Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
0881c145
Commit
0881c145
authored
Oct 02, 2020
by
Marcel Amirault
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Clean up yaml code block formatting
Fix spacing, indentation, comments, etc
parent
3e8137fe
Changes
18
Hide whitespace changes
Inline
Side-by-side
Showing
18 changed files
with
118 additions
and
110 deletions
+118
-110
doc/administration/redis/replication_and_failover_external.md
...administration/redis/replication_and_failover_external.md
+6
-6
doc/administration/redis/troubleshooting.md
doc/administration/redis/troubleshooting.md
+3
-3
doc/integration/cas.md
doc/integration/cas.md
+4
-4
doc/integration/facebook.md
doc/integration/facebook.md
+1
-1
doc/integration/github.md
doc/integration/github.md
+13
-11
doc/integration/gitlab.md
doc/integration/gitlab.md
+4
-3
doc/integration/google.md
doc/integration/google.md
+4
-3
doc/integration/kerberos.md
doc/integration/kerberos.md
+2
-1
doc/integration/omniauth.md
doc/integration/omniauth.md
+13
-13
doc/integration/salesforce.md
doc/integration/salesforce.md
+1
-1
doc/integration/saml.md
doc/integration/saml.md
+38
-38
doc/integration/twitter.md
doc/integration/twitter.md
+2
-1
doc/operations/metrics/alerts.md
doc/operations/metrics/alerts.md
+2
-1
doc/operations/metrics/dashboards/panel_types.md
doc/operations/metrics/dashboards/panel_types.md
+1
-1
doc/topics/autodevops/index.md
doc/topics/autodevops/index.md
+1
-1
doc/user/clusters/agent/index.md
doc/user/clusters/agent/index.md
+18
-18
doc/user/project/clusters/add_remove_clusters.md
doc/user/project/clusters/add_remove_clusters.md
+1
-1
doc/user/project/clusters/serverless/aws.md
doc/user/project/clusters/serverless/aws.md
+4
-3
No files found.
doc/administration/redis/replication_and_failover_external.md
View file @
0881c145
...
...
@@ -228,13 +228,13 @@ which ideally should not have Redis or Sentinels in the same machine:
sentinels
:
-
host
:
10.0.0.1
port
:
26379
# point to sentinel, not to redis port
port
:
26379
# point to sentinel, not to redis port
-
host
:
10.0.0.2
port
:
26379
# point to sentinel, not to redis port
port
:
26379
# point to sentinel, not to redis port
-
host
:
10.0.0.3
port
:
26379
# point to sentinel, not to redis port
port
:
26379
# point to sentinel, not to redis port
```
1.
[
Restart GitLab
](
../restart_gitlab.md#installations-from-source
)
for the changes to take effect.
...
...
@@ -353,13 +353,13 @@ or a failover promotes a different **Primary** node.
sentinels
:
-
host
:
10.0.0.1
port
:
26379
# point to sentinel, not to redis port
port
:
26379
# point to sentinel, not to redis port
-
host
:
10.0.0.2
port
:
26379
# point to sentinel, not to redis port
port
:
26379
# point to sentinel, not to redis port
-
host
:
10.0.0.3
port
:
26379
# point to sentinel, not to redis port
port
:
26379
# point to sentinel, not to redis port
```
1.
[
Restart GitLab
](
../restart_gitlab.md#installations-from-source
)
for the changes to take effect.
...
...
doc/administration/redis/troubleshooting.md
View file @
0881c145
...
...
@@ -146,13 +146,13 @@ production:
sentinels
:
-
host
:
10.0.0.1
port
:
26379
# point to sentinel, not to redis port
port
:
26379
# point to sentinel, not to redis port
-
host
:
10.0.0.2
port
:
26379
# point to sentinel, not to redis port
port
:
26379
# point to sentinel, not to redis port
-
host
:
10.0.0.3
port
:
26379
# point to sentinel, not to redis port
port
:
26379
# point to sentinel, not to redis port
```
When in doubt, read the
[
Redis Sentinel documentation
](
https://redis.io/topics/sentinel
)
.
doc/integration/cas.md
View file @
0881c145
...
...
@@ -45,10 +45,10 @@ To enable the CAS OmniAuth provider you must register your application with your
-
{
name
:
'
cas3'
,
label
:
'
cas'
,
args
:
{
url
:
'
CAS_SERVER'
,
login_url
:
'
/CAS_PATH/login'
,
service_validate_url
:
'
/CAS_PATH/p3/serviceValidate'
,
logout_url
:
'
/CAS_PATH/logout'
}
}
url
:
'
CAS_SERVER'
,
login_url
:
'
/CAS_PATH/login'
,
service_validate_url
:
'
/CAS_PATH/p3/serviceValidate'
,
logout_url
:
'
/CAS_PATH/logout'
}
}
```
1.
Change 'CAS_PATH' to the root of your CAS instance (ie.
`cas`
).
...
...
doc/integration/facebook.md
View file @
0881c145
...
...
@@ -83,7 +83,7 @@ To enable the Facebook OmniAuth provider you must register your application with
```
yaml
-
{
name
:
'
facebook'
,
app_id
:
'
YOUR_APP_ID'
,
app_secret
:
'
YOUR_APP_SECRET'
}
app_secret
:
'
YOUR_APP_SECRET'
}
```
1.
Change 'YOUR_APP_ID' to the API key from Facebook page in step 10.
...
...
doc/integration/github.md
View file @
0881c145
...
...
@@ -71,17 +71,18 @@ Follow these steps to incorporate the GitHub OAuth 2 app in your GitLab server:
```
yaml
-
{
name
:
'
github'
,
app_id
:
'
YOUR_APP_ID'
,
app_secret
:
'
YOUR_APP_SECRET'
,
args
:
{
scope
:
'
user:email'
}
}
app_secret
:
'
YOUR_APP_SECRET'
,
args
:
{
scope
:
'
user:email'
}
}
```
For GitHub Enterprise:
```
yaml
-
{
name
:
'
github'
,
app_id
:
'
YOUR_APP_ID'
,
app_secret
:
'
YOUR_APP_SECRET'
,
url
:
"
https://github.example.com/"
,
args
:
{
scope
:
'
user:email'
}
}
-
{
name
:
'
github'
,
app_id
:
'
YOUR_APP_ID'
,
app_secret
:
'
YOUR_APP_SECRET'
,
url
:
"
https://github.example.com/"
,
args
:
{
scope
:
'
user:email'
}
}
```
**Replace `https://github.example.com/` with your GitHub URL.**
...
...
@@ -125,11 +126,12 @@ omnibus_gitconfig['system'] = { "http" => ["sslVerify = false"] }
For installation from source:
```
yaml
-
{
name
:
'
github'
,
app_id
:
'
YOUR_APP_ID'
,
app_secret
:
'
YOUR_APP_SECRET'
,
url
:
"
https://github.example.com/"
,
verify_ssl
:
false
,
args
:
{
scope
:
'
user:email'
}
}
-
{
name
:
'
github'
,
app_id
:
'
YOUR_APP_ID'
,
app_secret
:
'
YOUR_APP_SECRET'
,
url
:
"
https://github.example.com/"
,
verify_ssl
:
false
,
args
:
{
scope
:
'
user:email'
}
}
```
You will also need to disable Git SSL verification on the server hosting GitLab.
...
...
doc/integration/gitlab.md
View file @
0881c145
...
...
@@ -63,9 +63,10 @@ GitLab.com will generate an application ID and secret key for you to use.
For installations from source:
```
yaml
-
{
name
:
'
gitlab'
,
app_id
:
'
YOUR_APP_ID'
,
app_secret
:
'
YOUR_APP_SECRET'
,
args
:
{
scope
:
'
api'
}
}
-
{
name
:
'
gitlab'
,
app_id
:
'
YOUR_APP_ID'
,
app_secret
:
'
YOUR_APP_SECRET'
,
args
:
{
scope
:
'
api'
}
}
```
1.
Change 'YOUR_APP_ID' to the Application ID from the GitLab.com application page.
...
...
doc/integration/google.md
View file @
0881c145
...
...
@@ -84,9 +84,10 @@ On your GitLab server:
For installations from source:
```
yaml
-
{
name
:
'
google_oauth2'
,
app_id
:
'
YOUR_APP_ID'
,
app_secret
:
'
YOUR_APP_SECRET'
,
args
:
{
access_type
:
'
offline'
,
approval_prompt
:
'
'
}
}
-
{
name
:
'
google_oauth2'
,
app_id
:
'
YOUR_APP_ID'
,
app_secret
:
'
YOUR_APP_SECRET'
,
args
:
{
access_type
:
'
offline'
,
approval_prompt
:
'
'
}
}
```
1.
Change
`YOUR_APP_ID`
to the client ID from the Google Developer page
...
...
doc/integration/kerberos.md
View file @
0881c145
...
...
@@ -207,9 +207,10 @@ remove the OmniAuth provider named `kerberos` from your `gitlab.yml` /
```
yaml
omniauth
:
# Rest of configuration omitted
# ...
providers
:
-
{
name
:
'
kerberos'
}
# <-- remove this line
-
{
name
:
'
kerberos'
}
# <-- remove this line
```
1.
[
Restart GitLab
](
../administration/restart_gitlab.md#installations-from-source
)
for the changes to take effect.
...
...
doc/integration/omniauth.md
View file @
0881c145
...
...
@@ -104,21 +104,21 @@ To change these settings:
```
yaml
## OmniAuth settings
omniauth
:
# Allow login via Twitter, Google, etc. using OmniAuth providers
# Versions prior to 11.4 require this to be set to true
# enabled: true
omniauth
:
# Allow login via Twitter, Google, etc. using OmniAuth providers
# Versions prior to 11.4 require this to be set to true
# enabled: true
# CAUTION!
# This allows users to login without having a user account first. Define the allowed providers
# using an array, e.g. ["saml", "twitter"], or as true/false to allow all providers or none.
# User accounts will be created automatically when authentication was successful.
allow_single_sign_on
:
[
"
saml"
,
"
twitter"
]
# CAUTION!
# This allows users to login without having a user account first. Define the allowed providers
# using an array, e.g. ["saml", "twitter"], or as true/false to allow all providers or none.
# User accounts will be created automatically when authentication was successful.
allow_single_sign_on
:
[
"
saml"
,
"
twitter"
]
auto_link_ldap_user
:
true
auto_link_ldap_user
:
true
# Locks down those users until they have been cleared by the admin (default: true).
block_auto_created_users
:
true
# Locks down those users until they have been cleared by the admin (default: true).
block_auto_created_users
:
true
```
Now we can choose one or more of the
[
Supported Providers
](
#supported-providers
)
...
...
@@ -142,7 +142,7 @@ The chosen OmniAuth provider is now active and can be used to sign in to GitLab
## Automatically Link Existing Users to OmniAuth Users
> [Introduced
in GitLab 13.4.](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/36664)
> [Introduced
](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/36664) in GitLab 13.4.
You can automatically link OmniAuth users with existing GitLab users if their email addresses match.
For example, the following setting is used to enable the auto link feature for both a SAML provider and the Twitter OAuth provider:
...
...
doc/integration/salesforce.md
View file @
0881c145
...
...
@@ -64,7 +64,7 @@ To get the credentials (a pair of Client ID and Client Secret), you must [create
-
{
name
:
'
salesforce'
,
app_id
:
'
SALESFORCE_CLIENT_ID'
,
app_secret
:
'
SALESFORCE_CLIENT_SECRET'
}
}
```
1.
Change
`SALESFORCE_CLIENT_ID`
to the Consumer Key from the Salesforce connected application page.
...
...
doc/integration/saml.md
View file @
0881c145
...
...
@@ -113,16 +113,16 @@ in your SAML IdP:
omniauth
:
providers
:
-
{
name
:
'
saml'
,
args
:
{
assertion_consumer_service_url
:
'
https://gitlab.example.com/users/auth/saml/callback'
,
idp_cert_fingerprint
:
'
43:51:43:a1:b5:fc:8b:b7:0a:3a:a9:b1:0f:66:73:a8'
,
idp_sso_target_url
:
'
https://login.example.com/idp'
,
issuer
:
'
https://gitlab.example.com'
,
name_identifier_format
:
'
urn:oasis:names:tc:SAML:2.0:nameid-format:persistent'
},
label
:
'
Company
Login'
# optional label for SAML login button, defaults to "Saml"
}
name
:
'
saml'
,
args
:
{
assertion_consumer_service_url
:
'
https://gitlab.example.com/users/auth/saml/callback'
,
idp_cert_fingerprint
:
'
43:51:43:a1:b5:fc:8b:b7:0a:3a:a9:b1:0f:66:73:a8'
,
idp_sso_target_url
:
'
https://login.example.com/idp'
,
issuer
:
'
https://gitlab.example.com'
,
name_identifier_format
:
'
urn:oasis:names:tc:SAML:2.0:nameid-format:persistent'
},
label
:
'
Company
Login'
# optional label for SAML login button, defaults to "Saml"
}
```
1.
Change the value for
`assertion_consumer_service_url`
to match the HTTPS endpoint
...
...
@@ -210,7 +210,7 @@ Example:
idp_sso_target_url
:
'
https://login.example.com/idp'
,
issuer
:
'
https://gitlab.example.com'
,
name_identifier_format
:
'
urn:oasis:names:tc:SAML:2.0:nameid-format:transient'
}
}
}
}
```
### External Groups **(STARTER ONLY)**
...
...
@@ -228,7 +228,7 @@ SAML login supports automatic identification on whether a user should be conside
idp_sso_target_url
:
'
https://login.example.com/idp'
,
issuer
:
'
https://gitlab.example.com'
,
name_identifier_format
:
'
urn:oasis:names:tc:SAML:2.0:nameid-format:persistent'
}
}
}
}
```
### Admin Groups **(STARTER ONLY)**
...
...
@@ -248,7 +248,7 @@ considered admin users.
idp_sso_target_url
:
'
https://login.example.com/idp'
,
issuer
:
'
https://gitlab.example.com'
,
name_identifier_format
:
'
urn:oasis:names:tc:SAML:2.0:nameid-format:transient'
}
}
}
}
```
### Auditor Groups **(STARTER ONLY)**
...
...
@@ -270,7 +270,7 @@ considered auditor users.
idp_sso_target_url
:
'
https://login.example.com/idp'
,
issuer
:
'
https://gitlab.example.com'
,
name_identifier_format
:
'
urn:oasis:names:tc:SAML:2.0:nameid-format:transient'
}
}
}
}
```
## Bypass two factor authentication
...
...
@@ -328,22 +328,22 @@ In addition to the changes in GitLab, make sure that your IdP is returning the
omniauth
:
providers
:
-
{
name
:
'
saml'
,
args
:
{
assertion_consumer_service_url
:
'
https://gitlab.example.com/users/auth/saml/callback'
,
idp_cert_fingerprint
:
'
43:51:43:a1:b5:fc:8b:b7:0a:3a:a9:b1:0f:66:73:a8'
,
idp_sso_target_url
:
'
https://login.example.com/idp'
,
issuer
:
'
https://gitlab.example.com'
,
name_identifier_format
:
'
urn:oasis:names:tc:SAML:2.0:nameid-format:persistent'
,
upstream_two_factor_authn_contexts
:
[
'
urn:oasis:names:tc:SAML:2.0:ac:classes:CertificateProtectedTransport'
,
'
urn:oasis:names:tc:SAML:2.0:ac:classes:SecondFactorOTPSMS'
,
'
urn:oasis:names:tc:SAML:2.0:ac:classes:SecondFactorIGTOKEN'
]
},
label
:
'
Company
Login'
# optional label for SAML login button, defaults to "Saml"
}
name
:
'
saml'
,
args
:
{
assertion_consumer_service_url
:
'
https://gitlab.example.com/users/auth/saml/callback'
,
idp_cert_fingerprint
:
'
43:51:43:a1:b5:fc:8b:b7:0a:3a:a9:b1:0f:66:73:a8'
,
idp_sso_target_url
:
'
https://login.example.com/idp'
,
issuer
:
'
https://gitlab.example.com'
,
name_identifier_format
:
'
urn:oasis:names:tc:SAML:2.0:nameid-format:persistent'
,
upstream_two_factor_authn_contexts
:
[
'
urn:oasis:names:tc:SAML:2.0:ac:classes:CertificateProtectedTransport'
,
'
urn:oasis:names:tc:SAML:2.0:ac:classes:SecondFactorOTPSMS'
,
'
urn:oasis:names:tc:SAML:2.0:ac:classes:SecondFactorIGTOKEN'
]
},
label
:
'
Company
Login'
# optional label for SAML login button, defaults to "Saml"
}
```
1.
Save the file and
[
restart GitLab
](
../administration/restart_gitlab.md#installations-from-source
)
for the changes to take effect
...
...
@@ -436,7 +436,7 @@ args: {
issuer
:
'
https://gitlab.example.com'
,
name_identifier_format
:
'
urn:oasis:names:tc:SAML:2.0:nameid-format:persistent'
,
attribute_statements
:
{
email
:
[
'
EmailAddress'
]
},
allowed_clock_drift
:
1
# for one second clock drift
allowed_clock_drift
:
1
# for one second clock drift
}
```
...
...
@@ -561,10 +561,10 @@ args: {
<redacted>
-----END
PRIVATE
KEY-----'
,
security
:
{
authn_requests_signed
:
true
,
# enable signature on AuthNRequest
want_assertions_signed
:
true
,
# enable the requirement of signed assertion
embed_sign
:
true
,
# embedded signature or HTTP GET parameter signature
metadata_signed
:
false
,
# enable signature on Metadata
authn_requests_signed
:
true
,
# enable signature on AuthNRequest
want_assertions_signed
:
true
,
# enable the requirement of signed assertion
embed_sign
:
true
,
# embedded signature or HTTP GET parameter signature
metadata_signed
:
false
,
# enable signature on Metadata
signature_method
:
'
http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'
,
digest_method
:
'
http://www.w3.org/2001/04/xmlenc#sha256'
,
}
...
...
@@ -629,9 +629,9 @@ Group SAML on a self-managed instance is limited when compared to the recommende
```yaml
omniauth:
enabled: true
providers:
- { name: 'group_saml' }
enabled: true
providers:
- { name: 'group_saml' }
```
## Troubleshooting
...
...
doc/integration/twitter.md
View file @
0881c145
...
...
@@ -65,7 +65,8 @@ To enable the Twitter OmniAuth provider you must register your application with
For installations from source:
```
yaml
-
{
name
:
'
twitter'
,
app_id
:
'
YOUR_APP_ID'
,
-
{
name
:
'
twitter'
,
app_id
:
'
YOUR_APP_ID'
,
app_secret
:
'
YOUR_APP_SECRET'
}
```
...
...
doc/operations/metrics/alerts.md
View file @
0881c145
...
...
@@ -70,7 +70,8 @@ receivers:
bearer_token
:
9e1cbfcd546896a9ea8be557caf13a76
send_resolved
:
true
url
:
http://192.168.178.31:3001/root/manual_prometheus/prometheus/alerts/notify.json
...
# Rest of configuration omitted
# ...
```
For GitLab to associate your alerts with an
[
environment
](
../../ci/environments/index.md
)
,
...
...
doc/operations/metrics/dashboards/panel_types.md
View file @
0881c145
...
...
@@ -17,7 +17,7 @@ dashboard: 'Dashboard Title'
panel_groups
:
-
group
:
'
Group
Title'
panels
:
-
type
:
area-chart
# or line-chart
-
type
:
area-chart
# or line-chart
title
:
'
Area
Chart
Title'
y_label
:
'
Y-Axis'
y_axis
:
...
...
doc/topics/autodevops/index.md
View file @
0881c145
...
...
@@ -317,7 +317,7 @@ metadata:
name
:
gitlab-managed-apps-default-proxy
namespace
:
gitlab-managed-apps
spec
:
env
:
env
:
-
name
:
http_proxy
value
:
"
PUT_YOUR_HTTP_PROXY_HERE"
-
name
:
https_proxy
...
...
doc/user/clusters/agent/index.md
View file @
0881c145
...
...
@@ -125,27 +125,27 @@ the Agent in subsequent steps. You can create an Agent record either:
-
Through GraphQL:
**(PREMIUM ONLY)**
```
json
mutation
createAgent
{
createClusterAgent(input:
{
projectPath:
"path-to/your-awesome-project"
,
name:
"<agent-name>"
}
)
{
clusterAgent
{
id
name
}
errors
```
graphql
mutation
createAgent
{
createClusterAgent
(
input
:
{
projectPath
:
"path-to/your-awesome-project"
,
name
:
"<agent-name>"
})
{
clusterAgent
{
id
name
}
errors
}
mutation
createToken
{
clusterAgentTokenCreate(input:
{
clusterAgentId:
<cluster-agent-id-taken-from-the-previous-mutation>
}
)
{
secret
#
This
is
the
value
you
need
to
use
on
the
next
step
token
{
createdAt
id
}
errors
}
mutation
createToken
{
clusterAgentTokenCreate
(
input
:
{
clusterAgentId
:
<
cluster
-agent-id-taken-from-the-previous-mutation>
})
{
secret
# This is the value you need to use on the next step
token
{
createdAt
id
}
errors
}
}
```
NOTE:
**Note:**
...
...
@@ -245,7 +245,7 @@ spec:
args
:
-
--token-file=/config/token
-
--kas-address
-
grpc://host.docker.internal:5005
# {"$openapi":"kas-address"}
-
grpc://host.docker.internal:5005
# {"$openapi":"kas-address"}
volumeMounts
:
-
name
:
token-volume
mountPath
:
/config
...
...
doc/user/project/clusters/add_remove_clusters.md
View file @
0881c145
...
...
@@ -269,7 +269,7 @@ To add a Kubernetes cluster to your project, group, or instance:
Copy the `<authentication_token>` value from the output:
```
yaml
```
plaintext
Name: gitlab-token-b5zv4
Namespace: kube-system
Labels: <none>
...
...
doc/user/project/clusters/serverless/aws.md
View file @
0881c145
...
...
@@ -222,7 +222,8 @@ the environment of the deployed function:
```
yaml
provider
:
...
# Other configuration omitted
# ...
environment
:
A_VARIABLE
:
${env:A_VARIABLE}
```
...
...
@@ -245,10 +246,10 @@ functions:
hello
:
handler
:
src/handler.hello
events
:
-
http
:
# Rewrite this part to enable CORS
-
http
:
# Rewrite this part to enable CORS
path
:
hello
method
:
get
cors
:
true
# <-- CORS here
cors
:
true
# <-- CORS here
```
You also need to return CORS specific headers in your function response:
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment