Merge branch 'config-yaml-differences' into 'master'
Backport changes made by EE to various YAML configuration files See merge request gitlab-org/gitlab-ce!29606
This commit is contained in:
commit
d98bae878f
10 changed files with 293 additions and 11 deletions
|
@ -9,6 +9,15 @@ production:
|
|||
username: git
|
||||
password: "secure password"
|
||||
host: localhost
|
||||
# load_balancing:
|
||||
# hosts:
|
||||
# - host1.example.com
|
||||
# - host2.example.com
|
||||
# discover:
|
||||
# nameserver: 1.2.3.4
|
||||
# port: 8600
|
||||
# record: secondary.postgresql.service.consul
|
||||
# interval: 300
|
||||
|
||||
#
|
||||
# Development specific
|
||||
|
|
|
@ -599,3 +599,10 @@
|
|||
:why: https://github.com/apache/incubator-echarts/blob/master/LICENSE
|
||||
:versions: []
|
||||
:when: 2018-12-07 20:46:12.421256000 Z
|
||||
- - :license
|
||||
- contracts
|
||||
- BSD
|
||||
- :who: Jarka Košanová
|
||||
:why: https://github.com/egonSchiele/contracts.ruby/blob/master/LICENSE
|
||||
:versions: []
|
||||
:when: 2019-04-01 11:29:39.361015000 Z
|
||||
|
|
|
@ -230,7 +230,45 @@ production: &base
|
|||
|
||||
## Packages (maven repository, npm registry, etc...)
|
||||
packages:
|
||||
enabled: false
|
||||
enabled: true
|
||||
# The location where build packages are stored (default: shared/packages).
|
||||
# storage_path: shared/packages
|
||||
object_store:
|
||||
enabled: false
|
||||
remote_directory: packages # The bucket name
|
||||
# direct_upload: false # Use Object Storage directly for uploads instead of background uploads if enabled (Default: false)
|
||||
# background_upload: false # Temporary option to limit automatic upload (Default: true)
|
||||
# proxy_download: false # Passthrough all downloads via GitLab instead of using Redirects to Object Storage
|
||||
connection:
|
||||
provider: AWS
|
||||
aws_access_key_id: AWS_ACCESS_KEY_ID
|
||||
aws_secret_access_key: AWS_SECRET_ACCESS_KEY
|
||||
region: us-east-1
|
||||
# host: 'localhost' # default: s3.amazonaws.com
|
||||
# endpoint: 'http://127.0.0.1:9000' # default: nil
|
||||
# aws_signature_version: 4 # For creation of signed URLs. Set to 2 if provider does not support v4.
|
||||
# path_style: true # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
|
||||
|
||||
## Dependency Proxy
|
||||
dependency_proxy:
|
||||
enabled: true
|
||||
# The location where build packages are stored (default: shared/dependency_proxy).
|
||||
# storage_path: shared/dependency_proxy
|
||||
object_store:
|
||||
enabled: false
|
||||
remote_directory: dependency_proxy # The bucket name
|
||||
# direct_upload: false # Use Object Storage directly for uploads instead of background uploads if enabled (Default: false)
|
||||
# background_upload: false # Temporary option to limit automatic upload (Default: true)
|
||||
# proxy_download: false # Passthrough all downloads via GitLab instead of using Redirects to Object Storage
|
||||
connection:
|
||||
provider: AWS
|
||||
aws_access_key_id: AWS_ACCESS_KEY_ID
|
||||
aws_secret_access_key: AWS_SECRET_ACCESS_KEY
|
||||
region: us-east-1
|
||||
# host: 'localhost' # default: s3.amazonaws.com
|
||||
# endpoint: 'http://127.0.0.1:9000' # default: nil
|
||||
# aws_signature_version: 4 # For creation of signed URLs. Set to 2 if provider does not support v4.
|
||||
# path_style: true # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
|
||||
|
||||
## GitLab Pages
|
||||
pages:
|
||||
|
@ -306,6 +344,53 @@ production: &base
|
|||
schedule_migrate_external_diffs_worker:
|
||||
cron: "15 * * * *"
|
||||
|
||||
# GitLab EE only jobs. These jobs are automatically enabled for an EE
|
||||
# installation, and ignored for a CE installation.
|
||||
ee_cron_jobs:
|
||||
# Snapshot active users statistics
|
||||
historical_data_worker:
|
||||
cron: "0 12 * * *"
|
||||
|
||||
# In addition to refreshing users when they log in,
|
||||
# periodically refresh LDAP users membership.
|
||||
# NOTE: This will only take effect if LDAP is enabled
|
||||
ldap_sync_worker:
|
||||
cron: "30 1 * * *"
|
||||
|
||||
# Periodically refresh LDAP groups membership.
|
||||
# NOTE: This will only take effect if LDAP is enabled
|
||||
ldap_group_sync_worker:
|
||||
cron: "0 * * * *"
|
||||
|
||||
# GitLab Geo metrics update worker
|
||||
# NOTE: This will only take effect if Geo is enabled
|
||||
geo_metrics_update_worker:
|
||||
cron: "*/1 * * * *"
|
||||
|
||||
# GitLab Geo prune event log worker
|
||||
# NOTE: This will only take effect if Geo is enabled (primary node only)
|
||||
geo_prune_event_log_worker:
|
||||
cron: "*/5 * * * *"
|
||||
|
||||
# GitLab Geo repository sync worker
|
||||
# NOTE: This will only take effect if Geo is enabled (secondary nodes only)
|
||||
geo_repository_sync_worker:
|
||||
cron: "*/1 * * * *"
|
||||
|
||||
# GitLab Geo file download dispatch worker
|
||||
# NOTE: This will only take effect if Geo is enabled (secondary nodes only)
|
||||
geo_file_download_dispatch_worker:
|
||||
cron: "*/1 * * * *"
|
||||
|
||||
# GitLab Geo migrated local files clean up worker
|
||||
# NOTE: This will only take effect if Geo is enabled (secondary nodes only)
|
||||
geo_migrated_local_files_clean_up_worker:
|
||||
cron: "15 */6 * * *"
|
||||
|
||||
# Export pseudonymized data in CSV format for analysis
|
||||
pseudonymizer_worker:
|
||||
cron: "0 * * * *"
|
||||
|
||||
registry:
|
||||
# enabled: true
|
||||
# host: registry.example.com
|
||||
|
@ -323,6 +408,16 @@ production: &base
|
|||
# clientside_dsn: https://<key>@sentry.io/<project>
|
||||
# environment: 'production' # e.g. development, staging, production
|
||||
|
||||
## Geo
|
||||
# NOTE: These settings will only take effect if Geo is enabled
|
||||
geo:
|
||||
# This is an optional identifier which Geo nodes can use to identify themselves.
|
||||
# For example, if external_url is the same for two secondaries, you must specify
|
||||
# a unique Geo node name for those secondaries.
|
||||
#
|
||||
# If it is blank, it defaults to external_url.
|
||||
node_name: ''
|
||||
|
||||
#
|
||||
# 2. GitLab CI settings
|
||||
# ==========================
|
||||
|
@ -349,6 +444,19 @@ production: &base
|
|||
# bundle exec rake gitlab:ldap:check RAILS_ENV=production
|
||||
ldap:
