diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-03-06 03:08:08 +0000 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-03-06 03:08:08 +0000 |
| commit | a6011c3d70e0e8ac318ba6629183c44f8614c4df (patch) | |
| tree | a3d21394d63c47448998c89f01eb88e57c0ed8ce /doc/administration | |
| parent | ffc757a7a92535559c20eb706593f7358d9bf589 (diff) | |
| download | gitlab-ce-a6011c3d70e0e8ac318ba6629183c44f8614c4df.tar.gz | |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'doc/administration')
20 files changed, 298 insertions, 298 deletions
diff --git a/doc/administration/auth/crowd.md b/doc/administration/auth/crowd.md index da6c01ec382..6c2e4edac31 100644 --- a/doc/administration/auth/crowd.md +++ b/doc/administration/auth/crowd.md @@ -54,7 +54,7 @@ Authenticate to GitLab using the Atlassian Crowd OmniAuth provider. **Source:** - ``` + ```yaml - { name: 'crowd', args: { crowd_server_url: 'CROWD_SERVER_URL', diff --git a/doc/administration/auth/ldap.md b/doc/administration/auth/ldap.md index db7c11ada10..067fdfd0018 100644 --- a/doc/administration/auth/ldap.md +++ b/doc/administration/auth/ldap.md @@ -405,7 +405,7 @@ production: Tip: If you want to limit access to the nested members of an Active Directory group, you can use the following syntax: -```text +```plaintext (memberOf:1.2.840.113556.1.4.1941:=CN=My Group,DC=Example,DC=com) ``` @@ -423,13 +423,13 @@ The `user_filter` DN can contain special characters. For example: - A comma: - ```text + ```plaintext OU=GitLab, Inc,DC=gitlab,DC=com ``` - Open and close brackets: - ```text + ```plaintext OU=Gitlab (Inc),DC=gitlab,DC=com ``` @@ -438,13 +438,13 @@ The `user_filter` DN can contain special characters. For example: - Escape commas with `\2C`. For example: - ```text + ```plaintext OU=GitLab\2C Inc,DC=gitlab,DC=com ``` - Escape open and close brackets with `\28` and `\29`, respectively. For example: - ```text + ```plaintext OU=Gitlab \28Inc\29,DC=gitlab,DC=com ``` @@ -603,7 +603,7 @@ GitLab. Common combinations are `encryption: 'plain'` and `port: 389`, OR If GitLab cannot reach your LDAP endpoint, you will see a message like this: -``` +```plaintext Could not authenticate you from Ldapmain because "Connection timed out - user specified timeout". ``` diff --git a/doc/administration/auth/okta.md b/doc/administration/auth/okta.md index c83645ffe74..4fd37b51f24 100644 --- a/doc/administration/auth/okta.md +++ b/doc/administration/auth/okta.md @@ -86,9 +86,9 @@ Now that the Okta app is configured, it's time to enable it in GitLab. Edit `config/gitlab.yml`: - ```yaml - auto_link_saml_user: true - ``` + ```yaml + auto_link_saml_user: true + ``` 1. Add the provider configuration. diff --git a/doc/administration/geo/replication/database.md b/doc/administration/geo/replication/database.md index 0e6583741bc..48681d03838 100644 --- a/doc/administration/geo/replication/database.md +++ b/doc/administration/geo/replication/database.md @@ -495,7 +495,7 @@ work: 1. On the **secondary** nodes, change `/etc/gitlab/gitlab.rb`: - ``` + ```ruby geo_postgresql['fdw_external_user'] = 'gitlab_geo_fdw' ``` diff --git a/doc/administration/geo/replication/troubleshooting.md b/doc/administration/geo/replication/troubleshooting.md index c3e1da3311f..2eeca41724e 100644 --- a/doc/administration/geo/replication/troubleshooting.md +++ b/doc/administration/geo/replication/troubleshooting.md @@ -46,7 +46,7 @@ sudo gitlab-rake gitlab:geo:check Example output: -```text +```plaintext Checking Geo ... GitLab Geo is available ... yes @@ -79,7 +79,7 @@ sudo gitlab-rake geo:status Example output: -```text +```plaintext http://secondary.example.com/ ----------------------------------------------------- GitLab Version: 11.10.4-ee @@ -134,11 +134,11 @@ sudo gitlab-rake gitlab:geo:check It displays the current machine's node name and whether the matching database record is a **primary** or **secondary** node. -``` +```plaintext This machine's Geo node name matches a database record ... yes, found a secondary node named "Shanghai" ``` -``` +```plaintext This machine's Geo node name matches a database record ... no Try fixing it: You could add or update a Geo node database record, setting the name to "https://example.com/". @@ -157,95 +157,95 @@ sudo gitlab-rake gitlab:geo:check 1. Rails did not provide a password when connecting to the database - ```text - Checking Geo ... + ```plaintext + Checking Geo ... - GitLab Geo is available ... Exception: fe_sendauth: no password supplied - GitLab Geo is enabled ... Exception: fe_sendauth: no password supplied - ... - Checking Geo ... Finished - ``` + GitLab Geo is available ... Exception: fe_sendauth: no password supplied + GitLab Geo is enabled ... Exception: fe_sendauth: no password supplied + ... + Checking Geo ... Finished + ``` - - Ensure that you have the `gitlab_rails['db_password']` set to the plain text-password used when creating the hash for `postgresql['sql_user_password']`. + - Ensure that you have the `gitlab_rails['db_password']` set to the plain text-password used when creating the hash for `postgresql['sql_user_password']`. 