├── .travis.yml ├── LICENSE ├── README.md ├── defaults └── main.yml ├── handlers └── main.yml ├── meta └── main.yml ├── tasks ├── gitlab_install.yml ├── gitlab_post.yml ├── gitlab_pre.yml ├── gitlab_search_config.yml └── main.yml ├── templates └── gitlab.rb.j2 └── vars ├── Debian.yml └── RedHat.yml /.travis.yml: -------------------------------------------------------------------------------- 1 | --- 2 | language: python 3 | python: "2.7" 4 | 5 | # Use the new container infrastructure 6 | sudo: false 7 | 8 | # Install ansible 9 | addons: 10 | apt: 11 | packages: 12 | - python-pip 13 | 14 | install: 15 | # Install ansible 16 | - pip install ansible 17 | 18 | # Check ansible version 19 | - ansible --version 20 | 21 | # Create ansible.cfg with correct roles_path 22 | - printf '[defaults]\nroles_path=../' >ansible.cfg 23 | 24 | script: 25 | # Basic role syntax check 26 | - ansible-playbook tests/test.yml -i tests/inventory --syntax-check 27 | 28 | notifications: 29 | webhooks: https://galaxy.ansible.com/api/v1/notifications/ 30 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2017 Opsta 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Ansible Role: Gitlab-CE 2 | 3 | 4 | 5 | ## Requirements 6 | 7 | None. 8 | 9 | ## Role Variables 10 | 11 | 12 | 13 | ## Dependencies 14 | 15 | None. 16 | 17 | ## Example Playbook 18 | 19 | - hosts: all 20 | roles: 21 | - ansible-gitlab 22 | 23 | 24 | ## License 25 | 26 | MIT 27 | 28 | ## Author Information 29 | 30 | Opsta (Thailand) Co.,Ltd. 31 | -------------------------------------------------------------------------------- /defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | gitlab_use_external_smtp: false 3 | gitlab_external_url: "https://gitlab.example.com" 4 | gitlab_roles: "" 5 | gitlab_rb_configs: {} 6 | # Example configurations 7 | # - config_prefix: gitlab_rails 8 | # config_key: registry_host 9 | # config_value: "https://registry.example.com" 10 | # config_quote: yes 11 | # - config_prefix: gitlab_rails 12 | # config_key: registry_port 13 | # config_value: 443 14 | # config_quote: yes 15 | # - config_prefix: unicorn 16 | # config_key: worker_processes 17 | # config_value: 8 18 | 19 | gitlab_app_backup_cron: {} 20 | # minute: "0" 21 | # hour: "0" 22 | # day: "*" 23 | # weekday: "*" 24 | # month: "*" 25 | 26 | gitlab_config_backup_cron: {} 27 | # minute: "0" 28 | # hour: "0" 29 | # day: "*" 30 | # weekday: "*" 31 | # month: "*" 32 | 33 | gitlab_search_config_path: "{{ playbook_dir }}/files/groups/{{ item }}/gitlab" 34 | 35 | gitlab_host_config_ssl_path: "{{ gitlab_host_config_path | default(inventory_hostname) }}/ssl" 36 | gitlab_config_file_path: /etc/gitlab/gitlab.rb 37 | gitlab_config_path: /etc/gitlab 38 | 39 | gitlab_config_backup_path: /var/opt/gitlab/backups 40 | 41 | # backward compatibility 42 | gitlab_search_config_paths: [] 43 | gitlab_host_config_file_path: "{{ gitlab_host_config_path | default(inventory_hostname) }}/gitlab.rb.j2" 44 | -------------------------------------------------------------------------------- /handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Start postfix 3 | systemd: 4 | name: postfix 5 | state: started 6 | enabled: yes 7 | 8 | - name: Start sshd 9 | systemd: 10 | name: "{{ gitlab_ssh_service_name }}" 11 | state: started 12 | enabled: yes 13 | 14 | - name: Reconfigure GitLab 15 | command: gitlab-ctl reconfigure 16 | 17 | - name: Reconfigure and restart GitLab 18 | shell: gitlab-ctl reconfigure && gitlab-ctl restart 19 | retries: 5 20 | delay: 20 21 | -------------------------------------------------------------------------------- /meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | galaxy_info: 3 | author: Opsta 4 | description: Ansible role to install and config gitlab-ce 5 | company: "Opsta (Thailand) Co.,Ltd." 6 | license: "MIT" 7 | min_ansible_version: 2.4 8 | platforms: 9 | - name: Ubuntu 10 | versions: 11 | - xenial 12 | - name: RedHat 13 | versions: 14 | - 7 15 | galaxy_tags: 16 | - gitlab 17 | - vcs 18 | dependencies: [] 19 | -------------------------------------------------------------------------------- /tasks/gitlab_install.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Install Gitlab CE 3 | package: 4 | name: "{{ gitlab_package }}" 5 | state: present 6 | -------------------------------------------------------------------------------- /tasks/gitlab_post.yml: -------------------------------------------------------------------------------- 1 | --- 2 | #- name: Setup sshd not to accept password 3 | 4 | - name: Copy GitLab configuration file 5 | template: 6 | src: "{{ gitlab_host_config_file_path if gitlab_config_check.stat.exists else 'gitlab.rb.j2' }}" 7 | dest: "{{ gitlab_config_file_path }}" 8 | owner: root 9 | group: root 10 | mode: 0644 11 | notify: Reconfigure and restart GitLab 12 | 13 | - name: Replace configurations 14 | lineinfile: 15 | dest: "{{ gitlab_config_file_path }}" 16 | state: present 17 | regexp: "^\\#* *{{ item.config_prefix }}\\['{{ item.config_key }}'\\] = (.*)$" 18 | line: "{{ item.config_prefix }}['{{ item.config_key }}'] = {% if item.config_quote is defined and item.config_quote %}'{{ item.config_value }}'{% else %}{{ item.config_value }}{% endif %}" 19 | with_items: "{{ gitlab_rb_configs }}" 20 | when: not gitlab_config_check.stat.exists 21 | notify: Reconfigure and restart GitLab 22 | 23 | - name: Copy GitLab SSL certificates 24 | copy: 25 | src: "{{ gitlab_host_config_ssl_path }}" 26 | dest: "{{ gitlab_config_path }}" 27 | when: 28 | - gitlab_config_ssl_check.stat.isdir is defined 29 | - gitlab_config_ssl_check.stat.isdir 30 | notify: Reconfigure and restart GitLab 31 | 32 | - name: Create backup path 33 | file: 34 | path: "{{ gitlab_config_backup_path }}" 35 | state: directory 36 | mode: 0700 37 | owner: root 38 | group: root 39 | 40 | - name: Setup cron to backup GitLab 41 | cron: 42 | name: Backup GitLab 43 | minute: "{{ item.minute }}" 44 | hour: "{{ item.hour }}" 45 | day: "{{ item.day }}" 46 | weekday: "{{ item.weekday }}" 47 | month: "{{ item.month }}" 48 | job: /opt/gitlab/bin/gitlab-backup create CRON=1 49 | with_items: "{{ gitlab_app_backup_cron }}" 50 | when: gitlab_app_backup_cron is defined 51 | 52 | - name: Setup cron to backup GitLab configuration files 53 | cron: 54 | name: Backup GitLab configuration files 55 | minute: "{{ item.minute }}" 56 | hour: "{{ item.hour }}" 57 | day: "{{ item.day }}" 58 | weekday: "{{ item.weekday }}" 59 | month: "{{ item.month }}" 60 | job: umask 0077; tar cfz {{ gitlab_config_backup_path }}/$(date "+etc-gitlab-\%s.tgz") -C / etc/gitlab 61 | with_items: "{{ gitlab_config_backup_cron }}" 62 | when: gitlab_config_backup_cron is defined 63 | 64 | - name: Setup cron to backup SSH host keys 65 | cron: 66 | name: Backup SSH host keys 67 | minute: "{{ item.minute }}" 68 | hour: "{{ item.hour }}" 69 | day: "{{ item.day }}" 70 | weekday: "{{ item.weekday }}" 71 | month: "{{ item.month }}" 72 | job: umask 0077; tar cfz {{ gitlab_config_backup_path }}/$(date "+etc-ssh-\%s.tgz") -C / etc/ssh 73 | with_items: "{{ gitlab_config_backup_cron }}" 74 | when: gitlab_config_backup_cron is defined 75 | -------------------------------------------------------------------------------- /tasks/gitlab_pre.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - block: # Firewall Configuration for RedHat 3 | 4 | - name: Ensure firewalld is enabled 5 | systemd: 6 | name: firewalld 7 | state: started 8 | enabled: yes 9 | 10 | - name: Allow some firewall to using 11 | firewalld: 12 | service: "{{ item }}" 13 | permanent: true 14 | state: enabled 15 | immediate: yes 16 | with_items: "{{ gitlab_firewalld_allows }}" 17 | 18 | when: ansible_os_family == "RedHat" 19 | 20 | 21 | - name: Install GitLab dependencies 22 | package: 23 | name: "{{ gitlab_package_dependencies }}" 24 | state: present 25 | update_cache: yes 26 | notify: 27 | - Start sshd 28 | 29 | - name: Install Postfix 30 | package: 31 | name: postfix 32 | state: present 33 | notify: 34 | - Start postfix 35 | when: not gitlab_use_external_smtp 36 | 37 | - meta: flush_handlers 38 | 39 | - name: Run script to check system and add repository for GitLab CE 40 | shell: "curl -L -s {{ gitlab_script_url }} | bash" 41 | args: 42 | # Not to warn about using get_url 43 | warn: false 44 | -------------------------------------------------------------------------------- /tasks/gitlab_search_config.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Set list of path to look for local GitLab configuration directory 3 | set_fact: 4 | gitlab_search_config_paths: "{{ gitlab_search_config_paths }} + [ '{{ gitlab_search_config_path }}' ]" 5 | with_items: "{{ group_names }}" 6 | 7 | - name: Check if GitLab configuration directory exists 8 | stat: 9 | path: "{{ item }}" 10 | register: gitlab_config_check 11 | become: false 12 | delegate_to: 127.0.0.1 13 | with_first_found: 14 | - files: "{{ gitlab_search_config_paths }}" 15 | skip: true 16 | 17 | - name: Set GitLab configuration directory 18 | set_fact: 19 | gitlab_host_config_path: "{{ gitlab_config_check.results[0].stat.path }}" 20 | when: 21 | - gitlab_config_check.results[0] is defined 22 | - gitlab_config_check.results[0].stat is defined 23 | - gitlab_config_check.results[0].stat.isdir 24 | 25 | - name: Check if GitLab template configuration file is exists 26 | stat: 27 | path: "{{ gitlab_host_config_file_path }}" 28 | become: false 29 | delegate_to: 127.0.0.1 30 | register: gitlab_config_check 31 | 32 | - name: Check if GitLab SSL certificates is exists 33 | stat: 34 | path: "{{ gitlab_host_config_ssl_path }}" 35 | become: false 36 | delegate_to: 127.0.0.1 37 | register: gitlab_config_ssl_check 38 | -------------------------------------------------------------------------------- /tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Include OS family specific variables 3 | include_vars: "{{ item }}" 4 | with_first_found: 5 | - "{{ ansible_distribution }}-{{ ansible_distribution_major_version | int }}.yml" 6 | - "{{ ansible_distribution }}.yml" 7 | - "{{ ansible_os_family }}.yml" 8 | when: > 9 | gitlab_package is not defined or 10 | gitlab_package_dependencies is not defined 11 | 12 | - block: 13 | - include_tasks: gitlab_pre.yml 14 | - include_tasks: gitlab_install.yml 15 | tags: 16 | - gitlab_install 17 | 18 | - block: # Configure Gitlab 19 | - include_tasks: gitlab_search_config.yml 20 | - include_tasks: gitlab_post.yml 21 | tags: 22 | - gitlab_configure 23 | -------------------------------------------------------------------------------- /templates/gitlab.rb.j2: -------------------------------------------------------------------------------- 1 | ## GitLab configuration settings 2 | ##! This file is generated during initial installation and **is not** modified 3 | ##! during upgrades. 4 | ##! Check out the latest version of this file to know about the different 5 | ##! settings that can be configured by this file, which may be found at: 6 | ##! https://gitlab.com/gitlab-org/omnibus-gitlab/raw/master/files/gitlab-config-template/gitlab.rb.template 7 | 8 | 9 | ## GitLab URL 10 | ##! URL on which GitLab will be reachable. 11 | ##! For more details on configuring external_url see: 12 | ##! https://docs.gitlab.com/omnibus/settings/configuration.html#configuring-the-external-url-for-gitlab 13 | external_url '{{ gitlab_external_url }}' 14 | 15 | ## Roles for multi-instance GitLab 16 | ##! The default is to have no roles enabled, which results in GitLab running as an all-in-one instance. 17 | ##! Options: 18 | ##! redis_sentinel_role redis_master_role redis_slave_role geo_primary_role geo_secondary_role 19 | ##! For more details on each role, see: 20 | ##! https://docs.gitlab.com/omnibus/roles/README.html#roles 21 | ##! 22 | {% if gitlab_roles %} 23 | roles {{ gitlab_roles }} 24 | {% else %} 25 | # roles ['redis_sentinel_role', 'redis_master_role'] 26 | {% endif %} 27 | 28 | ## Legend 29 | ##! The following notations at the beginning of each line may be used to 30 | ##! differentiate between components of this file and to easily select them using 31 | ##! a regex. 32 | ##! ## Titles, subtitles etc 33 | ##! ##! More information - Description, Docs, Links, Issues etc. 34 | ##! Configuration settings have a single # followed by a single space at the 35 | ##! beginning; Remove them to enable the setting. 36 | 37 | ##! **Configuration settings below are optional.** 38 | ##! **The values currently assigned are only examples and ARE NOT the default 39 | ##! values.** 40 | 41 | 42 | ################################################################################ 43 | ################################################################################ 44 | ## Configuration Settings for GitLab CE and EE ## 45 | ################################################################################ 46 | ################################################################################ 47 | 48 | ################################################################################ 49 | ## gitlab.yml configuration 50 | ##! Docs: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/gitlab.yml.md 51 | ################################################################################ 52 | # gitlab_rails['gitlab_ssh_host'] = 'ssh.host_example.com' 53 | # gitlab_rails['time_zone'] = 'UTC' 54 | 55 | ### Email Settings 56 | # gitlab_rails['gitlab_email_enabled'] = true 57 | # gitlab_rails['gitlab_email_from'] = 'example@example.com' 58 | # gitlab_rails['gitlab_email_display_name'] = 'Example' 59 | # gitlab_rails['gitlab_email_reply_to'] = 'noreply@example.com' 60 | # gitlab_rails['gitlab_email_subject_suffix'] = '' 61 | 62 | ### GitLab user privileges 63 | # gitlab_rails['gitlab_default_can_create_group'] = true 64 | # gitlab_rails['gitlab_username_changing_enabled'] = true 65 | 66 | ### Default Theme 67 | # gitlab_rails['gitlab_default_theme'] = 2 68 | 69 | ### Default project feature settings 70 | # gitlab_rails['gitlab_default_projects_features_issues'] = true 71 | # gitlab_rails['gitlab_default_projects_features_merge_requests'] = true 72 | # gitlab_rails['gitlab_default_projects_features_wiki'] = true 73 | # gitlab_rails['gitlab_default_projects_features_snippets'] = true 74 | # gitlab_rails['gitlab_default_projects_features_builds'] = true 75 | # gitlab_rails['gitlab_default_projects_features_container_registry'] = true 76 | 77 | ### Automatic issue closing 78 | ###! See https://docs.gitlab.com/ce/customization/issue_closing.html for more 79 | ###! information about this pattern. 