Signed-off-by: Balasankar "Balu" C <balasankarc@autistici.org>

Part of https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/5577

- Per review discussin, change the workhorse listen_addr default to nil

Signed-off-by: Robert Marshall <rmarshall@gitlab.com>

- Do not automatically use sockets directory, allow a user to set the
  directory

Signed-off-by: Robert Marshall <rmarshall@gitlab.com>

Matt Kasa authored 4 years ago and DJ Mountney committed 4 years ago

Relates to https://gitlab.com/gitlab-org/gitlab/-/issues/223060

- Run the SELinux helper after GitLab Workhorse and other files are
  created ensuring their file contexts are restored
- Place GitLab Workhorse socket files into a sockets directory allowing
  the SELinux file context to be inherited on service restarts
- Add a GitLab Workhorse helper to ensure that new UNIX sockets for
  Workhorse always inherit the proper SELinux file context

Signed-off-by: Robert Marshall <rmarshall@gitlab.com>

Andreas Brandl authored 4 years ago and Ian Baum committed 4 years ago

Relates to https://gitlab.com/gitlab-org/gitlab/-/issues/249662

Drew Blessing authored 4 years ago and Drew Blessing committed 4 years ago

Add support for the GitLab configuration option for
simple_ldap_linking_allowed_realms.

In https://gitlab.com/gitlab-org/gitlab/-/merge_requests/42267, we are
disabling the Sidekiq Exporter logs by default since they are noisy and
don't add a lot of value.  This change allows admins to enable them if
needed.

Background in https://gitlab.com/gitlab-org/gitlab/-/issues/238556

this patch makes following changes:

1. Location block does not match a URL query string which results the
   .git/info/refs being never matched. To match the config of gitlab.com,
    we simply remove the pattern here.

2. Disable buffering for artifacts.

3. Escape the backslashes to make sure "." (dot) symbols is matched
   correctly during nginx location regex matching.

This commit adds settings for the `storage_options` setting used to
configure AWS server side encryption. Note that only SSE-KMS
(https://docs.aws.amazon.com/kms/latest/developerguide/services-s3.html#sse)
is supported; SSE-C is not.

Related merge requests:

1. https://gitlab.com/gitlab-org/gitlab/-/merge_requests/38240
2. https://gitlab.com/gitlab-org/gitlab-workhorse/-/merge_requests/537

Cron job introduced in
https://gitlab.com/gitlab-org/gitlab/-/merge_requests/38086

This also moves the worker pool size setting to an ENV variable
since that was changed in gitlab-rails

This adds support for the gitlab.yml changes in
https://gitlab.com/gitlab-org/gitlab/-/merge_requests/34460. This allows
GitLab to use the Workhorse S3 client with a single credential, enabling
proper MD5 checksums and multipart uploads, and paves the way for
user-specified keys for encrypted buckets.

These changes require
https://gitlab.com/gitlab-org/gitlab/-/merge_requests/35480 to work.

Ian Baum authored 4 years ago and DJ Mountney committed 4 years ago

runit_service[sidekiq]

It looks like LWRP resources aren't added to the list at compile time,
so there isn't any runit_service[sidekiq] when notifications are being
setup

Ian Baum authored 4 years ago and DJ Mountney committed 4 years ago

* Curently on 14, which was set to end of life at on April 30, 2020.
* Adds chef-bin gem
* Automatically accept the chef license EULA
* Update chef libraries in Gemfile to newer versions
* Update trigger jobs to use ruby 2.6 image

As discussed in
https://gitlab.com/gitlab-org/omnibus-gitlab/-/merge_requests/4324, we
can set the default attribute for `gitlab_workhorse['auth_socket']` to
`nil` as the empty string value so we can use
`node['gitlab']['gitlab-workhorse']['auth_socket']` in the template
instead of `Gitlab['gitlab_workhorse']['auth_socket']`.

To support continuous profiling in gitlab-pages (https://gitlab.com/gitlab-com/gl-infra/scalability/-/issues/334) we need to supply an environment variable (GITLAB_CONTINUOUS_PROFILING).  Before this MR, gitlab-pages had one env var hard-coded into the sv run file.  This MR converts to using chpst's -e option as we do for many of our other services, and permits the configuring of additional env vars from gitlab.rb (as we do for e.g. gitaly and praefect).

* Include `text/html` missing from gzip_types.
* Use the same nginx settings for nginx.conf and gitlab-http.conf.
* Include gzip_ratio in the nginx log format.

https://gitlab.com/gitlab-org/gitlab-foss/-/issues/33719



Signed-off-by: Ben Kochie <bjk@gitlab.com>

Balasankar C authored 4 years ago and DJ Mountney committed 4 years ago

Signed-off-by: Balasankar "Balu" C <balasankarc@autistici.org>