Commit 0cd59a75 authored by Lin Jen-Shin's avatar Lin Jen-Shin 🔴

Merge branch 'rs-config-parity' into 'master'

Copy EE-only config files to CE

See merge request gitlab-org/gitlab-ce!30529
parents 45318790 d1c86dc9
{
"ignored_warnings": [
{
"warning_type": "Cross-Site Request Forgery",
"warning_code": 7,
"fingerprint": "dc562678129557cdb8b187217da304044547a3605f05fe678093dcb4b4d8bbe4",
"message": "'protect_from_forgery' should be called in Oauth::GeoAuthController",
"file": "app/controllers/oauth/geo_auth_controller.rb",
"line": 1,
"link": "http://brakemanscanner.org/docs/warning_types/cross-site_request_forgery/",
"code": null,
"render_path": null,
"location": {
"type": "controller",
"controller": "Oauth::GeoAuthController"
},
"user_input": null,
"confidence": "High",
"note": ""
}
],
"updated": "2017-01-20 02:06:54 +0000",
"brakeman_version": "3.4.1"
}
#
# PRODUCTION
#
production:
adapter: postgresql
encoding: unicode
database: gitlabhq_geo_production
pool: 10
username: git
password: "secure password"
host: localhost
fdw: true
#
# Development specific
#
development:
adapter: postgresql
encoding: unicode
database: gitlabhq_geo_development
pool: 5
username: postgres
password: "secure password"
host: localhost
fdw: true
#
# Staging specific
#
staging:
adapter: postgresql
encoding: unicode
database: gitlabhq_geo_staging
pool: 10
username: git
password: "secure password"
host: localhost
fdw: true
# Warning: The database defined as "test" will be erased and
# re-generated from your development database when you run "rake".
# Do not set this db to the same as development or production.
test: &test
adapter: postgresql
encoding: unicode
database: gitlabhq_geo_test
pool: 5
username: postgres
password:
host: localhost
fdw: true
......@@ -664,6 +664,9 @@ production: &base
# Port where the client side certificate is requested by the webserver (NGINX/Apache)
# client_certificate_required_port: 3444
# Browser session with smartcard sign-in is required for Git access
# required_for_git_access: false
## Kerberos settings
kerberos:
# Allow the HTTP Negotiate authentication method for Git clients
......
......@@ -10,7 +10,8 @@ if Rails.env.test?
# it reads + parses `db/migrate/*` each time. Memoizing it can save 0.5
# seconds per spec.
def migrations(paths)
(@migrations ||= migrations_unmemoized(paths)).dup
@migrations ||= {}
(@migrations[paths] ||= migrations_unmemoized(paths)).dup
end
end
end
......
- group: Cluster Health
priority: 1
metrics:
- title: "CPU Usage"
y_label: "CPU"
required_metrics: ['container_cpu_usage_seconds_total']
weight: 1
queries:
- query_range: 'avg(sum(rate(container_cpu_usage_seconds_total{id="/"}[15m])) by (job)) without (job)'
label: Usage
unit: "cores"
appearance:
line:
width: 2
area:
opacity: 0
- query_range: 'sum(kube_pod_container_resource_requests_cpu_cores{kubernetes_namespace="gitlab-managed-apps"})'
label: Requested
unit: "cores"
appearance:
line:
width: 2
area:
opacity: 0
- query_range: 'sum(kube_node_status_capacity_cpu_cores{kubernetes_namespace="gitlab-managed-apps"})'
label: Capacity
unit: "cores"
appearance:
line:
type: 'dashed'
width: 2
area:
opacity: 0
- title: "Memory usage"
y_label: "Memory"
required_metrics: ['container_memory_usage_bytes']
weight: 1
queries:
- query_range: 'avg(sum(container_memory_usage_bytes{id="/"}) by (job)) without (job) / 2^30'
label: Usage
unit: "GiB"
appearance:
line:
width: 2
area:
opacity: 0
- query_range: 'sum(kube_pod_container_resource_requests_memory_bytes{kubernetes_namespace="gitlab-managed-apps"})/2^30'
label: Requested
unit: "GiB"
appearance:
line:
width: 2
area:
opacity: 0
- query_range: 'sum(kube_node_status_capacity_memory_bytes{kubernetes_namespace="gitlab-managed-apps"})/2^30'
label: Capacity
unit: "GiB"
appearance:
line:
type: 'dashed'
width: 2
area:
opacity: 0
tables:
approvals:
whitelist:
- id
- merge_request_id
- user_id
- created_at
- updated_at
approver_groups:
whitelist:
- id
- target_type
- group_id
- created_at
- updated_at
board_assignees:
whitelist:
- id
- board_id
- assignee_id
board_labels:
whitelist:
- id
- board_id
- label_id
boards:
whitelist:
