Ian Baum authored 4 years ago and Balasankar C committed 4 years ago

* Adds postgresql['cert_auth_addresses'] attribute
* Updates pg_hba.conf template to add entries in that attribute

Part of https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/5577

This setting needs to be enabled for pg_rewind to work during a Patroni
failover.

Relates to https://gitlab.com/gitlab-org/gitlab/-/issues/267144

We had a customer confused how to set the reply-to and from e-mail
address since the template didn't have these settings next to the SMTP
settings. This mirrors what is described in the documentation:
https://docs.gitlab.com/omnibus/settings/smtp.html

Matt Kasa authored 4 years ago and DJ Mountney committed 4 years ago

Relates to https://gitlab.com/gitlab-org/gitlab/-/issues/223060

Drew Blessing authored 4 years ago and Drew Blessing committed 4 years ago

Add support for the GitLab configuration option for
simple_ldap_linking_allowed_realms.

Makes it possible to configure Praefect's reconciliation through
gitlab.rb.

In https://gitlab.com/gitlab-org/gitlab/-/merge_requests/42267, we are
disabling the Sidekiq Exporter logs by default since they are noisy and
don't add a lot of value.  This change allows admins to enable them if
needed.

Background in https://gitlab.com/gitlab-org/gitlab/-/issues/238556

this patch makes following changes:

1. Location block does not match a URL query string which results the
   .git/info/refs being never matched. To match the config of gitlab.com,
    we simply remove the pattern here.

2. Disable buffering for artifacts.

3. Escape the backslashes to make sure "." (dot) symbols is matched
   correctly during nginx location regex matching.

Without this there will be:

> There was an error running gitlab-ctl reconfigure:
> 
> /etc/gitlab/gitlab.rb:1639: syntax error, unexpected tSTRING_BEG, expecting '}'
>    'storage.path' => '/var/opt/gi...
>    ^
> /etc/gitlab/gitlab.rb:1639: syntax error, unexpected =>, expecting end-of-input
>    'storage.path' => '/var/opt/gitlab/alertmanage...
>                   ^~

This commit adds settings for the `storage_options` setting used to
configure AWS server side encryption. Note that only SSE-KMS
(https://docs.aws.amazon.com/kms/latest/developerguide/services-s3.html#sse)
is supported; SSE-C is not.

Related merge requests:

1. https://gitlab.com/gitlab-org/gitlab/-/merge_requests/38240
2. https://gitlab.com/gitlab-org/gitlab-workhorse/-/merge_requests/537

Katrin Leinweber authored 4 years ago and Balasankar C committed 4 years ago

Instead of the plaintext version of this file.
This reverts 4b28887b.

'read_only_after_failover' configuration toggle has been removed from
Praefect. This commit removes the configuration toggle from Praefect's
configuration template.

Cron job introduced in
https://gitlab.com/gitlab-org/gitlab/-/merge_requests/38086

This reverts merge request !4289

This adds support for the gitlab.yml changes in
https://gitlab.com/gitlab-org/gitlab/-/merge_requests/34460. This allows
GitLab to use the Workhorse S3 client with a single credential, enabling
proper MD5 checksums and multipart uploads, and paves the way for
user-specified keys for encrypted buckets.

These changes require
https://gitlab.com/gitlab-org/gitlab/-/merge_requests/35480 to work.

This was missed by !4296. Added and updated for SSL_CERT_DIR.