@@ -92,6 +92,8 @@ Use an object storage option like AWS S3 to store job artifacts.
...
@@ -92,6 +92,8 @@ Use an object storage option like AWS S3 to store job artifacts.
DANGER: **Danger:**
DANGER: **Danger:**
If you configure GitLab to store CI logs and artifacts on object storage, you must also enable [incremental logging](job_logs.md#new-incremental-logging-architecture). Otherwise, job logs will disappear or not be saved.
If you configure GitLab to store CI logs and artifacts on object storage, you must also enable [incremental logging](job_logs.md#new-incremental-logging-architecture). Otherwise, job logs will disappear or not be saved.
[Read more about using object storage with GitLab](object_storage.md).
#### Object Storage Settings
#### Object Storage Settings
For source installations the following settings are nested under `artifacts:` and then `object_store:`. On Omnibus GitLab installs they are prefixed by `artifacts_object_store_`.
For source installations the following settings are nested under `artifacts:` and then `object_store:`. On Omnibus GitLab installs they are prefixed by `artifacts_object_store_`.
@@ -21,9 +21,6 @@ Object storage options that GitLab has tested, or is aware of customers using in
...
@@ -21,9 +21,6 @@ Object storage options that GitLab has tested, or is aware of customers using in
For configuring GitLab to use Object Storage refer to the following guides:
For configuring GitLab to use Object Storage refer to the following guides:
1. Make sure the [`git` user home directory](https://docs.gitlab.com/omnibus/settings/configuration.html#moving-the-home-directory-for-a-user) is on local disk.
1. Configure [database lookup of SSH keys](operations/fast_ssh_key_lookup.md)
to eliminate the need for a shared `authorized_keys` file.
1. Configure [object storage for backups](../raketasks/backup_restore.md#uploading-backups-to-a-remote-cloud-storage).
1. Configure [object storage for backups](../raketasks/backup_restore.md#uploading-backups-to-a-remote-cloud-storage).
1. Configure [object storage for job artifacts](job_artifacts.md#using-object-storage)
1. Configure [object storage for job artifacts](job_artifacts.md#using-object-storage)
including [incremental logging](job_logs.md#new-incremental-logging-architecture).
including [incremental logging](job_logs.md#new-incremental-logging-architecture).
...
@@ -36,6 +33,19 @@ For configuring GitLab to use Object Storage refer to the following guides:
...
@@ -36,6 +33,19 @@ For configuring GitLab to use Object Storage refer to the following guides:
1. Configure [object storage for Dependency Proxy](packages/dependency_proxy.md#using-object-storage)(optional feature). **(PREMIUM ONLY)**
1. Configure [object storage for Dependency Proxy](packages/dependency_proxy.md#using-object-storage)(optional feature). **(PREMIUM ONLY)**
1. Configure [object storage for Pseudonymizer](pseudonymizer.md#configuration)(optional feature). **(ULTIMATE ONLY)**
1. Configure [object storage for Pseudonymizer](pseudonymizer.md#configuration)(optional feature). **(ULTIMATE ONLY)**
1. Configure [object storage for autoscale Runner caching](https://docs.gitlab.com/runner/configuration/autoscale.html#distributed-runners-caching)(optional - for improved performance).
1. Configure [object storage for autoscale Runner caching](https://docs.gitlab.com/runner/configuration/autoscale.html#distributed-runners-caching)(optional - for improved performance).
1. Configure [object storage for Terraform state files](terraform_state.md#using-object-storage-core-only)
### Other alternatives to filesystem storage
If you're working to [scale out](scaling/index.md) your GitLab implementation,
or add [fault tolerance and redundancy](high_availability/README.md) you may be
looking at removing dependencies on block or network filesystems.
See the following guides and
[note that Pages requires disk storage](#gitlab-pages-requires-nfs):
1. Make sure the [`git` user home directory](https://docs.gitlab.com/omnibus/settings/configuration.html#moving-the-home-directory-for-a-user) is on local disk.
1. Configure [database lookup of SSH keys](operations/fast_ssh_key_lookup.md)
to eliminate the need for a shared `authorized_keys` file.
## Warnings, limitations, and known issues
## Warnings, limitations, and known issues
...
@@ -67,8 +77,9 @@ with the Fog library that GitLab uses. Symptoms include:
...
@@ -67,8 +77,9 @@ with the Fog library that GitLab uses. Symptoms include:
### GitLab Pages requires NFS
### GitLab Pages requires NFS
If you're working to [scale out](high_availability/README.md) your GitLab implementation and
If you're working to add more GitLab servers for [scaling](scaling/index.md) or
one of your requirements is [GitLab Pages](../user/project/pages/index.md) this currently requires
[fault tolerance](high_availability/README.md) and one of your requirements
is [GitLab Pages](../user/project/pages/index.md) this currently requires
NFS. There is [work in progress](https://gitlab.com/gitlab-org/gitlab-pages/issues/196)
NFS. There is [work in progress](https://gitlab.com/gitlab-org/gitlab-pages/issues/196)
to remove this dependency. In the future, GitLab Pages may use
to remove this dependency. In the future, GitLab Pages may use
@@ -55,6 +55,8 @@ If you don't want to use the local disk where GitLab is installed to store the
...
@@ -55,6 +55,8 @@ If you don't want to use the local disk where GitLab is installed to store the
uploads, you can use an object storage provider like AWS S3 instead.
uploads, you can use an object storage provider like AWS S3 instead.
This configuration relies on valid AWS credentials to be configured already.
This configuration relies on valid AWS credentials to be configured already.
[Read more about using object storage with GitLab](object_storage.md).
## Object Storage Settings
## Object Storage Settings
For source installations the following settings are nested under `uploads:` and then `object_store:`. On Omnibus GitLab installs they are prefixed by `uploads_object_store_`.
For source installations the following settings are nested under `uploads:` and then `object_store:`. On Omnibus GitLab installs they are prefixed by `uploads_object_store_`.
@@ -287,6 +287,9 @@ When the user is authenticated and `simple` is not set this returns something li
...
@@ -287,6 +287,9 @@ When the user is authenticated and `simple` is not set this returns something li
]
]
```
```
NOTE: **Note:**
For users on GitLab [Silver, Premium, or higher](https://about.gitlab.com/pricing/) the `marked_for_deletion_at` attribute will be deprecated in GitLab 13.0 in favor of the `marked_for_deletion_on` attribute.
Users on GitLab [Starter, Bronze, or higher](https://about.gitlab.com/pricing/) will also see
Users on GitLab [Starter, Bronze, or higher](https://about.gitlab.com/pricing/) will also see
the `approvals_before_merge` parameter:
the `approvals_before_merge` parameter:
...
@@ -408,7 +411,7 @@ This endpoint supports [keyset pagination](README.md#keyset-based-pagination) fo
...
@@ -408,7 +411,7 @@ This endpoint supports [keyset pagination](README.md#keyset-based-pagination) fo
@@ -136,12 +136,11 @@ your own script to generate a YAML file, which is then [used to trigger a child
...
@@ -136,12 +136,11 @@ your own script to generate a YAML file, which is then [used to trigger a child
This technique can be very powerful in generating pipelines targeting content that changed or to
This technique can be very powerful in generating pipelines targeting content that changed or to
build a matrix of targets and architectures.
build a matrix of targets and architectures.
In GitLab 12.9, the child pipeline could fail to be created in certain cases, causing the parent pipeline to fail.
This is [resolved in GitLab 12.10](https://gitlab.com/gitlab-org/gitlab/-/issues/209070).
## Limitations
## Limitations
A parent pipeline can trigger many child pipelines, but a child pipeline cannot trigger
A parent pipeline can trigger many child pipelines, but a child pipeline cannot trigger
further child pipelines. See the [related issue](https://gitlab.com/gitlab-org/gitlab/issues/29651)
further child pipelines. See the [related issue](https://gitlab.com/gitlab-org/gitlab/issues/29651)
for discussion on possible future improvements.
for discussion on possible future improvements.
When triggering dynamic child pipelines, if the job containing the CI config artifact is not a predecessor of the
trigger job, the child pipeline will fail to be created, causing also the parent pipeline to fail.
In the future we want to validate the trigger job's dependencies [at the time the parent pipeline is created](https://gitlab.com/gitlab-org/gitlab/-/issues/209070) rather than when the child pipeline is created.
@@ -555,7 +555,7 @@ In `/etc/ssh/sshd_config` update the following:
...