- id
- project_id
- created_at
- updated_at
- milestone_id
- group_id
- weight
epic_issues:
whitelist:
- id
- epic_id
- issue_id
- relative_position
epic_metrics:
whitelist:
- id
- epic_id
- created_at
- updated_at
epics:
whitelist:
- id
- milestone_id
- group_id
- author_id
- assignee_id
- iid
- updated_by_id
- last_edited_by_id
- lock_version
- start_date
- end_date
- last_edited_at
- created_at
- updated_at
- title
- description
issue_assignees:
whitelist:
- user_id
- issue_id
issue_links:
whitelist:
- id
- source_id
- target_id
- created_at
- updated_at
issue_metrics:
whitelist:
- id
- issue_id
- first_mentioned_in_commit_at
- first_associated_with_milestone_at
- first_added_to_board_at
- created_at
- updated_at
issues:
whitelist:
- id
- title
- author_id
- project_id
- created_at
- confidential
- updated_at
- description
- milestone_id
- state
- updated_by_id
- weight
- due_date
- moved_to_id
- lock_version
- time_estimate
- last_edited_at
- last_edited_by_id
- discussion_locked
- closed_at
label_links:
whitelist:
- id
- label_id
- target_id
- target_type
- created_at
- updated_at
label_priorities:
whitelist:
- id
- project_id
- label_id
- priority
- created_at
- updated_at
labels:
whitelist:
- id
- title
- color
- project_id
- created_at
- updated_at
- template
- type
- group_id
licenses:
whitelist:
- id
- created_at
- updated_at
merge_request_diffs:
whitelist:
- id
- state
- merge_request_id
- created_at
- updated_at
- base_commit_sha
- real_size
- head_commit_sha
- start_commit_sha
- commits_count
merge_request_metrics:
whitelist:
- id
- merge_request_id
- latest_build_started_at
- latest_build_finished_at
- first_deployed_to_production_at
- merged_at
- created_at
- updated_at
- pipeline_id
- merged_by_id
- latest_closed_by_id
- latest_closed_at
merge_requests:
whitelist:
- id
- target_branch
- source_branch
- source_project_id
- author_id
- assignee_id
- created_at
- updated_at
- milestone_id
- state
- merge_status
- target_project_id
- updated_by_id
- merge_error
- merge_params
- merge_when_pipeline_succeeds
- merge_user_id
- approvals_before_merge
- lock_version
- time_estimate
- squash
- last_edited_at
- last_edited_by_id
- head_pipeline_id
- discussion_locked
- latest_merge_request_diff_id
- allow_maintainer_to_push
merge_requests_closing_issues:
whitelist:
- id
- merge_request_id
- issue_id
- created_at
- updated_at
milestones:
whitelist:
- id
- project_id
- due_date
- created_at
- updated_at
- state
- start_date
- group_id
namespace_statistics:
whitelist:
- id
- namespace_id
- shared_runners_seconds
- shared_runners_seconds_last_reset
namespaces:
whitelist:
- id
- name
- path
- owner_id
- created_at
- updated_at
- type
- avatar
- membership_lock
- share_with_group_lock
- visibility_level
- request_access_enabled
- ldap_sync_status
- ldap_sync_error
- ldap_sync_last_update_at
- ldap_sync_last_successful_update_at
- ldap_sync_last_sync_at
- lfs_enabled
- parent_id
- shared_runners_minutes_limit
- repository_size_limit
- require_two_factor_authentication
- two_factor_grace_period
- plan_id
- project_creation_level
members:
whitelist:
- id
- access_level
- source_id
- source_type
- user_id
- notification_level
- type
- created_by_id
- invite_email
- invite_accepted_at
- requested_at
- expires_at
- ldap
- override
notification_settings:
whitelist:
- id
- user_id
- source_id
- source_type
- level
- created_at
- updated_at
- new_note
- new_issue
- reopen_issue
- close_issue
- reassign_issue
- new_merge_request
- reopen_merge_request
- close_merge_request
- reassign_merge_request
- merge_merge_request
- failed_pipeline
- success_pipeline
project_authorizations:
whitelist:
- user_id
- project_id
- access_level
project_auto_devops:
whitelist:
- id
- project_id
- created_at
- updated_at
- enabled
project_custom_attributes:
whitelist:
- id
- created_at
- updated_at
- project_id
- key
- value
project_features:
whitelist:
- id
- project_id
- merge_requests_access_level
- issues_access_level
- wiki_access_level
- snippets_access_level
- builds_access_level
- created_at
- updated_at
- repository_access_level
project_group_links:
