diff options
Diffstat (limited to 'doc/user/admin_area/settings')
| -rw-r--r-- | doc/user/admin_area/settings/account_and_limit_settings.md | 27 | ||||
| -rw-r--r-- | doc/user/admin_area/settings/continuous_integration.md | 79 | ||||
| -rw-r--r-- | doc/user/admin_area/settings/external_authorization.md | 40 | ||||
| -rw-r--r-- | doc/user/admin_area/settings/img/admin_project_quota_view.png | bin | 2670 -> 0 bytes | |||
| -rw-r--r-- | doc/user/admin_area/settings/img/external_authorization_service_settings.png | bin | 74753 -> 0 bytes | |||
| -rw-r--r-- | doc/user/admin_area/settings/img/file_template_admin_area_v14_0.png | bin | 11252 -> 0 bytes | |||
| -rw-r--r-- | doc/user/admin_area/settings/img/group_pipelines_quota.png | bin | 21010 -> 0 bytes | |||
| -rw-r--r-- | doc/user/admin_area/settings/index.md | 5 | ||||
| -rw-r--r-- | doc/user/admin_area/settings/instance_template_repository.md | 10 | ||||
| -rw-r--r-- | doc/user/admin_area/settings/sign_in_restrictions.md | 8 | ||||
| -rw-r--r-- | doc/user/admin_area/settings/third_party_offers.md | 15 | ||||
| -rw-r--r-- | doc/user/admin_area/settings/visibility_and_access_controls.md | 3 |
12 files changed, 65 insertions, 122 deletions
diff --git a/doc/user/admin_area/settings/account_and_limit_settings.md b/doc/user/admin_area/settings/account_and_limit_settings.md index 5868f20d0d8..f748f575419 100644 --- a/doc/user/admin_area/settings/account_and_limit_settings.md +++ b/doc/user/admin_area/settings/account_and_limit_settings.md @@ -36,17 +36,19 @@ can create in their personal namespace: ## Max attachment size -You can change the maximum file size for attachments in comments and replies in GitLab: +The maximum file size for attachments in GitLab comments and replies is 10 MB. +To change the maximum attachment size: 1. On the top bar, select **Menu > Admin**. 1. On the left sidebar, select **Settings > General**, then expand **Account and limit**. 1. Increase or decrease by changing the value in **Maximum attachment size (MB)**. -NOTE: If you choose a size larger than the configured value for the web server, -you may receive errors. See the [troubleshooting section](#troubleshooting) for more +you may receive errors. Read the [troubleshooting section](#troubleshooting) for more details. +For GitLab.com repository size limits, read [accounts and limit settings](../../gitlab_com/index.md#account-and-limit-settings). + ## Max push size You can change the maximum push size for your repository: @@ -64,17 +66,20 @@ Use [Git LFS](../../../topics/git/lfs/index.md) to add large files to a reposito ## Max import size -You can change the maximum file size for imports in GitLab: +> [Modified](https://gitlab.com/gitlab-org/gitlab/-/issues/251106) from 50 MB to unlimited in GitLab 13.8. + +To modify the maximum file size for imports in GitLab: 1. On the top bar, select **Menu > Admin**. 1. On the left sidebar, select **Settings > General**, then expand **Account and limit**. 1. Increase or decrease by changing the value in **Maximum import size (MB)**. -NOTE: If you choose a size larger than the configured value for the web server, you may receive errors. See the [troubleshooting section](#troubleshooting) for more details. +For GitLab.com repository size limits, read [accounts and limit settings](../../gitlab_com/index.md#account-and-limit-settings). + ## Personal access token prefix > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/20968) in GitLab 13.7. @@ -118,6 +123,9 @@ For instance, consider the following workflow: 1. Before you exceed available storage, you set up a limit of 10 GB per repository. +NOTE: +For GitLab.com repository size limits, read [accounts and limit settings](../../gitlab_com/index.md#account-and-limit-settings). + ### How it works Only a GitLab administrator can set those limits. Setting the limit to `0` means @@ -150,9 +158,6 @@ wiki, packages, or snippets. The repository size limit applies to both private a For details on manually purging files, see [reducing the repository size using Git](../../project/repository/reducing_the_repo_size_using_git.md). -NOTE: -For GitLab.com repository size limits, see [accounts and limit settings](../../gitlab_com/index.md#account-and-limit-settings). - ## Troubleshooting ### 413 Request Entity Too Large @@ -196,11 +201,7 @@ To set a limit on how long these sessions are valid: > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/1007) in GitLab 14.6 [with a flag](../../../administration/feature_flags.md) named `ff_limit_ssh_key_lifetime`. Disabled by default. > - [Enabled on self-managed](https://gitlab.com/gitlab-org/gitlab/-/issues/346753) in GitLab 14.6. - -FLAG: -On self-managed GitLab, by default this feature is available. To hide the feature, -ask an administrator to [disable the feature flag](../../../administration/feature_flags.md) named `ff_limit_ssh_key_lifetime`. -On GitLab.com, this feature is not available. +> - [Generally available](https://gitlab.com/gitlab-org/gitlab/-/issues/1007) in GitLab 14.7. [Feature flag ff_limit_ssh_key_lifetime](https://gitlab.com/gitlab-org/gitlab/-/issues/347408) removed. Users can optionally specify a lifetime for [SSH keys](../../../ssh/index.md). diff --git a/doc/user/admin_area/settings/continuous_integration.md b/doc/user/admin_area/settings/continuous_integration.md index c6ebce03b06..e18808ffb41 100644 --- a/doc/user/admin_area/settings/continuous_integration.md +++ b/doc/user/admin_area/settings/continuous_integration.md @@ -134,44 +134,9 @@ A new pipeline must run before the latest artifacts can expire and be deleted. NOTE: All application settings have a [customizable cache expiry interval](../../../administration/application_settings_cache.md) which can delay the settings affect. -## Shared runners pipeline minutes quota **(PREMIUM SELF)** +## Shared runners CI/CD minutes -> [Moved](https://about.gitlab.com/blog/2021/01/26/new-gitlab-product-subscription-model/) to GitLab Premium in 13.9. - -If you have enabled shared runners for your GitLab instance, you can limit their -usage by setting a maximum number of pipeline minutes that a group can use on -shared runners per month. Setting this to `0` (default value) grants -unlimited pipeline minutes. While build limits are stored as minutes, the -counting is done in seconds. Usage resets on the first day of each month. -On GitLab.com, the quota is calculated based on your -[subscription plan](../../../subscriptions/gitlab_com/index.md#ci-pipeline-minutes). - -To change the pipelines minutes quota: - -1. On the top bar, select **Menu > Admin**. -1. On the left sidebar, select **Settings > CI/CD**. -1. Expand **Continuous Integration and Deployment**. -1. In the **Pipeline minutes quota** box, enter the maximum number of minutes. -1. Click **Save changes** for the changes to take effect. - -While the setting in the Admin Area has a global effect, as an administrator you can -also change each group's pipeline minutes quota to override the global value. - -1. Navigate to the **Admin Area > Overview > Groups** and hit the **Edit** - button for the group you wish to change the pipeline minutes quota. -1. In the **Pipeline Minutes Quota** box, enter the maximum number of minutes. -1. Click **Save changes** for the changes to take effect. - -Once saved, you can see the build quota in the group settings. -The quota can also be viewed in the project settings if shared runners -are enabled. - - - -You can see an overview of the pipeline minutes quota of all projects of -a group in the **Usage Quotas** page available to the group page settings list. - - +As an administrator you can set either a global or namespace-specific limit on the number of [CI/CD minutes](../../../ci/pipelines/cicd_minutes.md) you can use. ## Archive jobs @@ -303,13 +268,12 @@ To set the maximum file size: 1. Enter the maximum file size, in bytes. 1. Click **Save size limits**. -## Runner registration +## Prevent users from registering runners + +> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/22225) in GitLab 14.1. -> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/22225) in GitLab 14.1. -> - [Deployed behind a feature flag](../../feature_flags.md), disabled by default. -> - Disabled on GitLab.com. -> - Not recommended for production use. -> - To use in GitLab self-managed instances, ask a GitLab administrator to enable it. +FLAG: +On self-managed GitLab, by default this feature is not available. To make it available, ask an administrator to [enable the feature flag](../../feature_flags.md) named `runner_registration_control`. On GitLab.com, this feature is not available. GitLab administrators can adjust who is allowed to register runners, by showing and hiding areas of the UI. @@ -318,29 +282,14 @@ By default, all members of a project and group are able to register runners. To change this: 1. On the top bar, select **Menu > Admin**. -1. Go to **Settings > CI/CD**. -1. Expand the **Runner registration** section. -1. Select the desired options. -1. Click **Save changes**. - -When the registration sections are hidden in the UI, members of the project or group that need to register runners must contact the administrators. - -This feature is currently behind a feature flag. -To enable it: - -**In Omnibus installations:** - -1. Enter the Rails console: - - ```shell - sudo gitlab-rails console - ``` - -1. Flip the switch and enable the feature flag: +1. On the left sidebar, select **Settings > CI/CD**. +1. Expand **Runner registration**. +1. Clear the checkbox if you don't want to display runner registration + information in the UI for group or project members. +1. Select **Save changes**. - ```ruby - Feature.enable(:runner_registration_control) - ``` +WARNING: +When the registration sections are hidden in the UI, members of the project or group that need to register runners must contact the administrators. If you plan to prevent registration, ensure users have access to the runners they need to run jobs. ## Troubleshooting diff --git a/doc/user/admin_area/settings/external_authorization.md b/doc/user/admin_area/settings/external_authorization.md index 5f007c83e4b..4fd7c59ef24 100644 --- a/doc/user/admin_area/settings/external_authorization.md +++ b/doc/user/admin_area/settings/external_authorization.md @@ -1,6 +1,6 @@ --- stage: Manage -group: Access +group: Authentication & Authorization info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments --- @@ -29,39 +29,13 @@ functionality that render cross-project data. That includes: Labels, Milestones, Merge requests). - Global and Group search are disabled. -This is to prevent performing to many requests at once to the external +This is to prevent performing too many requests at once to the external authorization service. Whenever access is granted or denied this is logged in a log file called `external-policy-access-control.log`. Read more about the logs GitLab keeps in the [Omnibus GitLab documentation](https://docs.gitlab.com/omnibus/settings/logs.html). -## Configuration - -The external authorization service can be enabled by an administrator: - -1. On the top bar, select **Menu > Admin**. -1. On the left sidebar, select **Settings > General**: -  - -The available required properties are: - -- **Service URL**: The URL to make authorization requests to. When leaving the - URL blank, cross project features remain available while still being able - to specify classification labels for projects. -- **External authorization request timeout**: The timeout after which an - authorization request is aborted. When a request times out, access is denied - to the user. -- **Client authentication certificate**: The certificate to use to authenticate - with the external authorization service. -- **Client authentication key**: Private key for the certificate when - authentication is required for the external authorization service, this is - encrypted when stored. -- **Client authentication key password**: Passphrase to use for the private key - when authenticating with the external service this is encrypted when stored. -- **Default classification label**: The classification label to use when - requesting authorization if no specific label is defined on the project - When using TLS Authentication with a self signed certificate, the CA certificate needs to be trusted by the OpenSSL installation. When using GitLab installed using Omnibus, learn to install a custom CA in the @@ -69,6 +43,16 @@ using Omnibus, learn to install a custom CA in the Alternatively, learn where to install custom certificates by using `openssl version -d`. +## Configuration + +The external authorization service can be enabled by an administrator: + +1. On the top bar, select **Menu > Admin**. +1. On the left sidebar, select **Settings > General**. +1. Expand **External authorization**. +1. Complete the fields. +1. Select **Save changes**. + ## How it works When GitLab requests access, it sends a JSON POST request to the external diff --git a/doc/user/admin_area/settings/img/admin_project_quota_view.png b/doc/user/admin_area/settings/img/admin_project_quota_view.png Binary files differdeleted file mode 100644 index 8320be860da..00000000000 --- a/doc/user/admin_area/settings/img/admin_project_quota_view.png +++ /dev/null diff --git a/doc/user/admin_area/settings/img/external_authorization_service_settings.png b/doc/user/admin_area/settings/img/external_authorization_service_settings.png Binary files differdeleted file mode 100644 index 9b8658fd1a1..00000000000 --- a/doc/user/admin_area/settings/img/external_authorization_service_settings.png +++ /dev/null diff --git a/doc/user/admin_area/settings/img/file_template_admin_area_v14_0.png b/doc/user/admin_area/settings/img/file_template_admin_area_v14_0.png Binary files differdeleted file mode 100644 index 33fce8a2b77..00000000000 --- a/doc/user/admin_area/settings/img/file_template_admin_area_v14_0.png +++ /dev/null diff --git a/doc/user/admin_area/settings/img/group_pipelines_quota.png b/doc/user/admin_area/settings/img/group_pipelines_quota.png Binary files differdeleted file mode 100644 index 318527426bd..00000000000 --- a/doc/user/admin_area/settings/img/group_pipelines_quota.png +++ /dev/null diff --git a/doc/user/admin_area/settings/index.md b/doc/user/admin_area/settings/index.md index 7945e5d790f..2820f3ae9df 100644 --- a/doc/user/admin_area/settings/index.md +++ b/doc/user/admin_area/settings/index.md @@ -64,7 +64,7 @@ The **CI/CD** settings contain: This pipeline configuration is run after the project's own configuration. - [Package Registry](continuous_integration.md#package-registry-configuration) - Settings related to the use and experience of using the GitLab Package Registry. Some - [risks are involved](../../packages/container_registry/index.md#use-with-external-container-registries) + [risks are involved](../../packages/container_registry/reduce_container_registry_storage.md#use-with-external-container-registries) in enabling some of these settings. ### Geo **(PREMIUM SELF)** @@ -91,7 +91,8 @@ The **Integrations** settings contain: Slack integration allows you to interact with GitLab via slash commands in a chat window. This option is only available on GitLab.com, though it may be [available for self-managed instances in the future](https://gitlab.com/gitlab-org/gitlab/-/issues/28164). -- [Third party offers](third_party_offers.md) - Control the display of third-party offers. +- [Customer experience improvement and third-party offers](third_party_offers.md) - + Control the display of customer experience improvement content and third-party offers. - [Snowplow](../../../development/snowplow/index.md) - Configure the Snowplow integration. - [Google GKE](../../project/clusters/add_gke_clusters.md) - Google GKE integration enables you to provision GKE clusters from GitLab. diff --git a/doc/user/admin_area/settings/instance_template_repository.md b/doc/user/admin_area/settings/instance_template_repository.md index 71eb7bbbdc9..51695ef7fd2 100644 --- a/doc/user/admin_area/settings/instance_template_repository.md +++ b/doc/user/admin_area/settings/instance_template_repository.md @@ -7,7 +7,8 @@ type: reference # Instance template repository **(PREMIUM SELF)** -> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/5986) in GitLab 11.3. +> - [Improved](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/52360) to behave like group-level templates in GitLab 13.9. +> - [Feature flag removed](https://gitlab.com/gitlab-org/gitlab/-/issues/321247) in GitLab 14.0. In hosted systems, enterprises often have a need to share their own templates across teams. This feature allows an administrator to pick a project to be the @@ -21,10 +22,9 @@ To select a project to serve as the custom template repository: 1. On the top bar, select **Menu > Admin**. 1. On the left sidebar, select **Settings > Templates**. -1. Select the project: - -  - +1. Expand **Templates** +1. From the dropdown list, select the project to use as the template repository. +1. Select **Save changes**. 1. Add custom templates to the selected repository. After you add templates, you can use them for the entire instance. diff --git a/doc/user/admin_area/settings/sign_in_restrictions.md b/doc/user/admin_area/settings/sign_in_restrictions.md index 8cee63b0ac2..52b20d5b437 100644 --- a/doc/user/admin_area/settings/sign_in_restrictions.md +++ b/doc/user/admin_area/settings/sign_in_restrictions.md @@ -2,7 +2,6 @@ stage: none group: unassigned info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments -type: reference --- # Sign-in restrictions **(FREE SELF)** @@ -21,8 +20,11 @@ To access sign-in restriction settings: You can restrict the password authentication for web interface and Git over HTTP(S): -- **Web interface**: When this feature is disabled, the **Standard** sign-in tab is removed and an [external authentication provider](../../../administration/auth/index.md) must be used. -- **Git over HTTP(S)**: When this feature is disabled, a [Personal Access Token](../../profile/personal_access_tokens.md) must be used to authenticate. +- **Web interface**: When this feature is disabled, the **Standard** sign-in tab + is removed and an [external authentication provider](../../../administration/auth/index.md) + must be used. +- **Git over HTTP(S)**: When this feature is disabled, a [Personal Access Token](../../profile/personal_access_tokens.md) + or LDAP password must be used to authenticate. In the event of an external authentication provider outage, use the [GitLab Rails console](../../../administration/operations/rails_console.md) to [re-enable the standard web sign-in form](../../../administration/troubleshooting/gitlab_rails_cheat_sheet.md#re-enable-standard-web-sign-in-form). This configuration can also be changed over the [Application settings REST API](../../../api/settings.md#change-application-settings) while authenticating with an administrator account's personal access token. diff --git a/doc/user/admin_area/settings/third_party_offers.md b/doc/user/admin_area/settings/third_party_offers.md index c9d48b14a6c..04ec9ed652f 100644 --- a/doc/user/admin_area/settings/third_party_offers.md +++ b/doc/user/admin_area/settings/third_party_offers.md @@ -1,11 +1,11 @@ --- -stage: none -group: unassigned +stage: Manage +group: Workspace info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments type: reference --- -# Third-party offers **(FREE SELF)** +# Customer experience improvement and third-party offers **(FREE SELF)** > [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/20379) in GitLab 11.1. @@ -13,11 +13,14 @@ Within GitLab, we inform users of available third-party offers they might find v to enhance the development of their projects. An example is the Google Cloud Platform free credit for using [Google Kubernetes Engine](https://cloud.google.com/kubernetes-engine/). -To toggle the display of third-party offers: +Furthermore, we use content to improve customer experience. An example are the personalization +questions when creating a group. + +To toggle the display of customer experience improvement content and third-party offers: 1. On the top bar, select **Menu > Admin**. -1. On the left sidebar, select **Settings**, and expand **Third-party offers**. -1. Select **Do not display offers from third parties**. +1. On the left sidebar, select **Settings**, and expand **Customer experience improvement & third-party offers**. +1. Select **Do not display content for customer experience improvement and offers from third parties**. 1. Select **Save changes**. <!-- ## Troubleshooting diff --git a/doc/user/admin_area/settings/visibility_and_access_controls.md b/doc/user/admin_area/settings/visibility_and_access_controls.md index 1087f50b215..82e0d3d27d4 100644 --- a/doc/user/admin_area/settings/visibility_and_access_controls.md +++ b/doc/user/admin_area/settings/visibility_and_access_controls.md @@ -188,6 +188,9 @@ To restrict visibility levels for projects, snippets, and selected pages: 1. On the left sidebar, select **Settings > General**. 1. Expand the **Visibility and access controls** section. 1. In the **Restricted visibility levels** section, select the desired visibility levels to restrict. + If you restrict the **Public** level: + - User profiles are only visible to logged in users via the Web interface. + - User attributes are only visible to authenticated users via the GraphQL API. 1. Select **Save changes**. For more details on project visibility, see |
