diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-02-20 09:09:13 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-02-20 09:09:13 +0000 |
commit | 1ac794623a8be5dee111716a44dd04ff708f3541 (patch) | |
tree | 6c18f9fbe0bd9978bd3e8d9b083d3a0ca180686e /doc | |
parent | 5247fe0bef72fa922841a79d5dbefb47d95112fa (diff) | |
download | gitlab-ce-1ac794623a8be5dee111716a44dd04ff708f3541.tar.gz |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'doc')
-rw-r--r-- | doc/administration/geo/replication/index.md | 3 | ||||
-rw-r--r-- | doc/ci/variables/predefined_variables.md | 1 | ||||
-rw-r--r-- | doc/development/pipelines.md | 1 | ||||
-rw-r--r-- | doc/install/aws/img/aws_ha_architecture_diagram.png | bin | 133747 -> 133100 bytes | |||
-rw-r--r-- | doc/install/aws/index.md | 39 | ||||
-rw-r--r-- | doc/user/group/saml_sso/index.md | 10 | ||||
-rw-r--r-- | doc/user/project/import/index.md | 4 |
7 files changed, 36 insertions, 22 deletions
diff --git a/doc/administration/geo/replication/index.md b/doc/administration/geo/replication/index.md index e3699f1544b..4eaf6a88575 100644 --- a/doc/administration/geo/replication/index.md +++ b/doc/administration/geo/replication/index.md @@ -30,7 +30,7 @@ Implementing Geo provides the following benefits: - Reduce from minutes to seconds the time taken for your distributed developers to clone and fetch large repositories and projects. - Enable all of your developers to contribute ideas and work in parallel, no matter where they are. -- Balance the load between your **primary** and **secondary** nodes, or offload your automated tests to a **secondary** node. +- Balance the read-only load between your **primary** and **secondary** nodes. In addition, it: @@ -249,6 +249,7 @@ This list of limitations only reflects the latest version of GitLab. If you are - [Selective synchronization](configuration.md#selective-synchronization) applies only to files and repositories. Other datasets are replicated to the **secondary** node in full, making it inappropriate for use as an access control mechanism. - Object pools for forked project deduplication work only on the **primary** node, and are duplicated on the **secondary** node. - [External merge request diffs](../../merge_request_diffs.md) will not be replicated if they are on-disk, and viewing merge requests will fail. However, external MR diffs in object storage **are** supported. The default configuration (in-database) does work. +- GitLab Runners cannot register with a **secondary** node. Support for this is [planned for the future](https://gitlab.com/gitlab-org/gitlab/issues/3294). ### Limitations on replication/verification diff --git a/doc/ci/variables/predefined_variables.md b/doc/ci/variables/predefined_variables.md index dd15b8c37b1..a9f57d97316 100644 --- a/doc/ci/variables/predefined_variables.md +++ b/doc/ci/variables/predefined_variables.md @@ -57,6 +57,7 @@ future GitLab releases.** | `CI_EXTERNAL_PULL_REQUEST_TARGET_BRANCH_NAME` | 12.3 | all | The target branch name of the pull request if [the pipelines are for external pull requests](../ci_cd_for_external_repos/index.md#pipelines-for-external-pull-requests). Available only if `only: [external_pull_requests]` is used and the pull request is open. | | `CI_EXTERNAL_PULL_REQUEST_TARGET_BRANCH_SHA` | 12.3 | all | The HEAD SHA of the target branch of the pull request if [the pipelines are for external pull requests](../ci_cd_for_external_repos/index.md#pipelines-for-external-pull-requests). Available only if `only: [external_pull_requests]` is used and the pull request is open. | | `CI_JOB_ID` | 9.0 | all | The unique id of the current job that GitLab CI uses internally | +| `CI_JOB_IMAGE` | 12.9 | 12.9 | The name of the image running the CI job | | `CI_JOB_MANUAL` | 8.12 | all | The flag to indicate that job was manually started | | `CI_JOB_NAME` | 9.0 | 0.5 | The name of the job as defined in `.gitlab-ci.yml` | | `CI_JOB_STAGE` | 9.0 | 0.5 | The name of the stage as defined in `.gitlab-ci.yml` | diff --git a/doc/development/pipelines.md b/doc/development/pipelines.md index e228845bc72..302e2a2a6ee 100644 --- a/doc/development/pipelines.md +++ b/doc/development/pipelines.md @@ -100,6 +100,7 @@ and included in `rules` definitions via [YAML anchors](../ci/yaml/README.md#anch | `if-master-refs` | Matches if the current branch is `master`. | | | `if-master-or-tag` | Matches if the pipeline is for the `master` branch or for a tag. | | | `if-merge-request` | Matches if the pipeline is for a merge request. | | +| `if-nightly-master-schedule` | Matches if the pipeline is for a `master` scheduled pipeline with `$NIGHTLY` set. | | | `if-dot-com-gitlab-org-schedule` | Limits jobs creation to scheduled pipelines for the `gitlab-org` group on GitLab.com. | | | `if-dot-com-gitlab-org-master` | Limits jobs creation to the `master` branch for the `gitlab-org` group on GitLab.com. | | | `if-dot-com-gitlab-org-merge-request` | Limits jobs creation to merge requests for the `gitlab-org` group on GitLab.com. | | diff --git a/doc/install/aws/img/aws_ha_architecture_diagram.png b/doc/install/aws/img/aws_ha_architecture_diagram.png Binary files differindex 8cff5658b32..1b30a244778 100644 --- a/doc/install/aws/img/aws_ha_architecture_diagram.png +++ b/doc/install/aws/img/aws_ha_architecture_diagram.png diff --git a/doc/install/aws/index.md b/doc/install/aws/index.md index aa94dc1a2a5..63308f10421 100644 --- a/doc/install/aws/index.md +++ b/doc/install/aws/index.md @@ -53,8 +53,8 @@ Here's a list of the AWS services we will use, with links to pricing information [Amazon EBS pricing](https://aws.amazon.com/ebs/pricing/). - **S3**: We will use S3 to store backups, artifacts, LFS objects, etc. See the [Amazon S3 pricing](https://aws.amazon.com/s3/pricing/). -- **ALB**: An Application Load Balancer will be used to route requests to the - GitLab instance. See the [Amazon ELB pricing](https://aws.amazon.com/elasticloadbalancing/pricing/). +- **ELB**: A Classic Load Balancer will be used to route requests to the + GitLab instances. See the [Amazon ELB pricing](https://aws.amazon.com/elasticloadbalancing/pricing/). - **RDS**: An Amazon Relational Database Service using PostgreSQL will be used to provide a High Availability database configuration. See the [Amazon RDS pricing](https://aws.amazon.com/rds/postgresql/pricing/). @@ -291,27 +291,30 @@ and add a custom TCP rule for port `6379` accessible within itself. ## Load Balancer -On the EC2 dashboard, look for Load Balancer on the left column: +On the EC2 dashboard, look for Load Balancer in the left navigation bar: 1. Click the **Create Load Balancer** button. - 1. Choose the Application Load Balancer. - 1. Give it a name (`gitlab-loadbalancer`) and set the scheme to "internet-facing". - 1. In the "Listeners" section, make sure it has HTTP and HTTPS. - 1. In the "Availability Zones" section, select the `gitlab-vpc` we have created - and associate the **public subnets**. -1. Click **Configure Security Settings** to go to the next section to - select the TLS certificate. When done, go to the next step. -1. In the "Security Groups" section, create a new one by giving it a name - (`gitlab-loadbalancer-sec-group`) and allow both HTTP ad HTTPS traffic + 1. Choose the **Classic Load Balancer**. + 1. Give it a name (`gitlab-loadbalancer`) and for the **Create LB Inside** option, select `gitlab-vpc` from the dropdown menu. + 1. In the **Listeners** section, set HTTP port 80, HTTPS port 443, and TCP port 22 for both load balancer and instance protocols and ports. + 1. In the **Select Subnets** section, select both public subnets from the list. +1. Click **Assign Security Groups** and select **Create a new security group**, give it a name + (`gitlab-loadbalancer-sec-group`) and description, and allow both HTTP and HTTPS traffic from anywhere (`0.0.0.0/0, ::/0`). -1. In the next step, configure the routing and select an existing target group - (`gitlab-public`). The Load Balancer Health will allow us to indicate where to - ping and what makes up a healthy or unhealthy instance. -1. Leave the "Register Targets" section as is, and finally review the settings - and create the ELB. +1. Click **Configure Security Settings** and select an SSL/TLS certificate from ACM or upload a certificate to IAM. +1. Click **Configure Health Check** and set up a health check for your EC2 instances. + 1. For **Ping Protocol**, select HTTP. + 1. For **Ping Port**, enter 80. + 1. For **Ping Path**, enter `/explore`. (We use `/explore` as it's a public endpoint that does + not require authorization.) + 1. Keep the default **Advanced Details** or adjust them according to your needs. +1. For now, don't click **Add EC2 Instances**, as we don't have any instances to add yet. Come back +to your load balancer after creating your GitLab instances and add them. +1. Click **Add Tags** and add any tags you need. +1. Click **Review and Create**, review all your settings, and click **Create** if you're happy. After the Load Balancer is up and running, you can revisit your Security -Groups to refine the access only through the ELB and any other requirement +Groups to refine the access only through the ELB and any other requirements you might have. ## Deploying GitLab inside an auto scaling group diff --git a/doc/user/group/saml_sso/index.md b/doc/user/group/saml_sso/index.md index 6fa7a0397f4..73ac54905e3 100644 --- a/doc/user/group/saml_sso/index.md +++ b/doc/user/group/saml_sso/index.md @@ -64,7 +64,7 @@ We intend to add a similar SSO requirement for [Git and API activity](https://gi #### Group-managed accounts -[Introduced in GitLab 12.1](https://gitlab.com/groups/gitlab-org/-/epics/709). +> [Introduced in GitLab 12.1](https://gitlab.com/groups/gitlab-org/-/epics/709). When SSO is being enforced, groups can enable an additional level of protection by enforcing the creation of dedicated user accounts to access the group. @@ -95,6 +95,14 @@ To access the Credentials inventory of a group, navigate to **{shield}** **Secur This feature is similar to the [Credentials inventory for self-managed instances](../../admin_area/credentials_inventory.md). +##### Outer forks restriction for Group-managed accounts + +> [Introduced in GitLab 12.9](https://gitlab.com/gitlab-org/gitlab/issues/34648) + +Groups with enabled group-managed accounts can allow or disallow forking of projects outside of root group +by using separate toggle. If forking is disallowed any project of given root group or its subgroups can be forked to +a subgroup of the same root group only. + #### Assertions When using group-managed accounts, the following user details need to be passed to GitLab as SAML diff --git a/doc/user/project/import/index.md b/doc/user/project/import/index.md index 571968dd065..8fd4325b5cd 100644 --- a/doc/user/project/import/index.md +++ b/doc/user/project/import/index.md @@ -49,9 +49,9 @@ Docker pulls and pushes and re-run any CI pipelines to retrieve any build artifa ## Migrating between two self-hosted GitLab instances -The best method for migrating a project from one GitLab instance to another, +The best method for migrating from one GitLab instance to another, perhaps from an old server to a new server for example, is to -[back up the project](../../../raketasks/backup_restore.md), +[back up the instance](../../../raketasks/backup_restore.md), then restore it on the new server. In the event of merging two GitLab instances together (for example, both instances have existing data on them and one can't be wiped), |