Merge branch 'rs-config-parity' into 'master'
Copy EE-only config files to CE See merge request gitlab-org/gitlab-ce!30529
This commit is contained in:
commit
0cd59a756c
|
@ -0,0 +1,24 @@
|
|||
{
|
||||
"ignored_warnings": [
|
||||
{
|
||||
"warning_type": "Cross-Site Request Forgery",
|
||||
"warning_code": 7,
|
||||
"fingerprint": "dc562678129557cdb8b187217da304044547a3605f05fe678093dcb4b4d8bbe4",
|
||||
"message": "'protect_from_forgery' should be called in Oauth::GeoAuthController",
|
||||
"file": "app/controllers/oauth/geo_auth_controller.rb",
|
||||
"line": 1,
|
||||
"link": "http://brakemanscanner.org/docs/warning_types/cross-site_request_forgery/",
|
||||
"code": null,
|
||||
"render_path": null,
|
||||
"location": {
|
||||
"type": "controller",
|
||||
"controller": "Oauth::GeoAuthController"
|
||||
},
|
||||
"user_input": null,
|
||||
"confidence": "High",
|
||||
"note": ""
|
||||
}
|
||||
],
|
||||
"updated": "2017-01-20 02:06:54 +0000",
|
||||
"brakeman_version": "3.4.1"
|
||||
}
|
|
@ -0,0 +1,51 @@
|
|||
#
|
||||
# PRODUCTION
|
||||
#
|
||||
production:
|
||||
adapter: postgresql
|
||||
encoding: unicode
|
||||
database: gitlabhq_geo_production
|
||||
pool: 10
|
||||
username: git
|
||||
password: "secure password"
|
||||
host: localhost
|
||||
fdw: true
|
||||
|
||||
#
|
||||
# Development specific
|
||||
#
|
||||
development:
|
||||
adapter: postgresql
|
||||
encoding: unicode
|
||||
database: gitlabhq_geo_development
|
||||
pool: 5
|
||||
username: postgres
|
||||
password: "secure password"
|
||||
host: localhost
|
||||
fdw: true
|
||||
|
||||
#
|
||||
# Staging specific
|
||||
#
|
||||
staging:
|
||||
adapter: postgresql
|
||||
encoding: unicode
|
||||
database: gitlabhq_geo_staging
|
||||
pool: 10
|
||||
username: git
|
||||
password: "secure password"
|
||||
host: localhost
|
||||
fdw: true
|
||||
|
||||
# Warning: The database defined as "test" will be erased and
|
||||
# re-generated from your development database when you run "rake".
|
||||
# Do not set this db to the same as development or production.
|
||||
test: &test
|
||||
adapter: postgresql
|
||||
encoding: unicode
|
||||
database: gitlabhq_geo_test
|
||||
pool: 5
|
||||
username: postgres
|
||||
password:
|
||||
host: localhost
|
||||
fdw: true
|
|
@ -664,6 +664,9 @@ production: &base
|
|||
# Port where the client side certificate is requested by the webserver (NGINX/Apache)
|
||||
# client_certificate_required_port: 3444
|
||||
|
||||
# Browser session with smartcard sign-in is required for Git access
|
||||
# required_for_git_access: false
|
||||
|
||||
## Kerberos settings
|
||||
kerberos:
|
||||
# Allow the HTTP Negotiate authentication method for Git clients
|
||||
|
|
|
@ -10,7 +10,8 @@ if Rails.env.test?
|
|||
# it reads + parses `db/migrate/*` each time. Memoizing it can save 0.5
|
||||
# seconds per spec.
|
||||
def migrations(paths)
|
||||
(@migrations ||= migrations_unmemoized(paths)).dup
|
||||
@migrations ||= {}
|
||||
(@migrations[paths] ||= migrations_unmemoized(paths)).dup
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -0,0 +1,63 @@
|
|||
- group: Cluster Health
|
||||
priority: 1
|
||||
metrics:
|
||||
- title: "CPU Usage"
|
||||
y_label: "CPU"
|
||||
required_metrics: ['container_cpu_usage_seconds_total']
|
||||
weight: 1
|
||||
queries:
|
||||
- query_range: 'avg(sum(rate(container_cpu_usage_seconds_total{id="/"}[15m])) by (job)) without (job)'
|
||||
label: Usage
|
||||
unit: "cores"
|
||||
appearance:
|
||||
line:
|
||||
width: 2
|
||||
area:
|
||||
opacity: 0
|
||||
- query_range: 'sum(kube_pod_container_resource_requests_cpu_cores{kubernetes_namespace="gitlab-managed-apps"})'
|
||||
label: Requested
|
||||
unit: "cores"
|
||||
appearance:
|
||||
line:
|
||||
width: 2
|
||||
area:
|
||||
opacity: 0
|
||||
- query_range: 'sum(kube_node_status_capacity_cpu_cores{kubernetes_namespace="gitlab-managed-apps"})'
|
||||
label: Capacity
|
||||
unit: "cores"
|
||||
appearance:
|
||||
line:
|
||||
type: 'dashed'
|
||||
width: 2
|
||||
area:
|
||||
opacity: 0
|
||||
- title: "Memory usage"
|
||||
y_label: "Memory"
|
||||
required_metrics: ['container_memory_usage_bytes']
|
||||
weight: 1
|
||||
queries:
|
||||
- query_range: 'avg(sum(container_memory_usage_bytes{id="/"}) by (job)) without (job) / 2^30'
|
||||
label: Usage
|
||||
unit: "GiB"
|
||||
appearance:
|
||||
line:
|
||||
width: 2
|
||||
area:
|
||||
opacity: 0
|
||||
- query_range: 'sum(kube_pod_container_resource_requests_memory_bytes{kubernetes_namespace="gitlab-managed-apps"})/2^30'
|
||||
label: Requested
|
||||
unit: "GiB"
|
||||
appearance:
|
||||
line:
|
||||
width: 2
|
||||
area:
|
||||
opacity: 0
|
||||
- query_range: 'sum(kube_node_status_capacity_memory_bytes{kubernetes_namespace="gitlab-managed-apps"})/2^30'
|
||||
label: Capacity
|
||||
unit: "GiB"
|
||||
appearance:
|
||||
line:
|
||||
type: 'dashed'
|
||||
width: 2
|
||||
area:
|
||||
opacity: 0
|
|
@ -0,0 +1,475 @@
|
|||
tables:
|
||||
approvals:
|
||||
whitelist:
|
||||
- id
|
||||
- merge_request_id
|
||||
- user_id
|
||||
- created_at
|
||||
- updated_at
|
||||
approver_groups:
|
||||
whitelist:
|
||||
- id
|
||||
- target_type
|
||||
- group_id
|
||||
- created_at
|
||||
- updated_at
|
||||
board_assignees:
|
||||
whitelist:
|
||||
- id
|
||||
- board_id
|
||||
- assignee_id
|
||||
board_labels:
|
||||
whitelist:
|
||||
- id
|
||||
- board_id
|
||||
- label_id
|
||||
boards:
|
||||
whitelist:
|
||||
- id
|
||||
- project_id
|
||||
- created_at
|
||||
- updated_at
|
||||
- milestone_id
|
||||
- group_id
|
||||
- weight
|
||||
epic_issues:
|
||||
whitelist:
|
||||
- id
|
||||
- epic_id
|
||||
- issue_id
|
||||
- relative_position
|
||||
epic_metrics:
|
||||
whitelist:
|
||||
- id
|
||||
- epic_id
|
||||
- created_at
|
||||
- updated_at
|
||||
epics:
|
||||
whitelist:
|
||||
- id
|
||||
- milestone_id
|
||||
- group_id
|
||||
- author_id
|
||||
- assignee_id
|
||||
- iid
|
||||
- updated_by_id
|
||||
- last_edited_by_id
|
||||
- lock_version
|
||||
- start_date
|
||||
- end_date
|
||||
- last_edited_at
|
||||
- created_at
|
||||
- updated_at
|
||||
- title
|
||||
- description
|
||||
issue_assignees:
|
||||
whitelist:
|
||||
- user_id
|
||||
- issue_id
|
||||
issue_links:
|
||||
whitelist:
|
||||
- id
|
||||
- source_id
|
||||
- target_id
|
||||
- created_at
|
||||
- updated_at
|
||||
issue_metrics:
|
||||
whitelist:
|
||||
- id
|
||||
- issue_id
|
||||
- first_mentioned_in_commit_at
|
||||
- first_associated_with_milestone_at
|
||||
- first_added_to_board_at
|
||||
- created_at
|
||||
- updated_at
|
||||
issues:
|
||||
whitelist:
|
||||
- id
|
||||
- title
|
||||
- author_id
|
||||
- project_id
|
||||
- created_at
|
||||
- confidential
|
||||
- updated_at
|
||||
- description
|
||||
- milestone_id
|
||||
- state
|
||||
- updated_by_id
|
||||
- weight
|
||||
- due_date
|
||||
- moved_to_id
|
||||
- lock_version
|
||||
- time_estimate
|
||||
- last_edited_at
|
||||
- last_edited_by_id
|
||||
- discussion_locked
|
||||
- closed_at
|
||||
label_links:
|
||||
whitelist:
|
||||
- id
|
||||
- label_id
|
||||
- target_id
|
||||
- target_type
|
||||
- created_at
|
||||
- updated_at
|
||||
label_priorities:
|
||||
whitelist:
|
||||
- id
|
||||
- project_id
|
||||
- label_id
|
||||
- priority
|
||||
- created_at
|
||||
- updated_at
|
||||
labels:
|
||||
whitelist:
|
||||
- id
|
||||
- title
|
||||
- color
|
||||
- project_id
|
||||
- created_at
|
||||
- updated_at
|
||||
- template
|
||||
- type
|
||||
- group_id
|
||||
licenses:
|
||||
whitelist:
|
||||
- id
|
||||
- created_at
|
||||
- updated_at
|
||||
merge_request_diffs:
|
||||
whitelist:
|
||||
- id
|
||||
- state
|
||||
- merge_request_id
|
||||
- created_at
|
||||
- updated_at
|
||||
- base_commit_sha
|
||||
- real_size
|
||||
- head_commit_sha
|
||||
- start_commit_sha
|
||||
- commits_count
|
||||
merge_request_metrics:
|
||||
whitelist:
|
||||
- id
|
||||
- merge_request_id
|
||||
- latest_build_started_at
|
||||
- latest_build_finished_at
|
||||
- first_deployed_to_production_at
|
||||
- merged_at
|
||||
- created_at
|
||||
- updated_at
|
||||
- pipeline_id
|
||||
- merged_by_id
|
||||
- latest_closed_by_id
|
||||
- latest_closed_at
|
||||
merge_requests:
|
||||
whitelist:
|
||||
- id
|
||||
- target_branch
|
||||
- source_branch
|
||||
- source_project_id
|
||||
- author_id
|
||||
- assignee_id
|
||||
- created_at
|
||||
- updated_at
|
||||
- milestone_id
|
||||
- state
|
||||
- merge_status
|
||||
- target_project_id
|
||||
- updated_by_id
|
||||
- merge_error
|
||||
- merge_params
|
||||
- merge_when_pipeline_succeeds
|
||||
- merge_user_id
|
||||
- approvals_before_merge
|
||||
- lock_version
|
||||
- time_estimate
|
||||
- squash
|
||||
- last_edited_at
|
||||
- last_edited_by_id
|
||||
- head_pipeline_id
|
||||
- discussion_locked
|
||||
- latest_merge_request_diff_id
|
||||
- allow_maintainer_to_push
|
||||
merge_requests_closing_issues:
|
||||
whitelist:
|
||||
- id
|
||||
- merge_request_id
|
||||
- issue_id
|
||||
- created_at
|
||||
- updated_at
|
||||
milestones:
|
||||
whitelist:
|
||||
- id
|
||||
- project_id
|
||||
- due_date
|
||||
- created_at
|
||||
- updated_at
|
||||
- state
|
||||
- start_date
|
||||
- group_id
|
||||
namespace_statistics:
|
||||
whitelist:
|
||||
- id
|
||||
- namespace_id
|
||||
- shared_runners_seconds
|
||||
- shared_runners_seconds_last_reset
|
||||
namespaces:
|
||||
whitelist:
|
||||
- id
|
||||
- name
|
||||
- path
|
||||
- owner_id
|
||||
- created_at
|
||||
- updated_at
|
||||
- type
|
||||
- avatar
|
||||
- membership_lock
|
||||
- share_with_group_lock
|
||||
- visibility_level
|
||||
- request_access_enabled
|
||||
- ldap_sync_status
|
||||
- ldap_sync_error
|
||||
- ldap_sync_last_update_at
|
||||
- ldap_sync_last_successful_update_at
|
||||
- ldap_sync_last_sync_at
|
||||
- lfs_enabled
|
||||
- parent_id
|
||||
- shared_runners_minutes_limit
|
||||
- repository_size_limit
|
||||
- require_two_factor_authentication
|
||||
- two_factor_grace_period
|
||||
- plan_id
|
||||
- project_creation_level
|
||||
members:
|
||||
whitelist:
|
||||
- id
|
||||
- access_level
|
||||
- source_id
|
||||
- source_type
|
||||
- user_id
|
||||
- notification_level
|
||||
- type
|
||||
- created_by_id
|
||||
- invite_email
|
||||
- invite_accepted_at
|
||||
- requested_at
|
||||
- expires_at
|
||||
- ldap
|
||||
- override
|
||||
notification_settings:
|
||||
whitelist:
|
||||
- id
|
||||
- user_id
|
||||
- source_id
|
||||
- source_type
|
||||
- level
|
||||
- created_at
|
||||
- updated_at
|
||||
- new_note
|
||||
- new_issue
|
||||
- reopen_issue
|
||||
- close_issue
|
||||
- reassign_issue
|
||||
- new_merge_request
|
||||
- reopen_merge_request
|
||||
- close_merge_request
|
||||
- reassign_merge_request
|
||||
- merge_merge_request
|
||||
- failed_pipeline
|
||||
- success_pipeline
|
||||
project_authorizations:
|
||||
whitelist:
|
||||
- user_id
|
||||
- project_id
|
||||
- access_level
|
||||
project_auto_devops:
|
||||
whitelist:
|
||||
- id
|
||||
- project_id
|
||||
- created_at
|
||||
- updated_at
|
||||
- enabled
|
||||
project_custom_attributes:
|
||||
whitelist:
|
||||
- id
|
||||
- created_at
|
||||
- updated_at
|
||||
- project_id
|
||||
- key
|
||||
- value
|
||||
project_features:
|
||||
whitelist:
|
||||
- id
|
||||
- project_id
|
||||
- merge_requests_access_level
|
||||
- issues_access_level
|
||||
- wiki_access_level
|
||||
- snippets_access_level
|
||||
- builds_access_level
|
||||
- created_at
|
||||
- updated_at
|
||||
- repository_access_level
|
||||
project_group_links:
|
||||
whitelist:
|
||||
- id
|
||||
- project_id
|
||||
- group_id
|
||||
- created_at
|
||||
- updated_at
|
||||
- group_access
|
||||
- expires_at
|
||||
project_import_data:
|
||||
whitelist:
|
||||
- id
|
||||
- project_id
|
||||
project_mirror_data:
|
||||
whitelist:
|
||||
- id
|
||||
- project_id
|
||||
- retry_count
|
||||
- last_update_started_at
|
||||
- last_update_scheduled_at
|
||||
- next_execution_timestamp
|
||||
project_repository_states:
|
||||
whitelist:
|
||||
- id
|
||||
- project_id
|
||||
- repository_verification_checksum
|
||||
- wiki_verification_checksum
|
||||
- last_repository_verification_failure
|
||||
- last_wiki_verification_failure
|
||||
project_statistics:
|
||||
whitelist:
|
||||
- id
|
||||
- project_id
|
||||
- namespace_id
|
||||
- commit_count
|
||||
- storage_size
|
||||
- repository_size
|
||||
- lfs_objects_size
|
||||
- build_artifacts_size
|
||||
- shared_runners_seconds
|
||||
- shared_runners_seconds_last_reset
|
||||
projects:
|
||||
whitelist:
|
||||
- id
|
||||
- name
|
||||
- path
|
||||
- description
|
||||
- created_at
|
||||
- updated_at
|
||||
- creator_id
|
||||
- namespace_id
|
||||
- last_activity_at
|
||||
- import_url
|
||||
- visibility_level
|
||||
- archived
|
||||
- avatar
|
||||
- merge_requests_template
|
||||
- star_count
|
||||
- merge_requests_rebase_enabled
|
||||
- import_type
|
||||
- import_source
|
||||
- approvals_before_merge
|
||||
- reset_approvals_on_push
|
||||
- merge_requests_ff_only_enabled
|
||||
- issues_template
|
||||
- mirror
|
||||
- mirror_user_id
|
||||
- shared_runners_enabled
|
||||
- build_coverage_regex
|
||||
- build_allow_git_fetch
|
||||
- build_timeout
|
||||
- mirror_trigger_builds
|
||||
- pending_delete
|
||||
- public_builds
|
||||
- last_repository_check_failed
|
||||
- last_repository_check_at
|
||||
- container_registry_enabled
|
||||