@@ -555,7 +555,7 @@ In `/etc/ssh/sshd_config` update the following:
#### Amazon S3 object storage
#### Amazon S3 object storage
Since we're not using NFS for shared storage, we will use [Amazon S3](https://aws.amazon.com/s3/) buckets to store backups, artifacts, LFS objects, uploads, merge request diffs, container registry images, and more. For instructions on how to configure each of these, please see [Cloud Object Storage](../../administration/high_availability/object_storage.md).
Since we're not using NFS for shared storage, we will use [Amazon S3](https://aws.amazon.com/s3/) buckets to store backups, artifacts, LFS objects, uploads, merge request diffs, container registry images, and more. Our [documentation includes configuration instructions](../../administration/object_storage.md) for each of these, and other information about using object storage with GitLab.
Remember to run `sudo gitlab-ctl reconfigure` after saving the changes to the `gitlab.rb` file.
Remember to run `sudo gitlab-ctl reconfigure` after saving the changes to the `gitlab.rb` file.
...
@@ -580,90 +580,55 @@ On the EC2 dashboard:
...
@@ -580,90 +580,55 @@ On the EC2 dashboard:
Now we have a custom AMI that we'll use to create our launch configuration the next step.
Now we have a custom AMI that we'll use to create our launch configuration the next step.
## Deploying GitLab inside an auto scaling group
## Deploy GitLab inside an auto scaling group
We'll use AWS's wizard to deploy GitLab and then SSH into the instance to
### Create a launch configuration
configure the PostgreSQL and Redis connections.
The Auto Scaling Group option is available through the EC2 dashboard on the left
From the EC2 dashboard:
sidebar.
1. Click **Create Auto Scaling group**.
1. Create a new launch configuration.
### Choose the AMI
Choose the AMI:
1. Go to the Community AMIs and search for `GitLab EE <version>`
where `<version>` the latest version as seen on the
You should choose an instance type based on your workload. Consult
[the hardware requirements](../requirements.md#hardware-requirements) to choose
one that fits your needs (at least `c5.xlarge`, which is enough to accommodate 100 users):
1. Choose the your instance type.
1. Click **Next: Configure Instance Details**.
### Configure details
In this step we'll configure some details:
1. Enter a name (`gitlab-autoscaling`).
1. Select the IAM role we created.
1. Optionally, enable CloudWatch and the EBS-optimized instance settings.
1. In the "Advanced Details" section, set the IP address type to
"Do not assign a public IP address to any instances."
1. Click **Next: Add Storage**.
### Add storage
The root volume is 8GB by default and should be enough given that we won't store any data there.
### Configure security group
As a last step, configure the security group:
1. Select the existing load balancer security group we have [created](#load-balancer).
1. Select **Review**.
### Review and launch
Now is a good time to review all the previous settings. When ready, click
**Create launch configuration** and select the SSH key pair with which you will
connect to the instance.
### Create Auto Scaling Group
We are now able to start creating our Auto Scaling Group:
1. Give it a group name.
1. Set the group size to 2 as we want to always start with two instances.
1. Assign it our network VPC and add the **private subnets**.
1. In the "Advanced Details" section, choose to receive traffic from ELBs
and select our ELB.
1. Choose the ELB health check.
1. Click **Next: Configure scaling policies**.
This is the really great part of Auto Scaling; we get to choose when AWS
1. Select **Launch Configurations** from the left menu and click **Create launch configuration**.
launches new instances and when it removes them. For this group we'll
1. Select **My AMIs** from the left menu and select the `GitLab` custom AMI we created above.
scale between 2 and 4 instances where one instance will be added if CPU
1. Select an instance type best suited for your needs (at least a `c5.xlarge`) and click **Configure details**.
1. Enter a name for your launch configuration (we'll use `gitlab-ha-launch-config`).
1.**Do not** check **Request Spot Instance**.
1. From the **IAM Role** dropdown, pick the `GitLabAdmin` instance role we [created earlier](#creating-an-iam-ec2-instance-role-and-profile).
1. Leave the rest as defaults and click **Add Storage**.
1. The root volume is 8GiB by default and should be enough given that we won’t store any data there. Click **Configure Security Group**.
1. Check **Select and existing security group** and select the `gitlab-loadbalancer-sec-group` we created earlier.
1. Click **Review**, review your changes, and click **Create launch configuration**.
1. Acknowledge that you have access to the private key or create a new one. Click **Create launch configuration**.
### Create an auto scaling group
1. As soon as the launch configuration is created, you'll see an option to **Create an Auto Scaling group using this launch configuration**. Click that to start creating the auto scaling group.
1. Enter a **Group name** (we'll use `gitlab-auto-scaling-group`).
1. For **Group size**, enter the number of instances you want to start with (we'll enter `2`).
1. Select the `gitlab-vpc` from the **Network** dropdown.
1. Add both the private [subnets we created earlier](#subnets).
1. Expand the **Advanced Details** section and check the **Receive traffic from one or more load balancers** option.
1. From the **Classic Load Balancers** dropdown, Select the load balancer we created earlier.
1. For **Health Check Type**, select **ELB**.
1. We'll leave our **Health Check Grace Period** as the default `300` seconds. Click **Configure scaling policies**.
1. Check **Use scaling policies to adjust the capacity of this group**.
1. For this group we'll scale between 2 and 4 instances where one instance will be added if CPU
utilization is greater than 60% and one instance is removed if it falls
utilization is greater than 60% and one instance is removed if it falls
to less than 45%.
to less than 45%.
![Auto scaling group policies](img/policies.png)
![Auto scaling group policies](img/policies.png)
Finally, configure notifications and tags as you see fit, and create the
1. Finally, configure notifications and tags as you see fit, review your changes, and create the
auto scaling group.
auto scaling group.
You'll notice that after we save the configuration, AWS starts launching our two
As the auto scaling group is created, you'll see your new instances spinning up in your EC2 dashboard. You'll also see the new instances added to your load balancer. Once the instances pass the heath check, they are ready to start receiving traffic from the load balancer.
instances in different AZs and without a public IP which is exactly what
we intended.
Since our instances are created by the auto scaling group, go back to your instances and terminate the [instance we created manually above](#install-gitlab). We only needed this instance to create our custom AMI.
### Log in for the first time
Using the domain name you used when setting up [DNS for the load balancer](#configure-dns-for-load-balancer), you should now be able to visit GitLab in your browser. The very first time you will be asked to set up a password
for the `root` user which has admin privileges on the GitLab instance.
After you set it up, login with username `root` and the newly created password.
@@ -1116,3 +1116,22 @@ To avoid installation errors:
...
@@ -1116,3 +1116,22 @@ To avoid installation errors:
kubectl get secrets/tiller-secret -n gitlab-managed-apps -o"jsonpath={.data['ca\.crt']}" | base64-d> b.pem
kubectl get secrets/tiller-secret -n gitlab-managed-apps -o"jsonpath={.data['ca\.crt']}" | base64-d> b.pem
diff a.pem b.pem
diff a.pem b.pem
```
```
### Error installing managed apps on EKS cluster
If you're using a managed cluster on AWS EKS, and you are not able to install some of the managed
apps, consider checking the logs.
You can check the logs by running following commands:
```shell
kubectl get pods --all-namespaces
kubectl get services --all-namespaces
```
If you are getting the `Failed to assign an IP address to container` error, it's probably due to the
instance type you've specified in the AWS configuration.
The number and size of nodes might not have enough IP addresses to run or install those pods.
For reference, all the AWS instance IP limits are found
[in this AWS repository on GitHub](https://github.com/aws/amazon-vpc-cni-k8s/blob/master/pkg/awsutils/vpc_ip_resource_limit.go)(search for `InstanceENIsAvailable`).
@@ -2470,7 +2470,7 @@ msgid "AutoDevOps|Learn more in the %{link_to_documentation}"
...
@@ -2470,7 +2470,7 @@ msgid "AutoDevOps|Learn more in the %{link_to_documentation}"
msgstr "Erfahre mehr in der %{link_to_documentation}"
msgstr "Erfahre mehr in der %{link_to_documentation}"
msgid "AutoDevOps|The Auto DevOps pipeline has been enabled and will be used if no alternative CI configuration file is found. %{more_information_link}"
msgid "AutoDevOps|The Auto DevOps pipeline has been enabled and will be used if no alternative CI configuration file is found. %{more_information_link}"
msgstr "Die Auto-DevOps-Pipeline wurde aktiviert und wir verwendet, falls keine alternative CI-Konfigurationsdatei gefunden wurde. %{more_information_link}"
msgstr "Die Auto-DevOps-Pipeline wurde aktiviert und wird verwendet, falls keine alternative CI-Konfigurationsdatei gefunden wurde. %{more_information_link}"