80 | # gitlab_rails['gitlab_issue_closing_pattern'] = "\b((?:[Cc]los(?:e[sd]?|ing)|\b[Ff]ix(?:e[sd]|ing)?|\b[Rr]esolv(?:e[sd]?|ing)|\b[Ii]mplement(?:s|ed|ing)?)(:?) +(?:(?:issues? +)?%{issue_ref}(?:(?:, *| +and +)?)|([A-Z][A-Z0-9_]+-\d+))+)" 81 | 82 | ### Download location 83 | ###! When a user clicks e.g. 'Download zip' on a project, a temporary zip file 84 | ###! is created in the following directory. 85 | ###! Should not be the same path, or a sub directory of any of the `git_data_dirs` 86 | # gitlab_rails['gitlab_repository_downloads_path'] = 'tmp/repositories' 87 | 88 | ### Gravatar Settings 89 | # gitlab_rails['gravatar_plain_url'] = 'http://www.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon' 90 | # gitlab_rails['gravatar_ssl_url'] = 'https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon' 91 | 92 | ### Auxiliary jobs 93 | ###! Periodically executed jobs, to self-heal Gitlab, do external 94 | ###! synchronizations, etc. 95 | ###! Docs: https://github.com/ondrejbartas/sidekiq-cron#adding-cron-job 96 | ###! https://docs.gitlab.com/ce/ci/yaml/README.html#artifacts:expire_in 97 | # gitlab_rails['stuck_ci_jobs_worker_cron'] = "0 0 * * *" 98 | # gitlab_rails['expire_build_artifacts_worker_cron'] = "50 * * * *" 99 | # gitlab_rails['pipeline_schedule_worker_cron'] = "41 * * * *" 100 | # gitlab_rails['ci_archive_traces_cron_worker_cron'] = "17 * * * *" 101 | # gitlab_rails['repository_check_worker_cron'] = "20 * * * *" 102 | # gitlab_rails['admin_email_worker_cron'] = "0 0 * * 0" 103 | # gitlab_rails['repository_archive_cache_worker_cron'] = "0 * * * *" 104 | # gitlab_rails['pages_domain_verification_cron_worker'] = "*/15 * * * *" 105 | # gitlab_rails['pages_domain_ssl_renewal_cron_worker'] = "*/10 * * * *" 106 | # gitlab_rails['pages_domain_removal_cron_worker'] = "47 0 * * *" 107 | # gitlab_rails['schedule_migrate_external_diffs_worker_cron'] = "15 * * * *" 108 | 109 | ### Webhook Settings 110 | ###! Number of seconds to wait for HTTP response after sending webhook HTTP POST 111 | ###! request (default: 10) 112 | # gitlab_rails['webhook_timeout'] = 10 113 | 114 | ### Trusted proxies 115 | ###! Customize if you have GitLab behind a reverse proxy which is running on a 116 | ###! different machine. 117 | ###! **Add the IP address for your reverse proxy to the list, otherwise users 118 | ###! will appear signed in from that address.** 119 | # gitlab_rails['trusted_proxies'] = [] 120 | 121 | ### Monitoring settings 122 | ###! IP whitelist controlling access to monitoring endpoints 123 | # gitlab_rails['monitoring_whitelist'] = ['127.0.0.0/8', '::1/128'] 124 | ###! Time between sampling of unicorn socket metrics, in seconds 125 | # gitlab_rails['monitoring_unicorn_sampler_interval'] = 10 126 | 127 | ### Reply by email 128 | ###! Allow users to comment on issues and merge requests by replying to 129 | ###! notification emails. 130 | ###! Docs: https://docs.gitlab.com/ce/administration/reply_by_email.html 131 | # gitlab_rails['incoming_email_enabled'] = true 132 | 133 | #### Incoming Email Address 134 | ####! The email address including the `%{key}` placeholder that will be replaced 135 | ####! to reference the item being replied to. 136 | ####! **The placeholder can be omitted but if present, it must appear in the 137 | ####! "user" part of the address (before the `@`).** 138 | # gitlab_rails['incoming_email_address'] = "gitlab-incoming+%{key}@gmail.com" 139 | 140 | #### Email account username 141 | ####! **With third party providers, this is usually the full email address.** 142 | ####! **With self-hosted email servers, this is usually the user part of the 143 | ####! email address.** 144 | # gitlab_rails['incoming_email_email'] = "gitlab-incoming@gmail.com" 145 | 146 | #### Email account password 147 | # gitlab_rails['incoming_email_password'] = "[REDACTED]" 148 | 149 | #### IMAP Settings 150 | # gitlab_rails['incoming_email_host'] = "imap.gmail.com" 151 | # gitlab_rails['incoming_email_port'] = 993 152 | # gitlab_rails['incoming_email_ssl'] = true 153 | # gitlab_rails['incoming_email_start_tls'] = false 154 | 155 | #### Incoming Mailbox Settings 156 | ####! The mailbox where incoming mail will end up. Usually "inbox". 157 | # gitlab_rails['incoming_email_mailbox_name'] = "inbox" 158 | ####! The IDLE command timeout. 159 | # gitlab_rails['incoming_email_idle_timeout'] = 60 160 | 161 | ### Job Artifacts 162 | # gitlab_rails['artifacts_enabled'] = true 163 | # gitlab_rails['artifacts_path'] = "/var/opt/gitlab/gitlab-rails/shared/artifacts" 164 | ####! Job artifacts Object Store 165 | ####! Docs: https://docs.gitlab.com/ee/administration/job_artifacts.html#using-object-storage 166 | # gitlab_rails['artifacts_object_store_enabled'] = false 167 | # gitlab_rails['artifacts_object_store_direct_upload'] = false 168 | # gitlab_rails['artifacts_object_store_background_upload'] = true 169 | # gitlab_rails['artifacts_object_store_proxy_download'] = false 170 | # gitlab_rails['artifacts_object_store_remote_directory'] = "artifacts" 171 | # gitlab_rails['artifacts_object_store_connection'] = { 172 | # 'provider' => 'AWS', 173 | # 'region' => 'eu-west-1', 174 | # 'aws_access_key_id' => 'AWS_ACCESS_KEY_ID', 175 | # 'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY', 176 | # # # The below options configure an S3 compatible host instead of AWS 177 | # # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4. 178 | # # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces 179 | # # 'host' => 's3.amazonaws.com', 180 | # # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object' 181 | # } 182 | 183 | ### External merge request diffs 184 | # gitlab_rails['external_diffs_enabled'] = false 185 | # gitlab_rails['external_diffs_when'] = nil 186 | # gitlab_rails['external_diffs_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/external-diffs" 187 | # gitlab_rails['external_diffs_object_store_enabled'] = false 188 | # gitlab_rails['external_diffs_object_store_direct_upload'] = false 189 | # gitlab_rails['external_diffs_object_store_background_upload'] = false 190 | # gitlab_rails['external_diffs_object_store_proxy_download'] = false 191 | # gitlab_rails['external_diffs_object_store_remote_directory'] = "external-diffs" 192 | # gitlab_rails['external_diffs_object_store_connection'] = { 193 | # 'provider' => 'AWS', 194 | # 'region' => 'eu-west-1', 195 | # 'aws_access_key_id' => 'AWS_ACCESS_KEY_ID', 196 | # 'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY', 197 | # # # The below options configure an S3 compatible host instead of AWS 198 | # # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4. 199 | # # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces 200 | # # 'host' => 's3.amazonaws.com', 201 | # # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object' 202 | # } 203 | 204 | ### Git LFS 205 | # gitlab_rails['lfs_enabled'] = true 206 | # gitlab_rails['lfs_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/lfs-objects" 207 | # gitlab_rails['lfs_object_store_enabled'] = false 208 | # gitlab_rails['lfs_object_store_direct_upload'] = false 209 | # gitlab_rails['lfs_object_store_background_upload'] = true 210 | # gitlab_rails['lfs_object_store_proxy_download'] = false 211 | # gitlab_rails['lfs_object_store_remote_directory'] = "lfs-objects" 212 | # gitlab_rails['lfs_object_store_connection'] = { 213 | # 'provider' => 'AWS', 214 | # 'region' => 'eu-west-1', 215 | # 'aws_access_key_id' => 'AWS_ACCESS_KEY_ID', 216 | # 'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY', 217 | # # # The below options configure an S3 compatible host instead of AWS 218 | # # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4. 219 | # # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces 220 | # # 'host' => 's3.amazonaws.com', 221 | # # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object' 222 | # } 223 | 224 | ### GitLab uploads 225 | ###! Docs: https://docs.gitlab.com/ee/administration/uploads.html 226 | # gitlab_rails['uploads_storage_path'] = "/opt/gitlab/embedded/service/gitlab-rails/public" 227 | # gitlab_rails['uploads_base_dir'] = "uploads/-/system" 228 | # gitlab_rails['uploads_object_store_enabled'] = false 229 | # gitlab_rails['uploads_object_store_direct_upload'] = false 230 | # gitlab_rails['uploads_object_store_background_upload'] = true 231 | # gitlab_rails['uploads_object_store_proxy_download'] = false 232 | # gitlab_rails['uploads_object_store_remote_directory'] = "uploads" 233 | # gitlab_rails['uploads_object_store_connection'] = { 234 | # 'provider' => 'AWS', 235 | # 'region' => 'eu-west-1', 236 | # 'aws_access_key_id' => 'AWS_ACCESS_KEY_ID', 237 | # 'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY', 238 | # # # The below options configure an S3 compatible host instead of AWS 239 | # # 'host' => 's3.amazonaws.com', 240 | # # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4. 241 | # # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces 242 | # # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object' 243 | # } 244 | 245 | ### Impersonation settings 246 | # gitlab_rails['impersonation_enabled'] = true 247 | 248 | ### Usage Statistics 249 | # gitlab_rails['usage_ping_enabled'] = true 250 | 251 | ### GitLab Mattermost 252 | ###! These settings are void if Mattermost is installed on the same omnibus 253 | ###! install 254 | # gitlab_rails['mattermost_host'] = "https://mattermost.example.com" 255 | 256 | ### LDAP Settings 257 | ###! Docs: https://docs.gitlab.com/omnibus/settings/ldap.html 258 | ###! **Be careful not to break the indentation in the ldap_servers block. It is 259 | ###! in yaml format and the spaces must be retained. Using tabs will not work.** 260 | 261 | # gitlab_rails['ldap_enabled'] = false 262 | 263 | ###! **remember to close this block with 'EOS' below** 264 | # gitlab_rails['ldap_servers'] = YAML.load <<-'EOS' 265 | # main: # 'main' is the GitLab 'provider ID' of this LDAP server 266 | # label: 'LDAP' 267 | # host: '_your_ldap_server' 268 | # port: 389 269 | # uid: 'sAMAccountName' 270 | # bind_dn: '_the_full_dn_of_the_user_you_will_bind_with' 271 | # password: '_the_password_of_the_bind_user' 272 | # encryption: 'plain' # "start_tls" or "simple_tls" or "plain" 273 | # verify_certificates: true 274 | # smartcard_auth: false 275 | # active_directory: true 276 | # allow_username_or_email_login: false 277 | # lowercase_usernames: false 278 | # block_auto_created_users: false 279 | # base: '' 280 | # user_filter: '' 281 | # ## EE only 282 | # group_base: '' 283 | # admin_group: '' 284 | # sync_ssh_keys: false 285 | # 286 | # secondary: # 'secondary' is the GitLab 'provider ID' of second LDAP server 287 | # label: 'LDAP' 288 | # host: '_your_ldap_server' 289 | # port: 389 290 | # uid: 'sAMAccountName' 291 | # bind_dn: '_the_full_dn_of_the_user_you_will_bind_with' 292 | # password: '_the_password_of_the_bind_user' 293 | # encryption: 'plain' # "start_tls" or "simple_tls" or "plain" 294 | # verify_certificates: true 295 | # smartcard_auth: false 296 | # active_directory: true 297 | # allow_username_or_email_login: false 298 | # lowercase_usernames: false 299 | # block_auto_created_users: false 300 | # base: '' 301 | # user_filter: '' 302 | # ## EE only 303 | # group_base: '' 304 | # admin_group: '' 305 | # sync_ssh_keys: false 306 | # EOS 307 | 308 | ### Smartcard authentication settings 309 | ###! Docs: https://docs.gitlab.com/ee/administration/auth/smartcard.html 310 | # gitlab_rails['smartcard_enabled'] = false 311 | # gitlab_rails['smartcard_ca_file'] = "/etc/gitlab/ssl/CA.pem" 312 | # gitlab_rails['smartcard_client_certificate_required_port'] = 3444 313 | # gitlab_rails['smartcard_required_for_git_access'] = false 314 | 315 | ### OmniAuth Settings 316 | ###! Docs: https://docs.gitlab.com/ce/integration/omniauth.html 317 | # gitlab_rails['omniauth_enabled'] = nil 318 | # gitlab_rails['omniauth_allow_single_sign_on'] = ['saml'] 319 | # gitlab_rails['omniauth_sync_email_from_provider'] = 'saml' 320 | # gitlab_rails['omniauth_sync_profile_from_provider'] = ['saml'] 321 | # gitlab_rails['omniauth_sync_profile_attributes'] = ['email'] 322 | # gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'saml' 323 | # gitlab_rails['omniauth_block_auto_created_users'] = true 324 | # gitlab_rails['omniauth_auto_link_ldap_user'] = false 325 | # gitlab_rails['omniauth_auto_link_saml_user'] = false 326 | # gitlab_rails['omniauth_external_providers'] = ['twitter', 'google_oauth2'] 327 | # gitlab_rails['omniauth_providers'] = [ 328 | # { 329 | # "name" => "google_oauth2", 330 | # "app_id" => "YOUR APP ID", 331 | # "app_secret" => "YOUR APP SECRET", 332 | # "args" => { "access_type" => "offline", "approval_prompt" => "" } 333 | # } 334 | # ] 335 | 336 | ### Backup Settings 337 | ###! Docs: https://docs.gitlab.com/omnibus/settings/backups.html 338 | 339 | # gitlab_rails['manage_backup_path'] = true 340 | # gitlab_rails['backup_path'] = "/var/opt/gitlab/backups" 341 | 342 | ###! Docs: https://docs.gitlab.com/ce/raketasks/backup_restore.html#backup-archive-permissions 343 | # gitlab_rails['backup_archive_permissions'] = 0644 344 | 345 | # gitlab_rails['backup_pg_schema'] = 'public' 346 | 347 | ###! The duration in seconds to keep backups before they are allowed to be deleted 348 | # gitlab_rails['backup_keep_time'] = 604800 349 | 350 | # gitlab_rails['backup_upload_connection'] = { 351 | # 'provider' => 'AWS', 352 | # 'region' => 'eu-west-1', 353 | # 'aws_access_key_id' => 'AKIAKIAKI', 354 | # 'aws_secret_access_key' => 'secret123' 355 | # } 356 | # gitlab_rails['backup_upload_remote_directory'] = 'my.s3.bucket' 357 | # gitlab_rails['backup_multipart_chunk_size'] = 104857600 358 | 359 | ###! **Turns on AWS Server-Side Encryption with Amazon S3-Managed Keys for 360 | ###! backups** 361 | # gitlab_rails['backup_encryption'] = 'AES256' 362 | ###! The encryption key to use with AWS Server-Side Encryption. 363 | ###! Setting this value will enable Server-Side Encryption with customer provided keys; 364 | ###! otherwise S3-managed keys are used. 365 | # gitlab_rails['backup_encryption_key'] = '' 366 | 367 | ###! **Specifies Amazon S3 storage class to use for backups. Valid values 368 | ###! include 'STANDARD', 'STANDARD_IA', and 'REDUCED_REDUNDANCY'** 369 | # gitlab_rails['backup_storage_class'] = 'STANDARD' 370 | 371 | 372 | ### Pseudonymizer Settings 373 | # gitlab_rails['pseudonymizer_manifest'] = 'config/pseudonymizer.yml' 374 | # gitlab_rails['pseudonymizer_upload_remote_directory'] = 'gitlab-elt' 375 | # gitlab_rails['pseudonymizer_upload_connection'] = { 376 | # 'provider' => 'AWS', 377 | # 'region' => 'eu-west-1', 378 | # 'aws_access_key_id' => 'AKIAKIAKI', 379 | # 'aws_secret_access_key' => 'secret123' 380 | # } 381 | 382 | 383 | ### For setting up different data storing directory 384 | ###! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#storing-git-data-in-an-alternative-directory 385 | ###! **If you want to use a single non-default directory to store git data use a 386 | ###! path that doesn't contain symlinks.** 387 | # git_data_dirs({ 388 | # "default" => { 389 | # "path" => "/mnt/nfs-01/git-data" 390 | # } 391 | # }) 392 | 393 | ### Gitaly settings 394 | # gitlab_rails['gitaly_token'] = 'secret token' 395 | 396 | ### For storing GitLab application uploads, eg. LFS objects, build artifacts 397 | ###! Docs: https://docs.gitlab.com/ce/development/shared_files.html 398 | # gitlab_rails['shared_path'] = '/var/opt/gitlab/gitlab-rails/shared' 399 | 400 | ### Wait for file system to be mounted 401 | ###! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#only-start-omnibus-gitlab-services-after-a-given-filesystem-is-mounted 402 | # high_availability['mountpoint'] = ["/var/opt/gitlab/git-data", "/var/opt/gitlab/gitlab-rails/shared"] 403 | 404 | ### GitLab Shell settings for GitLab 405 | # gitlab_rails['gitlab_shell_ssh_port'] = 22 406 | # gitlab_rails['gitlab_shell_git_timeout'] = 800 407 | 408 | ### Extra customization 409 | # gitlab_rails['extra_google_analytics_id'] = '_your_tracking_id' 410 | # gitlab_rails['extra_piwik_url'] = '_your_piwik_url' 411 | # gitlab_rails['extra_piwik_site_id'] = '_your_piwik_site_id' 412 | 413 | ##! Docs: https://docs.gitlab.com/omnibus/settings/environment-variables.html 414 | # gitlab_rails['env'] = { 415 | # 'BUNDLE_GEMFILE' => "/opt/gitlab/embedded/service/gitlab-rails/Gemfile", 416 | # 'PATH' => "/opt/gitlab/bin:/opt/gitlab/embedded/bin:/bin:/usr/bin" 417 | # } 418 | 419 | # gitlab_rails['rack_attack_git_basic_auth'] = { 420 | # 'enabled' => false, 421 | # 'ip_whitelist' => ["127.0.0.1"], 422 | # 'maxretry' => 10, 423 | # 'findtime' => 60, 424 | # 'bantime' => 3600 425 | # } 426 | 427 | # gitlab_rails['rack_attack_protected_paths'] = [ 428 | # '/users/password', 429 | # '/users/sign_in', 430 | # '/api/#{API::API.version}/session.json', 431 | # '/api/#{API::API.version}/session', 432 | # '/users', 433 | # '/users/confirmation', 434 | # '/unsubscribes/', 435 | # '/import/github/personal_access_token' 436 | # ] 437 | 438 | ###! **We do not recommend changing these directories.** 439 | # gitlab_rails['dir'] = "/var/opt/gitlab/gitlab-rails" 440 | # gitlab_rails['log_directory'] = "/var/log/gitlab/gitlab-rails" 441 | 442 | ### GitLab application settings 443 | # gitlab_rails['uploads_directory'] = "/var/opt/gitlab/gitlab-rails/uploads" 444 | # gitlab_rails['rate_limit_requests_per_period'] = 10 445 | # gitlab_rails['rate_limit_period'] = 60 446 | 447 | #### Change the initial default admin password and shared runner registration tokens. 448 | ####! **Only applicable on initial setup, changing these settings after database 449 | ####! is created and seeded won't yield any change.** 450 | # gitlab_rails['initial_root_password'] = "password" 451 | # gitlab_rails['initial_shared_runners_registration_token'] = "token" 452 | 453 | #### Set path to an initial license to be used while bootstrapping GitLab. 454 | ####! **Only applicable on initial setup, future license updations need to be done via UI. 455 | ####! Updating the file specified in this path won't yield any change after the first reconfigure run. 456 | # gitlab_rails['iniitial_license_file'] = '/etc/gitlab/company.gitlab-license' 457 | 458 | #### Enable or disable automatic database migrations 459 | # gitlab_rails['auto_migrate'] = true 460 | 461 | #### This is advanced feature used by large gitlab deployments where loading 462 | #### whole RAILS env takes a lot of time. 463 | # gitlab_rails['rake_cache_clear'] = true 464 | 465 | ### GitLab database settings 466 | ###! Docs: https://docs.gitlab.com/omnibus/settings/database.html 467 | ###! **Only needed if you use an external database.** 468 | # gitlab_rails['db_adapter'] = "postgresql" 469 | # gitlab_rails['db_encoding'] = "unicode" 470 | # gitlab_rails['db_collation'] = nil 471 | # gitlab_rails['db_database'] = "gitlabhq_production" 472 | # gitlab_rails['db_pool'] = 10 473 | # gitlab_rails['db_username'] = "gitlab" 474 | # gitlab_rails['db_password'] = nil 475 | # gitlab_rails['db_host'] = nil 476 | # gitlab_rails['db_port'] = 5432 477 | # gitlab_rails['db_socket'] = nil 478 | # gitlab_rails['db_sslmode'] = nil 479 | # gitlab_rails['db_sslcompression'] = 0 480 | # gitlab_rails['db_sslrootcert'] = nil 481 | # gitlab_rails['db_prepared_statements'] = false 482 | # gitlab_rails['db_statements_limit'] = 1000 483 | 484 | 485 | ### GitLab Redis settings 486 | ###! Connect to your own Redis instance 487 | ###! Docs: https://docs.gitlab.com/omnibus/settings/redis.html 488 | 489 | #### Redis TCP connection 490 | # gitlab_rails['redis_host'] = "127.0.0.1" 491 | # gitlab_rails['redis_port'] = 6379 492 | # gitlab_rails['redis_ssl'] = false 493 | # gitlab_rails['redis_password'] = nil 494 | # gitlab_rails['redis_database'] = 0 495 | # gitlab_rails['redis_enable_client'] = true 496 | 497 | #### Redis local UNIX socket (will be disabled if TCP method is used) 498 | # gitlab_rails['redis_socket'] = "/var/opt/gitlab/redis/redis.socket" 499 | 500 | #### Sentinel support 501 | ####! To have Sentinel working, you must enable Redis TCP connection support 502 | ####! above and define a few Sentinel hosts below (to get a reliable setup 503 | ####! at least 3 hosts). 504 | ####! **You don't need to list every sentinel host, but the ones not listed will 505 | ####! not be used in a fail-over situation to query for the new master.** 506 | # gitlab_rails['redis_sentinels'] = [ 507 | # {'host' => '127.0.0.1', 'port' => 26379}, 508 | # ] 509 | 510 | #### Separate instances support 511 | ###! Docs: https://docs.gitlab.com/omnibus/settings/redis.html#running-with-multiple-redis-instances 512 | # gitlab_rails['redis_cache_instance'] = nil 513 | # gitlab_rails['redis_cache_sentinels'] = nil 514 | # gitlab_rails['redis_queues_instance'] = nil 515 | # gitlab_rails['redis_queues_sentinels'] = nil 516 | # gitlab_rails['redis_shared_state_instance'] = nil 517 | # gitlab_rails['redis_shared_sentinels'] = nil 518 | 519 | ### GitLab email server settings 520 | ###! Docs: https://docs.gitlab.com/omnibus/settings/smtp.html 521 | ###! **Use smtp instead of sendmail/postfix.** 522 | 523 | # gitlab_rails['smtp_enable'] = true 524 | # gitlab_rails['smtp_address'] = "smtp.server" 525 | # gitlab_rails['smtp_port'] = 465 526 | # gitlab_rails['smtp_user_name'] = "smtp user" 527 | # gitlab_rails['smtp_password'] = "smtp password" 528 | # gitlab_rails['smtp_domain'] = "example.com" 529 | # gitlab_rails['smtp_authentication'] = "login" 530 | # gitlab_rails['smtp_enable_starttls_auto'] = true 531 | # gitlab_rails['smtp_tls'] = false 532 | 533 | ###! **Can be: 'none', 'peer', 'client_once', 'fail_if_no_peer_cert'** 534 | ###! Docs: http://api.rubyonrails.org/classes/ActionMailer/Base.html 535 | # gitlab_rails['smtp_openssl_verify_mode'] = 'none' 536 | 537 | # gitlab_rails['smtp_ca_path'] = "/etc/ssl/certs" 538 | # gitlab_rails['smtp_ca_file'] = "/etc/ssl/certs/ca-certificates.crt" 539 | 540 | ################################################################################ 541 | ## Container Registry settings 542 | ##! Docs: https://docs.gitlab.com/ce/administration/container_registry.html 543 | ################################################################################ 544 | 545 | # registry_external_url 'https://registry.gitlab.example.com' 546 | 547 | ### Settings used by GitLab application 548 | # gitlab_rails['registry_enabled'] = true 549 | # gitlab_rails['registry_host'] = "registry.gitlab.example.com" 550 | # gitlab_rails['registry_port'] = "5005" 551 | # gitlab_rails['registry_path'] = "/var/opt/gitlab/gitlab-rails/shared/registry" 552 | 553 | ###! **Do not change the following 3 settings unless you know what you are 554 | ###! doing** 555 | # gitlab_rails['registry_api_url'] = "http://localhost:5000" 556 | # gitlab_rails['registry_key_path'] = "/var/opt/gitlab/gitlab-rails/certificate.key" 557 | # gitlab_rails['registry_issuer'] = "omnibus-gitlab-issuer" 558 | 559 | ### Settings used by Registry application 560 | # registry['enable'] = true 561 | # registry['username'] = "registry" 562 | # registry['group'] = "registry" 563 | # registry['uid'] = nil 564 | # registry['gid'] = nil 565 | # registry['dir'] = "/var/opt/gitlab/registry" 566 | # registry['registry_http_addr'] = "localhost:5000" 567 | # registry['debug_addr'] = "localhost:5001" 568 | # registry['log_directory'] = "/var/log/gitlab/registry" 569 | # registry['env_directory'] = "/opt/gitlab/etc/registry/env" 570 | # registry['env'] = { 571 | # 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/" 572 | # } 573 | # registry['log_level'] = "info" 574 | # registry['log_formatter'] = "text" 575 | # registry['rootcertbundle'] = "/var/opt/gitlab/registry/certificate.crt" 576 | # registry['health_storagedriver_enabled'] = true 577 | # registry['storage_delete_enabled'] = true 578 | # registry['validation_enabled'] = false 579 | # registry['autoredirect'] = false 580 | # registry['compatibility_schema1_enabled'] = false 581 | 582 | ### Registry backend storage 583 | ###! Docs: https://docs.gitlab.com/ce/administration/container_registry.html#container-registry-storage-driver 584 | # registry['storage'] = { 585 | # 's3' => { 586 | # 'accesskey' => 'AKIAKIAKI', 587 | # 'secretkey' => 'secret123', 588 | # 'bucket' => 'gitlab-registry-bucket-AKIAKIAKI' 589 | # } 590 | # } 591 | 592 | ### Registry notifications endpoints 593 | # registry['notifications'] = [ 594 | # { 595 | # 'name' => 'test_endpoint', 596 | # 'url' => 'https://gitlab.example.com/notify2', 597 | # 'timeout' => '500ms', 598 | # 'threshold' => 5, 599 | # 'backoff' => '1s', 600 | # 'headers' => { 601 | # "Authorization" => ["AUTHORIZATION_EXAMPLE_TOKEN"] 602 | # } 603 | # } 604 | # ] 605 | ### Default registry notifications 606 | # registry['default_notifications_timeout'] = "500ms" 607 | # registry['default_notifications_threshold'] = 5 608 | # registry['default_notifications_backoff'] = "1s" 609 | # registry['default_notifications_headers'] = {} 610 | 611 | ################################################################################ 612 | ## Error Reporting and Logging with Sentry 613 | ################################################################################ 614 | # gitlab_rails['sentry_enabled'] = false 615 | # gitlab_rails['sentry_dsn'] = 'https://@sentry.io/' 616 | # gitlab_rails['sentry_clientside_dsn'] = 'https://@sentry.io/' 617 | # gitlab_rails['sentry_environment'] = 'production' 618 | 619 | ################################################################################ 620 | ## GitLab Workhorse 621 | ##! Docs: https://gitlab.com/gitlab-org/gitlab-workhorse/blob/master/README.md 622 | ################################################################################ 623 | 624 | # gitlab_workhorse['enable'] = true 625 | # gitlab_workhorse['ha'] = false 626 | # gitlab_workhorse['listen_network'] = "unix" 627 | # gitlab_workhorse['listen_umask'] = 000 628 | # gitlab_workhorse['listen_addr'] = "/var/opt/gitlab/gitlab-workhorse/socket" 629 | # gitlab_workhorse['auth_backend'] = "http://localhost:8080" 630 | 631 | ##! the empty string is the default in gitlab-workhorse option parser 632 | # gitlab_workhorse['auth_socket'] = "''" 633 | 634 | ##! put an empty string on the command line 635 | # gitlab_workhorse['pprof_listen_addr'] = "''" 636 | 637 | # gitlab_workhorse['prometheus_listen_addr'] = "localhost:9229" 638 | 639 | # gitlab_workhorse['dir'] = "/var/opt/gitlab/gitlab-workhorse" 640 | # gitlab_workhorse['log_directory'] = "/var/log/gitlab/gitlab-workhorse" 641 | # gitlab_workhorse['proxy_headers_timeout'] = "1m0s" 642 | 643 | ##! limit number of concurrent API requests, defaults to 0 which is unlimited 644 | # gitlab_workhorse['api_limit'] = 0 645 | 646 | ##! limit number of API requests allowed to be queued, defaults to 0 which 647 | ##! disables queuing 648 | # gitlab_workhorse['api_queue_limit'] = 0 649 | 650 | ##! duration after which we timeout requests if they sit too long in the queue 651 | # gitlab_workhorse['api_queue_duration'] = "30s" 652 | 653 | ##! Long polling duration for job requesting for runners 654 | # gitlab_workhorse['api_ci_long_polling_duration'] = "60s" 655 | 656 | ##! Log format: default is text, can also be json or none. 657 | # gitlab_workhorse['log_format'] = "json" 658 | 659 | # gitlab_workhorse['env_directory'] = "/opt/gitlab/etc/gitlab-workhorse/env" 660 | # gitlab_workhorse['env'] = { 661 | # 'PATH' => "/opt/gitlab/bin:/opt/gitlab/embedded/bin:/bin:/usr/bin", 662 | # 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/" 663 | # } 664 | 665 | ################################################################################ 666 | ## GitLab User Settings 667 | ##! Modify default git user. 668 | ##! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#changing-the-name-of-the-git-user-group 669 | ################################################################################ 670 | 671 | # user['username'] = "git" 672 | # user['group'] = "git" 673 | # user['uid'] = nil 674 | # user['gid'] = nil 675 | 676 | ##! The shell for the git user 677 | # user['shell'] = "/bin/sh" 678 | 679 | ##! The home directory for the git user 680 | # user['home'] = "/var/opt/gitlab" 681 | 682 | # user['git_user_name'] = "GitLab" 683 | # user['git_user_email'] = "gitlab@#{node['fqdn']}" 684 | 685 | ################################################################################ 686 | ## GitLab Unicorn 687 | ##! Tweak unicorn settings. 