· 7 years ago · Oct 06, 2018, 10:14 PM
1gio@buguntu:~$ kubectl logs gitlab-6484748b57-kt6lb
2Thank you for using GitLab Docker Image!
3Current version: gitlab-ce=11.3.4-ce.0
4
5Configure GitLab for your system by editing /etc/gitlab/gitlab.rb file
6And restart this container to reload settings.
7To do it use docker exec:
8
9 docker exec -it gitlab vim /etc/gitlab/gitlab.rb
10 docker restart gitlab
11
12For a comprehensive list of configuration options please see the Omnibus GitLab readme
13https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/README.md
14
15If this container fails to start due to permission problems try to fix it by executing:
16
17 docker exec -it gitlab update-permissions
18 docker restart gitlab
19
20Installing gitlab.rb config...
21Generating ssh_host_rsa_key...
22Generating public/private rsa key pair.
23Your identification has been saved in /etc/gitlab/ssh_host_rsa_key.
24Your public key has been saved in /etc/gitlab/ssh_host_rsa_key.pub.
25The key fingerprint is:
26SHA256:gm8USDQ/EeDcT4kk8Fzu8V2agJcgRoEduS3sugoV8PE root@gitlab-6484748b57-kt6lb
27The key's randomart image is:
28+---[RSA 2048]----+
29|. o*%=*. |
30| o.Xo@ = o |
31| o.EoX * . |
32| .+o.O o + |
33| ....+ S + |
34| . .o . |
35|. . o |
36|. . . |
37|.... |
38+----[SHA256]-----+
39Generating ssh_host_ecdsa_key...
40Generating public/private ecdsa key pair.
41Your identification has been saved in /etc/gitlab/ssh_host_ecdsa_key.
42Your public key has been saved in /etc/gitlab/ssh_host_ecdsa_key.pub.
43The key fingerprint is:
44SHA256:8TZLJ0e35CFB0hfdCAU0HpDQQfxmngCiECOOTRHSnsQ root@gitlab-6484748b57-kt6lb
45The key's randomart image is:
46+---[ECDSA 256]---+
47|oo*+ .==BO+o+.|
48|o=E. . . +o.+o o|
49|.+.o . ... .+.+ |
50| o . o..+= o |
51| S *=o.o |
52| o *o |
53| . |
54| |
55| |
56+----[SHA256]-----+
57Generating ssh_host_ed25519_key...
58Generating public/private ed25519 key pair.
59Your identification has been saved in /etc/gitlab/ssh_host_ed25519_key.
60Your public key has been saved in /etc/gitlab/ssh_host_ed25519_key.pub.
61The key fingerprint is:
62SHA256:cbebK1dg0/t+4kUzy/ciEvTGpufignB1xX/OXIcFP54 root@gitlab-6484748b57-kt6lb
63The key's randomart image is:
64+--[ED25519 256]--+
65| . .. |
66| o ..|
67| . ...o +.|
68| .oo.+.= *|
69| .So +.o E+|
70| . . . =o+.B|
71| o . =o. +o|
72| . . = +.o.=|
73| o.Boo.++|
74+----[SHA256]-----+
75Preparing services...
76Starting services...
77Configuring GitLab...
78/opt/gitlab/embedded/bin/runsvdir-start: line 24: ulimit: pending signals: cannot modify limit: Operation not permitted
79/opt/gitlab/embedded/bin/runsvdir-start: line 37: /proc/sys/fs/file-max: Read-only file system
80Starting Chef Client, version 13.6.4
81resolving cookbooks for run list: ["gitlab"]
82Synchronizing Cookbooks:
83 - gitlab (0.0.1)
84 - package (0.1.0)
85 - postgresql (0.1.0)
86 - registry (0.1.0)
87 - mattermost (0.1.0)
88 - consul (0.0.0)
89 - gitaly (0.1.0)
90 - letsencrypt (0.1.0)
91 - nginx (0.1.0)
92 - runit (0.14.2)
93 - acme (3.1.0)
94 - crond (0.1.0)
95 - compat_resource (12.19.0)
96Installing Cookbook Gems:
97Compiling Cookbooks...
98Recipe: gitlab::default
99 * directory[/etc/gitlab] action create
100 - change mode from '0755' to '0775'
101 Converging 463 resources
102 * directory[/etc/gitlab] action create (up to date)
103 * directory[Create /var/opt/gitlab] action create
104 - change owner from 'git' to 'root'
105 - change group from 'git' to 'root'
106 * directory[/opt/gitlab/embedded/etc] action create
107 - create new directory /opt/gitlab/embedded/etc
108 - change mode from '' to '0755'
109 - change owner from '' to 'root'
110 - change group from '' to 'root'
111 * template[/opt/gitlab/embedded/etc/gitconfig] action create
112 - create new file /opt/gitlab/embedded/etc/gitconfig
113 - update content in file /opt/gitlab/embedded/etc/gitconfig from none to 987af3
114 --- /opt/gitlab/embedded/etc/gitconfig 2018-10-06 21:51:18.625660983 +0000
115 +++ /opt/gitlab/embedded/etc/.chef-gitconfig20181006-31-1qgn6hs 2018-10-06 21:51:18.625660983 +0000
116 @@ -1 +1,11 @@
117 +[pack]
118 + threads = 1
119 +[receive]
120 + fsckObjects = true
121 +advertisePushOptions = true
122 +[repack]
123 + writeBitmaps = true
124 +[transfer]
125 + hideRefs=^refs/tmp/
126 +hideRefs=^refs/keep-around/
127 - change mode from '' to '0755'
128Recipe: gitlab::web-server
129 * account[Webserver user and group] action create (up to date)
130Recipe: gitlab::users
131 * directory[/var/opt/gitlab] action create (up to date)
132 * account[GitLab user and group] action create (up to date)
133 * template[/var/opt/gitlab/.gitconfig] action create
134 - create new file /var/opt/gitlab/.gitconfig
135 - update content in file /var/opt/gitlab/.gitconfig from none to 497feb
136 --- /var/opt/gitlab/.gitconfig 2018-10-06 21:51:18.662661274 +0000
137 +++ /var/opt/gitlab/.chef-.gitconfig20181006-31-1rx45q2.gitconfig 2018-10-06 21:51:18.662661274 +0000
138 @@ -1 +1,12 @@
139 +# This file is managed by gitlab-ctl. Manual changes will be
140 +# erased! To change the contents below, edit /etc/gitlab/gitlab.rb
141 +# and run `sudo gitlab-ctl reconfigure`.
142 +
143 +[user]
144 + name = GitLab
145 + email = gitlab@gitlab-6484748b57-kt6lb
146 +[core]
147 + autocrlf = input
148 +[gc]
149 + auto = 0
150 - change mode from '' to '0644'
151 - change owner from '' to 'git'
152 - change group from '' to 'git'
153 * directory[/var/opt/gitlab/.bundle] action create
154 - create new directory /var/opt/gitlab/.bundle
155 - change owner from '' to 'git'
156 - change group from '' to 'git'
157Recipe: gitlab::gitlab-shell
158 * storage_directory[/var/opt/gitlab/.ssh] action create
159 * ruby_block[directory resource: /var/opt/gitlab/.ssh] action run
160 - execute the ruby block directory resource: /var/opt/gitlab/.ssh
161
162 * directory[/var/log/gitlab/gitlab-shell/] action create
163 - create new directory /var/log/gitlab/gitlab-shell/
164 - change mode from '' to '0700'
165 - change owner from '' to 'git'
166 * directory[/var/opt/gitlab/gitlab-shell] action create
167 - create new directory /var/opt/gitlab/gitlab-shell
168 - change mode from '' to '0700'
169 - change owner from '' to 'git'
170 * templatesymlink[Create a config.yml and create a symlink to Rails root] action create
171 * template[/var/opt/gitlab/gitlab-shell/config.yml] action create
172 - create new file /var/opt/gitlab/gitlab-shell/config.yml
173 - update content in file /var/opt/gitlab/gitlab-shell/config.yml from none to d824f9
174 --- /var/opt/gitlab/gitlab-shell/config.yml 2018-10-06 21:51:19.421667247 +0000
175 +++ /var/opt/gitlab/gitlab-shell/.chef-config20181006-31-whf2hx.yml 2018-10-06 21:51:19.420667239 +0000
176 @@ -1 +1,44 @@
177 +# This file is managed by gitlab-ctl. Manual changes will be
178 +# erased! To change the contents below, edit /etc/gitlab/gitlab.rb
179 +# and run `sudo gitlab-ctl reconfigure`.
180 +
181 +# GitLab user. git by default
182 +user: git
183 +
184 +# Url to gitlab instance. Used for api calls. Should end with a slash.
185 +gitlab_url: "http://127.0.0.1:8080"
186 +
187 +http_settings:
188 +
189 +# user: someone
190 +# password: somepass
191 +# ca_file: /etc/ssl/cert.pem
192 +# ca_path: /etc/pki/tls/certs
193 +# self_signed_cert: false
194 +
195 +# File used as authorized_keys for gitlab user
196 +auth_file: "/var/opt/gitlab/.ssh/authorized_keys"
197 +
198 +# Redis settings used for pushing commit notices to gitlab
199 +redis:
200 + host: 127.0.0.1
201 + port:
202 + socket: /var/opt/gitlab/redis/redis.socket
203 + database:
204 + namespace: resque:gitlab
205 +
206 +# Log file.
207 +# Default is gitlab-shell.log in the root directory.
208 +log_file: "/var/log/gitlab/gitlab-shell/gitlab-shell.log"
209 +
210 +# Log level. INFO by default
211 +log_level:
212 +
213 +
214 +# Audit usernames.
215 +# Set to true to see real usernames in the logs instead of key ids, which is easier to follow, but
216 +# incurs an extra API call on every gitlab-shell command.
217 +audit_usernames:
218 +
219 +
220 - change mode from '' to '0640'
221 - change owner from '' to 'root'
222 - change group from '' to 'git'
223 * link[Link /opt/gitlab/embedded/service/gitlab-shell/config.yml to /var/opt/gitlab/gitlab-shell/config.yml] action create
224 - create symlink at /opt/gitlab/embedded/service/gitlab-shell/config.yml to /var/opt/gitlab/gitlab-shell/config.yml
225
226 * link[/opt/gitlab/embedded/service/gitlab-shell/.gitlab_shell_secret] action create
227 - create symlink at /opt/gitlab/embedded/service/gitlab-shell/.gitlab_shell_secret to /opt/gitlab/embedded/service/gitlab-rails/.gitlab_shell_secret
228 * execute[/opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-keys check-permissions] action run
229 - execute /opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-keys check-permissions
230 * bash[Set proper security context on ssh files for selinux] action run (skipped due to only_if)
231Recipe: gitlab::gitlab-rails
232 * storage_directory[/var/opt/gitlab/git-data] action create
233 * ruby_block[directory resource: /var/opt/gitlab/git-data] action run
234 - execute the ruby block directory resource: /var/opt/gitlab/git-data
235
236 * storage_directory[/var/opt/gitlab/git-data/repositories] action create
237 * ruby_block[directory resource: /var/opt/gitlab/git-data/repositories] action run
238 - execute the ruby block directory resource: /var/opt/gitlab/git-data/repositories
239
240 * directory[/var/log/gitlab] action create
241 - change owner from 'root' to 'git'
242 * storage_directory[/var/opt/gitlab/gitlab-rails/shared] action create
243 * ruby_block[directory resource: /var/opt/gitlab/gitlab-rails/shared] action run
244 - execute the ruby block directory resource: /var/opt/gitlab/gitlab-rails/shared
245
246 * storage_directory[/var/opt/gitlab/gitlab-rails/shared/artifacts] action create
247 * ruby_block[directory resource: /var/opt/gitlab/gitlab-rails/shared/artifacts] action run
248 - execute the ruby block directory resource: /var/opt/gitlab/gitlab-rails/shared/artifacts
249
250 * storage_directory[/var/opt/gitlab/gitlab-rails/shared/lfs-objects] action create
251 * ruby_block[directory resource: /var/opt/gitlab/gitlab-rails/shared/lfs-objects] action run
252 - execute the ruby block directory resource: /var/opt/gitlab/gitlab-rails/shared/lfs-objects
253
254 * storage_directory[/var/opt/gitlab/gitlab-rails/shared/packages] action create
255 * ruby_block[directory resource: /var/opt/gitlab/gitlab-rails/shared/packages] action run
256 - execute the ruby block directory resource: /var/opt/gitlab/gitlab-rails/shared/packages
257
258 * storage_directory[/var/opt/gitlab/gitlab-rails/uploads] action create
259 * ruby_block[directory resource: /var/opt/gitlab/gitlab-rails/uploads] action run
260 - execute the ruby block directory resource: /var/opt/gitlab/gitlab-rails/uploads
261
262 * storage_directory[/var/opt/gitlab/gitlab-ci/builds] action create
263 * ruby_block[directory resource: /var/opt/gitlab/gitlab-ci/builds] action run
264 - execute the ruby block directory resource: /var/opt/gitlab/gitlab-ci/builds
265
266 * storage_directory[/var/opt/gitlab/gitlab-rails/shared/cache] action create
267 * ruby_block[directory resource: /var/opt/gitlab/gitlab-rails/shared/cache] action run
268 - execute the ruby block directory resource: /var/opt/gitlab/gitlab-rails/shared/cache
269
270 * storage_directory[/var/opt/gitlab/gitlab-rails/shared/tmp] action create
271 * ruby_block[directory resource: /var/opt/gitlab/gitlab-rails/shared/tmp] action run
272 - execute the ruby block directory resource: /var/opt/gitlab/gitlab-rails/shared/tmp
273
274 * storage_directory[/var/opt/gitlab/gitlab-rails/shared/pages] action create
275 * ruby_block[directory resource: /var/opt/gitlab/gitlab-rails/shared/pages] action run
276 - execute the ruby block directory resource: /var/opt/gitlab/gitlab-rails/shared/pages
277
278 * directory[create /var/opt/gitlab/gitlab-rails/etc] action create
279 - create new directory /var/opt/gitlab/gitlab-rails/etc
280 - change mode from '' to '0700'
281 - change owner from '' to 'git'
282 * directory[create /opt/gitlab/etc/gitlab-rails] action create
283 - create new directory /opt/gitlab/etc/gitlab-rails
284 - change mode from '' to '0700'
285 - change owner from '' to 'git'
286 * directory[create /var/opt/gitlab/gitlab-rails/working] action create
287 - create new directory /var/opt/gitlab/gitlab-rails/working
288 - change mode from '' to '0700'
289 - change owner from '' to 'git'
290 * directory[create /var/opt/gitlab/gitlab-rails/tmp] action create
291 - create new directory /var/opt/gitlab/gitlab-rails/tmp
292 - change mode from '' to '0700'
293 - change owner from '' to 'git'
294 * directory[create /var/opt/gitlab/gitlab-rails/upgrade-status] action create
295 - create new directory /var/opt/gitlab/gitlab-rails/upgrade-status
296 - change mode from '' to '0700'
297 - change owner from '' to 'git'
298 * directory[create /var/log/gitlab/gitlab-rails] action create
299 - create new directory /var/log/gitlab/gitlab-rails
300 - change mode from '' to '0700'
301 - change owner from '' to 'git'
302 * storage_directory[/var/opt/gitlab/backups] action create
303 * ruby_block[directory resource: /var/opt/gitlab/backups] action run
304 - execute the ruby block directory resource: /var/opt/gitlab/backups
305
306 * directory[/var/opt/gitlab/gitlab-rails] action create
307 - change owner from 'root' to 'git'
308 * directory[/var/opt/gitlab/gitlab-ci] action create
309 - change owner from 'root' to 'git'
310 * file[/var/opt/gitlab/gitlab-rails/etc/gitlab-registry.key] action create (skipped due to only_if)
311 * template[/opt/gitlab/etc/gitlab-rails/gitlab-rails-rc] action create
312 - create new file /opt/gitlab/etc/gitlab-rails/gitlab-rails-rc
313 - update content in file /opt/gitlab/etc/gitlab-rails/gitlab-rails-rc from none to 15c7d9
314 --- /opt/gitlab/etc/gitlab-rails/gitlab-rails-rc 2018-10-06 21:51:22.010687610 +0000
315 +++ /opt/gitlab/etc/gitlab-rails/.chef-gitlab-rails-rc20181006-31-1lax8kf 2018-10-06 21:51:22.010687610 +0000
316 @@ -1 +1,2 @@
317 +gitlab_user='git'
318 * file[/opt/gitlab/embedded/service/gitlab-rails/.secret] action delete (up to date)
319 * file[/var/opt/gitlab/gitlab-rails/etc/secret] action delete (up to date)
320 * templatesymlink[Create a database.yml and create a symlink to Rails root] action create
321 * template[/var/opt/gitlab/gitlab-rails/etc/database.yml] action create
322 - create new file /var/opt/gitlab/gitlab-rails/etc/database.yml
323 - update content in file /var/opt/gitlab/gitlab-rails/etc/database.yml from none to ba7f50
324 --- /var/opt/gitlab/gitlab-rails/etc/database.yml 2018-10-06 21:51:22.047687901 +0000
325 +++ /var/opt/gitlab/gitlab-rails/etc/.chef-database20181006-31-12ku2pc.yml 2018-10-06 21:51:22.047687901 +0000
326 @@ -1 +1,24 @@
327 +# This file is managed by gitlab-ctl. Manual changes will be
328 +# erased! To change the contents below, edit /etc/gitlab/gitlab.rb
329 +# and run `sudo gitlab-ctl reconfigure`.
330 +
331 +production:
332 + adapter: postgresql
333 + encoding: unicode
334 + collation:
335 + database: gitlabhq_production
336 + pool: 10
337 + username: "gitlab"
338 + password:
339 + host: "/var/opt/gitlab/postgresql"
340 + port: 5432
341 + socket:
342 + sslmode:
343 + sslcompression: 0
344 + sslrootcert:
345 + sslca:
346 + load_balancing: {"hosts":[]}
347 + prepared_statements: false
348 + statements_limit: 1000
349 + fdw:
350 - change mode from '' to '0640'
351 - change owner from '' to 'root'
352 - change group from '' to 'git'
353 * link[Link /opt/gitlab/embedded/service/gitlab-rails/config/database.yml to /var/opt/gitlab/gitlab-rails/etc/database.yml] action create
354 - create symlink at /opt/gitlab/embedded/service/gitlab-rails/config/database.yml to /var/opt/gitlab/gitlab-rails/etc/database.yml
355
356 * templatesymlink[Create a secrets.yml and create a symlink to Rails root] action create
357 * template[/var/opt/gitlab/gitlab-rails/etc/secrets.yml] action create
358 - create new file /var/opt/gitlab/gitlab-rails/etc/secrets.yml
359 - update content in file /var/opt/gitlab/gitlab-rails/etc/secrets.yml from none to ef3e7b
360 - suppressed sensitive resource
361 - change mode from '' to '0644'
362 - change owner from '' to 'root'
363 - change group from '' to 'root'
364 * link[Link /opt/gitlab/embedded/service/gitlab-rails/config/secrets.yml to /var/opt/gitlab/gitlab-rails/etc/secrets.yml] action create
365 - create symlink at /opt/gitlab/embedded/service/gitlab-rails/config/secrets.yml to /var/opt/gitlab/gitlab-rails/etc/secrets.yml
366
367 * templatesymlink[Create a resque.yml and create a symlink to Rails root] action create
368 * template[/var/opt/gitlab/gitlab-rails/etc/resque.yml] action create
369 - create new file /var/opt/gitlab/gitlab-rails/etc/resque.yml
370 - update content in file /var/opt/gitlab/gitlab-rails/etc/resque.yml from none to ec4232
371 --- /var/opt/gitlab/gitlab-rails/etc/resque.yml 2018-10-06 21:51:22.109688389 +0000
372 +++ /var/opt/gitlab/gitlab-rails/etc/.chef-resque20181006-31-1aer68k.yml 2018-10-06 21:51:22.109688389 +0000
373 @@ -1 +1,3 @@
374 +production:
375 + url: unix:/var/opt/gitlab/redis/redis.socket
376 - change mode from '' to '0644'
377 - change owner from '' to 'root'
378 - change group from '' to 'root'
379 * link[Link /opt/gitlab/embedded/service/gitlab-rails/config/resque.yml to /var/opt/gitlab/gitlab-rails/etc/resque.yml] action create
380 - create symlink at /opt/gitlab/embedded/service/gitlab-rails/config/resque.yml to /var/opt/gitlab/gitlab-rails/etc/resque.yml
381
382 * templatesymlink[Create a redis.cache.yml and create a symlink to Rails root] action create (skipped due to not_if)
383 * templatesymlink[Create a redis.queues.yml and create a symlink to Rails root] action create (skipped due to not_if)
384 * templatesymlink[Create a redis.shared_state.yml and create a symlink to Rails root] action create (skipped due to not_if)
385 * templatesymlink[Create a smtp_settings.rb and create a symlink to Rails root] action delete
386 * file[/var/opt/gitlab/gitlab-rails/etc/smtp_settings.rb] action delete (up to date)
387 * link[/opt/gitlab/embedded/service/gitlab-rails/config/initializers/smtp_settings.rb] action delete (up to date)
388 (up to date)
389 * templatesymlink[Create a gitlab.yml and create a symlink to Rails root] action create
390 * template[/var/opt/gitlab/gitlab-rails/etc/gitlab.yml] action create
391 - create new file /var/opt/gitlab/gitlab-rails/etc/gitlab.yml
392 - update content in file /var/opt/gitlab/gitlab-rails/etc/gitlab.yml from none to f16715
393 --- /var/opt/gitlab/gitlab-rails/etc/gitlab.yml 2018-10-06 21:51:22.154688742 +0000
394 +++ /var/opt/gitlab/gitlab-rails/etc/.chef-gitlab20181006-31-5qexl0.yml 2018-10-06 21:51:22.153688735 +0000
395 @@ -1 +1,542 @@
396 +# This file is managed by gitlab-ctl. Manual changes will be
397 +# erased! To change the contents below, edit /etc/gitlab/gitlab.rb
398 +# and run `sudo gitlab-ctl reconfigure`.
399 +
400 +production: &base
401 + #
402 + # 1. GitLab app settings
403 + # ==========================
404 +
405 + ## GitLab settings
406 + gitlab:
407 + ## Web server settings (note: host is the FQDN, do not include http://)
408 + host: gitlab-6484748b57-kt6lb
409 + port: 80
410 + https: false
411 +
412 + # Uncommment this line below if your ssh host is different from HTTP/HTTPS one
413 + # (you'd obviously need to replace ssh.host_example.com with your own host).
414 + # Otherwise, ssh host will be set to the `host:` value above
415 + ssh_host:
416 +
417 + # WARNING: See config/application.rb under "Relative url support" for the list of
418 + # other files that need to be changed for relative url support
419 + relative_url_root:
420 +
421 + # Trusted Proxies
422 + # Customize if you have GitLab behind a reverse proxy which is running on a different machine.
423 + # Add the IP address for your reverse proxy to the list, otherwise users will appear signed in from that address.
424 + trusted_proxies:
425 +
426 + # Uncomment and customize if you can't use the default user to run GitLab (default: 'git')
427 + user: git
428 +
429 + ## Date & Time settings
430 + time_zone:
431 +
432 + ## Email settings
433 + # Uncomment and set to false if you need to disable email sending from GitLab (default: true)
434 + email_enabled:
435 + # Email address used in the "From" field in mails sent by GitLab
436 + email_from: gitlab@gitlab-6484748b57-kt6lb
437 + email_display_name:
438 + email_reply_to:
439 + email_subject_suffix:
440 +
441 + # Email server smtp settings are in [a separate file](initializers/smtp_settings.rb.sample).
442 +
443 + ## User settings
444 + default_can_create_group: # default: true
445 + username_changing_enabled: # default: true - User can change her username/namespace
446 + ## Default theme
447 + ## 1 - Graphite
448 + ## 2 - Charcoal
449 + ## 3 - Green
450 + ## 4 - Gray
451 + ## 5 - Violet
452 + ## 6 - Blue
453 + default_theme: # default: 2
454 +
455 + ## Automatic issue closing
456 + # If a commit message matches this regular expression, all issues referenced from the matched text will be closed.
457 + # This happens when the commit is pushed or merged into the default branch of a project.
458 + # When not specified the default issue_closing_pattern as specified below will be used.
459 + # Tip: you can test your closing pattern at http://rubular.com
460 + issue_closing_pattern:
461 +
462 + ## Default project features settings
463 + default_projects_features:
464 + issues:
465 + merge_requests:
466 + wiki:
467 + snippets:
468 + builds:
469 + container_registry:
470 +
471 + ## Webhook settings
472 + # Number of seconds to wait for HTTP response after sending webhook HTTP POST request (default: 10)
473 + webhook_timeout:
474 +
475 + ## Repository downloads directory
476 + # When a user clicks e.g. 'Download zip' on a project, a temporary zip file is created in the following directory.
477 + # The default is 'tmp/repositories' relative to the root of the Rails app.
478 + repository_downloads_path:
479 +
480 + usage_ping_enabled:
481 +
482 + ## Reply by email
483 + # Allow users to comment on issues and merge requests by replying to notification emails.
484 + # For documentation on how to set this up, see https://docs.gitlab.com/ce/administration/reply_by_email.html
485 + incoming_email:
486 + enabled: false
487 +
488 + # The email address including the `%{key}` placeholder that will be replaced to reference the item being replied to.
489 + # The placeholder can be omitted but if present, it must appear in the "user" part of the address (before the `@`).
490 + address:
491 +
492 + # Email account username
493 + # With third party providers, this is usually the full email address.
494 + # With self-hosted email servers, this is usually the user part of the email address.
495 + user:
496 + # Email account password
497 + password:
498 +
499 + # IMAP server host
500 + host:
501 + # IMAP server port
502 + port:
503 + # Whether the IMAP server uses SSL
504 + ssl:
505 + # Whether the IMAP server uses StartTLS
506 + start_tls:
507 +
508 + # The mailbox where incoming mail will end up. Usually "inbox".
509 + mailbox: "inbox"
510 + # The IDLE command timeout.
511 + idle_timeout:
512 +
513 + ## Build Artifacts
514 + artifacts:
515 + enabled: true
516 + # The location where Build Artifacts are stored (default: shared/artifacts).
