.yml @@ -60,9 +60,6 @@ services: - GITLAB_ROOT_PASSWORD= - GITLAB_ROOT_EMAIL= - - GITLAB_NOTIFY_ON_BROKEN_BUILDS=true - - GITLAB_NOTIFY_PUSHER=false - - GITLAB_EMAIL=notifications@example.com - GITLAB_EMAIL_REPLY_TO=noreply@example.com - GITLAB_INCOMING_EMAIL_ADDRESS=reply@example.com diff --git a/docs/s3_compatible_storage.md b/docs/s3_compatible_storage.md index a3898074b..718deb401 100644 --- a/docs/s3_compatible_storage.md +++ b/docs/s3_compatible_storage.md @@ -124,8 +124,6 @@ services: - GITLAB_SECRETS_OTP_KEY_BASE=long-and-random-alphanumeric-string - GITLAB_ROOT_PASSWORD= - GITLAB_ROOT_EMAIL= - - GITLAB_NOTIFY_ON_BROKEN_BUILDS=true - - GITLAB_NOTIFY_PUSHER=false - GITLAB_EMAIL=notifications@example.com - GITLAB_EMAIL_REPLY_TO=noreply@example.com - GITLAB_INCOMING_EMAIL_ADDRESS=reply@example.com diff --git a/kubernetes/gitlab-rc.yml b/kubernetes/gitlab-rc.yml index c4a0ac196..f1d6d4281 100644 --- a/kubernetes/gitlab-rc.yml +++ b/kubernetes/gitlab-rc.yml @@ -40,11 +40,6 @@ spec: - name: GITLAB_SSH_PORT value: "22" - - name: GITLAB_NOTIFY_ON_BROKEN_BUILDS - value: "true" - - name: GITLAB_NOTIFY_PUSHER - value: "false" - - name: GITLAB_BACKUP_SCHEDULE value: daily - name: GITLAB_BACKUP_TIME From c1d7f8f554468965952833d8007db0faf788c12b Mon Sep 17 00:00:00 2001 From: Kazunori Kimura Date: Mon, 24 Oct 2022 18:19:09 +0900 Subject: [PATCH 40/47] Sync config v15.4.0 : Add commented-out configs for microsoft_graph_mailer See upstream merge request: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/97372 --- assets/runtime/config/gitlabhq/gitlab.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/assets/runtime/config/gitlabhq/gitlab.yml b/assets/runtime/config/gitlabhq/gitlab.yml index 4a032f2c1..df3d5a123 100644 --- a/assets/runtime/config/gitlabhq/gitlab.yml +++ b/assets/runtime/config/gitlabhq/gitlab.yml @@ -187,6 +187,22 @@ production: &base # plaintext. This can be a security risk. # display_initial_root_password: false + # Allows delivery of emails using Microsoft Graph API with OAuth 2.0 client credentials flow. + microsoft_graph_mailer: + enabled: false + # The unique identifier for the user. To use Microsoft Graph on behalf of the user. + # user_id: "YOUR-USER-ID" + # The directory tenant the application plans to operate against, in GUID or domain-name format. + # tenant: "YOUR-TENANT-ID" + # The application ID that's assigned to your app. You can find this information in the portal where you registered your app. + # client_id: "YOUR-CLIENT-ID" + # The client secret that you generated for your app in the app registration portal. + # client_secret: "YOUR-CLIENT-SECRET-ID" + # Defaults to "https://login.microsoftonline.com". + # azure_ad_endpoint: + # Defaults to "https://graph.microsoft.com". + # graph_endpoint: + ## Reply by email # Allow users to comment on issues and merge requests by replying to notification emails. # For documentation on how to set this up, see https://docs.gitlab.com/ee/administration/reply_by_email.html From 0c3b22708c0d3634ea8df4503579eacdd0c5b3df Mon Sep 17 00:00:00 2001 From: Kazunori Kimura Date: Mon, 24 Oct 2022 18:23:52 +0900 Subject: [PATCH 41/47] Sync config v13.6.0 : Add gitlab.yml:packages:dpkg_deb_path See corresponding MR: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/44029 --- assets/runtime/config/gitlabhq/gitlab.