688 | ##! Docs: https://docs.gitlab.com/omnibus/settings/unicorn.html 689 | ################################################################################ 690 | 691 | # unicorn['enable'] = true 692 | # unicorn['worker_timeout'] = 60 693 | ###! Minimum worker_processes is 2 at this moment 694 | ###! See https://gitlab.com/gitlab-org/gitlab-ce/issues/18771 695 | # unicorn['worker_processes'] = 2 696 | 697 | ### Advanced settings 698 | # unicorn['listen'] = 'localhost' 699 | # unicorn['port'] = 8080 700 | # unicorn['socket'] = '/var/opt/gitlab/gitlab-rails/sockets/gitlab.socket' 701 | # unicorn['pidfile'] = '/opt/gitlab/var/unicorn/unicorn.pid' 702 | # unicorn['tcp_nopush'] = true 703 | # unicorn['backlog_socket'] = 1024 704 | 705 | ###! **Make sure somaxconn is equal or higher then backlog_socket** 706 | # unicorn['somaxconn'] = 1024 707 | 708 | ###! **We do not recommend changing this setting** 709 | # unicorn['log_directory'] = "/var/log/gitlab/unicorn" 710 | 711 | ### **Only change these settings if you understand well what they mean** 712 | ###! Docs: https://about.gitlab.com/2015/06/05/how-gitlab-uses-unicorn-and-unicorn-worker-killer/ 713 | ###! https://github.com/kzk/unicorn-worker-killer 714 | # unicorn['worker_memory_limit_min'] = "400 * 1 << 20" 715 | # unicorn['worker_memory_limit_max'] = "650 * 1 << 20" 716 | 717 | ################################################################################ 718 | ## GitLab Puma 719 | ##! Tweak puma settings. You should only use Unicorn or Puma, not both. 720 | ##! Docs: https://docs.gitlab.com/omnibus/settings/puma.html 721 | ################################################################################ 722 | 723 | # puma['enable'] = false 724 | # puma['ha'] = false 725 | # puma['worker_timeout'] = 60 726 | # puma['worker_processes'] = 2 727 | # puma['min_threads'] = 1 728 | # puma['max_threads'] = 16 729 | 730 | ### Advanced settings 731 | # puma['listen'] = '127.0.0.1' 732 | # puma['port'] = 8080 733 | # puma['socket'] = '/var/opt/gitlab/gitlab-rails/sockets/gitlab.socket' 734 | # puma['pidfile'] = '/opt/gitlab/var/puma/puma.pid' 735 | # puma['state_path'] = '/opt/gitlab/var/puma/puma.state' 736 | 737 | ###! **We do not recommend changing this setting** 738 | # puma['log_directory'] = "/var/log/gitlab/puma" 739 | 740 | ### **Only change these settings if you understand well what they mean** 741 | ###! Docs: https://github.com/schneems/puma_worker_killer 742 | # puma['per_worker_max_memory_mb'] = 650 743 | 744 | ################################################################################ 745 | ## GitLab Sidekiq 746 | ################################################################################ 747 | 748 | # sidekiq['log_directory'] = "/var/log/gitlab/sidekiq" 749 | # sidekiq['log_format'] = "json" 750 | # sidekiq['shutdown_timeout'] = 4 751 | # sidekiq['concurrency'] = 25 752 | # sidekiq['metrics_enabled'] = true 753 | # sidekiq['listen_address'] = "localhost" 754 | # sidekiq['listen_port'] = 8082 755 | 756 | ################################################################################ 757 | ## gitlab-shell 758 | ################################################################################ 759 | 760 | # gitlab_shell['audit_usernames'] = false 761 | # gitlab_shell['log_level'] = 'INFO' 762 | # gitlab_shell['log_format'] = 'json' 763 | # gitlab_shell['http_settings'] = { user: 'username', password: 'password', ca_file: '/etc/ssl/cert.pem', ca_path: '/etc/pki/tls/certs', self_signed_cert: false} 764 | # gitlab_shell['log_directory'] = "/var/log/gitlab/gitlab-shell/" 765 | # gitlab_shell['custom_hooks_dir'] = "/opt/gitlab/embedded/service/gitlab-shell/hooks" 766 | 767 | # gitlab_shell['auth_file'] = "/var/opt/gitlab/.ssh/authorized_keys" 768 | 769 | ### Migration to Go feature flags 770 | ###! Docs: https://gitlab.com/gitlab-org/gitlab-shell#migration-to-go-feature-flags 771 | # gitlab_shell['migration'] = { enabled: true, features: [] } 772 | 773 | ### Git trace log file. 774 | ###! If set, git commands receive GIT_TRACE* environment variables 775 | ###! Docs: https://git-scm.com/book/es/v2/Git-Internals-Environment-Variables#Debugging 776 | ###! An absolute path starting with / – the trace output will be appended to 777 | ###! that file. It needs to exist so we can check permissions and avoid 778 | ###! throwing warnings to the users. 779 | # gitlab_shell['git_trace_log_file'] = "/var/log/gitlab/gitlab-shell/gitlab-shell-git-trace.log" 780 | 781 | ##! **We do not recommend changing this directory.** 782 | # gitlab_shell['dir'] = "/var/opt/gitlab/gitlab-shell" 783 | 784 | ################################################################ 785 | ## GitLab PostgreSQL 786 | ################################################################ 787 | 788 | ###! Changing any of these settings requires a restart of postgresql. 789 | ###! By default, reconfigure reloads postgresql if it is running. If you 790 | ###! change any of these settings, be sure to run `gitlab-ctl restart postgresql` 791 | ###! after reconfigure in order for the changes to take effect. 792 | # postgresql['enable'] = true 793 | # postgresql['listen_address'] = nil 794 | # postgresql['port'] = 5432 795 | # postgresql['data_dir'] = "/var/opt/gitlab/postgresql/data" 796 | 797 | ##! **recommend value is 1/4 of total RAM, up to 14GB.** 798 | # postgresql['shared_buffers'] = "256MB" 799 | 800 | ### Advanced settings 801 | # postgresql['ha'] = false 802 | # postgresql['dir'] = "/var/opt/gitlab/postgresql" 803 | # postgresql['log_directory'] = "/var/log/gitlab/postgresql" 804 | # postgresql['username'] = "gitlab-psql" 805 | # postgresql['group'] = "gitlab-psql" 806 | ##! `SQL_USER_PASSWORD_HASH` can be generated using the command `gitlab-ctl pg-password-md5 gitlab` 807 | # postgresql['sql_user_password'] = 'SQL_USER_PASSWORD_HASH' 808 | # postgresql['uid'] = nil 809 | # postgresql['gid'] = nil 810 | # postgresql['shell'] = "/bin/sh" 811 | # postgresql['home'] = "/var/opt/gitlab/postgresql" 812 | # postgresql['user_path'] = "/opt/gitlab/embedded/bin:/opt/gitlab/bin:$PATH" 813 | # postgresql['sql_user'] = "gitlab" 814 | # postgresql['max_connections'] = 200 815 | # postgresql['md5_auth_cidr_addresses'] = [] 816 | # postgresql['trust_auth_cidr_addresses'] = [] 817 | # postgresql['wal_buffers'] = "-1" 818 | # postgresql['autovacuum_max_workers'] = "3" 819 | # postgresql['autovacuum_freeze_max_age'] = "200000000" 820 | # postgresql['log_statement'] = nil 821 | # postgresql['track_activity_query_size'] = "1024" 822 | # postgresql['shared_preload_libraries'] = nil 823 | # postgresql['dynamic_shared_memory_type'] = nil 824 | # postgresql['hot_standby'] = "off" 825 | 826 | ### SSL settings 827 | # See https://www.postgresql.org/docs/9.6/static/runtime-config-connection.html#GUC-SSL-CERT-FILE for more details 828 | # postgresql['ssl'] = 'on' 829 | # postgresql['ssl_ciphers'] = 'HIGH:MEDIUM:+3DES:!aNULL:!SSLv3:!TLSv1' 830 | # postgresql['ssl_cert_file'] = 'server.crt' 831 | # postgresql['ssl_key_file'] = 'server.key' 832 | # postgresql['ssl_ca_file'] = '/opt/gitlab/embedded/ssl/certs/cacert.pem' 833 | # postgresql['ssl_crl_file'] = nil 834 | 835 | ### Replication settings 836 | ###! Note, some replication settings do not require a full restart. They are documented below. 837 | # postgresql['wal_level'] = "hot_standby" 838 | # postgresql['max_wal_senders'] = 5 839 | # postgresql['max_replication_slots'] = 0 840 | # postgresql['max_locks_per_transaction'] = 128 841 | 842 | # Backup/Archive settings 843 | # postgresql['archive_mode'] = "off" 844 | 845 | ###! Changing any of these settings only requires a reload of postgresql. You do not need to 846 | ###! restart postgresql if you change any of these and run reconfigure. 847 | # postgresql['work_mem'] = "16MB" 848 | # postgresql['maintenance_work_mem'] = "16MB" 849 | # postgresql['checkpoint_segments'] = 10 850 | # postgresql['checkpoint_timeout'] = "5min" 851 | # postgresql['checkpoint_completion_target'] = 0.9 852 | # postgresql['effective_io_concurrency'] = 1 853 | # postgresql['checkpoint_warning'] = "30s" 854 | # postgresql['effective_cache_size'] = "1MB" 855 | # postgresql['shmmax'] = 17179869184 # or 4294967295 856 | # postgresql['shmall'] = 4194304 # or 1048575 857 | # postgresql['autovacuum'] = "on" 858 | # postgresql['log_autovacuum_min_duration'] = "-1" 859 | # postgresql['autovacuum_naptime'] = "1min" 860 | # postgresql['autovacuum_vacuum_threshold'] = "50" 861 | # postgresql['autovacuum_analyze_threshold'] = "50" 862 | # postgresql['autovacuum_vacuum_scale_factor'] = "0.02" 863 | # postgresql['autovacuum_analyze_scale_factor'] = "0.01" 864 | # postgresql['autovacuum_vacuum_cost_delay'] = "20ms" 865 | # postgresql['autovacuum_vacuum_cost_limit'] = "-1" 866 | # postgresql['statement_timeout'] = "60000" 867 | # postgresql['idle_in_transaction_session_timeout'] = "60000" 868 | # postgresql['log_line_prefix'] = "%a" 869 | # postgresql['max_worker_processes'] = 8 870 | # postgresql['max_parallel_workers_per_gather'] = 0 871 | # postgresql['log_lock_waits'] = 1 872 | # postgresql['deadlock_timeout'] = '5s' 873 | # postgresql['track_io_timing'] = 0 874 | # postgresql['default_statistics_target'] = 1000 875 | 876 | ### Available in PostgreSQL 9.6 and later 877 | # postgresql['min_wal_size'] = 80MB 878 | # postgresql['max_wal_size'] = 1GB 879 | 880 | # Backup/Archive settings 881 | # postgresql['archive_command'] = nil 882 | # postgresql['archive_timeout'] = "0" 883 | 884 | ### Replication settings 885 | # postgresql['sql_replication_user'] = "gitlab_replicator" 886 | # postgresql['sql_replication_password'] = "md5 hash of postgresql password" # You can generate with `gitlab-ctl pg-password-md5 ` 887 | # postgresql['wal_keep_segments'] = 10 888 | # postgresql['max_standby_archive_delay'] = "30s" 889 | # postgresql['max_standby_streaming_delay'] = "30s" 890 | # postgresql['synchronous_commit'] = on 891 | # postgresql['synchronous_standby_names'] = '' 892 | # postgresql['hot_standby_feedback'] = 'off' 893 | # postgresql['random_page_cost'] = 2.0 894 | # postgresql['log_temp_files'] = -1 895 | # postgresql['log_checkpoints'] = 'off' 896 | # To add custom entries to pg_hba.conf use the following 897 | # postgresql['custom_pg_hba_entries'] = { 898 | # APPLICATION: [ # APPLICATION should identify what the settings are used for 899 | # { 900 | # type: example, 901 | # database: example, 902 | # user: example, 903 | # cidr: example, 904 | # method: example, 905 | # option: example 906 | # } 907 | # ] 908 | # } 909 | # See https://www.postgresql.org/docs/9.6/static/auth-pg-hba-conf.html for an explanation 910 | # of the values 911 | 912 | 913 | ################################################################################ 914 | ## GitLab Redis 915 | ##! **Can be disabled if you are using your own Redis instance.** 916 | ##! Docs: https://docs.gitlab.com/omnibus/settings/redis.html 917 | ################################################################################ 918 | 919 | # redis['enable'] = true 920 | # redis['ha'] = false 921 | # redis['hz'] = 10 922 | # redis['dir'] = "/var/opt/gitlab/redis" 923 | # redis['log_directory'] = "/var/log/gitlab/redis" 924 | # redis['username'] = "gitlab-redis" 925 | # redis['group'] = "gitlab-redis" 926 | # redis['maxclients'] = "10000" 927 | # redis['maxmemory'] = "0" 928 | # redis['maxmemory_policy'] = "noeviction" 929 | # redis['maxmemory_samples'] = "5" 930 | # redis['tcp_backlog'] = 511 931 | # redis['tcp_timeout'] = "60" 932 | # redis['tcp_keepalive'] = "300" 933 | # redis['uid'] = nil 934 | # redis['gid'] = nil 935 | 936 | ###! **To enable only Redis service in this machine, uncomment 937 | ###! one of the lines below (choose master or slave instance types).** 938 | ###! Docs: https://docs.gitlab.com/omnibus/settings/redis.html 939 | ###! https://docs.gitlab.com/ce/administration/high_availability/redis.html 940 | # redis_master_role['enable'] = true 941 | # redis_slave_role['enable'] = true 942 | 943 | ### Redis TCP support (will disable UNIX socket transport) 944 | # redis['bind'] = '0.0.0.0' # or specify an IP to bind to a single one 945 | # redis['port'] = 6379 946 | # redis['password'] = 'redis-password-goes-here' 947 | 948 | ### Redis Sentinel support 949 | ###! **You need a master slave Redis replication to be able to do failover** 950 | ###! **Please read the documentation before enabling it to understand the 951 | ###! caveats:** 952 | ###! Docs: https://docs.gitlab.com/ce/administration/high_availability/redis.html 953 | 954 | ### Replication support 955 | #### Slave Redis instance 956 | # redis['master'] = false # by default this is true 957 | 958 | #### Slave and Sentinel shared configuration 959 | ####! **Both need to point to the master Redis instance to get replication and 960 | ####! heartbeat monitoring** 961 | # redis['master_name'] = 'gitlab-redis' 962 | # redis['master_ip'] = nil 963 | # redis['master_port'] = 6379 964 | 965 | #### Support to run redis slaves in a Docker or NAT environment 966 | ####! Docs: https://redis.io/topics/replication#configuring-replication-in-docker-and-nat 967 | # redis['announce_ip'] = nil 968 | # redis['announce_port'] = nil 969 | 970 | ####! **Master password should have the same value defined in 971 | ####! redis['password'] to enable the instance to transition to/from 972 | ####! master/slave in a failover event.** 973 | # redis['master_password'] = 'redis-password-goes-here' 974 | 975 | ####! Increase these values when your slaves can't catch up with master 976 | # redis['client_output_buffer_limit_normal'] = '0 0 0' 977 | # redis['client_output_buffer_limit_slave'] = '256mb 64mb 60' 978 | # redis['client_output_buffer_limit_pubsub'] = '32mb 8mb 60' 979 | 980 | #####! Redis snapshotting frequency 981 | #####! Set to [] to disable 982 | #####! Set to [''] to clear previously set values 983 | # redis['save'] = [ '900 1', '300 10', '60 10000' ] 984 | 985 | ################################################################################ 986 | ## GitLab Web server 987 | ##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#using-a-non-bundled-web-server 988 | ################################################################################ 989 | 990 | ##! When bundled nginx is disabled we need to add the external webserver user to 991 | ##! the GitLab webserver group. 