517 + path: /var/opt/gitlab/gitlab-rails/shared/artifacts
518 + object_store:
519 + enabled: false
520 + direct_upload: false
521 + background_upload: true
522 + proxy_download: false
523 + remote_directory: "artifacts"
524 + connection: {}
525 +
526 + ## Git LFS
527 + lfs:
528 + enabled:
529 + # The location where LFS objects are stored (default: shared/lfs-objects).
530 + storage_path: /var/opt/gitlab/gitlab-rails/shared/lfs-objects
531 + object_store:
532 + enabled: false
533 + direct_upload: false
534 + background_upload: true
535 + proxy_download: false
536 + remote_directory: "lfs-objects"
537 + connection: {}
538 +
539 + ## Uploads
540 + uploads:
541 + # The location where uploads objects are stored (default: public/).
542 + storage_path: /opt/gitlab/embedded/service/gitlab-rails/public
543 + object_store:
544 + enabled: false
545 + direct_upload: false
546 + background_upload: true
547 + proxy_download: false
548 + remote_directory: "uploads"
549 + connection: {}
550 +
551 + ## Packages (maven repository so far) EE only
552 + packages:
553 + enabled:
554 + # The location where build packages are stored (default: shared/packages).
555 + storage_path: /var/opt/gitlab/gitlab-rails/shared/packages
556 + object_store:
557 + enabled: false
558 + direct_upload: false
559 + background_upload: true
560 + proxy_download: false
561 + remote_directory: "packages"
562 + connection: {}
563 +
564 + ## Container Registry
565 + registry:
566 + enabled: false
567 + host:
568 + port:
569 + api_url: # internal address to the registry, will be used by GitLab to directly communicate with API
570 + path:
571 + key: /var/opt/gitlab/gitlab-rails/etc/gitlab-registry.key
572 + issuer: omnibus-gitlab-issuer
573 +
574 + mattermost:
575 + enabled: false
576 + host:
577 +
578 + ## GitLab Pages
579 + pages:
580 + enabled: false
581 + path: /var/opt/gitlab/gitlab-rails/shared/pages
582 + host:
583 + port:
584 + https: false
585 + external_http: null
586 + external_https: null
587 + artifacts_server: true
588 + admin:
589 + address: unix:/var/opt/gitlab/gitlab-pages/admin.socket
590 + certificate:
591 +
592 + ## Gravatar
593 + ## For Libravatar see: https://docs.gitlab.com/ce/customization/libravatar.html
594 + gravatar:
595 + # gravatar urls: possible placeholders: %{hash} %{size} %{email}
596 + plain_url: # default: http://www.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon
597 + ssl_url: # default: https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon
598 +
599 + ## Sidekiq
600 + sidekiq:
601 + log_format: default
602 +
603 + ## Auxiliary jobs
604 + # Periodically executed jobs, to self-heal GitLab, do external synchronizations, etc.
605 + # Please read here for more information: https://github.com/ondrejbartas/sidekiq-cron#adding-cron-job
606 + cron_jobs:
607 + # Flag stuck CI builds as failed
608 + stuck_ci_jobs_worker:
609 + cron:
610 + # Remove expired build artifacts
611 + expire_build_artifacts_worker:
612 + cron:
613 + # Schedule pipelines in the near future
614 + pipeline_schedule_worker:
615 + cron:
616 + # Periodically run 'git fsck' on all repositories. If started more than
617 + # once per hour you will have concurrent 'git fsck' jobs.
618 + repository_check_worker:
619 + cron:
620 + # Send admin emails once a week
621 + admin_email_worker:
622 + cron:
623 +
624 + # Remove outdated repository archives
625 + repository_archive_cache_worker:
626 + cron:
627 +
628 + # Archive live traces which have not been archived yet
629 + ci_archive_traces_cron_worker:
630 + cron:
631 +
632 + # Verify custom GitLab Pages domains
633 + pages_domain_verification_cron_worker:
634 + cron:
635 +
636 + ##
637 + # GitLab EE only jobs:
638 +
639 + # Snapshot active users statistics
640 +
641 + # In addition to refreshing users when they log in,
642 + # periodically refresh LDAP users membership.
643 + # NOTE: This will only take effect if LDAP is enabled
644 +
645 + # GitLab LDAP group sync worker
646 + # NOTE: This will only take effect if LDAP is enabled
647 +
648 + # GitLab Geo prune event log worker
649 + # NOTE: This will only take effect if Geo is enabled (primary node only)
650 +
651 + # GitLab Geo repository sync worker
652 + # NOTE: This will only take effect if Geo is enabled
653 +
654 + # GitLab Geo file download dispatch worker
655 + # NOTE: This will only take effect if Geo is enabled
656 +
657 + # GitLab Geo repository verification primary batch worker
658 + # NOTE: This will only take effect if Geo is enabled
659 +
660 + # GitLab Geo repository verification secondary scheduler worker
661 + # NOTE: This will only take effect if Geo is enabled
662 +
663 + # GitLab Geo migrated local files clean up worker
664 + # NOTE: This will only take effect if Geo is enabled (secondary nodes only)
665 +
666 + # Export pseudonymized data in CSV format for analysis
667 +
668 + #
669 + # 2. GitLab CI settings
670 + # ==========================
671 +
672 + gitlab_ci:
673 + # Default project notifications settings:
674 + #
675 + # Send emails only on broken builds (default: true)
676 + all_broken_builds:
677 + #
678 + # Add pusher to recipients list (default: false)
679 + add_pusher:
680 +
681 + # The location where build traces are stored (default: builds/). Relative paths are relative to Rails.root
682 + builds_path: /var/opt/gitlab/gitlab-ci/builds
683 +
684 + #
685 + # 3. Auth settings
686 + # ==========================
687 +
688 + ## LDAP settings
689 + # You can inspect a sample of the LDAP users with login access by running:
690 + # bundle exec rake gitlab:ldap:check RAILS_ENV=production
691 + ldap:
692 + enabled: false
693 + sync_time:
694 + host:
695 + port:
696 + uid:
697 + method: # "tls" or "ssl" or "plain"
698 + bind_dn:
699 + password:
700 + active_directory:
701 + allow_username_or_email_login:
702 + lowercase_usernames:
703 + base:
704 + user_filter:
705 +
706 + ## EE only
707 + group_base:
708 + admin_group:
709 + sync_ssh_keys:
710 + sync_time:
711 +
712 + ## Kerberos settings
713 + kerberos:
714 + # Allow the HTTP Negotiate authentication method for Git clients
715 + enabled:
716 +
717 + # Kerberos 5 keytab file. The keytab file must be readable by the GitLab user,
718 + # and should be different from other keytabs in the system.
719 + # (default: use default keytab from Krb5 config)
720 + keytab:
721 +
722 + # The Kerberos service name to be used by GitLab.
723 + # (default: accept any service name in keytab file)
724 + service_principal_name:
725 +
726 + # Dedicated port: Git before 2.4 does not fall back to Basic authentication if Negotiate fails.
727 + # To support both Basic and Negotiate methods with older versions of Git, configure
728 + # nginx to proxy GitLab on an extra port (e.g. 8443) and uncomment the following lines
729 + # to dedicate this port to Kerberos authentication. (default: false)
730 + use_dedicated_port:
731 + port:
732 + https:
733 +
734 +
735 + ## OmniAuth settings
736 + omniauth:
737 + # Allow login via Twitter, Google, etc. using OmniAuth providers
738 + enabled: false
739 +
740 + # Uncomment this to automatically sign in with a specific omniauth provider's without
741 + # showing GitLab's sign-in page (default: show the GitLab sign-in page)
742 + auto_sign_in_with_provider:
743 +
744 + # Sync user's email address from the specified Omniauth provider every time the user logs
745 + # in (default: nil). And consequently make this field read-only.
746 +
747 + # Sync user's profile from the specified Omniauth providers every time the user logs in (default: empty).
748 + # Define the allowed providers using an array, e.g. ["cas3", "saml", "twitter"],
749 + # or as true/false to allow all providers or none.
750 + # sync_profile_from_provider: []
751 +
752 + # Select which info to sync from the providers above. (default: email).
753 + # Define the synced profile info using an array. Available options are "name", "email" and "location"
754 + # e.g. ["name", "email", "location"] or as true to sync all available.
755 + # This consequently will make the selected attributes read-only.
756 + # sync_profile_attributes: true
757 +
758 + # CAUTION!
759 + # This allows users to login without having a user account first. Define the allowed
760 + # providers using an array, e.g. ["saml", "twitter"]
761 + # User accounts will be created automatically when authentication was successful.
762 + allow_single_sign_on: ["saml"]
763 +
764 + # Locks down those users until they have been cleared by the admin (default: true).
765 + block_auto_created_users:
766 + # Look up new users in LDAP servers. If a match is found (same uid), automatically
767 + # link the omniauth identity with the LDAP account. (default: false)
768 + auto_link_ldap_user:
769 +
770 + # Allow users with existing accounts to login and auto link their account via SAML
771 + # login, without having to do a manual login first and manually add SAML
772 + # (default: false)
773 + auto_link_saml_user: null
774 +
775 + # Set different Omniauth providers as external so that all users creating accounts
776 + # via these providers will not be able to have access to internal projects. You
777 + # will need to use the full name of the provider, like `google_oauth2` for Google.
778 + # Refer to the examples below for the full names of the supported providers.
779 + # (default: [])
780 + external_providers: null
781 +
782 + ## Auth providers
783 + # Uncomment the following lines and fill in the data of the auth provider you want to use
784 + # If your favorite auth provider is not listed you can use others:
785 + # see https://github.com/gitlabhq/gitlab-public-wiki/wiki/Custom-omniauth-provider-configurations
786 + # The 'app_id' and 'app_secret' parameters are always passed as the first two
787 + # arguments, followed by optional 'args' which can be either a hash or an array.
788 + # Documentation for this is available at https://docs.gitlab.com/ce/integration/omniauth.html
789 + providers:
790 + # - { name: 'google_oauth2', app_id: 'YOUR APP ID',
791 + # app_secret: 'YOUR APP SECRET',
792 + # args: { access_type: 'offline', approval_prompt: '' } }
793 + # - { name: 'twitter', app_id: 'YOUR APP ID',
794 + # app_secret: 'YOUR APP SECRET'}
795 + # - { name: 'github', app_id: 'YOUR APP ID',
796 + # app_secret: 'YOUR APP SECRET',
797 + # args: { scope: 'user:email' } }
798 +
799 + # Shared file storage settings
800 + shared:
801 + path: /var/opt/gitlab/gitlab-rails/shared
802 +
803 + # Gitaly settings
804 + # This setting controls whether GitLab uses Gitaly
805 + # Eventually Gitaly use will become mandatory and
806 + # this option will disappear.
807 + gitaly:
808 + client_path: /opt/gitlab/embedded/bin
809 + token: ""
810 +
811 +
812 + #
813 + # 4. Advanced settings
814 + # ==========================
815 +
816 + ## Repositories settings
817 + repositories:
818 + # Paths where repositories can be stored. Give the canonicalized absolute pathname.
819 + # NOTE: REPOS PATHS MUST NOT CONTAIN ANY SYMLINK!!!
820 + storages: {"default":{"path":"/var/opt/gitlab/git-data/repositories","gitaly_address":"unix:/var/opt/gitlab/gitaly/gitaly.socket"}}
821 +
822 + ## Backup settings
823 + backup:
824 + path: "/var/opt/gitlab/backups" # Relative paths are relative to Rails.root (default: tmp/backups/)
825 + archive_permissions: # Permissions for the resulting backup.tar file (default: 0600)
826 + keep_time: # default: 0 (forever) (in seconds)
827 + pg_schema: # default: nil, it means that all schemas will be backed up
828 + upload:
829 + # Fog storage connection settings, see http://fog.io/storage/ .
830 + connection:
831 + # The remote 'directory' to store your backups. For S3, this would be the bucket name.
832 + remote_directory:
833 + multipart_chunk_size:
834 + encryption:
835 + storage_class:
836 +
837 + ## Pseudonymizer settings
838 + pseudonymizer:
839 + manifest:
840 + upload:
841 + remote_directory:
842 + connection: {}
843 +
844 + ## GitLab Shell settings
845 + gitlab_shell:
846 + path: /opt/gitlab/embedded/service/gitlab-shell/
847 + hooks_path: /opt/gitlab/embedded/service/gitlab-shell/hooks/
848 +
849 + # Git over HTTP
850 + upload_pack:
851 + receive_pack:
852 +
853 + # If you use non-standard ssh port you need to specify it
854 + ssh_port:
855 +
856 + # Git import/fetch timeout
857 + git_timeout: 10800
858 +
859 + ## Git settings
860 + # CAUTION!
861 + # Use the default values unless you really know what you are doing
862 + git:
863 + bin_path: /opt/gitlab/embedded/bin/git
864 +
865 + monitoring:
866 + # Time between sampling of unicorn socket metrics, in seconds
867 + unicorn_sampler_interval: 10
868 + # IP whitelist controlling access to monitoring endpoints
869 + ip_whitelist:
870 + - "127.0.0.0/8"
871 + - "::1/128"
872 + # Sidekiq exporter is webserver built in to Sidekiq to expose Prometheus metrics
873 + sidekiq_exporter:
874 + enabled: true
875 + address: 127.0.0.1
876 + port: 8082
877 +
878 + #
879 + # 5. Extra customization
880 + # ==========================
881 +
882 + extra:
883 +
884 +
885 + rack_attack:
886 + git_basic_auth:
887 +
888 +
889 +development:
890 + <<: *base
891 +
892 +test:
893 + <<: *base
894 + gravatar:
895 + enabled: true
896 + gitlab:
897 + host: localhost
898 + port: 80
899 +
900 + # When you run tests we clone and setup gitlab-shell
901 + # In order to setup it correctly you need to specify
902 + # your system username you use to run GitLab
903 + # user: YOUR_USERNAME
904 + repositories:
905 + storages:
906 + default: { "path": "tmp/tests/repositories/" }
907 + gitlab_shell:
908 + path: tmp/tests/gitlab-shell/
909 + hooks_path: tmp/tests/gitlab-shell/hooks/
910 + issues_tracker:
911 + redmine:
912 + title: "Redmine"
913 + project_url: "http://redmine/projects/:issues_tracker_id"
914 + issues_url: "http://redmine/:project_id/:issues_tracker_id/:id"
915 + new_issue_url: "http://redmine/projects/:issues_tracker_id/issues/new"
916 + jira:
917 + title: "JIRA"
918 + url: https://samplecompany.example.net
919 + project_key: PROJECT
920 + ldap:
921 + enabled: false
922 + servers:
923 + main:
924 + label: ldap
925 + host: 127.0.0.1
926 + port: 3890
927 + uid: 'uid'
928 + method: 'plain' # "tls" or "ssl" or "plain"
929 + base: 'dc=example,dc=com'
930 + user_filter: ''
931 + group_base: 'ou=groups,dc=example,dc=com'
932 + admin_group: ''
933 + sync_ssh_keys: false
934 +
935 +staging:
936 + <<: *base
937 - change mode from '' to '0640'
938 - change owner from '' to 'root'
939 - change group from '' to 'git'
940 * link[Link /opt/gitlab/embedded/service/gitlab-rails/config/gitlab.yml to /var/opt/gitlab/gitlab-rails/etc/gitlab.yml] action create
941 - create symlink at /opt/gitlab/embedded/service/gitlab-rails/config/gitlab.yml to /var/opt/gitlab/gitlab-rails/etc/gitlab.yml
942
943 * templatesymlink[Create a rack_attack.rb and create a symlink to Rails root] action create
944 * template[/var/opt/gitlab/gitlab-rails/etc/rack_attack.rb] action create
945 - create new file /var/opt/gitlab/gitlab-rails/etc/rack_attack.rb
946 - update content in file /var/opt/gitlab/gitlab-rails/etc/rack_attack.rb from none to a61b95
947 --- /var/opt/gitlab/gitlab-rails/etc/rack_attack.rb 2018-10-06 21:51:22.270689654 +0000
948 +++ /var/opt/gitlab/gitlab-rails/etc/.chef-rack_attack20181006-31-hypiup.rb 2018-10-06 21:51:22.270689654 +0000
949 @@ -1 +1,32 @@
950 +# This file is managed by gitlab-ctl. Manual changes will be
951 +# erased! To change the contents below, edit /etc/gitlab/gitlab.rb
952 +# and run `sudo gitlab-ctl reconfigure`.
953 +
954 +# 1. Rename this file to rack_attack.rb
955 +# 2. Review the paths_to_be_protected and add any other path you need protecting
956 +#
957 +
958 +paths_to_be_protected = [
959 + "#{Rails.application.config.relative_url_root}/users/password",
960 + "#{Rails.application.config.relative_url_root}/users/sign_in",
961 + "#{Rails.application.config.relative_url_root}/api/#{API::API.version}/session.json",
962 + "#{Rails.application.config.relative_url_root}/api/#{API::API.version}/session",
963 + "#{Rails.application.config.relative_url_root}/users",
964 + "#{Rails.application.config.relative_url_root}/users/confirmation",
965 + "#{Rails.application.config.relative_url_root}/unsubscribes/",
966 + "#{Rails.application.config.relative_url_root}/import/github/personal_access_token",
967 +]
968 +
969 +# Create one big regular expression that matches strings starting with any of
970 +# the paths_to_be_protected.
971 +paths_regex = Regexp.union(paths_to_be_protected.map { |path| /\A#{Regexp.escape(path)}/ })
972 +rack_attack_enabled = Gitlab.config.rack_attack.git_basic_auth['enabled']
973 +
974 +unless Rails.env.test? || !rack_attack_enabled
975 + Rack::Attack.throttle('protected paths', limit: 10, period: 60.seconds) do |req|
976 + if req.post? && req.path =~ paths_regex
977 + req.ip
978 + end
979 + end
980 +end
981 - change mode from '' to '0644'
982 - change owner from '' to 'root'
983 - change group from '' to 'root'
984 * link[Link /opt/gitlab/embedded/service/gitlab-rails/config/initializers/rack_attack.rb to /var/opt/gitlab/gitlab-rails/etc/rack_attack.rb] action create
985 - create symlink at /opt/gitlab/embedded/service/gitlab-rails/config/initializers/rack_attack.rb to /var/opt/gitlab/gitlab-rails/etc/rack_attack.rb
986
987 * templatesymlink[Create a gitlab_workhorse_secret and create a symlink to Rails root] action create
988 * template[/var/opt/gitlab/gitlab-rails/etc/gitlab_workhorse_secret] action create
989 - create new file /var/opt/gitlab/gitlab-rails/etc/gitlab_workhorse_secret
990 - update content in file /var/opt/gitlab/gitlab-rails/etc/gitlab_workhorse_secret from none to f6d928
991 - suppressed sensitive resource
992 - change mode from '' to '0644'
993 - change owner from '' to 'root'
994 - change group from '' to 'root'
995 * link[Link /opt/gitlab/embedded/service/gitlab-rails/.gitlab_workhorse_secret to /var/opt/gitlab/gitlab-rails/etc/gitlab_workhorse_secret] action create
996 - create symlink at /opt/gitlab/embedded/service/gitlab-rails/.gitlab_workhorse_secret to /var/opt/gitlab/gitlab-rails/etc/gitlab_workhorse_secret
997
998 * templatesymlink[Create a gitlab_shell_secret and create a symlink to Rails root] action create
999 * template[/var/opt/gitlab/gitlab-rails/etc/gitlab_shell_secret] action create
1000 - create new file /var/opt/gitlab/gitlab-rails/etc/gitlab_shell_secret
1001 - update content in file /var/opt/gitlab/gitlab-rails/etc/gitlab_shell_secret from none to dfa007
1002 - suppressed sensitive resource
1003 - change mode from '' to '0644'
1004 - change owner from '' to 'root'
1005 - change group from '' to 'root'
1006 * link[Link /opt/gitlab/embedded/service/gitlab-rails/.gitlab_shell_secret to /var/opt/gitlab/gitlab-rails/etc/gitlab_shell_secret] action create
1007 - create symlink at /opt/gitlab/embedded/service/gitlab-rails/.gitlab_shell_secret to /var/opt/gitlab/gitlab-rails/etc/gitlab_shell_secret
1008
1009 * templatesymlink[Create a gitlab_pages_secret and create a symlink to Rails root] action create (skipped due to only_if)
1010 * link[/opt/gitlab/embedded/service/gitlab-rails/config/initializers/relative_url.rb] action delete (up to date)
1011 * file[/var/opt/gitlab/gitlab-rails/etc/relative_url.rb] action delete (up to date)
1012 * env_dir[/opt/gitlab/etc/gitlab-rails/env] action create
1013 * directory[/opt/gitlab/etc/gitlab-rails/env] action create
1014 - create new directory /opt/gitlab/etc/gitlab-rails/env
1015 * file[/opt/gitlab/etc/gitlab-rails/env/HOME] action create
1016 - create new file /opt/gitlab/etc/gitlab-rails/env/HOME
1017 - update content in file /opt/gitlab/etc/gitlab-rails/env/HOME from none to 205bb9
1018 --- /opt/gitlab/etc/gitlab-rails/env/HOME 2018-10-06 21:51:22.355690322 +0000
1019 +++ /opt/gitlab/etc/gitlab-rails/env/.chef-HOME20181006-31-1a594b9 2018-10-06 21:51:22.355690322 +0000
1020 @@ -1 +1,2 @@
1021 +/var/opt/gitlab
1022 * file[/opt/gitlab/etc/gitlab-rails/env/RAILS_ENV] action create
1023 - create new file /opt/gitlab/etc/gitlab-rails/env/RAILS_ENV
1024 - update content in file /opt/gitlab/etc/gitlab-rails/env/RAILS_ENV from none to ab8e18
1025 --- /opt/gitlab/etc/gitlab-rails/env/RAILS_ENV 2018-10-06 21:51:22.360690362 +0000
1026 +++ /opt/gitlab/etc/gitlab-rails/env/.chef-RAILS_ENV20181006-31-2427h7 2018-10-06 21:51:22.358690346 +0000
1027 @@ -1 +1,2 @@
1028 +production
1029 * file[/opt/gitlab/etc/gitlab-rails/env/LD_PRELOAD] action create
1030 - create new file /opt/gitlab/etc/gitlab-rails/env/LD_PRELOAD
1031 - update content in file /opt/gitlab/etc/gitlab-rails/env/LD_PRELOAD from none to f79114
1032 --- /opt/gitlab/etc/gitlab-rails/env/LD_PRELOAD 2018-10-06 21:51:22.365690401 +0000
1033 +++ /opt/gitlab/etc/gitlab-rails/env/.chef-LD_PRELOAD20181006-31-1k7bcdv 2018-10-06 21:51:22.365690401 +0000
1034 @@ -1 +1,2 @@
1035 +/opt/gitlab/embedded/lib/libjemalloc.so
1036 * file[/opt/gitlab/etc/gitlab-rails/env/SIDEKIQ_MEMORY_KILLER_MAX_RSS] action create
1037 - create new file /opt/gitlab/etc/gitlab-rails/env/SIDEKIQ_MEMORY_KILLER_MAX_RSS
1038 - update content in file /opt/gitlab/etc/gitlab-rails/env/SIDEKIQ_MEMORY_KILLER_MAX_RSS from none to dd80d7
1039 --- /opt/gitlab/etc/gitlab-rails/env/SIDEKIQ_MEMORY_KILLER_MAX_RSS 2018-10-06 21:51:22.372690456 +0000
1040 +++ /opt/gitlab/etc/gitlab-rails/env/.chef-SIDEKIQ_MEMORY_KILLER_MAX_RSS20181006-31-yyfmsc 2018-10-06 21:51:22.370690440 +0000
1041 @@ -1 +1,2 @@
1042 +2000000
1043 * file[/opt/gitlab/etc/gitlab-rails/env/BUNDLE_GEMFILE] action create
1044 - create new file /opt/gitlab/etc/gitlab-rails/env/BUNDLE_GEMFILE
1045 - update content in file /opt/gitlab/etc/gitlab-rails/env/BUNDLE_GEMFILE from none to 28d586
1046 --- /opt/gitlab/etc/gitlab-rails/env/BUNDLE_GEMFILE 2018-10-06 21:51:22.377690495 +0000
1047 +++ /opt/gitlab/etc/gitlab-rails/env/.chef-BUNDLE_GEMFILE20181006-31-1dumw1a 2018-10-06 21:51:22.377690495 +0000
1048 @@ -1 +1,2 @@
1049 +/opt/gitlab/embedded/service/gitlab-rails/Gemfile
1050 * file[/opt/gitlab/etc/gitlab-rails/env/PATH] action create
1051 - create new file /opt/gitlab/etc/gitlab-rails/env/PATH
1052 - update content in file /opt/gitlab/etc/gitlab-rails/env/PATH from none to d5dc07
1053 --- /opt/gitlab/etc/gitlab-rails/env/PATH 2018-10-06 21:51:22.382690535 +0000
1054 +++ /opt/gitlab/etc/gitlab-rails/env/.chef-PATH20181006-31-1rxtiz4 2018-10-06 21:51:22.382690535 +0000
1055 @@ -1 +1,2 @@
1056 +/opt/gitlab/bin:/opt/gitlab/embedded/bin:/bin:/usr/bin
1057 * file[/opt/gitlab/etc/gitlab-rails/env/ICU_DATA] action create
1058 - create new file /opt/gitlab/etc/gitlab-rails/env/ICU_DATA
1059 - update content in file /opt/gitlab/etc/gitlab-rails/env/ICU_DATA from none to a04260
1060 --- /opt/gitlab/etc/gitlab-rails/env/ICU_DATA 2018-10-06 21:51:22.389690590 +0000
1061 +++ /opt/gitlab/etc/gitlab-rails/env/.chef-ICU_DATA20181006-31-1maes12 2018-10-06 21:51:22.389690590 +0000
1062 @@ -1 +1,2 @@
1063 +/opt/gitlab/embedded/share/icu/current
1064 * file[/opt/gitlab/etc/gitlab-rails/env/PYTHONPATH] action create
1065 - create new file /opt/gitlab/etc/gitlab-rails/env/PYTHONPATH
1066 - update content in file /opt/gitlab/etc/gitlab-rails/env/PYTHONPATH from none to 990cc2
1067 --- /opt/gitlab/etc/gitlab-rails/env/PYTHONPATH 2018-10-06 21:51:22.393690621 +0000
1068 +++ /opt/gitlab/etc/gitlab-rails/env/.chef-PYTHONPATH20181006-31-1fzbfnk 2018-10-06 21:51:22.393690621 +0000
1069 @@ -1 +1,2 @@
1070 +/opt/gitlab/embedded/lib/python3.4/site-packages
1071 * file[/opt/gitlab/etc/gitlab-rails/env/EXECJS_RUNTIME] action create
1072 - create new file /opt/gitlab/etc/gitlab-rails/env/EXECJS_RUNTIME
1073 - update content in file /opt/gitlab/etc/gitlab-rails/env/EXECJS_RUNTIME from none to 75081b
1074 --- /opt/gitlab/etc/gitlab-rails/env/EXECJS_RUNTIME 2018-10-06 21:51:22.401690684 +0000
1075 +++ /opt/gitlab/etc/gitlab-rails/env/.chef-EXECJS_RUNTIME20181006-31-orrzg4 2018-10-06 21:51:22.401690684 +0000
1076 @@ -1 +1,2 @@
1077 +Disabled
1078 * file[/opt/gitlab/etc/gitlab-rails/env/TZ] action create
1079 - create new file /opt/gitlab/etc/gitlab-rails/env/TZ
1080 - update content in file /opt/gitlab/etc/gitlab-rails/env/TZ from none to 983a95
1081 --- /opt/gitlab/etc/gitlab-rails/env/TZ 2018-10-06 21:51:22.408690739 +0000
1082 +++ /opt/gitlab/etc/gitlab-rails/env/.chef-TZ20181006-31-hb3cyg 2018-10-06 21:51:22.408690739 +0000
1083 @@ -1 +1,2 @@
1084 +:/etc/localtime
1085
1086 * link[/opt/gitlab/embedded/service/gitlab-rails/tmp] action create
1087 - create symlink at /opt/gitlab/embedded/service/gitlab-rails/tmp to /var/opt/gitlab/gitlab-rails/tmp
1088 * link[/opt/gitlab/embedded/service/gitlab-rails/public/uploads] action create
1089 - create symlink at /opt/gitlab/embedded/service/gitlab-rails/public/uploads to /var/opt/gitlab/gitlab-rails/uploads
1090 * link[/opt/gitlab/embedded/service/gitlab-rails/log] action create
1091 - create symlink at /opt/gitlab/embedded/service/gitlab-rails/log to /var/log/gitlab/gitlab-rails
1092 * link[/var/log/gitlab/gitlab-rails/sidekiq.log] action create
1093 - create symlink at /var/log/gitlab/gitlab-rails/sidekiq.log to /var/log/gitlab/sidekiq/current
1094 * file[/opt/gitlab/embedded/service/gitlab-rails/db/schema.rb] action create
1095 - change owner from 'root' to 'git'
1096 * remote_file[/var/opt/gitlab/gitlab-rails/VERSION] action create
1097 - create new file /var/opt/gitlab/gitlab-rails/VERSION
1098 - update content in file /var/opt/gitlab/gitlab-rails/VERSION from none to a54fd8
1099 --- /var/opt/gitlab/gitlab-rails/VERSION 2018-10-06 21:51:23.621700272 +0000
1100 +++ /var/opt/gitlab/gitlab-rails/.chef-VERSION20181006-31-gsm4vm 2018-10-06 21:51:23.619700256 +0000
1101 @@ -1 +1,2 @@
1102 +11.3.4
1103 * remote_file[/var/opt/gitlab/gitlab-rails/REVISION] action create
1104 - create new file /var/opt/gitlab/gitlab-rails/REVISION
1105 - update content in file /var/opt/gitlab/gitlab-rails/REVISION from none to cff267
1106 --- /var/opt/gitlab/gitlab-rails/REVISION 2018-10-06 21:51:23.628700327 +0000
1107 +++ /var/opt/gitlab/gitlab-rails/.chef-REVISION20181006-31-1ykfsoq 2018-10-06 21:51:23.628700327 +0000
1108 @@ -1 +1,2 @@
1109 +30f019d
1110 * file[/var/opt/gitlab/gitlab-rails/RUBY_VERSION] action create
1111 - create new file /var/opt/gitlab/gitlab-rails/RUBY_VERSION
1112 - update content in file /var/opt/gitlab/gitlab-rails/RUBY_VERSION from none to 7c50cf
1113 --- /var/opt/gitlab/gitlab-rails/RUBY_VERSION 2018-10-06 21:51:23.632700359 +0000
1114 +++ /var/opt/gitlab/gitlab-rails/.chef-RUBY_VERSION20181006-31-57ojhp 2018-10-06 21:51:23.632700359 +0000
1115 @@ -1 +1,2 @@
1116 +ruby 2.4.4p296 (2018-03-28 revision 63013) [x86_64-linux]
1117 * execute[chown -R root:root /opt/gitlab/embedded/service/gitlab-rails/public] action run
1118 - execute chown -R root:root /opt/gitlab/embedded/service/gitlab-rails/public
1119 * execute[clear the gitlab-rails cache] action nothing (skipped due to action :nothing)
1120 * file[/var/opt/gitlab/gitlab-rails/config.ru] action delete (up to date)
1121Recipe: gitlab::add_trusted_certs
1122 * directory[/etc/gitlab/trusted-certs] action create
1123 - create new directory /etc/gitlab/trusted-certs
1124 - change mode from '' to '0755'
1125 * directory[/opt/gitlab/embedded/ssl/certs] action create (up to date)
1126 * file[/opt/gitlab/embedded/ssl/certs/README] action create
1127 - create new file /opt/gitlab/embedded/ssl/certs/README
1128 - update content in file /opt/gitlab/embedded/ssl/certs/README from none to 623059
1129 --- /opt/gitlab/embedded/ssl/certs/README 2018-10-06 22:07:12.328454003 +0000
1130 +++ /opt/gitlab/embedded/ssl/certs/.chef-README20181006-31-88oku0 2018-10-06 22:07:12.328454003 +0000
1131 @@ -1 +1,4 @@
1132 +This directory is managed by omnibus-gitlab.
1133 + Any file placed in this directory will be ignored
1134 +. Place certificates in /etc/gitlab/trusted-certs.
1135 - change mode from '' to '0644'
1136 * ruby_block[Move existing certs and link to /opt/gitlab/embedded/ssl/certs] action run
1137
1138 * Moving existing certificates found in /opt/gitlab/embedded/ssl/certs
1139
1140 * Symlinking existing certificates found in /etc/gitlab/trusted-certs
1141
1142 - execute the ruby block Move existing certs and link to /opt/gitlab/embedded/ssl/certs
1143Recipe: gitlab::default
1144 * service[create a temporary unicorn service] action nothing (skipped due to action :nothing)
1145 * service[create a temporary sidekiq service] action nothing (skipped due to action :nothing)
1146 * service[create a temporary mailroom service] action nothing (skipped due to action :nothing)
1147Recipe: gitlab::redis
1148 * account[user and group for redis] action create (up to date)
1149 * group[Socket group] action create (up to date)
1150 * directory[/var/opt/gitlab/redis] action create
1151 - change mode from '0755' to '0750'
1152 - change group from 'gitlab-redis' to 'git'
1153 * directory[/var/log/gitlab/redis] action create
1154 - create new directory /var/log/gitlab/redis
1155 - change mode from '' to '0700'
1156 - change owner from '' to 'gitlab-redis'
1157 * template[/var/opt/gitlab/redis/redis.conf] action create
1158 - create new file /var/opt/gitlab/redis/redis.conf
1159 - update content in file /var/opt/gitlab/redis/redis.conf from none to 46b4a3
1160 --- /var/opt/gitlab/redis/redis.conf 2018-10-06 22:07:12.677456346 +0000
1161 +++ /var/opt/gitlab/redis/.chef-redis20181006-31-81bx6j.conf 2018-10-06 22:07:12.677456346 +0000
1162 @@ -1 +1,1062 @@
1163 +# This file is managed by gitlab-ctl. Manual changes will be
1164 +# erased! To change the contents below, edit /etc/gitlab/gitlab.rb
1165 +# and run `sudo gitlab-ctl reconfigure`.
1166 +
1167 +# Redis configuration file example.
1168 +#
1169 +# Note that in order to read the configuration file, Redis must be
1170 +# started with the file path as first argument:
1171 +#
1172 +# ./redis-server /path/to/redis.conf
1173 +
1174 +# Note on units: when memory size is needed, it is possible to specify
1175 +# it in the usual form of 1k 5GB 4M and so forth:
1176 +#
1177 +# 1k => 1000 bytes
1178 +# 1kb => 1024 bytes
1179 +# 1m => 1000000 bytes
1180 +# 1mb => 1024*1024 bytes
1181 +# 1g => 1000000000 bytes
1182 +# 1gb => 1024*1024*1024 bytes
1183 +#
1184 +# units are case insensitive so 1GB 1Gb 1gB are all the same.
