kotovalexarian-likes-gitlab
/
gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity

More tls gitaly docs

This commit is contained in:
Ahmad Hassan 2018-12-21 11:43:45 +02:00
parent d975074e1f
commit 907f0ce8a2
2 changed files with 36 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
doc/administration/gitaly/index.md
View File

@ -221,9 +221,14 @@ Gitaly supports TLS credentials for GRPC authentication. To be able to communica
with a gitaly instance that listens for secure connections you will need to use `tls://` url
scheme in the `gitaly_address` of the corresponding storage entry in the gitlab configuration.
The admin needs to bring their own certificate as we do not provide that automatically.
The certificate to be used needs to be installed on all gitaly nodes and on all client nodes that communicate with it following procedures described in [GitLab custom certificate configuration](https://docs.gitlab.com/omnibus/settings/ssl.html#install-custom-public-certificates)
### Example TLS configuration
Omnibus installations:
### Omnibus installations:
#### On client nodes:
```ruby
# /etc/gitlab/gitlab.rb
@ -235,7 +240,17 @@ git_data_dirs({
gitlab_rails['gitaly_token'] = 'abc123secret'
```
Source installations:
#### On gitaly server nodes:
```ruby
gitaly['tls_listen_addr'] = "0.0.0.0:9999"
gitaly['certificate_path'] = "path/to/cert.pem"
gitaly['key_path'] = "path/to/key.pem"
```
### Source installations:
#### On client nodes:
```yaml
# /home/git/gitlab/config/gitlab.yml
@ -253,6 +268,17 @@ gitlab:
token: 'abc123secret'
```
#### On gitaly server nodes:
```toml
# /home/git/gitaly/config.toml
tls_listen_addr = '0.0.0.0:9999'
[tls]
certificate_path = '/path/to/cert.pem'
key_path = '/path/to/key.pem'
```
## Disabling or enabling the Gitaly service in a cluster environment
If you are running Gitaly [as a remote

8
spec/lib/gitlab/gitaly_client_spec.rb
View File

@ -3,6 +3,14 @@ require 'spec_helper'
# We stub Gitaly in `spec/support/gitaly.rb` for other tests. We don't want
# those stubs while testing the GitalyClient itself.
describe Gitlab::GitalyClient do
let(:sample_cert) { Rails.root.join('spec/fixtures/clusters/sample_cert.pem').to_s }
before do
allow(described_class)
.to receive(:stub_cert_paths)
.and_return([sample_cert])
end
def stub_repos_storages(address)
allow(Gitlab.config.repositories).to receive(:storages).and_return({
'default' => { 'gitaly_address' => address }