From d69dff5b4b1c2dd4944269703ff7af32869adf13 Mon Sep 17 00:00:00 2001 From: Yorick Peterse Date: Wed, 9 Mar 2016 11:39:48 +0100 Subject: Removed benchmark suite and its documentation The rationale for this can be found in https://gitlab.com/gitlab-org/gitlab-ce/issues/13718 but in short the benchmark suite no longer serves a good purpose now that we have proper production monitoring in place. Fixes gitlab-org/gitlab-ce#13718 --- doc/development/README.md | 1 - doc/development/benchmarking.md | 69 ----------------------------------------- 2 files changed, 70 deletions(-) delete mode 100644 doc/development/benchmarking.md (limited to 'doc') diff --git a/doc/development/README.md b/doc/development/README.md index f5c3107ff44..1b281809afc 100644 --- a/doc/development/README.md +++ b/doc/development/README.md @@ -1,7 +1,6 @@ # Development - [Architecture](architecture.md) of GitLab -- [Benchmarking](benchmarking.md) - [CI setup](ci_setup.md) for testing GitLab - [Gotchas](gotchas.md) to avoid - [How to dump production data to staging](db_dump.md) diff --git a/doc/development/benchmarking.md b/doc/development/benchmarking.md deleted file mode 100644 index 88e18ee95f9..00000000000 --- a/doc/development/benchmarking.md +++ /dev/null @@ -1,69 +0,0 @@ -# Benchmarking - -GitLab CE comes with a set of benchmarks that are executed for every build. This -makes it easier to measure performance of certain components over time. - -Benchmarks are written as RSpec tests using a few extra helpers. To write a -benchmark, first tag the top-level `describe`: - -```ruby -describe MaruTheCat, benchmark: true do - -end -``` - -This ensures the benchmark is executed separately from other test collections. -It also exposes the various RSpec matchers used for writing benchmarks to the -test group. - -Next, lets write the actual benchmark: - -```ruby -describe MaruTheCat, benchmark: true do - let(:maru) { MaruTheChat.new } - - describe '#jump_in_box' do - benchmark_subject { maru.jump_in_box } - - it { is_expected.to iterate_per_second(9000) } - end -end -``` - -Here `benchmark_subject` is a small wrapper around RSpec's `subject` method that -makes it easier to specify the subject of a benchmark. Using RSpec's regular -`subject` would require us to write the following instead: - -```ruby -subject { -> { maru.jump_in_box } } -``` - -The `iterate_per_second` matcher defines the amount of times per second a -subject should be executed. The higher the amount of iterations the better. - -By default the allowed standard deviation is a maximum of 30%. This can be -adjusted by chaining the `with_maximum_stddev` on the `iterate_per_second` -matcher: - -```ruby -it { is_expected.to iterate_per_second(9000).with_maximum_stddev(50) } -``` - -This can be useful if the code in question depends on external resources of -which the performance can vary a lot (e.g. physical HDDs, network calls, etc). -However, in most cases 30% should be enough so only change this when really -needed. - -## Benchmarks Location - -Benchmarks should be stored in `spec/benchmarks` and should follow the regular -Rails specs structure. That is, model benchmarks go in `spec/benchmark/models`, -benchmarks for code in the `lib` directory go in `spec/benchmarks/lib`, etc. - -## Underlying Technology - -The benchmark setup uses [benchmark-ips][benchmark-ips] which takes care of the -heavy lifting such as warming up code, calculating iterations, standard -deviation, etc. - -[benchmark-ips]: https://github.com/evanphx/benchmark-ips -- cgit v1.2.1 From 32ddf092f3ca5cbb9fdb7b7b3754ba61495d0532 Mon Sep 17 00:00:00 2001 From: Patricio Cano Date: Thu, 10 Mar 2016 16:07:10 -0500 Subject: Upgrade `omniauth-saml` to 1.5.0 and document it's new capabilities. --- doc/integration/saml.md | 52 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) (limited to 'doc') diff --git a/doc/integration/saml.md b/doc/integration/saml.md index 148c4ac1886..1c7c114dbde 100644 --- a/doc/integration/saml.md +++ b/doc/integration/saml.md @@ -131,6 +131,58 @@ On the sign in page there should now be a SAML button below the regular sign in Click the icon to begin the authentication process. If everything goes well the user will be returned to GitLab and will be signed in. +## Customization + +### attribute_statements: + +>**Note:** +This setting is only available on GitLab 8.6 and above. +This setting should only be used to map attributes that are part of the +OmniAuth info hash schema. + +Used to map Attribute Names in a SAMLResponse to entries in the OmniAuth +[info hash](https://github.com/intridea/omniauth/wiki/Auth-Hash-Schema#schema-10-and-later). + +For example, if your SAMLResponse contains an Attribute called 'EmailAddress', +specify `{ email: ['EmailAddress'] }` to map the Attribute to the +corresponding key in the info hash. URI-named Attributes are also supported, e.g. +`{ email: ['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress'] }`. + +This setting allows you tell GitLab where to look for certain attributes required +to create an account. Like mentioned above, if your IdP send the user's email +address as `EmailAddress` instead of `email`, let GitLab know by setting it on +your configuration: + +```yaml +args: { + assertion_consumer_service_url: 'https://gitlab.example.com/users/auth/saml/callback', + idp_cert_fingerprint: '43:51:43:a1:b5:fc:8b:b7:0a:3a:a9:b1:0f:66:73:a8', + idp_sso_target_url: 'https://login.example.com/idp', + issuer: 'https://gitlab.example.com', + name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient', + attribute_statements: { :email => ['EmailAddress'] } +} +``` + +### allowed_clock_drift: + +The clock of the Identity Provider may drift slightly ahead of your system clocks. +To allow for a small amount of clock drift you can use this argument within your +settings. Its value must be given in a number (and/or fraction) of seconds. The +value given is added to the current time at which the response is validated. + +```yaml +args: { + assertion_consumer_service_url: 'https://gitlab.example.com/users/auth/saml/callback', + idp_cert_fingerprint: '43:51:43:a1:b5:fc:8b:b7:0a:3a:a9:b1:0f:66:73:a8', + idp_sso_target_url: 'https://login.example.com/idp', + issuer: 'https://gitlab.example.com', + name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient', + attribute_statements: { :email => ['EmailAddress'] }, + allowed_clock_drift: 1 # for one second clock drift +} +``` + ## Troubleshooting ### 500 error after login -- cgit v1.2.1 From e4237f1fe36e85501b624488cd227a91c6770eb3 Mon Sep 17 00:00:00 2001 From: Patricio Cano Date: Thu, 10 Mar 2016 16:52:52 -0500 Subject: Consistently use the same hash syntax in the new documentation. --- doc/integration/saml.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'doc') diff --git a/doc/integration/saml.md b/doc/integration/saml.md index 1c7c114dbde..b61b7cb9678 100644 --- a/doc/integration/saml.md +++ b/doc/integration/saml.md @@ -160,7 +160,7 @@ args: { idp_sso_target_url: 'https://login.example.com/idp', issuer: 'https://gitlab.example.com', name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient', - attribute_statements: { :email => ['EmailAddress'] } + attribute_statements: { email: ['EmailAddress'] } } ``` @@ -178,7 +178,7 @@ args: { idp_sso_target_url: 'https://login.example.com/idp', issuer: 'https://gitlab.example.com', name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient', - attribute_statements: { :email => ['EmailAddress'] }, + attribute_statements: { email: ['EmailAddress'] }, allowed_clock_drift: 1 # for one second clock drift } ``` -- cgit v1.2.1 From 95e73f87a99a0869d503451ab93a36bdc2530445 Mon Sep 17 00:00:00 2001 From: Patricio Cano Date: Fri, 11 Mar 2016 11:47:34 -0500 Subject: Doc syntax fixes [ci skip] --- doc/integration/saml.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) (limited to 'doc') diff --git a/doc/integration/saml.md b/doc/integration/saml.md index b61b7cb9678..1c3dc707f6d 100644 --- a/doc/integration/saml.md +++ b/doc/integration/saml.md @@ -133,15 +133,15 @@ will be returned to GitLab and will be signed in. ## Customization -### attribute_statements: +### `attribute_statements` >**Note:** This setting is only available on GitLab 8.6 and above. This setting should only be used to map attributes that are part of the OmniAuth info hash schema. -Used to map Attribute Names in a SAMLResponse to entries in the OmniAuth -[info hash](https://github.com/intridea/omniauth/wiki/Auth-Hash-Schema#schema-10-and-later). +`attribute_statements` is used to map Attribute Names in a SAMLResponse to entries +in the OmniAuth [info hash](https://github.com/intridea/omniauth/wiki/Auth-Hash-Schema#schema-10-and-later). For example, if your SAMLResponse contains an Attribute called 'EmailAddress', specify `{ email: ['EmailAddress'] }` to map the Attribute to the @@ -149,7 +149,7 @@ corresponding key in the info hash. URI-named Attributes are also supported, e. `{ email: ['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress'] }`. This setting allows you tell GitLab where to look for certain attributes required -to create an account. Like mentioned above, if your IdP send the user's email +to create an account. Like mentioned above, if your IdP sends the user's email address as `EmailAddress` instead of `email`, let GitLab know by setting it on your configuration: @@ -164,12 +164,12 @@ args: { } ``` -### allowed_clock_drift: +### `allowed_clock_drift` The clock of the Identity Provider may drift slightly ahead of your system clocks. -To allow for a small amount of clock drift you can use this argument within your -settings. Its value must be given in a number (and/or fraction) of seconds. The -value given is added to the current time at which the response is validated. +To allow for a small amount of clock drift you can use `allowed_clock_drift` within +your settings. Its value must be given in a number (and/or fraction) of seconds. +The value given is added to the current time at which the response is validated. ```yaml args: { -- cgit v1.2.1 From 5461170fb39d62d8b780d4bd02eaddc8b4918686 Mon Sep 17 00:00:00 2001 From: Achilleas Pipinellis Date: Fri, 11 Mar 2016 21:26:18 +0200 Subject: Fix incorrect gitlab.rb variable in CI docs [ci skip] --- doc/ci/enable_or_disable_ci.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'doc') diff --git a/doc/ci/enable_or_disable_ci.md b/doc/ci/enable_or_disable_ci.md index 9bd2f5aff22..c10f82054e2 100644 --- a/doc/ci/enable_or_disable_ci.md +++ b/doc/ci/enable_or_disable_ci.md @@ -64,7 +64,7 @@ Save the file and restart GitLab: `sudo service gitlab restart`. For Omnibus installations, edit `/etc/gitlab/gitlab.rb` and add the line: ``` -gitlab-rails['gitlab_default_projects_features_builds'] = false +gitlab_rails['gitlab_default_projects_features_builds'] = false ``` Save the file and reconfigure GitLab: `sudo gitlab-ctl reconfigure`. -- cgit v1.2.1 From 0ba20457fb7e16538e447bd6d3782cb8b7b506fa Mon Sep 17 00:00:00 2001 From: Yorick Peterse Date: Fri, 4 Mar 2016 12:21:26 +0100 Subject: Added pg_trgm to the PostgreSQL requirements --- doc/install/requirements.md | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'doc') diff --git a/doc/install/requirements.md b/doc/install/requirements.md index 8df142c531b..d59b7f0e84d 100644 --- a/doc/install/requirements.md +++ b/doc/install/requirements.md @@ -97,6 +97,17 @@ To change the Unicorn workers when you have the Omnibus package please see [the If you want to run the database separately expect a size of about 1 MB per user. +### PostgreSQL Requirements + +Users using PostgreSQL must ensure the `pg_trgm` extension is loaded into every +GitLab database. This extension can be enabled (using a PostgreSQL super user) +by running the following query for every database: + + CREATE EXTENSION pg_trgm; + +On some systems you may need to install an additional package (e.g. +`postgresql-contrib`) for this extension to become available. + ## Redis and Sidekiq Redis stores all user sessions and the background task queue. -- cgit v1.2.1