whitelist:
- id
- project_id
- group_id
- created_at
- updated_at
- group_access
- expires_at
project_import_data:
whitelist:
- id
- project_id
project_mirror_data:
whitelist:
- id
- project_id
- retry_count
- last_update_started_at
- last_update_scheduled_at
- next_execution_timestamp
project_repository_states:
whitelist:
- id
- project_id
- repository_verification_checksum
- wiki_verification_checksum
- last_repository_verification_failure
- last_wiki_verification_failure
project_statistics:
whitelist:
- id
- project_id
- namespace_id
- commit_count
- storage_size
- repository_size
- lfs_objects_size
- build_artifacts_size
- shared_runners_seconds
- shared_runners_seconds_last_reset
projects:
whitelist:
- id
- name
- path
- description
- created_at
- updated_at
- creator_id
- namespace_id
- last_activity_at
- import_url
- visibility_level
- archived
- avatar
- merge_requests_template
- star_count
- merge_requests_rebase_enabled
- import_type
- import_source
- approvals_before_merge
- reset_approvals_on_push
- merge_requests_ff_only_enabled
- issues_template
- mirror
- mirror_user_id
- shared_runners_enabled
- build_coverage_regex
- build_allow_git_fetch
- build_timeout
- mirror_trigger_builds
- pending_delete
- public_builds
- last_repository_check_failed
- last_repository_check_at
- container_registry_enabled
- only_allow_merge_if_pipeline_succeeds
- has_external_issue_tracker
- repository_storage
- repository_read_only
- request_access_enabled
- has_external_wiki
- ci_config_path
- lfs_enabled
- only_allow_merge_if_all_discussions_are_resolved
- repository_size_limit
- printing_merge_request_link_enabled
- auto_cancel_pending_pipelines
- service_desk_enabled
- delete_error
- last_repository_updated_at
- disable_overriding_approvers_per_merge_request
- storage_version
- resolve_outdated_diff_discussions
- remote_mirror_available_overridden
- only_mirror_protected_branches
- pull_mirror_available_overridden
- mirror_overwrites_diverged_branches
- external_authorization_classification_label
subscriptions:
whitelist:
- id
- user_id
- subscribable_id
- subscribable_type
- subscribed
- created_at
- updated_at
- project_id
users:
whitelist:
- id
- remember_created_at
- sign_in_count
- current_sign_in_at
- last_sign_in_at
- current_sign_in_ip
- last_sign_in_ip
- created_at
- updated_at
- admin
- projects_limit
- failed_attempts
- locked_at
- can_create_group
- can_create_team
- state
- color_scheme_id
- password_expires_at
- created_by_id
- last_credential_check_at
- avatar
- confirmed_at
- confirmation_sent_at
- unconfirmed_email
- hide_no_ssh_key
- website_url
- admin_email_unsubscribed_at
- notification_email
- hide_no_password
- password_automatically_set
- location
- public_email
- dashboard
- project_view
- consumed_timestep
- layout
- hide_project_limit
- note
- otp_grace_period_started_at
- external
- organization
- auditor
- require_two_factor_authentication_from_group
- two_factor_grace_period
- ghost
- last_activity_on
- notified_of_own_activity
- bot_type
- preferred_language
- theme_id
......@@ -62,6 +62,31 @@ class Settings < Settingslogic
(base_url(gitlab) + [gitlab.relative_url_root]).join('')
end
def kerberos_protocol
kerberos.https ? "https" : "http"
end
def kerberos_port
kerberos.use_dedicated_port ? kerberos.port : gitlab.port
end
# Curl expects username/password for authentication. However when using GSS-Negotiate not credentials should be needed.
# By inserting in the Kerberos dedicated URL ":@", we give to curl an empty username and password and GSS auth goes ahead
# Known bug reported in http://sourceforge.net/p/curl/bugs/440/ and http://curl.haxx.se/docs/knownbugs.html
def build_gitlab_kerberos_url
[
kerberos_protocol,
"://:@",
gitlab.host,
":#{kerberos_port}",
gitlab.relative_url_root
].join('')
end
def alternative_gitlab_kerberos_url?
kerberos.enabled && (build_gitlab_kerberos_url != build_gitlab_url)
end
# check that values in `current` (string or integer) is a contant in `modul`.
def verify_constant_array(modul, current, default)
values = default || []
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment