· 6 years ago · Jul 02, 2019, 09:32 AM
1## GitLab configuration settings
2##! This file is generated during initial installation and **is not** modified
3##! during upgrades.
4##! Check out the latest version of this file to know about the different
5##! settings that can be configured by this file, which may be found at:
6##! https://gitlab.com/gitlab-org/omnibus-gitlab/raw/master/files/gitlab-config-template/gitlab.rb.template
7
8
9## GitLab URL
10##! URL on which GitLab will be reachable.
11##! For more details on configuring external_url see:
12##! https://docs.gitlab.com/omnibus/settings/configuration.html#configuring-the-external-url-for-gitlab
13external_url 'https://XXXXXXXXXXXXX:4115'
14
15## Roles for multi-instance GitLab
16##! The default is to have no roles enabled, which results in GitLab running as an all-in-one instance.
17##! Options:
18##! redis_sentinel_role redis_master_role redis_slave_role geo_primary_role geo_secondary_role
19##! For more details on each role, see:
20##! https://docs.gitlab.com/omnibus/roles/README.html#roles
21##!
22# roles ['redis_sentinel_role', 'redis_master_role']
23
24## Legend
25##! The following notations at the beginning of each line may be used to
26##! differentiate between components of this file and to easily select them using
27##! a regex.
28##! ## Titles, subtitles etc
29##! ##! More information - Description, Docs, Links, Issues etc.
30##! Configuration settings have a single # followed by a single space at the
31##! beginning; Remove them to enable the setting.
32
33##! **Configuration settings below are optional.**
34##! **The values currently assigned are only examples and ARE NOT the default
35##! values.**
36
37
38################################################################################
39################################################################################
40## Configuration Settings for GitLab CE and EE ##
41################################################################################
42################################################################################
43
44################################################################################
45## gitlab.yml configuration
46##! Docs: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/gitlab.yml.md
47################################################################################
48# gitlab_rails['gitlab_ssh_host'] = 'ssh.host_example.com'
49# gitlab_rails['time_zone'] = 'UTC'
50
51### Email Settings
52# gitlab_rails['gitlab_email_enabled'] = true
53gitlab_rails['gitlab_email_from'] = 'XXXXX'
54gitlab_rails['gitlab_email_display_name'] = 'XXXXXXX'
55gitlab_rails['gitlab_email_reply_to'] = 'XXXXXXXX'
56gitlab_rails['gitlab_email_subject_suffix'] = '[GitLab]'
57
58### GitLab user privileges
59# gitlab_rails['gitlab_default_can_create_group'] = true
60# gitlab_rails['gitlab_username_changing_enabled'] = true
61
62### Default Theme
63# gitlab_rails['gitlab_default_theme'] = 2
64
65### Default project feature settings
66# gitlab_rails['gitlab_default_projects_features_issues'] = true
67# gitlab_rails['gitlab_default_projects_features_merge_requests'] = true
68# gitlab_rails['gitlab_default_projects_features_wiki'] = true
69# gitlab_rails['gitlab_default_projects_features_snippets'] = true
70# gitlab_rails['gitlab_default_projects_features_builds'] = true
71# gitlab_rails['gitlab_default_projects_features_container_registry'] = true
72
73### Automatic issue closing
74###! See https://docs.gitlab.com/ce/customization/issue_closing.html for more
75###! information about this pattern.
76# gitlab_rails['gitlab_issue_closing_pattern'] = "\b((?:[Cc]los(?:e[sd]?|ing)|\b[Ff]ix(?:e[sd]|ing)?|\b[Rr]esolv(?:e[sd]?|ing)|\b[Ii]mplement(?:s|ed|ing)?)(:?) +(?:(?:issues? +)?%{issue_ref}(?:(?:, *| +and +)?)|([A-Z][A-Z0-9_]+-\d+))+)"
77
78### Download location
79###! When a user clicks e.g. 'Download zip' on a project, a temporary zip file
80###! is created in the following directory.
81###! Should not be the same path, or a sub directory of any of the `git_data_dirs`
82# gitlab_rails['gitlab_repository_downloads_path'] = 'tmp/repositories'
83
84### Gravatar Settings
85# gitlab_rails['gravatar_plain_url'] = 'http://www.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon'
86# gitlab_rails['gravatar_ssl_url'] = 'https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon'
87
88### Auxiliary jobs
89###! Periodically executed jobs, to self-heal Gitlab, do external
90###! synchronizations, etc.
91###! Docs: https://github.com/ondrejbartas/sidekiq-cron#adding-cron-job
92###! https://docs.gitlab.com/ce/ci/yaml/README.html#artifacts:expire_in
93# gitlab_rails['stuck_ci_jobs_worker_cron'] = "0 0 * * *"
94# gitlab_rails['expire_build_artifacts_worker_cron'] = "50 * * * *"
95# gitlab_rails['pipeline_schedule_worker_cron'] = "41 * * * *"
96# gitlab_rails['ci_archive_traces_cron_worker_cron'] = "17 * * * *"
97# gitlab_rails['repository_check_worker_cron'] = "20 * * * *"
98# gitlab_rails['admin_email_worker_cron'] = "0 0 * * 0"
99# gitlab_rails['repository_archive_cache_worker_cron'] = "0 * * * *"
100# gitlab_rails['pages_domain_verification_cron_worker'] = "*/15 * * * *"
101
102### Webhook Settings
103###! Number of seconds to wait for HTTP response after sending webhook HTTP POST
104###! request (default: 10)
105# gitlab_rails['webhook_timeout'] = 10
106
107### Trusted proxies
108###! Customize if you have GitLab behind a reverse proxy which is running on a
109###! different machine.
110###! **Add the IP address for your reverse proxy to the list, otherwise users
111###! will appear signed in from that address.**
112# gitlab_rails['trusted_proxies'] = []
113
114### Monitoring settings
115###! IP whitelist controlling access to monitoring endpoints
116# gitlab_rails['monitoring_whitelist'] = ['127.0.0.0/8', '::1/128']
117###! Time between sampling of unicorn socket metrics, in seconds
118# gitlab_rails['monitoring_unicorn_sampler_interval'] = 10
119
120### Reply by email
121###! Allow users to comment on issues and merge requests by replying to
122###! notification emails.
123###! Docs: https://docs.gitlab.com/ce/administration/reply_by_email.html
124# gitlab_rails['incoming_email_enabled'] = true
125
126#### Incoming Email Address
127####! The email address including the `%{key}` placeholder that will be replaced
128####! to reference the item being replied to.
129####! **The placeholder can be omitted but if present, it must appear in the
130####! "user" part of the address (before the `@`).**
131# gitlab_rails['incoming_email_address'] = "gitlab-incoming+%{key}@gmail.com"
132
133#### Email account username
134####! **With third party providers, this is usually the full email address.**
135####! **With self-hosted email servers, this is usually the user part of the
136####! email address.**
137# gitlab_rails['incoming_email_email'] = "gitlab-incoming@gmail.com"
138
139#### Email account password
140# gitlab_rails['incoming_email_password'] = "[REDACTED]"
141
142#### IMAP Settings
143# gitlab_rails['incoming_email_host'] = "imap.gmail.com"
144# gitlab_rails['incoming_email_port'] = 993
145# gitlab_rails['incoming_email_ssl'] = true
146# gitlab_rails['incoming_email_start_tls'] = false
147
148#### Incoming Mailbox Settings
149####! The mailbox where incoming mail will end up. Usually "inbox".
150# gitlab_rails['incoming_email_mailbox_name'] = "inbox"
151####! The IDLE command timeout.
152# gitlab_rails['incoming_email_idle_timeout'] = 60
153
154### Job Artifacts
155# gitlab_rails['artifacts_enabled'] = true
156# gitlab_rails['artifacts_path'] = "/var/opt/gitlab/gitlab-rails/shared/artifacts"
157####! Job artifacts Object Store
158####! Docs: https://docs.gitlab.com/ee/administration/job_artifacts.html#using-object-storage
159# gitlab_rails['artifacts_object_store_enabled'] = false
160# gitlab_rails['artifacts_object_store_direct_upload'] = false
161# gitlab_rails['artifacts_object_store_background_upload'] = true
162# gitlab_rails['artifacts_object_store_proxy_download'] = false
163# gitlab_rails['artifacts_object_store_remote_directory'] = "artifacts"
164# gitlab_rails['artifacts_object_store_connection'] = {
165# 'provider' => 'AWS',
166# 'region' => 'eu-west-1',
167# 'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
168# 'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
169# # # The below options configure an S3 compatible host instead of AWS
170# # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
171# # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
172# # 'host' => 's3.amazonaws.com',
173# # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
174# }
175
176### External merge request diffs
177# gitlab_rails['external_diffs_enabled'] = false
178# gitlab_rails['external_diffs_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/external-diffs"
179# gitlab_rails['external_diffs_object_store_enabled'] = false
180# gitlab_rails['external_diffs_object_store_direct_upload'] = false
181# gitlab_rails['external_diffs_object_store_background_upload'] = false
182# gitlab_rails['external_diffs_object_store_proxy_download'] = false
183# gitlab_rails['external_diffs_object_store_remote_directory'] = "external-diffs"
184# gitlab_rails['external_diffs_object_store_connection'] = {
185# 'provider' => 'AWS',
186# 'region' => 'eu-west-1',
187# 'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
188# 'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
189# # # The below options configure an S3 compatible host instead of AWS
190# # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
191# # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
192# # 'host' => 's3.amazonaws.com',
193# # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
194# }
195
196### Git LFS
197# gitlab_rails['lfs_enabled'] = true
198# gitlab_rails['lfs_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/lfs-objects"
199# gitlab_rails['lfs_object_store_enabled'] = false
200# gitlab_rails['lfs_object_store_direct_upload'] = false
201# gitlab_rails['lfs_object_store_background_upload'] = true
202# gitlab_rails['lfs_object_store_proxy_download'] = false
203# gitlab_rails['lfs_object_store_remote_directory'] = "lfs-objects"
204# gitlab_rails['lfs_object_store_connection'] = {
205# 'provider' => 'AWS',
206# 'region' => 'eu-west-1',
207# 'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
208# 'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
209# # # The below options configure an S3 compatible host instead of AWS
210# # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
211# # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
212# # 'host' => 's3.amazonaws.com',
213# # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
214# }
215
216### GitLab uploads
217###! Docs: https://docs.gitlab.com/ee/administration/uploads.html
218# gitlab_rails['uploads_storage_path'] = "/var/opt/gitlab/gitlab-rails"
219# gitlab_rails['uploads_base_dir'] = "uploads/-/system"
220# gitlab_rails['uploads_object_store_enabled'] = false
221# gitlab_rails['uploads_object_store_direct_upload'] = false
222# gitlab_rails['uploads_object_store_background_upload'] = true
223# gitlab_rails['uploads_object_store_proxy_download'] = false
224# gitlab_rails['uploads_object_store_remote_directory'] = "uploads"
225# gitlab_rails['uploads_object_store_connection'] = {
226# 'provider' => 'AWS',
227# 'region' => 'eu-west-1',
228# 'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
229# 'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
230# # # The below options configure an S3 compatible host instead of AWS
231# # 'host' => 's3.amazonaws.com',
232# # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
233# # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
234# # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
235# }
236
237### Impersonation settings
238# gitlab_rails['impersonation_enabled'] = true
239
240### Usage Statistics
241# gitlab_rails['usage_ping_enabled'] = true
242
243### GitLab Mattermost
244###! These settings are void if Mattermost is installed on the same omnibus
245###! install
246# gitlab_rails['mattermost_host'] = "https://mattermost.example.com"
247
248### LDAP Settings
249###! Docs: https://docs.gitlab.com/omnibus/settings/ldap.html
250###! **Be careful not to break the indentation in the ldap_servers block. It is
251###! in yaml format and the spaces must be retained. Using tabs will not work.**
252
253# gitlab_rails['ldap_enabled'] = false
254
255###! **remember to close this block with 'EOS' below**
256# gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
257# main: # 'main' is the GitLab 'provider ID' of this LDAP server
258# label: 'LDAP'
259# host: '_your_ldap_server'
260# port: 389
261# uid: 'sAMAccountName'
262# bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
263# password: '_the_password_of_the_bind_user'
264# encryption: 'plain' # "start_tls" or "simple_tls" or "plain"
265# verify_certificates: true
266# smartcard_auth: false
267# active_directory: true
268# allow_username_or_email_login: false
269# lowercase_usernames: false
270# block_auto_created_users: false
271# base: ''
272# user_filter: ''
273# ## EE only
274# group_base: ''
275# admin_group: ''
276# sync_ssh_keys: false
277#
278# secondary: # 'secondary' is the GitLab 'provider ID' of second LDAP server
279# label: 'LDAP'
280# host: '_your_ldap_server'
281# port: 389
282# uid: 'sAMAccountName'
283# bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
284# password: '_the_password_of_the_bind_user'
285# encryption: 'plain' # "start_tls" or "simple_tls" or "plain"
286# verify_certificates: true
287# smartcard_auth: false
288# active_directory: true
289# allow_username_or_email_login: false
290# lowercase_usernames: false
291# block_auto_created_users: false
292# base: ''
293# user_filter: ''
294# ## EE only
295# group_base: ''
296# admin_group: ''
297# sync_ssh_keys: false
298# EOS
299
300### Smartcard authentication settings
301###! Docs: https://docs.gitlab.com/ee/administration/auth/smartcard.html
302# gitlab_rails['smartcard_enabled'] = false
303# gitlab_rails['smartcard_ca_file'] = "/etc/gitlab/ssl/CA.pem"
304# gitlab_rails['smartcard_client_certificate_required_port'] = 3444
305
306### OmniAuth Settings
307###! Docs: https://docs.gitlab.com/ce/integration/omniauth.html
308# gitlab_rails['omniauth_enabled'] = nil
309# gitlab_rails['omniauth_allow_single_sign_on'] = ['saml']
310# gitlab_rails['omniauth_sync_email_from_provider'] = 'saml'
311# gitlab_rails['omniauth_sync_profile_from_provider'] = ['saml']
312# gitlab_rails['omniauth_sync_profile_attributes'] = ['email']
313# gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'saml'
314# gitlab_rails['omniauth_block_auto_created_users'] = true
315# gitlab_rails['omniauth_auto_link_ldap_user'] = false
316# gitlab_rails['omniauth_auto_link_saml_user'] = false
317# gitlab_rails['omniauth_external_providers'] = ['twitter', 'google_oauth2']
318# gitlab_rails['omniauth_providers'] = [
319# {
320# "name" => "google_oauth2",
321# "app_id" => "YOUR APP ID",
322# "app_secret" => "YOUR APP SECRET",
323# "args" => { "access_type" => "offline", "approval_prompt" => "" }
324# }
325# ]
326
327### Backup Settings
328###! Docs: https://docs.gitlab.com/omnibus/settings/backups.html
329
330# gitlab_rails['manage_backup_path'] = true
331# gitlab_rails['backup_path'] = "/var/opt/gitlab/backups"
332
333###! Docs: https://docs.gitlab.com/ce/raketasks/backup_restore.html#backup-archive-permissions
334# gitlab_rails['backup_archive_permissions'] = 0644
335
336# gitlab_rails['backup_pg_schema'] = 'public'
337
338###! The duration in seconds to keep backups before they are allowed to be deleted
339# gitlab_rails['backup_keep_time'] = 604800
340
341# gitlab_rails['backup_upload_connection'] = {
342# 'provider' => 'AWS',
343# 'region' => 'eu-west-1',
344# 'aws_access_key_id' => 'AKIAKIAKI',
345# 'aws_secret_access_key' => 'secret123'
346# }
347# gitlab_rails['backup_upload_remote_directory'] = 'my.s3.bucket'
348# gitlab_rails['backup_multipart_chunk_size'] = 104857600
349
350###! **Turns on AWS Server-Side Encryption with Amazon S3-Managed Keys for
351###! backups**
352# gitlab_rails['backup_encryption'] = 'AES256'
353###! The encryption key to use with AWS Server-Side Encryption.
354###! Setting this value will enable Server-Side Encryption with customer provided keys;
355###! otherwise S3-managed keys are used.
356# gitlab_rails['backup_encryption_key'] = '<base64-encoded encryption key>'
357
358###! **Specifies Amazon S3 storage class to use for backups. Valid values
359###! include 'STANDARD', 'STANDARD_IA', and 'REDUCED_REDUNDANCY'**
360# gitlab_rails['backup_storage_class'] = 'STANDARD'
361
362
363### Pseudonymizer Settings
364# gitlab_rails['pseudonymizer_manifest'] = 'config/pseudonymizer.yml'
365# gitlab_rails['pseudonymizer_upload_remote_directory'] = 'gitlab-elt'
366# gitlab_rails['pseudonymizer_upload_connection'] = {
367# 'provider' => 'AWS',
368# 'region' => 'eu-west-1',
369# 'aws_access_key_id' => 'AKIAKIAKI',
370# 'aws_secret_access_key' => 'secret123'
371# }
372
373
374### For setting up different data storing directory
375###! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#storing-git-data-in-an-alternative-directory
376###! **If you want to use a single non-default directory to store git data use a
377###! path that doesn't contain symlinks.**
378# git_data_dirs({
379# "default" => {
380# "path" => "/mnt/nfs-01/git-data"
381# }
382# })
383
384### Gitaly settings
385# gitlab_rails['gitaly_token'] = 'secret token'
386
387### For storing GitLab application uploads, eg. LFS objects, build artifacts
388###! Docs: https://docs.gitlab.com/ce/development/shared_files.html
389# gitlab_rails['shared_path'] = '/var/opt/gitlab/gitlab-rails/shared'
390
391### Wait for file system to be mounted
392###! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#only-start-omnibus-gitlab-services-after-a-given-filesystem-is-mounted
393# high_availability['mountpoint'] = ["/var/opt/gitlab/git-data", "/var/opt/gitlab/gitlab-rails/shared"]
394
395### GitLab Shell settings for GitLab
396# gitlab_rails['gitlab_shell_ssh_port'] = 22
397# gitlab_rails['gitlab_shell_git_timeout'] = 800
398
399### Extra customization
400# gitlab_rails['extra_google_analytics_id'] = '_your_tracking_id'
401# gitlab_rails['extra_piwik_url'] = '_your_piwik_url'
402# gitlab_rails['extra_piwik_site_id'] = '_your_piwik_site_id'
403
404##! Docs: https://docs.gitlab.com/omnibus/settings/environment-variables.html
405# gitlab_rails['env'] = {
406# 'BUNDLE_GEMFILE' => "/opt/gitlab/embedded/service/gitlab-rails/Gemfile",
407# 'PATH' => "/opt/gitlab/bin:/opt/gitlab/embedded/bin:/bin:/usr/bin"
408# }
409
410# gitlab_rails['rack_attack_git_basic_auth'] = {
411# 'enabled' => false,
412# 'ip_whitelist' => ["127.0.0.1"],
413# 'maxretry' => 10,
414# 'findtime' => 60,
415# 'bantime' => 3600
416# }
417
418# gitlab_rails['rack_attack_protected_paths'] = [
419# '/users/password',
420# '/users/sign_in',
421# '/api/#{API::API.version}/session.json',
422# '/api/#{API::API.version}/session',
423# '/users',
424# '/users/confirmation',
425# '/unsubscribes/',
426# '/import/github/personal_access_token'
427# ]
428
429###! **We do not recommend changing these directories.**
430# gitlab_rails['dir'] = "/var/opt/gitlab/gitlab-rails"
431# gitlab_rails['log_directory'] = "/var/log/gitlab/gitlab-rails"
432
433### GitLab application settings
434# gitlab_rails['uploads_directory'] = "/var/opt/gitlab/gitlab-rails/uploads"
435# gitlab_rails['rate_limit_requests_per_period'] = 10
436# gitlab_rails['rate_limit_period'] = 60
437
438#### Change the initial default admin password and shared runner registration tokens.
439####! **Only applicable on initial setup, changing these settings after database
440####! is created and seeded won't yield any change.**
441# gitlab_rails['initial_root_password'] = "password"
442# gitlab_rails['initial_shared_runners_registration_token'] = "token"
443
444#### Enable or disable automatic database migrations
445# gitlab_rails['auto_migrate'] = true
446
447#### This is advanced feature used by large gitlab deployments where loading
448#### whole RAILS env takes a lot of time.
449# gitlab_rails['rake_cache_clear'] = true
450
451### GitLab database settings
452###! Docs: https://docs.gitlab.com/omnibus/settings/database.html
453###! **Only needed if you use an external database.**
454# gitlab_rails['db_adapter'] = "postgresql"
455# gitlab_rails['db_encoding'] = "unicode"
456# gitlab_rails['db_collation'] = nil
457# gitlab_rails['db_database'] = "gitlabhq_production"
458# gitlab_rails['db_pool'] = 10
459# gitlab_rails['db_username'] = "gitlab"
460# gitlab_rails['db_password'] = nil
461# gitlab_rails['db_host'] = nil
462# gitlab_rails['db_port'] = 5432
463# gitlab_rails['db_socket'] = nil
464# gitlab_rails['db_sslmode'] = nil
465# gitlab_rails['db_sslcompression'] = 0
466# gitlab_rails['db_sslrootcert'] = nil
467# gitlab_rails['db_prepared_statements'] = false
468# gitlab_rails['db_statements_limit'] = 1000
469
470
471### GitLab Redis settings
472###! Connect to your own Redis instance
473###! Docs: https://docs.gitlab.com/omnibus/settings/redis.html
474
475#### Redis TCP connection
476# gitlab_rails['redis_host'] = "127.0.0.1"
477# gitlab_rails['redis_port'] = 6379
478# gitlab_rails['redis_ssl'] = false
479# gitlab_rails['redis_password'] = nil
480# gitlab_rails['redis_database'] = 0
481# gitlab_rails['redis_enable_client'] = true
482
483#### Redis local UNIX socket (will be disabled if TCP method is used)
484# gitlab_rails['redis_socket'] = "/var/opt/gitlab/redis/redis.socket"
485
486#### Sentinel support
487####! To have Sentinel working, you must enable Redis TCP connection support
488####! above and define a few Sentinel hosts below (to get a reliable setup
489####! at least 3 hosts).
490####! **You don't need to list every sentinel host, but the ones not listed will
491####! not be used in a fail-over situation to query for the new master.**
492# gitlab_rails['redis_sentinels'] = [
493# {'host' => '127.0.0.1', 'port' => 26379},
494# ]
495
496#### Separate instances support
497###! Docs: https://docs.gitlab.com/omnibus/settings/redis.html#running-with-multiple-redis-instances
498# gitlab_rails['redis_cache_instance'] = nil
499# gitlab_rails['redis_cache_sentinels'] = nil
500# gitlab_rails['redis_queues_instance'] = nil
501# gitlab_rails['redis_queues_sentinels'] = nil
502# gitlab_rails['redis_shared_state_instance'] = nil
503# gitlab_rails['redis_shared_sentinels'] = nil
504
505### GitLab email server settings
506###! Docs: https://docs.gitlab.com/omnibus/settings/smtp.html
507###! **Use smtp instead of sendmail/postfix.**
508
509gitlab_rails['smtp_enable'] = true
510gitlab_rails['smtp_address'] = "smtp.yandex.ru"
511gitlab_rails['smtp_port'] = 465
512gitlab_rails['smtp_user_name'] = "XXXXXXXXX"
513gitlab_rails['smtp_password'] = "XXXXXXX"
514gitlab_rails['smtp_domain'] = "smtp.yandex.ru"
515gitlab_rails['smtp_authentication'] = "plain"
516gitlab_rails['smtp_enable_starttls_auto'] = true
517gitlab_rails['smtp_tls'] = true
518
519###! **Can be: 'none', 'peer', 'client_once', 'fail_if_no_peer_cert'**
520###! Docs: http://api.rubyonrails.org/classes/ActionMailer/Base.html
521gitlab_rails['smtp_openssl_verify_mode'] = 'peer'
522
523gitlab_rails['smtp_ca_path'] = "/etc/ssl/certs"
524gitlab_rails['smtp_ca_file'] = "/etc/ssl/certs/ca-certificates.crt"
525
526################################################################################
527## Container Registry settings
528##! Docs: https://docs.gitlab.com/ce/administration/container_registry.html
529################################################################################
530
531registry_external_url 'https://XXXXXXXXXX'
532
533### Settings used by GitLab application
534gitlab_rails['registry_enabled'] = true
535gitlab_rails['registry_host'] = "XXXXXXXXXXX"
536gitlab_rails['registry_port'] = "5005"
537gitlab_rails['registry_path'] = "/var/opt/gitlab/gitlab-rails/shared/registry"
538
539###! **Do not change the following 3 settings unless you know what you are
540###! doing**
541# gitlab_rails['registry_api_url'] = "http://localhost:5000"
542# gitlab_rails['registry_key_path'] = "/var/opt/gitlab/gitlab-rails/certificate.key"
543# gitlab_rails['registry_issuer'] = "omnibus-gitlab-issuer"
544
545### Settings used by Registry application
546registry['enable'] = true
547# registry['username'] = "registry"
548# registry['group'] = "registry"
549# registry['uid'] = nil
550# registry['gid'] = nil
551# registry['dir'] = "/var/opt/gitlab/registry"
552# registry['registry_http_addr'] = "localhost:5000"
553# registry['debug_addr'] = "localhost:5001"
554# registry['log_directory'] = "/var/log/gitlab/registry"
555# registry['env_directory'] = "/opt/gitlab/etc/registry/env"
556# registry['env'] = {
557# 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
558# }
559# registry['log_level'] = "info"
560# registry['log_formatter'] = "text"
561# registry['rootcertbundle'] = "/var/opt/gitlab/registry/certificate.crt"
562# registry['health_storagedriver_enabled'] = true
563# registry['storage_delete_enabled'] = true
564# registry['validation_enabled'] = false
565# registry['autoredirect'] = false
566# registry['compatibility_schema1_enabled'] = false
567
568### Registry backend storage
569###! Docs: https://docs.gitlab.com/ce/administration/container_registry.html#container-registry-storage-driver
570# registry['storage'] = {
571# 's3' => {
572# 'accesskey' => 'AKIAKIAKI',
573# 'secretkey' => 'secret123',
574# 'bucket' => 'gitlab-registry-bucket-AKIAKIAKI'
575# }
576# }
577
578### Registry notifications endpoints
579# registry['notifications'] = [
580# {
581# 'name' => 'test_endpoint',
582# 'url' => 'https://gitlab.example.com/notify2',
583# 'timeout' => '500ms',
584# 'threshold' => 5,
585# 'backoff' => '1s',
586# 'headers' => {
587# "Authorization" => ["AUTHORIZATION_EXAMPLE_TOKEN"]
588# }
589# }
590# ]
591### Default registry notifications
592# registry['default_notifications_timeout'] = "500ms"
593# registry['default_notifications_threshold'] = 5
594# registry['default_notifications_backoff'] = "1s"
595# registry['default_notifications_headers'] = {}
596
597
598
599################################################################################
600## GitLab Workhorse
601##! Docs: https://gitlab.com/gitlab-org/gitlab-workhorse/blob/master/README.md
602################################################################################
603
604# gitlab_workhorse['enable'] = true
605# gitlab_workhorse['ha'] = false
606# gitlab_workhorse['listen_network'] = "unix"
607# gitlab_workhorse['listen_umask'] = 000
608# gitlab_workhorse['listen_addr'] = "/var/opt/gitlab/gitlab-workhorse/socket"
609# gitlab_workhorse['auth_backend'] = "http://localhost:8080"
610
611##! the empty string is the default in gitlab-workhorse option parser
612# gitlab_workhorse['auth_socket'] = "''"
613
614##! put an empty string on the command line
615# gitlab_workhorse['pprof_listen_addr'] = "''"
616
617# gitlab_workhorse['prometheus_listen_addr'] = "localhost:9229"
618
619# gitlab_workhorse['dir'] = "/var/opt/gitlab/gitlab-workhorse"
620# gitlab_workhorse['log_directory'] = "/var/log/gitlab/gitlab-workhorse"
621# gitlab_workhorse['proxy_headers_timeout'] = "1m0s"
622
623##! limit number of concurrent API requests, defaults to 0 which is unlimited
624# gitlab_workhorse['api_limit'] = 0
625
626##! limit number of API requests allowed to be queued, defaults to 0 which
627##! disables queuing
628# gitlab_workhorse['api_queue_limit'] = 0
629
630##! duration after which we timeout requests if they sit too long in the queue
631# gitlab_workhorse['api_queue_duration'] = "30s"
632
633##! Long polling duration for job requesting for runners
634# gitlab_workhorse['api_ci_long_polling_duration'] = "60s"
635
636##! Log format: default is text, can also be json or none.
637# gitlab_workhorse['log_format'] = "json"
638
639# gitlab_workhorse['env_directory'] = "/opt/gitlab/etc/gitlab-workhorse/env"
640# gitlab_workhorse['env'] = {
641# 'PATH' => "/opt/gitlab/bin:/opt/gitlab/embedded/bin:/bin:/usr/bin",
642# 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
643# }
644
645################################################################################
646## GitLab User Settings
647##! Modify default git user.
648##! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#changing-the-name-of-the-git-user-group
649################################################################################
650
651# user['username'] = "git"
652# user['group'] = "git"
653# user['uid'] = nil
654# user['gid'] = nil
655
656##! The shell for the git user
657# user['shell'] = "/bin/sh"
658
659##! The home directory for the git user
660# user['home'] = "/var/opt/gitlab"
661
662# user['git_user_name'] = "GitLab"
663# user['git_user_email'] = "gitlab@#{node['fqdn']}"
664
665################################################################################
666## GitLab Unicorn
667##! Tweak unicorn settings.
668##! Docs: https://docs.gitlab.com/omnibus/settings/unicorn.html
669################################################################################
670
671# unicorn['enable'] = true
672# unicorn['worker_timeout'] = 60
673###! Minimum worker_processes is 2 at this moment
674###! See https://gitlab.com/gitlab-org/gitlab-ce/issues/18771
675# unicorn['worker_processes'] = 2
676
677### Advanced settings
678# unicorn['listen'] = 'localhost'
679# unicorn['port'] = 8080
680# unicorn['socket'] = '/var/opt/gitlab/gitlab-rails/sockets/gitlab.socket'
681# unicorn['pidfile'] = '/opt/gitlab/var/unicorn/unicorn.pid'
682# unicorn['tcp_nopush'] = true
683# unicorn['backlog_socket'] = 1024
684
685###! **Make sure somaxconn is equal or higher then backlog_socket**
686# unicorn['somaxconn'] = 1024
687
688###! **We do not recommend changing this setting**
689# unicorn['log_directory'] = "/var/log/gitlab/unicorn"
690
691### **Only change these settings if you understand well what they mean**
692###! Docs: https://about.gitlab.com/2015/06/05/how-gitlab-uses-unicorn-and-unicorn-worker-killer/
693###! https://github.com/kzk/unicorn-worker-killer
694# unicorn['worker_memory_limit_min'] = "400 * 1 << 20"
695# unicorn['worker_memory_limit_max'] = "650 * 1 << 20"
696
697################################################################################
698## GitLab Puma
699##! Tweak puma settings. You should only use Unicorn or Puma, not both.
700##! Docs: https://docs.gitlab.com/omnibus/settings/puma.html
701################################################################################
702
703# puma['enable'] = false
704# puma['ha'] = false
705# puma['worker_timeout'] = 60
706# puma['worker_processes'] = 2
707# puma['min_threads'] = 1
708# puma['max_threads'] = 16
709
710### Advanced settings
711# puma['listen'] = '127.0.0.1'
712# puma['port'] = 8080
713# puma['socket'] = '/var/opt/gitlab/gitlab-rails/sockets/gitlab.socket'
714# puma['pidfile'] = '/opt/gitlab/var/puma/puma.pid'
715# puma['state_path'] = '/opt/gitlab/var/puma/puma.state'
716
717###! **We do not recommend changing this setting**
718# puma['log_directory'] = "/var/log/gitlab/puma"
719
720### **Only change these settings if you understand well what they mean**
721###! Docs: https://github.com/schneems/puma_worker_killer
722# puma['per_worker_max_memory_mb'] = 650
723
724################################################################################
725## GitLab Sidekiq
726################################################################################
727
728# sidekiq['log_directory'] = "/var/log/gitlab/sidekiq"
729# sidekiq['log_format'] = "default"
730# sidekiq['shutdown_timeout'] = 4
731# sidekiq['concurrency'] = 25
732# sidekiq['metrics_enabled'] = true
733# sidekiq['listen_address'] = "localhost"
734# sidekiq['listen_port'] = 8082
735
736################################################################################
737## gitlab-shell
738################################################################################
739
740# gitlab_shell['audit_usernames'] = false
741# gitlab_shell['log_level'] = 'INFO'
742# gitlab_shell['log_format'] = 'json'
743# gitlab_shell['http_settings'] = { user: 'username', password: 'password', ca_file: '/etc/ssl/cert.pem', ca_path: '/etc/pki/tls/certs', self_signed_cert: false}
744# gitlab_shell['log_directory'] = "/var/log/gitlab/gitlab-shell/"
745# gitlab_shell['custom_hooks_dir'] = "/opt/gitlab/embedded/service/gitlab-shell/hooks"
746
747# gitlab_shell['auth_file'] = "/var/opt/gitlab/.ssh/authorized_keys"
748
749### Git trace log file.
750###! If set, git commands receive GIT_TRACE* environment variables
751###! Docs: https://git-scm.com/book/es/v2/Git-Internals-Environment-Variables#Debugging
752###! An absolute path starting with / – the trace output will be appended to
753###! that file. It needs to exist so we can check permissions and avoid
754###! throwing warnings to the users.
755# gitlab_shell['git_trace_log_file'] = "/var/log/gitlab/gitlab-shell/gitlab-shell-git-trace.log"
756
757##! **We do not recommend changing this directory.**
758# gitlab_shell['dir'] = "/var/opt/gitlab/gitlab-shell"
759
760################################################################
761## GitLab PostgreSQL
762################################################################
763
764###! Changing any of these settings requires a restart of postgresql.
765###! By default, reconfigure reloads postgresql if it is running. If you
766###! change any of these settings, be sure to run `gitlab-ctl restart postgresql`
767###! after reconfigure in order for the changes to take effect.
768# postgresql['enable'] = true
769# postgresql['listen_address'] = nil
770# postgresql['port'] = 5432
771# postgresql['data_dir'] = "/var/opt/gitlab/postgresql/data"
772
773##! **recommend value is 1/4 of total RAM, up to 14GB.**
774# postgresql['shared_buffers'] = "256MB"
775
776### Advanced settings
777# postgresql['ha'] = false
778# postgresql['dir'] = "/var/opt/gitlab/postgresql"
779# postgresql['log_directory'] = "/var/log/gitlab/postgresql"
780# postgresql['username'] = "gitlab-psql"
781# postgresql['group'] = "gitlab-psql"
782##! `SQL_USER_PASSWORD_HASH` can be generated using the command `gitlab-ctl pg-password-md5 gitlab`
783# postgresql['sql_user_password'] = 'SQL_USER_PASSWORD_HASH'
784# postgresql['uid'] = nil
785# postgresql['gid'] = nil
786# postgresql['shell'] = "/bin/sh"
787# postgresql['home'] = "/var/opt/gitlab/postgresql"
788# postgresql['user_path'] = "/opt/gitlab/embedded/bin:/opt/gitlab/bin:$PATH"
789# postgresql['sql_user'] = "gitlab"
790# postgresql['max_connections'] = 200
791# postgresql['md5_auth_cidr_addresses'] = []
792# postgresql['trust_auth_cidr_addresses'] = []
793# postgresql['wal_buffers'] = "-1"
794# postgresql['autovacuum_max_workers'] = "3"
795# postgresql['autovacuum_freeze_max_age'] = "200000000"
796# postgresql['log_statement'] = nil
797# postgresql['track_activity_query_size'] = "1024"
798# postgresql['shared_preload_libraries'] = nil
799# postgresql['dynamic_shared_memory_type'] = nil
800# postgresql['hot_standby'] = "off"
801
802### SSL settings
803# See https://www.postgresql.org/docs/9.6/static/runtime-config-connection.html#GUC-SSL-CERT-FILE for more details
804# postgresql['ssl'] = 'on'
805# postgresql['ssl_ciphers'] = 'HIGH:MEDIUM:+3DES:!aNULL:!SSLv3:!TLSv1'
806# postgresql['ssl_cert_file'] = 'server.crt'
807# postgresql['ssl_key_file'] = 'server.key'
808# postgresql['ssl_ca_file'] = '/opt/gitlab/embedded/ssl/certs/cacert.pem'
809# postgresql['ssl_crl_file'] = nil
810
811### Replication settings
812###! Note, some replication settings do not require a full restart. They are documented below.
813# postgresql['wal_level'] = "hot_standby"
814# postgresql['max_wal_senders'] = 5
815# postgresql['max_replication_slots'] = 0
816# postgresql['max_locks_per_transaction'] = 128
817
818# Backup/Archive settings
819# postgresql['archive_mode'] = "off"
820
821###! Changing any of these settings only requires a reload of postgresql. You do not need to
822###! restart postgresql if you change any of these and run reconfigure.
823# postgresql['work_mem'] = "16MB"
824# postgresql['maintenance_work_mem'] = "16MB"
825# postgresql['checkpoint_segments'] = 10
826# postgresql['checkpoint_timeout'] = "5min"
827# postgresql['checkpoint_completion_target'] = 0.9
828# postgresql['effective_io_concurrency'] = 1
829# postgresql['checkpoint_warning'] = "30s"
830# postgresql['effective_cache_size'] = "1MB"
831# postgresql['shmmax'] = 17179869184 # or 4294967295
832# postgresql['shmall'] = 4194304 # or 1048575
833# postgresql['autovacuum'] = "on"
834# postgresql['log_autovacuum_min_duration'] = "-1"
835# postgresql['autovacuum_naptime'] = "1min"
836# postgresql['autovacuum_vacuum_threshold'] = "50"
837# postgresql['autovacuum_analyze_threshold'] = "50"
838# postgresql['autovacuum_vacuum_scale_factor'] = "0.02"
839# postgresql['autovacuum_analyze_scale_factor'] = "0.01"
840# postgresql['autovacuum_vacuum_cost_delay'] = "20ms"
841# postgresql['autovacuum_vacuum_cost_limit'] = "-1"
842# postgresql['statement_timeout'] = "60000"
843# postgresql['idle_in_transaction_session_timeout'] = "60000"
844# postgresql['log_line_prefix'] = "%a"
845# postgresql['max_worker_processes'] = 8
846# postgresql['max_parallel_workers_per_gather'] = 0
847# postgresql['log_lock_waits'] = 1
848# postgresql['deadlock_timeout'] = '5s'
849# postgresql['track_io_timing'] = 0
850# postgresql['default_statistics_target'] = 1000
851
852### Available in PostgreSQL 9.6 and later
853# postgresql['min_wal_size'] = 80MB
854# postgresql['max_wal_size'] = 1GB
855
856# Backup/Archive settings
857# postgresql['archive_command'] = nil
858# postgresql['archive_timeout'] = "0"
859
860### Replication settings
861# postgresql['sql_replication_user'] = "gitlab_replicator"
862# postgresql['sql_replication_password'] = "md5 hash of postgresql password" # You can generate with `gitlab-ctl pg-password-md5 <dbuser>`
863# postgresql['wal_keep_segments'] = 10
864# postgresql['max_standby_archive_delay'] = "30s"
865# postgresql['max_standby_streaming_delay'] = "30s"
866# postgresql['synchronous_commit'] = on
867# postgresql['synchronous_standby_names'] = ''
868# postgresql['hot_standby_feedback'] = 'off'
869# postgresql['random_page_cost'] = 2.0
870# postgresql['log_temp_files'] = -1
871# postgresql['log_checkpoints'] = 'off'
872# To add custom entries to pg_hba.conf use the following
873# postgresql['custom_pg_hba_entries'] = {
874# APPLICATION: [ # APPLICATION should identify what the settings are used for
875# {
876# type: example,
877# database: example,
878# user: example,
879# cidr: example,
880# method: example,
881# option: example
882# }
883# ]
884# }
885# See https://www.postgresql.org/docs/9.6/static/auth-pg-hba-conf.html for an explanation
886# of the values
887
888
889################################################################################
890## GitLab Redis
891##! **Can be disabled if you are using your own Redis instance.**
892##! Docs: https://docs.gitlab.com/omnibus/settings/redis.html
893################################################################################
894
895# redis['enable'] = true
896# redis['ha'] = false
897# redis['hz'] = 10
898# redis['dir'] = "/var/opt/gitlab/redis"
899# redis['log_directory'] = "/var/log/gitlab/redis"
900# redis['username'] = "gitlab-redis"
901# redis['group'] = "gitlab-redis"
902# redis['maxclients'] = "10000"
903# redis['maxmemory'] = "0"
904# redis['maxmemory_policy'] = "noeviction"
905# redis['maxmemory_samples'] = "5"
906# redis['tcp_backlog'] = 511
907# redis['tcp_timeout'] = "60"
908# redis['tcp_keepalive'] = "300"
909# redis['uid'] = nil
910# redis['gid'] = nil
911
912###! **To enable only Redis service in this machine, uncomment
913###! one of the lines below (choose master or slave instance types).**
914###! Docs: https://docs.gitlab.com/omnibus/settings/redis.html
915###! https://docs.gitlab.com/ce/administration/high_availability/redis.html
916# redis_master_role['enable'] = true
917# redis_slave_role['enable'] = true
918
919### Redis TCP support (will disable UNIX socket transport)
920# redis['bind'] = '0.0.0.0' # or specify an IP to bind to a single one
921# redis['port'] = 6379
922# redis['password'] = 'redis-password-goes-here'
923
924### Redis Sentinel support
925###! **You need a master slave Redis replication to be able to do failover**
926###! **Please read the documentation before enabling it to understand the
927###! caveats:**
928###! Docs: https://docs.gitlab.com/ce/administration/high_availability/redis.html
929
930### Replication support
931#### Slave Redis instance
932# redis['master'] = false # by default this is true
933
934#### Slave and Sentinel shared configuration
935####! **Both need to point to the master Redis instance to get replication and
936####! heartbeat monitoring**
937# redis['master_name'] = 'gitlab-redis'
938# redis['master_ip'] = nil
939# redis['master_port'] = 6379
940
941#### Support to run redis slaves in a Docker or NAT environment
942####! Docs: https://redis.io/topics/replication#configuring-replication-in-docker-and-nat
943# redis['announce_ip'] = nil
944# redis['announce_port'] = nil
945
946####! **Master password should have the same value defined in
947####! redis['password'] to enable the instance to transition to/from
948####! master/slave in a failover event.**
949# redis['master_password'] = 'redis-password-goes-here'
950
951####! Increase these values when your slaves can't catch up with master
952# redis['client_output_buffer_limit_normal'] = '0 0 0'
953# redis['client_output_buffer_limit_slave'] = '256mb 64mb 60'
954# redis['client_output_buffer_limit_pubsub'] = '32mb 8mb 60'
955
956#####! Redis snapshotting frequency
957#####! Set to [] to disable
958#####! Set to [''] to clear previously set values
959# redis['save'] = [ '900 1', '300 10', '60 10000' ]
960
961################################################################################
962## GitLab Web server
963##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#using-a-non-bundled-web-server
964################################################################################
965
966##! When bundled nginx is disabled we need to add the external webserver user to
967##! the GitLab webserver group.
968# web_server['external_users'] = []
969# web_server['username'] = 'gitlab-www'
970# web_server['group'] = 'gitlab-www'
971# web_server['uid'] = nil
972# web_server['gid'] = nil
973# web_server['shell'] = '/bin/false'
974# web_server['home'] = '/var/opt/gitlab/nginx'
975
976################################################################################
977## GitLab NGINX
978##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html
979################################################################################
980
981# nginx['enable'] = true
982# nginx['client_max_body_size'] = '250m'
983nginx['redirect_http_to_https'] = true
984nginx['redirect_http_to_https_port'] = 8063
985
986##! Most root CA's are included by default
987# nginx['ssl_client_certificate'] = "/etc/gitlab/ssl/ca.crt"
988
989##! enable/disable 2-way SSL client authentication
990# nginx['ssl_verify_client'] = "off"
991
992##! if ssl_verify_client on, verification depth in the client certificates chain
993# nginx['ssl_verify_depth'] = "1"
994
995nginx['ssl_certificate'] = "/etc/gitlab/ssl/#{node['fqdn']}.crt"
996nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/#{node['fqdn']}.key"
997# nginx['ssl_ciphers'] = "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256"
998# nginx['ssl_prefer_server_ciphers'] = "on"
999
1000##! **Recommended by: https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
1001##! https://cipherli.st/**
1002# nginx['ssl_protocols'] = "TLSv1.1 TLSv1.2"
1003
1004##! **Recommended in: https://nginx.org/en/docs/http/ngx_http_ssl_module.html**
1005# nginx['ssl_session_cache'] = "builtin:1000 shared:SSL:10m"
1006
1007##! **Default according to https://nginx.org/en/docs/http/ngx_http_ssl_module.html**
1008# nginx['ssl_session_timeout'] = "5m"
1009
1010# nginx['ssl_dhparam'] = nil # Path to dhparams.pem, eg. /etc/gitlab/ssl/dhparams.pem
1011# nginx['listen_addresses'] = ['*', '[::]']
1012
1013##! **Defaults to forcing web browsers to always communicate using only HTTPS**
1014##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#setting-http-strict-transport-security
1015# nginx['hsts_max_age'] = 31536000
1016# nginx['hsts_include_subdomains'] = false
1017
1018##! **Docs: http://nginx.org/en/docs/http/ngx_http_gzip_module.html**
1019# nginx['gzip_enabled'] = true
1020
1021##! **Override only if you use a reverse proxy**
1022##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#setting-the-nginx-listen-port
1023#nginx['listen_port'] = 8960
1024
1025##! **Override only if your reverse proxy internally communicates over HTTP**
1026##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#supporting-proxied-ssl
1027# nginx['listen_https'] = nil
1028
1029# nginx['custom_gitlab_server_config'] = "location ^~ /foo-namespace/bar-project/raw/ {\n deny all;\n}\n"
1030# nginx['custom_nginx_config'] = "include /etc/nginx/conf.d/example.conf;"
1031# nginx['proxy_read_timeout'] = 3600
1032# nginx['proxy_connect_timeout'] = 300
1033# nginx['proxy_set_headers'] = {
1034# "Host" => "$http_host_with_default",
1035# "X-Real-IP" => "$remote_addr",
1036# "X-Forwarded-For" => "$proxy_add_x_forwarded_for",
1037# "X-Forwarded-Proto" => "https",
1038# "X-Forwarded-Ssl" => "on",
1039# "Upgrade" => "$http_upgrade",
1040# "Connection" => "$connection_upgrade"
1041# }
1042# nginx['proxy_cache_path'] = 'proxy_cache keys_zone=gitlab:10m max_size=1g levels=1:2'
1043# nginx['proxy_cache'] = 'gitlab'
1044# nginx['http2_enabled'] = true
1045# nginx['real_ip_trusted_addresses'] = []
1046# nginx['real_ip_header'] = nil
1047# nginx['real_ip_recursive'] = nil
1048# nginx['custom_error_pages'] = {
1049# '404' => {
1050# 'title' => 'Example title',
1051# 'header' => 'Example header',
1052# 'message' => 'Example message'
1053# }
1054# }
1055
1056### Advanced settings
1057# nginx['dir'] = "/var/opt/gitlab/nginx"
1058# nginx['log_directory'] = "/var/log/gitlab/nginx"
1059# nginx['worker_processes'] = 4
1060# nginx['worker_connections'] = 10240
1061# nginx['log_format'] = '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"'
1062# nginx['sendfile'] = 'on'
1063# nginx['tcp_nopush'] = 'on'
1064# nginx['tcp_nodelay'] = 'on'
1065# nginx['gzip'] = "on"
1066# nginx['gzip_http_version'] = "1.0"
1067# nginx['gzip_comp_level'] = "2"
1068# nginx['gzip_proxied'] = "any"
1069# nginx['gzip_types'] = [ "text/plain", "text/css", "application/x-javascript", "text/xml", "application/xml", "application/xml+rss", "text/javascript", "application/json" ]
1070# nginx['keepalive_timeout'] = 65
1071# nginx['cache_max_size'] = '5000m'
1072# nginx['server_names_hash_bucket_size'] = 64
1073##! These paths have proxy_request_buffering disabled
1074# nginx['request_buffering_off_path_regex'] = "\.git/git-receive-pack$|\.git/info/refs?service=git-receive-pack$|\.git/gitlab-lfs/objects|\.git/info/lfs/objects/batch$"
1075
1076### Nginx status
1077nginx['status'] = {
1078 "enable" => true,
1079 "listen_addresses" => ["127.0.0.1"],
1080 "fqdn" => "XXXXXXXX",
1081 "port" => 4115,
1082 "vts_enable" => true,
1083 "options" => {
1084 "stub_status" => "on", # Turn on stats
1085 "server_tokens" => "off", # Don't show the version of NGINX
1086 "access_log" => "off", # Disable logs for stats
1087 "allow" => "127.0.0.1", # Only allow access from localhost
1088 "deny" => "all" # Deny access to anyone else
1089 }
1090 }
1091
1092################################################################################
1093## GitLab Logging
1094##! Docs: https://docs.gitlab.com/omnibus/settings/logs.html
1095################################################################################
1096
1097# logging['svlogd_size'] = 200 * 1024 * 1024 # rotate after 200 MB of log data
1098# logging['svlogd_num'] = 30 # keep 30 rotated log files
1099# logging['svlogd_timeout'] = 24 * 60 * 60 # rotate after 24 hours
1100# logging['svlogd_filter'] = "gzip" # compress logs with gzip
1101# logging['svlogd_udp'] = nil # transmit log messages via UDP
1102# logging['svlogd_prefix'] = nil # custom prefix for log messages
1103# logging['logrotate_frequency'] = "daily" # rotate logs daily
1104# logging['logrotate_size'] = nil # do not rotate by size by default
1105# logging['logrotate_rotate'] = 30 # keep 30 rotated logs
1106# logging['logrotate_compress'] = "compress" # see 'man logrotate'
1107# logging['logrotate_method'] = "copytruncate" # see 'man logrotate'
1108# logging['logrotate_postrotate'] = nil # no postrotate command by default
1109# logging['logrotate_dateformat'] = nil # use date extensions for rotated files rather than numbers e.g. a value of "-%Y-%m-%d" would give rotated files like production.log-2016-03-09.gz
1110
1111### UDP log forwarding
1112##! Docs: http://docs.gitlab.com/omnibus/settings/logs.html#udp-log-forwarding
1113
1114##! remote host to ship log messages to via UDP
1115# logging['udp_log_shipping_host'] = nil
1116
1117##! override the hostname used when logs are shipped via UDP,
1118## by default the system hostname will be used.
1119# logging['udp_log_shipping_hostname'] = nil
1120
1121##! remote port to ship log messages to via UDP
1122# logging['udp_log_shipping_port'] = 514
1123
1124################################################################################
1125## Logrotate
1126##! Docs: https://docs.gitlab.com/omnibus/settings/logs.html#logrotate
1127##! You can disable built in logrotate feature.
1128################################################################################
1129# logrotate['enable'] = true
1130
1131################################################################################
1132## Users and groups accounts
1133##! Disable management of users and groups accounts.
1134##! **Set only if creating accounts manually**
1135##! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#disable-user-and-group-account-management
1136################################################################################
1137
1138# manage_accounts['enable'] = false
1139
1140################################################################################
1141## Storage directories
1142##! Disable managing storage directories
1143##! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#disable-storage-directories-management
1144################################################################################
1145
1146##! **Set only if the select directories are created manually**
1147# manage_storage_directories['enable'] = false
1148# manage_storage_directories['manage_etc'] = false
1149
1150################################################################################
1151## Runtime directory
1152##! Docs: https://docs.gitlab.com//omnibus/settings/configuration.html#configuring-runtime-directory
1153################################################################################
1154
1155# runtime_dir '/run'
1156
1157################################################################################
1158## Git
1159##! Advanced setting for configuring git system settings for omnibus-gitlab
1160##! internal git
1161################################################################################
1162
1163##! For multiple options under one header use array of comma separated values,
1164##! eg.:
1165##! { "receive" => ["fsckObjects = true"], "alias" => ["st = status", "co = checkout"] }
1166
1167# omnibus_gitconfig['system'] = {
1168# "pack" => ["threads = 1"],
1169# "receive" => ["fsckObjects = true", "advertisePushOptions = true"],
1170# "repack" => ["writeBitmaps = true"],
1171# "transfer" => ["hideRefs=^refs/tmp/", "hideRefs=^refs/keep-around/", "hideRefs=^refs/remotes/"],
1172# }
1173
1174################################################################################
1175## GitLab Pages
1176##! Docs: https://docs.gitlab.com/ce/pages/administration.html
1177################################################################################
1178
1179##! Define to enable GitLab Pages
1180# pages_external_url "http://pages.example.com/"
1181# gitlab_pages['enable'] = false
1182
1183##! Configure to expose GitLab Pages on external IP address, serving the HTTP
1184# gitlab_pages['external_http'] = []
1185
1186##! Configure to expose GitLab Pages on external IP address, serving the HTTPS
1187# gitlab_pages['external_https'] = []
1188
1189##! Configure to enable health check endpoint on GitLab Pages
1190# gitlab_pages['status_uri'] = "/@status"
1191
1192##! Tune the maximum number of concurrent connections GitLab Pages will handle.
1193##! This should be in the range 1 - 10000, defaulting to 5000.
1194# gitlab_pages['max_connections'] = 5000
1195
1196##! Configure to use JSON structured logging in GitLab Pages
1197# gitlab_pages['log_format'] = "json"
1198
1199##! Configure verbose logging for GitLab Pages
1200# gitlab_pages['log_verbose'] = false
1201
1202##! Listen for requests forwarded by reverse proxy
1203# gitlab_pages['listen_proxy'] = "localhost:8090"
1204
1205# gitlab_pages['redirect_http'] = true
1206# gitlab_pages['use_http2'] = true
1207# gitlab_pages['dir'] = "/var/opt/gitlab/gitlab-pages"
1208# gitlab_pages['log_directory'] = "/var/log/gitlab/gitlab-pages"
1209
1210# gitlab_pages['artifacts_server'] = true
1211# gitlab_pages['artifacts_server_url'] = nil # Defaults to external_url + '/api/v4'
1212# gitlab_pages['artifacts_server_timeout'] = 10
1213
1214##! Environments that do not support bind-mounting should set this parameter to
1215##! true. This is incompatible with the artifacts server
1216# gitlab_pages['inplace_chroot'] = false
1217
1218##! Prometheus metrics for Pages docs: https://gitlab.com/gitlab-org/gitlab-pages/#enable-prometheus-metrics
1219# gitlab_pages['metrics_address'] = ":9235"
1220
1221##! Configure the pages admin API
1222# gitlab_pages['admin_secret_token'] = 'custom secret'
1223# gitlab_pages['admin_https_listener'] = '0.0.0.0:5678'
1224# gitlab_pages['admin_https_cert'] = '/etc/gitlab/pages-admin.crt'
1225# gitlab_pages['admin_https_key'] = '/etc/gitlab/pages-admin.key'
1226
1227##! Client side configuration for gitlab-pages admin API, in case pages runs on a different host
1228# gitlab_rails['pages_admin_address'] = 'pages.gitlab.example.com:5678'
1229# gitlab_rails['pages_admin_certificate'] = '/etc/gitlab/pages-admin.crt'
1230
1231##! Pages access control
1232# gitlab_pages['access_control'] = false
1233# gitlab_pages['gitlab_id'] = nil # Automatically generated if not present
1234# gitlab_pages['gitlab_secret'] = nil # Generated if not present
1235# gitlab_pages['auth_redirect_uri'] = nil # Defaults to projects subdomain of pages_external_url and + '/auth'
1236# gitlab_pages['auth_server'] = nil # Defaults to external_url
1237# gitlab_pages['auth_secret'] = nil # Generated if not present
1238
1239################################################################################
1240## GitLab Pages NGINX
1241################################################################################
1242
1243# All the settings defined in the "GitLab Nginx" section are also available in
1244# this "GitLab Pages NGINX" section, using the key `pages_nginx`. However,
1245# those settings should be explicitly set. That is, settings given as
1246# `nginx['some_setting']` WILL NOT be automatically replicated as
1247# `pages_nginx['some_setting']` and should be set separately.
1248
1249# Below you can find settings that are exclusive to "GitLab Pages NGINX"
1250# pages_nginx['enable'] = false
1251
1252# gitlab_rails['pages_path'] = "/var/opt/gitlab/gitlab-rails/shared/pages"
1253
1254################################################################################
1255## GitLab CI
1256##! Docs: https://docs.gitlab.com/ce/ci/quick_start/README.html
1257################################################################################
1258
1259# gitlab_ci['gitlab_ci_all_broken_builds'] = true
1260# gitlab_ci['gitlab_ci_add_pusher'] = true
1261# gitlab_ci['builds_directory'] = '/var/opt/gitlab/gitlab-ci/builds'
1262
1263################################################################################
1264## GitLab Mattermost
1265##! Docs: https://docs.gitlab.com/omnibus/gitlab-mattermost
1266################################################################################
1267
1268# mattermost_external_url 'http://mattermost.example.com'
1269
1270# mattermost['enable'] = false
1271# mattermost['username'] = 'mattermost'
1272# mattermost['group'] = 'mattermost'
1273# mattermost['uid'] = nil
1274# mattermost['gid'] = nil
1275# mattermost['home'] = '/var/opt/gitlab/mattermost'
1276# mattermost['database_name'] = 'mattermost_production'
1277# mattermost['env'] = {
1278# 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
1279# }
1280# mattermost['service_address'] = "127.0.0.1"
1281# mattermost['service_port'] = "8065"
1282# mattermost['service_site_url'] = nil
1283# mattermost['service_allowed_untrusted_internal_connections'] = ""
1284# mattermost['service_enable_api_team_deletion'] = true
1285# mattermost['team_site_name'] = "GitLab Mattermost"
1286# mattermost['sql_driver_name'] = 'mysql'
1287# mattermost['sql_data_source'] = "mmuser:mostest@tcp(dockerhost:3306)/mattermost_test?charset=utf8mb4,utf8"
1288# mattermost['log_file_directory'] = '/var/log/gitlab/mattermost/'
1289# mattermost['gitlab_enable'] = false
1290# mattermost['gitlab_id'] = "12345656"
1291# mattermost['gitlab_secret'] = "123456789"
1292# mattermost['gitlab_scope'] = ""
1293# mattermost['gitlab_auth_endpoint'] = "http://gitlab.example.com/oauth/authorize"
1294# mattermost['gitlab_token_endpoint'] = "http://gitlab.example.com/oauth/token"
1295# mattermost['gitlab_user_api_endpoint'] = "http://gitlab.example.com/api/v4/user"
1296# mattermost['file_directory'] = "/var/opt/gitlab/mattermost/data"
1297# mattermost['plugin_directory'] = "/var/opt/gitlab/mattermost/plugins"
1298# mattermost['plugin_client_directory'] = "/var/opt/gitlab/mattermost/client-plugins"
1299
1300################################################################################
1301## Mattermost NGINX
1302################################################################################
1303
1304# All the settings defined in the "GitLab Nginx" section are also available in
1305# this "Mattermost NGINX" section, using the key `mattermost_nginx`. However,
1306# those settings should be explicitly set. That is, settings given as
1307# `nginx['some_setting']` WILL NOT be automatically replicated as
1308# `mattermost_nginx['some_setting']` and should be set separately.
1309
1310# Below you can find settings that are exclusive to "Mattermost NGINX"
1311# mattermost_nginx['enable'] = false
1312
1313# mattermost_nginx['custom_gitlab_mattermost_server_config'] = "location ^~ /foo-namespace/bar-project/raw/ {\n deny all;\n}\n"
1314# mattermost_nginx['proxy_set_headers'] = {
1315# "Host" => "$http_host",
1316# "X-Real-IP" => "$remote_addr",
1317# "X-Forwarded-For" => "$proxy_add_x_forwarded_for",
1318# "X-Frame-Options" => "SAMEORIGIN",
1319# "X-Forwarded-Proto" => "https",
1320# "X-Forwarded-Ssl" => "on",
1321# "Upgrade" => "$http_upgrade",
1322# "Connection" => "$connection_upgrade"
1323# }
1324
1325
1326################################################################################
1327## Registry NGINX
1328################################################################################
1329
1330# All the settings defined in the "GitLab Nginx" section are also available in
1331# this "Registry NGINX" section, using the key `registry_nginx`. However, those
1332# settings should be explicitly set. That is, settings given as
1333# `nginx['some_setting']` WILL NOT be automatically replicated as
1334# `registry_nginx['some_setting']` and should be set separately.
1335
1336# Below you can find settings that are exclusive to "Registry NGINX"
1337# registry_nginx['enable'] = false
1338
1339# registry_nginx['proxy_set_headers'] = {
1340# "Host" => "$http_host",
1341# "X-Real-IP" => "$remote_addr",
1342# "X-Forwarded-For" => "$proxy_add_x_forwarded_for",
1343# "X-Forwarded-Proto" => "https",
1344# "X-Forwarded-Ssl" => "on"
1345# }
1346
1347################################################################################
1348## Prometheus
1349##! Docs: https://docs.gitlab.com/ce/administration/monitoring/prometheus/
1350################################################################################
1351
1352# prometheus['enable'] = true
1353# prometheus['monitor_kubernetes'] = true
1354# prometheus['username'] = 'gitlab-prometheus'
1355# prometheus['group'] = 'gitlab-prometheus'
1356# prometheus['uid'] = nil
1357# prometheus['gid'] = nil
1358# prometheus['shell'] = '/bin/sh'
1359# prometheus['home'] = '/var/opt/gitlab/prometheus'
1360# prometheus['log_directory'] = '/var/log/gitlab/prometheus'
1361# prometheus['rules_files'] = ['/var/opt/gitlab/prometheus/rules/*.rules']
1362# prometheus['scrape_interval'] = 15
1363# prometheus['scrape_timeout'] = 15
1364# prometheus['chunk_encoding_version'] = 2
1365# prometheus['env_directory'] = '/opt/gitlab/etc/prometheus/env'
1366# prometheus['env'] = {
1367# 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
1368# }
1369#
1370### Custom scrape configs
1371#
1372# Prometheus can scrape additional jobs via scrape_configs. The default automatically
1373# includes all of the exporters supported by the omnibus config.
1374#
1375# See: https://prometheus.io/docs/operating/configuration/#<scrape_config>
1376#
1377# Example:
1378#
1379# prometheus['scrape_configs'] = [
1380# {
1381# 'job_name': 'example',
1382# 'static_configs' => [
1383# 'targets' => ['hostname:port'],
1384# ],
1385# },
1386# ]
1387#
1388### Custom alertmanager config
1389#
1390# To configure external alertmanagers, create an alertmanager config.
1391#
1392# See: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config
1393#
1394# prometheus['alertmanagers'] = [
1395# {
1396# 'static_configs' => [
1397# {
1398# 'targets' => [
1399# 'hostname:port'
1400# ]
1401# }
1402# ]
1403# }
1404# ]
1405#
1406### Prometheus Memory Management
1407#
1408# Prometheus needs to be configured for how much memory is used.
1409# * This sets the target heap size.
1410# * This value accounts for approximately 2/3 of the memory used by the server.
1411# * The recommended memory is 4kb per unique metrics time-series.
1412# See: https://prometheus.io/docs/operating/storage/#memory-usage
1413#
1414# prometheus['target_heap_size'] = (
1415# # Use 25mb + 2% of total memory for Prometheus memory.
1416# 26_214_400 + (node['memory']['total'].to_i * 1024 * 0.02 )
1417# ).to_i
1418#
1419# prometheus['flags'] = {
1420# 'storage.local.path' => "#{node['gitlab']['prometheus']['home']}/data",
1421# 'storage.local.chunk-encoding-version' => user_config['chunk-encoding-version'],
1422# 'storage.local.target-heap-size' => node['gitlab']['prometheus']['target-heap-size'],
1423# 'config.file' => "#{node['gitlab']['prometheus']['home']}/prometheus.yml"
1424# }
1425
1426##! Advanced settings. Should be changed only if absolutely needed.
1427# prometheus['listen_address'] = 'localhost:9090'
1428
1429################################################################################
1430## Prometheus Alertmanager
1431##! Docs: https://docs.gitlab.com/ce/administration/monitoring/prometheus/alertmanager.html
1432################################################################################
1433
1434# alertmanager['enable'] = true
1435# alertmanager['home'] = '/var/opt/gitlab/alertmanager'
1436# alertmanager['log_directory'] = '/var/log/gitlab/alertmanager'
1437# alertmanager['admin_email'] = 'admin@example.com'
1438# alertmanager['flags'] = {
1439# 'web.listen-address' => "#{node['gitlab']['alertmanager']['listen_address']}"
1440# 'storage.path' => "#{node['gitlab']['alertmanager']['home']}/data"
1441# 'config.file' => "#{node['gitlab']['alertmanager']['home']}/alertmanager.yml"
1442# }
1443# alertmanager['env_directory'] = '/opt/gitlab/etc/alertmanager/env'
1444# alertmanager['env'] = {
1445# 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
1446# }
1447
1448##! Advanced settings. Should be changed only if absolutely needed.
1449# alertmanager['listen_address'] = 'localhost:9093'
1450
1451################################################################################
1452## Prometheus Node Exporter
1453##! Docs: https://docs.gitlab.com/ce/administration/monitoring/prometheus/node_exporter.html
1454################################################################################
1455
1456# node_exporter['enable'] = true
1457# node_exporter['home'] = '/var/opt/gitlab/node-exporter'
1458# node_exporter['log_directory'] = '/var/log/gitlab/node-exporter'
1459# node_exporter['flags'] = {
1460# 'collector.textfile.directory' => "#{node['gitlab']['node-exporter']['home']}/textfile_collector"
1461# }
1462# node_exporter['env_directory'] = '/opt/gitlab/etc/node-exporter/env'
1463# node_exporter['env'] = {
1464# 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
1465# }
1466
1467##! Advanced settings. Should be changed only if absolutely needed.
1468# node_exporter['listen_address'] = 'localhost:9100'
1469
1470################################################################################
1471## Prometheus Redis exporter
1472##! Docs: https://docs.gitlab.com/ce/administration/monitoring/prometheus/redis_exporter.html
1473################################################################################
1474
1475# redis_exporter['enable'] = true
1476# redis_exporter['log_directory'] = '/var/log/gitlab/redis-exporter'
1477# redis_exporter['flags'] = {
1478# 'redis.addr' => "unix://#{node['gitlab']['gitlab-rails']['redis_socket']}",
1479# }
1480# redis_exporter['env_directory'] = '/opt/gitlab/etc/redis-exporter/env'
1481# redis_exporter['env'] = {
1482# 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
1483# }
1484
1485##! Advanced settings. Should be changed only if absolutely needed.
1486# redis_exporter['listen_address'] = 'localhost:9121'
1487
1488################################################################################
1489## Prometheus Postgres exporter
1490##! Docs: https://docs.gitlab.com/ce/administration/monitoring/prometheus/postgres_exporter.html
1491################################################################################
1492
1493# postgres_exporter['enable'] = true
1494# postgres_exporter['home'] = '/var/opt/gitlab/postgres-exporter'
1495# postgres_exporter['log_directory'] = '/var/log/gitlab/postgres-exporter'
1496# postgres_exporter['flags'] = {}
1497# postgres_exporter['listen_address'] = 'localhost:9187'
1498# postgres_exporter['env_directory'] = '/opt/gitlab/etc/postgres-exporter/env'
1499# postgres_exporter['env'] = {
1500# 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
1501# }
1502
1503################################################################################
1504## Prometheus PgBouncer exporter (EE only)
1505##! Docs: https://docs.gitlab.com/ee/administration/monitoring/prometheus/pgbouncer_exporter.html
1506################################################################################
1507
1508# pgbouncer_exporter['enable'] = false
1509# pgbouncer_exporter['log_directory'] = "/var/log/gitlab/pgbouncer-exporter"
1510# pgbouncer_exporter['listen_address'] = 'localhost:9188'
1511# pgbouncer_exporter['env_directory'] = '/opt/gitlab/etc/pgbouncer-exporter/env'
1512# pgbouncer_exporter['env'] = {
1513# 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
1514# }
1515
1516################################################################################
1517## Prometheus Gitlab monitor
1518##! Docs: https://docs.gitlab.com/ce/administration/monitoring/prometheus/gitlab_monitor_exporter.html
1519################################################################################
1520
1521
1522# gitlab_monitor['enable'] = true
1523# gitlab_monitor['log_directory'] = "/var/log/gitlab/gitlab-monitor"
1524# gitlab_monitor['home'] = "/var/opt/gitlab/gitlab-monitor"
1525
1526##! Advanced settings. Should be changed only if absolutely needed.
1527# gitlab_monitor['listen_address'] = 'localhost'
1528# gitlab_monitor['listen_port'] = '9168'
1529
1530##! Manage gitlab-monitor sidekiq probes. false by default when Sentinels are
1531##! found.
1532# gitlab_monitor['probe_sidekiq'] = true
1533
1534# To completely disable prometheus, and all of it's exporters, set to false
1535# prometheus_monitoring['enable'] = true
1536
1537################################################################################
1538## Grafana Dashboards
1539##! Docs: https://docs.gitlab.com/ce/administration/monitoring/prometheus/#prometheus-as-a-grafana-data-source
1540################################################################################
1541
1542# grafana['enable'] = false
1543# grafana['log_directory'] = '/var/log/gitlab/grafana'
1544# grafana['home'] = '/var/opt/gitlab/grafana'
1545# grafana['admin_password'] = 'admin'
1546# grafana['allow_user_sign_up'] = false
1547# grafana['gitlab_application_id'] = 'GITLAB_APPLICATION_ID'
1548# grafana['gitlab_secret'] = 'GITLAB_SECRET'
1549# grafana['env_directory'] = '/opt/gitlab/etc/grafana/env'
1550# grafana['allowed_groups'] = []
1551# grafana['gitlab_auth_endpoint'] = "http://gitlab.example.com/oauth/authorize"
1552# grafana['gitlab_token_endpoint'] = "http://gitlab.example.com/oauth/token"
1553# grafana['gitlab_user_api_endpoint'] = "http://gitlab.example.com/api/v4/user"
1554# grafana['env'] = {
1555# 'SSL_CERT_DIR' => "#{node['package']['install-dir']}/embedded/ssl/certs/"
1556# }
1557
1558### Datasources
1559#
1560# See: http://docs.grafana.org/administration/provisioning/#example-datasource-config-file
1561#
1562# grafana['datasources'] = [
1563# {
1564# 'name' => 'GitLab Omnibus',
1565# 'type' => 'prometheus',
1566# 'access' => 'proxy',
1567# 'url' => 'http://localhost:9090'
1568# }
1569# ]
1570
1571##! Advanced settings. Should be changed only if absolutely needed.
1572# grafana['http_addr'] = 'localhost'
1573# grafana['http_port'] = 3000
1574
1575################################################################################
1576## Gitaly
1577##! Docs:
1578################################################################################
1579
1580# The gitaly['enable'] option exists for the purpose of cluster
1581# deployments, see https://docs.gitlab.com/ee/administration/gitaly/index.html .
1582# gitaly['enable'] = true
1583# gitaly['dir'] = "/var/opt/gitlab/gitaly"
1584# gitaly['log_directory'] = "/var/log/gitlab/gitaly"
1585# gitaly['bin_path'] = "/opt/gitlab/embedded/bin/gitaly"
1586# gitaly['env_directory'] = "/opt/gitlab/etc/gitaly/env"
1587# gitaly['env'] = {
1588# 'PATH' => "/opt/gitlab/bin:/opt/gitlab/embedded/bin:/bin:/usr/bin",
1589# 'HOME' => '/var/opt/gitlab'
1590# }
1591# gitaly['socket_path'] = "/var/opt/gitlab/gitaly/gitaly.socket"
1592# gitaly['listen_addr'] = "localhost:8075"
1593# gitaly['tls_listen_addr] = "localhost:9075"
1594# gitaly['certificate_path'] = "/var/opt/gitlab/gitaly/certificate.pem'
1595# gitaly['key_path'] = "/var/opt/gitlab/gitaly/key.pem"
1596# gitaly['prometheus_listen_addr'] = "localhost:9236"
1597# gitaly['logging_level'] = "warn"
1598# gitaly['logging_format'] = "json"
1599# gitaly['logging_sentry_dsn'] = "https://<key>:<secret>@sentry.io/<project>"
1600# gitaly['logging_ruby_sentry_dsn'] = "https://<key>:<secret>@sentry.io/<project>"
1601# gitaly['prometheus_grpc_latency_buckets'] = "[0.001, 0.005, 0.025, 0.1, 0.5, 1.0, 10.0, 30.0, 60.0, 300.0, 1500.0]"
1602# gitaly['auth_token'] = '<secret>'
1603# gitaly['auth_transitioning'] = false # When true, auth is logged to Prometheus but NOT enforced
1604# gitaly['ruby_max_rss'] = 300000000 # RSS threshold in bytes for triggering a gitaly-ruby restart
1605# gitaly['ruby_graceful_restart_timeout'] = '10m' # Grace time for a gitaly-ruby process to finish ongoing requests
1606# gitaly['ruby_restart_delay'] = '5m' # Period of sustained high RSS that needs to be observed before restarting gitaly-ruby
1607# gitaly['ruby_num_workers'] = 3 # Number of gitaly-ruby worker processes. Minimum 2, default 2.
1608# gitaly['storage'] = [
1609# {
1610# 'name' => 'default',
1611# 'path' => '/mnt/nfs-01/git-data/repositories'
1612# },
1613# {
1614# 'name' => 'secondary',
1615# 'path' => '/mnt/nfs-02/git-data/repositories'
1616# }
1617# ]
1618# gitaly['concurrency'] = [
1619# {
1620# 'rpc' => "/gitaly.SmartHTTPService/PostReceivePack",
1621# 'max_per_repo' => 20
1622# }, {
1623# 'rpc' => "/gitaly.SSHService/SSHUploadPack",
1624# 'max_per_repo' => 5
1625# }
1626# ]
1627
1628################################################################################
1629# Storage check
1630################################################################################
1631# storage_check['enable'] = false
1632# storage_check['target'] = 'unix:///var/opt/gitlab/gitlab-rails/sockets/gitlab.socket'
1633# storage_check['log_directory'] = '/var/log/gitlab/storage-check'
1634
1635################################################################################
1636# Let's Encrypt integration
1637################################################################################
1638# letsencrypt['enable'] = nil
1639# letsencrypt['contact_emails'] = [] # This should be an array of email addresses to add as contacts
1640# letsencrypt['group'] = 'root'
1641# letsencrypt['key_size'] = 2048
1642# letsencrypt['owner'] = 'root'
1643# letsencrypt['wwwroot'] = '/var/opt/gitlab/nginx/www'
1644# See http://docs.gitlab.com/omnibus/settings/ssl.html#automatic-renewal for more on these sesttings
1645# letsencrypt['auto_renew'] = true
1646# letsencrypt['auto_renew_hour'] = 0
1647# letsencrypt['auto_renew_minute'] = nil # Should be a number or cron expression, if specified.
1648# letsencrypt['auto_renew_day_of_month'] = "*/4"
1649
1650##! Turn off automatic init system detection. To skip init detection in
1651##! non-docker containers. Recommended not to change.
1652# package['detect_init'] = true
1653
1654################################################################################
1655################################################################################
1656## Configuration Settings for GitLab EE only ##
1657################################################################################
1658################################################################################
1659
1660
1661################################################################################
1662## Auxiliary cron jobs applicable to GitLab EE only
1663################################################################################
1664#
1665# gitlab_rails['geo_file_download_dispatch_worker_cron'] = "*/10 * * * *"
1666# gitlab_rails['geo_repository_sync_worker_cron'] = "*/5 * * * *"
1667# gitlab_rails['geo_prune_event_log_worker_cron'] = "*/5 * * * *"
1668# gitlab_rails['geo_repository_verification_primary_batch_worker_cron'] = "*/5 * * * *"
1669# gitlab_rails['geo_repository_verification_secondary_scheduler_worker_cron'] = "*/5 * * * *"
1670# gitlab_rails['geo_migrated_local_files_clean_up_worker_cron'] = "15 */6 * * *"
1671# gitlab_rails['ldap_sync_worker_cron'] = "30 1 * * *"
1672# gitlab_rails['ldap_group_sync_worker_cron'] = "0 * * * *"
1673# gitlab_rails['historical_data_worker_cron'] = "0 12 * * *"
1674# gitlab_rails['pseudonymizer_worker_cron'] = "0 23 * * *"
1675
1676################################################################################
1677## Kerberos (EE Only)
1678##! Docs: https://docs.gitlab.com/ee/integration/kerberos.html#http-git-access
1679################################################################################
1680
1681# gitlab_rails['kerberos_enabled'] = true
1682# gitlab_rails['kerberos_keytab'] = /etc/http.keytab
1683# gitlab_rails['kerberos_service_principal_name'] = HTTP/gitlab.example.com@EXAMPLE.COM
1684# gitlab_rails['kerberos_use_dedicated_port'] = true
1685# gitlab_rails['kerberos_port'] = 8443
1686# gitlab_rails['kerberos_https'] = true
1687
1688################################################################################
1689## Package repository (EE Only)
1690##! Docs: https://docs.gitlab.com/ee/administration/maven_packages.md
1691################################################################################
1692
1693# gitlab_rails['packages_enabled'] = true
1694# gitlab_rails['packages_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/packages"
1695# gitlab_rails['packages_object_store_enabled'] = false
1696# gitlab_rails['packages_object_store_direct_upload'] = false
1697# gitlab_rails['packages_object_store_background_upload'] = true
1698# gitlab_rails['packages_object_store_proxy_download'] = false
1699# gitlab_rails['packages_object_store_remote_directory'] = "packages"
1700# gitlab_rails['packages_object_store_connection'] = {
1701# 'provider' => 'AWS',
1702# 'region' => 'eu-west-1',
1703# 'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
1704# 'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
1705# # # The below options configure an S3 compatible host instead of AWS
1706# # 'host' => 's3.amazonaws.com',
1707# # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
1708# # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
1709# # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
1710# }
1711
1712################################################################################
1713## GitLab Sentinel (EE Only)
1714##! Docs: http://docs.gitlab.com/ce/administration/high_availability/redis.html#high-availability-with-sentinel
1715################################################################################
1716
1717##! **Make sure you configured all redis['master_*'] keys above before
1718##! continuing.**
1719
1720##! To enable Sentinel and disable all other services in this machine,
1721##! uncomment the line below (if you've enabled Redis role, it will keep it).
1722##! Docs: https://docs.gitlab.com/ce/administration/high_availability/redis.html
1723# redis_sentinel_role['enable'] = true
1724
1725# sentinel['enable'] = true
1726
1727##! Bind to all interfaces, uncomment to specify an IP and bind to a single one
1728# sentinel['bind'] = '0.0.0.0'
1729
1730##! Uncomment to change default port
1731# sentinel['port'] = 26379
1732
1733#### Support to run sentinels in a Docker or NAT environment
1734#####! Docs: https://redis.io/topics/sentinel#sentinel-docker-nat-and-possible-issues
1735# In an standard case, Sentinel will run in the same network service as Redis, so the same IP will be announce for Redis and Sentinel
1736# Only define these values if it is needed to announce for Sentinel a differen IP service than Redis
1737# sentinel['announce_ip'] = nil # If not defined, its value will be taken from redis['announce_ip'] or nil if not present
1738# sentinel['announce_port'] = nil # If not defined, its value will be taken from sentinel['port'] or nil if redis['announce_ip'] not present
1739
1740##! Quorum must reflect the amount of voting sentinels it take to start a
1741##! failover.
1742##! **Value must NOT be greater then the amount of sentinels.**
1743##! The quorum can be used to tune Sentinel in two ways:
1744##! 1. If a the quorum is set to a value smaller than the majority of Sentinels
1745##! we deploy, we are basically making Sentinel more sensible to master
1746##! failures, triggering a failover as soon as even just a minority of
1747##! Sentinels is no longer able to talk with the master.
1748##! 2. If a quorum is set to a value greater than the majority of Sentinels, we
1749##! are making Sentinel able to failover only when there are a very large
1750##! number (larger than majority) of well connected Sentinels which agree
1751##! about the master being down.
1752# sentinel['quorum'] = 1
1753
1754### Consider unresponsive server down after x amount of ms.
1755# sentinel['down_after_milliseconds'] = 10000
1756
1757### Specifies the failover timeout in milliseconds.
1758##! It is used in many ways:
1759##!
1760##! - The time needed to re-start a failover after a previous failover was
1761##! already tried against the same master by a given Sentinel, is two
1762##! times the failover timeout.
1763##!
1764##! - The time needed for a slave replicating to a wrong master according
1765##! to a Sentinel current configuration, to be forced to replicate
1766##! with the right master, is exactly the failover timeout (counting since
1767##! the moment a Sentinel detected the misconfiguration).
1768##!
1769##! - The time needed to cancel a failover that is already in progress but
1770##! did not produced any configuration change (SLAVEOF NO ONE yet not
1771##! acknowledged by the promoted slave).
1772##!
1773##! - The maximum time a failover in progress waits for all the slaves to be
1774##! reconfigured as slaves of the new master. However even after this time
1775##! the slaves will be reconfigured by the Sentinels anyway, but not with
1776##! the exact parallel-syncs progression as specified.
1777# sentinel['failover_timeout'] = 60000
1778
1779################################################################################
1780## GitLab Sidekiq Cluster (EE only)
1781################################################################################
1782
1783##! GitLab Enterprise Edition allows one to start an extra set of Sidekiq processes
1784##! besides the default one. These processes can be used to consume a dedicated set
1785##! of queues. This can be used to ensure certain queues always have dedicated
1786##! workers, no matter the amount of jobs that need to be processed.
1787
1788# sidekiq_cluster['enable'] = false
1789# sidekiq_cluster['ha'] = false
1790# sidekiq_cluster['log_directory'] = "/var/log/gitlab/sidekiq-cluster"
1791# sidekiq_cluster['interval'] = 5 # The number of seconds to wait between worker checks
1792# sidekiq_cluster['max_concurrency'] = 50 # The maximum number of threads each Sidekiq process should run
1793
1794##! Each entry in the queue_groups array denotes a group of queues that have to be processed by a
1795##! Sidekiq process. Multiple queues can be processed by the same process by
1796##! separating them with a comma within the group entry
1797
1798# sidekiq_cluster['queue_groups'] = [
1799# "process_commit,post_receive",
1800# "gitlab_shell"
1801# ]
1802#
1803
1804##! If negate is enabled then sidekiq-cluster will process all the queues that
1805##! don't match those in queue_groups.