992 | # web_server['external_users'] = [] 993 | # web_server['username'] = 'gitlab-www' 994 | # web_server['group'] = 'gitlab-www' 995 | # web_server['uid'] = nil 996 | # web_server['gid'] = nil 997 | # web_server['shell'] = '/bin/false' 998 | # web_server['home'] = '/var/opt/gitlab/nginx' 999 | 1000 | ################################################################################ 1001 | ## GitLab NGINX 1002 | ##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html 1003 | ################################################################################ 1004 | 1005 | # nginx['enable'] = true 1006 | # nginx['client_max_body_size'] = '250m' 1007 | # nginx['redirect_http_to_https'] = false 1008 | # nginx['redirect_http_to_https_port'] = 80 1009 | 1010 | ##! Most root CA's are included by default 1011 | # nginx['ssl_client_certificate'] = "/etc/gitlab/ssl/ca.crt" 1012 | 1013 | ##! enable/disable 2-way SSL client authentication 1014 | # nginx['ssl_verify_client'] = "off" 1015 | 1016 | ##! if ssl_verify_client on, verification depth in the client certificates chain 1017 | # nginx['ssl_verify_depth'] = "1" 1018 | 1019 | # nginx['ssl_certificate'] = "/etc/gitlab/ssl/#{node['fqdn']}.crt" 1020 | # nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/#{node['fqdn']}.key" 1021 | # nginx['ssl_ciphers'] = "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256" 1022 | # nginx['ssl_prefer_server_ciphers'] = "on" 1023 | 1024 | ##! **Recommended by: https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html 1025 | ##! https://cipherli.st/** 1026 | # nginx['ssl_protocols'] = "TLSv1.2" 1027 | 1028 | ##! **Recommended in: https://nginx.org/en/docs/http/ngx_http_ssl_module.html** 1029 | # nginx['ssl_session_cache'] = "builtin:1000 shared:SSL:10m" 1030 | 1031 | ##! **Default according to https://nginx.org/en/docs/http/ngx_http_ssl_module.html** 1032 | # nginx['ssl_session_timeout'] = "5m" 1033 | 1034 | # nginx['ssl_dhparam'] = nil # Path to dhparams.pem, eg. /etc/gitlab/ssl/dhparams.pem 1035 | # nginx['listen_addresses'] = ['*', '[::]'] 1036 | 1037 | ##! **Defaults to forcing web browsers to always communicate using only HTTPS** 1038 | ##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#setting-http-strict-transport-security 1039 | # nginx['hsts_max_age'] = 31536000 1040 | # nginx['hsts_include_subdomains'] = false 1041 | 1042 | ##! Defaults to stripping path information when making cross-origin requests 1043 | # nginx['referrer_policy'] = 'strict-origin-when-cross-origin' 1044 | 1045 | ##! **Docs: http://nginx.org/en/docs/http/ngx_http_gzip_module.html** 1046 | # nginx['gzip_enabled'] = true 1047 | 1048 | ##! **Override only if you use a reverse proxy** 1049 | ##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#setting-the-nginx-listen-port 1050 | # nginx['listen_port'] = nil 1051 | 1052 | ##! **Override only if your reverse proxy internally communicates over HTTP** 1053 | ##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#supporting-proxied-ssl 1054 | # nginx['listen_https'] = nil 1055 | 1056 | # nginx['custom_gitlab_server_config'] = "location ^~ /foo-namespace/bar-project/raw/ {\n deny all;\n}\n" 1057 | # nginx['custom_nginx_config'] = "include /etc/nginx/conf.d/example.conf;" 1058 | # nginx['proxy_read_timeout'] = 3600 1059 | # nginx['proxy_connect_timeout'] = 300 1060 | # nginx['proxy_set_headers'] = { 1061 | # "Host" => "$http_host_with_default", 1062 | # "X-Real-IP" => "$remote_addr", 1063 | # "X-Forwarded-For" => "$proxy_add_x_forwarded_for", 1064 | # "X-Forwarded-Proto" => "https", 1065 | # "X-Forwarded-Ssl" => "on", 1066 | # "Upgrade" => "$http_upgrade", 1067 | # "Connection" => "$connection_upgrade" 1068 | # } 1069 | # nginx['proxy_cache_path'] = 'proxy_cache keys_zone=gitlab:10m max_size=1g levels=1:2' 1070 | # nginx['proxy_cache'] = 'gitlab' 1071 | # nginx['http2_enabled'] = true 1072 | # nginx['real_ip_trusted_addresses'] = [] 1073 | # nginx['real_ip_header'] = nil 1074 | # nginx['real_ip_recursive'] = nil 1075 | # nginx['custom_error_pages'] = { 1076 | # '404' => { 1077 | # 'title' => 'Example title', 1078 | # 'header' => 'Example header', 1079 | # 'message' => 'Example message' 1080 | # } 1081 | # } 1082 | 1083 | ### Advanced settings 1084 | # nginx['dir'] = "/var/opt/gitlab/nginx" 1085 | # nginx['log_directory'] = "/var/log/gitlab/nginx" 1086 | # nginx['worker_processes'] = 4 1087 | # nginx['worker_connections'] = 10240 1088 | # nginx['log_format'] = '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"' 1089 | # nginx['sendfile'] = 'on' 1090 | # nginx['tcp_nopush'] = 'on' 1091 | # nginx['tcp_nodelay'] = 'on' 1092 | # nginx['gzip'] = "on" 1093 | # nginx['gzip_http_version'] = "1.0" 1094 | # nginx['gzip_comp_level'] = "2" 1095 | # nginx['gzip_proxied'] = "any" 1096 | # nginx['gzip_types'] = [ "text/plain", "text/css", "application/x-javascript", "text/xml", "application/xml", "application/xml+rss", "text/javascript", "application/json" ] 1097 | # nginx['keepalive_timeout'] = 65 1098 | # nginx['cache_max_size'] = '5000m' 1099 | # nginx['server_names_hash_bucket_size'] = 64 1100 | ##! These paths have proxy_request_buffering disabled 1101 | # nginx['request_buffering_off_path_regex'] = "\.git/git-receive-pack$|\.git/info/refs?service=git-receive-pack$|\.git/gitlab-lfs/objects|\.git/info/lfs/objects/batch$" 1102 | 1103 | ### Nginx status 1104 | # nginx['status'] = { 1105 | # "enable" => true, 1106 | # "listen_addresses" => ["127.0.0.1"], 1107 | # "fqdn" => "dev.example.com", 1108 | # "port" => 9999, 1109 | # "vts_enable" => true, 1110 | # "options" => { 1111 | # "stub_status" => "on", # Turn on stats 1112 | # "server_tokens" => "off", # Don't show the version of NGINX 1113 | # "access_log" => "off", # Disable logs for stats 1114 | # "allow" => "127.0.0.1", # Only allow access from localhost 1115 | # "deny" => "all" # Deny access to anyone else 1116 | # } 1117 | # } 1118 | 1119 | ################################################################################ 1120 | ## GitLab Logging 1121 | ##! Docs: https://docs.gitlab.com/omnibus/settings/logs.html 1122 | ################################################################################ 1123 | 1124 | # logging['svlogd_size'] = 200 * 1024 * 1024 # rotate after 200 MB of log data 1125 | # logging['svlogd_num'] = 30 # keep 30 rotated log files 1126 | # logging['svlogd_timeout'] = 24 * 60 * 60 # rotate after 24 hours 1127 | # logging['svlogd_filter'] = "gzip" # compress logs with gzip 1128 | # logging['svlogd_udp'] = nil # transmit log messages via UDP 1129 | # logging['svlogd_prefix'] = nil # custom prefix for log messages 1130 | # logging['logrotate_frequency'] = "daily" # rotate logs daily 1131 | # logging['logrotate_maxsize'] = nil # rotate logs when they grow bigger than size bytes even before the specified time interval (daily, weekly, monthly, or yearly) 1132 | # logging['logrotate_size'] = nil # do not rotate by size by default 1133 | # logging['logrotate_rotate'] = 30 # keep 30 rotated logs 1134 | # logging['logrotate_compress'] = "compress" # see 'man logrotate' 1135 | # logging['logrotate_method'] = "copytruncate" # see 'man logrotate' 1136 | # logging['logrotate_postrotate'] = nil # no postrotate command by default 1137 | # logging['logrotate_dateformat'] = nil # use date extensions for rotated files rather than numbers e.g. a value of "-%Y-%m-%d" would give rotated files like production.log-2016-03-09.gz 1138 | 1139 | ### UDP log forwarding 1140 | ##! Docs: http://docs.gitlab.com/omnibus/settings/logs.html#udp-log-forwarding 1141 | 1142 | ##! remote host to ship log messages to via UDP 1143 | # logging['udp_log_shipping_host'] = nil 1144 | 1145 | ##! override the hostname used when logs are shipped via UDP, 1146 | ## by default the system hostname will be used. 1147 | # logging['udp_log_shipping_hostname'] = nil 1148 | 1149 | ##! remote port to ship log messages to via UDP 1150 | # logging['udp_log_shipping_port'] = 514 1151 | 1152 | ################################################################################ 1153 | ## Logrotate 1154 | ##! Docs: https://docs.gitlab.com/omnibus/settings/logs.html#logrotate 1155 | ##! You can disable built in logrotate feature. 1156 | ################################################################################ 1157 | # logrotate['enable'] = true 1158 | 1159 | ################################################################################ 1160 | ## Users and groups accounts 1161 | ##! Disable management of users and groups accounts. 1162 | ##! **Set only if creating accounts manually** 1163 | ##! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#disable-user-and-group-account-management 1164 | ################################################################################ 1165 | 1166 | # manage_accounts['enable'] = false 1167 | 1168 | ################################################################################ 1169 | ## Storage directories 1170 | ##! Disable managing storage directories 1171 | ##! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#disable-storage-directories-management 1172 | ################################################################################ 1173 | 1174 | ##! **Set only if the select directories are created manually** 1175 | # manage_storage_directories['enable'] = false 1176 | # manage_storage_directories['manage_etc'] = false 1177 | 1178 | ################################################################################ 1179 | ## Runtime directory 1180 | ##! Docs: https://docs.gitlab.com//omnibus/settings/configuration.html#configuring-runtime-directory 1181 | ################################################################################ 1182 | 1183 | # runtime_dir '/run' 1184 | 1185 | ################################################################################ 1186 | ## Git 1187 | ##! Advanced setting for configuring git system settings for omnibus-gitlab 1188 | ##! internal git 1189 | ################################################################################ 1190 | 1191 | ##! For multiple options under one header use array of comma separated values, 1192 | ##! eg.: 1193 | ##! { "receive" => ["fsckObjects = true"], "alias" => ["st = status", "co = checkout"] } 1194 | 1195 | # omnibus_gitconfig['system'] = { 1196 | # "pack" => ["threads = 1"], 1197 | # "receive" => ["fsckObjects = true", "advertisePushOptions = true"], 1198 | # "repack" => ["writeBitmaps = true"], 1199 | # "transfer" => ["hideRefs=^refs/tmp/", "hideRefs=^refs/keep-around/", "hideRefs=^refs/remotes/"], 1200 | # } 1201 | 1202 | ################################################################################ 1203 | ## GitLab Pages 1204 | ##! Docs: https://docs.gitlab.com/ce/pages/administration.html 1205 | ################################################################################ 1206 | 1207 | ##! Define to enable GitLab Pages 1208 | # pages_external_url "http://pages.example.com/" 1209 | # gitlab_pages['enable'] = false 1210 | 1211 | ##! Configure to expose GitLab Pages on external IP address, serving the HTTP 1212 | # gitlab_pages['external_http'] = [] 1213 | 1214 | ##! Configure to expose GitLab Pages on external IP address, serving the HTTPS 1215 | # gitlab_pages['external_https'] = [] 1216 | 1217 | ##! Configure to use the default list of cipher suites 1218 | # gitlab_pages['insecure_ciphers'] = false 1219 | 1220 | ##! Configure to enable health check endpoint on GitLab Pages 1221 | # gitlab_pages['status_uri'] = "/@status" 1222 | 1223 | ##! Tune the maximum number of concurrent connections GitLab Pages will handle. 1224 | ##! This should be in the range 1 - 10000, defaulting to 5000. 1225 | # gitlab_pages['max_connections'] = 5000 1226 | 1227 | ##! Configure to use JSON structured logging in GitLab Pages 1228 | # gitlab_pages['log_format'] = "json" 1229 | 1230 | ##! Configure verbose logging for GitLab Pages 1231 | # gitlab_pages['log_verbose'] = false 1232 | 1233 | ##! Error Reporting and Logging with Sentry 1234 | # gitlab_pages['sentry_enabled'] = false 1235 | # gitlab_pages['sentry_dsn'] = 'https://@sentry.io/' 1236 | # gitlab_pages['sentry_environment'] = 'production' 1237 | 1238 | ##! Listen for requests forwarded by reverse proxy 1239 | # gitlab_pages['listen_proxy'] = "localhost:8090" 1240 | 1241 | ##! Configure GitLab Pages to use an HTTP Proxy 1242 | # gitlab_pages['http_proxy'] = "http://example:8080" 1243 | 1244 | # gitlab_pages['redirect_http'] = true 1245 | # gitlab_pages['use_http2'] = true 1246 | # gitlab_pages['dir'] = "/var/opt/gitlab/gitlab-pages" 1247 | # gitlab_pages['log_directory'] = "/var/log/gitlab/gitlab-pages" 1248 | 1249 | # gitlab_pages['artifacts_server'] = true 1250 | # gitlab_pages['artifacts_server_url'] = nil # Defaults to external_url + '/api/v4' 1251 | # gitlab_pages['artifacts_server_timeout'] = 10 1252 | 1253 | ##! Environments that do not support bind-mounting should set this parameter to 1254 | ##! true. This is incompatible with the artifacts server 1255 | # gitlab_pages['inplace_chroot'] = false 1256 | 1257 | ##! Prometheus metrics for Pages docs: https://gitlab.com/gitlab-org/gitlab-pages/#enable-prometheus-metrics 1258 | # gitlab_pages['metrics_address'] = ":9235" 1259 | 1260 | ##! Specifies the minimum SSL/TLS version ("ssl3", "tls1.0", "tls1.1" or "tls1.2") 1261 | # gitlab_pages['tls_min_version'] = "ssl3" 1262 | 1263 | ##! Specifies the maximum SSL/TLS version ("ssl3", "tls1.0", "tls1.1" or "tls1.2") 1264 | # gitlab_pages['tls_max_version'] = "tls1.2" 1265 | 1266 | ##! Configure the pages admin API 1267 | # gitlab_pages['admin_secret_token'] = 'custom secret' 1268 | # gitlab_pages['admin_https_listener'] = '0.0.0.0:5678' 1269 | # gitlab_pages['admin_https_cert'] = '/etc/gitlab/pages-admin.crt' 1270 | # gitlab_pages['admin_https_key'] = '/etc/gitlab/pages-admin.key' 1271 | 1272 | ##! Client side configuration for gitlab-pages admin API, in case pages runs on a different host 1273 | # gitlab_rails['pages_admin_address'] = 'pages.gitlab.example.com:5678' 1274 | # gitlab_rails['pages_admin_certificate'] = '/etc/gitlab/pages-admin.crt' 1275 | 1276 | ##! Pages access control 1277 | # gitlab_pages['access_control'] = false 1278 | # gitlab_pages['gitlab_id'] = nil # Automatically generated if not present 1279 | # gitlab_pages['gitlab_secret'] = nil # Generated if not present 1280 | # gitlab_pages['auth_redirect_uri'] = nil # Defaults to projects subdomain of pages_external_url and + '/auth' 1281 | # gitlab_pages['gitlab_server'] = nil # Defaults to external_url 1282 | # gitlab_pages['auth_secret'] = nil # Generated if not present 1283 | 1284 | ################################################################################ 1285 | ## GitLab Pages NGINX 1286 | ################################################################################ 1287 | 1288 | # All the settings defined in the "GitLab Nginx" section are also available in 1289 | # this "GitLab Pages NGINX" section, using the key `pages_nginx`. However, 1290 | # those settings should be explicitly set. That is, settings given as 1291 | # `nginx['some_setting']` WILL NOT be automatically replicated as 1292 | # `pages_nginx['some_setting']` and should be set separately. 1293 | 1294 | # Below you can find settings that are exclusive to "GitLab Pages NGINX" 1295 | # pages_nginx['enable'] = false 1296 | 1297 | # gitlab_rails['pages_path'] = "/var/opt/gitlab/gitlab-rails/shared/pages" 1298 | 1299 | ################################################################################ 1300 | ## GitLab CI 1301 | ##! Docs: https://docs.gitlab.com/ce/ci/quick_start/README.html 1302 | ################################################################################ 1303 | 1304 | # gitlab_ci['gitlab_ci_all_broken_builds'] = true 1305 | # gitlab_ci['gitlab_ci_add_pusher'] = true 1306 | # gitlab_ci['builds_directory'] = '/var/opt/gitlab/gitlab-ci/builds' 1307 | 1308 | ################################################################################ 1309 | ## GitLab Mattermost 1310 | ##! Docs: https://docs.gitlab.com/omnibus/gitlab-mattermost 1311 | ################################################################################ 1312 | 1313 | # mattermost_external_url 'http://mattermost.example.com' 1314 | 1315 | # mattermost['enable'] = false 1316 | # mattermost['username'] = 'mattermost' 1317 | # mattermost['group'] = 'mattermost' 1318 | # mattermost['uid'] = nil 1319 | # mattermost['gid'] = nil 1320 | # mattermost['home'] = '/var/opt/gitlab/mattermost' 1321 | # mattermost['database_name'] = 'mattermost_production' 1322 | # mattermost['env'] = { 1323 | # 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/" 1324 | # } 1325 | # mattermost['service_address'] = "127.0.0.1" 1326 | # mattermost['service_port'] = "8065" 1327 | # mattermost['service_site_url'] = nil 1328 | # mattermost['service_allowed_untrusted_internal_connections'] = "" 1329 | # mattermost['service_enable_api_team_deletion'] = true 1330 | # mattermost['team_site_name'] = "GitLab Mattermost" 1331 | # mattermost['sql_driver_name'] = 'mysql' 1332 | # mattermost['sql_data_source'] = "mmuser:mostest@tcp(dockerhost:3306)/mattermost_test?charset=utf8mb4,utf8" 1333 | # mattermost['log_file_directory'] = '/var/log/gitlab/mattermost/' 1334 | # mattermost['gitlab_enable'] = false 1335 | # mattermost['gitlab_id'] = "12345656" 1336 | # mattermost['gitlab_secret'] = "123456789" 1337 | # mattermost['gitlab_scope'] = "" 1338 | # mattermost['gitlab_auth_endpoint'] = "http://gitlab.example.com/oauth/authorize" 1339 | # mattermost['gitlab_token_endpoint'] = "http://gitlab.example.com/oauth/token" 1340 | # mattermost['gitlab_user_api_endpoint'] = "http://gitlab.example.com/api/v4/user" 1341 | # mattermost['file_directory'] = "/var/opt/gitlab/mattermost/data" 1342 | # mattermost['plugin_directory'] = "/var/opt/gitlab/mattermost/plugins" 1343 | # mattermost['plugin_client_directory'] = "/var/opt/gitlab/mattermost/client-plugins" 1344 | 1345 | ################################################################################ 1346 | ## Mattermost NGINX 1347 | ################################################################################ 1348 | 1349 | # All the settings defined in the "GitLab Nginx" section are also available in 1350 | # this "Mattermost NGINX" section, using the key `mattermost_nginx`. However, 1351 | # those settings should be explicitly set. That is, settings given as 1352 | # `nginx['some_setting']` WILL NOT be automatically replicated as 1353 | # `mattermost_nginx['some_setting']` and should be set separately. 1354 | 1355 | # Below you can find settings that are exclusive to "Mattermost NGINX" 1356 | # mattermost_nginx['enable'] = false 1357 | 1358 | # mattermost_nginx['custom_gitlab_mattermost_server_config'] = "location ^~ /foo-namespace/bar-project/raw/ {\n deny all;\n}\n" 1359 | # mattermost_nginx['proxy_set_headers'] = { 1360 | # "Host" => "$http_host", 1361 | # "X-Real-IP" => "$remote_addr", 1362 | # "X-Forwarded-For" => "$proxy_add_x_forwarded_for", 1363 | # "X-Frame-Options" => "SAMEORIGIN", 1364 | # "X-Forwarded-Proto" => "https", 1365 | # "X-Forwarded-Ssl" => "on", 1366 | # "Upgrade" => "$http_upgrade", 1367 | # "Connection" => "$connection_upgrade" 1368 | # } 1369 | 1370 | 1371 | ################################################################################ 1372 | ## Registry NGINX 1373 | ################################################################################ 1374 | 1375 | # All the settings defined in the "GitLab Nginx" section are also available in 1376 | # this "Registry NGINX" section, using the key `registry_nginx`. However, those 1377 | # settings should be explicitly set. That is, settings given as 1378 | # `nginx['some_setting']` WILL NOT be automatically replicated as 1379 | # `registry_nginx['some_setting']` and should be set separately. 1380 | 1381 | # Below you can find settings that are exclusive to "Registry NGINX" 1382 | # registry_nginx['enable'] = false 1383 | 1384 | # registry_nginx['proxy_set_headers'] = { 1385 | # "Host" => "$http_host", 1386 | # "X-Real-IP" => "$remote_addr", 1387 | # "X-Forwarded-For" => "$proxy_add_x_forwarded_for", 1388 | # "X-Forwarded-Proto" => "https", 1389 | # "X-Forwarded-Ssl" => "on" 1390 | # } 1391 | 1392 | ################################################################################ 1393 | ## Prometheus 1394 | ##! Docs: https://docs.gitlab.com/ce/administration/monitoring/prometheus/ 1395 | ################################################################################ 1396 | 1397 | ###! **To enable only Monitoring service in this machine, uncomment 1398 | ###! the line below.** 1399 | ###! Docs: https://docs.gitlab.com/ce/administration/high_availability 1400 | # monitoring_role['enable'] = true 1401 | 1402 | # prometheus['enable'] = true 1403 | # prometheus['monitor_kubernetes'] = true 1404 | # prometheus['username'] = 'gitlab-prometheus' 1405 | # prometheus['group'] = 'gitlab-prometheus' 1406 | # prometheus['uid'] = nil 1407 | # prometheus['gid'] = nil 1408 | # prometheus['shell'] = '/bin/sh' 1409 | # prometheus['home'] = '/var/opt/gitlab/prometheus' 1410 | # prometheus['log_directory'] = '/var/log/gitlab/prometheus' 1411 | # prometheus['rules_files'] = ['/var/opt/gitlab/prometheus/rules/*.rules'] 1412 | # prometheus['scrape_interval'] = 15 1413 | # prometheus['scrape_timeout'] = 15 1414 | # prometheus['env_directory'] = '/opt/gitlab/etc/prometheus/env' 1415 | # prometheus['env'] = { 1416 | # 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/" 1417 | # } 1418 | # 1419 | ### Custom scrape configs 1420 | # 1421 | # Prometheus can scrape additional jobs via scrape_configs. The default automatically 1422 | # includes all of the exporters supported by the omnibus config. 1423 | # 1424 | # See: https://prometheus.io/docs/operating/configuration/# 1425 | # 1426 | # Example: 1427 | # 1428 | # prometheus['scrape_configs'] = [ 1429 | # { 1430 | # 'job_name': 'example', 1431 | # 'static_configs' => [ 1432 | # 'targets' => ['hostname:port'], 1433 | # ], 1434 | # }, 1435 | # ] 1436 | # 1437 | ### Custom alertmanager config 1438 | # 1439 | # To configure external alertmanagers, create an alertmanager config. 1440 | # 1441 | # See: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config 1442 | # 1443 | # prometheus['alertmanagers'] = [ 1444 | # { 1445 | # 'static_configs' => [ 1446 | # { 1447 | # 'targets' => [ 1448 | # 'hostname:port' 1449 | # ] 1450 | # } 1451 | # ] 1452 | # } 1453 | # ] 1454 | # 1455 | ### Custom Prometheus flags 1456 | # 1457 | # prometheus['flags'] = { 1458 | # 'storage.tsdb.path' => "/var/opt/gitlab/prometheus/data", 1459 | # 'storage.tsdb.retention.time' => "15d", 1460 | # 'config.file' => "/var/opt/gitlab/prometheus/prometheus.yml" 1461 | # } 1462 | 1463 | ##! Advanced settings. Should be changed only if absolutely needed. 1464 | # prometheus['listen_address'] = 'localhost:9090' 1465 | 1466 | ################################################################################ 1467 | ## Prometheus Alertmanager 1468 | ################################################################################ 1469 | 1470 | # alertmanager['enable'] = true 1471 | # alertmanager['home'] = '/var/opt/gitlab/alertmanager' 1472 | # alertmanager['log_directory'] = '/var/log/gitlab/alertmanager' 1473 | # alertmanager['admin_email'] = 'admin@example.com' 1474 | # alertmanager['flags'] = { 1475 | # 'web.listen-address' => "localhost:9093" 1476 | # 'storage.path' => "/var/opt/gitlab/alertmanager/data" 1477 | # 'config.file' => "/var/opt/gitlab/alertmanager/alertmanager.yml" 1478 | # } 1479 | # alertmanager['env_directory'] = '/opt/gitlab/etc/alertmanager/env' 1480 | # alertmanager['env'] = { 1481 | # 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/" 1482 | # } 1483 | 1484 | ##! Advanced settings. Should be changed only if absolutely needed. 1485 | # alertmanager['listen_address'] = 'localhost:9093' 1486 | 1487 | ################################################################################ 1488 | ## Prometheus Node Exporter 1489 | ##! Docs: https://docs.gitlab.com/ce/administration/monitoring/prometheus/node_exporter.html 1490 | ################################################################################ 1491 | 1492 | # node_exporter['enable'] = true 1493 | # node_exporter['home'] = '/var/opt/gitlab/node-exporter' 1494 | # node_exporter['log_directory'] = '/var/log/gitlab/node-exporter' 1495 | # node_exporter['flags'] = { 1496 | # 'collector.textfile.directory' => "/var/opt/gitlab/node-exporter/textfile_collector" 1497 | # } 1498 | # node_exporter['env_directory'] = '/opt/gitlab/etc/node-exporter/env' 1499 | # node_exporter['env'] = { 1500 | # 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/" 1501 | # } 1502 | 1503 | ##! Advanced settings. Should be changed only if absolutely needed. 1504 | # node_exporter['listen_address'] = 'localhost:9100' 1505 | 1506 | ################################################################################ 1507 | ## Prometheus Redis exporter 1508 | ##! Docs: https://docs.gitlab.com/ce/administration/monitoring/prometheus/redis_exporter.html 1509 | ################################################################################ 1510 | 1511 | # redis_exporter['enable'] = true 1512 | # redis_exporter['log_directory'] = '/var/log/gitlab/redis-exporter' 1513 | # redis_exporter['flags'] = { 1514 | # 'redis.addr' => "unix:///var/opt/gitlab/redis/redis.socket", 1515 | # } 1516 | # redis_exporter['env_directory'] = '/opt/gitlab/etc/redis-exporter/env' 1517 | # redis_exporter['env'] = { 1518 | # 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/" 1519 | # } 1520 | 1521 | ##! Advanced settings. Should be changed only if absolutely needed. 1522 | # redis_exporter['listen_address'] = 'localhost:9121' 1523 | 1524 | ################################################################################ 1525 | ## Prometheus Postgres exporter 1526 | ##! Docs: https://docs.gitlab.com/ce/administration/monitoring/prometheus/postgres_exporter.html 1527 | ################################################################################ 1528 | 1529 | # postgres_exporter['enable'] = true 1530 | # postgres_exporter['home'] = '/var/opt/gitlab/postgres-exporter' 1531 | # postgres_exporter['log_directory'] = '/var/log/gitlab/postgres-exporter' 1532 | # postgres_exporter['flags'] = {} 1533 | # postgres_exporter['listen_address'] = 'localhost:9187' 1534 | # postgres_exporter['env_directory'] = '/opt/gitlab/etc/postgres-exporter/env' 1535 | # postgres_exporter['env'] = { 1536 | # 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/" 1537 | # } 1538 | 1539 | ################################################################################ 1540 | ## Prometheus PgBouncer exporter (EE only) 1541 | ##! Docs: https://docs.gitlab.com/ee/administration/monitoring/prometheus/pgbouncer_exporter.html 1542 | ################################################################################ 1543 | 1544 | # pgbouncer_exporter['enable'] = false 1545 | # pgbouncer_exporter['log_directory'] = "/var/log/gitlab/pgbouncer-exporter" 1546 | # pgbouncer_exporter['listen_address'] = 'localhost:9188' 1547 | # pgbouncer_exporter['env_directory'] = '/opt/gitlab/etc/pgbouncer-exporter/env' 1548 | # pgbouncer_exporter['env'] = { 1549 | # 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/" 1550 | # } 1551 | 1552 | ################################################################################ 1553 | ## Prometheus Gitlab monitor 1554 | ##! Docs: https://docs.gitlab.com/ce/administration/monitoring/prometheus/gitlab_monitor_exporter.html 1555 | ################################################################################ 1556 | 1557 | 1558 | # gitlab_monitor['enable'] = true 1559 | # gitlab_monitor['log_directory'] = "/var/log/gitlab/gitlab-monitor" 1560 | # gitlab_monitor['home'] = "/var/opt/gitlab/gitlab-monitor" 1561 | 1562 | ##! Advanced settings. Should be changed only if absolutely needed. 1563 | # gitlab_monitor['listen_address'] = 'localhost' 1564 | # gitlab_monitor['listen_port'] = '9168' 1565 | 1566 | ##! Manage gitlab-monitor sidekiq probes. false by default when Sentinels are 1567 | ##! found. 1568 | # gitlab_monitor['probe_sidekiq'] = true 1569 | 1570 | # To completely disable prometheus, and all of it's exporters, set to false 1571 | # prometheus_monitoring['enable'] = true 1572 | 1573 | ################################################################################ 1574 | ## Grafana Dashboards 1575 | ##! Docs: https://docs.gitlab.com/ce/administration/monitoring/prometheus/#prometheus-as-a-grafana-data-source 1576 | ################################################################################ 1577 | 1578 | # grafana['enable'] = true 1579 | # grafana['log_directory'] = '/var/log/gitlab/grafana' 1580 | # grafana['home'] = '/var/opt/gitlab/grafana' 1581 | # grafana['admin_password'] = 'admin' 1582 | # grafana['allow_user_sign_up'] = false 1583 | # grafana['gitlab_application_id'] = 'GITLAB_APPLICATION_ID' 1584 | # grafana['gitlab_secret'] = 'GITLAB_SECRET' 1585 | # grafana['env_directory'] = '/opt/gitlab/etc/grafana/env' 1586 | # grafana['allowed_groups'] = [] 1587 | # grafana['gitlab_auth_sign_up'] = true 1588 | # grafana['env'] = { 1589 | # 'SSL_CERT_DIR' => "#{node['package']['install-dir']}/embedded/ssl/certs/" 1590 | # } 1591 | 1592 | ### Dashboards 1593 | # 1594 | # See: http://docs.grafana.org/administration/provisioning/#dashboards 1595 | # 1596 | # NOTE: Setting this will override the default. 1597 | # 1598 | # grafana['dashboards'] = [ 1599 | # { 1600 | # 'name' => 'GitLab Omnibus', 1601 | # 'orgId' => 1, 1602 | # 'folder' => 'GitLab Omnibus', 1603 | # 'type' => 'file', 1604 | # 'disableDeletion' => true, 1605 | # 'updateIntervalSeconds' => 600, 1606 | # 'options' => { 1607 | # 'path' => '/opt/gitlab/embedded/service/grafana-dashboards', 1608 | # } 1609 | # } 1610 | # ] 1611 | 1612 | ### Datasources 1613 | # 1614 | # See: http://docs.grafana.org/administration/provisioning/#example-datasource-config-file 1615 | # 1616 | # NOTE: Setting this will override the default. 1617 | # 1618 | # grafana['datasources'] = [ 1619 | # { 1620 | # 'name' => 'GitLab Omnibus', 1621 | # 'type' => 'prometheus', 1622 | # 'access' => 'proxy', 1623 | # 'url' => 'http://localhost:9090' 1624 | # } 1625 | # ] 1626 | 1627 | ##! Advanced settings. Should be changed only if absolutely needed. 1628 | # grafana['http_addr'] = 'localhost' 1629 | # grafana['http_port'] = 3000 1630 | 1631 | ################################################################################ 1632 | ## Gitaly 1633 | ##! Docs: 1634 | ################################################################################ 1635 | 1636 | # The gitaly['enable'] option exists for the purpose of cluster 1637 | # deployments, see https://docs.gitlab.com/ee/administration/gitaly/index.html . 1638 | # gitaly['enable'] = true 1639 | # gitaly['dir'] = "/var/opt/gitlab/gitaly" 1640 | # gitaly['log_directory'] = "/var/log/gitlab/gitaly" 1641 | # gitaly['bin_path'] = "/opt/gitlab/embedded/bin/gitaly" 1642 | # gitaly['env_directory'] = "/opt/gitlab/etc/gitaly/env" 1643 | # gitaly['env'] = { 1644 | # 'PATH' => "/opt/gitlab/bin:/opt/gitlab/embedded/bin:/bin:/usr/bin", 1645 | # 'HOME' => '/var/opt/gitlab' 1646 | # } 1647 | # gitaly['socket_path'] = "/var/opt/gitlab/gitaly/gitaly.socket" 1648 | # gitaly['listen_addr'] = "localhost:8075" 1649 | # gitaly['tls_listen_addr] = "localhost:9075" 1650 | # gitaly['certificate_path'] = "/var/opt/gitlab/gitaly/certificate.pem' 1651 | # gitaly['key_path'] = "/var/opt/gitlab/gitaly/key.pem" 1652 | # gitaly['prometheus_listen_addr'] = "localhost:9236" 1653 | # gitaly['logging_level'] = "warn" 1654 | # gitaly['logging_format'] = "json" 1655 | # gitaly['logging_sentry_dsn'] = "https://:@sentry.io/" 1656 | # gitaly['logging_ruby_sentry_dsn'] = "https://:@sentry.io/" 1657 | # gitaly['logging_sentry_environment'] = "production" 1658 | # gitaly['prometheus_grpc_latency_buckets'] = "[0.001, 0.005, 0.025, 0.1, 0.5, 1.0, 10.0, 30.0, 60.0, 300.0, 1500.0]" 1659 | # gitaly['auth_token'] = '' 1660 | # gitaly['auth_transitioning'] = false # When true, auth is logged to Prometheus but NOT enforced 1661 | # gitaly['graceful_restart_timeout'] = '1m' # Grace time for a gitaly process to finish ongoing requests 1662 | # gitaly['git_catfile_cache_size'] = 100 # Number of 'git cat-file' processes kept around for re-use 1663 | # gitaly['ruby_max_rss'] = 300000000 # RSS threshold in bytes for triggering a gitaly-ruby restart 1664 | # gitaly['ruby_graceful_restart_timeout'] = '10m' # Grace time for a gitaly-ruby process to finish ongoing requests 1665 | # gitaly['ruby_restart_delay'] = '5m' # Period of sustained high RSS that needs to be observed before restarting gitaly-ruby 1666 | # gitaly['ruby_num_workers'] = 3 # Number of gitaly-ruby worker processes. Minimum 2, default 2. 1667 | # gitaly['storage'] = [ 1668 | # { 1669 | # 'name' => 'default', 1670 | # 'path' => '/mnt/nfs-01/git-data/repositories' 1671 | # }, 1672 | # { 1673 | # 'name' => 'secondary', 1674 | # 'path' => '/mnt/nfs-02/git-data/repositories' 1675 | # } 1676 | # ] 1677 | # gitaly['concurrency'] = [ 1678 | # { 1679 | # 'rpc' => "/gitaly.SmartHTTPService/PostReceivePack", 1680 | # 'max_per_repo' => 20 1681 | # }, { 1682 | # 'rpc' => "/gitaly.SSHService/SSHUploadPack", 1683 | # 'max_per_repo' => 5 1684 | # } 1685 | # ] 1686 | 1687 | ################################################################################ 1688 | # Storage check 1689 | ################################################################################ 1690 | # storage_check['enable'] = false 1691 | # storage_check['target'] = 'unix:///var/opt/gitlab/gitlab-rails/sockets/gitlab.socket' 1692 | # storage_check['log_directory'] = '/var/log/gitlab/storage-check' 1693 | 1694 | ################################################################################ 1695 | # Let's Encrypt integration 1696 | ################################################################################ 1697 | # letsencrypt['enable'] = nil 1698 | # letsencrypt['contact_emails'] = [] # This should be an array of email addresses to add as contacts 1699 | # letsencrypt['group'] = 'root' 1700 | # letsencrypt['key_size'] = 2048 1701 | # letsencrypt['owner'] = 'root' 1702 | # letsencrypt['wwwroot'] = '/var/opt/gitlab/nginx/www' 1703 | # See http://docs.gitlab.com/omnibus/settings/ssl.html#automatic-renewal for more on these sesttings 1704 | # letsencrypt['auto_renew'] = true 1705 | # letsencrypt['auto_renew_hour'] = 0 1706 | # letsencrypt['auto_renew_minute'] = nil # Should be a number or cron expression, if specified. 1707 | # letsencrypt['auto_renew_day_of_month'] = "*/4" 1708 | 1709 | ##! Turn off automatic init system detection. To skip init detection in 1710 | ##! non-docker containers. Recommended not to change. 1711 | # package['detect_init'] = true 1712 | 1713 | ################################################################################ 1714 | ################################################################################ 1715 | ## Configuration Settings for GitLab EE only ## 1716 | ################################################################################ 1717 | ################################################################################ 1718 | 1719 | 1720 | ################################################################################ 1721 | ## Auxiliary cron jobs applicable to GitLab EE only 1722 | ################################################################################ 1723 | # 1724 | # gitlab_rails['geo_file_download_dispatch_worker_cron'] = "*/10 * * * *" 1725 | # gitlab_rails['geo_repository_sync_worker_cron'] = "*/5 * * * *" 1726 | # gitlab_rails['geo_prune_event_log_worker_cron'] = "*/5 * * * *" 1727 | # gitlab_rails['geo_repository_verification_primary_batch_worker_cron'] = "*/5 * * * *" 1728 | # gitlab_rails['geo_repository_verification_secondary_scheduler_worker_cron'] = "*/5 * * * *" 1729 | # gitlab_rails['geo_migrated_local_files_clean_up_worker_cron'] = "15 */6 * * *" 1730 | # gitlab_rails['ldap_sync_worker_cron'] = "30 1 * * *" 1731 | # gitlab_rails['ldap_group_sync_worker_cron'] = "0 * * * *" 1732 | # gitlab_rails['historical_data_worker_cron'] = "0 12 * * *" 1733 | # gitlab_rails['pseudonymizer_worker_cron'] = "0 23 * * *" 1734 | 1735 | ################################################################################ 1736 | ## Kerberos (EE Only) 1737 | ##! Docs: https://docs.gitlab.com/ee/integration/kerberos.html#http-git-access 1738 | ################################################################################ 1739 | 1740 | # gitlab_rails['kerberos_enabled'] = true 1741 | # gitlab_rails['kerberos_keytab'] = /etc/http.keytab 1742 | # gitlab_rails['kerberos_service_principal_name'] = HTTP/gitlab.example.com@EXAMPLE.COM 1743 | # gitlab_rails['kerberos_use_dedicated_port'] = true 1744 | # gitlab_rails['kerberos_port'] = 8443 1745 | # gitlab_rails['kerberos_https'] = true 1746 | 1747 | ################################################################################ 1748 | ## Package repository (EE Only) 1749 | ##! Docs: https://docs.gitlab.com/ee/administration/maven_packages.md 1750 | ################################################################################ 1751 | 1752 | # gitlab_rails['packages_enabled'] = true 1753 | # gitlab_rails['packages_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/packages" 1754 | # gitlab_rails['packages_object_store_enabled'] = false 1755 | # gitlab_rails['packages_object_store_direct_upload'] = false 1756 | # gitlab_rails['packages_object_store_background_upload'] = true 1757 | # gitlab_rails['packages_object_store_proxy_download'] = false 1758 | # gitlab_rails['packages_object_store_remote_directory'] = "packages" 1759 | # gitlab_rails['packages_object_store_connection'] = { 1760 | # 'provider' => 'AWS', 1761 | # 'region' => 'eu-west-1', 1762 | # 'aws_access_key_id' => 'AWS_ACCESS_KEY_ID', 1763 | # 'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY', 1764 | # # # The below options configure an S3 compatible host instead of AWS 1765 | # # 'host' => 's3.amazonaws.com', 1766 | # # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4. 1767 | # # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces 1768 | # # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object' 1769 | # } 1770 | 1771 | ################################################################################ 1772 | ## Dependency proxy (EE Only) 1773 | ##! Docs: https://docs.gitlab.com/ee/administration/dependency_proxy.md 1774 | ################################################################################ 1775 | 1776 | # gitlab_rails['dependency_proxy_enabled'] = true 1777 | # gitlab_rails['dependency_proxy_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/dependency_proxy" 1778 | # gitlab_rails['dependency_proxy_object_store_enabled'] = false 1779 | # gitlab_rails['dependency_proxy_object_store_direct_upload'] = false 1780 | # gitlab_rails['dependency_proxy_object_store_background_upload'] = true 1781 | # gitlab_rails['dependency_proxy_object_store_proxy_download'] = false 1782 | # gitlab_rails['dependency_proxy_object_store_remote_directory'] = "dependency_proxy" 1783 | # gitlab_rails['dependency_proxy_object_store_connection'] = { 1784 | # 'provider' => 'AWS', 1785 | # 'region' => 'eu-west-1', 1786 | # 'aws_access_key_id' => 'AWS_ACCESS_KEY_ID', 1787 | # 'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY', 1788 | # # # The below options configure an S3 compatible host instead of AWS 1789 | # # 'host' => 's3.amazonaws.com', 1790 | # # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4. 1791 | # # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces 1792 | # # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object' 1793 | # } 1794 | 1795 | ################################################################################ 1796 | ## GitLab Sentinel (EE Only) 1797 | ##! Docs: http://docs.gitlab.com/ce/administration/high_availability/redis.html#high-availability-with-sentinel 1798 | ################################################################################ 1799 | 1800 | ##! **Make sure you configured all redis['master_*'] keys above before 1801 | ##! continuing.** 1802 | 1803 | ##! To enable Sentinel and disable all other services in this machine, 1804 | ##! uncomment the line below (if you've enabled Redis role, it will keep it). 1805 | ##! Docs: https://docs.gitlab.com/ce/administration/high_availability/redis.html 1806 | # redis_sentinel_role['enable'] = true 1807 | 1808 | # sentinel['enable'] = true 1809 | 1810 | ##! Bind to all interfaces, uncomment to specify an IP and bind to a single one 1811 | # sentinel['bind'] = '0.0.0.0' 1812 | 1813 | ##! Uncomment to change default port 1814 | # sentinel['port'] = 26379 1815 | 1816 | #### Support to run sentinels in a Docker or NAT environment 1817 | #####! Docs: https://redis.io/topics/sentinel#sentinel-docker-nat-and-possible-issues 1818 | # In an standard case, Sentinel will run in the same network service as Redis, so the same IP will be announce for Redis and Sentinel 1819 | # Only define these values if it is needed to announce for Sentinel a differen IP service than Redis 1820 | # sentinel['announce_ip'] = nil # If not defined, its value will be taken from redis['announce_ip'] or nil if not present 1821 | # sentinel['announce_port'] = nil # If not defined, its value will be taken from sentinel['port'] or nil if redis['announce_ip'] not present 1822 | 1823 | ##! Quorum must reflect the amount of voting sentinels it take to start a 1824 | ##! failover. 1825 | ##! **Value must NOT be greater then the amount of sentinels.** 1826 | ##! The quorum can be used to tune Sentinel in two ways: 1827 | ##! 1. If a the quorum is set to a value smaller than the majority of Sentinels 1828 | ##! we deploy, we are basically making Sentinel more sensible to master 1829 | ##! failures, triggering a failover as soon as even just a minority of 1830 | ##! Sentinels is no longer able to talk with the master. 1831 | ##! 2. If a quorum is set to a value greater than the majority of Sentinels, we 1832 | ##! are making Sentinel able to failover only when there are a very large 1833 | ##! number (larger than majority) of well connected Sentinels which agree 1834 | ##! about the master being down. 1835 | # sentinel['quorum'] = 1 1836 | 1837 | ### Consider unresponsive server down after x amount of ms. 1838 | # sentinel['down_after_milliseconds'] = 10000 1839 | 1840 | ### Specifies the failover timeout in milliseconds. 1841 | ##! It is used in many ways: 1842 | ##! 1843 | ##! - The time needed to re-start a failover after a previous failover was 1844 | ##! already tried against the same master by a given Sentinel, is two 1845 | ##! times the failover timeout. 1846 | ##! 1847 | ##! - The time needed for a slave replicating to a wrong master according 1848 | ##! to a Sentinel current configuration, to be forced to replicate 1849 | ##! with the right master, is exactly the failover timeout (counting since 1850 | ##! the moment a Sentinel detected the misconfiguration). 1851 | ##! 1852 | ##! - The time needed to cancel a failover that is already in progress but 1853 | ##! did not produced any configuration change (SLAVEOF NO ONE yet not 1854 | ##! acknowledged by the promoted slave). 1855 | ##! 1856 | ##! - The maximum time a failover in progress waits for all the slaves to be 1857 | ##! reconfigured as slaves of the new master. However even after this time 1858 | ##! the slaves will be reconfigured by the Sentinels anyway, but not with 1859 | ##! the exact parallel-syncs progression as specified. 