"badgateway: failed to receive response: dial unix /var/opt/gitlab/gitlab-rails/sockets/gitlab.socket: connect: connection refused
Summary
Steps to reproduce
What is the current bug behavior?
"badgateway: failed to receive response
What is the expected correct behavior?
Gitlab site should up and running
Relevant logs
Relevant logs
"badgateway: failed to receive response: dial unix /var/opt/gitlab/gitlab-rails/sockets/gitlab.socket: connect: connection refused
Details of package version
Provide the package version installation details
||/ Name Version Architecture Description +++-===============================-====================-====================-==================================================================== ii gitlab-ce 16.2.1-ce.0 amd64 GitLab Community Edition (including NGINX, Postgres, Redis) un gitlab-ee (no description available) un gitlab-fips (no description available)
Environment details
- Operating System:
REPLACE-WITH-DETAILS - Installation Target, remove incorrect values:
- VM:
Azure
- VM:
- Installation Type, remove incorrect values:
- New Installation:
No - Upgrade from version
16.1.2 to 16.2.1
- New Installation:
- Is there any other software running on the machine:
No - Is this a single or multiple node installation?:
Signgle node installation - Resources
- CPU:
2 - Memory total:
8 GB
- CPU:
Configuration details
Provide the relevant sections of `/etc/gitlab/gitlab.rb`
## GitLab configuration settings ##! This file is generated during initial installation and **is not** modified ##! during upgrades. ##! Check out the latest version of this file to know about the different ##! settings that can be configured by this file, which may be found at: ##! https://gitlab.com/gitlab-org/omnibus-gitlab/raw/master/files/gitlab-config-template/gitlab.rb.template##! You can run
gitlab-ctl diff-configto compare the contents of the current gitlab.rb with ##! the gitlab.rb.template from the currently running version.##! You can run
gitlab-ctl show-configto display the configuration that will be generated by ##! runninggitlab-ctl reconfigure##! In general, the values specified here should reflect what the default value of the attribute will be. ##! There are instances where this behavior is not possible or desired. For example, when providing passwords, ##! or connecting to third party services. ##! In those instances, we endeavour to provide an example configuration.
GitLab URL
##! URL on which GitLab will be reachable. ##! For more details on configuring external_url see: ##! https://docs.gitlab.com/omnibus/settings/configuration.html#configuring-the-external-url-for-gitlab ##! ##! Note: During installation/upgrades, the value of the environment variable ##! EXTERNAL_URL will be used to populate/replace this value. ##! On AWS EC2 instances, we also attempt to fetch the public hostname/IP ##! address from AWS. For more details, see: ##! https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instancedata-data-retrieval.html external_url 'https://git.raykor.com'
letsencrypt ["enable"]=false
Roles for multi-instance GitLab
##! The default is to have no roles enabled, which results in GitLab running as an all-in-one instance. ##! Options: ##! redis_sentinel_role redis_master_role redis_slave_role geo_primary_role geo_secondary_role ##! For more details on each role, see: ##! https://docs.gitlab.com/omnibus/roles/README.html#roles ##!
roles ['redis_sentinel_role', 'redis_master_role']
Legend
##! The following notations at the beginning of each line may be used to ##! differentiate between components of this file and to easily select them using ##! a regex. ##! ## Titles, subtitles etc ##! ##! More information - Description, Docs, Links, Issues etc. ##! Configuration settings have a single # followed by a single space at the ##! beginning; Remove them to enable the setting.
##! Configuration settings below are optional.
################################################################################ ################################################################################
Configuration Settings for GitLab CE and EE
################################################################################ ################################################################################
################################################################################
gitlab.yml configuration
##! Docs: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/gitlab.yml.md ################################################################################
gitlab_rails['gitlab_ssh_host'] = 'ssh.host_example.com'
gitlab_rails['gitlab_ssh_user'] = ''
gitlab_rails['time_zone'] = 'UTC'
Request duration
###! Tells the rails application how long it has to complete a request ###! This value needs to be lower than the worker timeout set in unicorn/puma. ###! By default, we'll allow 95% of the the worker timeout
gitlab_rails['max_request_duration_seconds'] = 57
Email Settings
gitlab_rails['gitlab_email_enabled'] = true
gitlab_rails['gitlab_email_from'] = 'example@example.com'
gitlab_rails['gitlab_email_display_name'] = 'Example'
gitlab_rails['gitlab_email_reply_to'] = 'noreply@example.com'
gitlab_rails['gitlab_email_subject_suffix'] = ''
gitlab_rails['gitlab_email_smime_enabled'] = false
gitlab_rails['gitlab_email_smime_key_file'] = '/etc/gitlab/ssl/gitlab_smime.key'
gitlab_rails['gitlab_email_smime_cert_file'] = '/etc/gitlab/ssl/gitlab_smime.crt'
GitLab user privileges
gitlab_rails['gitlab_default_can_create_group'] = true
gitlab_rails['gitlab_username_changing_enabled'] = true
Default Theme
gitlab_rails['gitlab_default_theme'] = 2
Default project feature settings
gitlab_rails['gitlab_default_projects_features_issues'] = true
gitlab_rails['gitlab_default_projects_features_merge_requests'] = true
gitlab_rails['gitlab_default_projects_features_wiki'] = true
gitlab_rails['gitlab_default_projects_features_snippets'] = true
gitlab_rails['gitlab_default_projects_features_builds'] = true
gitlab_rails['gitlab_default_projects_features_container_registry'] = true
Automatic issue closing
###! See https://docs.gitlab.com/ee/customization/issue_closing.html for more ###! information about this pattern.
gitlab_rails['gitlab_issue_closing_pattern'] = "\b((?:[Cc]los(?:e[sd]?|ing)|\b[Ff]ix(?:e[sd]|ing)?|\b[Rr]esolv(?:e[sd]?|ing)|\b[Ii]mplement(?:s|ed|ing)?)(:?) +(?:(?:issues? +)?%{issue_ref}(?:(?:, *| +and +)?)|([A-Z][A-Z0-9_]+-\d+))+)"
Download location
###! When a user clicks e.g. 'Download zip' on a project, a temporary zip file ###! is created in the following directory. ###! Should not be the same path, or a sub directory of any of the
git_data_dirsgitlab_rails['gitlab_repository_downloads_path'] = 'tmp/repositories'
Gravatar Settings
gitlab_rails['gravatar_plain_url'] = 'http://www.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon'
gitlab_rails['gravatar_ssl_url'] = 'https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon'
Auxiliary jobs
###! Periodically executed jobs, to self-heal Gitlab, do external ###! synchronizations, etc. ###! Docs: https://github.com/ondrejbartas/sidekiq-cron#adding-cron-job ###! https://docs.gitlab.com/ee/ci/yaml/README.html#artifactsexpire_in
gitlab_rails['stuck_ci_jobs_worker_cron'] = "0 0 * * *"
gitlab_rails['expire_build_artifacts_worker_cron'] = "50 * * * *"
gitlab_rails['environments_auto_stop_cron_worker_cron'] = "24 * * * *"
gitlab_rails['pipeline_schedule_worker_cron'] = "19 * * * *"
gitlab_rails['ci_archive_traces_cron_worker_cron'] = "17 * * * *"
gitlab_rails['repository_check_worker_cron'] = "20 * * * *"
gitlab_rails['admin_email_worker_cron'] = "0 0 * * 0"
gitlab_rails['personal_access_tokens_expiring_worker_cron'] = "0 1 * * *"
gitlab_rails['repository_archive_cache_worker_cron'] = "0 * * * *"
gitlab_rails['pages_domain_verification_cron_worker'] = "*/15 * * * *"
gitlab_rails['pages_domain_ssl_renewal_cron_worker'] = "*/10 * * * *"
gitlab_rails['pages_domain_removal_cron_worker'] = "47 0 * * *"
gitlab_rails['schedule_migrate_external_diffs_worker_cron'] = "15 * * * *"
Webhook Settings
###! Number of seconds to wait for HTTP response after sending webhook HTTP POST ###! request (default: 10)
gitlab_rails['webhook_timeout'] = 10
GraphQL Settings
###! Tells the rails application how long it has to complete a GraphQL request. ###! We suggest this value to be higher than the database timeout value ###! and lower than the worker timeout set in unicorn/puma. (default: 30)
gitlab_rails['graphql_timeout'] = 30
Trusted proxies
###! Customize if you have GitLab behind a reverse proxy which is running on a ###! different machine. ###! Add the IP address for your reverse proxy to the list, otherwise users ###! will appear signed in from that address.
gitlab_rails['trusted_proxies'] = []
Content Security Policy
####! Customize if you want to enable the Content-Security-Policy header, which ####! can help thwart JavaScript cross-site scripting (XSS) attacks. ####! See: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
gitlab_rails['content_security_policy'] = {
'enabled' => false,
'report_only' => false,
# Each directive is a String (e.g. "'self'").
'directives' => {
'base_uri' => nil,
'child_src' => nil,
'connect_src' => nil,
'default_src' => nil,
'font_src' => nil,
'form_action' => nil,
'frame_ancestors' => nil,
'frame_src' => nil,
'img_src' => nil,
'manifest_src' => nil,
'media_src' => nil,
'object_src' => nil,
'script_src' => nil,
'style_src' => nil,
'worker_src' => nil,
'report_uri' => nil,
}
}
Monitoring settings
###! IP whitelist controlling access to monitoring endpoints
gitlab_rails['monitoring_whitelist'] = ['127.0.0.0/8', '::1/128']
###! Time between sampling of unicorn socket metrics, in seconds
gitlab_rails['monitoring_unicorn_sampler_interval'] = 10
Shutdown settings
###! Defines an interval to block healthcheck, ###! but continue accepting application requests.
gitlab_rails['shutdown_blackout_seconds'] = 10
Reply by email
###! Allow users to comment on issues and merge requests by replying to ###! notification emails. ###! Docs: https://docs.gitlab.com/ee/administration/reply_by_email.html
gitlab_rails['incoming_email_enabled'] = true
Incoming Email Address
####! The email address including the
%{key}placeholder that will be replaced ####! to reference the item being replied to. ####! The placeholder can be omitted but if present, it must appear in the ####! "user" part of the address (before the@).gitlab_rails['incoming_email_address'] = "gitlab-incoming+%{key}@gmail.com"
Email account username
####! With third party providers, this is usually the full email address. ####! With self-hosted email servers, this is usually the user part of the ####! email address.
gitlab_rails['incoming_email_email'] = "gitlab-incoming@gmail.com"
Email account password
gitlab_rails['incoming_email_password'] = "[REDACTED]"
IMAP Settings
gitlab_rails['incoming_email_host'] = "imap.gmail.com"
gitlab_rails['incoming_email_port'] = 993
gitlab_rails['incoming_email_ssl'] = true
gitlab_rails['incoming_email_start_tls'] = false
Incoming Mailbox Settings (via
mail_room)####! The mailbox where incoming mail will end up. Usually "inbox".
gitlab_rails['incoming_email_mailbox_name'] = "inbox"
####! The IDLE command timeout.
