diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-05-11 15:08:39 +0000 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-05-11 15:08:39 +0000 |
| commit | 4564f677f8d71e814e89618e81709c86cf50e3d2 (patch) | |
| tree | 9ba8fffbd8b3ec3d40dc12bfc4132d842f789cfc /doc | |
| parent | 0b54f87a31c23544ca5917bf772ce9c64a61562c (diff) | |
| download | gitlab-ce-4564f677f8d71e814e89618e81709c86cf50e3d2.tar.gz | |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'doc')
22 files changed, 182 insertions, 259 deletions
diff --git a/doc/administration/geo/setup/external_database.md b/doc/administration/geo/setup/external_database.md index f93ef5f5d5e..65ea2e6e5af 100644 --- a/doc/administration/geo/setup/external_database.md +++ b/doc/administration/geo/setup/external_database.md @@ -211,7 +211,7 @@ the tracking database on port 5432. 1. Set up PostgreSQL according to the [database requirements document](../../../install/requirements.md#database). -1. Set up a `gitlab_geo` user with a password of your choice, create the `gitlabhq_geo_production` database, and make the user an owner of the database. You can see an example of this setup in the [installation from source documentation](../../../install/installation.md#6-database). +1. Set up a `gitlab_geo` user with a password of your choice, create the `gitlabhq_geo_production` database, and make the user an owner of the database. You can see an example of this setup in the [installation from source documentation](../../../install/installation.md#7-database). 1. If you are **not** using a cloud-managed PostgreSQL database, ensure that your secondary site can communicate with your tracking database by manually changing the `pg_hba.conf` that is associated with your tracking database. diff --git a/doc/administration/get_started.md b/doc/administration/get_started.md index b11524083b1..0b5de38a78b 100644 --- a/doc/administration/get_started.md +++ b/doc/administration/get_started.md @@ -100,7 +100,6 @@ Unlike other monitoring solutions (for example, Zabbix or New Relic), Prometheus - Prometheus and its exporters are on by default. However, you need to [configure the service](../administration/monitoring/prometheus/index.md#configuring-prometheus). - Learn more about [GitLab architecture](../development/architecture.md). - Find out why [application performance metrics](https://about.gitlab.com/blog/2020/05/07/working-with-performance-metrics/) matter. -- Create a [self-monitoring project](../administration/monitoring/gitlab_self_monitoring_project/index.md) to track the health of your instance. - Integrate Grafana to [build visual dashboards](https://youtu.be/f4R7s0An1qE) based on performance metrics. ### Components of monitoring diff --git a/doc/administration/monitoring/gitlab_self_monitoring_project/img/self_monitoring_overview_dashboard.png b/doc/administration/monitoring/gitlab_self_monitoring_project/img/self_monitoring_overview_dashboard.png Binary files differdeleted file mode 100644 index 1d61823ce41..00000000000 --- a/doc/administration/monitoring/gitlab_self_monitoring_project/img/self_monitoring_overview_dashboard.png +++ /dev/null diff --git a/doc/administration/monitoring/gitlab_self_monitoring_project/index.md b/doc/administration/monitoring/gitlab_self_monitoring_project/index.md index 53b578eb2f3..dbdcdf22007 100644 --- a/doc/administration/monitoring/gitlab_self_monitoring_project/index.md +++ b/doc/administration/monitoring/gitlab_self_monitoring_project/index.md @@ -2,120 +2,11 @@ stage: Monitor group: Respond info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments +remove_date: '2023-08-22' +redirect_to: '../index.md' --- -# Self-monitoring project (deprecated) **(FREE SELF)** +# Self-monitoring project (removed) **(FREE SELF)** -> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/32351) in GitLab 12.7 [with a flag](../../feature_flags.md) named `self_monitoring_project`. Disabled by default. -> - Generally available in GitLab 12.8. [Feature flag `self_monitoring_project`](https://gitlab.com/gitlab-org/gitlab/-/issues/198511) removed. -> - [Deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/348909) in GitLab 14.9. Planned for removal in GitLab 16.0. - -WARNING: -This feature is in its end-of-life process. It is [deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/348909) -in GitLab 14.9, and is planned for removal in GitLab 16.0. - -GitLab provides administrators insights into the health of their GitLab instance. - -To provide a native experience (similar interacting with an application deployed using GitLab), a -project called **Monitoring** is created: - -- With [internal visibility](../../../user/public_access.md#internal-projects-and-groups). -- Under a group called **GitLab Instance**. - -The project is created specifically for visualizing and configuring the monitoring of your GitLab -instance. - -When the project and group are created, all administrators are given the [Maintainer role](../../../user/permissions.md). -As an administrator, you can add new members to the group to give them the Maintainer role for the project. - -This project can be used to: - -- Self-monitor your GitLab instance. The metrics dashboard of the project shows some basic resource - usage charts, such as CPU and memory usage of each server in - [Omnibus GitLab](https://docs.gitlab.com/omnibus/) installations. -- Also configure your own [custom metrics](../../../operations/metrics/index.md#adding-custom-metrics) - using metrics exposed by the [GitLab exporter](../prometheus/gitlab_metrics.md#metrics-available). - -## Create the self-monitoring project - -1. On the top bar, select **Main menu > Admin**. -1. On the left sidebar, select **Settings > Metrics and profiling** and expand **Self-monitoring**. -1. Toggle **Self-monitoring** on. -1. After your GitLab instance creates the project, GitLab displays a link to the - project in the text above the **Self-monitoring** toggle. You can also find it - from the top bar by selecting **Main menu > Projects**. - -## Delete the self-monitoring project - -WARNING: -Deleting the self-monitoring project removes any changes made to the project. If -you create the project again, it's created in its default state. - -1. On the top bar, select **Main menu > Admin**. -1. On the left sidebar, go to **Settings > Metrics and profiling** and expand **Self-monitoring**. -1. Toggle **Self-monitoring** off. -1. In the confirmation dialog that opens, select **Delete self-monitoring project**. - It can take a few seconds for it to be deleted. -1. After the project is deleted, GitLab displays a message confirming your action. - -## Dashboards available in Omnibus GitLab - -Omnibus GitLab provides a dashboard that displays CPU and memory usage -of each GitLab server. To select the servers to be displayed in the -panels, provide a regular expression in the **Instance label regex** field. -The dashboard uses metrics available in -[Omnibus GitLab](https://docs.gitlab.com/omnibus/) installations. - - - -You can also -[create your own dashboards](../../../operations/metrics/dashboards/index.md). - -## Connect to Prometheus - -The project is automatically configured to connect to the -[internal Prometheus](../prometheus/index.md) instance if the Prometheus instance is present. -This should be the case if GitLab was installed using Omnibus GitLab and you haven't disabled it. - -If that's not the case, or if you have an external Prometheus instance or a customized setup, -you [configure it manually](../../../user/project/integrations/prometheus.md#manual-configuration-of-prometheus). - -## Take action on Prometheus alerts **(ULTIMATE)** - -You can [add a Prometheus integration](../../../operations/incident_management/integrations.md) -to GitLab to receive notifications of any alerts. - -When the integration is set up, you can -[take action on incoming alerts](../../../operations/metrics/alerts.md#trigger-actions-from-alerts). - -## Add custom metrics to the self-monitoring project - -You can add custom metrics in the self-monitoring project by: - -1. [Duplicating](../../../operations/metrics/dashboards/index.md#duplicate-a-gitlab-defined-dashboard) the overview dashboard. -1. [Editing](../../../operations/metrics/index.md) the newly created dashboard file and configuring it with [dashboard YAML properties](../../../operations/metrics/dashboards/yaml.md). - -## Troubleshooting - -### Error message in logs: `Could not create instance administrators group. Errors: ["You don't have permission to create groups."]` - -A [bug](https://gitlab.com/gitlab-org/gitlab/-/issues/208676) causes project creation to fail with -the following error in the log file when the first administrator user is an -[external user](../../../user/admin_area/external_users.md): - -```plaintext -Could not create instance administrators group. Errors: ["You don't have permission to create groups."] -``` - -Run the following in a Rails console to check if the first administrator user is an external user: - -```ruby -User.admins.active.first.external? -``` - -If this returns true, the first administrator user is an external user. - -If you face this issue, you can temporarily -[make the administrator user a non-external user](../../../user/admin_area/external_users.md) -and then try to create the project. -After the project is created, the administrator user can be changed back to an external user. +This feature was [deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/348909) +in GitLab 14.9 and [removed](https://gitlab.com/groups/gitlab-org/-/epics/10030) in 16.0. diff --git a/doc/administration/monitoring/index.md b/doc/administration/monitoring/index.md index e57156e6513..1b23d6b7f49 100644 --- a/doc/administration/monitoring/index.md +++ b/doc/administration/monitoring/index.md @@ -8,9 +8,6 @@ info: To determine the technical writer assigned to the Stage/Group associated w Explore our features to monitor your GitLab instance: -- [GitLab self-monitoring](gitlab_self_monitoring_project/index.md): The - GitLab instance administration project helps to monitor the GitLab instance and - take action on alerts. - [Performance monitoring](performance/index.md): GitLab Performance Monitoring makes it possible to measure a wide variety of statistics of your instance. - [Prometheus](prometheus/index.md): Prometheus is a powerful time-series monitoring diff --git a/doc/administration/postgresql/external.md b/doc/administration/postgresql/external.md index 24548f690ff..8f664f9809e 100644 --- a/doc/administration/postgresql/external.md +++ b/doc/administration/postgresql/external.md @@ -17,7 +17,7 @@ If you use a cloud-managed service, or provide your own PostgreSQL instance: 1. Set up PostgreSQL according to the [database requirements document](../../install/requirements.md#database). -1. Set up a `gitlab` user with a password of your choice, create the `gitlabhq_production` database, and make the user an owner of the database. You can see an example of this setup in the [installation from source documentation](../../install/installation.md#6-database). +1. Set up a `gitlab` user with a password of your choice, create the `gitlabhq_production` database, and make the user an owner of the database. You can see an example of this setup in the [installation from source documentation](../../install/installation.md#7-database). 1. If you are using a cloud-managed service, you may need to grant additional roles to your `gitlab` user: - Amazon RDS requires the [`rds_superuser`](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.PostgreSQL.CommonDBATasks.html#Appendix.PostgreSQL.CommonDBATasks.Roles) role. diff --git a/doc/administration/redis/replication_and_failover_external.md b/doc/administration/redis/replication_and_failover_external.md index 98909dfc001..14378b478da 100644 --- a/doc/administration/redis/replication_and_failover_external.md +++ b/doc/administration/redis/replication_and_failover_external.md @@ -87,7 +87,7 @@ valuable information for the general setup. Assuming that the Redis primary instance IP is `10.0.0.1`: -1. [Install Redis](../../install/installation.md#7-redis). +1. [Install Redis](../../install/installation.md#8-redis). 1. Edit `/etc/redis/redis.conf`: ```conf @@ -113,7 +113,7 @@ Assuming that the Redis primary instance IP is `10.0.0.1`: Assuming that the Redis replica instance IP is `10.0.0.2`: -1. [Install Redis](../../install/installation.md#7-redis). +1. [Install Redis](../../install/installation.md#8-redis). 1. Edit `/etc/redis/redis.conf`: ```conf diff --git a/doc/api/graphql/reference/index.md b/doc/api/graphql/reference/index.md index 9b72c7378b8..263689894ca 100644 --- a/doc/api/graphql/reference/index.md +++ b/doc/api/graphql/reference/index.md @@ -1484,7 +1484,6 @@ Input type: `CiCdSettingsUpdateInput` | <a id="mutationcicdsettingsupdatekeeplatestartifact"></a>`keepLatestArtifact` | [`Boolean`](#boolean) | Indicates if the latest artifact should be kept for the project. | | <a id="mutationcicdsettingsupdatemergepipelinesenabled"></a>`mergePipelinesEnabled` | [`Boolean`](#boolean) | Indicates if merge pipelines are enabled for the project. | | <a id="mutationcicdsettingsupdatemergetrainsenabled"></a>`mergeTrainsEnabled` | [`Boolean`](#boolean) | Indicates if merge trains are enabled for the project. | -| <a id="mutationcicdsettingsupdateoptinjwt"></a>`optInJwt` | [`Boolean`](#boolean) | When disabled, the JSON Web Token is always available in all jobs in the pipeline. | #### Fields @@ -4988,7 +4987,6 @@ Input type: `ProjectCiCdSettingsUpdateInput` | <a id="mutationprojectcicdsettingsupdatekeeplatestartifact"></a>`keepLatestArtifact` | [`Boolean`](#boolean) | Indicates if the latest artifact should be kept for the project. | | <a id="mutationprojectcicdsettingsupdatemergepipelinesenabled"></a>`mergePipelinesEnabled` | [`Boolean`](#boolean) | Indicates if merge pipelines are enabled for the project. | | <a id="mutationprojectcicdsettingsupdatemergetrainsenabled"></a>`mergeTrainsEnabled` | [`Boolean`](#boolean) | Indicates if merge trains are enabled for the project. | -| <a id="mutationprojectcicdsettingsupdateoptinjwt"></a>`optInJwt` | [`Boolean`](#boolean) | When disabled, the JSON Web Token is always available in all jobs in the pipeline. | #### Fields @@ -20408,7 +20406,6 @@ four standard [pagination arguments](#connection-pagination-arguments): | <a id="projectcicdsettingkeeplatestartifact"></a>`keepLatestArtifact` | [`Boolean`](#boolean) | Whether to keep the latest builds artifacts. | | <a id="projectcicdsettingmergepipelinesenabled"></a>`mergePipelinesEnabled` | [`Boolean`](#boolean) | Whether merge pipelines are enabled. | | <a id="projectcicdsettingmergetrainsenabled"></a>`mergeTrainsEnabled` | [`Boolean`](#boolean) | Whether merge trains are enabled. | -| <a id="projectcicdsettingoptinjwt"></a>`optInJwt` | [`Boolean`](#boolean) | When disabled, the JSON Web Token is always available in all jobs in the pipeline. | | <a id="projectcicdsettingproject"></a>`project` | [`Project`](#project) | Project the CI/CD settings belong to. | ### `ProjectConversations` diff --git a/doc/api/graphql/removed_items.md b/doc/api/graphql/removed_items.md index fb4a1a80340..4c506d93436 100644 --- a/doc/api/graphql/removed_items.md +++ b/doc/api/graphql/removed_items.md @@ -30,6 +30,7 @@ Fields removed in GitLab 16.0. | -------------------- | -------------------- |---------------------------------------------------------------------|------------------------------------------------| | - | `vulnerabilityFindingDismiss` | [15.5](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/99170) | `vulnerabilityDismiss` or `securityFindingDismiss` | | - | `apiFuzzingCiConfigurationCreate` | [15.1](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/87241) | `todos` | +| - | `CiCdSettingsUpdate` | [15.0](https://gitlab.com/gitlab-org/gitlab/-/issues/361801) | `ProjectCiCdSettingsUpdate` | ## GitLab 15.0 diff --git a/doc/api/group_access_tokens.md b/doc/api/group_access_tokens.md index 82065590b33..446aa3668d8 100644 --- a/doc/api/group_access_tokens.md +++ b/doc/api/group_access_tokens.md @@ -123,6 +123,34 @@ curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" \ } ``` +## Rotate a group access token + +> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/403042) in GitLab 16.0 + +Rotate a group access token. Revokes the previous token and creates a new token that expires in one week. + +```plaintext +POST /groups/:id/access_tokens/:token_id/rotate +``` + +| Attribute | Type | required | Description | +|-----------|---------|----------|---------------------| +| `id` | integer or string | yes | ID or [URL-encoded path of the group](rest/index.md#namespaced-path-encoding) | +| `token_id` | integer or string | yes | ID of the project access token | + +```shell +curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/groups/<group_id>/access_tokens/<token_id>/rotate" +``` + +### Responses + +- `200: OK` if existing token is successfully revoked and the new token is created. +- `400: Bad Request` if not rotated successfully. +- `401: Unauthorized` if either the: + - User does not have access to the token with the specified ID. + - Token with the specified ID does not exist. +- `404: Not Found` if the user is an administrator but the token with the specified ID does not exist. + ## Revoke a group access token > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/77236) in GitLab 14.7. diff --git a/doc/api/personal_access_tokens.md b/doc/api/personal_access_tokens.md index 167d3eaedb8..691c094f9eb 100644 --- a/doc/api/personal_access_tokens.md +++ b/doc/api/personal_access_tokens.md @@ -205,6 +205,36 @@ Example response: } ``` +## Rotate a personal access token + +> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/403042) in GitLab 16.0 + +Rotate a personal access token. Revokes the previous token and creates a new token that expires in one week. + +```plaintext +POST /personal_access_tokens/:id/rotate +``` + +| Attribute | Type | Required | Description | +|-----------|---------|----------|---------------------| +| `id` | integer/string | yes | ID of personal access token | + +NOTE: +Non-administrators can rotate their own tokens. Administrators can rotate tokens of any user. + +```shell +curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/personal_access_tokens/<personal_access_token_id>/rotate" +``` + +### Responses + +- `200: OK` if the existing token is successfully revoked and the new token successfully created. +- `400: Bad Request` if not rotated successfully. +- `401: Unauthorized` if either the: + - User does not have access to the token with the specified ID. + - Token with the specified ID does not exist. +- `404: Not Found` if the user is an administrator but the token with the specified ID does not exist. + ## Revoke a personal access token Revoke a personal access token by either: diff --git a/doc/api/project_access_tokens.md b/doc/api/project_access_tokens.md index 6711d1b0261..437bdaa70f4 100644 --- a/doc/api/project_access_tokens.md +++ b/doc/api/project_access_tokens.md @@ -132,6 +132,34 @@ curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" \ } ``` +## Rotate a project access token + +> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/403042) in GitLab 16.0 + +Rotate a project access token. Revokes the previous token and creates a new token that expires in one week. + +```plaintext +POST /projects/:id/access_tokens/:token_id/rotate +``` + +| Attribute | Type | required | Description | +|-----------|---------|----------|---------------------| +| `id` | integer or string | yes | ID or [URL-encoded path of the project](rest/index.md#namespaced-path-encoding) | +| `token_id` | integer or string | yes | ID of the project access token | + +```shell +curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/<project_id>/access_tokens/<token_id>/rotate" +``` + +### Responses + +- `200: OK` if the existing token is successfully revoked and the new token is successfully created. +- `400: Bad Request` if not rotated successfully. +- `401: Unauthorized` if either the: + - User does not have access to the token with the specified ID. + - Token with the specified ID does not exist. +- `404: Not Found` if the user is an administrator but the token with the specified ID does not exist. + ## Revoke a project access token > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/238991) in GitLab 13.9. diff --git a/doc/ci/runners/saas/macos/codesigning.md b/doc/ci/runners/saas/macos/codesigning.md index 697f138eec6..809b8faf9df 100644 --- a/doc/ci/runners/saas/macos/codesigning.md +++ b/doc/ci/runners/saas/macos/codesigning.md @@ -8,112 +8,21 @@ info: To determine the technical writer assigned to the Stage/Group associated w Before you can integrate GitLab with Apple services, install to a device, or deploy to the Apple App Store, you must [code sign](https://developer.apple.com/support/code-signing/) your application. -To code sign an iOS project, you need the following files: - -- A certificate issued by Apple. -- A provisioning profile. - ## Code signing iOS Projects with fastlane When you use SaaS runners on macOS, each job runs on a VM. Included in each VM is [fastlane](https://fastlane.tools/), an open-source solution aimed at simplifying mobile app deployment. -These steps outline the minimal setup required to use fastlane to code sign your application. Refer to the fastlane [getting started guide](https://docs.fastlane.tools/), [best practices for integrating with GitLab CI](https://docs.fastlane.tools/best-practices/continuous-integration/gitlab/) and the [fastlane code signing getting started guide](https://docs.fastlane.tools/codesigning/getting-started/) for installation instructions, and an overview of how to use fastlane to handle code signing. - -To use fastlane to code sign your application: - -1. At the root of your project repository, on your local development system, run this command: - - ```plaintext - fastlane match init - ``` - - This command creates the `fastlane` directory and adds two files: `Fastfile` and `Appfile`. - -1. Open `Appfile` and edit it to include your Apple ID and app ID. - - ```plaintext - app_identifier("APP IDENTIFIER") # The bundle identifier of your app - - apple_id("APPLE ID") # Your Apple email address - ``` - -1. Open `Fastfile`, which includes the fastlane build steps. - In the following snippet, the steps `get_certificates`, `get_provisioning_profile,match`, `gym`, and - `upload_to_testflight` are fastlane [actions](https://docs.fastlane.tools/actions/). - - ```plaintext - # This file contains the fastlane.tools configuration - # You can find the documentation at https://docs.fastlane.tools - - default_platform(:ios) - - platform :ios do - desc "Build the application" - lane :beta do - increment_build_number( - build_number: latest_testflight_build_number + 1, - xcodeproj: "${PROJECT_NAME}.xcodeproj" - ) - get_certificates - get_provisioning_profile - # match(type: "appstore",read_only: true) - gym - upload_to_testflight - end - end - ``` - -The example configuration also includes an optional `Gymfile`. This file stores configuration -parameters and is used by the fastlane [`gym`](https://docs.fastlane.tools/actions/gym/) action. - -## Using fastlane match - -To simplify the code signing process and implement the -[Code Signing Best Practices Guide](https://codesigning.guide/) recommendations, -use [fastlane match](https://docs.fastlane.tools/actions/match/). - -- Use one code signing identity shared across your team. -- Store the required certificates and provisioning profiles in a separate GitLab project repository. - -Match automatically syncs iOS and macOS keys and provisioning profiles across all team members with access to the GitLab project. Each team member with access to the project can use the credentials for code signing. - -To use fastlane match: - -1. Initialize match in the project repository: - - ```shell - bundle exec fastlane match init - ``` - -1. Select `git` as your storage node. -1. Enter the URL of the GitLab project you plan to use to store your code signing identities. -1. Optional. To create a new certificate and provisioning profile, run: - - ```shell - bundle exec fastlane match development - ``` - -For different code signing identities' storage options, and for a complete step-by-step guide for using match, -refer to the [match documentation](https://docs.fastlane.tools/actions/match/#usage). - -### Environment variables and authentication - -To complete the setup, you must configure environment variables to use with fastlane. The required variables are outlined in the [fastlane documentation](https://docs.fastlane.tools/best-practices/continuous-integration/#environment-variables-to-set). - -To support Apple's two factor authentication requirement, configure these variables: - -- `FASTLANE_APPLE_APPLICATION_SPECIFIC_PASSWORD` and -- `FASTLANE_SESSION` - -To authenticate fastlane with the App Store for the TestFlight upload, configure these variables: +For information about how to set up code signing for your application, see the instructions in the [Mobile DevOps documentation](../../../../ci/mobile_devops.md#code-sign-ios-projects-with-fastlane). -- `FASTLANE_USER` and -- `FASTLANE_PASSWORD` +These instructions provide the minimal setup to use fastlane to code sign your application. For more information about using fastlane to handle code signing, see the following resources: -View the [fastlane authentication with Apple Services guide](https://docs.fastlane.tools/getting-started/ios/authentication/) for an overview of authentication options. +- [fastlane getting started guide](https://docs.fastlane.tools/) +- [Best practices for integrating with GitLab CI](https://docs.fastlane.tools/best-practices/continuous-integration/gitlab/) +- [fastlane code signing getting started guide](https://docs.fastlane.tools/codesigning/getting-started/) ## Related topics - [Apple Developer Support - Code Signing](https://developer.apple.com/support/code-signing/) - [Code Signing Best Practice Guide](https://codesigning.guide/) +- [fastlane authentication with Apple Services guide](https://docs.fastlane.tools/getting-started/ios/authentication/) diff --git a/doc/development/architecture.md b/doc/development/architecture.md index 0573437b64d..133cf8a2998 100644 --- a/doc/development/architecture.md +++ b/doc/development/architecture.md @@ -636,7 +636,7 @@ MinIO is an object storage server released under the GNU AGPL v3.0. It is compat - Configuration: - [Omnibus](https://docs.gitlab.com/omnibus/settings/) - [Charts](https://docs.gitlab.com/charts/charts/nginx/) - - [Source](../install/installation.md#9-nginx) + - [Source](../install/installation.md#10-nginx) - Layer: Core Service (Processor) - Process: `nginx` - GitLab.com: [Service Architecture](https://about.gitlab.com/handbook/engineering/infrastructure/production/architecture/#service-architecture) @@ -692,7 +692,7 @@ Prometheus exporter for PgBouncer. Exports metrics at 9127/metrics. - Configuration: - [Omnibus](https://docs.gitlab.com/omnibus/settings/database.html) - [Charts](https://docs.gitlab.com/charts/installation/deployment.html#postgresql) - - [Source](../install/installation.md#6-database) + - [Source](../install/installation.md#7-database) - Layer: Core Service (Data) - Process: `postgresql` - GitLab.com: [PostgreSQL](https://about.gitlab.com/handbook/engineering/infrastructure/database/) @@ -729,7 +729,7 @@ Prometheus is a time-series tool that helps GitLab administrators expose metrics - Configuration: - [Omnibus](https://docs.gitlab.com/omnibus/settings/redis.html) - [Charts](https://docs.gitlab.com/charts/installation/deployment.html#redis) - - [Source](../install/installation.md#7-redis) + - [Source](../install/installation.md#8-redis) - Layer: Core Service (Data) - Process: `redis` - GitLab.com: [Service Architecture](https://about.gitlab.com/handbook/engineering/infrastructure/production/architecture/#service-architecture) diff --git a/doc/development/fe_guide/index.md b/doc/development/fe_guide/index.md index ef506f260f7..3d05d395ef1 100644 --- a/doc/development/fe_guide/index.md +++ b/doc/development/fe_guide/index.md @@ -24,7 +24,7 @@ modern ECMAScript standards supported through [Babel](https://babeljs.io/) and E Working with our frontend assets requires Node (v12.22.1 or greater) and Yarn (v1.10.0 or greater). You can find information on how to install these on our -[installation guide](../../install/installation.md#4-node). +[installation guide](../../install/installation.md#5-node). ### Browser Support diff --git a/doc/install/installation.md b/doc/install/installation.md index bb0bffd967a..a8e498674a6 100644 --- a/doc/install/installation.md +++ b/doc/install/installation.md @@ -45,12 +45,13 @@ If the highest number stable branch is unclear, check the [GitLab blog](https:// ## Software requirements -| Software | Minimum version | Notes | -|:-------------------|:----------------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| [Ruby](#2-ruby) | `3.0.x` | From GitLab 15.10, Ruby 3.0 is required. You must use the standard MRI implementation of Ruby. We love [JRuby](https://www.jruby.org/) and [Rubinius](https://github.com/rubinius/rubinius#the-rubinius-language-platform), but GitLab needs several Gems that have native extensions. | -| [Go](#3-go) | `1.18.x` | From GitLab 15.6, Go 1.18 or later is required. | -| [Git](#git) | `2.38.x` | From GitLab 15.8, Git 2.38.x and later is required. It's highly recommended that you use the [Git version provided by Gitaly](#git). | -| [Node.js](#4-node) | `16.15.0` | From GitLab 15.7, Node.js 16.15.0 or later is required. | +| Software | Minimum version | Notes | +|:------------------------|:----------------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| [Ruby](#2-ruby) | `3.0.x` | From GitLab 15.10, Ruby 3.0 is required. You must use the standard MRI implementation of Ruby. We love [JRuby](https://www.jruby.org/) and [Rubinius](https://github.com/rubinius/rubinius#the-rubinius-language-platform), but GitLab needs several Gems that have native extensions. | +| [RubyGems](#3-rubygems) | `3.4.x` | A specific RubyGems version is not fully needed, but it's recommended to update so you can enjoy some known performance improvements. | +| [Go](#4-go) | `1.18.x` | From GitLab 15.6, Go 1.18 or later is required. | +| [Git](#git) | `2.38.x` | From GitLab 15.8, Git 2.38.x and later is required. It's highly recommended that you use the [Git version provided by Gitaly](#git). | +| [Node.js](#5-node) | `16.15.0` | From GitLab 15.7, Node.js 16.15.0 or later is required. | ## GitLab directory structure @@ -86,13 +87,14 @@ The GitLab installation consists of setting up the following components: 1. [Packages and dependencies](#1-packages-and-dependencies). 1. [Ruby](#2-ruby). -1. [Go](#3-go). -1. [Node](#4-node). -1. [System users](#5-system-users). -1. [Database](#6-database). -1. [Redis](#7-redis). -1. [GitLab](#8-gitlab). -1. [NGINX](#9-nginx). +1. [RubyGems](#3-rubygems). +1. [Go](#4-go). +1. [Node](#5-node). +1. [System users](#6-system-users). +1. [Database](#7-database). +1. [Redis](#8-redis). +1. [GitLab](#9-gitlab). +1. [NGINX](#10-nginx). ## 1. Packages and dependencies @@ -220,7 +222,23 @@ instructions are designed to install Ruby from the official source code. [Install Ruby](https://www.ruby-lang.org/en/documentation/installation/). -## 3. Go +## 3. RubyGems + +Sometimes, a newer version of RubyGems is required than the one bundled with Ruby. + +To update to a specific version: + +```shell +gem update --system 3.4.12 +``` + +Or the latest version: + +```shell +gem update --system +``` + +## 4. Go GitLab has several daemons written in Go. To install GitLab we need a Go compiler. The instructions below assume you use 64-bit @@ -238,7 +256,7 @@ sudo ln -sf /usr/local/go/bin/{go,gofmt} /usr/local/bin/ rm go1.18.8.linux-amd64.tar.gz ``` -## 4. Node +## 5. Node GitLab requires the use of Node to compile JavaScript assets, and Yarn to manage JavaScript dependencies. The current minimum @@ -262,7 +280,7 @@ npm install --global yarn Visit the official websites for [node](https://nodejs.org/en/download/package-manager/) and [yarn](https://classic.yarnpkg.com/en/docs/install/) if you have any trouble with these steps. -## 5. System users +## 6. System users Create a `git` user for GitLab: @@ -270,7 +288,7 @@ Create a `git` user for GitLab: sudo adduser --disabled-login --gecos 'GitLab' git ``` -## 6. Database +## 7. Database NOTE: In GitLab 12.1 and later, only PostgreSQL is supported. In GitLab 14.0 and later, we [require PostgreSQL 12+](requirements.md#postgresql-requirements). @@ -403,7 +421,7 @@ In GitLab 12.1 and later, only PostgreSQL is supported. In GitLab 14.0 and later gitlabhq_production> \q ``` -## 7. Redis +## 8. Redis See the [requirements page](requirements.md#redis-versions) for the minimum Redis requirements. @@ -486,7 +504,7 @@ fi sudo service redis-server restart ``` -## 8. GitLab +## 9. GitLab ```shell # We'll install GitLab into the home directory of the user "git" @@ -911,7 +929,7 @@ sudo systemctl start gitlab.target sudo service gitlab start ``` -## 9. NGINX +## 10. NGINX NGINX is the officially supported web server for GitLab. If you cannot or do not want to use NGINX as your web server, see [GitLab recipes](https://gitlab.com/gitlab-org/gitlab-recipes/). @@ -1156,7 +1174,7 @@ prometheus: If you see this message when attempting to clone a repository hosted by GitLab, this is likely due to an outdated NGINX or Apache configuration, or a missing or misconfigured GitLab Workhorse instance. Double-check that you've -[installed Go](#3-go), [installed GitLab Workhorse](#install-gitlab-workhorse), +[installed Go](#4-go), [installed GitLab Workhorse](#install-gitlab-workhorse), and correctly [configured NGINX](#site-configuration). ### `google-protobuf` "LoadError: /lib/x86_64-linux-gnu/libc.so.6: version 'GLIBC_2.14' not found" diff --git a/doc/integration/jira/configure.md b/doc/integration/jira/configure.md index 25aafb6089f..3f3511c3838 100644 --- a/doc/integration/jira/configure.md +++ b/doc/integration/jira/configure.md @@ -13,9 +13,11 @@ The Jira issue integration connects one or more GitLab projects to a Jira instan Prerequisites: - Your GitLab installation must not use a [relative URL](https://docs.gitlab.com/omnibus/settings/configuration.html#configure-a-relative-url-for-gitlab). -- **For Jira Server**, you must have a [Jira username and password](jira_server_configuration.md). - **For Jira Cloud**, you must have a [Jira Cloud API token](#create-a-jira-cloud-api-token) and the email address you used to create the token. +- **For Jira Data Center or Jira Server**, you must have one of the following: + - [Jira username and password](jira_server_configuration.md). + - Jira personal access token. You can enable the Jira issue integration by configuring your project settings in GitLab. You can also configure these settings at the: @@ -37,21 +39,21 @@ To configure your project settings in GitLab: [closing reference](../../user/project/issues/managing_issues.md#closing-issues-automatically) is made in GitLab, select **Enable Jira transitions**. 1. Provide Jira configuration information: - - **Web URL**: The base URL for the Jira instance web interface you're linking to + - **Web URL**: Base URL for the Jira instance web interface you're linking to this GitLab project (for example, `https://jira.example.com`). - - **Jira API URL**: The base URL for the Jira instance API (for example, `https://jira-api.example.com`). - If this URL is not set, the **Web URL** value is used by default. Leave blank if you use **Jira Cloud**. + - **Jira API URL**: Base URL for the Jira instance API (for example, `https://jira-api.example.com`). + If this URL is not set, the **Web URL** value is used by default. For Jira Cloud, leave **Jira API URL** blank. - **Authentication type**: From the dropdown list, select: - **Basic** - **Jira personal access token (Jira Data Center and Jira Server only)** - **Email or username** (relevant to **Basic** authentication only): - For Jira Cloud, enter an email. - - For Jira Data Center and Jira Server, enter a username. + - For Jira Data Center or Jira Server, enter a username. - **New API token, password, or Jira personal access token**: - For **Basic** authentication: - For Jira Cloud, enter an API token. - - For Jira Data Center and Jira Server, enter a password. - - For **Jira personal access token** authentication, enter the token. + - For Jira Data Center or Jira Server, enter a password. + - For **Jira personal access token** authentication, enter a personal access token. 1. To enable users to [view Jira issues](issues.md#view-jira-issues) inside the GitLab project, select **Enable Jira issues** and enter a Jira project key. diff --git a/doc/integration/jira/dvcs/index.md b/doc/integration/jira/dvcs/index.md index 6a197ce5c76..0406fef3f1e 100644 --- a/doc/integration/jira/dvcs/index.md +++ b/doc/integration/jira/dvcs/index.md @@ -9,7 +9,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w WARNING: The Jira DVCS connector for Jira Cloud was [deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/362168) in GitLab 15.1 and [removed](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/118126) in 16.0. Use the [GitLab for Jira Cloud app](../connect-app.md) instead. -The Jira DVCS connector was also deprecated for Jira 8.13 and earlier. You can only use the Jira DVCS connector with Jira Data Center or Jira Server in Jira 8.14 and later. Upgrade your Jira instance to Jira 8.14 or later, and reconfigure the Jira integration in your GitLab instance. +The Jira DVCS connector was also deprecated and removed for Jira 8.13 and earlier. You can only use the Jira DVCS connector with Jira Data Center or Jira Server in Jira 8.14 and later. Upgrade your Jira instance to Jira 8.14 or later, and reconfigure the Jira integration in your GitLab instance. Use the Jira DVCS (distributed version control system) connector if you self-host your Jira instance with Jira Data Center or Jira Server and want to use the [Jira development panel](../development_panel.md). diff --git a/doc/security/token_overview.md b/doc/security/token_overview.md index b349eee9837..8acd4a125ce 100644 --- a/doc/security/token_overview.md +++ b/doc/security/token_overview.md @@ -89,7 +89,7 @@ You can use the runner registration token to add runners that execute jobs in a ## Runner authentication tokens (also called runner tokens) -After registration, the runner receives an authentication token, which it uses to authenticate with GitLab when picking up jobs from the job queue. The authentication token is stored locally in the runner's [`config.toml`](https://docs.gitlab.com/runner/configuration/advanced-configuration.html) file. +Once created, the runner receives an authentication token, which it uses to authenticate with GitLab when picking up jobs from the job queue. The authentication token is stored locally in the runner's [`config.toml`](https://docs.gitlab.com/runner/configuration/advanced-configuration.html) file. After authentication with GitLab, the runner receives a [job token](../ci/jobs/ci_job_token.md), which it uses to execute the job. @@ -97,6 +97,17 @@ In case of Docker Machine/Kubernetes/VirtualBox/Parallels/SSH executors, the exe Malicious access to a runner's file system may expose the `config.toml` file and thus the authentication token, allowing an attacker to [clone the runner](https://docs.gitlab.com/runner/security/#cloning-a-runner). +In GitLab 16.0 and later, you can use an authentication token to register runners instead of a +registration token. Runner registration tokens have been [deprecated](../update/deprecations.md#registration-tokens-and-server-side-runner-arguments-in-gitlab-runner-register-command). + +To generate an authentication token, you create a runner in the GitLab UI and use the authentication token +instead of the registration token. + +| Process | Registration command | +| ------------------ | --------------------- | +| Registration token (deprecated) | `gitlab-runner register --registration-token $RUNNER_REGISTRATION_TOKEN <runner configuration arguments>` | +| Authentication token | `gitlab-runner register --token $RUNNER_AUTHENTICATION_TOKEN` | + ## CI/CD job tokens The [CI/CD](../ci/jobs/ci_job_token.md) job token diff --git a/doc/update/deprecations.md b/doc/update/deprecations.md index cc9b7f786c0..81195db0781 100644 --- a/doc/update/deprecations.md +++ b/doc/update/deprecations.md @@ -1894,6 +1894,20 @@ For more information, refer to [security report validation](https://docs.gitlab. <div class="deprecation breaking-change" data-milestone="16.0"> +### Self-monitoring project is removed + +<div class="deprecation-notes"> +- Announced in: GitLab <span class="milestone">14.9</span> +- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/). +- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/groups/gitlab-org/-/epics/10030). +</div> + +GitLab self-monitoring project was meant to enable self-hosted GitLab administrators to visualize performance metrics of GitLab within GitLab itself. This feature relied on GitLab Metrics dashboards. With metrics dashboard being removed, self-monitoring project is also removed. We recommended that self-hosted users monitor their GitLab instance with alternative visualization tools, such as Grafana. + +</div> + +<div class="deprecation breaking-change" data-milestone="16.0"> + ### Shimo integration <div class="deprecation-notes"> diff --git a/doc/user/admin_area/settings/index.md b/doc/user/admin_area/settings/index.md index 11c14102efb..2091191b889 100644 --- a/doc/user/admin_area/settings/index.md +++ b/doc/user/admin_area/settings/index.md @@ -112,8 +112,6 @@ The **Metrics and profiling** settings contain: Enable and configure Grafana. - [Profiling - Performance bar](../../../administration/monitoring/performance/performance_bar.md#enable-the-performance-bar-for-non-administrators) - Enable access to the Performance Bar for non-administrator users in a given group. -- [Self-monitoring](../../../administration/monitoring/gitlab_self_monitoring_project/index.md#create-the-self-monitoring-project) - - Enable or disable instance self-monitoring. - [Usage statistics](usage_statistics.md) - Enable or disable version check and Service Ping. ### Network diff --git a/doc/user/admin_area/settings/security_and_compliance.md b/doc/user/admin_area/settings/security_and_compliance.md index f70088a8eb6..c7f4d6a3ede 100644 --- a/doc/user/admin_area/settings/security_and_compliance.md +++ b/doc/user/admin_area/settings/security_and_compliance.md @@ -12,7 +12,7 @@ The settings for package metadata synchronization are located in the [Admin Area ## Choose package registry metadata to sync WARNING: -The full package metadata sync can take up to 30 GB of data. Ensure you have provisioned enough disk space before enabling this feature. +The full package metadata sync can add up to 30 GB to the PostgreSQL database. Ensure you have provisioned enough disk space for the database before enabling this feature. We are actively working on reducing this data size in [epic 10415](https://gitlab.com/groups/gitlab-org/-/epics/10415). To choose the packages you want to synchronize with the GitLab License Database for [License Compliance](../../compliance/license_scanning_of_cyclonedx_files/index.md): |