1. Rails is unable to connect to the database - ```text - Checking Geo ... + ```plaintext + Checking Geo ... - GitLab Geo is available ... Exception: FATAL: no pg_hba.conf entry for host "1.1.1.1", user "gitlab", database "gitlabhq_production", SSL on - FATAL: no pg_hba.conf entry for host "1.1.1.1", user "gitlab", database "gitlabhq_production", SSL off - GitLab Geo is enabled ... Exception: FATAL: no pg_hba.conf entry for host "1.1.1.1", user "gitlab", database "gitlabhq_production", SSL on - FATAL: no pg_hba.conf entry for host "1.1.1.1", user "gitlab", database "gitlabhq_production", SSL off - ... - Checking Geo ... Finished - ``` + GitLab Geo is available ... Exception: FATAL: no pg_hba.conf entry for host "1.1.1.1", user "gitlab", database "gitlabhq_production", SSL on + FATAL: no pg_hba.conf entry for host "1.1.1.1", user "gitlab", database "gitlabhq_production", SSL off + GitLab Geo is enabled ... Exception: FATAL: no pg_hba.conf entry for host "1.1.1.1", user "gitlab", database "gitlabhq_production", SSL on + FATAL: no pg_hba.conf entry for host "1.1.1.1", user "gitlab", database "gitlabhq_production", SSL off + ... + Checking Geo ... Finished + ``` - - Ensure that you have the IP address of the rails node included in `postgresql['md5_auth_cidr_addresses']`. - - Ensure that you have included the subnet mask on the IP address: `postgresql['md5_auth_cidr_addresses'] = ['1.1.1.1/32']`. + - Ensure that you have the IP address of the rails node included in `postgresql['md5_auth_cidr_addresses']`. + - Ensure that you have included the subnet mask on the IP address: `postgresql['md5_auth_cidr_addresses'] = ['1.1.1.1/32']`. 1. Rails has supplied the incorrect password - ```text - Checking Geo ... - GitLab Geo is available ... Exception: FATAL: password authentication failed for user "gitlab" - FATAL: password authentication failed for user "gitlab" - GitLab Geo is enabled ... Exception: FATAL: password authentication failed for user "gitlab" - FATAL: password authentication failed for user "gitlab" - ... - Checking Geo ... Finished - ``` + ```plaintext + Checking Geo ... + GitLab Geo is available ... Exception: FATAL: password authentication failed for user "gitlab" + FATAL: password authentication failed for user "gitlab" + GitLab Geo is enabled ... Exception: FATAL: password authentication failed for user "gitlab" + FATAL: password authentication failed for user "gitlab" + ... + Checking Geo ... Finished + ``` - - Verify the correct password is set for `gitlab_rails['db_password']` that was used when creating the hash in `postgresql['sql_user_password']` by running `gitlab-ctl pg-password-md5 gitlab` and entering the password. + - Verify the correct password is set for `gitlab_rails['db_password']` that was used when creating the hash in `postgresql['sql_user_password']` by running `gitlab-ctl pg-password-md5 gitlab` and entering the password. 1. Check returns not a secondary node - ```text - Checking Geo ... + ```plaintext + Checking Geo ... - GitLab Geo is available ... yes - GitLab Geo is enabled ... yes - GitLab Geo secondary database is correctly configured ... not a secondary node - Database replication enabled? ... not a secondary node - ... - Checking Geo ... Finished - ``` + GitLab Geo is available ... yes + GitLab Geo is enabled ... yes + GitLab Geo secondary database is correctly configured ... not a secondary node + Database replication enabled? ... not a secondary node + ... + Checking Geo ... Finished + ``` - - Ensure that you have added the secondary node in the Admin Area of the **primary** node. - - Ensure that you entered the `external_url` or `gitlab_rails['geo_node_name']` when adding the secondary node in the admin are of the **primary** node. - - Prior to GitLab 12.4, edit the secondary node in the Admin Area of the **primary** node and ensure that there is a trailing `/` in the `Name` field. + - Ensure that you have added the secondary node in the Admin Area of the **primary** node. + - Ensure that you entered the `external_url` or `gitlab_rails['geo_node_name']` when adding the secondary node in the admin are of the **primary** node. + - Prior to GitLab 12.4, edit the secondary node in the Admin Area of the **primary** node and ensure that there is a trailing `/` in the `Name` field. 