gitlab_rails['incoming_email_idle_timeout'] = 60
####! The file name for internal
mail_roomJSON logfilegitlab_rails['incoming_email_log_file'] = "/var/log/gitlab/mailroom/mail_room_json.log"
####! The format of mail_room crash logs
mailroom['exit_log_format'] = "plain"
Job Artifacts
gitlab_rails['artifacts_enabled'] = true
gitlab_rails['artifacts_path'] = "/var/opt/gitlab/gitlab-rails/shared/artifacts"
####! Job artifacts Object Store ####! Docs: https://docs.gitlab.com/ee/administration/job_artifacts.html#using-object-storage
gitlab_rails['artifacts_object_store_enabled'] = false
gitlab_rails['artifacts_object_store_direct_upload'] = false
gitlab_rails['artifacts_object_store_background_upload'] = true
gitlab_rails['artifacts_object_store_proxy_download'] = false
gitlab_rails['artifacts_object_store_remote_directory'] = "artifacts"
gitlab_rails['artifacts_object_store_connection'] = {
'provider' => 'AWS',
'region' => 'eu-west-1',
'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
# # The below options configure an S3 compatible host instead of AWS
# 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
# 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
# 'host' => 's3.amazonaws.com',
# 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
}
External merge request diffs
gitlab_rails['external_diffs_enabled'] = false
gitlab_rails['external_diffs_when'] = nil
gitlab_rails['external_diffs_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/external-diffs"
gitlab_rails['external_diffs_object_store_enabled'] = false
gitlab_rails['external_diffs_object_store_direct_upload'] = false
gitlab_rails['external_diffs_object_store_background_upload'] = false
gitlab_rails['external_diffs_object_store_proxy_download'] = false
gitlab_rails['external_diffs_object_store_remote_directory'] = "external-diffs"
gitlab_rails['external_diffs_object_store_connection'] = {
'provider' => 'AWS',
'region' => 'eu-west-1',
'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
# # The below options configure an S3 compatible host instead of AWS
# 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
# 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
# 'host' => 's3.amazonaws.com',
# 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
}
Git LFS
gitlab_rails['lfs_enabled'] = true
gitlab_rails['lfs_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/lfs-objects"
gitlab_rails['lfs_object_store_enabled'] = false
gitlab_rails['lfs_object_store_direct_upload'] = false
gitlab_rails['lfs_object_store_background_upload'] = true
gitlab_rails['lfs_object_store_proxy_download'] = false
gitlab_rails['lfs_object_store_remote_directory'] = "lfs-objects"
gitlab_rails['lfs_object_store_connection'] = {
'provider' => 'AWS',
'region' => 'eu-west-1',
'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
# # The below options configure an S3 compatible host instead of AWS
# 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
# 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
# 'host' => 's3.amazonaws.com',
# 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
}
GitLab uploads
###! Docs: https://docs.gitlab.com/ee/administration/uploads.html
gitlab_rails['uploads_storage_path'] = "/opt/gitlab/embedded/service/gitlab-rails/public"
gitlab_rails['uploads_base_dir'] = "uploads/-/system"
gitlab_rails['uploads_object_store_enabled'] = false
gitlab_rails['uploads_object_store_direct_upload'] = false
gitlab_rails['uploads_object_store_background_upload'] = true
gitlab_rails['uploads_object_store_proxy_download'] = false
gitlab_rails['uploads_object_store_remote_directory'] = "uploads"
gitlab_rails['uploads_object_store_connection'] = {
'provider' => 'AWS',
'region' => 'eu-west-1',
'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
# # The below options configure an S3 compatible host instead of AWS
# 'host' => 's3.amazonaws.com',
# 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
# 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
# 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
}
Impersonation settings
gitlab_rails['impersonation_enabled'] = true
Usage Statistics
gitlab_rails['usage_ping_enabled'] = true
GitLab Mattermost
###! These settings are void if Mattermost is installed on the same omnibus ###! install
gitlab_rails['mattermost_host'] = "https://mattermost.example.com"
LDAP Settings
###! Docs: https://docs.gitlab.com/omnibus/settings/ldap.html ###! Be careful not to break the indentation in the ldap_servers block. It is ###! in yaml format and the spaces must be retained. Using tabs will not work.
gitlab_rails['ldap_enabled'] = false
gitlab_rails['prevent_ldap_sign_in'] = false
###! remember to close this block with 'EOS' below
gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
main: # 'main' is the GitLab 'provider ID' of this LDAP server
label: 'LDAP'
host: '_your_ldap_server'
port: 389
uid: 'sAMAccountName'
bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
password: '_the_password_of_the_bind_user'
encryption: 'plain' # "start_tls" or "simple_tls" or "plain"
verify_certificates: true
smartcard_auth: false
active_directory: true
allow_username_or_email_login: false
lowercase_usernames: false
block_auto_created_users: false
base: ''
user_filter: ''
## EE only
group_base: ''
admin_group: ''
sync_ssh_keys: false
secondary: # 'secondary' is the GitLab 'provider ID' of second LDAP server
label: 'LDAP'
host: '_your_ldap_server'
port: 389
uid: 'sAMAccountName'
bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
password: '_the_password_of_the_bind_user'
encryption: 'plain' # "start_tls" or "simple_tls" or "plain"
verify_certificates: true
smartcard_auth: false
active_directory: true
allow_username_or_email_login: false
lowercase_usernames: false
block_auto_created_users: false
base: ''
user_filter: ''
## EE only
group_base: ''
admin_group: ''
sync_ssh_keys: false
EOS
Smartcard authentication settings
###! Docs: https://docs.gitlab.com/ee/administration/auth/smartcard.html
gitlab_rails['smartcard_enabled'] = false
gitlab_rails['smartcard_ca_file'] = "/etc/gitlab/ssl/CA.pem"
gitlab_rails['smartcard_client_certificate_required_host'] = 'smartcard.gitlab.example.com'
gitlab_rails['smartcard_client_certificate_required_port'] = 3444
gitlab_rails['smartcard_required_for_git_access'] = false
gitlab_rails['smartcard_san_extensions'] = false
OmniAuth Settings
###! Docs: https://docs.gitlab.com/ee/integration/omniauth.html
gitlab_rails['omniauth_enabled'] = nil
gitlab_rails['omniauth_allow_single_sign_on'] = ['saml']
gitlab_rails['omniauth_sync_email_from_provider'] = 'saml'
gitlab_rails['omniauth_sync_profile_from_provider'] = ['saml']
gitlab_rails['omniauth_sync_profile_attributes'] = ['email']
gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'saml'
gitlab_rails['omniauth_block_auto_created_users'] = true
gitlab_rails['omniauth_auto_link_ldap_user'] = false
gitlab_rails['omniauth_auto_link_saml_user'] = false
gitlab_rails['omniauth_external_providers'] = ['twitter', 'google_oauth2']
gitlab_rails['omniauth_allow_bypass_two_factor'] = ['google_oauth2']
gitlab_rails['omniauth_providers'] = [
{
"name" => "google_oauth2",
"app_id" => "YOUR APP ID",
"app_secret" => "YOUR APP SECRET",
"args" => { "access_type" => "offline", "approval_prompt" => "" }
}
]
Backup Settings
###! Docs: https://docs.gitlab.com/omnibus/settings/backups.html
gitlab_rails['manage_backup_path'] = true
gitlab_rails['backup_path'] = "/var/opt/gitlab/backups"
###! Docs: https://docs.gitlab.com/ee/raketasks/backup_restore.html#backup-archive-permissions
gitlab_rails['backup_archive_permissions'] = 0644
gitlab_rails['backup_pg_schema'] = 'public'
###! The duration in seconds to keep backups before they are allowed to be deleted
gitlab_rails['backup_keep_time'] = 604800
gitlab_rails['backup_upload_connection'] = {
'provider' => 'AWS',
'region' => 'eu-west-1',
'aws_access_key_id' => 'AKIAKIAKI',
'aws_secret_access_key' => 'secret123'
}
gitlab_rails['backup_upload_remote_directory'] = 'my.s3.bucket'
gitlab_rails['backup_multipart_chunk_size'] = 104857600
###! Turns on AWS Server-Side Encryption with Amazon S3-Managed Keys for ###! backups
gitlab_rails['backup_encryption'] = 'AES256'
###! The encryption key to use with AWS Server-Side Encryption. ###! Setting this value will enable Server-Side Encryption with customer provided keys; ###! otherwise S3-managed keys are used.
gitlab_rails['backup_encryption_key'] = ''
###! Specifies Amazon S3 storage class to use for backups. Valid values ###! include 'STANDARD', 'STANDARD_IA', and 'REDUCED_REDUNDANCY'
gitlab_rails['backup_storage_class'] = 'STANDARD'
###! Skip parts of the backup. Comma separated. ###! Docs: https://docs.gitlab.com/ee/raketasks/backup_restore.html#excluding-specific-directories-from-the-backup #gitlab_rails['env'] = {
"SKIP" => "db,uploads,repositories,builds,artifacts,lfs,registry,pages"
#}
Pseudonymizer Settings
gitlab_rails['pseudonymizer_manifest'] = 'config/pseudonymizer.yml'
gitlab_rails['pseudonymizer_upload_remote_directory'] = 'gitlab-elt'
gitlab_rails['pseudonymizer_upload_connection'] = {
'provider' => 'AWS',
'region' => 'eu-west-1',
'aws_access_key_id' => 'AKIAKIAKI',
'aws_secret_access_key' => 'secret123'
}
For setting up different data storing directory
###! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#storing-git-data-in-an-alternative-directory ###! If you want to use a single non-default directory to store git data use a ###! path that doesn't contain symlinks.
git_data_dirs({
"default" => {
"path" => "/mnt/nfs-01/git-data"
}
})
Gitaly settings
gitlab_rails['gitaly_token'] = 'secret token'
For storing GitLab application uploads, eg. LFS objects, build artifacts
###! Docs: https://docs.gitlab.com/ee/development/shared_files.html
gitlab_rails['shared_path'] = '/var/opt/gitlab/gitlab-rails/shared'
Wait for file system to be mounted
high_availability['mountpoint'] = ["/var/opt/gitlab/git-data", "/var/opt/gitlab/gitlab-rails/shared"]
GitLab Shell settings for GitLab
gitlab_rails['gitlab_shell_ssh_port'] = 22
gitlab_rails['gitlab_shell_git_timeout'] = 800
Extra customization
gitlab_rails['extra_google_analytics_id'] = '_your_tracking_id'
gitlab_rails['extra_piwik_url'] = '_your_piwik_url'
gitlab_rails['extra_piwik_site_id'] = '_your_piwik_site_id'
##! Docs: https://docs.gitlab.com/omnibus/settings/environment-variables.html
gitlab_rails['env'] = {
'BUNDLE_GEMFILE' => "/opt/gitlab/embedded/service/gitlab-rails/Gemfile",
'PATH' => "/opt/gitlab/bin:/opt/gitlab/embedded/bin:/bin:/usr/bin"
}
gitlab_rails['rack_attack_git_basic_auth'] = {
'enabled' => false,
'ip_whitelist' => ["127.0.0.1"],
'maxretry' => 10,
'findtime' => 60,
'bantime' => 3600
}
Prioritize the Admin Area protected paths throttle settings over the
deprecated Omnibus-managed protected paths throttle. This allows you to keep
gitlab_rails['rack_attack_git_basic_auth'] enabled to run the Git and
container registry failed authentication ban.
See gitlab#37093 (closed)
gitlab_rails['rack_attack_admin_area_protected_paths_enabled'] = true
###! We do not recommend changing these directories.
gitlab_rails['dir'] = "/var/opt/gitlab/gitlab-rails"
gitlab_rails['log_directory'] = "/var/log/gitlab/gitlab-rails"
GitLab application settings
gitlab_rails['uploads_directory'] = "/var/opt/gitlab/gitlab-rails/uploads"
gitlab_rails['rate_limit_requests_per_period'] = 10
gitlab_rails['rate_limit_period'] = 60
Change the initial default admin password and shared runner registration tokens.
####! Only applicable on initial setup, changing these settings after database ####! is created and seeded won't yield any change.
gitlab_rails['initial_root_password'] = "password"
gitlab_rails['initial_shared_runners_registration_token'] = "token"
Set path to an initial license to be used while bootstrapping GitLab.