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/assets/runtime/config/gitlabhq/gitlab.yml b/assets/runtime/config/gitlabhq/gitlab.yml index df3d5a123..607030b44 100644 --- a/assets/runtime/config/gitlabhq/gitlab.yml +++ b/assets/runtime/config/gitlabhq/gitlab.yml @@ -378,6 +378,7 @@ production: &base ## Packages (maven repository, npm registry, etc...) packages: enabled: {{GITLAB_PACKAGES_ENABLED}} + dpkg_deb_path: /usr/bin/dpkg-deb # The location where build packages are stored (default: shared/packages). path: {{GITLAB_PACKAGES_DIR}} object_store: From d2909aa7e833583ff49d216cf30fde12c0cdaf61 Mon Sep 17 00:00:00 2001 From: Kazunori Kimura Date: Mon, 24 Oct 2022 19:26:57 +0900 Subject: [PATCH 42/47] Sync config v14.8.0 : Add ci_secure_files related configs Not parameterized yet See corresponding MR: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/78227 --- assets/runtime/config/gitlabhq/gitlab.yml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/assets/runtime/config/gitlabhq/gitlab.yml b/assets/runtime/config/gitlabhq/gitlab.yml index 607030b44..2c023f878 100644 --- a/assets/runtime/config/gitlabhq/gitlab.yml +++ b/assets/runtime/config/gitlabhq/gitlab.yml @@ -447,6 +447,23 @@ production: &base google_json_key_location: {{GITLAB_TERRAFORM_STATE_OBJECT_STORE_CONNECTION_GOOGLE_JSON_KEY_LOCATION}} #end-terraform_state-gcs + ## CI Secure Files + ci_secure_files: + enabled: true + # storage_path: shared/ci_secure_files + object_store: + enabled: false + remote_directory: ci-secure-files # The bucket name + connection: + provider: AWS + aws_access_key_id: AWS_ACCESS_KEY_ID + aws_secret_access_key: AWS_SECRET_ACCESS_KEY + region: us-east-1 + # host: 'localhost' # default: s3.amazonaws.com + # endpoint: 'http://127.0.0.1:9000' # default: nil + # aws_signature_version: 4 # For creation of signed URLs. Set to 2 if provider does not support v4. + # path_style: true # Use 'host/bucket_name/object' instead of 'bucket_name.host/object' + ## GitLab Pages pages: enabled: {{GITLAB_PAGES_ENABLED}} From b05cbd96fe19fc39ce41347597f911d868327aba Mon Sep 17 00:00:00 2001 From: Kazunori Kimura Date: Mon, 24 Oct 2022 19:31:42 +0900 Subject: [PATCH 43/47] Sync config v13.5.0 : Add pages deployments uploader Adding pages:object_store related configurations Still not parameterized yet See corresponding merge request: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/42461 --- assets/runtime/config/gitlabhq/gitlab.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/assets/runtime/config/gitlabhq/gitlab.yml b/assets/runtime/config/gitlabhq/gitlab.yml index 2c023f878..86bba2a8d 100644 --- a/assets/runtime/config/gitlabhq/gitlab.yml +++ b/assets/runtime/config/gitlabhq/gitlab.yml @@ -484,6 +484,14 @@ production: &base # File that contains the shared secret key for verifying access for gitlab-pages. # Default is '.gitlab_pages_secret' relative to Rails.root (i.e. root of the GitLab app). # secret_file: /home/git/gitlab/.gitlab_pages_secret + object_store: + enabled: false + remote_directory: pages # The bucket name + connection: + provider: AWS + aws_access_key_id: AWS_ACCESS_KEY_ID + aws_secret_access_key: AWS_SECRET_ACCESS_KEY + region: us-east-1 ## Mattermost ## For enabling Add to Mattermost button @@ -1401,6 +1409,14 @@ test: # user: YOUR_USERNAME pages: path: tmp/tests/pages + object_store: + enabled: false + remote_directory: pages # The bucket name + connection: + provider: AWS + aws_access_key_id: AWS_ACCESS_KEY_ID + aws_secret_access_key: AWS_SECRET_ACCESS_KEY + region: us-east-1 repositories: storages: default: From d9dade8b9f30475f073770ff584ae3dd7589a7e7 Mon Sep 17 00:00:00 2001 From: Kazunori Kimura Date: Mon, 24 Oct 2022 19:33:14 +0900 Subject: [PATCH 44/47] Sync config v13.11.0 : Add local_store See corresponding MR: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/55470 --- assets/runtime/config/gitlabhq/gitlab.