Skip to content

Add gitlabsos script to Linux package

Stan Hurequested to merge
sh-add-gitlabsos into master

What does this MR do?

This is being used by customers quite regularly, so it makes sense to ship it.

To test, run:

sudo gitlabsos

This results in:

$ sudo gitlabsos
[2025-07-11T21:57:10.342149] INFO -- gitlabsos: Ruby: 3.3.7 - x86_64-linux
[2025-07-11T21:57:10.342254] INFO -- gitlabsos: {:dump_schema=>true, :output_file=>"/tmp/gitlabsos.REDACTED.20250711215709_gitaly-nginx-prometheus-psql-puma-redis-registry-sidekiq.tar.gz", :logs_only=>false, :log_level=>1, :root_check=>true, :max_file_size=>30000000, :grab_config=>true, :faststats=>false, :rake=>true}
[2025-07-11T21:57:10.342346] INFO -- gitlabsos: Starting gitlabsos report, version 1.2
[2025-07-11T21:57:10.342359] INFO -- gitlabsos: Gathering configuration and system info..
tail: cannot open '/var/log/messages' for reading: No such file or directory
tail: cannot open '/var/log/mail.log' for reading: No such file or directory
tail: cannot open '/etc/selinux/config' for reading: No such file or directory
[2025-07-11T21:57:10.399830] INFO -- gitlabsos: Collecting diagnostics. This will probably take a few minutes..
[2025-07-11T21:57:25.479794] INFO -- gitlabsos: Getting GitLab logs..
[2025-07-11T21:57:27.103444] INFO -- gitlabsos: Dumping ActiveRecord database schema...
[2025-07-11T21:58:46.058230] INFO -- gitlabsos: Dumping database schema...
[2025-07-11T21:59:00.324053] INFO -- gitlabsos: Running rake commands...
[2025-07-11T21:59:00.324241] INFO -- gitlabsos: Could not determine Geo status. Geo details will not be collected.
[2025-07-11T21:59:45.047960] INFO -- gitlabsos: Sanitizer module found. GitLab configuration files will be collected.
[2025-07-11T21:59:45.048034] INFO -- gitlabsos: A copy will be printed on the screen for you to review.
[2025-07-11T21:59:45.051807] INFO -- gitlabsos: Sanitizing /etc/gitlab/gitlab.rb file
Sanitizing /etc/gitlab/gitlab.rb...done!

===================== Sanitized /etc/gitlab/gitlab.rb =====================
PLEASE CAREFULLY REVIEW THIS FILE FOR ANY SENSITIVE INFO
THE BELOW INFO WILL BE INCLUDED (SANITIZED) IN YOUR GITLABSOS ARCHIVE
=====================================================================
external_url 'https://gitlab.example.com'
gitlab_rails['gitlab_default_theme'] = 2
nginx['proxy_set_headers']['X-Forwarded-For'] = "$proxy_add_x_forwarded_for"
gitlab_rails['object_store']['enabled'] = true
gitlab_rails['object_store']['connection'] = { 'provider': 'AWS', 'use_iam_profile': true, 'region': 'us-west-2'}
bucket = 'REDACTED KEY'
gitlab_rails['object_store']['proxy_download'] = true
gitlab_rails['object_store']['objects']['artifacts']['bucket'] = "REDACTED KEY"
gitlab_rails['object_store']['objects']['external_diffs']['bucket'] = "REDACTED KEY"
gitlab_rails['object_store']['objects']['lfs']['bucket'] = "REDACTED KEY"
gitlab_rails['object_store']['objects']['uploads']['bucket'] = "REDACTED KEY"
gitlab_rails['object_store']['objects']['packages']['bucket'] = "REDACTED KEY"
gitlab_rails['object_store']['objects']['dependency_proxy']['bucket'] = "REDACTED KEY"
gitlab_rails['object_store']['objects']['terraform_state']['bucket'] = "REDACTED KEY"
gitlab_rails['object_store']['objects']['ci_secure_files']['bucket'] = "REDACTED KEY"
gitlab_rails['object_store']['objects']['pages']['bucket'] = "REDACTED KEY"
gitlab_rails['omniauth_enabled'] = false
gitlab_rails['omniauth_allow_single_sign_on'] = ['saml']
gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'saml'
gitlab_rails['omniauth_block_auto_created_users'] = false
gitlab_rails['omniauth_auto_link_saml_user'] = true
gitlab_rails['omniauth_providers'] = [
  {
    name: "saml",
    label: "Okta", # optional label for login button, defaults to "Saml",
    groups_attribute: 'Groups',
    args: {
      assertion_consumer_service_url: "XXX",
      idp_cert_fingerprint: "REDACTED FINGERPRINT",
      idp_sso_target_url: "XXX",
      issuer: "https://gitlab.example.com",
      name_identifier_format: "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
    }
  }
]
gitlab_rails['env'] = {
  "SKIP" => "db,uploads,repositories,builds,artifacts,lfs,registry,pages",
  "ENABLE_BOOTSNAP" => "1",
  "CUSTOMER_PORTAL_URL" => "https://customers.staging.gitlab.com",
  "AI_GATEWAY_URL" => "https://cloud.staging.gitlab.com/ai",
  'GITLAB_LICENSE_MODE' => 'test'
}
gitlab_workhorse['listen_network'] = "tcp"
gitlab_workhorse['listen_addr'] = "127.0.0.1:9988"
postgresql['listen_address'] = '0.0.0.0'
postgresql['port'] = 5433
postgresql['trust_auth_cidr_addresses'] = ['127.0.0.1/32']
postgresql['log_statement'] = 'all'
redis['tcp_timeout'] = "60"
redis['bind'] = '0.0.0.0' # or specify an IP to bind to a single one
redis['port'] = 6380
letsencrypt['enable'] = true
letsencrypt['contact_emails'] = ['stan@example.com'] # This should be an array of email addresses to add as contacts
=====================================================================
NOTICE: You can skip this with --skip-config
=====================================================================

[2025-07-11T21:59:45.058883] INFO -- gitlabsos: Report finished.
Saving to: '/tmp/gitlabsos.REDACTED_20250711215709_gitaly-nginx-prometheus-psql-puma-redis-registry-sidekiq.tar.gz'

Related issues

Relates to #4214 (closed)

Checklist

See Definition of done.

For anything in this list which will not be completed, please provide a reason in the MR discussion.

Required

  • MR title and description are up to date, accurate, and descriptive.
  • MR targeting the appropriate branch.
  • Latest Merge Result pipeline is green.
  • When ready for review, MR is labeled workflowready for review per the Distribution MR workflow.

For GitLab team members

If you don't have access to this, the reviewer should trigger these jobs for you during the review process.

  • The manual Trigger:ee-package jobs have a green pipeline running against latest commit.
  • If config/software or config/patches directories are changed, make sure the build-package-on-all-os job within the Trigger:ee-package downstream pipeline succeeded.
  • If you are changing anything SSL related, then the Trigger:package:fips manual job within the Trigger:ee-package downstream pipeline must succeed.
  • If CI configuration is changed, the branch must be pushed to dev.gitlab.org to confirm regular branch builds aren't broken.

Expected (please provide an explanation if not completing)

  • Test plan indicating conditions for success has been posted and passes.
  • Documentation created/updated.
  • Tests added.
  • Integration tests added to GitLab QA.
  • Equivalent MR/issue for the GitLab Chart opened.
  • Validate potential values for new configuration settings. Formats such as integer 10, duration 10s, URI scheme://user:passwd@host:port may require quotation or other special handling when rendered in a template and written to a configuration file.
Edited by Stan Hu

Merge request reports