####! **Only applicable on initial setup, future license updations need to be done via UI. ####! Updating the file specified in this path won't yield any change after the first reconfigure run.
gitlab_rails['initial_license_file'] = '/etc/gitlab/company.gitlab-license'
Enable or disable automatic database migrations
gitlab_rails['auto_migrate'] = true
This is advanced feature used by large gitlab deployments where loading
whole RAILS env takes a lot of time.
gitlab_rails['rake_cache_clear'] = true
GitLab database settings
###! Docs: https://docs.gitlab.com/omnibus/settings/database.html ###! Only needed if you use an external database.
gitlab_rails['db_adapter'] = "postgresql"
gitlab_rails['db_encoding'] = "unicode"
gitlab_rails['db_collation'] = nil
gitlab_rails['db_database'] = "gitlabhq_production"
gitlab_rails['db_pool'] = 1
gitlab_rails['db_username'] = "gitlab"
gitlab_rails['db_password'] = nil
gitlab_rails['db_host'] = nil
gitlab_rails['db_port'] = 5432
gitlab_rails['db_socket'] = nil
gitlab_rails['db_sslmode'] = nil
gitlab_rails['db_sslcompression'] = 0
gitlab_rails['db_sslrootcert'] = nil
gitlab_rails['db_sslcert'] = nil
gitlab_rails['db_sslkey'] = nil
gitlab_rails['db_prepared_statements'] = false
gitlab_rails['db_statements_limit'] = 1000
GitLab Redis settings
###! Connect to your own Redis instance ###! Docs: https://docs.gitlab.com/omnibus/settings/redis.html
Redis TCP connection
gitlab_rails['redis_host'] = "127.0.0.1"
gitlab_rails['redis_port'] = 6379
gitlab_rails['redis_ssl'] = false
gitlab_rails['redis_password'] = nil
gitlab_rails['redis_database'] = 0
gitlab_rails['redis_enable_client'] = true
Redis local UNIX socket (will be disabled if TCP method is used)
gitlab_rails['redis_socket'] = "/var/opt/gitlab/redis/redis.socket"
Sentinel support
####! To have Sentinel working, you must enable Redis TCP connection support ####! above and define a few Sentinel hosts below (to get a reliable setup ####! at least 3 hosts). ####! You don't need to list every sentinel host, but the ones not listed will ####! not be used in a fail-over situation to query for the new master.
gitlab_rails['redis_sentinels'] = [
{'host' => '127.0.0.1', 'port' => 26379},
]
Separate instances support
###! Docs: https://docs.gitlab.com/omnibus/settings/redis.html#running-with-multiple-redis-instances
gitlab_rails['redis_cache_instance'] = nil
gitlab_rails['redis_cache_sentinels'] = nil
gitlab_rails['redis_queues_instance'] = nil
gitlab_rails['redis_queues_sentinels'] = nil
gitlab_rails['redis_shared_state_instance'] = nil
gitlab_rails['redis_shared_sentinels'] = nil
GitLab email server settings
###! Docs: https://docs.gitlab.com/omnibus/settings/smtp.html ###! Use smtp instead of sendmail/postfix.
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "smtp.server"
gitlab_rails['smtp_port'] = 465
gitlab_rails['smtp_user_name'] = "smtp user"
gitlab_rails['smtp_password'] = "smtp password"
gitlab_rails['smtp_domain'] = "example.com"
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['smtp_enable_starttls_auto'] = true
gitlab_rails['smtp_tls'] = false
###! Can be: 'none', 'peer', 'client_once', 'fail_if_no_peer_cert' ###! Docs: http://api.rubyonrails.org/classes/ActionMailer/Base.html
gitlab_rails['smtp_openssl_verify_mode'] = 'none'
gitlab_rails['smtp_ca_path'] = "/etc/ssl/certs"
gitlab_rails['smtp_ca_file'] = "/etc/ssl/certs/ca-certificates.crt"
################################################################################
Container Registry settings
##! Docs: https://docs.gitlab.com/ee/administration/container_registry.html ################################################################################
registry_external_url 'https://registry.git.raykor.com'
Settings used by GitLab application
gitlab_rails['registry_enabled'] = true
gitlab_rails['registry_host'] = "registry.gitlab.example.com"
gitlab_rails['registry_port'] = "5005"
gitlab_rails['registry_path'] = "/var/opt/gitlab/gitlab-rails/shared/registry"
Notification secret, it's used to authenticate notification requests to GitLab application
You only need to change this when you use external Registry service, otherwise
it will be taken directly from notification settings of your Registry
gitlab_rails['registry_notification_secret'] = nil
###! Do not change the following 3 settings unless you know what you are ###! doing
gitlab_rails['registry_api_url'] = "http://localhost:5000"
gitlab_rails['registry_key_path'] = "/var/opt/gitlab/gitlab-rails/certificate.key"
gitlab_rails['registry_issuer'] = "omnibus-gitlab-issuer"
Settings used by Registry application
registry['enable'] = true
registry['username'] = "registry"
registry['group'] = "registry"
registry['uid'] = nil
registry['gid'] = nil
registry['dir'] = "/var/opt/gitlab/registry"
registry['registry_http_addr'] = "localhost:5000"
registry['debug_addr'] = "localhost:5001"
registry['log_directory'] = "/var/log/gitlab/registry"
registry['env_directory'] = "/opt/gitlab/etc/registry/env"
registry['env'] = {
'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
}
registry['log_level'] = "info"
registry['log_formatter'] = "text"
registry['rootcertbundle'] = "/var/opt/gitlab/registry/certificate.crt"
registry['health_storagedriver_enabled'] = true
registry['storage_delete_enabled'] = true
registry['validation_enabled'] = false
registry['autoredirect'] = false
registry['compatibility_schema1_enabled'] = false
Registry backend storage
###! Docs: https://docs.gitlab.com/ee/administration/container_registry.html#container-registry-storage-driver
registry['storage'] = {
's3' => {
'accesskey' => 'AKIAKIAKI',
'secretkey' => 'secret123',
'region' => 'us-east-1',
'bucket' => 'gitlab-registry-bucket-AKIAKIAKI'
}
}
Registry notifications endpoints
registry['notifications'] = [
{
'name' => 'test_endpoint',
'url' => 'https://gitlab.example.com/notify2',
'timeout' => '500ms',
'threshold' => 5,
'backoff' => '1s',
'headers' => {
"Authorization" => ["AUTHORIZATION_EXAMPLE_TOKEN"]
}
}
]
Default registry notifications
registry['default_notifications_timeout'] = "500ms"
registry['default_notifications_threshold'] = 5
registry['default_notifications_backoff'] = "1s"
registry['default_notifications_headers'] = {}
################################################################################
Error Reporting and Logging with Sentry
################################################################################
gitlab_rails['sentry_enabled'] = false
gitlab_rails['sentry_dsn'] = 'https://@sentry.io/'
gitlab_rails['sentry_clientside_dsn'] = 'https://@sentry.io/'
gitlab_rails['sentry_environment'] = 'production'
################################################################################
GitLab Workhorse
##! Docs: https://gitlab.com/gitlab-org/gitlab-workhorse/blob/master/README.md ################################################################################
gitlab_workhorse['enable'] = true
gitlab_workhorse['ha'] = false
gitlab_workhorse['listen_network'] = "unix"
gitlab_workhorse['listen_umask'] = 000
gitlab_workhorse['listen_addr'] = "/var/opt/gitlab/gitlab-workhorse/socket"
gitlab_workhorse['auth_backend'] = "http://localhost:8080"
##! the empty string is the default in gitlab-workhorse option parser
gitlab_workhorse['auth_socket'] = "''"
##! put an empty string on the command line
gitlab_workhorse['pprof_listen_addr'] = "''"
gitlab_workhorse['prometheus_listen_addr'] = "localhost:9229"
gitlab_workhorse['dir'] = "/var/opt/gitlab/gitlab-workhorse"
gitlab_workhorse['log_directory'] = "/var/log/gitlab/gitlab-workhorse"
gitlab_workhorse['proxy_headers_timeout'] = "1m0s"
##! limit number of concurrent API requests, defaults to 0 which is unlimited
gitlab_workhorse['api_limit'] = 0
##! limit number of API requests allowed to be queued, defaults to 0 which ##! disables queuing
gitlab_workhorse['api_queue_limit'] = 0
##! duration after which we timeout requests if they sit too long in the queue
gitlab_workhorse['api_queue_duration'] = "30s"
##! Long polling duration for job requesting for runners
gitlab_workhorse['api_ci_long_polling_duration'] = "60s"
##! Log format: default is text, can also be json or none.
gitlab_workhorse['log_format'] = "json"
gitlab_workhorse['env_directory'] = "/opt/gitlab/etc/gitlab-workhorse/env"
gitlab_workhorse['env'] = {
'PATH' => "/opt/gitlab/bin:/opt/gitlab/embedded/bin:/bin:/usr/bin",
'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
}
################################################################################
GitLab User Settings
##! Modify default git user. ##! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#changing-the-name-of-the-git-user-group ################################################################################
user['username'] = "git"
user['group'] = "git"
user['uid'] = nil
user['gid'] = nil
##! The shell for the git user
user['shell'] = "/bin/sh"
##! The home directory for the git user
user['home'] = "/var/opt/gitlab"
user['git_user_name'] = "GitLab"
user['git_user_email'] = "gitlab@#{node['fqdn']}"
################################################################################
GitLab Unicorn
##! Tweak unicorn settings. ##! Docs: https://docs.gitlab.com/omnibus/settings/unicorn.html ################################################################################
unicorn['enable'] = true
unicorn['worker_timeout'] = 60
###! Minimum worker_processes is 2 at this moment ###! See gitlab-foss#18771 (moved)
unicorn['worker_processes'] = 2
Advanced settings
unicorn['listen'] = 'localhost'
unicorn['port'] = 8080
unicorn['socket'] = '/var/opt/gitlab/gitlab-rails/sockets/gitlab.socket'
unicorn['pidfile'] = '/opt/gitlab/var/unicorn/unicorn.pid'
unicorn['tcp_nopush'] = true
unicorn['backlog_socket'] = 1024
###! Make sure somaxconn is equal or higher then backlog_socket
unicorn['somaxconn'] = 1024
###! We do not recommend changing this setting
unicorn['log_directory'] = "/var/log/gitlab/unicorn"
Only change these settings if you understand well what they mean
###! Docs: https://docs.gitlab.com/ee/administration/operations/unicorn.html#unicorn-worker-killer ###! https://github.com/kzk/unicorn-worker-killer
unicorn['worker_memory_limit_min'] = "1024 * 1 << 20"
unicorn['worker_memory_limit_max'] = "1280 * 1 << 20"
unicorn['exporter_enabled'] = false
unicorn['exporter_address'] = "127.0.0.1"
unicorn['exporter_port'] = 8083
################################################################################
GitLab Puma
##! Tweak puma settings. You should only use Unicorn or Puma, not both. ##! Docs: https://docs.gitlab.com/omnibus/settings/puma.html ################################################################################
puma['enable'] = false
puma['ha'] = false
puma['worker_timeout'] = 60
puma['worker_processes'] = 2
puma['min_threads'] = 1
puma['max_threads'] = 16
Advanced settings
puma['listen'] = '127.0.0.1'
puma['port'] = 8080
puma['socket'] = '/var/opt/gitlab/gitlab-rails/sockets/gitlab.socket'
puma['pidfile'] = '/opt/gitlab/var/puma/puma.pid'
puma['state_path'] = '/opt/gitlab/var/puma/puma.state'
###! We do not recommend changing this setting
puma['log_directory'] = "/var/log/gitlab/puma"
Only change these settings if you understand well what they mean
###! Docs: https://github.com/schneems/puma_worker_killer
puma['per_worker_max_memory_mb'] = 850
puma['exporter_enabled'] = false
puma['exporter_address'] = "127.0.0.1"
puma['exporter_port'] = 8083
################################################################################
GitLab Sidekiq
################################################################################
sidekiq['log_directory'] = "/var/log/gitlab/sidekiq"
sidekiq['log_format'] = "json"
sidekiq['shutdown_timeout'] = 4
sidekiq['concurrency'] = 25
sidekiq['metrics_enabled'] = true
sidekiq['listen_address'] = "localhost"
sidekiq['listen_port'] = 8082
################################################################################
gitlab-shell
################################################################################
gitlab_shell['audit_usernames'] = false
gitlab_shell['log_level'] = 'INFO'
gitlab_shell['log_format'] = 'json'
gitlab_shell['http_settings'] = { user: 'username', password: 'password', ca_file: '/etc/ssl/cert.pem', ca_path: '/etc/pki/tls/certs', self_signed_cert: false}
gitlab_shell['log_directory'] = "/var/log/gitlab/gitlab-shell/"
gitlab_shell['custom_hooks_dir'] = "/opt/gitlab/embedded/service/gitlab-shell/hooks"
gitlab_shell['auth_file'] = "/var/opt/gitlab/.ssh/authorized_keys"
Migration to Go feature flags
###! Docs: https://gitlab.com/gitlab-org/gitlab-shell#migration-to-go-feature-flags
gitlab_shell['migration'] = { enabled: true, features: [] }
Git trace log file.
###! If set, git commands receive GIT_TRACE* environment variables ###! Docs: https://git-scm.com/book/es/v2/Git-Internals-Environment-Variables#Debugging ###! An absolute path starting with / – the trace output will be appended to ###! that file. It needs to exist so we can check permissions and avoid ###! throwing warnings to the users.
gitlab_shell['git_trace_log_file'] = "/var/log/gitlab/gitlab-shell/gitlab-shell-git-trace.log"
##! We do not recommend changing this directory.
gitlab_shell['dir'] = "/var/opt/gitlab/gitlab-shell"
################################################################
GitLab PostgreSQL
################################################################
###! Changing any of these settings requires a restart of postgresql. ###! By default, reconfigure reloads postgresql if it is running. If you ###! change any of these settings, be sure to run
gitlab-ctl restart postgresql###! after reconfigure in order for the changes to take effect.postgresql['enable'] = true
postgresql['listen_address'] = nil
postgresql['port'] = 5432
postgresql['data_dir'] = "/var/opt/gitlab/postgresql/data"
##! recommend value is 1/4 of total RAM, up to 14GB.
postgresql['shared_buffers'] = "256MB"
Advanced settings
postgresql['ha'] = false
postgresql['dir'] = "/var/opt/gitlab/postgresql"
postgresql['log_directory'] = "/var/log/gitlab/postgresql"
postgresql['log_destination'] = nil
postgresql['logging_collector'] = nil
postgresql['log_truncate_on_rotation'] = nil
postgresql['log_rotation_age'] = nil
postgresql['log_rotation_size'] = nil
postgresql['username'] = "gitlab-psql"
postgresql['group'] = "gitlab-psql"
##!
SQL_USER_PASSWORD_HASHcan be generated using the commandgitlab-ctl pg-password-md5 gitlabpostgresql['sql_user_password'] = 'SQL_USER_PASSWORD_HASH'
postgresql['uid'] = nil
postgresql['gid'] = nil
postgresql['shell'] = "/bin/sh"
postgresql['home'] = "/var/opt/gitlab/postgresql"
postgresql['user_path'] = "/opt/gitlab/embedded/bin:/opt/gitlab/bin:$PATH"
postgresql['sql_user'] = "gitlab"
postgresql['max_connections'] = 200
postgresql['md5_auth_cidr_addresses'] = []
postgresql['trust_auth_cidr_addresses'] = []
postgresql['wal_buffers'] = "-1"
postgresql['autovacuum_max_workers'] = "3"
postgresql['autovacuum_freeze_max_age'] = "200000000"
postgresql['log_statement'] = nil
postgresql['track_activity_query_size'] = "1024"
postgresql['shared_preload_libraries'] = nil
postgresql['dynamic_shared_memory_type'] = nil
postgresql['hot_standby'] = "off"
SSL settings
See https://www.postgresql.org/docs/9.6/static/runtime-config-connection.html#GUC-SSL-CERT-FILE for more details
postgresql['ssl'] = 'on'
postgresql['ssl_ciphers'] = 'HIGH:MEDIUM:+3DES:!aNULL:!SSLv3:!TLSv1'
postgresql['ssl_cert_file'] = 'server.crt'
postgresql['ssl_key_file'] = 'server.key'
postgresql['ssl_ca_file'] = '/opt/gitlab/embedded/ssl/certs/cacert.pem'
postgresql['ssl_crl_file'] = nil
Replication settings
###! Note, some replication settings do not require a full restart. They are documented below.
postgresql['wal_level'] = "hot_standby"
postgresql['max_wal_senders'] = 5
postgresql['max_replication_slots'] = 0
postgresql['max_locks_per_transaction'] = 128
Backup/Archive settings
postgresql['archive_mode'] = "off"
###! Changing any of these settings only requires a reload of postgresql. You do not need to ###! restart postgresql if you change any of these and run reconfigure.
postgresql['work_mem'] = "16MB"
postgresql['maintenance_work_mem'] = "16MB"
postgresql['checkpoint_segments'] = 10
postgresql['checkpoint_timeout'] = "5min"
postgresql['checkpoint_completion_target'] = 0.9
postgresql['effective_io_concurrency'] = 1
postgresql['checkpoint_warning'] = "30s"
postgresql['effective_cache_size'] = "1MB"
postgresql['shmmax'] = 17179869184 # or 4294967295
postgresql['shmall'] = 4194304 # or 1048575
postgresql['autovacuum'] = "on"
postgresql['log_autovacuum_min_duration'] = "-1"
postgresql['autovacuum_naptime'] = "1min"
postgresql['autovacuum_vacuum_threshold'] = "50"
postgresql['autovacuum_analyze_threshold'] = "50"
postgresql['autovacuum_vacuum_scale_factor'] = "0.02"
postgresql['autovacuum_analyze_scale_factor'] = "0.01"
postgresql['autovacuum_vacuum_cost_delay'] = "20ms"
postgresql['autovacuum_vacuum_cost_limit'] = "-1"
postgresql['statement_timeout'] = "60000"
postgresql['idle_in_transaction_session_timeout'] = "60000"
postgresql['log_line_prefix'] = "%a"
postgresql['max_worker_processes'] = 8
postgresql['max_parallel_workers_per_gather'] = 0
postgresql['log_lock_waits'] = 1
postgresql['deadlock_timeout'] = '5s'
postgresql['track_io_timing'] = 0
postgresql['default_statistics_target'] = 1000
Available in PostgreSQL 9.6 and later
postgresql['min_wal_size'] = 80MB
postgresql['max_wal_size'] = 1GB
Backup/Archive settings
postgresql['archive_command'] = nil
postgresql['archive_timeout'] = "0"
Replication settings
postgresql['sql_replication_user'] = "gitlab_replicator"
postgresql['sql_replication_password'] = "md5 hash of postgresql password" # You can generate with
gitlab-ctl pg-password-md5 <dbuser>postgresql['wal_keep_segments'] = 10
postgresql['max_standby_archive_delay'] = "30s"
postgresql['max_standby_streaming_delay'] = "30s"
postgresql['synchronous_commit'] = on
postgresql['synchronous_standby_names'] = ''
postgresql['hot_standby_feedback'] = 'off'
postgresql['random_page_cost'] = 2.0
postgresql['log_temp_files'] = -1
postgresql['log_checkpoints'] = 'off'
To add custom entries to pg_hba.conf use the following
postgresql['custom_pg_hba_entries'] = {
APPLICATION: [ # APPLICATION should identify what the settings are used for
{
type: example,
database: example,
user: example,
cidr: example,
method: example,
option: example
}
]
}
See https://www.postgresql.org/docs/9.6/static/auth-pg-hba-conf.html for an explanation
of the values
Version settings
Set this if you have disabled the bundled PostgreSQL but still want to use the backup rake tasks
postgresql['version'] = 10
################################################################################
GitLab Redis
##! Can be disabled if you are using your own Redis instance. ##! Docs: https://docs.gitlab.com/omnibus/settings/redis.html ################################################################################
redis['enable'] = true
redis['ha'] = false
redis['hz'] = 10
redis['dir'] = "/var/opt/gitlab/redis"
redis['log_directory'] = "/var/log/gitlab/redis"
redis['username'] = "gitlab-redis"
redis['group'] = "gitlab-redis"
redis['maxclients'] = "10000"
redis['maxmemory'] = "0"
redis['maxmemory_policy'] = "noeviction"
redis['maxmemory_samples'] = "5"
redis['tcp_backlog'] = 511
redis['tcp_timeout'] = "60"
redis['tcp_keepalive'] = "300"
redis['uid'] = nil
redis['gid'] = nil
Disable or obfuscate unnecessary redis command names
Uncomment and edit this block to add or remove entries.
See https://docs.gitlab.com/omnibus/settings/redis.html#renamed-commands
for detailed usage
redis['rename_commands'] = {
'KEYS': ''
#}
###! To enable only Redis service in this machine, uncomment ###! one of the lines below (choose master or slave instance types). ###! Docs: https://docs.gitlab.com/omnibus/settings/redis.html ###! https://docs.gitlab.com/ee/administration/high_availability/redis.html
redis_master_role['enable'] = true
redis_slave_role['enable'] = true
Redis TCP support (will disable UNIX socket transport)
redis['bind'] = '0.0.0.0' # or specify an IP to bind to a single one
redis['port'] = 6379
redis['password'] = 'redis-password-goes-here'
Redis Sentinel support
###! You need a master slave Redis replication to be able to do failover ###! Please read the documentation before enabling it to understand the ###! caveats: ###! Docs: https://docs.gitlab.com/ee/administration/high_availability/redis.html
Replication support
Slave Redis instance
redis['master'] = false # by default this is true
Slave and Sentinel shared configuration
####! Both need to point to the master Redis instance to get replication and ####! heartbeat monitoring
redis['master_name'] = 'gitlab-redis'
redis['master_ip'] = nil
redis['master_port'] = 6379
Support to run redis slaves in a Docker or NAT environment
####! Docs: https://redis.io/topics/replication#configuring-replication-in-docker-and-nat
redis['announce_ip'] = nil
redis['announce_port'] = nil
####! Master password should have the same value defined in ####! redis['password'] to enable the instance to transition to/from ####! master/slave in a failover event.
redis['master_password'] = 'redis-password-goes-here'
####! Increase these values when your slaves can't catch up with master
redis['client_output_buffer_limit_normal'] = '0 0 0'
redis['client_output_buffer_limit_slave'] = '256mb 64mb 60'
redis['client_output_buffer_limit_pubsub'] = '32mb 8mb 60'
#####! Redis snapshotting frequency #####! Set to [] to disable #####! Set to [''] to clear previously set values
redis['save'] = [ '900 1', '300 10', '60 10000' ]
################################################################################
GitLab Web server
##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#using-a-non-bundled-web-server ################################################################################
##! When bundled nginx is disabled we need to add the external webserver user to ##! the GitLab webserver group.
web_server['external_users'] = []
web_server['username'] = 'gitlab-www'
web_server['group'] = 'gitlab-www'
web_server['uid'] = nil
web_server['gid'] = nil
web_server['shell'] = '/bin/false'
web_server['home'] = '/var/opt/gitlab/nginx'
################################################################################
GitLab NGINX
##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html ################################################################################
nginx['enable'] = true
nginx['client_max_body_size'] = '250m'
nginx['redirect_http_to_https'] = false
nginx['redirect_http_to_https_port'] = 80
##! Most root CA's are included by default
nginx['ssl_client_certificate'] = "/etc/gitlab/ssl/ca.crt"
##! enable/disable 2-way SSL client authentication
nginx['ssl_verify_client'] = "off"
##! if ssl_verify_client on, verification depth in the client certificates chain
nginx['ssl_verify_depth'] = "1"
nginx['ssl_certificate'] = "/etc/gitlab/ssl/#{node['fqdn']}.crt"
nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/#{node['fqdn']}.key"
nginx['ssl_ciphers'] = "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256"
nginx['ssl_prefer_server_ciphers'] = "on"
##! Recommended by: https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html ##! https://cipherli.st/
nginx['ssl_protocols'] = "TLSv1.2 TLSv1.3"
##! Recommended in: https://nginx.org/en/docs/http/ngx_http_ssl_module.html
nginx['ssl_session_cache'] = "builtin:1000 shared:SSL:10m"
##! Default according to https://nginx.org/en/docs/http/ngx_http_ssl_module.html
nginx['ssl_session_timeout'] = "5m"
nginx['ssl_dhparam'] = nil # Path to dhparams.pem, eg. /etc/gitlab/ssl/dhparams.pem
nginx['listen_addresses'] = ['*', '[::]']
##! Defaults to forcing web browsers to always communicate using only HTTPS ##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#setting-http-strict-transport-security
nginx['hsts_max_age'] = 31536000
nginx['hsts_include_subdomains'] = false
##! Defaults to stripping path information when making cross-origin requests
nginx['referrer_policy'] = 'strict-origin-when-cross-origin'
##! Docs: http://nginx.org/en/docs/http/ngx_http_gzip_module.html
nginx['gzip_enabled'] = true
##! Override only if you use a reverse proxy ##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#setting-the-nginx-listen-port
nginx['listen_port'] = nil
##! Override only if your reverse proxy internally communicates over HTTP ##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#supporting-proxied-ssl
nginx['listen_https'] = nil
nginx['custom_gitlab_server_config'] = "location ^~ /foo-namespace/bar-project/raw/ {\n deny all;\n}\n"
nginx['custom_nginx_config'] = "include /etc/nginx/conf.d/example.conf;"
nginx['proxy_read_timeout'] = 3600
nginx['proxy_connect_timeout'] = 300
nginx['proxy_set_headers'] = {
"Host" => "$http_host_with_default",
"X-Real-IP" => "$remote_addr",
"X-Forwarded-For" => "$proxy_add_x_forwarded_for",
"X-Forwarded-Proto" => "https",
"X-Forwarded-Ssl" => "on",
"Upgrade" => "$http_upgrade",
"Connection" => "$connection_upgrade"
}
nginx['proxy_cache_path'] = 'proxy_cache keys_zone=gitlab:10m max_size=1g levels=1:2'
nginx['proxy_cache'] = 'gitlab'
nginx['http2_enabled'] = true
nginx['real_ip_trusted_addresses'] = []
nginx['real_ip_header'] = nil
nginx['real_ip_recursive'] = nil
nginx['custom_error_pages'] = {
'404' => {
'title' => 'Example title',
'header' => 'Example header',
'message' => 'Example message'
}
}
Advanced settings
nginx['dir'] = "/var/opt/gitlab/nginx"
nginx['log_directory'] = "/var/log/gitlab/nginx"
nginx['worker_processes'] = 4
nginx['worker_connections'] = 10240
nginx['log_format'] = '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"'
nginx['sendfile'] = 'on'
nginx['tcp_nopush'] = 'on'
nginx['tcp_nodelay'] = 'on'
nginx['gzip'] = "on"
nginx['gzip_http_version'] = "1.0"
nginx['gzip_comp_level'] = "2"
nginx['gzip_proxied'] = "any"
nginx['gzip_types'] = [ "text/plain", "text/css", "application/x-javascript", "text/xml", "application/xml", "application/xml+rss", "text/javascript", "application/json" ]
nginx['keepalive_timeout'] = 65
nginx['cache_max_size'] = '5000m'
nginx['server_names_hash_bucket_size'] = 64
##! These paths have proxy_request_buffering disabled
nginx['request_buffering_off_path_regex'] = ".git/git-receive-pack$|.git/info/refs?service=git-receive-pack$|.git/gitlab-lfs/objects|.git/info/lfs/objects/batch$"
Nginx status
nginx['status'] = {
"enable" => true,
"listen_addresses" => ["127.0.0.1"],
"fqdn" => "dev.example.com",
"port" => 9999,
"vts_enable" => true,
"options" => {
"stub_status" => "on", # Turn on stats
"server_tokens" => "off", # Don't show the version of NGINX
"access_log" => "off", # Disable logs for stats
"allow" => "127.0.0.1", # Only allow access from localhost
"deny" => "all" # Deny access to anyone else
}
}
################################################################################
GitLab Logging
##! Docs: https://docs.gitlab.com/omnibus/settings/logs.html ################################################################################
logging['svlogd_size'] = 200 * 1024 * 1024 # rotate after 200 MB of log data
logging['svlogd_num'] = 30 # keep 30 rotated log files
logging['svlogd_timeout'] = 24 * 60 * 60 # rotate after 24 hours
logging['svlogd_filter'] = "gzip" # compress logs with gzip
logging['svlogd_udp'] = nil # transmit log messages via UDP
logging['svlogd_prefix'] = nil # custom prefix for log messages
logging['logrotate_frequency'] = "daily" # rotate logs daily
logging['logrotate_maxsize'] = nil # rotate logs when they grow bigger than size bytes even before the specified time interval (daily, weekly, monthly, or yearly)
logging['logrotate_size'] = nil # do not rotate by size by default
logging['logrotate_rotate'] = 30 # keep 30 rotated logs
logging['logrotate_compress'] = "compress" # see 'man logrotate'
logging['logrotate_method'] = "copytruncate" # see 'man logrotate'
logging['logrotate_postrotate'] = nil # no postrotate command by default
logging['logrotate_dateformat'] = nil # use date extensions for rotated files rather than numbers e.g. a value of "-%Y-%m-%d" would give rotated files like production.log-2016-03-09.gz
UDP log forwarding
##! Docs: http://docs.gitlab.com/omnibus/settings/logs.html#udp-log-forwarding
##! remote host to ship log messages to via UDP
logging['udp_log_shipping_host'] = nil
##! override the hostname used when logs are shipped via UDP,
by default the system hostname will be used.
logging['udp_log_shipping_hostname'] = nil
##! remote port to ship log messages to via UDP
logging['udp_log_shipping_port'] = 514
################################################################################
Logrotate
##! Docs: https://docs.gitlab.com/omnibus/settings/logs.html#logrotate ##! You can disable built in logrotate feature. ################################################################################
logrotate['enable'] = true
logrotate['log_directory'] = "/var/log/gitlab/logrotate"
################################################################################
Users and groups accounts
##! Disable management of users and groups accounts. ##! Set only if creating accounts manually ##! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#disable-user-and-group-account-management ################################################################################
manage_accounts['enable'] = false
################################################################################
Storage directories
##! Disable managing storage directories ##! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#disable-storage-directories-management ################################################################################
##! Set only if the select directories are created manually
manage_storage_directories['enable'] = false
manage_storage_directories['manage_etc'] = false
################################################################################
Runtime directory
##! Docs: https://docs.gitlab.com//omnibus/settings/configuration.html#configuring-runtime-directory ################################################################################
runtime_dir '/run'
################################################################################
Git
##! Advanced setting for configuring git system settings for omnibus-gitlab ##! internal git ################################################################################
##! For multiple options under one header use array of comma separated values, ##! eg.: ##! { "receive" => ["fsckObjects = true"], "alias" => ["st = status", "co = checkout"] }
omnibus_gitconfig['system'] = {
"pack" => ["threads = 1"],
"receive" => ["fsckObjects = true", "advertisePushOptions = true"],
"repack" => ["writeBitmaps = true"],
"transfer" => ["hideRefs=^refs/tmp/", "hideRefs=^refs/keep-around/", "hideRefs=^refs/remotes/"],
}
################################################################################
GitLab Pages
##! Docs: https://docs.gitlab.com/ee/pages/administration.html ################################################################################
##! Define to enable GitLab Pages
pages_external_url "http://pages.example.com/"
gitlab_pages['enable'] = false
##! Configure to expose GitLab Pages on external IP address, serving the HTTP
gitlab_pages['external_http'] = []
##! Configure to expose GitLab Pages on external IP address, serving the HTTPS
gitlab_pages['external_https'] = []
##! Configure to use the default list of cipher suites
gitlab_pages['insecure_ciphers'] = false
##! Configure to enable health check endpoint on GitLab Pages
gitlab_pages['status_uri'] = "/@status"
##! Tune the maximum number of concurrent connections GitLab Pages will handle. ##! This should be in the range 1 - 10000, defaulting to 5000.
gitlab_pages['max_connections'] = 5000
##! Configure to use JSON structured logging in GitLab Pages
gitlab_pages['log_format'] = "json"
##! Configure verbose logging for GitLab Pages
gitlab_pages['log_verbose'] = false
##! Error Reporting and Logging with Sentry
gitlab_pages['sentry_enabled'] = false
gitlab_pages['sentry_dsn'] = 'https://@sentry.io/'
gitlab_pages['sentry_environment'] = 'production'
##! Listen for requests forwarded by reverse proxy
gitlab_pages['listen_proxy'] = "localhost:8090"
##! Configure GitLab Pages to use an HTTP Proxy
gitlab_pages['http_proxy'] = "http://example:8080"
gitlab_pages['redirect_http'] = true
gitlab_pages['use_http2'] = true
gitlab_pages['dir'] = "/var/opt/gitlab/gitlab-pages"
gitlab_pages['log_directory'] = "/var/log/gitlab/gitlab-pages"
gitlab_pages['artifacts_server'] = true
gitlab_pages['artifacts_server_url'] = nil # Defaults to external_url + '/api/v4'
gitlab_pages['artifacts_server_timeout'] = 10
##! Environments that do not support bind-mounting should set this parameter to ##! true. This is incompatible with the artifacts server
gitlab_pages['inplace_chroot'] = false
##! Prometheus metrics for Pages docs: https://gitlab.com/gitlab-org/gitlab-pages/#enable-prometheus-metrics
gitlab_pages['metrics_address'] = ":9235"
##! Specifies the minimum SSL/TLS version ("ssl3", "tls1.0", "tls1.1" or "tls1.2")
gitlab_pages['tls_min_version'] = "ssl3"
##! Specifies the maximum SSL/TLS version ("ssl3", "tls1.0", "tls1.1" or "tls1.2")
gitlab_pages['tls_max_version'] = "tls1.2"
##! Pages access control
gitlab_pages['access_control'] = false
gitlab_pages['gitlab_id'] = nil # Automatically generated if not present
gitlab_pages['gitlab_secret'] = nil # Generated if not present
gitlab_pages['auth_redirect_uri'] = nil # Defaults to projects subdomain of pages_external_url and + '/auth'
gitlab_pages['gitlab_server'] = nil # Defaults to external_url
gitlab_pages['auth_secret'] = nil # Generated if not present
##! GitLab API HTTP client connection timeout
gitlab_pages['gitlab_client_http_timeout'] = "10s"
##! GitLab API JWT Token expiry time"
gitlab_pages['gitlab_client_jwt_expiry'] = "30s"
##! Define custom gitlab-pages HTTP headers for the whole instance
gitlab_pages['headers'] = []
##! Shared secret used for authentication between Pages and GitLab
gitlab_pages['api_secret_key'] = nil # Will be generated if not set. Base64 encoded and exactly 32 bytes long.