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/assets/runtime/config/gitlabhq/gitlab.yml b/assets/runtime/config/gitlabhq/gitlab.yml index 86bba2a8d..3025f1485 100644 --- a/assets/runtime/config/gitlabhq/gitlab.yml +++ b/assets/runtime/config/gitlabhq/gitlab.yml @@ -492,6 +492,10 @@ production: &base aws_access_key_id: AWS_ACCESS_KEY_ID aws_secret_access_key: AWS_SECRET_ACCESS_KEY region: us-east-1 + local_store: + enabled: true + # The location where pages are stored (default: shared/pages). + # path: shared/pages ## Mattermost ## For enabling Add to Mattermost button @@ -1417,6 +1421,9 @@ test: aws_access_key_id: AWS_ACCESS_KEY_ID aws_secret_access_key: AWS_SECRET_ACCESS_KEY region: us-east-1 + local_store: + enabled: true + path: tmp/tests/pages repositories: storages: default: From eb1fd0edbb730325ee1d173160f6c2134c59b42f Mon Sep 17 00:00:00 2001 From: Kazunori Kimura Date: Mon, 24 Oct 2022 19:35:00 +0900 Subject: [PATCH 45/47] Sync config v13.9.0 : Update links to redirected docs Just updating link in comment See corresponding Merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/53004 --- assets/runtime/config/gitlabhq/gitlab.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/assets/runtime/config/gitlabhq/gitlab.yml b/assets/runtime/config/gitlabhq/gitlab.yml index 3025f1485..05f4c1783 100644 --- a/assets/runtime/config/gitlabhq/gitlab.yml +++ b/assets/runtime/config/gitlabhq/gitlab.yml @@ -506,7 +506,7 @@ production: &base ## Gravatar ## If using gravatar.com, there's nothing to change here. For Libravatar ## you'll need to provide the custom URLs. For more information, - ## see: https://docs.gitlab.com/ee/customization/libravatar.html + ## see: https://docs.gitlab.com/ee/administration/libravatar.html gravatar: enabled: {{GITLAB_GRAVATAR_ENABLED}} # Gravatar/Libravatar URLs: possible placeholders: %{hash} %{size} %{email} %{username} From 595f6c9d47cb05a083e0c3e02cbe3684d16ce904 Mon Sep 17 00:00:00 2001 From: Kazunori Kimura Date: Mon, 24 Oct 2022 19:40:30 +0900 Subject: [PATCH 46/47] Sync config v15.0.0 : Allow pruning of stale group runners See corresponding merge request: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/86477 --- assets/runtime/config/gitlabhq/gitlab.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/assets/runtime/config/gitlabhq/gitlab.yml b/assets/runtime/config/gitlabhq/gitlab.yml index 05f4c1783..374336d8c 100644 --- a/assets/runtime/config/gitlabhq/gitlab.yml +++ b/assets/runtime/config/gitlabhq/gitlab.yml @@ -612,6 +612,10 @@ production: &base elastic_index_bulk_cron_worker: cron: "*/1 * * * *" + # Periodically prune stale runners from namespaces having opted-in. + ci_runners_stale_group_runners_prune_worker_cron: + cron: "30 * * * *" + registry: enabled: {{GITLAB_REGISTRY_ENABLED}} host: {{GITLAB_REGISTRY_HOST}} From 42092991855a1684b997490576f03627f273bcb9 Mon Sep 17 00:00:00 2001 From: Kazunori Kimura Date: Mon, 24 Oct 2022 19:44:10 +0900 Subject: [PATCH 47/47] Sync config v15.0.0 : Remove Legacy Job Artifact replication See corresponding MR https://gitlab.com/gitlab-org/gitlab/-/merge_requests/85219 --- assets/runtime/config/gitlabhq/gitlab.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/assets/runtime/config/gitlabhq/gitlab.yml b/assets/runtime/config/gitlabhq/gitlab.yml index 374336d8c..e4ceb7ebc 100644 --- a/assets/runtime/config/gitlabhq/gitlab.yml +++ b/assets/runtime/config/gitlabhq/gitlab.yml @@ -597,11 +597,6 @@ production: &base geo_secondary_registry_consistency_worker: cron: "* * * * *" - # GitLab Geo file download dispatch worker - # NOTE: This will only take effect if Geo is enabled (secondary nodes only) - geo_file_download_dispatch_worker: - cron: "*/1 * * * *" - # GitLab Geo migrated local files clean up worker # NOTE: This will only take effect if Geo is enabled (secondary nodes only) geo_migrated_local_files_clean_up_worker: