|
|
|
|
@ -22,6 +22,16 @@
|
|
|
|
|
##! settings that can be configured by this file, which may be found at:
|
|
|
|
|
##! https://gitlab.com/gitlab-org/omnibus-gitlab/raw/master/files/gitlab-config-template/gitlab.rb.template
|
|
|
|
|
|
|
|
|
|
##! You can run `gitlab-ctl diff-config` to compare the contents of the current gitlab.rb with
|
|
|
|
|
##! the gitlab.rb.template from the currently running version.
|
|
|
|
|
|
|
|
|
|
##! You can run `gitlab-ctl show-config` to display the configuration that will be generated by
|
|
|
|
|
##! running `gitlab-ctl reconfigure`
|
|
|
|
|
|
|
|
|
|
##! In general, the values specified here should reflect what the default value of the attribute will be.
|
|
|
|
|
##! There are instances where this behavior is not possible or desired. For example, when providing passwords,
|
|
|
|
|
##! or connecting to third party services.
|
|
|
|
|
##! In those instances, we endeavour to provide an example configuration.
|
|
|
|
|
|
|
|
|
|
## GitLab URL
|
|
|
|
|
##! URL on which GitLab will be reachable.
|
|
|
|
|
@ -48,8 +58,6 @@ external_url '__GENERATED_EXTERNAL_URL__'
|
|
|
|
|
##! beginning; Remove them to enable the setting.
|
|
|
|
|
|
|
|
|
|
##! **Configuration settings below are optional.**
|
|
|
|
|
##! **The values currently assigned are only examples and ARE NOT the default
|
|
|
|
|
##! values.**
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
################################################################################
|
|
|
|
|
@ -305,6 +313,50 @@ external_url '__GENERATED_EXTERNAL_URL__'
|
|
|
|
|
gitlab_rails['ldap_enabled'] = true
|
|
|
|
|
|
|
|
|
|
###! **remember to close this block with 'EOS' below**
|
|
|
|
|
# gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
|
|
|
|
|
# main: # 'main' is the GitLab 'provider ID' of this LDAP server
|
|
|
|
|
# label: 'LDAP'
|
|
|
|
|
# host: '_your_ldap_server'
|
|
|
|
|
# port: 389
|
|
|
|
|
# uid: 'sAMAccountName'
|
|
|
|
|
# bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
|
|
|
|
|
# password: '_the_password_of_the_bind_user'
|
|
|
|
|
# encryption: 'plain' # "start_tls" or "simple_tls" or "plain"
|
|
|
|
|
# verify_certificates: true
|
|
|
|
|
# smartcard_auth: false
|
|
|
|
|
# active_directory: true
|
|
|
|
|
# allow_username_or_email_login: false
|
|
|
|
|
# lowercase_usernames: false
|
|
|
|
|
# block_auto_created_users: false
|
|
|
|
|
# base: ''
|
|
|
|
|
# user_filter: ''
|
|
|
|
|
# ## EE only
|
|
|
|
|
# group_base: ''
|
|
|
|
|
# admin_group: ''
|
|
|
|
|
# sync_ssh_keys: false
|
|
|
|
|
#
|
|
|
|
|
# secondary: # 'secondary' is the GitLab 'provider ID' of second LDAP server
|
|
|
|
|
# label: 'LDAP'
|
|
|
|
|
# host: '_your_ldap_server'
|
|
|
|
|
# port: 389
|
|
|
|
|
# uid: 'sAMAccountName'
|
|
|
|
|
# bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
|
|
|
|
|
# password: '_the_password_of_the_bind_user'
|
|
|
|
|
# encryption: 'plain' # "start_tls" or "simple_tls" or "plain"
|
|
|
|
|
# verify_certificates: true
|
|
|
|
|
# smartcard_auth: false
|
|
|
|
|
# active_directory: true
|
|
|
|
|
# allow_username_or_email_login: false
|
|
|
|
|
# lowercase_usernames: false
|
|
|
|
|
# block_auto_created_users: false
|
|
|
|
|
# base: ''
|
|
|
|
|
# user_filter: ''
|
|
|
|
|
# ## EE only
|
|
|
|
|
# group_base: ''
|
|
|
|
|
# admin_group: ''
|
|
|
|
|
# sync_ssh_keys: false
|
|
|
|
|
# EOS
|
|
|
|
|
|
|
|
|
|
gitlab_rails['ldap_servers'] = YAML.load <<-'EOS' # remember to close this block with 'EOS' below
|
|
|
|
|
main: # 'main' is the GitLab 'provider ID' of this LDAP server
|
|
|
|
|
label: 'LDAP'
|
|
|
|
|
@ -447,17 +499,6 @@ gitlab_rails['gitlab_shell_ssh_port'] = __SSH_PORT__
|
|
|
|
|
# 'bantime' => 3600
|
|
|
|
|
# }
|
|
|
|
|
|
|
|
|
|
# gitlab_rails['rack_attack_protected_paths'] = [
|
|
|
|
|
# '/users/password',
|
|
|
|
|
# '/users/sign_in',
|
|
|
|
|
# '/api/#{API::API.version}/session.json',
|
|
|
|
|
# '/api/#{API::API.version}/session',
|
|
|
|
|
# '/users',
|
|
|
|
|
# '/users/confirmation',
|
|
|
|
|
# '/unsubscribes/',
|
|
|
|
|
# '/import/github/personal_access_token'
|
|
|
|
|
# ]
|
|
|
|
|
|
|
|
|
|
###! **We do not recommend changing these directories.**
|
|
|
|
|
# gitlab_rails['dir'] = "/var/opt/gitlab/gitlab-rails"
|
|
|
|
|
# gitlab_rails['log_directory'] = "/var/log/gitlab/gitlab-rails"
|
|
|
|
|
@ -745,6 +786,11 @@ unicorn['port'] = __UNICORN_PORT__
|
|
|
|
|
# unicorn['worker_memory_limit_min'] = "400 * 1 << 20"
|
|
|
|
|
# unicorn['worker_memory_limit_max'] = "650 * 1 << 20"
|
|
|
|
|
|
|
|
|
|
# unicorn['exporter_enabled'] = false
|
|
|
|
|
# unicorn['exporter_address'] = "127.0.0.1"
|
|
|
|
|
# unicorn['exporter_port'] = 8083
|
|
|
|
|
# unicorn['exporter_blackout_seconds'] = 10
|
|
|
|
|
|
|
|
|
|
################################################################################
|
|
|
|
|
## GitLab Puma
|
|
|
|
|
##! Tweak puma settings. You should only use Unicorn or Puma, not both.
|
|
|
|
|
@ -770,7 +816,12 @@ unicorn['port'] = __UNICORN_PORT__
|
|
|
|
|
|
|
|
|
|
### **Only change these settings if you understand well what they mean**
|
|
|
|
|
###! Docs: https://github.com/schneems/puma_worker_killer
|
|
|
|
|
# puma['per_worker_max_memory_mb'] = 650
|
|
|
|
|
# puma['per_worker_max_memory_mb'] = 850
|
|
|
|
|
|
|
|
|
|
# puma['exporter_enabled'] = false
|
|
|
|
|
# puma['exporter_address'] = "127.0.0.1"
|
|
|
|
|
# puma['exporter_port'] = 8083
|
|
|
|
|
# puma['exporter_blackout_seconds'] = 10
|
|
|
|
|
|
|
|
|
|
################################################################################
|
|
|
|
|
## GitLab Sidekiq
|
|
|
|
|
@ -1199,6 +1250,7 @@ nginx['listen_https'] = false
|
|
|
|
|
##! You can disable built in logrotate feature.
|
|
|
|
|
################################################################################
|
|
|
|
|
# logrotate['enable'] = true
|
|
|
|
|
# logrotate['log_directory'] = "/var/log/gitlab/logrotate"
|
|
|
|
|
|
|
|
|
|
################################################################################
|
|
|
|
|
## Users and groups accounts
|
|
|
|
|
@ -1307,16 +1359,6 @@ nginx['listen_https'] = false
|
|
|
|
|
##! Specifies the maximum SSL/TLS version ("ssl3", "tls1.0", "tls1.1" or "tls1.2")
|
|
|
|
|
# gitlab_pages['tls_max_version'] = "tls1.2"
|
|
|
|
|
|
|
|
|
|
##! Configure the pages admin API
|
|
|
|
|
# gitlab_pages['admin_secret_token'] = 'custom secret'
|
|
|
|
|
# gitlab_pages['admin_https_listener'] = '0.0.0.0:5678'
|
|
|
|
|
# gitlab_pages['admin_https_cert'] = '/etc/gitlab/pages-admin.crt'
|
|
|
|
|
# gitlab_pages['admin_https_key'] = '/etc/gitlab/pages-admin.key'
|
|
|
|
|
|
|
|
|
|
##! Client side configuration for gitlab-pages admin API, in case pages runs on a different host
|
|
|
|
|
# gitlab_rails['pages_admin_address'] = 'pages.gitlab.example.com:5678'
|
|
|
|
|
# gitlab_rails['pages_admin_certificate'] = '/etc/gitlab/pages-admin.crt'
|
|
|
|
|
|
|
|
|
|
##! Pages access control
|
|
|
|
|
# gitlab_pages['access_control'] = false
|
|
|
|
|
# gitlab_pages['gitlab_id'] = nil # Automatically generated if not present
|
|
|
|
|
@ -1530,6 +1572,7 @@ nginx['listen_https'] = false
|
|
|
|
|
|
|
|
|
|
##! Advanced settings. Should be changed only if absolutely needed.