1. Check returns Exception: PG::UndefinedTable: ERROR: relation "geo_nodes" does not exist - ```text - Checking Geo ... - - GitLab Geo is available ... no - Try fixing it: - Upload a new license that includes the GitLab Geo feature - For more information see: - https://about.gitlab.com/features/gitlab-geo/ - GitLab Geo is enabled ... Exception: PG::UndefinedTable: ERROR: relation "geo_nodes" does not exist - LINE 8: WHERE a.attrelid = '"geo_nodes"'::regclass - ^ - : SELECT a.attname, format_type(a.atttypid, a.atttypmod), - pg_get_expr(d.adbin, d.adrelid), a.attnotnull, a.atttypid, a.atttypmod, - c.collname, col_description(a.attrelid, a.attnum) AS comment - FROM pg_attribute a - LEFT JOIN pg_attrdef d ON a.attrelid = d.adrelid AND a.attnum = d.adnum - LEFT JOIN pg_type t ON a.atttypid = t.oid - LEFT JOIN pg_collation c ON a.attcollation = c.oid AND a.attcollation <> t.typcollation - WHERE a.attrelid = '"geo_nodes"'::regclass - AND a.attnum > 0 AND NOT a.attisdropped - ORDER BY a.attnum - ... - Checking Geo ... Finished - ``` - - When performing a Postgres major version (9 > 10) update this is expected. Follow: - - - [initiate-the-replication-process](database.md#step-3-initiate-the-replication-process) - - [Geo database has an outdated FDW remote schema](troubleshooting.md#geo-database-has-an-outdated-fdw-remote-schema-error) + ```plaintext + Checking Geo ... + + GitLab Geo is available ... no + Try fixing it: + Upload a new license that includes the GitLab Geo feature + For more information see: + https://about.gitlab.com/features/gitlab-geo/ + GitLab Geo is enabled ... Exception: PG::UndefinedTable: ERROR: relation "geo_nodes" does not exist + LINE 8: WHERE a.attrelid = '"geo_nodes"'::regclass + ^ + : SELECT a.attname, format_type(a.atttypid, a.atttypmod), + pg_get_expr(d.adbin, d.adrelid), a.attnotnull, a.atttypid, a.atttypmod, + c.collname, col_description(a.attrelid, a.attnum) AS comment + FROM pg_attribute a + LEFT JOIN pg_attrdef d ON a.attrelid = d.adrelid AND a.attnum = d.adnum + LEFT JOIN pg_type t ON a.atttypid = t.oid + LEFT JOIN pg_collation c ON a.attcollation = c.oid AND a.attcollation <> t.typcollation + WHERE a.attrelid = '"geo_nodes"'::regclass + AND a.attnum > 0 AND NOT a.attisdropped + ORDER BY a.attnum + ... + Checking Geo ... Finished + ``` + + When performing a Postgres major version (9 > 10) update this is expected. Follow: + + - [initiate-the-replication-process](database.md#step-3-initiate-the-replication-process) + - [Geo database has an outdated FDW remote schema](troubleshooting.md#geo-database-has-an-outdated-fdw-remote-schema-error) ## Fixing replication errors @@ -483,7 +483,7 @@ when promoting a secondary to a primary node with strategies to resolve them. When [promoting a **secondary** node](../disaster_recovery/index.md#step-3-promoting-a-secondary-node), you might encounter the following error: -```text +```plaintext Running gitlab-rake geo:set_secondary_as_primary... rake aborted! @@ -523,7 +523,7 @@ This section documents ways to fix potential Foreign Data Wrapper errors. When setting up Geo, you might see this warning in the `gitlab-rake gitlab:geo:check` output: -```text +```plaintext GitLab Geo tracking database Foreign Data Wrapper schema is up-to-date? ... foreign data wrapper is not configured ``` @@ -607,7 +607,7 @@ To check the configuration: 1. Check that the foreign server mapping is correct via `\des+`. The results should look something like this: - ``` + ```plaintext gitlabhq_geo_production=# \des+ List of foreign servers -[ RECORD 1 ]--------+------------------------------------------------------------ @@ -643,7 +643,7 @@ To check the configuration: 1. Check that the user mapping is configured properly via `\deu+`: - ``` + ```plaintext gitlabhq_geo_production=# \deu+ List of user mappings Server | User name | FDW Options @@ -731,7 +731,7 @@ GitLab can error with a `Geo database has an outdated FDW remote schema` message For example: -```text +```plaintext Geo database has an outdated FDW remote schema. It contains 229 of 236 expected tables. Please refer to Geo Troubleshooting. ``` diff --git a/doc/administration/git_annex.md b/doc/administration/git_annex.md index 49a22dc6a52..8f285cd9bcb 100644 --- a/doc/administration/git_annex.md +++ b/doc/administration/git_annex.md @@ -43,13 +43,13 @@ configuration options required to enable it. For Debian-like systems (for example, Debian and Ubuntu) this can be achieved by running: -``` +```shell sudo apt-get update && sudo apt-get install git-annex ``` For RedHat-like systems (for example, CentOS and RHEL) this can be achieved by running: -``` +```shell sudo yum install epel-release && sudo yum install git-annex ``` @@ -108,7 +108,7 @@ git annex sync --content # sync the Git repo and large file to the GitLa The output should look like this: -``` +```plaintext commit On branch master Your branch is ahead of 'origin/master' by 1 commit. @@ -154,7 +154,7 @@ are turned into symbolic links that point to data in `.git/annex/objects/`. The `debian.iso` file in the example will contain the symbolic link: -``` +```plaintext .git/annex/objects/ZW/1k/SHA256E-s82701--6384039733b5035b559efd5a2e25a493ab6e09aabfd5162cc03f6f0ec238429d.png/SHA256E-s82701--6384039733b5035b559efd5a2e25a493ab6e09aabfd5162cc03f6f0ec238429d.iso ``` @@ -216,14 +216,14 @@ and the files are pushed to the GitLab repository. If you get hit by this, you can run the following command inside the repository that the warning was raised: -``` +```shell git config remote.origin.annex-ignore false ``` Consecutive runs of `git annex sync --content` **should not** produce this warning and the output should look like this: -``` +```plaintext commit ok pull origin ok diff --git a/doc/administration/gitaly/praefect.md b/doc/administration/gitaly/praefect.md index 20c57683708..783ae1e0317 100644 --- a/doc/administration/gitaly/praefect.md +++ b/doc/administration/gitaly/praefect.md @@ -121,7 +121,7 @@ node, using `psql` which is installed by GitLab Omnibus. ```sql CREATE ROLE praefect WITH LOGIN CREATEDB PASSWORD 'PRAEFECT_SQL_PASSWORD'; - ``` + ``` 1. Reconnect to the PostgreSQL server, this time as the `praefect` user: diff --git a/doc/administration/lfs/migrate_from_git_annex_to_git_lfs.md b/doc/administration/lfs/migrate_from_git_annex_to_git_lfs.md index 3f983bebf27..bfe18f697bf 100644 --- a/doc/administration/lfs/migrate_from_git_annex_to_git_lfs.md +++ b/doc/administration/lfs/migrate_from_git_annex_to_git_lfs.md @@ -57,7 +57,7 @@ Fire up a terminal, navigate to your Git repository and: 1. Enable `git-lfs`: - ``` + ```shell git lfs install git lfs track <files> git add . diff --git a/doc/administration/logs.md b/doc/administration/logs.md index d224ba51bb3..e45e39c4651 100644 --- a/doc/administration/logs.md +++ b/doc/administration/logs.md @@ -353,7 +353,7 @@ GitLab uses background jobs for processing tasks which can take a long time. All information about processing these jobs are written down to this file. For example: -``` +```plaintext 2014-06-10T07:55:20Z 2037 TID-tm504 ERROR: /opt/bitnami/apps/discourse/htdocs/vendor/bundle/ruby/1.9.1/gems/redis-3.0.7/lib/redis/client.rb:228:in `read' 2014-06-10T18:18:26Z 14299 TID-55uqo INFO: Booting Sidekiq 3.0.0 with redis options {:url=>"redis://localhost:6379/0", :namespace=>"sidekiq"} ``` diff --git a/doc/administration/monitoring/prometheus/index.md b/doc/administration/monitoring/prometheus/index.md index 87114c154a2..d29eb266431 100644 --- a/doc/administration/monitoring/prometheus/index.md +++ b/doc/administration/monitoring/prometheus/index.md @@ -135,9 +135,9 @@ To use an external Prometheus server: 1. Install and set up a dedicated Prometheus instance, if necessary, using the [official installation instructions](https://prometheus.io/docs/prometheus/latest/installation/). 1. Add the Prometheus server IP address to the [monitoring IP whitelist](../ip_whitelist.md). For example: - ```ruby - gitlab_rails['monitoring_whitelist'] = ['127.0.0.0/8', '192.168.0.1'] - ``` + ```ruby + gitlab_rails['monitoring_whitelist'] = ['127.0.0.0/8', '192.168.0.1'] + ``` 1. To scrape NGINX metrics, you'll also need to configure NGINX to allow the Prometheus server IP. For example: diff --git a/doc/administration/operations/ssh_certificates.md b/doc/administration/operations/ssh_certificates.md index 1fa3555e604..5a9caa36cf8 100644 --- a/doc/administration/operations/ssh_certificates.md +++ b/doc/administration/operations/ssh_certificates.md @@ -40,7 +40,7 @@ it](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/htm We assume that you already have SSH certificates set up, and have added the `TrustedUserCAKeys` of your CA to your `sshd_config`, e.g.: -``` +```plaintext TrustedUserCAKeys /etc/security/mycompany_user_ca.pub ``` @@ -87,7 +87,7 @@ Then, in your `sshd_config` set up `AuthorizedPrincipalsCommand` for the `git` user. Hopefully you can use the default one shipped with GitLab: -``` +```plaintext Match User git AuthorizedPrincipalsCommandUser root AuthorizedPrincipalsCommand /opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell-authorized-principals-check %i sshUsers @@ -95,7 +95,7 @@ Match User git This command will emit output that looks something like: -``` +```shell command="/opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell username-{KEY_ID}",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty {PRINCIPAL} ``` @@ -108,7 +108,7 @@ some principal that's guaranteed to be part of the key for all users who can log in to GitLab, or you must provide a list of principals, one of which is going to be present for the user, e.g.: -``` +```plaintext [...] AuthorizedPrincipalsCommand /opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell-authorized-principals-check %i sshUsers windowsUsers ``` diff --git a/doc/administration/pages/index.md b/doc/administration/pages/index.md index 8515cd909db..36c5c29a6fb 100644 --- a/doc/administration/pages/index.md +++ b/doc/administration/pages/index.md @@ -360,16 +360,16 @@ that method from working. Use the following workaround: 1. Append your GitLab server TLS/SSL certficate to `/opt/gitlab/embedded/ssl/certs/cacert.pem` where `gitlab-domain-example.com` is your GitLab application URL - ```shell - printf "\ngitlab-domain-example.com\n===========================\n" | sudo tee --append /opt/gitlab/embedded/ssl/certs/cacert.pem - echo -n | openssl s_client -connect gitlab-domain-example.com:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | sudo tee --append /opt/gitlab/embedded/ssl/certs/cacert.pem - ``` + ```shell + printf "\ngitlab-domain-example.com\n===========================\n" | sudo tee --append /opt/gitlab/embedded/ssl/certs/cacert.pem + echo -n | openssl s_client -connect gitlab-domain-example.com:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | sudo tee --append /opt/gitlab/embedded/ssl/certs/cacert.pem + ``` 1. [Restart](../restart_gitlab.md) the GitLab Pages Daemon. For GitLab Omnibus instances: - ```shell - sudo gitlab-ctl restart gitlab-pages - ``` + ```shell + sudo gitlab-ctl restart gitlab-pages + ``` CAUTION: **Caution:** Some GitLab Omnibus upgrades will revert this workaround and you'll need to apply it again. diff --git a/doc/administration/reply_by_email_postfix_setup.md b/doc/administration/reply_by_email_postfix_setup.md index 3a28e37cfc0..c6da88a0eec 100644 --- a/doc/administration/reply_by_email_postfix_setup.md +++ b/doc/administration/reply_by_email_postfix_setup.md @@ -73,7 +73,7 @@ The instructions make the assumption that you will be using the email address `i 1. Send the new `incoming` user a dummy email to test SMTP, by entering the following into the SMTP prompt: - ``` + ```plaintext ehlo localhost mail from: root@localhost rcpt to: incoming@localhost @@ -101,7 +101,7 @@ The instructions make the assumption that you will be using the email address `i You should see output like this: - ``` + ```plaintext "/var/mail/incoming": 1 message 1 unread >U 1 root@localhost 59/2842 Re: Some issue ``` @@ -147,7 +147,7 @@ Courier, which we will install later to add IMAP authentication, requires mailbo You should see output like this: - ``` + ```plaintext "/home/incoming/Maildir": 1 message 1 unread >U 1 root@localhost 59/2842 Re: Some issue ``` @@ -253,7 +253,7 @@ Courier, which we will install later to add IMAP authentication, requires mailbo 1. Send the `incoming` user a dummy email to test SMTP, by entering the following into the SMTP prompt: - ``` + ```plaintext ehlo gitlab.example.com mail from: root@gitlab.example.com rcpt to: incoming@gitlab.example.com @@ -277,7 +277,7 @@ Courier, which we will install later to add IMAP authentication, requires mailbo You should see output like this: - ``` + ```plaintext "/home/incoming/Maildir": 1 message 1 unread >U 1 root@gitlab.example.com 59/2842 Re: Some issue ``` @@ -313,7 +313,7 @@ Courier, which we will install later to add IMAP authentication, requires mailbo 1. Sign in as the `incoming` user to test IMAP, by entering the following into the IMAP prompt: - ``` + ```plaintext a login incoming PASSWORD ``` @@ -321,7 +321,7 @@ Courier, which we will install later to add IMAP authentication, requires mailbo You should see output like this: - ``` + ```plaintext a OK LOGIN Ok. ``` diff --git a/doc/administration/repository_storage_paths.md b/doc/administration/repository_storage_paths.md index c73539cbdb4..5ca1dd18da3 100644 --- a/doc/administration/repository_storage_paths.md +++ b/doc/administration/repository_storage_paths.md @@ -15,7 +15,7 @@ storage shards) to distribute the storage load between several mount points. Example: this is OK: -``` +```plaintext default: path: /mnt/git-storage-1 storage2: @@ -24,7 +24,7 @@ storage2: This is not OK because it nests storage paths: -``` +```plaintext default: path: /mnt/git-storage-1 storage2: diff --git a/doc/administration/static_objects_external_storage.md b/doc/administration/static_objects_external_storage.md index 373e4366a1f..f649a1ebcd2 100644 --- a/doc/administration/static_objects_external_storage.md +++ b/doc/administration/static_objects_external_storage.md @@ -63,158 +63,158 @@ other CDNs or Function as a Service (FaaS) systems should work using the same pr `pwgen -cn1 64` on a UNIX machine). Save this token for the admin panel, as described in the [configuring](#configuring) section. - ```js - const ORIGIN_HOSTNAME = 'gitlab.installation.com' // FIXME: SET CORRECT VALUE - const STORAGE_TOKEN = 'very-secure-token' // FIXME: SET CORRECT VALUE - const CACHE_PRIVATE_OBJECTS = false - - const CORS_HEADERS = { - 'Access-Control-Allow-Origin': '*', - 'Access-Control-Allow-Methods': 'GET, HEAD, OPTIONS', - 'Access-Control-Allow-Headers': 'X-Csrf-Token, X-Requested-With', - } - - self.addEventListener('fetch', event => event.respondWith(handle(event))) - - async function handle(event) { - try { - let response = await verifyAndHandle(event); - - // responses returned from cache are immutable, so we recreate them - // to set CORS headers - response = new Response(response.body, response) - response.headers.set('Access-Control-Allow-Origin', '*') - - return response - } catch (e) { - return new Response('An error occurred!', {status: e.statusCode || 500}) - } - } - - async function verifyAndHandle(event) { - if (!validRequest(event.request)) { - return new Response(null, {status: 400}) - } - - if (event.request.method === 'OPTIONS') { - return handleOptions(event.request) - } - - return handleRequest(event) - } - - function handleOptions(request) { - // Make sure the necessary headers are present - // for this to be a valid pre-flight request - if ( - request.headers.get('Origin') !== null && - request.headers.get('Access-Control-Request-Method') !== null && - request.headers.get('Access-Control-Request-Headers') !== null - ) { - // Handle CORS pre-flight request - return new Response(null, { - headers: CORS_HEADERS, - }) - } else { - // Handle standard OPTIONS request - return new Response(null, { - headers: { - Allow: 'GET, HEAD, OPTIONS', - }, - }) - } - } - - async function handleRequest(event) { - let cache = caches.default - let url = new URL(event.request.url) - let static_object_token = url.searchParams.get('token') - let headers = new Headers(event.request.headers) - - url.host = ORIGIN_HOSTNAME - url = normalizeQuery(url) - - headers.set('X-Gitlab-External-Storage-Token', STORAGE_TOKEN) - if (static_object_token !== null) { - headers.set('X-Gitlab-Static-Object-Token', static_object_token) - } - - let request = new Request(url, { headers: headers }) - let cached_response = await cache.match(request) - let is_conditional_header_set = headers.has('If-None-Match') - - if (cached_response) { - return cached_response - } - - // We don't want to override If-None-Match that is set on the original request - if (cached_response && !is_conditional_header_set) { - headers.set('If-None-Match', cached_response.headers.get('ETag')) - } - - let response = await fetch(request, { - headers: headers, - redirect: 'manual' - }) - - if (response.status == 304) { - if (is_conditional_header_set) { - return response - } else { - return cached_response - } - } else if (response.ok) { - response = new Response(response.body, response) - - // cache.put will never cache any response with a Set-Cookie header - response.headers.delete('Set-Cookie') - - if (CACHE_PRIVATE_OBJECTS) { - response.headers.delete('Cache-Control') - } - - event.waitUntil(cache.put(request, response.clone())) - } - - return response - } - - function normalizeQuery(url) { - let searchParams = url.searchParams - url = new URL(url.toString().split('?')[0]) - - if (url.pathname.includes('/raw/')) { - let inline = searchParams.get('inline') - - if (inline == 'false' || inline == 'true') { - url.searchParams.set('inline', inline) - } - } else if (url.pathname.includes('/-/archive/')) { - let append_sha = searchParams.get('append_sha') - let path = searchParams.get('path') - - if (append_sha == 'false' || append_sha == 'true') { - url.searchParams.set('append_sha', append_sha) - } - if (path) { - url.searchParams.set('path', path) - } - } - - return url - } - - function validRequest(request) { - let url = new URL(request.url) - let path = url.pathname - - if (/^(.+)(\/raw\/|\/-\/archive\/)/.test(path)) { - return true - } - - return false - } - ``` + ```js + const ORIGIN_HOSTNAME = 'gitlab.installation.com' // FIXME: SET CORRECT VALUE + const STORAGE_TOKEN = 'very-secure-token' // FIXME: SET CORRECT VALUE + const CACHE_PRIVATE_OBJECTS = false + + const CORS_HEADERS = { + 'Access-Control-Allow-Origin': '*', + 'Access-Control-Allow-Methods': 'GET, HEAD, OPTIONS', + 'Access-Control-Allow-Headers': 'X-Csrf-Token, X-Requested-With', + } + + self.addEventListener('fetch', event => event.respondWith(handle(event))) + + async function handle(event) { + try { + let response = await verifyAndHandle(event); + + // responses returned from cache are immutable, so we recreate them + // to set CORS headers + response = new Response(response.body, response) + response.headers.set('Access-Control-Allow-Origin', '*') + + return response + } catch (e) { + return new Response('An error occurred!', {status: e.statusCode || 500}) + } + } + + async function verifyAndHandle(event) { + if (!validRequest(event.request)) { + return new Response(null, {status: 400}) + } + + if (event.request.method === 'OPTIONS') { + return handleOptions(event.request) + } + + return handleRequest(event) + } + + function handleOptions(request) { + // Make sure the necessary headers are present + // for this to be a valid pre-flight request + if ( + request.headers.get('Origin') !== null && + request.headers.get('Access-Control-Request-Method') !