################################################################################
GitLab Pages NGINX
################################################################################
All the settings defined in the "GitLab Nginx" section are also available in
this "GitLab Pages NGINX" section, using the key
pages_nginx. However,those settings should be explicitly set. That is, settings given as
nginx['some_setting']WILL NOT be automatically replicated as
pages_nginx['some_setting']and should be set separately.Below you can find settings that are exclusive to "GitLab Pages NGINX"
pages_nginx['enable'] = false
gitlab_rails['pages_path'] = "/var/opt/gitlab/gitlab-rails/shared/pages"
################################################################################
GitLab CI
##! Docs: https://docs.gitlab.com/ee/ci/quick_start/README.html ################################################################################
gitlab_ci['gitlab_ci_all_broken_builds'] = true
gitlab_ci['gitlab_ci_add_pusher'] = true
gitlab_ci['builds_directory'] = '/var/opt/gitlab/gitlab-ci/builds'
################################################################################
GitLab Mattermost
##! Docs: https://docs.gitlab.com/omnibus/gitlab-mattermost ################################################################################
mattermost_external_url 'http://mattermost.example.com'
mattermost['enable'] = false
mattermost['username'] = 'mattermost'
mattermost['group'] = 'mattermost'
mattermost['uid'] = nil
mattermost['gid'] = nil
mattermost['home'] = '/var/opt/gitlab/mattermost'
mattermost['database_name'] = 'mattermost_production'
mattermost['env'] = {
'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
}
mattermost['service_address'] = "127.0.0.1"
mattermost['service_port'] = "8065"
mattermost['service_site_url'] = nil
mattermost['service_allowed_untrusted_internal_connections'] = ""
mattermost['service_enable_api_team_deletion'] = true
mattermost['team_site_name'] = "GitLab Mattermost"
mattermost['sql_driver_name'] = 'mysql'
mattermost['sql_data_source'] = "mmuser:mostest@tcp(dockerhost:3306)/mattermost_test?charset=utf8mb4,utf8"
mattermost['log_file_directory'] = '/var/log/gitlab/mattermost/'
mattermost['gitlab_enable'] = false
mattermost['gitlab_id'] = "12345656"
mattermost['gitlab_secret'] = "123456789"
mattermost['gitlab_scope'] = ""
mattermost['gitlab_auth_endpoint'] = "http://gitlab.example.com/oauth/authorize"
mattermost['gitlab_token_endpoint'] = "http://gitlab.example.com/oauth/token"
mattermost['gitlab_user_api_endpoint'] = "http://gitlab.example.com/api/v4/user"
mattermost['file_directory'] = "/var/opt/gitlab/mattermost/data"
mattermost['plugin_directory'] = "/var/opt/gitlab/mattermost/plugins"
mattermost['plugin_client_directory'] = "/var/opt/gitlab/mattermost/client-plugins"
################################################################################
Mattermost NGINX
################################################################################
All the settings defined in the "GitLab Nginx" section are also available in
this "Mattermost NGINX" section, using the key
mattermost_nginx. However,those settings should be explicitly set. That is, settings given as
nginx['some_setting']WILL NOT be automatically replicated as
mattermost_nginx['some_setting']and should be set separately.Below you can find settings that are exclusive to "Mattermost NGINX"
mattermost_nginx['enable'] = false
mattermost_nginx['custom_gitlab_mattermost_server_config'] = "location ^~ /foo-namespace/bar-project/raw/ {\n deny all;\n}\n"
mattermost_nginx['proxy_set_headers'] = {
"Host" => "$http_host",
"X-Real-IP" => "$remote_addr",
"X-Forwarded-For" => "$proxy_add_x_forwarded_for",
"X-Frame-Options" => "SAMEORIGIN",
"X-Forwarded-Proto" => "https",
"X-Forwarded-Ssl" => "on",
"Upgrade" => "$http_upgrade",
"Connection" => "$connection_upgrade"
}
################################################################################
Registry NGINX
################################################################################
All the settings defined in the "GitLab Nginx" section are also available in
this "Registry NGINX" section, using the key
registry_nginx. However, thosesettings should be explicitly set. That is, settings given as
nginx['some_setting']WILL NOT be automatically replicated as
registry_nginx['some_setting']and should be set separately.Below you can find settings that are exclusive to "Registry NGINX"
registry_nginx['enable'] = false
registry_nginx['proxy_set_headers'] = {
"Host" => "$http_host",
"X-Real-IP" => "$remote_addr",
"X-Forwarded-For" => "$proxy_add_x_forwarded_for",
"X-Forwarded-Proto" => "https",
"X-Forwarded-Ssl" => "on"
}
When the registry is automatically enabled using the same domain as
external_url,it listens on this port
registry_nginx['listen_port'] = 5050
################################################################################
Prometheus
##! Docs: https://docs.gitlab.com/ee/administration/monitoring/prometheus/ ################################################################################
###! To enable only Monitoring service in this machine, uncomment ###! the line below. ###! Docs: https://docs.gitlab.com/ee/administration/high_availability
monitoring_role['enable'] = true
prometheus['enable'] = true
prometheus['monitor_kubernetes'] = true
prometheus['username'] = 'gitlab-prometheus'
prometheus['group'] = 'gitlab-prometheus'
prometheus['uid'] = nil
prometheus['gid'] = nil
prometheus['shell'] = '/bin/sh'
prometheus['home'] = '/var/opt/gitlab/prometheus'
prometheus['log_directory'] = '/var/log/gitlab/prometheus'
prometheus['rules_files'] = ['/var/opt/gitlab/prometheus/rules/*.rules']
prometheus['scrape_interval'] = 15
prometheus['scrape_timeout'] = 15
prometheus['env_directory'] = '/opt/gitlab/etc/prometheus/env'
prometheus['env'] = {
'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
}
Custom scrape configs
Prometheus can scrape additional jobs via scrape_configs. The default automatically
includes all of the exporters supported by the omnibus config.
See: https://prometheus.io/docs/operating/configuration/#<scrape_config>
Example:
prometheus['scrape_configs'] = [
{
'job_name': 'example',
'static_configs' => [
'targets' => ['hostname:port'],
],
},
]
Custom alertmanager config
To configure external alertmanagers, create an alertmanager config.
See: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config
prometheus['alertmanagers'] = [
{
'static_configs' => [
{
'targets' => [
'hostname:port'
]
}
]
}
]
Custom Prometheus flags
prometheus['flags'] = {
'storage.tsdb.path' => "/var/opt/gitlab/prometheus/data",
'storage.tsdb.retention.time' => "15d",
'config.file' => "/var/opt/gitlab/prometheus/prometheus.yml"
}
##! Advanced settings. Should be changed only if absolutely needed.
prometheus['listen_address'] = 'localhost:9090'
################################################################################
Prometheus Alertmanager
################################################################################
alertmanager['enable'] = true
alertmanager['home'] = '/var/opt/gitlab/alertmanager'
alertmanager['log_directory'] = '/var/log/gitlab/alertmanager'
alertmanager['admin_email'] = 'admin@example.com'
alertmanager['flags'] = {
'web.listen-address' => "localhost:9093"
'storage.path' => "/var/opt/gitlab/alertmanager/data"
'config.file' => "/var/opt/gitlab/alertmanager/alertmanager.yml"
}
alertmanager['env_directory'] = '/opt/gitlab/etc/alertmanager/env'
alertmanager['env'] = {
'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
}
##! Advanced settings. Should be changed only if absolutely needed.
alertmanager['listen_address'] = 'localhost:9093'
alertmanager['global'] = {}
################################################################################
Prometheus Node Exporter
##! Docs: https://docs.gitlab.com/ee/administration/monitoring/prometheus/node_exporter.html ################################################################################
node_exporter['enable'] = true
node_exporter['home'] = '/var/opt/gitlab/node-exporter'
node_exporter['log_directory'] = '/var/log/gitlab/node-exporter'
node_exporter['flags'] = {
'collector.textfile.directory' => "/var/opt/gitlab/node-exporter/textfile_collector"
}
node_exporter['env_directory'] = '/opt/gitlab/etc/node-exporter/env'
node_exporter['env'] = {
'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
}
##! Advanced settings. Should be changed only if absolutely needed.
node_exporter['listen_address'] = 'localhost:9100'
################################################################################
Prometheus Redis exporter
##! Docs: https://docs.gitlab.com/ee/administration/monitoring/prometheus/redis_exporter.html ################################################################################
redis_exporter['enable'] = true
redis_exporter['log_directory'] = '/var/log/gitlab/redis-exporter'
redis_exporter['flags'] = {
'redis.addr' => "unix:///var/opt/gitlab/redis/redis.socket",
}
redis_exporter['env_directory'] = '/opt/gitlab/etc/redis-exporter/env'
redis_exporter['env'] = {
'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
}
##! Advanced settings. Should be changed only if absolutely needed.
redis_exporter['listen_address'] = 'localhost:9121'
################################################################################
Prometheus Postgres exporter
##! Docs: https://docs.gitlab.com/ee/administration/monitoring/prometheus/postgres_exporter.html ################################################################################
postgres_exporter['enable'] = true
postgres_exporter['home'] = '/var/opt/gitlab/postgres-exporter'
postgres_exporter['log_directory'] = '/var/log/gitlab/postgres-exporter'
postgres_exporter['flags'] = {}
postgres_exporter['listen_address'] = 'localhost:9187'
postgres_exporter['env_directory'] = '/opt/gitlab/etc/postgres-exporter/env'
postgres_exporter['env'] = {
'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
}
postgres_exporter['sslmode'] = nil
################################################################################
Prometheus PgBouncer exporter (EE only)
##! Docs: https://docs.gitlab.com/ee/administration/monitoring/prometheus/pgbouncer_exporter.html ################################################################################
pgbouncer_exporter['enable'] = false
pgbouncer_exporter['log_directory'] = "/var/log/gitlab/pgbouncer-exporter"
pgbouncer_exporter['listen_address'] = 'localhost:9188'
pgbouncer_exporter['env_directory'] = '/opt/gitlab/etc/pgbouncer-exporter/env'
pgbouncer_exporter['env'] = {
'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
}
################################################################################
Prometheus Gitlab exporter
##! Docs: https://docs.gitlab.com/ee/administration/monitoring/prometheus/gitlab_exporter.html ################################################################################
gitlab_exporter['enable'] = true
gitlab_exporter['log_directory'] = "/var/log/gitlab/gitlab-exporter"
gitlab_exporter['home'] = "/var/opt/gitlab/gitlab-exporter"
##! Advanced settings. Should be changed only if absolutely needed.
gitlab_exporter['listen_address'] = 'localhost'
gitlab_exporter['listen_port'] = '9168'
##! Manage gitlab-exporter sidekiq probes. false by default when Sentinels are ##! found.
gitlab_exporter['probe_sidekiq'] = true
To completely disable prometheus, and all of it's exporters, set to false
prometheus_monitoring['enable'] = true
################################################################################
Grafana Dashboards
##! Docs: https://docs.gitlab.com/ee/administration/monitoring/prometheus/#prometheus-as-a-grafana-data-source ################################################################################
grafana['enable'] = true
grafana['log_directory'] = '/var/log/gitlab/grafana'
grafana['home'] = '/var/opt/gitlab/grafana'
grafana['admin_password'] = 'admin'
grafana['allow_user_sign_up'] = false
grafana['basic_auth_enabled'] = false
grafana['disable_login_form'] = true
grafana['gitlab_application_id'] = 'GITLAB_APPLICATION_ID'
grafana['gitlab_secret'] = 'GITLAB_SECRET'
grafana['env_directory'] = '/opt/gitlab/etc/grafana/env'
grafana['allowed_groups'] = []
grafana['gitlab_auth_sign_up'] = true
grafana['env'] = {
'SSL_CERT_DIR' => "#{node['package']['install-dir']}/embedded/ssl/certs/"
}
grafana['metrics_enabled'] = false
grafana['metrics_basic_auth_username'] = 'grafana_metrics' # default: nil
grafana['metrics_basic_auth_password'] = 'please_set_a_unique_password' # default: nil
Dashboards
See: http://docs.grafana.org/administration/provisioning/#dashboards
NOTE: Setting this will override the default.
grafana['dashboards'] = [
{
'name' => 'GitLab Omnibus',
'orgId' => 1,
'folder' => 'GitLab Omnibus',
'type' => 'file',
'disableDeletion' => true,
'updateIntervalSeconds' => 600,
'options' => {
'path' => '/opt/gitlab/embedded/service/grafana-dashboards',
}
}
]
Datasources
See: http://docs.grafana.org/administration/provisioning/#example-datasource-config-file
NOTE: Setting this will override the default.
grafana['datasources'] = [
{
'name' => 'GitLab Omnibus',
'type' => 'prometheus',
'access' => 'proxy',
'url' => 'http://localhost:9090'
}
]
##! Advanced settings. Should be changed only if absolutely needed.
grafana['http_addr'] = 'localhost'
grafana['http_port'] = 3000
################################################################################
Gitaly
##! Docs: ################################################################################
The gitaly['enable'] option exists for the purpose of cluster
deployments, see https://docs.gitlab.com/ee/administration/gitaly/index.html .