|
|
|
|
|
# alertmanager['listen_address'] = 'localhost:9093'
|
|
|
|
|
# alertmanager['global'] = {}
|
|
|
|
|
|
|
|
|
|
################################################################################
|
|
|
|
|
## Prometheus Node Exporter
|
|
|
|
|
@ -1713,6 +1756,7 @@ grafana['enable'] = false
|
|
|
|
|
# gitaly['ruby_max_rss'] = 300000000 # RSS threshold in bytes for triggering a gitaly-ruby restart
|
|
|
|
|
# gitaly['ruby_graceful_restart_timeout'] = '10m' # Grace time for a gitaly-ruby process to finish ongoing requests
|
|
|
|
|
# gitaly['ruby_restart_delay'] = '5m' # Period of sustained high RSS that needs to be observed before restarting gitaly-ruby
|
|
|
|
|
# gitaly['ruby_rugged_git_config_search_path'] = "/opt/gitlab/embedded/etc" # Location of system-wide gitconfig file
|
|
|
|
|
# gitaly['ruby_num_workers'] = 3 # Number of gitaly-ruby worker processes. Minimum 2, default 2.
|
|
|
|
|
# gitaly['storage'] = [
|
|
|
|
|
# {
|
|
|
|
|
@ -1734,6 +1778,32 @@ grafana['enable'] = false
|
|
|
|
|
# }
|
|
|
|
|
# ]
|
|
|
|
|
|
|
|
|
|
################################################################################
|
|
|
|
|
## Praefect
|
|
|
|
|
##! Docs: https://gitlab.com/gitlab-org/gitaly/blob/master/doc/design_ha.md
|
|
|
|
|
################################################################################
|
|
|
|
|
|
|
|
|
|
# praefect['enable'] = false
|
|
|
|
|
# praefect['virtual_storage_name'] = "praefect"
|
|
|
|
|
# praefect['auth_token'] = ""
|
|
|
|
|
# praefect['auth_transitioning'] = false
|
|
|
|
|
# praefect['listen_addr'] = "localhost:2305"
|
|
|
|
|
# praefect['prometheus_listen_addr'] = "localhost:9652"
|
|
|
|
|
# praefect['logging_level'] = "warn"
|
|
|
|
|
# praefect['logging_format'] = "json"
|
|
|
|
|
# praefect['storage_nodes'] = [
|
|
|
|
|
# {
|
|
|
|
|
# 'storage' => 'praefect',
|
|
|
|
|
# 'address' => 'tcp://12:23:56:78',
|
|
|
|
|
# 'token' => 'abc123'
|
|
|
|
|
# },
|
|
|
|
|
# {
|
|
|
|
|
# 'storoge' => 'praefect-2',
|
|
|
|
|
# 'address' => 'tcp://praefect2.internal',
|
|
|
|
|
# 'token' => 'xyz456'
|
|
|
|
|
# }
|
|
|
|
|
# ]
|
|
|
|
|
|
|
|
|
|
################################################################################
|
|
|
|
|
# Storage check
|
|
|
|
|
################################################################################
|
|
|
|
|
@ -1760,6 +1830,11 @@ grafana['enable'] = false
|
|
|
|
|
##! non-docker containers. Recommended not to change.
|
|
|
|
|
# package['detect_init'] = true
|
|
|
|
|
|
|
|
|
|
##! Specify maximum number of tasks that can be created by the systemd unit
|
|
|
|
|
##! Will be populated as TasksMax value to the unit file if user is on a systemd
|
|
|
|
|
##! version that supports it (>= 227). Will be a no-op if user is not on systemd.
|
|
|
|
|
# package['systemd_tasks_max'] = 4915
|
|
|
|
|
|
|
|
|
|
################################################################################
|
|
|
|
|
################################################################################
|
|
|
|
|
## Configuration Settings for GitLab EE only ##
|
|
|
|
|
|
Kayou
GitHub