- only_allow_merge_if_pipeline_succeeds
|
||||
- has_external_issue_tracker
|
||||
- repository_storage
|
||||
- repository_read_only
|
||||
- request_access_enabled
|
||||
- has_external_wiki
|
||||
- ci_config_path
|
||||
- lfs_enabled
|
||||
- only_allow_merge_if_all_discussions_are_resolved
|
||||
- repository_size_limit
|
||||
- printing_merge_request_link_enabled
|
||||
- auto_cancel_pending_pipelines
|
||||
- service_desk_enabled
|
||||
- delete_error
|
||||
- last_repository_updated_at
|
||||
- disable_overriding_approvers_per_merge_request
|
||||
- storage_version
|
||||
- resolve_outdated_diff_discussions
|
||||
- remote_mirror_available_overridden
|
||||
- only_mirror_protected_branches
|
||||
- pull_mirror_available_overridden
|
||||
- mirror_overwrites_diverged_branches
|
||||
- external_authorization_classification_label
|
||||
subscriptions:
|
||||
whitelist:
|
||||
- id
|
||||
- user_id
|
||||
- subscribable_id
|
||||
- subscribable_type
|
||||
- subscribed
|
||||
- created_at
|
||||
- updated_at
|
||||
- project_id
|
||||
users:
|
||||
whitelist:
|
||||
- id
|
||||
- remember_created_at
|
||||
- sign_in_count
|
||||
- current_sign_in_at
|
||||
- last_sign_in_at
|
||||
- current_sign_in_ip
|
||||
- last_sign_in_ip
|
||||
- created_at
|
||||
- updated_at
|
||||
- admin
|
||||
- projects_limit
|
||||
- failed_attempts
|
||||
- locked_at
|
||||
- can_create_group
|
||||
- can_create_team
|
||||
- state
|
||||
- color_scheme_id
|
||||
- password_expires_at
|
||||
- created_by_id
|
||||
- last_credential_check_at
|
||||
- avatar
|
||||
- confirmed_at
|
||||
- confirmation_sent_at
|
||||
- unconfirmed_email
|
||||
- hide_no_ssh_key
|
||||
- website_url
|
||||
- admin_email_unsubscribed_at
|
||||
- notification_email
|
||||
- hide_no_password
|
||||
- password_automatically_set
|
||||
- location
|
||||
- public_email
|
||||
- dashboard
|
||||
- project_view
|
||||
- consumed_timestep
|
||||
- layout
|
||||
- hide_project_limit
|
||||
- note
|
||||
- otp_grace_period_started_at
|
||||
- external
|
||||
- organization
|
||||
- auditor
|
||||
- require_two_factor_authentication_from_group
|
||||
- two_factor_grace_period
|
||||
- ghost
|
||||
- last_activity_on
|
||||
- notified_of_own_activity
|
||||
- bot_type
|
||||
- preferred_language
|
||||
- theme_id
|
||||
|
|
@ -62,6 +62,31 @@ class Settings < Settingslogic
|
|||
(base_url(gitlab) + [gitlab.relative_url_root]).join('')
|
||||
end
|
||||
|
||||
def kerberos_protocol
|
||||
kerberos.https ? "https" : "http"
|
||||
end
|
||||
|
||||
def kerberos_port
|
||||
kerberos.use_dedicated_port ? kerberos.port : gitlab.port
|
||||
end
|
||||
|
||||
# Curl expects username/password for authentication. However when using GSS-Negotiate not credentials should be needed.
|
||||
# By inserting in the Kerberos dedicated URL ":@", we give to curl an empty username and password and GSS auth goes ahead
|
||||
# Known bug reported in http://sourceforge.net/p/curl/bugs/440/ and http://curl.haxx.se/docs/knownbugs.html
|
||||
def build_gitlab_kerberos_url
|
||||
[
|
||||
kerberos_protocol,
|
||||
"://:@",
|
||||
gitlab.host,
|
||||
":#{kerberos_port}",
|
||||
gitlab.relative_url_root
|
||||
].join('')
|
||||
end
|
||||
|
||||
def alternative_gitlab_kerberos_url?
|
||||
kerberos.enabled && (build_gitlab_kerberos_url != build_gitlab_url)
|
||||
end
|
||||
|
||||
# check that values in `current` (string or integer) is a contant in `modul`.
|
||||
def verify_constant_array(modul, current, default)
|
||||
values = default || []
|
||||
|
|
Loading…
Reference in New Issue