gitaly['enable'] = true
gitaly['dir'] = "/var/opt/gitlab/gitaly"
gitaly['log_directory'] = "/var/log/gitlab/gitaly"
gitaly['bin_path'] = "/opt/gitlab/embedded/bin/gitaly"
gitaly['env_directory'] = "/opt/gitlab/etc/gitaly/env"
gitaly['env'] = {
'PATH' => "/opt/gitlab/bin:/opt/gitlab/embedded/bin:/bin:/usr/bin",
'HOME' => '/var/opt/gitlab'
}
##! internal_socket_dir is the directory that will contain internal gitaly sockets, ##! separate from socket_path which is the socket that external clients listen on
gitaly['internal_socket_dir'] = "/var/opt/gitlab/gitaly"
gitaly['socket_path'] = "/var/opt/gitlab/gitaly/gitaly.socket"
gitaly['listen_addr'] = "localhost:8075"
gitaly['tls_listen_addr'] = "localhost:9075"
gitaly['certificate_path'] = "/var/opt/gitlab/gitaly/certificate.pem"
gitaly['key_path'] = "/var/opt/gitlab/gitaly/key.pem"
gitaly['prometheus_listen_addr'] = "localhost:9236"
gitaly['logging_level'] = "warn"
gitaly['logging_format'] = "json"
gitaly['logging_sentry_dsn'] = "https://:@sentry.io/"
gitaly['logging_ruby_sentry_dsn'] = "https://:@sentry.io/"
gitaly['logging_sentry_environment'] = "production"
gitaly['prometheus_grpc_latency_buckets'] = "[0.001, 0.005, 0.025, 0.1, 0.5, 1.0, 10.0, 30.0, 60.0, 300.0, 1500.0]"
gitaly['auth_token'] = ''
gitaly['auth_transitioning'] = false # When true, auth is logged to Prometheus but NOT enforced
gitaly['graceful_restart_timeout'] = '1m' # Grace time for a gitaly process to finish ongoing requests
gitaly['git_catfile_cache_size'] = 100 # Number of 'git cat-file' processes kept around for re-use
gitaly['open_files_ulimit'] = 15000 # Maximum number of open files allowed for the gitaly process
gitaly['ruby_max_rss'] = 300000000 # RSS threshold in bytes for triggering a gitaly-ruby restart
gitaly['ruby_graceful_restart_timeout'] = '10m' # Grace time for a gitaly-ruby process to finish ongoing requests
gitaly['ruby_restart_delay'] = '5m' # Period of sustained high RSS that needs to be observed before restarting gitaly-ruby
gitaly['ruby_rugged_git_config_search_path'] = "/opt/gitlab/embedded/etc" # Location of system-wide gitconfig file
gitaly['ruby_num_workers'] = 3 # Number of gitaly-ruby worker processes. Minimum 2, default 2.
gitaly['concurrency'] = [
{
'rpc' => "/gitaly.SmartHTTPService/PostReceivePack",
'max_per_repo' => 20
}, {
'rpc' => "/gitaly.SSHService/SSHUploadPack",
'max_per_repo' => 5
}
]
################################################################################
Praefect
##! Docs: https://gitlab.com/gitlab-org/gitaly/blob/master/doc/design_ha.md ################################################################################
praefect['enable'] = false
praefect['virtual_storage_name'] = "praefect"
praefect['failover_enabled'] = false
praefect['auth_token'] = ""
praefect['auth_transitioning'] = false
praefect['listen_addr'] = "localhost:2305"
praefect['prometheus_listen_addr'] = "localhost:9652"
praefect['prometheus_grpc_latency_buckets'] = "[0.001, 0.005, 0.025, 0.1, 0.5, 1.0, 10.0, 30.0, 60.0, 300.0, 1500.0]"
praefect['logging_level'] = "warn"
praefect['logging_format'] = "json"
praefect['virtual_storages'] = {
'default' => {
'praefect-internal-0' => {
'address' => 'tcp://10.23.56.78:8075',
'token' => 'abc123'
},
'praefect-internal-1' => {
'address' => 'tcp://10.76.23.31:8075',
'token' => 'xyz456'
}
},
'alternative' => {
'praefect-internal-2' => {
'address' => 'tcp://10.34.1.16:8075',
'token' => 'abc321'
},
'praefect-internal-3' => {
'address' => 'tcp://10.23.18.6:8075',
'token' => 'xyz890'
}
}
}
praefect['sentry_dsn'] = "https://:@sentry.io/"
praefect['sentry_environment'] = "production"
praefect['database_host'] = 'postgres.internal'
praefect['database_port'] = 5432
praefect['database_user'] = 'praefect'
praefect['database_password'] = 'secret'
praefect['database_dbname'] = 'praefect_production'
praefect['database_sslmode'] = 'disable'
praefect['database_sslcert'] = '/path/to/client-cert'
praefect['database_sslkey'] = '/path/to/client-key'
praefect['database_sslrootcert'] = '/path/to/rootcert'
################################################################################
Storage check
################################################################################
storage_check['enable'] = false
storage_check['target'] = 'unix:///var/opt/gitlab/gitlab-rails/sockets/gitlab.socket'
storage_check['log_directory'] = '/var/log/gitlab/storage-check'
################################################################################
Let's Encrypt integration
################################################################################
letsencrypt['enable'] = nil
letsencrypt['contact_emails'] = [] # This should be an array of email addresses to add as contacts
letsencrypt['group'] = 'root'
letsencrypt['key_size'] = 2048
letsencrypt['owner'] = 'root'
letsencrypt['wwwroot'] = '/var/opt/gitlab/nginx/www'
See http://docs.gitlab.com/omnibus/settings/ssl.html#automatic-renewal for more on these sesttings
letsencrypt['auto_renew'] = true
letsencrypt['auto_renew_hour'] = 0
letsencrypt['auto_renew_minute'] = nil # Should be a number or cron expression, if specified.
letsencrypt['auto_renew_day_of_month'] = "*/4"
##! Turn off automatic init system detection. To skip init detection in ##! non-docker containers. Recommended not to change.
package['detect_init'] = true
##! Specify maximum number of tasks that can be created by the systemd unit ##! Will be populated as TasksMax value to the unit file if user is on a systemd ##! version that supports it (>= 227). Will be a no-op if user is not on systemd.
package['systemd_tasks_max'] = 4915
##! Settings to configure order of GitLab's systemd unit. ##! Note: We do not recommend changing these values unless absolutely necessary
package['systemd_after'] = 'multi-user.target'
package['systemd_wanted_by'] = 'multi-user.target'
################################################################################ ################################################################################
Configuration Settings for GitLab EE only
################################################################################ ################################################################################
################################################################################
Auxiliary cron jobs applicable to GitLab EE only
################################################################################
gitlab_rails['geo_file_download_dispatch_worker_cron'] = "*/10 * * * *"
gitlab_rails['geo_repository_sync_worker_cron'] = "*/5 * * * *"
gitlab_rails['geo_secondary_registry_consistency_worker'] = "* * * * *"
gitlab_rails['geo_prune_event_log_worker_cron'] = "*/5 * * * *"
gitlab_rails['geo_repository_verification_primary_batch_worker_cron'] = "*/5 * * * *"
gitlab_rails['geo_repository_verification_secondary_scheduler_worker_cron'] = "*/5 * * * *"
gitlab_rails['geo_migrated_local_files_clean_up_worker_cron'] = "15 */6 * * *"
gitlab_rails['ldap_sync_worker_cron'] = "30 1 * * *"
gitlab_rails['ldap_group_sync_worker_cron'] = "0 * * * *"
gitlab_rails['historical_data_worker_cron'] = "0 12 * * *"
gitlab_rails['pseudonymizer_worker_cron'] = "0 23 * * *"
gitlab_rails['elastic_index_bulk_cron'] = "*/1 * * * *"
################################################################################
Kerberos (EE Only)
##! Docs: https://docs.gitlab.com/ee/integration/kerberos.html#http-git-access ################################################################################
gitlab_rails['kerberos_enabled'] = true
gitlab_rails['kerberos_keytab'] = /etc/http.keytab
gitlab_rails['kerberos_service_principal_name'] = HTTP/gitlab.example.com@EXAMPLE.COM
gitlab_rails['kerberos_use_dedicated_port'] = true
gitlab_rails['kerberos_port'] = 8443
gitlab_rails['kerberos_https'] = true
################################################################################
Package repository (EE Only)
##! Docs: https://docs.gitlab.com/ee/administration/maven_packages.md ################################################################################
gitlab_rails['packages_enabled'] = true
gitlab_rails['packages_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/packages"
gitlab_rails['packages_object_store_enabled'] = false
gitlab_rails['packages_object_store_direct_upload'] = false
gitlab_rails['packages_object_store_background_upload'] = true
gitlab_rails['packages_object_store_proxy_download'] = false
gitlab_rails['packages_object_store_remote_directory'] = "packages"
gitlab_rails['packages_object_store_connection'] = {
'provider' => 'AWS',
'region' => 'eu-west-1',
'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
# # The below options configure an S3 compatible host instead of AWS
# 'host' => 's3.amazonaws.com',
# 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
# 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
# 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
}
################################################################################
Dependency proxy (EE Only)
##! Docs: https://docs.gitlab.com/ee/administration/dependency_proxy.md ################################################################################
gitlab_rails['dependency_proxy_enabled'] = true
gitlab_rails['dependency_proxy_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/dependency_proxy"
gitlab_rails['dependency_proxy_object_store_enabled'] = false
gitlab_rails['dependency_proxy_object_store_direct_upload'] = false
gitlab_rails['dependency_proxy_object_store_background_upload'] = true
gitlab_rails['dependency_proxy_object_store_proxy_download'] = false
gitlab_rails['dependency_proxy_object_store_remote_directory'] = "dependency_proxy"
gitlab_rails['dependency_proxy_object_store_connection'] = {
'provider' => 'AWS',
'region' => 'eu-west-1',
'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
# # The below options configure an S3 compatible host instead of AWS
# 'host' => 's3.amazonaws.com',
# 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
# 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
# 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
}
################################################################################
GitLab Sentinel (EE Only)
##! Docs: http://docs.gitlab.com/ce/administration/high_availability/redis.html#high-availability-with-sentinel ################################################################################
##! Make sure you configured all redis['master_*'] keys above before ##! continuing.
##! To enable Sentinel and disable all other services in this machine, ##! uncomment the line below (if you've enabled Redis role, it will keep it). ##! Docs: https://docs.gitlab.com/ee/administration/high_availability/redis.html
redis_sentinel_role['enable'] = true
sentinel['enable'] = true
##! Bind to all interfaces, uncomment to specify an IP and bind to a single one
sentinel['bind'] = '0.0.0.0'
##! Uncomment to change default port
sentinel['port'] = 26379
Support to run sentinels in a Docker or NAT environment
#####! Docs: https://redis.io/topics/sentinel#sentinel-docker-nat-and-possible-issues
In an standard case, Sentinel will run in the same network service as Redis, so the same IP will be announce for Redis and Sentinel
Only define these values if it is needed to announce for Sentinel a differen IP service than Redis
sentinel['announce_ip'] = nil # If not defined, its value will be taken from redis['announce_ip'] or nil if not present
sentinel['announce_port'] = nil # If not defined, its value will be taken from sentinel['port'] or nil if redis['announce_ip'] not present
##! Quorum must reflect the amount of voting sentinels it take to start a ##! failover. ##! Value must NOT be greater then the amount of sentinels. ##! The quorum can be used to tune Sentinel in two ways: ##! 1. If a the quorum is set to a value smaller than the majority of Sentinels ##! we deploy, we are basically making Sentinel more sensible to master ##! failures, triggering a failover as soon as even just a minority of ##! Sentinels is no longer able to talk with the master. ##! 2. If a quorum is set to a value greater than the majority of Sentinels, we ##! are making Sentinel able to failover only when there are a very large ##! number (larger than majority) of well connected Sentinels which agree ##! about the master being down.
sentinel['quorum'] = 1
Consider unresponsive server down after x amount of ms.
sentinel['down_after_milliseconds'] = 10000
Specifies the failover timeout in milliseconds.
##! It is used in many ways: ##! ##! - The time needed to re-start a failover after a previous failover was ##! already tried against the same master by a given Sentinel, is two ##! times the failover timeout. ##! ##! - The time needed for a slave replicating to a wrong master according ##! to a Sentinel current configuration, to be forced to replicate ##! with the right master, is exactly the failover timeout (counting since ##! the moment a Sentinel detected the misconfiguration). ##! ##! - The time needed to cancel a failover that is already in progress but ##! did not produced any configuration change (SLAVEOF NO ONE yet not ##! acknowledged by the promoted slave). ##! ##! - The maximum time a failover in progress waits for all the slaves to be ##! reconfigured as slaves of the new master. However even after this time ##! the slaves will be reconfigured by the Sentinels anyway, but not with ##! the exact parallel-syncs progression as specified.
sentinel['failover_timeout'] = 60000
################################################################################
GitLab Sidekiq Cluster (EE only)
################################################################################
##! GitLab Enterprise Edition allows one to start an extra set of Sidekiq processes ##! besides the default one. These processes can be used to consume a dedicated set ##! of queues. This can be used to ensure certain queues always have dedicated ##! workers, no matter the amount of jobs that need to be processed.
sidekiq_cluster['enable'] = false
sidekiq_cluster['ha'] = false
sidekiq_cluster['log_directory'] = "/var/log/gitlab/sidekiq-cluster"
sidekiq_cluster['interval'] = 5 # The number of seconds to wait between worker checks
sidekiq_cluster['max_concurrency'] = 50 # The maximum number of threads each Sidekiq process should run
sidekiq_cluster['min_concurrency'] = 0 # The minimum number of threads each Sidekiq process should run
##! Each entry in the queue_groups array denotes a group of queues that have to be processed by a ##! Sidekiq process. Multiple queues can be processed by the same process by ##! separating them with a comma within the group entry
sidekiq_cluster['queue_groups'] = [
"process_commit,post_receive",
"gitlab_shell"
]
##! If negate is enabled then sidekiq-cluster will process all the queues that ##! don't match those in queue_groups.
sidekiq_cluster['negate'] = false
################################################################################
Additional Database Settings (EE only)
##! Docs: https://docs.gitlab.com/ee/administration/database_load_balancing.html ################################################################################
gitlab_rails['db_load_balancing'] = { 'hosts' => ['secondary1.example.com'] }
################################################################################
GitLab Geo
##! Docs: https://docs.gitlab.com/ee/gitlab-geo ################################################################################
geo_primary_role['enable'] = false
geo_secondary_role['enable'] = false
This is an optional identifier which Geo nodes can use to identify themselves.
For example, if external_url is the same for two secondaries, you must specify
a unique Geo node name for those secondaries.
If it is blank, it defaults to external_url.
gitlab_rails['geo_node_name'] = nil
gitlab_rails['geo_registry_replication_enabled'] = true
gitlab_rails['geo_registry_replication_primary_api_url'] = 'https://example.com:5000'
################################################################################
GitLab Geo Secondary (EE only)
################################################################################
geo_secondary['auto_migrate'] = true
geo_secondary['db_adapter'] = "postgresql"
geo_secondary['db_encoding'] = "unicode"
geo_secondary['db_collation'] = nil
geo_secondary['db_database'] = "gitlabhq_geo_production"
geo_secondary['db_pool'] = 1
geo_secondary['db_username'] = "gitlab_geo"
geo_secondary['db_password'] = nil
geo_secondary['db_host'] = "/var/opt/gitlab/geo-postgresql"
geo_secondary['db_port'] = 5431
geo_secondary['db_socket'] = nil
geo_secondary['db_sslmode'] = nil
geo_secondary['db_sslcompression'] = 0
geo_secondary['db_sslrootcert'] = nil
geo_secondary['db_sslca'] = nil
geo_secondary['db_fdw'] = true
################################################################################
GitLab Geo Secondary Tracking Database (EE only)
################################################################################
geo_postgresql['enable'] = false
geo_postgresql['ha'] = false
geo_postgresql['dir'] = '/var/opt/gitlab/geo-postgresql'
geo_postgresql['data_dir'] = '/var/opt/gitlab/geo-postgresql/data'
geo_postgresql['pgbouncer_user'] = nil
geo_postgresql['pgbouncer_user_password'] = nil
##!
SQL_USER_PASSWORD_HASHcan be generated using the commandgitlab-ctl pg-password-md5 gitlabgeo_postgresql['sql_user_password'] = 'SQL_USER_PASSWORD_HASH'
################################################################################
Unleash
##! Docs: https://docs.gitlab.com/ee/user/project/operations/feature_flags.html ################################################################################
gitlab_rails['feature_flags_unleash_enabled'] = false
gitlab_rails['feature_flags_unleash_url'] = nil
gitlab_rails['feature_flags_unleash_app_name'] = nil
gitlab_rails['feature_flags_unleash_instance_id'] = nil
################################################################################
Pgbouncer (EE only)
See GitLab PgBouncer documentation
See the PgBouncer page for details
################################################################################
pgbouncer['enable'] = false
pgbouncer['log_directory'] = '/var/log/gitlab/pgbouncer'
pgbouncer['data_directory'] = '/var/opt/gitlab/pgbouncer'
pgbouncer['env_directory'] = '/opt/gitlab/etc/pgbouncer/env'
pgbouncer['env'] = {
'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
}
pgbouncer['listen_addr'] = '0.0.0.0'
pgbouncer['listen_port'] = '6432'
pgbouncer['pool_mode'] = 'transaction'
pgbouncer['server_reset_query'] = 'DISCARD ALL'
pgbouncer['application_name_add_host'] = '1'
pgbouncer['max_client_conn'] = '2048'
pgbouncer['default_pool_size'] = '100'
pgbouncer['min_pool_size'] = '0'
pgbouncer['reserve_pool_size'] = '5'
pgbouncer['reserve_pool_timeout'] = '5.0'
pgbouncer['server_round_robin'] = '0'
pgbouncer['log_connections'] = '0'
pgbouncer['server_idle_timeout'] = '30'
pgbouncer['dns_max_ttl'] = '15.0'
pgbouncer['dns_zone_check_period'] = '0'
pgbouncer['dns_nxdomain_ttl'] = '15.0'
pgbouncer['admin_users'] = %w(gitlab-psql postgres pgbouncer)
pgbouncer['stats_users'] = %w(gitlab-psql postgres pgbouncer)
pgbouncer['ignore_startup_parameters'] = 'extra_float_digits'
pgbouncer['databases'] = {
DATABASE_NAME: {
host: HOSTNAME,
port: PORT
user: USERNAME,
password: PASSWORD
###! generate this with
echo -n '$password + $username' | md5sum}
...
}
pgbouncer['logfile'] = nil
pgbouncer['unix_socket_dir'] = nil
pgbouncer['unix_socket_mode'] = '0777'
pgbouncer['unix_socket_group'] = nil
pgbouncer['auth_type'] = 'md5'
pgbouncer['auth_hba_file'] = nil
pgbouncer['auth_query'] = 'SELECT username, password FROM public.pg_shadow_lookup($1)'
pgbouncer['users'] = {
{
name: USERNAME,
password: MD5_PASSWORD_HASH
}
}
postgresql['pgbouncer_user'] = nil
postgresql['pgbouncer_user_password'] = nil
pgbouncer['server_reset_query_always'] = 0
pgbouncer['server_check_query'] = 'select 1'
pgbouncer['server_check_delay'] = 30
pgbouncer['max_db_connections'] = nil
pgbouncer['max_user_connections'] = nil
pgbouncer['syslog'] = 0
pgbouncer['syslog_facility'] = 'daemon'
pgbouncer['syslog_ident'] = 'pgbouncer'
pgbouncer['log_disconnections'] = 1
pgbouncer['log_pooler_errors'] = 1
pgbouncer['stats_period'] = 60
pgbouncer['verbose'] = 0
pgbouncer['server_lifetime'] = 3600
pgbouncer['server_connect_timeout'] = 15
pgbouncer['server_login_retry'] = 15
pgbouncer['query_timeout'] = 0
pgbouncer['query_wait_timeout'] = 120
pgbouncer['client_idle_timeout'] = 0
pgbouncer['client_login_timeout'] = 60
pgbouncer['autodb_idle_timeout'] = 3600
pgbouncer['suspend_timeout'] = 10
pgbouncer['idle_transaction_timeout'] = 0
pgbouncer['pkt_buf'] = 4096
pgbouncer['listen_backlog'] = 128
pgbouncer['sbuf_loopcnt'] = 5
pgbouncer['max_packet_size'] = 2147483647
pgbouncer['tcp_defer_accept'] = 0
pgbouncer['tcp_socket_buffer'] = 0
pgbouncer['tcp_keepalive'] = 1
pgbouncer['tcp_keepcnt'] = 0
pgbouncer['tcp_keepidle'] = 0
pgbouncer['tcp_keepintvl'] = 0
pgbouncer['disable_pqexec'] = 0
Pgbouncer client TLS options
pgbouncer['client_tls_sslmode'] = 'disable'
pgbouncer['client_tls_ca_file'] = nil
pgbouncer['client_tls_key_file'] = nil
pgbouncer['client_tls_cert_file'] = nil
pgbouncer['client_tls_protocols'] = 'all'
pgbouncer['client_tls_dheparams'] = 'auto'
pgbouncer['client_tls_ecdhcurve'] = 'auto'
Pgbouncer server TLS options
pgbouncer['server_tls_sslmode'] = 'disable'
pgbouncer['server_tls_ca_file'] = nil
pgbouncer['server_tls_key_file'] = nil
pgbouncer['server_tls_cert_file'] = nil
pgbouncer['server_tls_protocols'] = 'all'
pgbouncer['server_tls_ciphers'] = 'fast'
################################################################################
Repmgr (EE only)
################################################################################
repmgr['enable'] = false
repmgr['cluster'] = 'gitlab_cluster'
repmgr['database'] = 'gitlab_repmgr'
repmgr['host'] = nil
repmgr['node_number'] = nil
repmgr['port'] = 5432
repmgr['trust_auth_cidr_addresses'] = []
repmgr['user'] = 'gitlab_repmgr'
repmgr['sslmode'] = 'prefer'
repmgr['sslcompression'] = 0
repmgr['failover'] = 'automatic'
repmgr['log_directory'] = '/var/log/gitlab/repmgrd'
repmgr['node_name'] = nil
repmgr['pg_bindir'] = '/opt/gitlab/embedded/bin'
repmgr['service_start_command'] = '/opt/gitlab/bin/gitlab-ctl start postgresql'
repmgr['service_stop_command'] = '/opt/gitlab/bin/gitlab-ctl stop postgresql'
repmgr['service_reload_command'] = '/opt/gitlab/bin/gitlab-ctl hup postgresql'
repmgr['service_restart_command'] = '/opt/gitlab/bin/gitlab-ctl restart postgresql'
repmgr['service_promote_command'] = nil
repmgr['promote_command'] = '/opt/gitlab/embedded/bin/repmgr standby promote -f /var/opt/gitlab/postgresql/repmgr.conf'
repmgr['follow_command'] = '/opt/gitlab/embedded/bin/repmgr standby follow -f /var/opt/gitlab/postgresql/repmgr.conf'
repmgr['upstream_node'] = nil
repmgr['use_replication_slots'] = false
repmgr['loglevel'] = 'INFO'
repmgr['logfacility'] = 'STDERR'
repmgr['logfile'] = nil
repmgr['event_notification_command'] = nil
repmgr['event_notifications'] = nil
repmgr['rsync_options'] = nil
repmgr['ssh_options'] = nil
repmgr['priority'] = nil
HA setting to specify if a node should attempt to be master on initialization
repmgr['master_on_initialization'] = true
repmgr['retry_promote_interval_secs'] = 300
repmgr['witness_repl_nodes_sync_interval_secs'] = 15
repmgr['reconnect_attempts'] = 6
repmgr['reconnect_interval'] = 10
repmgr['monitor_interval_secs'] = 2
repmgr['master_response_timeout'] = 60
repmgr['daemon'] = true
repmgrd['enable'] = true
################################################################################
Consul (EEP only)
################################################################################
consul['enable'] = false
consul['dir'] = '/var/opt/gitlab/consul'
consul['user'] = 'gitlab-consul'
consul['group'] = 'gitlab-consul'
consul['config_file'] = '/var/opt/gitlab/consul/config.json'
consul['config_dir'] = '/var/opt/gitlab/consul/config.d'
consul['data_dir'] = '/var/opt/gitlab/consul/data'
consul['log_directory'] = '/var/log/gitlab/consul'
consul['env_directory'] = '/opt/gitlab/etc/consul/env'
consul['env'] = {
'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
}
consul['monitoring_service_discovery'] = false
consul['node_name'] = nil
consul['script_directory'] = '/var/opt/gitlab/consul/scripts'
consul['configuration'] = {
'client_addr' => nil,
'datacenter' => 'gitlab_consul',
'enable_script_checks' => true,
'server' => false
}
consul['services'] = []
consul['service_config'] = {
'postgresql' => {
'service' => {
'name' => "postgresql",
'address' => '',
'port' => 5432,
'checks' => [
{
'script' => "/var/opt/gitlab/consul/scripts/check_postgresql",
'interval' => "10s"
}
]
}
}
}
consul['watchers'] = {
'postgresql' => {
enable: false,
handler: 'failover_pgbouncer'
}
}