1806
1807# sidekiq_cluster['negate'] = false
1808
1809################################################################################
1810## Additional Database Settings (EE only)
1811##! Docs: https://docs.gitlab.com/ee/administration/database_load_balancing.html
1812################################################################################
1813# gitlab_rails['db_load_balancing'] = { 'hosts' => ['secondary1.example.com'] }
1814
1815################################################################################
1816## GitLab Geo
1817##! Docs: https://docs.gitlab.com/ee/gitlab-geo
1818################################################################################
1819# geo_primary_role['enable'] = false
1820# geo_secondary_role['enable'] = false
1821
1822################################################################################
1823## GitLab Geo Secondary (EE only)
1824################################################################################
1825# geo_secondary['auto_migrate'] = true
1826# geo_secondary['db_adapter'] = "postgresql"
1827# geo_secondary['db_encoding'] = "unicode"
1828# geo_secondary['db_collation'] = nil
1829# geo_secondary['db_database'] = "gitlabhq_geo_production"
1830# geo_secondary['db_pool'] = 10
1831# geo_secondary['db_username'] = "gitlab_geo"
1832# geo_secondary['db_password'] = nil
1833# geo_secondary['db_host'] = "/var/opt/gitlab/geo-postgresql"
1834# geo_secondary['db_port'] = 5431
1835# geo_secondary['db_socket'] = nil
1836# geo_secondary['db_sslmode'] = nil
1837# geo_secondary['db_sslcompression'] = 0
1838# geo_secondary['db_sslrootcert'] = nil
1839# geo_secondary['db_sslca'] = nil
1840# geo_secondary['db_fdw'] = true
1841
1842################################################################################
1843## GitLab Geo Secondary Tracking Database (EE only)
1844################################################################################
1845
1846# geo_postgresql['enable'] = false
1847# geo_postgresql['ha'] = false
1848# geo_postgresql['dir'] = '/var/opt/gitlab/geo-postgresql'
1849# geo_postgresql['data_dir'] = '/var/opt/gitlab/geo-postgresql/data'
1850# geo_postgresql['pgbouncer_user'] = nil
1851# geo_postgresql['pgbouncer_user_password'] = nil
1852##! `SQL_USER_PASSWORD_HASH` can be generated using the command `gitlab-ctl pg-password-md5 gitlab`
1853# geo_postgresql['sql_user_password'] = 'SQL_USER_PASSWORD_HASH'
1854
1855################################################################################
1856# Pgbouncer (EE only)
1857# See [GitLab PgBouncer documentation](http://docs.gitlab.com/omnibus/settings/database.html#enabling-pgbouncer-ee-only)
1858# See the [PgBouncer page](https://pgbouncer.github.io/config.html) for details
1859################################################################################
1860# pgbouncer['enable'] = false
1861# pgbouncer['log_directory'] = '/var/log/gitlab/pgbouncer'
1862# pgbouncer['data_directory'] = '/var/opt/gitlab/pgbouncer'
1863# pgbouncer['env_directory'] = '/opt/gitlab/etc/pgbouncer/env'
1864# pgbouncer['env'] = {
1865# 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
1866# }
1867# pgbouncer['listen_addr'] = '0.0.0.0'
1868# pgbouncer['listen_port'] = '6432'
1869# pgbouncer['pool_mode'] = 'transaction'
1870# pgbouncer['server_reset_query'] = 'DISCARD ALL'
1871# pgbouncer['application_name_add_host'] = '1'
1872# pgbouncer['max_client_conn'] = '2048'
1873# pgbouncer['default_pool_size'] = '100'
1874# pgbouncer['min_pool_size'] = '0'
1875# pgbouncer['reserve_pool_size'] = '5'
1876# pgbouncer['reserve_pool_timeout'] = '5.0'
1877# pgbouncer['server_round_robin'] = '0'
1878# pgbouncer['log_connections'] = '0'
1879# pgbouncer['server_idle_timeout'] = '30'
1880# pgbouncer['dns_max_ttl'] = '15.0'
1881# pgbouncer['dns_zone_check_period'] = '0'
1882# pgbouncer['dns_nxdomain_ttl'] = '15.0'
1883# pgbouncer['admin_users'] = %w(gitlab-psql postgres pgbouncer)
1884# pgbouncer['stats_users'] = %w(gitlab-psql postgres pgbouncer)
1885# pgbouncer['ignore_startup_parameters'] = 'extra_float_digits'
1886# pgbouncer['databases'] = {
1887# DATABASE_NAME: {
1888# host: HOSTNAME,
1889# port: PORT
1890# user: USERNAME,
1891# password: PASSWORD
1892###! generate this with `echo -n '$password + $username' | md5sum`
1893# }
1894# ...
1895# }
1896# pgbouncer['logfile'] = nil
1897# pgbouncer['unix_socket_dir'] = nil
1898# pgbouncer['unix_socket_mode'] = '0777'
1899# pgbouncer['unix_socket_group'] = nil
1900# pgbouncer['auth_type'] = 'md5'
1901# pgbouncer['auth_hba_file'] = nil
1902# pgbouncer['auth_query'] = 'SELECT username, password FROM public.pg_shadow_lookup($1)'
1903# pgbouncer['users'] = {
1904# {
1905# name: USERNAME,
1906# password: MD5_PASSWORD_HASH
1907# }
1908# }
1909# postgresql['pgbouncer_user'] = nil
1910# postgresql['pgbouncer_user_password'] = nil
1911# pgbouncer['server_reset_query_always'] = 0
1912# pgbouncer['server_check_query'] = 'select 1'
1913# pgbouncer['server_check_delay'] = 30
1914# pgbouncer['max_db_connections'] = nil
1915# pgbouncer['max_user_connections'] = nil
1916# pgbouncer['syslog'] = 0
1917# pgbouncer['syslog_facility'] = 'daemon'
1918# pgbouncer['syslog_ident'] = 'pgbouncer'
1919# pgbouncer['log_disconnections'] = 1
1920# pgbouncer['log_pooler_errors'] = 1
1921# pgbouncer['stats_period'] = 60
1922# pgbouncer['verbose'] = 0
1923# pgbouncer['server_lifetime'] = 3600
1924# pgbouncer['server_connect_timeout'] = 15
1925# pgbouncer['server_login_retry'] = 15
1926# pgbouncer['query_timeout'] = 0
1927# pgbouncer['query_wait_timeout'] = 120
1928# pgbouncer['client_idle_timeout'] = 0
1929# pgbouncer['client_login_timeout'] = 60
1930# pgbouncer['autodb_idle_timeout'] = 3600
1931# pgbouncer['suspend_timeout'] = 10
1932# pgbouncer['idle_transaction_timeout'] = 0
1933# pgbouncer['pkt_buf'] = 4096
1934# pgbouncer['listen_backlog'] = 128
1935# pgbouncer['sbuf_loopcnt'] = 5
1936# pgbouncer['max_packet_size'] = 2147483647
1937# pgbouncer['tcp_defer_accept'] = 0
1938# pgbouncer['tcp_socket_buffer'] = 0
1939# pgbouncer['tcp_keepalive'] = 1
1940# pgbouncer['tcp_keepcnt'] = 0
1941# pgbouncer['tcp_keepidle'] = 0
1942# pgbouncer['tcp_keepintvl'] = 0
1943# pgbouncer['disable_pqexec'] = 0
1944
1945## Pgbouncer client TLS options
1946# pgbouncer['client_tls_sslmode'] = 'disable'
1947# pgbouncer['client_tls_ca_file'] = nil
1948# pgbouncer['client_tls_key_file'] = nil
1949# pgbouncer['client_tls_cert_file'] = nil
1950# pgbouncer['client_tls_protocols'] = 'all'
1951# pgbouncer['client_tls_dheparams'] = 'auto'
1952# pgbouncer['client_tls_ecdhcurve'] = 'auto'
1953#
1954## Pgbouncer server TLS options
1955# pgbouncer['server_tls_sslmode'] = 'disable'
1956# pgbouncer['server_tls_ca_file'] = nil
1957# pgbouncer['server_tls_key_file'] = nil
1958# pgbouncer['server_tls_cert_file'] = nil
1959# pgbouncer['server_tls_protocols'] = 'all'
1960# pgbouncer['server_tls_ciphers'] = 'fast'
1961
1962################################################################################
1963# Repmgr (EE only)
1964################################################################################
1965# repmgr['enable'] = false
1966# repmgr['cluster'] = 'gitlab_cluster'
1967# repmgr['database'] = 'gitlab_repmgr'
1968# repmgr['host'] = nil
1969# repmgr['node_number'] = nil
1970# repmgr['port'] = 5432
1971# repmgr['trust_auth_cidr_addresses'] = []
1972# repmgr['user'] = 'gitlab_repmgr'
1973# repmgr['sslmode'] = 'prefer'
1974# repmgr['sslcompression'] = 0
1975# repmgr['failover'] = 'automatic'
1976# repmgr['log_directory'] = '/var/log/gitlab/repmgrd'
1977# repmgr['node_name'] = nil
1978# repmgr['pg_bindir'] = '/opt/gitlab/embedded/bin'
1979# repmgr['service_start_command'] = '/opt/gitlab/bin/gitlab-ctl start postgresql'
1980# repmgr['service_stop_command'] = '/opt/gitlab/bin/gitlab-ctl stop postgresql'
1981# repmgr['service_reload_command'] = '/opt/gitlab/bin/gitlab-ctl hup postgresql'
1982# repmgr['service_restart_command'] = '/opt/gitlab/bin/gitlab-ctl restart postgresql'
1983# repmgr['service_promote_command'] = nil
1984# repmgr['promote_command'] = '/opt/gitlab/embedded/bin/repmgr standby promote -f /var/opt/gitlab/postgresql/repmgr.conf'
1985# repmgr['follow_command'] = '/opt/gitlab/embedded/bin/repmgr standby follow -f /var/opt/gitlab/postgresql/repmgr.conf'
1986
1987# repmgr['upstream_node'] = nil
1988# repmgr['use_replication_slots'] = false
1989# repmgr['loglevel'] = 'INFO'
1990# repmgr['logfacility'] = 'STDERR'
1991# repmgr['logfile'] = nil
1992
1993# repmgr['event_notification_command'] = nil
1994# repmgr['event_notifications'] = nil
1995
1996# repmgr['rsync_options'] = nil
1997# repmgr['ssh_options'] = nil
1998# repmgr['priority'] = nil
1999#
2000# HA setting to specify if a node should attempt to be master on initialization
2001# repmgr['master_on_initialization'] = true
2002
2003# repmgr['retry_promote_interval_secs'] = 300
2004# repmgr['witness_repl_nodes_sync_interval_secs'] = 15
2005# repmgr['reconnect_attempts'] = 6
2006# repmgr['reconnect_interval'] = 10
2007# repmgr['monitor_interval_secs'] = 2
2008# repmgr['master_response_timeout'] = 60
2009# repmgr['daemon'] = true
2010# repmgrd['enable'] = true
2011
2012################################################################################
2013# Consul (EEP only)
2014################################################################################
2015# consul['enable'] = false
2016# consul['dir'] = '/var/opt/gitlab/consul'
2017# consul['user'] = 'gitlab-consul'
2018# consul['group'] = 'gitlab-consul'
2019# consul['config_file'] = '/var/opt/gitlab/consul/config.json'
2020# consul['config_dir'] = '/var/opt/gitlab/consul/config.d'
2021# consul['data_dir'] = '/var/opt/gitlab/consul/data'
2022# consul['log_directory'] = '/var/log/gitlab/consul'
2023# consul['env_directory'] = '/opt/gitlab/etc/consul/env'
2024# consul['env'] = {
2025# 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
2026# }
2027# consul['node_name'] = nil
2028# consul['script_directory'] = '/var/opt/gitlab/consul/scripts'
2029# consul['configuration'] = {
2030# 'client_addr' => nil,
2031# 'datacenter' => 'gitlab_consul',
2032# 'enable_script_checks' => true,
2033# 'server' => false
2034# }
2035# consul['services'] = []
2036# consul['service_config'] = {
2037# 'postgresql' => {
2038# 'service' => {
2039# 'name' => "postgresql",
2040# 'address' => '',
2041# 'port' => 5432,
2042# 'checks' => [
2043# {
2044# 'script' => "/var/opt/gitlab/consul/scripts/check_postgresql",
2045# 'interval' => "10s"
2046# }
2047# ]
2048# }
2049# }
2050# }
2051# consul['watchers'] = {
2052# 'postgresql' => {
2053# enable: false,
2054# handler: 'failover_pgbouncer'
2055# }
2056# }