== null && + request.headers.get('Access-Control-Request-Headers') !== null + ) { + // Handle CORS pre-flight request + return new Response(null, { + headers: CORS_HEADERS, + }) + } else { + // Handle standard OPTIONS request + return new Response(null, { + headers: { + Allow: 'GET, HEAD, OPTIONS', + }, + }) + } + } + + async function handleRequest(event) { + let cache = caches.default + let url = new URL(event.request.url) + let static_object_token = url.searchParams.get('token') + let headers = new Headers(event.request.headers) + + url.host = ORIGIN_HOSTNAME + url = normalizeQuery(url) + + headers.set('X-Gitlab-External-Storage-Token', STORAGE_TOKEN) + if (static_object_token !== null) { + headers.set('X-Gitlab-Static-Object-Token', static_object_token) + } + + let request = new Request(url, { headers: headers }) + let cached_response = await cache.match(request) + let is_conditional_header_set = headers.has('If-None-Match') + + if (cached_response) { + return cached_response + } + + // We don't want to override If-None-Match that is set on the original request + if (cached_response && !is_conditional_header_set) { + headers.set('If-None-Match', cached_response.headers.get('ETag')) + } + + let response = await fetch(request, { + headers: headers, + redirect: 'manual' + }) + + if (response.status == 304) { + if (is_conditional_header_set) { + return response + } else { + return cached_response + } + } else if (response.ok) { + response = new Response(response.body, response) + + // cache.put will never cache any response with a Set-Cookie header + response.headers.delete('Set-Cookie') + + if (CACHE_PRIVATE_OBJECTS) { + response.headers.delete('Cache-Control') + } + + event.waitUntil(cache.put(request, response.clone())) + } + + return response + } + + function normalizeQuery(url) { + let searchParams = url.searchParams + url = new URL(url.toString().split('?')[0]) + + if (url.pathname.includes('/raw/')) { + let inline = searchParams.get('inline') + + if (inline == 'false' || inline == 'true') { + url.searchParams.set('inline', inline) + } + } else if (url.pathname.includes('/-/archive/')) { + let append_sha = searchParams.get('append_sha') + let path = searchParams.get('path') + + if (append_sha == 'false' || append_sha == 'true') { + url.searchParams.set('append_sha', append_sha) + } + if (path) { + url.searchParams.set('path', path) + } + } + + return url + } + + function validRequest(request) { + let url = new URL(request.url) + let path = url.pathname + + if (/^(.+)(\/raw\/|\/-\/archive\/)/.test(path)) { + return true + } + + return false + } + ``` 1. Create a new worker with this script. 1. Copy your values for `ORIGIN_HOSTNAME` and `STORAGE_TOKEN`. diff --git a/doc/administration/troubleshooting/debug.md b/doc/administration/troubleshooting/debug.md index db8d186db43..c1f2a5c92a3 100644 --- a/doc/administration/troubleshooting/debug.md +++ b/doc/administration/troubleshooting/debug.md @@ -33,7 +33,7 @@ an SMTP server, but you're not seeing mail delivered. Here's how to check the se ```ruby irb(main):002:0> ActionMailer::Base.smtp_settings - => {:address=>"localhost", :port=>25, :domain=>"localhost.localdomain", :user_name=>nil, :password=>nil, :authentication=>nil, :enable_starttls_auto=>true}``` + => {:address=>"localhost", :port=>25, :domain=>"localhost.localdomain", :user_name=>nil, :password=>nil, :authentication=>nil, :enable_starttls_auto=>true} ``` In the example above, the SMTP server is configured for the local machine. If this is intended, you may need to check your local mail @@ -56,13 +56,13 @@ For more advanced issues, `gdb` is a must-have tool for debugging issues. To install on Ubuntu/Debian: -``` +```shell sudo apt-get install gdb ``` On CentOS: -``` +```shell sudo yum install gdb ``` @@ -103,14 +103,14 @@ downtime. Otherwise skip to the next section. 1. Run `sudo gdb -p <PID>` to attach to the Unicorn process. 1. In the gdb window, type: - ``` + ```plaintext call (void) rb_backtrace() ``` 1. This forces the process to generate a Ruby backtrace. Check `/var/log/gitlab/unicorn/unicorn_stderr.log` for the backtace. For example, you may see: - ```ruby + ```plaintext from /opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/metrics/sampler.rb:33:in `block in start' from /opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/metrics/sampler.rb:33:in `loop' from /opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/metrics/sampler.rb:36:in `block (2 levels) in start' @@ -124,13 +124,13 @@ downtime. Otherwise skip to the next section. 1. To see the current threads, run: - ``` + ```plaintext thread apply all bt ``` 1. Once you're done debugging with `gdb`, be sure to detach from the process and exit: - ``` + ```plaintext detach exit ``` @@ -162,7 +162,7 @@ separate Rails process to debug the issue: 1. Create a Personal Access Token for your user (Profile Settings -> Access Tokens). 1. Bring up the GitLab Rails console. For omnibus users, run: - ``` + ```shell sudo gitlab-rails console ``` diff --git a/doc/administration/troubleshooting/kubernetes_cheat_sheet.md b/doc/administration/troubleshooting/kubernetes_cheat_sheet.md index 4ffce11aed0..38c0661da06 100644 --- a/doc/administration/troubleshooting/kubernetes_cheat_sheet.md +++ b/doc/administration/troubleshooting/kubernetes_cheat_sheet.md @@ -202,9 +202,9 @@ and they will assist you with any issues you are having. - How to get the manifest for a release. It can be useful because it contains the info about all Kubernetes resources and dependent charts: - ```shell - helm get manifest <release name> - ``` + ```shell + helm get manifest <release name> + ``` ## Installation of minimal GitLab config via Minukube on macOS diff --git a/doc/administration/troubleshooting/postgresql.md b/doc/administration/troubleshooting/postgresql.md index ab302c919b2..b793f0a2ebc 100644 --- a/doc/administration/troubleshooting/postgresql.md +++ b/doc/administration/troubleshooting/postgresql.md @@ -99,13 +99,13 @@ References: - [Customer ticket (internal) GitLab 12.1.6](https://gitlab.zendesk.com/agent/tickets/134307) and [Google doc (internal)](https://docs.google.com/document/d/19xw2d_D1ChLiU-MO1QzWab-4-QXgsIUcN5e_04WTKy4) - [Issue #2 deadlocks can occur if an instance is flooded with pushes](https://gitlab.com/gitlab-org/gitlab/issues/33650). Provided for context about how GitLab code can have this sort of unanticipated effect in unusual situations. -``` +```plaintext ERROR: deadlock detected ``` Three applicable timeouts are identified in the issue [#1](https://gitlab.com/gitlab-org/gitlab/issues/30528); our recommended settings are as follows: -``` +```ini deadlock_timeout = 5s statement_timeout = 15s idle_in_transaction_session_timeout = 60s @@ -128,7 +128,7 @@ Comments in issue [#1](https://gitlab.com/gitlab-org/gitlab/issues/30528) indica See current settings with: -``` +```shell sudo gitlab-rails runner "c = ApplicationRecord.connection ; puts c.execute('SHOW statement_timeout').to_a ; puts c.execute('SHOW lock_timeout').to_a ; puts c.execute('SHOW idle_in_transaction_session_timeout').to_a ;" diff --git a/doc/administration/troubleshooting/sidekiq.md b/doc/administration/troubleshooting/sidekiq.md index 91361dddf02..b72bce5b3c6 100644 --- a/doc/administration/troubleshooting/sidekiq.md +++ b/doc/administration/troubleshooting/sidekiq.md @@ -31,7 +31,7 @@ Check in `/var/log/gitlab/sidekiq/current` or `$GITLAB_HOME/log/sidekiq.log` for the backtrace output. The backtraces will be lengthy and generally start with several `WARN` level messages. Here's an example of a single thread's backtrace: -``` +```plaintext 2016-04-13T06:21:20.022Z 31517 TID-orn4urby0 WARN: ActiveRecord::RecordNotFound: Couldn't find Note with 'id'=3375386 2016-04-13T06:21:20.022Z 31517 TID-orn4urby0 WARN: /opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.5.2/lib/active_record/core.rb:155:in `find' /opt/gitlab/embedded/service/gitlab-rails/app/workers/new_note_worker.rb:7:in `perform' @@ -55,7 +55,7 @@ respond to the `TTIN` signal, this is a good next step. If `perf` is not installed on your system, install it with `apt-get` or `yum`: -``` +```shell # Debian sudo apt-get install linux-tools @@ -68,13 +68,13 @@ sudo yum install perf Run perf against the Sidekiq PID: -``` +```shell sudo perf record -p <sidekiq_pid> ``` Let this run for 30-60 seconds and then press Ctrl-C. Then view the perf report: -``` +```shell sudo perf report # Sample output @@ -102,13 +102,13 @@ of the process (Sidekiq will not process jobs while `gdb` is attached). Start by attaching to the Sidekiq PID: -``` +```shell gdb -p <sidekiq_pid> ``` Then gather information on all the threads: -``` +```plaintext info threads # Example output @@ -129,7 +129,7 @@ from /opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/nokogiri-1.6.7.2/lib/nokog If you see a suspicious thread, like the Nokogiri one above, you may want to get more information: -``` +```plaintext thread 21 bt @@ -147,7 +147,7 @@ bt To output a backtrace from all threads at once: -``` +```plaintext set pagination off thread apply all bt ``` @@ -155,7 +155,7 @@ thread apply all bt Once you're done debugging with `gdb`, be sure to detach from the process and exit: -``` +```plaintext detach exit ``` diff --git a/doc/administration/uploads.md b/doc/administration/uploads.md index b3d2a835dc6..f53c4e63bcb 100644 --- a/doc/administration/uploads.md +++ b/doc/administration/uploads.md @@ -153,7 +153,7 @@ Note that Oracle Cloud S3 must be sure to use the following settings: If `enable_signature_v4_streaming` is set to `true`, you may see the following error: -``` +```plaintext STREAMING-AWS4-HMAC-SHA256-PAYLOAD is not supported ``` |