1860 | # sentinel['failover_timeout'] = 60000 1861 | 1862 | ################################################################################ 1863 | ## GitLab Sidekiq Cluster (EE only) 1864 | ################################################################################ 1865 | 1866 | ##! GitLab Enterprise Edition allows one to start an extra set of Sidekiq processes 1867 | ##! besides the default one. These processes can be used to consume a dedicated set 1868 | ##! of queues. This can be used to ensure certain queues always have dedicated 1869 | ##! workers, no matter the amount of jobs that need to be processed. 1870 | 1871 | # sidekiq_cluster['enable'] = false 1872 | # sidekiq_cluster['ha'] = false 1873 | # sidekiq_cluster['log_directory'] = "/var/log/gitlab/sidekiq-cluster" 1874 | # sidekiq_cluster['interval'] = 5 # The number of seconds to wait between worker checks 1875 | # sidekiq_cluster['max_concurrency'] = 50 # The maximum number of threads each Sidekiq process should run 1876 | 1877 | ##! Each entry in the queue_groups array denotes a group of queues that have to be processed by a 1878 | ##! Sidekiq process. Multiple queues can be processed by the same process by 1879 | ##! separating them with a comma within the group entry 1880 | 1881 | # sidekiq_cluster['queue_groups'] = [ 1882 | # "process_commit,post_receive", 1883 | # "gitlab_shell" 1884 | # ] 1885 | # 1886 | 1887 | ##! If negate is enabled then sidekiq-cluster will process all the queues that 1888 | ##! don't match those in queue_groups. 1889 | 1890 | # sidekiq_cluster['negate'] = false 1891 | 1892 | ################################################################################ 1893 | ## Additional Database Settings (EE only) 1894 | ##! Docs: https://docs.gitlab.com/ee/administration/database_load_balancing.html 1895 | ################################################################################ 1896 | # gitlab_rails['db_load_balancing'] = { 'hosts' => ['secondary1.example.com'] } 1897 | 1898 | ################################################################################ 1899 | ## GitLab Geo 1900 | ##! Docs: https://docs.gitlab.com/ee/gitlab-geo 1901 | ################################################################################ 1902 | # geo_primary_role['enable'] = false 1903 | # geo_secondary_role['enable'] = false 1904 | 1905 | # This is an optional identifier which Geo nodes can use to identify themselves. 1906 | # For example, if external_url is the same for two secondaries, you must specify 1907 | # a unique Geo node name for those secondaries. 1908 | # 1909 | # If it is blank, it defaults to external_url. 1910 | # gitlab_rails['geo_node_name'] = nil 1911 | 1912 | ################################################################################ 1913 | ## GitLab Geo Secondary (EE only) 1914 | ################################################################################ 1915 | # geo_secondary['auto_migrate'] = true 1916 | # geo_secondary['db_adapter'] = "postgresql" 1917 | # geo_secondary['db_encoding'] = "unicode" 1918 | # geo_secondary['db_collation'] = nil 1919 | # geo_secondary['db_database'] = "gitlabhq_geo_production" 1920 | # geo_secondary['db_pool'] = 10 1921 | # geo_secondary['db_username'] = "gitlab_geo" 1922 | # geo_secondary['db_password'] = nil 1923 | # geo_secondary['db_host'] = "/var/opt/gitlab/geo-postgresql" 1924 | # geo_secondary['db_port'] = 5431 1925 | # geo_secondary['db_socket'] = nil 1926 | # geo_secondary['db_sslmode'] = nil 1927 | # geo_secondary['db_sslcompression'] = 0 1928 | # geo_secondary['db_sslrootcert'] = nil 1929 | # geo_secondary['db_sslca'] = nil 1930 | # geo_secondary['db_fdw'] = true 1931 | 1932 | ################################################################################ 1933 | ## GitLab Geo Secondary Tracking Database (EE only) 1934 | ################################################################################ 1935 | 1936 | # geo_postgresql['enable'] = false 1937 | # geo_postgresql['ha'] = false 1938 | # geo_postgresql['dir'] = '/var/opt/gitlab/geo-postgresql' 1939 | # geo_postgresql['data_dir'] = '/var/opt/gitlab/geo-postgresql/data' 1940 | # geo_postgresql['pgbouncer_user'] = nil 1941 | # geo_postgresql['pgbouncer_user_password'] = nil 1942 | ##! `SQL_USER_PASSWORD_HASH` can be generated using the command `gitlab-ctl pg-password-md5 gitlab` 1943 | # geo_postgresql['sql_user_password'] = 'SQL_USER_PASSWORD_HASH' 1944 | 1945 | ################################################################################ 1946 | # Pgbouncer (EE only) 1947 | # See [GitLab PgBouncer documentation](http://docs.gitlab.com/omnibus/settings/database.html#enabling-pgbouncer-ee-only) 1948 | # See the [PgBouncer page](https://pgbouncer.github.io/config.html) for details 1949 | ################################################################################ 1950 | # pgbouncer['enable'] = false 1951 | # pgbouncer['log_directory'] = '/var/log/gitlab/pgbouncer' 1952 | # pgbouncer['data_directory'] = '/var/opt/gitlab/pgbouncer' 1953 | # pgbouncer['env_directory'] = '/opt/gitlab/etc/pgbouncer/env' 1954 | # pgbouncer['env'] = { 1955 | # 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/" 1956 | # } 1957 | # pgbouncer['listen_addr'] = '0.0.0.0' 1958 | # pgbouncer['listen_port'] = '6432' 1959 | # pgbouncer['pool_mode'] = 'transaction' 1960 | # pgbouncer['server_reset_query'] = 'DISCARD ALL' 1961 | # pgbouncer['application_name_add_host'] = '1' 1962 | # pgbouncer['max_client_conn'] = '2048' 1963 | # pgbouncer['default_pool_size'] = '100' 1964 | # pgbouncer['min_pool_size'] = '0' 1965 | # pgbouncer['reserve_pool_size'] = '5' 1966 | # pgbouncer['reserve_pool_timeout'] = '5.0' 1967 | # pgbouncer['server_round_robin'] = '0' 1968 | # pgbouncer['log_connections'] = '0' 1969 | # pgbouncer['server_idle_timeout'] = '30' 1970 | # pgbouncer['dns_max_ttl'] = '15.0' 1971 | # pgbouncer['dns_zone_check_period'] = '0' 1972 | # pgbouncer['dns_nxdomain_ttl'] = '15.0' 1973 | # pgbouncer['admin_users'] = %w(gitlab-psql postgres pgbouncer) 1974 | # pgbouncer['stats_users'] = %w(gitlab-psql postgres pgbouncer) 1975 | # pgbouncer['ignore_startup_parameters'] = 'extra_float_digits' 1976 | # pgbouncer['databases'] = { 1977 | # DATABASE_NAME: { 1978 | # host: HOSTNAME, 1979 | # port: PORT 1980 | # user: USERNAME, 1981 | # password: PASSWORD 1982 | ###! generate this with `echo -n '$password + $username' | md5sum` 1983 | # } 1984 | # ... 1985 | # } 1986 | # pgbouncer['logfile'] = nil 1987 | # pgbouncer['unix_socket_dir'] = nil 1988 | # pgbouncer['unix_socket_mode'] = '0777' 1989 | # pgbouncer['unix_socket_group'] = nil 1990 | # pgbouncer['auth_type'] = 'md5' 1991 | # pgbouncer['auth_hba_file'] = nil 1992 | # pgbouncer['auth_query'] = 'SELECT username, password FROM public.pg_shadow_lookup($1)' 1993 | # pgbouncer['users'] = { 1994 | # { 1995 | # name: USERNAME, 1996 | # password: MD5_PASSWORD_HASH 1997 | # } 1998 | # } 1999 | # postgresql['pgbouncer_user'] = nil 2000 | # postgresql['pgbouncer_user_password'] = nil 2001 | # pgbouncer['server_reset_query_always'] = 0 2002 | # pgbouncer['server_check_query'] = 'select 1' 2003 | # pgbouncer['server_check_delay'] = 30 2004 | # pgbouncer['max_db_connections'] = nil 2005 | # pgbouncer['max_user_connections'] = nil 2006 | # pgbouncer['syslog'] = 0 2007 | # pgbouncer['syslog_facility'] = 'daemon' 2008 | # pgbouncer['syslog_ident'] = 'pgbouncer' 2009 | # pgbouncer['log_disconnections'] = 1 2010 | # pgbouncer['log_pooler_errors'] = 1 2011 | # pgbouncer['stats_period'] = 60 2012 | # pgbouncer['verbose'] = 0 2013 | # pgbouncer['server_lifetime'] = 3600 2014 | # pgbouncer['server_connect_timeout'] = 15 2015 | # pgbouncer['server_login_retry'] = 15 2016 | # pgbouncer['query_timeout'] = 0 2017 | # pgbouncer['query_wait_timeout'] = 120 2018 | # pgbouncer['client_idle_timeout'] = 0 2019 | # pgbouncer['client_login_timeout'] = 60 2020 | # pgbouncer['autodb_idle_timeout'] = 3600 2021 | # pgbouncer['suspend_timeout'] = 10 2022 | # pgbouncer['idle_transaction_timeout'] = 0 2023 | # pgbouncer['pkt_buf'] = 4096 2024 | # pgbouncer['listen_backlog'] = 128 2025 | # pgbouncer['sbuf_loopcnt'] = 5 2026 | # pgbouncer['max_packet_size'] = 2147483647 2027 | # pgbouncer['tcp_defer_accept'] = 0 2028 | # pgbouncer['tcp_socket_buffer'] = 0 2029 | # pgbouncer['tcp_keepalive'] = 1 2030 | # pgbouncer['tcp_keepcnt'] = 0 2031 | # pgbouncer['tcp_keepidle'] = 0 2032 | # pgbouncer['tcp_keepintvl'] = 0 2033 | # pgbouncer['disable_pqexec'] = 0 2034 | 2035 | ## Pgbouncer client TLS options 2036 | # pgbouncer['client_tls_sslmode'] = 'disable' 2037 | # pgbouncer['client_tls_ca_file'] = nil 2038 | # pgbouncer['client_tls_key_file'] = nil 2039 | # pgbouncer['client_tls_cert_file'] = nil 2040 | # pgbouncer['client_tls_protocols'] = 'all' 2041 | # pgbouncer['client_tls_dheparams'] = 'auto' 2042 | # pgbouncer['client_tls_ecdhcurve'] = 'auto' 2043 | # 2044 | ## Pgbouncer server TLS options 2045 | # pgbouncer['server_tls_sslmode'] = 'disable' 2046 | # pgbouncer['server_tls_ca_file'] = nil 2047 | # pgbouncer['server_tls_key_file'] = nil 2048 | # pgbouncer['server_tls_cert_file'] = nil 2049 | # pgbouncer['server_tls_protocols'] = 'all' 2050 | # pgbouncer['server_tls_ciphers'] = 'fast' 2051 | 2052 | ################################################################################ 2053 | # Repmgr (EE only) 2054 | ################################################################################ 2055 | # repmgr['enable'] = false 2056 | # repmgr['cluster'] = 'gitlab_cluster' 2057 | # repmgr['database'] = 'gitlab_repmgr' 2058 | # repmgr['host'] = nil 2059 | # repmgr['node_number'] = nil 2060 | # repmgr['port'] = 5432 2061 | # repmgr['trust_auth_cidr_addresses'] = [] 2062 | # repmgr['user'] = 'gitlab_repmgr' 2063 | # repmgr['sslmode'] = 'prefer' 2064 | # repmgr['sslcompression'] = 0 2065 | # repmgr['failover'] = 'automatic' 2066 | # repmgr['log_directory'] = '/var/log/gitlab/repmgrd' 2067 | # repmgr['node_name'] = nil 2068 | # repmgr['pg_bindir'] = '/opt/gitlab/embedded/bin' 2069 | # repmgr['service_start_command'] = '/opt/gitlab/bin/gitlab-ctl start postgresql' 2070 | # repmgr['service_stop_command'] = '/opt/gitlab/bin/gitlab-ctl stop postgresql' 2071 | # repmgr['service_reload_command'] = '/opt/gitlab/bin/gitlab-ctl hup postgresql' 2072 | # repmgr['service_restart_command'] = '/opt/gitlab/bin/gitlab-ctl restart postgresql' 2073 | # repmgr['service_promote_command'] = nil 2074 | # repmgr['promote_command'] = '/opt/gitlab/embedded/bin/repmgr standby promote -f /var/opt/gitlab/postgresql/repmgr.conf' 2075 | # repmgr['follow_command'] = '/opt/gitlab/embedded/bin/repmgr standby follow -f /var/opt/gitlab/postgresql/repmgr.conf' 2076 | 2077 | # repmgr['upstream_node'] = nil 2078 | # repmgr['use_replication_slots'] = false 2079 | # repmgr['loglevel'] = 'INFO' 2080 | # repmgr['logfacility'] = 'STDERR' 2081 | # repmgr['logfile'] = nil 2082 | 2083 | # repmgr['event_notification_command'] = nil 2084 | # repmgr['event_notifications'] = nil 2085 | 2086 | # repmgr['rsync_options'] = nil 2087 | # repmgr['ssh_options'] = nil 2088 | # repmgr['priority'] = nil 2089 | # 2090 | # HA setting to specify if a node should attempt to be master on initialization 2091 | # repmgr['master_on_initialization'] = true 2092 | 2093 | # repmgr['retry_promote_interval_secs'] = 300 2094 | # repmgr['witness_repl_nodes_sync_interval_secs'] = 15 2095 | # repmgr['reconnect_attempts'] = 6 2096 | # repmgr['reconnect_interval'] = 10 2097 | # repmgr['monitor_interval_secs'] = 2 2098 | # repmgr['master_response_timeout'] = 60 2099 | # repmgr['daemon'] = true 2100 | # repmgrd['enable'] = true 2101 | 2102 | ################################################################################ 2103 | # Consul (EEP only) 2104 | ################################################################################ 2105 | # consul['enable'] = false 2106 | # consul['dir'] = '/var/opt/gitlab/consul' 2107 | # consul['user'] = 'gitlab-consul' 2108 | # consul['group'] = 'gitlab-consul' 2109 | # consul['config_file'] = '/var/opt/gitlab/consul/config.json' 2110 | # consul['config_dir'] = '/var/opt/gitlab/consul/config.d' 2111 | # consul['data_dir'] = '/var/opt/gitlab/consul/data' 2112 | # consul['log_directory'] = '/var/log/gitlab/consul' 2113 | # consul['env_directory'] = '/opt/gitlab/etc/consul/env' 2114 | # consul['env'] = { 2115 | # 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/" 2116 | # } 2117 | # consul['monitoring_service_discovery'] = false 2118 | # consul['node_name'] = nil 2119 | # consul['script_directory'] = '/var/opt/gitlab/consul/scripts' 2120 | # consul['configuration'] = { 2121 | # 'client_addr' => nil, 2122 | # 'datacenter' => 'gitlab_consul', 2123 | # 'enable_script_checks' => true, 2124 | # 'server' => false 2125 | # } 2126 | # consul['services'] = [] 2127 | # consul['service_config'] = { 2128 | # 'postgresql' => { 2129 | # 'service' => { 2130 | # 'name' => "postgresql", 2131 | # 'address' => '', 2132 | # 'port' => 5432, 2133 | # 'checks' => [ 2134 | # { 2135 | # 'script' => "/var/opt/gitlab/consul/scripts/check_postgresql", 2136 | # 'interval' => "10s" 2137 | # } 2138 | # ] 2139 | # } 2140 | # } 2141 | # } 2142 | # consul['watchers'] = { 2143 | # 'postgresql' => { 2144 | # enable: false, 2145 | # handler: 'failover_pgbouncer' 2146 | # } 2147 | # } 2148 | -------------------------------------------------------------------------------- /vars/Debian.yml: -------------------------------------------------------------------------------- 1 | --- 2 | gitlab_package: gitlab-ce 3 | 4 | gitlab_package_dependencies: 5 | - curl 6 | - ca-certificates 7 | - openssh-server 8 | 9 | gitlab_script_url: https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.deb.sh 10 | 11 | gitlab_ssh_service_name: ssh 12 | -------------------------------------------------------------------------------- /vars/RedHat.yml: -------------------------------------------------------------------------------- 1 | --- 2 | gitlab_package: gitlab-ce 3 | 4 | gitlab_package_dependencies: 5 | - curl 6 | - ca-certificates 7 | - policycoreutils 8 | - openssh-server 9 | - cronie 10 | 11 | gitlab_firewalld_allows: 12 | - http 13 | - https 14 | 15 | gitlab_script_url: https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.rpm.sh 16 | 17 | gitlab_ssh_service_name: sshd 18 | --------------------------------------------------------------------------------