Omnibus update from 17.2.2-ee to 17.3.0-ee failed due to "PG::InternalError: ERROR: no unpinned buffers available"
Workaround
Manually specify PostgreSQL shared buffers size. Nominal PG defaults are 1/4 node memory. Note, that in containerized environments, it is best not to assume you have the entire node gitlab/gitlab-?e
container is 1MB
unless overridden.
Examples:
# in gitlab.rb
postgresql['shared_buffers'] = '2GB'
# docker compose service definition
services:
gitlab:
image: 'gitlab/gitlab-ce:latest'
environment:
GITLAB_OMNIBUS_CONFIG: |
# PostgreSQL
postgresql['shared_buffers'] = "1GB"
Summary
When updating from 17.2.2-ee to 17.3.0-ee the new instance never comes online due to a error while doing the database migrations.
Steps to reproduce
- Have an existing installation of gitlab with the docker container (in our case it's https://gitlab.archlinux.org/)
- update to the new latest version (17.3.0-ee)
- check the logs to find the error below
What is the current bug behavior?
the instance fails to configure
What is the expected correct behavior?
The instance starts without issue or a needed change in configuration is documented.
Relevant logs
Relevant logs
$ cat /srv/gitlab/logs/reconfigure/1723739323.log
# Logfile created on 2024-08-15 16:28:43 +0000 by logger.rb/v1.5.3
[2024-08-15T16:28:43+00:00] INFO: Started Cinc Zero at chefzero://localhost:1 with repository at /opt/gitlab/embedded (One version per cookbook)
[2024-08-15T16:28:43+00:00] INFO: *** Cinc Client 18.3.0 ***
[2024-08-15T16:28:43+00:00] INFO: Platform: x86_64-linux
[2024-08-15T16:28:43+00:00] INFO: Cinc-client pid: 33
[2024-08-15T16:28:43+00:00] INFO: Setting the run_list to ["recipe[gitlab-ee]"] from CLI options
[2024-08-15T16:28:43+00:00] INFO: Run List is [recipe[gitlab-ee]]
[2024-08-15T16:28:43+00:00] INFO: Run List expands to [gitlab-ee]
[2024-08-15T16:28:43+00:00] INFO: Starting Cinc Client Run for gitlab.archlinux.org
[2024-08-15T16:28:43+00:00] INFO: Running start handlers
[2024-08-15T16:28:43+00:00] INFO: Start handlers complete.
[2024-08-15T16:28:44+00:00] INFO: Loading cookbooks [gitlab-ee@0.0.1, package@0.1.0, gitlab@0.0.1, consul@0.1.0, patroni@0.1.0, pgbouncer@0.1.0, spamcheck@0.1.0, runit@5.1.7, logrotate@0.1.0, postgresql@0.1.0, redis@0.1.0, monitoring@0.1.0, registry@0.1.0, mattermost@0.1.0, gitaly@0.1.0, praefect@0.1.0, gitlab-kas@0.1.0, gitlab-pages@0.1.0, letsencrypt@0.1.0, nginx@0.1.0, acme@4.1.6, crond@0.1.0]
[2024-08-15T16:28:44+00:00] INFO: Generating default secrets
[2024-08-15T16:28:45+00:00] INFO: Generating /etc/gitlab/gitlab-secrets.json file
[2024-08-15T16:28:45+00:00] WARN: gitlab-rails does not have a log_group or default logdir mode defined. Setting to 0700.
[2024-08-15T16:28:45+00:00] INFO: Skipped selecting an init system because it was explicitly disabled
[2024-08-15T16:28:45+00:00] WARN: gitlab-shell does not have a log_group or default logdir mode defined. Setting to 0700.
[2024-08-15T16:28:45+00:00] WARN: gitlab-sshd does not have a log_group or default logdir mode defined. Setting to 0700.
[2024-08-15T16:28:45+00:00] WARN: logrotate does not have a log_group or default logdir mode defined. Setting to 0700.
[2024-08-15T16:28:45+00:00] WARN: logrotate does not have a log_group or default logdir mode defined. Setting to 0700.
[2024-08-15T16:28:45+00:00] WARN: puma does not have a log_group or default logdir mode defined. Setting to 0700.
[2024-08-15T16:28:45+00:00] WARN: gitlab-rails does not have a log_group or default logdir mode defined. Setting to 0700.
[2024-08-15T16:28:45+00:00] WARN: gitlab-shell does not have a log_group or default logdir mode defined. Setting to 0700.
[2024-08-15T16:28:45+00:00] WARN: gitlab-workhorse does not have a log_group or default logdir mode defined. Setting to 0700.
[2024-08-15T16:28:45+00:00] WARN: gitlab-pages does not have a log_group or default logdir mode defined. Setting to 0700.
[2024-08-15T16:28:45+00:00] WARN: gitlab-kas does not have a log_group or default logdir mode defined. Setting to 0700.
[2024-08-15T16:28:45+00:00] WARN: gitaly does not have a log_group or default logdir mode defined. Setting to 0700.
[2024-08-15T16:28:45+00:00] WARN: mailroom does not have a log_group or default logdir mode defined. Setting to 0700.
[2024-08-15T16:28:45+00:00] WARN: gitaly does not have a log_group or default logdir mode defined. Setting to 0700.
[2024-08-15T16:28:45+00:00] WARN: postgresql does not have a log_group or default logdir mode defined. Setting to 0700.
[2024-08-15T16:28:45+00:00] WARN: postgresql does not have a log_group or default logdir mode defined. Setting to 0700.
[2024-08-15T16:28:45+00:00] WARN: gitlab-kas does not have a log_group or default logdir mode defined. Setting to 0700.
[2024-08-15T16:28:45+00:00] WARN: crond does not have a log_group or default logdir mode defined. Setting to 0700.
[2024-08-15T16:28:45+00:00] WARN: puma does not have a log_group or default logdir mode defined. Setting to 0700.
[2024-08-15T16:28:45+00:00] WARN: sidekiq does not have a log_group or default logdir mode defined. Setting to 0700.
[2024-08-15T16:28:45+00:00] WARN: gitlab-workhorse does not have a log_group or default logdir mode defined. Setting to 0700.
[2024-08-15T16:28:45+00:00] WARN: mailroom does not have a log_group or default logdir mode defined. Setting to 0700.
[2024-08-15T16:28:45+00:00] WARN: gitlab-pages does not have a log_group or default logdir mode defined. Setting to 0700.
[2024-08-15T16:28:45+00:00] WARN: registry does not have a log_group or default logdir mode defined. Setting to 0700.
[2024-08-15T16:28:46+00:00] WARN: only_if block for file[/var/opt/gitlab/gitlab-rails/etc/gitlab-registry.key] returned a string, did you mean to run a command?
[2024-08-15T16:28:46+00:00] WARN: only_if block for templatesymlink[Create a gitlab_incoming_email_secret and create a symlink to Rails root] returned a string, did you mean to run a command?
[2024-08-15T16:28:46+00:00] WARN: only_if block for templatesymlink[Create a gitlab_pages_secret and create a symlink to Rails root] returned a string, did you mean to run a command?
[2024-08-15T16:28:46+00:00] WARN: only_if block for templatesymlink[Create a gitlab_kas_secret and create a symlink to Rails root] returned a string, did you mean to run a command?
[2024-08-15T16:28:46+00:00] INFO: link[/opt/gitlab/service/logrotate] created
[2024-08-15T16:28:46+00:00] WARN: redis does not have a log_group or default logdir mode defined. Setting to 0700.
[2024-08-15T16:28:46+00:00] INFO: link[/opt/gitlab/service/redis] created
[2024-08-15T16:28:46+00:00] INFO: link[/opt/gitlab/service/gitaly] created
[2024-08-15T16:28:47+00:00] INFO: link[/opt/gitlab/service/postgresql] created
[2024-08-15T16:28:47+00:00] INFO: file[/opt/gitlab/service/postgresql/supervise/status] owner changed to 996
[2024-08-15T16:28:47+00:00] INFO: file[/opt/gitlab/service/postgresql/supervise/status] group changed to 996
[2024-08-15T16:28:47+00:00] INFO: file[/opt/gitlab/service/postgresql/supervise/status] updated atime and mtime to 2024-08-15 16:28:47 +0000
[2024-08-15T16:28:47+00:00] INFO: file[/opt/gitlab/service/postgresql/log/supervise/status] owner changed to 996
[2024-08-15T16:28:47+00:00] INFO: file[/opt/gitlab/service/postgresql/log/supervise/status] group changed to 996
[2024-08-15T16:28:47+00:00] INFO: file[/opt/gitlab/service/postgresql/log/supervise/status] updated atime and mtime to 2024-08-15 16:28:47 +0000
[2024-08-15T16:28:47+00:00] INFO: link[/opt/gitlab/service/gitlab-kas] created
[2024-08-15T16:28:47+00:00] WARN: gitlab-rails does not have a log_group or default logdir mode defined. Setting to 0700.
[2024-08-15T16:29:03+00:00] INFO: Running queued delayed notifications before re-raising exception
[2024-08-15T16:29:03+00:00] ERROR: Running exception handlers
[2024-08-15T16:29:03+00:00] ERROR: Exception handlers complete
[2024-08-15T16:29:03+00:00] FATAL: Stacktrace dumped to /opt/gitlab/embedded/cookbooks/cache/cinc-stacktrace.out
[2024-08-15T16:29:03+00:00] FATAL: /srv/gitlab/logs/reconfigure/1723739323.log---------------------------------------------------------------------------------------
[2024-08-15T16:29:03+00:00] FATAL: PLEASE PROVIDE THE CONTENTS OF THE stacktrace.out FILE (above) IF YOU FILE A BUG REPORT
[2024-08-15T16:29:03+00:00] FATAL: ---------------------------------------------------------------------------------------
[2024-08-15T16:29:03+00:00] FATAL: Mixlib::ShellOut::ShellCommandFailed: rails_migration[gitlab-rails] (gitlab::database_migrations line 51) had an error: Mixlib::ShellOut::ShellCommandFailed: bash_hide_env[migrate gitlab-rails database] (gitlab::database_migrations line 20) had an error: Mixlib::ShellOut::ShellCommandFailed: Expected process to exit with [0], but received '1'
---- Begin output of "bash" ----
STDOUT: rake aborted!
StandardError: An error has occurred, this and all later migrations canceled:
PG::InternalError: ERROR: no unpinned buffers available
/opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/database/migrations/batched_background_migration_helpers.rb:92:in `queue_batched_background_migration'
/opt/gitlab/embedded/service/gitlab-rails/db/post_migrate/20240704030747_queue_backfill_new_audit_event_tables.rb:13:in `up'
/opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/database/migration_helpers/restrict_gitlab_schema.rb:33:in `block in exec_migration'
/opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/database/query_analyzer.rb:40:in `within'
/opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/database/migration_helpers/restrict_gitlab_schema.rb:30:in `exec_migration'
/opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/database/migration_helpers/automatic_lock_writes_on_tables.rb:21:in `exec_migration'
/opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/database/with_lock_retries.rb:123:in `run_block'
/opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/database/with_lock_retries.rb:134:in `block in run_block_with_lock_timeout'
/opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/database/load_balancing/connection_proxy.rb:127:in `public_send'
/opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/database/load_balancing/connection_proxy.rb:127:in `block in write_using_load_balancer'
/opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/database/load_balancing/load_balancer.rb:141:in `block in read_write'
/opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/database/load_balancing/load_balancer.rb:228:in `retry_with_backoff'
/opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/database/load_balancing/load_balancer.rb:130:in `read_write'
/opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/database/load_balancing/connection_proxy.rb:126:in `write_using_load_balancer'
/opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/database/load_balancing/connection_proxy.rb:78:in `transaction'
/opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/database/with_lock_retries.rb:129:in `run_block_with_lock_timeout'
/opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/database/with_lock_retries.rb:97:in `run'
/opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/database/migrations/lock_retry_mixin.rb:52:in `ddl_transaction'
/opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/database/migrations/runner_backoff/active_record_mixin.rb:21:in `execute_migration_in_transaction'
/opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/database/migrations/pg_backend_pid.rb:28:in `block in with_advisory_lock_connection'
/opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/database/migrations/pg_backend_pid.rb:25:in `with_advisory_lock_connection'
/opt/gitlab/embedded/service/gitlab-rails/lib/tasks/gitlab/db.rake:138:in `configure_database'
/opt/gitlab/embedded/service/gitlab-rails/lib/tasks/gitlab/db.rake:107:in `configure_pg_databases'
/opt/gitlab/embedded/service/gitlab-rails/lib/tasks/gitlab/db.rake:94:in `block (3 levels) in <top (required)>'
/opt/gitlab/embedded/bin/bundle:25:in `load'
/opt/gitlab/embedded/bin/bundle:25:in `<main>'
Caused by:
ActiveRecord::StatementInvalid: PG::InternalError: ERROR: no unpinned buffers available
/opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/database/migrations/batched_background_migration_helpers.rb:92:in `queue_batched_background_migration'
/opt/gitlab/embedded/service/gitlab-rails/db/post_migrate/20240704030747_queue_backfill_new_audit_event_tables.rb:13:in `up'
/opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/database/migration_helpers/restrict_gitlab_schema.rb:33:in `block in exec_migration'
/opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/database/query_analyzer.rb:40:in `within'
/opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/database/migration_helpers/restrict_gitlab_schema.rb:30:in `exec_migration'
/opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/database/migration_helpers/automatic_lock_writes_on_tables.rb:21:in `exec_migration'
/opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/database/with_lock_retries.rb:123:in `run_block'
/opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/database/with_lock_retries.rb:134:in `block in run_block_with_lock_timeout'
/opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/database/load_balancing/connection_proxy.rb:127:in `public_send'
/opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/database/load_balancing/connection_proxy.rb:127:in `block in write_using_load_balancer'
/opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/database/load_balancing/load_balancer.rb:141:in `block in read_write'
/opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/database/load_balancing/load_balancer.rb:228:in `retry_with_backoff'
/opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/database/load_balancing/load_balancer.rb:130:in `read_write'
/opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/database/load_balancing/connection_proxy.rb:126:in `write_using_load_balancer'
/opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/database/load_balancing/connection_proxy.rb:78:in `transaction'
/opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/database/with_lock_retries.rb:129:in `run_block_with_lock_timeout'
/opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/database/with_lock_retries.rb:97:in `run'
/opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/database/migrations/lock_retry_mixin.rb:52:in `ddl_transaction'
/opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/database/migrations/runner_backoff/active_record_mixin.rb:21:in `execute_migration_in_transaction'
/opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/database/migrations/pg_backend_pid.rb:28:in `block in with_advisory_lock_connection'
/opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/database/migrations/pg_backend_pid.rb:25:in `with_advisory_lock_connection'
/opt/gitlab/embedded/service/gitlab-rails/lib/tasks/gitlab/db.rake:138:in `configure_database'
/opt/gitlab/embedded/service/gitlab-rails/lib/tasks/gitlab/db.rake:107:in `configure_pg_databases'
/opt/gitlab/embedded/service/gitlab-rails/lib/tasks/gitlab/db.rake:94:in `block (3 levels) in <top (required)>'
/opt/gitlab/embedded/bin/bundle:25:in `load'
/opt/gitlab/embedded/bin/bundle:25:in `<main>'
Caused by:
PG::InternalError: ERROR: no unpinned buffers available
/opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/database/migrations/batched_background_migration_helpers.rb:92:in `queue_batched_background_migration'
/opt/gitlab/embedded/service/gitlab-rails/db/post_migrate/20240704030747_queue_backfill_new_audit_event_tables.rb:13:in `up'
/opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/database/migration_helpers/restrict_gitlab_schema.rb:33:in `block in exec_migration'
/opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/database/query_analyzer.rb:40:in `within'
/opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/database/migration_helpers/restrict_gitlab_schema.rb:30:in `exec_migration'
/opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/database/migration_helpers/automatic_lock_writes_on_tables.rb:21:in `exec_migration'
/opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/database/with_lock_retries.rb:123:in `run_block'
/opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/database/with_lock_retries.rb:134:in `block in run_block_with_lock_timeout'
/opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/database/load_balancing/connection_proxy.rb:127:in `public_send'
/opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/database/load_balancing/connection_proxy.rb:127:in `block in write_using_load_balancer'
/opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/database/load_balancing/load_balancer.rb:141:in `block in read_write'
/opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/database/load_balancing/load_balancer.rb:228:in `retry_with_backoff'
/opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/database/load_balancing/load_balancer.rb:130:in `read_write'
/opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/database/load_balancing/connection_proxy.rb:126:in `write_using_load_balancer'
/opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/database/load_balancing/connection_proxy.rb:78:in `transaction'
/opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/database/with_lock_retries.rb:129:in `run_block_with_lock_timeout'
/opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/database/with_lock_retries.rb:97:in `run'
/opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/database/migrations/lock_retry_mixin.rb:52:in `ddl_transaction'
/opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/database/migrations/runner_backoff/active_record_mixin.rb:21:in `execute_migration_in_transaction'
/opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/database/migrations/pg_backend_pid.rb:28:in `block in with_advisory_lock_connection'
/opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/database/migrations/pg_backend_pid.rb:25:in `with_advisory_lock_connection'
/opt/gitlab/embedded/service/gitlab-rails/lib/tasks/gitlab/db.rake:138:in `configure_database'
/opt/gitlab/embedded/service/gitlab-rails/lib/tasks/gitlab/db.rake:107:in `configure_pg_databases'
/opt/gitlab/embedded/service/gitlab-rails/lib/tasks/gitlab/db.rake:94:in `block (3 levels) in <top (required)>'
/opt/gitlab/embedded/bin/bundle:25:in `load'
/opt/gitlab/embedded/bin/bundle:25:in `<main>'
Tasks: TOP => db:migrate
(See full trace by running task with --trace)
Running db:migrate rake task
main: == [advisory_lock_connection] object_id: 53640, pg_backend_pid: 455
main: == 20240704030747 QueueBackfillNewAuditEventTables: migrating =================
main: == [advisory_lock_connection] object_id: 53640, pg_backend_pid: 455
STDERR:
---- End output of "bash" ----
Ran "bash" returned 1
Details of package version
Provide the package version installation details
$ docker image ls gitlab/gitlab-ee:17.3.0-ee.0
REPOSITORY TAG IMAGE ID CREATED SIZE
gitlab/gitlab-ee 17.3.0-ee.0 aafd435c8844 29 hours ago 3.38GB
Environment details
- Operating System: Arch Linux
- Installation Target, remove incorrect values:
- Bare Metal Machine via docker
- Installation Type, remove incorrect values:
- Upgrade from version 17.2.2-ee
- Is there any other software running on the machine: -
- Is this a single or multiple node installation? single
- Resources (Hetzner AX42)
- CPU: AMD Ryzen 7 7700 8-Core Processor
- Memory total: 64G
Configuration details
Provide the relevant sections of `/etc/gitlab/gitlab.rb`
external_url 'https://gitlab.archlinux.org' registry_external_url 'https://registry.archlinux.org' nginx['client_max_body_size'] = '10g' nginx['listen_addresses'] = ['213.133.111.15', '[2a01:4f8:222:174c::1]', '127.0.0.1', '[::1]'] gitlab_pages['inplace_chroot'] = true pages_external_url "http://{{ gitlab_domain }}" pages_nginx['enable'] = false gitlab_pages['external_http'] = ['213.133.111.6:80', '[2a01:4f8:222:174c::2]:80'] gitlab_pages['external_https'] = ['213.133.111.6:443', '[2a01:4f8:222:174c::2]:443'] gitlab_pages['rate_limit_source_ip'] = 10.0 gitlab_pages['rate_limit_source_ip_burst'] = 300 gitlab_pages['env'] = { 'FF_ENFORCE_IP_RATE_LIMITS' => 'true', 'FF_CONFIGURABLE_ROOT_DIR' => 'true', 'FF_ENABLE_DOMAIN_REDIRECT' => 'true' } letsencrypt['enable'] = true letsencrypt['contact_emails'] = ['webmaster@archlinux.org'] gitlab_rails['env'] = {'GITLAB_THROTTLE_BYPASS_HEADER' => 'Gitlab-Bypass-Rate-Limiting'} gitlab_rails['lfs_enabled'] = true gitlab_rails['gitlab_username_changing_enabled'] = false gitlab_rails['initial_root_password'] = "{{ vault_gitlab_root_password }}" gitlab_rails['smtp_enable'] = true gitlab_rails['smtp_address'] = 'mail.archlinux.org' gitlab_rails['smtp_port'] = 465 gitlab_rails['smtp_user_name'] = 'gitlab' gitlab_rails['smtp_password'] = "{{ vault_gitlab_root_password }}" gitlab_rails['smtp_domain'] = 'gitlab.archlinux.org' gitlab_rails['smtp_tls'] = true gitlab_rails['smtp_openssl_verify_mode'] = 'peer' gitlab_rails['gitlab_email_enabled'] = true gitlab_rails['gitlab_email_from'] = 'gitlab@archlinux.org' gitlab_rails['gitlab_email_display_name'] = 'GitLab' gitlab_rails['gitlab_email_reply_to'] = 'noreply@archlinux.org' gitlab_rails['gitlab_default_theme'] = 2 gitlab_rails['incoming_email_enabled'] = true gitlab_rails['incoming_email_address'] = "gitlab+%{key}@archlinux.org" gitlab_rails['incoming_email_email'] = "gitlab@archlinux.org" gitlab_rails['incoming_email_password'] = "{{ vault_gitlab_root_password }}" gitlab_rails['incoming_email_host'] = "mail.archlinux.org" gitlab_rails['incoming_email_port'] = 993 gitlab_rails['incoming_email_ssl'] = true gitlab_rails['omniauth_allow_single_sign_on'] = ['saml'] gitlab_rails['omniauth_block_auto_created_users'] = false gitlab_rails['omniauth_auto_link_saml_user'] = true gitlab_rails['omniauth_providers'] = [ { name: 'saml', label: 'Arch Linux SSO', groups_attribute: 'Role', admin_groups: ['DevOps'], args: { assertion_consumer_service_url: 'https://gitlab.archlinux.org/users/auth/saml/callback', idp_cert_fingerprint: '75:43:93:1D:7A:F3:B6:16:51:FA:90:3C:E6:46:93:EA:DF:B6:28:8B', idp_sso_target_url: 'https://accounts.archlinux.org/realms/archlinux/protocol/saml/clients/saml_gitlab', idp_slo_target_url: 'https://accounts.archlinux.org/realms/archlinux/protocol/saml', issuer: 'saml_gitlab', attribute_statements: { first_name: ['first_name'], last_name: ['last_name'], name: ['name'], username: ['username'], email: ['email'], }, name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent' } } ] prometheus_monitoring['enable'] = false