diff options
Diffstat (limited to 'doc/integration')
| -rw-r--r-- | doc/integration/auth0.md | 4 | ||||
| -rw-r--r-- | doc/integration/azure.md | 4 | ||||
| -rw-r--r-- | doc/integration/cas.md | 4 | ||||
| -rw-r--r-- | doc/integration/elasticsearch.md | 330 | ||||
| -rw-r--r-- | doc/integration/facebook.md | 4 | ||||
| -rw-r--r-- | doc/integration/github.md | 6 | ||||
| -rw-r--r-- | doc/integration/gitlab.md | 4 | ||||
| -rw-r--r-- | doc/integration/jenkins_deprecated.md | 4 | ||||
| -rw-r--r-- | doc/integration/jira.md | 2 | ||||
| -rw-r--r-- | doc/integration/jira_development_panel.md | 2 | ||||
| -rw-r--r-- | doc/integration/kerberos.md | 7 | ||||
| -rw-r--r-- | doc/integration/omniauth.md | 23 | ||||
| -rw-r--r-- | doc/integration/salesforce.md | 4 | ||||
| -rw-r--r-- | doc/integration/saml.md | 10 | ||||
| -rw-r--r-- | doc/integration/shibboleth.md | 16 | ||||
| -rw-r--r-- | doc/integration/slash_commands.md | 1 | ||||
| -rw-r--r-- | doc/integration/twitter.md | 4 | ||||
| -rw-r--r-- | doc/integration/ultra_auth.md | 4 |
18 files changed, 254 insertions, 179 deletions
diff --git a/doc/integration/auth0.md b/doc/integration/auth0.md index 5061b863e79..2dd6fa3d5a2 100644 --- a/doc/integration/auth0.md +++ b/doc/integration/auth0.md @@ -30,7 +30,7 @@ application. 1. On your GitLab server, open the configuration file. - For omnibus package: + For Omnibus package: ```sh sudo editor /etc/gitlab/gitlab.rb @@ -48,7 +48,7 @@ application. 1. Add the provider configuration: - For omnibus package: + For Omnibus package: ```ruby gitlab_rails['omniauth_providers'] = [ diff --git a/doc/integration/azure.md b/doc/integration/azure.md index a9468f201ef..c30d79e3dab 100644 --- a/doc/integration/azure.md +++ b/doc/integration/azure.md @@ -32,7 +32,7 @@ To enable the Microsoft Azure OAuth2 OmniAuth provider you must register your ap 1. On your GitLab server, open the configuration file. - For omnibus package: + For Omnibus package: ```sh sudo editor /etc/gitlab/gitlab.rb @@ -50,7 +50,7 @@ To enable the Microsoft Azure OAuth2 OmniAuth provider you must register your ap 1. Add the provider configuration: - For omnibus package: + For Omnibus package: ```ruby gitlab_rails['omniauth_providers'] = [ diff --git a/doc/integration/cas.md b/doc/integration/cas.md index f99337376a8..83b64773c9f 100644 --- a/doc/integration/cas.md +++ b/doc/integration/cas.md @@ -4,7 +4,7 @@ To enable the CAS OmniAuth provider you must register your application with your 1. On your GitLab server, open the configuration file. - For omnibus package: + For Omnibus package: ```sh sudo editor /etc/gitlab/gitlab.rb @@ -22,7 +22,7 @@ To enable the CAS OmniAuth provider you must register your application with your 1. Add the provider configuration: - For omnibus package: + For Omnibus package: ```ruby gitlab_rails['omniauth_providers'] = [ diff --git a/doc/integration/elasticsearch.md b/doc/integration/elasticsearch.md index eee05eaef02..c8c1bb00d83 100644 --- a/doc/integration/elasticsearch.md +++ b/doc/integration/elasticsearch.md @@ -92,10 +92,11 @@ export PKG_CONFIG_PATH="/usr/local/opt/icu4c/lib/pkgconfig:$PKG_CONFIG_PATH" To build and install the indexer, run: ```sh -git clone https://gitlab.com/gitlab-org/gitlab-elasticsearch-indexer.git -cd gitlab-elasticsearch-indexer -make -sudo make install +indexer_path=/home/git/gitlab-elasticsearch-indexer + +# Run the installation task for gitlab-elasticsearch-indexer: +sudo -u git -H bundle exec rake gitlab:indexer:install[$indexer_path] RAILS_ENV=production +cd $indexer_path && sudo make install ``` The `gitlab-elasticsearch-indexer` will be installed to `/usr/local/bin`. @@ -123,13 +124,15 @@ production instances, they recommend considerably more resources. Storage requirements also vary based on the installation side, but as a rule of thumb, you should allocate the total size of your production database, **plus** -two-thirds of the total size of your git repositories. Efforts to reduce this -total are being tracked in this epic: [gitlab-org&153](https://gitlab.com/groups/gitlab-org/-/epics/153). +two-thirds of the total size of your Git repositories. Efforts to reduce this +total are being tracked in [epic &153](https://gitlab.com/groups/gitlab-org/-/epics/153). ## Enabling Elasticsearch -In order to enable Elasticsearch, you need to have admin access. Go to -**Admin > Settings > Integrations** and find the "Elasticsearch" section. +In order to enable Elasticsearch, you need to have admin access. Navigate to +**Admin Area** (wrench icon), then **Settings > Integrations** and expand the **Elasticsearch** section. + +Click **Save changes** for the changes to take effect. The following Elasticsearch settings are available: @@ -171,197 +174,248 @@ from the Elasticsearch index as expected. To disable the Elasticsearch integration: -1. Navigate to the **Admin > Settings > Integrations** -1. Find the 'Elasticsearch' section and uncheck 'Search with Elasticsearch enabled' - and 'Elasticsearch indexing' -1. Click **Save** for the changes to take effect -1. (Optional) Delete the existing index by running the command `sudo gitlab-rake gitlab:elastic:delete_index` +1. Navigate to the **Admin Area** (wrench icon), then **Settings > Integrations**. +1. Expand the **Elasticsearch** section and uncheck **Elasticsearch indexing** + and **Search with Elasticsearch enabled**. +1. Click **Save changes** for the changes to take effect. +1. (Optional) Delete the existing index by running one of these commands: + + ```sh + # Omnibus installations + sudo gitlab-rake gitlab:elastic:delete_index + + # Installations from source + bundle exec rake gitlab:elastic:delete_index RAILS_ENV=production + ``` ## Adding GitLab's data to the Elasticsearch index -### Indexing small instances (database size less than 500 MiB, size of repos less than 5 GiB) +While Elasticsearch indexing is enabled, new changes in your GitLab instance will be automatically indexed as they happen. +To backfill existing data, you can use one of the methods below to index it in background jobs. -Configure Elasticsearch's host and port in **Admin > Settings**. Then index the data using one of the following commands: +### Indexing through the administration UI -```sh -# Omnibus installations -sudo gitlab-rake gitlab:elastic:index +> [Introduced](https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/15390) in [GitLab Starter](https://about.gitlab.com/pricing/) 12.3. -# Installations from source -bundle exec rake gitlab:elastic:index RAILS_ENV=production -``` +To index via the admin area: + +1. Navigate to the **Admin Area** (wrench icon), then **Settings > Integrations** and expand the **Elasticsearch** section. +1. [Enable **Elasticsearch indexing** and configure your host and port](#enabling-elasticsearch). +1. Create empty indexes using one of the following commands: + + ```sh + # Omnibus installations + sudo gitlab-rake gitlab:elastic:create_empty_index + + # Installations from source + bundle exec rake gitlab:elastic:create_empty_index RAILS_ENV=production + ``` + +1. Click **Index all projects**. +1. Click **Check progress** in the confirmation message to see the status of the background jobs. +1. Personal snippets need to be indexed manually by running one of these commands: + + ```sh + # Omnibus installations + sudo gitlab-rake gitlab:elastic:index_snippets + + # Installations from source + bundle exec rake gitlab:elastic:index_snippets RAILS_ENV=production + ``` + +1. After the indexing has completed, enable [**Search with Elasticsearch**](#enabling-elasticsearch). + +### Indexing through Rake tasks + +#### Indexing small instances + +CAUTION: **Warning**: +This will delete your existing indexes. + +If the database size is less than 500 MiB, and the size of all hosted repos is less than 5 GiB: + +1. [Enable **Elasticsearch indexing** and configure your host and port](#enabling-elasticsearch). +1. Index your data using one of the following commands: + + ```sh + # Omnibus installations + sudo gitlab-rake gitlab:elastic:index + + # Installations from source + bundle exec rake gitlab:elastic:index RAILS_ENV=production + ``` -After it completes the indexing process, [enable Elasticsearch searching](elasticsearch.md#enabling-elasticsearch). +1. After the indexing has completed, enable [**Search with Elasticsearch**](#enabling-elasticsearch). -### Indexing large instances +#### Indexing large instances -WARNING: **Warning**: -Performing asynchronous indexing, as this will describe, will generate a lot of sidekiq jobs. +CAUTION: **Warning**: +Performing asynchronous indexing will generate a lot of Sidekiq jobs. Make sure to prepare for this task by either [Horizontally Scaling](../administration/high_availability/README.md#basic-scaling) -or creating [extra sidekiq processes](../administration/operations/extra_sidekiq_processes.md) +or creating [extra Sidekiq processes](../administration/operations/extra_sidekiq_processes.md) -Configure Elasticsearch's host and port in **Admin > Settings > Integrations**. Then create empty indexes using one of the following commands: +1. [Enable **Elasticsearch indexing** and configure your host and port](#enabling-elasticsearch). +1. Create empty indexes using one of the following commands: -```sh -# Omnibus installations -sudo gitlab-rake gitlab:elastic:create_empty_index + ```sh + # Omnibus installations + sudo gitlab-rake gitlab:elastic:create_empty_index -# Installations from source -bundle exec rake gitlab:elastic:create_empty_index RAILS_ENV=production -``` + # Installations from source + bundle exec rake gitlab:elastic:create_empty_index RAILS_ENV=production + ``` -Indexing large Git repositories can take a while. To speed up the process, you -can temporarily disable auto-refreshing and replicating. In our experience, you can expect a 20% -decrease in indexing time. We'll enable them when indexing is done. This step is optional! +1. Indexing large Git repositories can take a while. To speed up the process, you + can temporarily disable auto-refreshing and replicating. In our experience, you can expect a 20% + decrease in indexing time. We'll enable them when indexing is done. This step is optional! -```bash -curl --request PUT localhost:9200/gitlab-production/_settings --data '{ - "index" : { - "refresh_interval" : "-1", - "number_of_replicas" : 0 - } }' -``` + ```bash + curl --request PUT localhost:9200/gitlab-production/_settings --data '{ + "index" : { + "refresh_interval" : "-1", + "number_of_replicas" : 0 + } }' + ``` -Then enable Elasticsearch indexing and run project indexing tasks: +1. Index projects and their associated data: -```sh -# Omnibus installations -sudo gitlab-rake gitlab:elastic:index_projects + ```sh + # Omnibus installations + sudo gitlab-rake gitlab:elastic:index_projects -# Installations from source -bundle exec rake gitlab:elastic:index_projects RAILS_ENV=production -``` + # Installations from source + bundle exec rake gitlab:elastic:index_projects RAILS_ENV=production + ``` -This enqueues a Sidekiq job for each project that needs to be indexed. -You can view the jobs in the admin panel (they are placed in the `elastic_indexer` -queue), or you can query indexing status using a rake task: + This enqueues a Sidekiq job for each project that needs to be indexed. + You can view the jobs in **Admin Area > Monitoring > Background Jobs > Queues Tab** + and click `elastic_indexer`, or you can query indexing status using a rake task: -```sh -# Omnibus installations -sudo gitlab-rake gitlab:elastic:index_projects_status + ```sh + # Omnibus installations + sudo gitlab-rake gitlab:elastic:index_projects_status -# Installations from source -bundle exec rake gitlab:elastic:index_projects_status RAILS_ENV=production + # Installations from source + bundle exec rake gitlab:elastic:index_projects_status RAILS_ENV=production -Indexing is 65.55% complete (6555/10000 projects) -``` + Indexing is 65.55% complete (6555/10000 projects) + ``` -If you want to limit the index to a range of projects you can provide the -`ID_FROM` and `ID_TO` parameters: + If you want to limit the index to a range of projects you can provide the + `ID_FROM` and `ID_TO` parameters: -```sh -# Omnibus installations -sudo gitlab-rake gitlab:elastic:index_projects ID_FROM=1001 ID_TO=2000 + ```sh + # Omnibus installations + sudo gitlab-rake gitlab:elastic:index_projects ID_FROM=1001 ID_TO=2000 -# Installations from source -bundle exec rake gitlab:elastic:index_projects ID_FROM=1001 ID_TO=2000 RAILS_ENV=production -``` + # Installations from source + bundle exec rake gitlab:elastic:index_projects ID_FROM=1001 ID_TO=2000 RAILS_ENV=production + ``` -Where `ID_FROM` and `ID_TO` are project IDs. Both parameters are optional. -The above examples will index all projects starting with ID `1001` up to (and including) ID `2000`. + Where `ID_FROM` and `ID_TO` are project IDs. Both parameters are optional. + The above example will index all projects from ID `1001` up to (and including) ID `2000`. -TIP: **Troubleshooting:** -Sometimes the project indexing jobs queued by `gitlab:elastic:index_projects` -can get interrupted. This may happen for many reasons, but it's always safe -to run the indexing task again - it will skip those repositories that have -already been indexed. + TIP: **Troubleshooting:** + Sometimes the project indexing jobs queued by `gitlab:elastic:index_projects` + can get interrupted. This may happen for many reasons, but it's always safe + to run the indexing task again. It will skip repositories that have + already been indexed. -As the indexer stores the last commit SHA of every indexed repository in the -database, you can run the indexer with the special parameter `UPDATE_INDEX` and -it will check every project repository again to make sure that every commit in -that repository is indexed, it can be useful in case if your index is outdated: + As the indexer stores the last commit SHA of every indexed repository in the + database, you can run the indexer with the special parameter `UPDATE_INDEX` and + it will check every project repository again to make sure that every commit in + a repository is indexed, which can be useful in case if your index is outdated: -```sh -# Omnibus installations -sudo gitlab-rake gitlab:elastic:index_projects UPDATE_INDEX=true ID_TO=1000 + ```sh + # Omnibus installations + sudo gitlab-rake gitlab:elastic:index_projects UPDATE_INDEX=true ID_TO=1000 -# Installations from source -bundle exec rake gitlab:elastic:index_projects UPDATE_INDEX=true ID_TO=1000 RAILS_ENV=production -``` + # Installations from source + bundle exec rake gitlab:elastic:index_projects UPDATE_INDEX=true ID_TO=1000 RAILS_ENV=production + ``` -You can also use the `gitlab:elastic:clear_index_status` Rake task to force the -indexer to "forget" all progress, so retrying the indexing process from the -start. + You can also use the `gitlab:elastic:clear_index_status` Rake task to force the + indexer to "forget" all progress, so it will retry the indexing process from the + start. -The `index_projects` command enqueues jobs to index all project and wiki -repositories, and most database content. However, snippets still need to be -indexed separately. To do so, run one of these commands: +1. Personal snippets are not associated with a project and need to be indexed separately + by running one of these commands: -```sh -# Omnibus installations -sudo gitlab-rake gitlab:elastic:index_snippets + ```sh + # Omnibus installations + sudo gitlab-rake gitlab:elastic:index_snippets -# Installations from source -bundle exec rake gitlab:elastic:index_snippets RAILS_ENV=production -``` + # Installations from source + bundle exec rake gitlab:elastic:index_snippets RAILS_ENV=production + ``` -Enable replication and refreshing again after indexing (only if you previously disabled it): +1. Enable replication and refreshing again after indexing (only if you previously disabled it): -```bash -curl --request PUT localhost:9200/gitlab-production/_settings --data '{ - "index" : { - "number_of_replicas" : 1, - "refresh_interval" : "1s" - } }' -``` + ```bash + curl --request PUT localhost:9200/gitlab-production/_settings --data '{ + "index" : { + "number_of_replicas" : 1, + "refresh_interval" : "1s" + } }' + ``` -A force merge should be called after enabling the refreshing above. + A force merge should be called after enabling the refreshing above. -For Elasticsearch 6.x, before proceeding with the force merge, the index should be in read-only mode: + For Elasticsearch 6.x, the index should be in read-only mode before proceeding with the force merge: -```bash -curl --request PUT localhost:9200/gitlab-production/_settings --data '{ - "settings": { - "index.blocks.write": true - } }' -``` + ```bash + curl --request PUT localhost:9200/gitlab-production/_settings --data '{ + "settings": { + "index.blocks.write": true + } }' + ``` -Then, initiate the force merge: + Then, initiate the force merge: -```bash -curl --request POST 'http://localhost:9200/gitlab-production/_forcemerge?max_num_segments=5' -``` + ```bash + curl --request POST 'http://localhost:9200/gitlab-production/_forcemerge?max_num_segments=5' + ``` -After this, if your index is in read-only, switch back to read-write: + After this, if your index is in read-only mode, switch back to read-write: -```bash -curl --request PUT localhost:9200/gitlab-production/_settings --data '{ - "settings": { - "index.blocks.write": false - } }' -``` + ```bash + curl --request PUT localhost:9200/gitlab-production/_settings --data '{ + "settings": { + "index.blocks.write": false + } }' + ``` -Enable Elasticsearch search in **Admin > Settings > Integrations**. That's it. Enjoy it! +1. After the indexing has completed, enable [**Search with Elasticsearch**](#enabling-elasticsearch). -### Index limit +### Indexing limitations -Currently for repository and snippet files, GitLab would only index up to 1 MB of content, in order to avoid indexing timeout. +For repository and snippet files, GitLab will only index up to 1 MiB of content, in order to avoid indexing timeouts. ## GitLab Elasticsearch Rake Tasks There are several rake tasks available to you via the command line: -- [sudo gitlab-rake gitlab:elastic:index](https://gitlab.com/gitlab-org/gitlab-ee/blob/master/ee/lib/tasks/gitlab/elastic.rake) +- [`sudo gitlab-rake gitlab:elastic:index`](https://gitlab.com/gitlab-org/gitlab-ee/blob/master/ee/lib/tasks/gitlab/elastic.rake) - This is a wrapper task. It does the following: - `sudo gitlab-rake gitlab:elastic:create_empty_index` - `sudo gitlab-rake gitlab:elastic:clear_index_status` - `sudo gitlab-rake gitlab:elastic:index_projects` - `sudo gitlab-rake gitlab:elastic:index_snippets` -- [sudo gitlab-rake gitlab:elastic:index_projects](https://gitlab.com/gitlab-org/gitlab-ee/blob/master/ee/lib/tasks/gitlab/elastic.rake) +- [`sudo gitlab-rake gitlab:elastic:index_projects`](https://gitlab.com/gitlab-org/gitlab-ee/blob/master/ee/lib/tasks/gitlab/elastic.rake) - This iterates over all projects and queues sidekiq jobs to index them in the background. -- [sudo gitlab-rake gitlab:elastic:index_projects_status](https://gitlab.com/gitlab-org/gitlab-ee/blob/master/ee/lib/tasks/gitlab/elastic.rake) +- [`sudo gitlab-rake gitlab:elastic:index_projects_status`](https://gitlab.com/gitlab-org/gitlab-ee/blob/master/ee/lib/tasks/gitlab/elastic.rake) - This determines the overall status of the indexing. It is done by counting the total number of indexed projects, dividing by a count of the total number of projects, then multiplying by 100. -- [sudo gitlab-rake gitlab:elastic:create_empty_index](https://gitlab.com/gitlab-org/gitlab-ee/blob/master/ee/lib/tasks/gitlab/elastic.rake) - - This generates an empty index on the Elasticsearch side. -- [sudo gitlab-rake gitlab:elastic:clear_index_status](https://gitlab.com/gitlab-org/gitlab-ee/blob/master/ee/lib/tasks/gitlab/elastic.rake) +- [`sudo gitlab-rake gitlab:elastic:create_empty_index`](https://gitlab.com/gitlab-org/gitlab-ee/blob/master/ee/lib/tasks/gitlab/elastic.rake) + - This generates an empty index on the Elasticsearch side, deleting the existing one if present. +- [`sudo gitlab-rake gitlab:elastic:clear_index_status`](https://gitlab.com/gitlab-org/gitlab-ee/blob/master/ee/lib/tasks/gitlab/elastic.rake) - This deletes all instances of IndexStatus for all projects. -- [sudo gitlab-rake gitlab:elastic:delete_index](https://gitlab.com/gitlab-org/gitlab-ee/blob/master/ee/lib/tasks/gitlab/elastic.rake) +- [`sudo gitlab-rake gitlab:elastic:delete_index`](https://gitlab.com/gitlab-org/gitlab-ee/blob/master/ee/lib/tasks/gitlab/elastic.rake) - This removes the GitLab index on the Elasticsearch instance. -- [sudo gitlab-rake gitlab:elastic:recreate_index](https://gitlab.com/gitlab-org/gitlab-ee/blob/master/ee/lib/tasks/gitlab/elastic.rake) +- [`sudo gitlab-rake gitlab:elastic:recreate_index`](https://gitlab.com/gitlab-org/gitlab-ee/blob/master/ee/lib/tasks/gitlab/elastic.rake) - Does the same thing as `sudo gitlab-rake gitlab:elastic:create_empty_index` -- [sudo gitlab-rake gitlab:elastic:index_snippets](https://gitlab.com/gitlab-org/gitlab-ee/blob/master/ee/lib/tasks/gitlab/elastic.rake) +- [`sudo gitlab-rake gitlab:elastic:index_snippets`](https://gitlab.com/gitlab-org/gitlab-ee/blob/master/ee/lib/tasks/gitlab/elastic.rake) - Performs an Elasticsearch import that indexes the snippets data. -- [sudo gitlab-rake gitlab:elastic:projects_not_indexed](https://gitlab.com/gitlab-org/gitlab-ee/blob/master/ee/lib/tasks/gitlab/elastic.rake) +- [`sudo gitlab-rake gitlab:elastic:projects_not_indexed`](https://gitlab.com/gitlab-org/gitlab-ee/blob/master/ee/lib/tasks/gitlab/elastic.rake) - Displays which projects are not indexed. ### Environment Variables @@ -468,7 +522,7 @@ Here are some common pitfalls and how to overcome them: pp s.search_objects.to_a ``` - See [Elasticsearch Index Scopes](elasticsearch.md#elasticsearch-index-scopes) for more information on searching for specific types of data. + See [Elasticsearch Index Scopes](#elasticsearch-index-scopes) for more information on searching for specific types of data. - **I indexed all the repositories but then switched Elasticsearch servers and now I can't find anything** diff --git a/doc/integration/facebook.md b/doc/integration/facebook.md index 49b3d194a01..d46486ad888 100644 --- a/doc/integration/facebook.md +++ b/doc/integration/facebook.md @@ -49,7 +49,7 @@ To enable the Facebook OmniAuth provider you must register your application with 1. On your GitLab server, open the configuration file. - For omnibus package: + For Omnibus package: ```sh sudo editor /etc/gitlab/gitlab.rb @@ -67,7 +67,7 @@ To enable the Facebook OmniAuth provider you must register your application with 1. Add the provider configuration: - For omnibus package: + For Omnibus package: ```ruby gitlab_rails['omniauth_providers'] = [ diff --git a/doc/integration/github.md b/doc/integration/github.md index c8dbae65465..f19b3109d15 100644 --- a/doc/integration/github.md +++ b/doc/integration/github.md @@ -36,7 +36,7 @@ To get the credentials (a pair of Client ID and Client Secret), you must registe 1. On your GitLab server, open the configuration file. - For omnibus package: + For Omnibus package: ```sh sudo editor /etc/gitlab/gitlab.rb @@ -54,7 +54,7 @@ To get the credentials (a pair of Client ID and Client Secret), you must registe 1. Add the provider configuration: - For omnibus package: + For Omnibus package: For GitHub.com: @@ -124,7 +124,7 @@ certificate and the imports are failing, you will need to disable SSL verificati It should be disabled by adding `verify_ssl` to `false` in the provider configuration and changing the global Git `sslVerify` option to `false` in the GitLab server. -For omnibus package: +For Omnibus package: ```ruby gitlab_rails['omniauth_providers'] = [ diff --git a/doc/integration/gitlab.md b/doc/integration/gitlab.md index 46da3d88d90..74f2d5cb403 100644 --- a/doc/integration/gitlab.md +++ b/doc/integration/gitlab.md @@ -30,7 +30,7 @@ GitLab.com will generate an application ID and secret key for you to use. 1. On your GitLab server, open the configuration file. - For omnibus package: + For Omnibus package: ```sh sudo editor /etc/gitlab/gitlab.rb @@ -48,7 +48,7 @@ GitLab.com will generate an application ID and secret key for you to use. 1. Add the provider configuration: - For omnibus package: + For Omnibus package: ```ruby gitlab_rails['omniauth_providers'] = [ diff --git a/doc/integration/jenkins_deprecated.md b/doc/integration/jenkins_deprecated.md index bac89ae2dc6..3e437eb688a 100644 --- a/doc/integration/jenkins_deprecated.md +++ b/doc/integration/jenkins_deprecated.md @@ -14,12 +14,12 @@ Integration includes: Requirements: - [Jenkins GitLab Hook plugin](https://wiki.jenkins.io/display/JENKINS/GitLab+Hook+Plugin) -- git clone access for Jenkins from GitLab repo (via ssh key) +- Git clone access for Jenkins from GitLab repo (via ssh key) ## Jenkins 1. Install [GitLab Hook plugin](https://wiki.jenkins.io/display/JENKINS/GitLab+Hook+Plugin) -1. Set up jenkins project +1. Set up Jenkins project  diff --git a/doc/integration/jira.md b/doc/integration/jira.md index c09fde08326..37eba25fb5a 100644 --- a/doc/integration/jira.md +++ b/doc/integration/jira.md @@ -2,4 +2,4 @@ redirect_to: '../user/project/integrations/jira.md' --- -This document was moved to [integrations/jira](../user/project/integrations/jira.md). +This document was moved to [another location](../user/project/integrations/jira.md). diff --git a/doc/integration/jira_development_panel.md b/doc/integration/jira_development_panel.md index 3e894371df9..c413e07ec93 100644 --- a/doc/integration/jira_development_panel.md +++ b/doc/integration/jira_development_panel.md @@ -23,7 +23,7 @@ or instance admin (in the case of self-hosted GitLab) set up the integration, in order to simplify administration. TIP: **Tip:** -Create and use a single-purpose "jira" user in GitLab, so that removing +Create and use a single-purpose `jira` user in GitLab, so that removing regular users won't impact your integration. ## Requirements diff --git a/doc/integration/kerberos.md b/doc/integration/kerberos.md index b791cbd428d..81a1e9b0067 100644 --- a/doc/integration/kerberos.md +++ b/doc/integration/kerberos.md @@ -46,7 +46,7 @@ sudo chmod 0600 /etc/http.keytab For source installations, make sure the `kerberos` gem group [has been installed](../install/installation.md#install-gems). -1. Edit the kerberos section of [gitlab.yml] to enable Kerberos ticket-based +1. Edit the `kerberos` section of [`gitlab.yml`](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/config/gitlab.yml.example) to enable Kerberos ticket-based authentication. In most cases, you only need to enable Kerberos and specify the location of the keytab: @@ -153,7 +153,7 @@ keep offering only `basic` authentication. listen [::]:8443 ipv6only=on ssl; ``` -1. Update the Kerberos section of [gitlab.yml]: +1. Update the `kerberos` section of [`gitlab.yml`](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/config/gitlab.yml.example): ```yaml kerberos: @@ -203,7 +203,7 @@ remove the OmniAuth provider named `kerberos` from your `gitlab.yml` / **For installations from source** -1. Edit [gitlab.yml] and remove the `- { name: 'kerberos' }` line under omniauth +1. Edit [`gitlab.yml`](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/config/gitlab.yml.example) and remove the `- { name: 'kerberos' }` line under omniauth providers: ```yaml @@ -295,7 +295,6 @@ See also: [Git v2.11 release notes](https://github.com/git/git/blob/master/Docum - <http://blog.manula.org/2012/04/setting-up-kerberos-server-with-debian.html> - <http://www.roguelynn.com/words/explain-like-im-5-kerberos/> -[gitlab.yml]: https://gitlab.com/gitlab-org/gitlab-ce/blob/master/config/gitlab.yml.example [restart gitlab]: ../administration/restart_gitlab.md#installations-from-source [reconfigure gitlab]: ../administration/restart_gitlab.md#omnibus-gitlab-reconfigure [nginx]: http://nginx.org/en/docs/http/ngx_http_core_module.html#large_client_header_buffers diff --git a/doc/integration/omniauth.md b/doc/integration/omniauth.md index 7a92ed994c7..ef319f7f0ce 100644 --- a/doc/integration/omniauth.md +++ b/doc/integration/omniauth.md @@ -69,7 +69,7 @@ that are in common for all providers that we need to consider. To change these settings: -- **For omnibus package** +- **For Omnibus package** Open the configuration file: @@ -277,3 +277,24 @@ omniauth: sync_profile_from_provider: ['twitter', 'google_oauth2'] sync_profile_attributes: ['email', 'location'] ``` + +## Bypassing two factor authentication + +Starting with GitLab 12.3, this allows users to login with the specified +providers without two factor authentication. + +Define the allowed providers using an array, e.g. `["twitter", 'google_oauth2']`, or as +`true`/`false` to allow all providers or none. This option should only be configured +for providers which already have two factor authentication (default: false). +This configration dose not apply to SAML. + +```ruby +gitlab_rails['omniauth_allow_bypass_two_factor'] = ['twitter', 'google_oauth2'] +``` + +**For installations from source** + +```yaml +omniauth: + allow_bypass_two_factor: ['twitter', 'google_oauth2'] +``` diff --git a/doc/integration/salesforce.md b/doc/integration/salesforce.md index 176622e8050..10ab9d3c126 100644 --- a/doc/integration/salesforce.md +++ b/doc/integration/salesforce.md @@ -29,7 +29,7 @@ To get the credentials (a pair of Client ID and Client Secret), you must [create 1. On your GitLab server, open the configuration file. - For omnibus package: + For Omnibus package: ```sh sudo editor /etc/gitlab/gitlab.rb @@ -46,7 +46,7 @@ To get the credentials (a pair of Client ID and Client Secret), you must [create 1. Add the provider configuration: - For omnibus package: + For Omnibus package: ```ruby gitlab_rails['omniauth_providers'] = [ diff --git a/doc/integration/saml.md b/doc/integration/saml.md index 22e07594d6f..de160e72dda 100644 --- a/doc/integration/saml.md +++ b/doc/integration/saml.md @@ -17,7 +17,7 @@ in your SAML IdP: 1. On your GitLab server, open the configuration file. - For omnibus package: + For Omnibus package: ```sh sudo editor /etc/gitlab/gitlab.rb @@ -34,7 +34,7 @@ in your SAML IdP: 1. To allow your users to use SAML to sign up without having to manually create an account first, don't forget to add the following values to your configuration: - For omnibus package: + For Omnibus package: ```ruby gitlab_rails['omniauth_enabled'] = true @@ -54,7 +54,7 @@ in your SAML IdP: 1. You can also automatically link SAML users with existing GitLab users if their email addresses match by adding the following setting: - For omnibus package: + For Omnibus package: ```ruby gitlab_rails['omniauth_auto_link_saml_user'] = true @@ -68,7 +68,7 @@ in your SAML IdP: 1. Add the provider configuration: - For omnibus package: + For Omnibus package: ```ruby gitlab_rails['omniauth_providers'] = [ @@ -342,7 +342,7 @@ You can add this setting to your GitLab configuration to automatically redirect to your SAML server for authentication, thus removing the need to click a button before actually signing in. -For omnibus package: +For Omnibus package: ```ruby gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'saml' diff --git a/doc/integration/shibboleth.md b/doc/integration/shibboleth.md index 27355d25266..ca5a8077e73 100644 --- a/doc/integration/shibboleth.md +++ b/doc/integration/shibboleth.md @@ -1,18 +1,18 @@ # Shibboleth OmniAuth Provider -This documentation is for enabling shibboleth with omnibus-gitlab package. +This documentation is for enabling Shibboleth with the Omnibus GitLab package. -In order to enable Shibboleth support in gitlab we need to use Apache instead of Nginx (It may be possible to use Nginx, however this is difficult to configure using the bundled Nginx provided in the omnibus-gitlab package). Apache uses mod_shib2 module for shibboleth authentication and can pass attributes as headers to omniauth-shibboleth provider. +In order to enable Shibboleth support in GitLab we need to use Apache instead of Nginx (It may be possible to use Nginx, however this is difficult to configure using the bundled Nginx provided in the Omnibus GitLab package). Apache uses mod_shib2 module for Shibboleth authentication and can pass attributes as headers to Omniauth Shibboleth provider. -To enable the Shibboleth OmniAuth provider you must configure Apache shibboleth module. +To enable the Shibboleth OmniAuth provider you must configure Apache Shibboleth module. The installation and configuration of the module itself is out of the scope of this document. Check <https://wiki.shibboleth.net/confluence/display/SP3/Apache> for more info. -You can find Apache config in gitlab-recipes (<https://gitlab.com/gitlab-org/gitlab-recipes/tree/master/web-server/apache>). +You can find Apache config in [GitLab Recipes](https://gitlab.com/gitlab-org/gitlab-recipes/tree/master/web-server/apache). The following changes are needed to enable Shibboleth: -1. Protect omniauth-shibboleth callback URL: +1. Protect Omniauth Shibboleth callback URL: ``` <Location /users/auth/shibboleth/callback> @@ -32,7 +32,7 @@ The following changes are needed to enable Shibboleth: </Location> ``` -1. Exclude shibboleth URLs from rewriting. Add `RewriteCond %{REQUEST_URI} !/Shibboleth.sso` and `RewriteCond %{REQUEST_URI} !/shibboleth-sp`. Config should look like this: +1. Exclude Shibboleth URLs from rewriting. Add `RewriteCond %{REQUEST_URI} !/Shibboleth.sso` and `RewriteCond %{REQUEST_URI} !/shibboleth-sp`. Config should look like this: ``` # Apache equivalent of Nginx try files @@ -50,7 +50,7 @@ The following changes are needed to enable Shibboleth: attribute mapping. Therefore the values of the `args` hash should be in the form of `"HTTP_ATTRIBUTE"`. The keys in the hash are arguments to the [OmniAuth::Strategies::Shibboleth class](https://github.com/toyokazu/omniauth-shibboleth/blob/master/lib/omniauth/strategies/shibboleth.rb) - and are documented by the [omniauth-shibboleth gem](https://github.com/toyokazu/omniauth-shibboleth) + and are documented by the [`omniauth-shibboleth` gem](https://github.com/toyokazu/omniauth-shibboleth) (take care to note the version of the gem packaged with GitLab). If some of your users appear to be authenticated by Shibboleth and Apache, but GitLab rejects their account with a URI that contains "e-mail is invalid" then your @@ -94,7 +94,7 @@ On the sign in page, there should now be a "Sign in with: Shibboleth" icon below ## Apache 2.4 / GitLab 8.6 update The order of the first 2 Location directives is important. If they are reversed, -you will not get a shibboleth session! +you will not get a Shibboleth session! ``` <Location /> diff --git a/doc/integration/slash_commands.md b/doc/integration/slash_commands.md index 71ea2e25533..86a66dc4569 100644 --- a/doc/integration/slash_commands.md +++ b/doc/integration/slash_commands.md @@ -15,6 +15,7 @@ Taking the trigger term as `project-name`, the commands are: | `/project-name help` | Shows all available slash commands | | `/project-name issue new <title> <shift+return> <description>` | Creates a new issue with title `<title>` and description `<description>` | | `/project-name issue show <id>` | Shows the issue with id `<id>` | +| `/project-name issue close <id>` | Closes the issue with id `<id>` | | `/project-name issue search <query>` | Shows up to 5 issues matching `<query>` | | `/project-name issue move <id> to <project>` | Moves issue ID `<id>` to `<project>` | | `/project-name deploy <from> to <to>` | Deploy from the `<from>` environment to the `<to>` environment | diff --git a/doc/integration/twitter.md b/doc/integration/twitter.md index d8096993885..b2bd1b57d0f 100644 --- a/doc/integration/twitter.md +++ b/doc/integration/twitter.md @@ -32,7 +32,7 @@ To enable the Twitter OmniAuth provider you must register your application with 1. On your GitLab server, open the configuration file. - For omnibus package: + For Omnibus package: ```sh sudo editor /etc/gitlab/gitlab.rb @@ -50,7 +50,7 @@ To enable the Twitter OmniAuth provider you must register your application with 1. Add the provider configuration: - For omnibus package: + For Omnibus package: ```ruby gitlab_rails['omniauth_providers'] = [ diff --git a/doc/integration/ultra_auth.md b/doc/integration/ultra_auth.md index 9ed1bdb4882..fb950ba989a 100644 --- a/doc/integration/ultra_auth.md +++ b/doc/integration/ultra_auth.md @@ -25,7 +25,7 @@ To get the credentials (a pair of Client ID and Client Secret), you must registe 1. Select **Register application**. 1. On your GitLab server, open the configuration file. - For omnibus package: + For Omnibus package: ```sh sudo editor /etc/gitlab/gitlab.rb @@ -41,7 +41,7 @@ To get the credentials (a pair of Client ID and Client Secret), you must registe 1. See [Initial OmniAuth Configuration](omniauth.md#initial-omniauth-configuration) for initial settings. 1. Add the provider configuration: - For omnibus package: + For Omnibus package: ```ruby gitlab_rails['omniauth_providers'] = [ |