2018-03-23 12:29:55 -04:00
# GitLab.com settings
In this page you will find information about the settings that are used on
[GitLab.com ](https://about.gitlab.com/pricing ).
## SSH host keys fingerprints
Below are the fingerprints for GitLab.com's SSH host keys.
| Algorithm | MD5 | SHA256 |
| --------- | --- | ------- |
| DSA | `7a:47:81:3a:ee:89:89:64:33:ca:44:52:3d:30:d4:87` | `p8vZBUOR0XQz6sYiaWSMLmh0t9i8srqYKool/Xfdfqw` |
| ECDSA | `f1:d0:fb:46:73:7a:70:92:5a:ab:5d:ef:43:e2:1c:35` | `HbW3g8zUjNSksFbqTiUWPWg2Bq1x8xdGUrliXFzSnUw` |
| ED25519 | `2e:65:6a:c8:cf:bf:b2:8b:9a:bd:6d:9f:11:5c:12:16` | `eUXGGm1YGsMAS7vkcx6JOJdOGHPem5gQp4taiCfCLB8` |
| RSA | `b6:03:0e:39:97:9e:d0:e7:24:ce:a3:77:3e:01:42:09` | `ROQFvPThGrW4RuWLoL9tq9I9zJ42fK4XywyRtbOz/EQ` |
## Mail configuration
GitLab.com sends emails from the `mg.gitlab.com` domain via [Mailgun] and has
its own dedicated IP address (`198.61.254.240`).
## Alternative SSH port
GitLab.com can be reached via a [different SSH port][altssh] for `git+ssh` .
| Setting | Value |
| --------- | ------------------- |
| `Hostname` | `altssh.gitlab.com` |
| `Port` | `443` |
An example `~/.ssh/config` is the following:
```
Host gitlab.com
Hostname altssh.gitlab.com
User git
Port 443
PreferredAuthentications publickey
IdentityFile ~/.ssh/gitlab
```
## GitLab Pages
Below are the settings for [GitLab Pages].
| Setting | GitLab.com | Default |
| ----------------------- | ---------------- | ------------- |
| Domain name | `gitlab.io` | - |
2019-01-30 08:09:16 -05:00
| IP address | `35.185.44.232` | - |
2018-03-23 12:29:55 -04:00
| Custom domains support | yes | no |
| TLS certificates support| yes | no |
The maximum size of your Pages site is regulated by the artifacts maximum size
2019-03-10 21:47:01 -04:00
which is part of [GitLab CI/CD ](#gitlab-cicd ).
2018-03-23 12:29:55 -04:00
## GitLab CI/CD
Below are the current settings regarding [GitLab CI/CD ](../../ci/README.md ).
| Setting | GitLab.com | Default |
| ----------- | ----------------- | ------------- |
| Artifacts maximum size | 1G | 100M |
2019-02-21 19:25:06 -05:00
| Artifacts [expiry time ](../../ci/yaml/README.md#artifactsexpire_in ) | kept forever | deleted after 30 days unless otherwise specified |
2018-03-23 12:29:55 -04:00
2018-03-30 06:25:07 -04:00
## Repository size limit
2018-07-18 05:03:18 -04:00
The maximum size your Git repository is allowed to be, including LFS. If you are near
or over the size limit, you can [reduce your repository size with Git ](../project/repository/reducing_the_repo_size_using_git.md ).
2018-03-30 06:25:07 -04:00
| Setting | GitLab.com | Default |
| ----------- | ----------------- | ------------- |
| Repository size including LFS | 10G | Unlimited |
2019-03-26 11:51:01 -04:00
## IP range
GitLab.com, CI/CD, and related services are deployed into Google Cloud Platform (GCP). Any
IP based firewall can be configured by looking up all
[IP address ranges or CIDR blocks for GCP ](https://cloud.google.com/compute/docs/faq#where_can_i_find_product_name_short_ip_ranges ).
[Static endpoints ](https://gitlab.com/gitlab-com/gl-infra/infrastructure/issues/5071 ) are being considered.
2018-03-23 12:29:55 -04:00
## Shared Runners
Shared Runners on GitLab.com run in [autoscale mode] and powered by
2018-09-03 19:08:14 -04:00
Google Cloud Platform. Autoscaling means reduced
2018-04-05 14:20:39 -04:00
waiting times to spin up CI/CD jobs, and isolated VMs for each project,
thus maximizing security.
2018-03-23 12:29:55 -04:00
They're free to use for public open source projects and limited to 2000 CI
minutes per month per group for private projects. Read about all
[GitLab.com plans ](https://about.gitlab.com/pricing/ ).
2018-09-03 19:08:14 -04:00
All your CI/CD jobs run on [n1-standard-1 instances ](https://cloud.google.com/compute/docs/machine-types ) with 3.75GB of RAM, CoreOS and the latest Docker Engine
2018-04-05 14:20:39 -04:00
installed. Instances provide 1 vCPU and 25GB of HDD disk space. The default
region of the VMs is US East1.
2018-09-03 19:08:14 -04:00
Each instance is used only for one job, this ensures any sensitive data left on the system can't be accessed by other people their CI jobs.
2018-03-23 12:29:55 -04:00
2018-05-16 02:47:18 -04:00
Jobs handled by the shared Runners on GitLab.com (`shared-runners-manager-X.gitlab.com`),
**will be timed out after 3 hours**, regardless of the timeout configured in a
project. Check the issues [4010] and [4070] for the reference.
2018-03-23 12:29:55 -04:00
Below are the shared Runners settings.
| Setting | GitLab.com | Default |
| ----------- | ----------------- | ---------- |
| [GitLab Runner] | [Runner versions dashboard][ci_version_dashboard] | - |
| Executor | `docker+machine` | - |
2018-04-05 14:20:39 -04:00
| Default Docker image | `ruby:2.5` | - |
2018-03-23 12:29:55 -04:00
| `privileged` (run [Docker in Docker]) | `true` | `false` |
2018-09-10 04:03:33 -04:00
[ci_version_dashboard]: https://dashboards.gitlab.com/dashboard/db/ci?from=now-1h& to=now& refresh=5m& orgId=1& panelId=12& fullscreen& theme=light
2018-03-23 12:29:55 -04:00
### `config.toml`
The full contents of our `config.toml` are:
2018-04-05 14:20:39 -04:00
**DigitalOcean**
2018-03-23 12:29:55 -04:00
```toml
2018-04-05 14:20:39 -04:00
concurrent = X
check_interval = 1
metrics_server = "X"
sentry_dsn = "X"
2018-03-23 12:29:55 -04:00
[[runners]]
name = "docker-auto-scale"
request_concurrency = X
2018-04-05 14:20:39 -04:00
url = "https://gitlab.com/"
2018-03-23 12:29:55 -04:00
token = "SHARED_RUNNER_TOKEN"
executor = "docker+machine"
environment = [
"DOCKER_DRIVER=overlay2"
]
2018-04-05 14:20:39 -04:00
limit = X
2018-03-23 12:29:55 -04:00
[runners.docker]
2018-04-05 14:20:39 -04:00
image = "ruby:2.5"
2018-03-23 12:29:55 -04:00
privileged = true
[runners.machine]
2018-04-05 14:20:39 -04:00
IdleCount = 20
2018-03-23 12:29:55 -04:00
IdleTime = 1800
2018-04-05 14:20:39 -04:00
OffPeakPeriods = ["* * * * * sat,sun *"]
OffPeakTimezone = "UTC"
OffPeakIdleCount = 5
OffPeakIdleTime = 1800
2018-03-23 12:29:55 -04:00
MaxBuilds = 1
2018-04-05 14:20:39 -04:00
MachineName = "srm-%s"
2018-03-23 12:29:55 -04:00
MachineDriver = "digitalocean"
MachineOptions = [
2018-04-05 14:20:39 -04:00
"digitalocean-image=X",
2018-03-23 12:29:55 -04:00
"digitalocean-ssh-user=core",
"digitalocean-region=nyc1",
2018-04-05 14:20:39 -04:00
"digitalocean-size=s-2vcpu-2gb",
2018-03-23 12:29:55 -04:00
"digitalocean-private-networking",
2018-04-05 14:20:39 -04:00
"digitalocean-tags=shared_runners,gitlab_com",
"engine-registry-mirror=http://INTERNAL_IP_OF_OUR_REGISTRY_MIRROR",
"digitalocean-access-token=DIGITAL_OCEAN_ACCESS_TOKEN",
2018-03-23 12:29:55 -04:00
]
[runners.cache]
Type = "s3"
2018-04-05 14:20:39 -04:00
BucketName = "runner"
Insecure = true
Shared = true
ServerAddress = "INTERNAL_IP_OF_OUR_CACHE_SERVER"
2018-03-23 12:29:55 -04:00
AccessKey = "ACCESS_KEY"
SecretKey = "ACCESS_SECRET_KEY"
2018-04-05 14:20:39 -04:00
```
**Google Cloud Platform**
```toml
concurrent = X
check_interval = 1
metrics_server = "X"
sentry_dsn = "X"
[[runners]]
name = "docker-auto-scale"
request_concurrency = X
url = "https://gitlab.com/"
token = "SHARED_RUNNER_TOKEN"
executor = "docker+machine"
environment = [
"DOCKER_DRIVER=overlay2"
]
limit = X
[runners.docker]
image = "ruby:2.5"
privileged = true
[runners.machine]
IdleCount = 20
IdleTime = 1800
OffPeakPeriods = ["* * * * * sat,sun *"]
OffPeakTimezone = "UTC"
OffPeakIdleCount = 5
OffPeakIdleTime = 1800
MaxBuilds = 1
MachineName = "srm-%s"
MachineDriver = "google"
MachineOptions = [
"google-project=PROJECT",
"google-disk-size=25",
"google-machine-type=n1-standard-1",
"google-username=core",
"google-tags=gitlab-com,srm",
"google-use-internal-ip",
"google-zone=us-east1-d",
"google-machine-image=PROJECT/global/images/IMAGE",
"engine-registry-mirror=http://INTERNAL_IP_OF_OUR_REGISTRY_MIRROR"
]
[runners.cache]
Type = "s3"
2018-03-23 12:29:55 -04:00
BucketName = "runner"
2018-04-05 14:20:39 -04:00
Insecure = true
2018-03-23 12:29:55 -04:00
Shared = true
2018-04-05 14:20:39 -04:00
ServerAddress = "INTERNAL_IP_OF_OUR_CACHE_SERVER"
AccessKey = "ACCESS_KEY"
SecretKey = "ACCESS_SECRET_KEY"
2018-03-23 12:29:55 -04:00
```
## Sidekiq
GitLab.com runs [Sidekiq][sidekiq] with arguments `--timeout=4 --concurrency=4`
and the following environment variables:
| Setting | GitLab.com | Default |
|-------- |----------- |-------- |
| `SIDEKIQ_MEMORY_KILLER_MAX_RSS` | `1000000` | `1000000` |
| `SIDEKIQ_MEMORY_KILLER_SHUTDOWN_SIGNAL` | `SIGKILL` | - |
| `SIDEKIQ_LOG_ARGUMENTS` | `1` | - |
## Cron jobs
2018-09-25 00:57:57 -04:00
Periodically executed jobs by Sidekiq, to self-heal GitLab, do external
2018-03-23 12:29:55 -04:00
synchronizations, run scheduled pipelines, etc.:
| Setting | GitLab.com | Default |
|-------- |------------- |------------- |
| `pipeline_schedule_worker` | `19 * * * *` | `19 * * * *` |
## PostgreSQL
GitLab.com being a fairly large installation of GitLab means we have changed
various PostgreSQL settings to better suit our needs. For example, we use
streaming replication and servers in hot-standby mode to balance queries across
different database servers.
The list of GitLab.com specific settings (and their defaults) is as follows:
| Setting | GitLab.com | Default |
|:------------------------------------|:--------------------------------------------------------------------|:--------------------------------------|
| archive_command | `/usr/bin/envdir /etc/wal-e.d/env /opt/wal-e/bin/wal-e wal-push %p` | empty |
| archive_mode | on | off |
| autovacuum_analyze_scale_factor | 0.01 | 0.01 |
| autovacuum_max_workers | 6 | 3 |
| autovacuum_vacuum_cost_limit | 1000 | -1 |
| autovacuum_vacuum_scale_factor | 0.01 | 0.02 |
| checkpoint_completion_target | 0.7 | 0.9 |
| checkpoint_segments | 32 | 10 |
| effective_cache_size | 338688MB | Based on how much memory is available |
| hot_standby | on | off |
| hot_standby_feedback | on | off |
| log_autovacuum_min_duration | 0 | -1 |
| log_checkpoints | on | off |
| log_line_prefix | `%t [%p]: [%l-1] ` | empty |
| log_min_duration_statement | 1000 | -1 |
| log_temp_files | 0 | -1 |
| maintenance_work_mem | 2048MB | 16 MB |
| max_replication_slots | 5 | 0 |
| max_wal_senders | 32 | 0 |
| max_wal_size | 5GB | 1GB |
| shared_buffers | 112896MB | Based on how much memory is available |
| shared_preload_libraries | pg_stat_statements | empty |
| shmall | 30146560 | Based on the server's capabilities |
| shmmax | 123480309760 | Based on the server's capabilities |
| wal_buffers | 16MB | -1 |
| wal_keep_segments | 512 | 10 |
| wal_level | replica | minimal |
| statement_timeout | 15s | 60s |
| idle_in_transaction_session_timeout | 60s | 60s |
Some of these settings are in the process being adjusted. For example, the value
for `shared_buffers` is quite high and as such we are looking into adjusting it.
More information on this particular change can be found at
< https: / / gitlab . com / gitlab-com / infrastructure / issues / 1555 > . An up to date list
of proposed changes can be found at
< https: / / gitlab . com / gitlab-com / infrastructure / issues ? scope = all&utf8=%E2%9C%93&state=opened&label_name[]=database&label_name[]=change > .
## Unicorn
GitLab.com adjusts the memory limits for the [unicorn-worker-killer][unicorn-worker-killer] gem.
Base default:
2018-11-13 01:07:16 -05:00
- `memory_limit_min` = 750MiB
- `memory_limit_max` = 1024MiB
2018-03-23 12:29:55 -04:00
Web front-ends:
2018-11-13 01:07:16 -05:00
- `memory_limit_min` = 1024MiB
- `memory_limit_max` = 1280MiB
2018-03-23 12:29:55 -04:00
## GitLab.com at scale
In addition to the GitLab Enterprise Edition Omnibus install, GitLab.com uses
the following applications and settings to achieve scale. All settings are
located publicly available [chef cookbooks ](https://gitlab.com/gitlab-cookbooks ).
### ELK
We use Elasticsearch, logstash, and Kibana for part of our monitoring solution:
- [gitlab-cookbooks / gitlab-elk · GitLab ](https://gitlab.com/gitlab-cookbooks/gitlab-elk )
- [gitlab-cookbooks / gitlab_elasticsearch · GitLab ](https://gitlab.com/gitlab-cookbooks/gitlab_elasticsearch )
### Prometheus
Prometheus complete our monitoring stack:
- [gitlab-cookbooks / gitlab-prometheus · GitLab ](https://gitlab.com/gitlab-cookbooks/gitlab-prometheus )
### Grafana
For the visualization of monitoring data:
- [gitlab-cookbooks / gitlab-grafana · GitLab ](https://gitlab.com/gitlab-cookbooks/gitlab-grafana )
### Sentry
Open source error tracking:
- [gitlab-cookbooks / gitlab-sentry · GitLab ](https://gitlab.com/gitlab-cookbooks/gitlab-sentry )
### Consul
Service discovery:
- [gitlab-cookbooks / gitlab_consul · GitLab ](https://gitlab.com/gitlab-cookbooks/gitlab_consul )
### Haproxy
High Performance TCP/HTTP Load Balancer:
- [gitlab-cookbooks / gitlab-haproxy · GitLab ](https://gitlab.com/gitlab-cookbooks/gitlab-haproxy )
[autoscale mode]: https://docs.gitlab.com/runner/configuration/autoscale.html "How Autoscale works"
[runners-post]: https://about.gitlab.com/2016/04/05/shared-runners/ "Shared Runners on GitLab.com"
[GitLab Runner]: https://gitlab.com/gitlab-org/gitlab-runner
[altssh]: https://about.gitlab.com/2016/02/18/gitlab-dot-com-now-supports-an-alternate-git-plus-ssh-port/ "GitLab.com now supports an alternate git+ssh port"
[GitLab Pages]: https://about.gitlab.com/features/pages "GitLab Pages"
[docker in docker]: https://hub.docker.com/_/docker/ "Docker in Docker at DockerHub"
[mailgun]: https://www.mailgun.com/ "Mailgun website"
[sidekiq]: http://sidekiq.org/ "Sidekiq website"
[unicorn-worker-killer]: https://rubygems.org/gems/unicorn-worker-killer "unicorn-worker-killer"
2018-05-16 02:47:18 -04:00
[4010]: https://gitlab.com/gitlab-com/infrastructure/issues/4010 "Find a good value for maximum timeout for Shared Runners"
[4070]: https://gitlab.com/gitlab-com/infrastructure/issues/4070 "Configure per-runner timeout for shared-runners-manager-X on GitLab.com"