|
||||
enabled: false
|
||||
|
||||
# This setting controls the number of seconds between LDAP permission checks
|
||||
# for each user. After this time has expired for a given user, their next
|
||||
# interaction with GitLab (a click in the web UI, a git pull, etc.) will be
|
||||
# slower because the LDAP permission check is being performed. How much
|
||||
# slower depends on your LDAP setup, but it is not uncommon for this check
|
||||
# to add seconds of waiting time. The default value is to have a "slow
|
||||
# click" once every 3600 seconds (i.e., once per hour).
|
||||
#
|
||||
# Warning: if you set this value too low, every click in GitLab will be a
|
||||
# "slow click" for all of your LDAP users.
|
||||
# sync_time: 3600
|
||||
|
||||
servers:
|
||||
##########################################################################
|
||||
#
|
||||
|
@ -446,6 +554,10 @@ production: &base
|
|||
# A value of 0 means there is no timeout.
|
||||
timeout: 10
|
||||
|
||||
# Enable smartcard authentication against the LDAP server. Valid values
|
||||
# are "false", "optional", and "required".
|
||||
smartcard_auth: false
|
||||
|
||||
# This setting specifies if LDAP server is Active Directory LDAP server.
|
||||
# For non AD servers it skips the AD specific queries.
|
||||
# If your LDAP server is not AD, set this to false.
|
||||
|
@ -485,6 +597,31 @@ production: &base
|
|||
#
|
||||
user_filter: ''
|
||||
|
||||
# Base where we can search for groups
|
||||
#
|
||||
# Ex. ou=Groups,dc=gitlab,dc=example
|
||||
#
|
||||
group_base: ''
|
||||
|
||||
# LDAP group of users who should be admins in GitLab
|
||||
#
|
||||
# Ex. GLAdmins
|
||||
#
|
||||
admin_group: ''
|
||||
|
||||
# LDAP group of users who should be marked as external users in GitLab
|
||||
#
|
||||
# Ex. ['Contractors', 'Interns']
|
||||
#
|
||||
external_groups: []
|
||||
|
||||
# Name of attribute which holds a ssh public key of the user object.
|
||||
# If false or nil, SSH key syncronisation will be disabled.
|
||||
#
|
||||
# Ex. sshpublickey
|
||||
#
|
||||
sync_ssh_keys: false
|
||||
|
||||
# LDAP attributes that GitLab will use to create an account for the LDAP user.
|
||||
# The specified attribute can either be the attribute name as a string (e.g. 'mail'),
|
||||
# or an array of attribute names to try in order (e.g. ['mail', 'email']).
|
||||
|
@ -516,6 +653,38 @@ production: &base
|
|||
# host:
|
||||
# ....
|
||||
|
||||
## Smartcard authentication settings
|
||||
smartcard:
|
||||
# Allow smartcard authentication
|
||||
enabled: false
|
||||
|
||||
# Path to a file containing a CA certificate
|
||||
ca_file: '/etc/ssl/certs/CA.pem'
|
||||
|
||||
# Port where the client side certificate is requested by the webserver (NGINX/Apache)
|
||||
# client_certificate_required_port: 3444
|
||||
|
||||
## Kerberos settings
|
||||
kerberos:
|
||||
# Allow the HTTP Negotiate authentication method for Git clients
|
||||
enabled: false
|
||||
|
||||
# Kerberos 5 keytab file. The keytab file must be readable by the GitLab user,
|
||||
# and should be different from other keytabs in the system.
|
||||
# (default: use default keytab from Krb5 config)
|
||||
# keytab: /etc/http.keytab
|
||||
|
||||
# The Kerberos service name to be used by GitLab.
|
||||
# (default: accept any service name in keytab file)
|
||||
# service_principal_name: HTTP/gitlab.example.com@EXAMPLE.COM
|
||||
|
||||
# Dedicated port: Git before 2.4 does not fall back to Basic authentication if Negotiate fails.
|
||||
# To support both Basic and Negotiate methods with older versions of Git, configure
|
||||
# nginx to proxy GitLab on an extra port (e.g. 8443) and uncomment the following lines
|
||||
# to dedicate this port to Kerberos authentication. (default: false)
|
||||
# use_dedicated_port: true
|
||||
# port: 8443
|
||||
# https: true
|
||||
|
||||
## OmniAuth settings
|
||||
omniauth:
|
||||
|
@ -635,6 +804,8 @@ production: &base
|
|||
# name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'
|
||||
# } }
|
||||
#
|
||||
# - { name: 'group_saml' }
|
||||
#
|
||||
# - { name: 'crowd',
|
||||
# args: {
|
||||
# crowd_server_url: 'CROWD SERVER URL',
|
||||
|
@ -707,6 +878,20 @@ production: &base
|
|||
# # Specifies Amazon S3 storage class to use for backups, this is optional
|
||||
# # storage_class: 'STANDARD'
|
||||
|
||||
## Pseudonymizer exporter
|
||||
pseudonymizer:
|
||||
# Tables manifest that specifies the fields to extract and pseudonymize.
|
||||
manifest: config/pseudonymizer.yml
|
||||
upload:
|
||||
remote_directory: 'gitlab-elt'
|
||||
# Fog storage connection settings, see http://fog.io/storage/ .
|
||||
connection:
|
||||
# provider: AWS
|
||||
# region: eu-west-1
|
||||
# aws_access_key_id: AKIAKIAKI
|
||||
# aws_secret_access_key: 'secret123'
|
||||
# # The remote 'directory' to store the CSV files. For S3, this would be the bucket name.
|
||||
|
||||
## GitLab Shell settings
|
||||
gitlab_shell:
|
||||
path: /home/git/gitlab-shell/
|
||||
|
@ -872,6 +1057,17 @@ test:
|
|||
token: secret
|
||||
backup:
|
||||
path: tmp/tests/backups
|
||||
pseudonymizer:
|
||||
manifest: config/pseudonymizer.yml
|
||||
upload:
|
||||
# The remote 'directory' to store the CSV files. For S3, this would be the bucket name.
|
||||
remote_directory: gitlab-elt.test
|
||||
# Fog storage connection settings, see http://fog.io/storage/
|
||||
connection:
|
||||
provider: AWS # Only AWS supported at the moment
|
||||
aws_access_key_id: AWS_ACCESS_KEY_ID
|
||||
aws_secret_access_key: AWS_SECRET_ACCESS_KEY
|
||||
region: us-east-1
|
||||
gitlab_shell:
|
||||
path: tmp/tests/gitlab-shell/
|
||||
authorized_keys_file: tmp/tests/authorized_keys
|
||||
|
|
|
@ -117,6 +117,15 @@ if github_settings
|
|||
end
|
||||
end
|
||||
|
||||
# SAML should be enabled for the tests automatically, but only for EE.
|
||||
saml_provider_enabled = Settings.omniauth.providers.any? do |provider|
|
||||
provider['name'] == 'group_saml'
|
||||
end
|
||||
|
||||
if Gitlab.ee? && Rails.env.test? && !saml_provider_enabled
|
||||
Settings.omniauth.providers << Settingslogic.new({ 'name' => 'group_saml' })
|
||||
end
|
||||
|
||||
Settings['shared'] ||= Settingslogic.new({})
|
||||
Settings.shared['path'] = Settings.absolute(Settings.shared['path'] || "shared")
|
||||
|
||||
|
@ -291,6 +300,11 @@ Settings.gravatar['host'] = Settings.host_without_www(Settings.gravatar[
|
|||
# Cron Jobs
|
||||
#
|
||||
Settings['cron_jobs'] ||= Settingslogic.new({})
|
||||
|
||||
if Gitlab.ee? && Settings['ee_cron_jobs']
|
||||
Settings.cron_jobs.merge!(Settings.ee_cron_jobs)
|
||||
end
|
||||
|
||||
Settings.cron_jobs['stuck_ci_jobs_worker'] ||= Settingslogic.new({})
|
||||
Settings.cron_jobs['stuck_ci_jobs_worker']['cron'] ||= '0 * * * *'
|
||||
Settings.cron_jobs['stuck_ci_jobs_worker']['job_class'] = 'StuckCiJobsWorker'
|
||||
|
|
|
@ -171,7 +171,7 @@ panel_groups:
|
|||
weight: 2
|
||||
metrics:
|
||||
- id: system_metrics_kubernetes_container_memory_average
|
||||
query_range: 'avg(sum(container_memory_usage_bytes{container_name!="POD",pod_name=~"^%{ci_environment_slug}-(.*)",namespace="%{kube_namespace}"}) by (job)) without (job) / count(avg(container_memory_usage_bytes{container_name!="POD",pod_name=~"^%{ci_environment_slug}-(.*)",namespace="%{kube_namespace}"}) without (job)) /1024/1024'
|
||||
query_range: 'avg(sum(container_memory_usage_bytes{container_name!="POD",pod_name=~"^%{ci_environment_slug}-([^c].*|c([^a]|a([^n]|n([^a]|a([^r]|r[^y])))).*|)-(.*)",namespace="%{kube_namespace}"}) by (job)) without (job) / count(avg(container_memory_usage_bytes{container_name!="POD",pod_name=~"^%{ci_environment_slug}-([^c].*|c([^a]|a([^n]|n([^a]|a([^r]|r[^y])))).*|)-(.*)",namespace="%{kube_namespace}"}) without (job)) /1024/1024'
|
||||
label: Pod average
|
||||
unit: MB
|
||||
- title: "Canary: Memory Usage (Pod Average)"
|
||||
|
@ -190,7 +190,7 @@ panel_groups:
|
|||
weight: 1
|
||||
metrics:
|
||||
- id: system_metrics_kubernetes_container_core_usage
|
||||
query_range: 'avg(sum(rate(container_cpu_usage_seconds_total{container_name!="POD",pod_name=~"^%{ci_environment_slug}-(.*)",namespace="%{kube_namespace}"}[15m])) by (job)) without (job) / count(sum(rate(container_cpu_usage_seconds_total{container_name!="POD",pod_name=~"^%{ci_environment_slug}-(.*)",namespace="%{kube_namespace}"}[15m])) by (pod_name))'
|
||||
query_range: 'avg(sum(rate(container_cpu_usage_seconds_total{container_name!="POD",pod_name=~"^%{ci_environment_slug}-([^c].*|c([^a]|a([^n]|n([^a]|a([^r]|r[^y])))).*|)-(.*)",namespace="%{kube_namespace}"}[15m])) by (job)) without (job) / count(sum(rate(container_cpu_usage_seconds_total{container_name!="POD",pod_name=~"^%{ci_environment_slug}-([^c].*|c([^a]|a([^n]|n([^a]|a([^r]|r[^y])))).*|)-(.*)",namespace="%{kube_namespace}"}[15m])) by (pod_name))'
|
||||
label: Pod average
|
||||
unit: "cores"
|
||||
- title: "Canary: Core Usage (Pod Average)"
|
||||
|
|
|
@ -1,5 +1,11 @@
|
|||
require 'settingslogic'
|
||||
|
||||
# We can not use `Rails.root` here, as this file might be loaded without the
|
||||
# full Rails environment being loaded. We can not use `require_relative` either,
|
||||
# as Rails uses `load` for `require_dependency` (used when loading the Rails
|
||||
# environment). This could then lead to this file being loaded twice.
|
||||
require_dependency File.expand_path('../lib/gitlab', __dir__)
|
||||
|
||||
class Settings < Settingslogic
|
||||
source ENV.fetch('GITLAB_CONFIG') { Pathname.new(File.expand_path('..', __dir__)).join('config/gitlab.yml') }
|
||||
namespace ENV.fetch('GITLAB_ENV') { Rails.env }
|
||||
|
|
|
@ -93,3 +93,20 @@
|
|||
- [migrate_external_diffs, 1]
|
||||
- [update_project_statistics, 1]
|
||||
- [phabricator_import_import_tasks, 1]
|
||||
|
||||
# EE-specific queues
|
||||
- [ldap_group_sync, 2]
|
||||
- [create_github_webhook, 2]
|
||||
- [geo, 1]
|
||||
- [repository_update_mirror, 1]
|
||||
- [new_epic, 2]
|
||||
- [project_import_schedule, 1]
|
||||
- [project_update_repository_storage, 1]
|
||||
- [admin_emails, 1]
|
||||
- [elastic_batch_project_indexer, 1]
|
||||
- [elastic_indexer, 1]
|
||||
- [elastic_full_index, 1]
|
||||
- [elastic_commit_indexer, 1]
|
||||
- [elastic_namespace_indexer, 1]
|
||||
- [export_csv, 1]
|
||||
- [incident_management, 2]
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
require_dependency 'gitlab/popen'
|
||||
require_dependency File.expand_path('gitlab/popen', __dir__)
|
||||
|
||||
module Gitlab
|
||||
def self.root
|
||||
|
@ -60,11 +60,15 @@ module Gitlab
|
|||
end
|
||||
|
||||
def self.ee?
|
||||
if ENV['IS_GITLAB_EE'].present?
|
||||
Gitlab::Utils.to_boolean(ENV['IS_GITLAB_EE'])
|
||||
else
|
||||
Object.const_defined?(:License)
|
||||
end
|
||||
@is_ee ||=
|
||||
if ENV['IS_GITLAB_EE'].present?
|
||||
Gitlab::Utils.to_boolean(ENV['IS_GITLAB_EE'])
|
||||
else
|
||||
# We may use this method when the Rails environment is not loaded. This
|
||||
# means that checking the presence of the License class could result in
|
||||
# this method returning `false`, even for an EE installation.
|
||||
root.join('ee/app/models/license.rb').exist?
|
||||
end
|
||||
end
|
||||
|
||||
def self.http_proxy_env?
|
||||
|
|
|
@ -3,6 +3,7 @@ require 'bundler/setup'
|
|||
ENV['GITLAB_ENV'] = 'test'
|
||||
ENV['IN_MEMORY_APPLICATION_SETTINGS'] = 'true'
|
||||
|
||||
require 'active_support/dependencies'
|
||||
require_relative '../config/settings'
|
||||
require_relative 'support/rspec'
|
||||
require 'active_support/all'
|
||||
|
|
|
@ -97,14 +97,42 @@ describe Gitlab do
|
|||
end
|
||||
|
||||
describe '.ee?' do
|
||||
before do
|
||||
described_class.instance_variable_set(:@is_ee, nil)
|
||||
end
|
||||
|
||||
after do
|
||||
described_class.instance_variable_set(:@is_ee, nil)
|
||||
end
|
||||
|
||||
it 'returns true when using Enterprise Edition' do
|
||||
stub_const('License', Class.new)
|
||||
root = Pathname.new('dummy')
|
||||
license_path = double(:path, exist?: true)
|
||||
|
||||
allow(described_class)
|
||||
.to receive(:root)
|
||||
.and_return(root)
|
||||
|
||||
allow(root)
|
||||
.to receive(:join)
|
||||
.with('ee/app/models/license.rb')
|
||||
.and_return(license_path)
|
||||
|
||||
expect(described_class.ee?).to eq(true)
|
||||
end
|
||||
|
||||
it 'returns false when using Community Edition' do
|
||||
hide_const('License')
|
||||
root = double(:path)
|
||||
license_path = double(:path, exists?: false)
|
||||
|
||||
allow(described_class)
|
||||
.to receive(:root)
|
||||
.and_return(Pathname.new('dummy'))
|
||||
|
||||
allow(root)
|
||||
.to receive(:join)
|
||||
.with('ee/app/models/license.rb')
|
||||
.and_return(license_path)
|
||||
|
||||
expect(described_class.ee?).to eq(false)
|
||||
end
|
||||
|
|
Loading…
Reference in a new issue