1185 +
1186 +################################## INCLUDES ###################################
1187 +
1188 +# Include one or more other config files here. This is useful if you
1189 +# have a standard template that goes to all Redis servers but also need
1190 +# to customize a few per-server settings. Include files can include
1191 +# other files, so use this wisely.
1192 +#
1193 +# Notice option "include" won't be rewritten by command "CONFIG REWRITE"
1194 +# from admin or Redis Sentinel. Since Redis always uses the last processed
1195 +# line as value of a configuration directive, you'd better put includes
1196 +# at the beginning of this file to avoid overwriting config change at runtime.
1197 +#
1198 +# If instead you are interested in using includes to override configuration
1199 +# options, it is better to use include as the last line.
1200 +#
1201 +# include /path/to/local.conf
1202 +# include /path/to/other.conf
1203 +
1204 +################################## NETWORK #####################################
1205 +
1206 +# By default, if no "bind" configuration directive is specified, Redis listens
1207 +# for connections from all the network interfaces available on the server.
1208 +# It is possible to listen to just one or multiple selected interfaces using
1209 +# the "bind" configuration directive, followed by one or more IP addresses.
1210 +#
1211 +# Examples:
1212 +#
1213 +# bind 192.168.1.100 10.0.0.1
1214 +# bind 127.0.0.1 ::1
1215 +#
1216 +# ~~~ WARNING ~~~ If the computer running Redis is directly exposed to the
1217 +# internet, binding to all the interfaces is dangerous and will expose the
1218 +# instance to everybody on the internet. So by default we uncomment the
1219 +# following bind directive, that will force Redis to listen only into
1220 +# the IPv4 lookback interface address (this means Redis will be able to
1221 +# accept connections only from clients running into the same computer it
1222 +# is running).
1223 +#
1224 +# IF YOU ARE SURE YOU WANT YOUR INSTANCE TO LISTEN TO ALL THE INTERFACES
1225 +# JUST COMMENT THE FOLLOWING LINE.
1226 +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1227 +bind 127.0.0.1
1228 +
1229 +# Protected mode is a layer of security protection, in order to avoid that
1230 +# Redis instances left open on the internet are accessed and exploited.
1231 +#
1232 +# When protected mode is on and if:
1233 +#
1234 +# 1) The server is not binding explicitly to a set of addresses using the
1235 +# "bind" directive.
1236 +# 2) No password is configured.
1237 +#
1238 +# The server only accepts connections from clients connecting from the
1239 +# IPv4 and IPv6 loopback addresses 127.0.0.1 and ::1, and from Unix domain
1240 +# sockets.
1241 +#
1242 +# By default protected mode is enabled. You should disable it only if
1243 +# you are sure you want clients from other hosts to connect to Redis
1244 +# even if no authentication is configured, nor a specific set of interfaces
1245 +# are explicitly listed using the "bind" directive.
1246 +# protected-mode yes
1247 +
1248 +# Accept connections on the specified port, default is 6379 (IANA #815344).
1249 +# If port 0 is specified Redis will not listen on a TCP socket.
1250 +port 0
1251 +
1252 +# TCP listen() backlog.
1253 +#
1254 +# In high requests-per-second environments you need an high backlog in order
1255 +# to avoid slow clients connections issues. Note that the Linux kernel
1256 +# will silently truncate it to the value of /proc/sys/net/core/somaxconn so
1257 +# make sure to raise both the value of somaxconn and tcp_max_syn_backlog
1258 +# in order to get the desired effect.
1259 +tcp-backlog 511
1260 +
1261 +# Unix socket.
1262 +#
1263 +# Specify the path for the Unix socket that will be used to listen for
1264 +# incoming connections. There is no default, so Redis will not listen
1265 +# on a unix socket when not specified.
1266 +#
1267 +unixsocket /var/opt/gitlab/redis/redis.socket
1268 +unixsocketperm 777
1269 +
1270 +# Close the connection after a client is idle for N seconds (0 to disable)
1271 +timeout 60
1272 +
1273 +# TCP keepalive.
1274 +#
1275 +# If non-zero, use SO_KEEPALIVE to send TCP ACKs to clients in absence
1276 +# of communication. This is useful for two reasons:
1277 +#
1278 +# 1) Detect dead peers.
1279 +# 2) Take the connection alive from the point of view of network
1280 +# equipment in the middle.
1281 +#
1282 +# On Linux, the specified value (in seconds) is the period used to send ACKs.
1283 +# Note that to close the connection the double of the time is needed.
1284 +# On other kernels the period depends on the kernel configuration.
1285 +#
1286 +# A reasonable value for this option is 300 seconds, which is the new
1287 +# Redis default starting with Redis 3.2.1.
1288 +tcp-keepalive 300
1289 +
1290 +################################# GENERAL #####################################
1291 +
1292 +# By default Redis does not run as a daemon. Use 'yes' if you need it.
1293 +# Note that Redis will write a pid file in /var/run/redis.pid when daemonized.
1294 +daemonize no
1295 +
1296 +# If you run Redis from upstart or systemd, Redis can interact with your
1297 +# supervision tree. Options:
1298 +# supervised no - no supervision interaction
1299 +# supervised upstart - signal upstart by putting Redis into SIGSTOP mode
1300 +# supervised systemd - signal systemd by writing READY=1 to $NOTIFY_SOCKET
1301 +# supervised auto - detect upstart or systemd method based on
1302 +# UPSTART_JOB or NOTIFY_SOCKET environment variables
1303 +# Note: these supervision methods only signal "process is ready."
1304 +# They do not enable continuous liveness pings back to your supervisor.
1305 +# supervised no
1306 +
1307 +# If a pid file is specified, Redis writes it where specified at startup
1308 +# and removes it at exit.
1309 +#
1310 +# When the server runs non daemonized, no pid file is created if none is
1311 +# specified in the configuration. When the server is daemonized, the pid file
1312 +# is used even if not specified, defaulting to "/var/run/redis.pid".
1313 +#
1314 +# Creating a pid file is best effort: if Redis is not able to create it
1315 +# nothing bad happens, the server will start and run normally.
1316 +pidfile "/var/run/redis_0.pid"
1317 +
1318 +# Specify the server verbosity level.
1319 +# This can be one of:
1320 +# debug (a lot of information, useful for development/testing)
1321 +# verbose (many rarely useful info, but not a mess like the debug level)
1322 +# notice (moderately verbose, what you want in production probably)
1323 +# warning (only very important / critical messages are logged)
1324 +loglevel notice
1325 +
1326 +# Specify the log file name. Also the empty string can be used to force
1327 +# Redis to log on the standard output. Note that if you use standard
1328 +# output for logging but daemonize, logs will be sent to /dev/null
1329 +logfile ""
1330 +
1331 +# To enable logging to the system logger, just set 'syslog-enabled' to yes,
1332 +# and optionally update the other syslog parameters to suit your needs.
1333 +# syslog-enabled no
1334 +
1335 +# Specify the syslog identity.
1336 +# syslog-ident redis
1337 +
1338 +# Specify the syslog facility. Must be USER or between LOCAL0-LOCAL7.
1339 +# syslog-facility local0
1340 +
1341 +# Set the number of databases. The default database is DB 0, you can select
1342 +# a different one on a per-connection basis using SELECT <dbid> where
1343 +# dbid is a number between 0 and 'databases'-1
1344 +databases 16
1345 +
1346 +################################ SNAPSHOTTING ################################
1347 +#
1348 +# Save the DB on disk:
1349 +#
1350 +# save <seconds> <changes>
1351 +#
1352 +# Will save the DB if both the given number of seconds and the given
1353 +# number of write operations against the DB occurred.
1354 +#
1355 +# In the example below the behaviour will be to save:
1356 +# after 900 sec (15 min) if at least 1 key changed
1357 +# after 300 sec (5 min) if at least 10 keys changed
1358 +# after 60 sec if at least 10000 keys changed
1359 +#
1360 +# Note: you can disable saving completely by commenting out all "save" lines.
1361 +#
1362 +# It is also possible to remove all the previously configured save
1363 +# points by adding a save directive with a single empty string argument
1364 +# like in the following example:
1365 +#
1366 +# save ""
1367 +
1368 +save 900 1
1369 +save 300 10
1370 +save 60 10000
1371 +
1372 +# By default Redis will stop accepting writes if RDB snapshots are enabled
1373 +# (at least one save point) and the latest background save failed.
1374 +# This will make the user aware (in a hard way) that data is not persisting
1375 +# on disk properly, otherwise chances are that no one will notice and some
1376 +# disaster will happen.
1377 +#
1378 +# If the background saving process will start working again Redis will
1379 +# automatically allow writes again.
1380 +#
1381 +# However if you have setup your proper monitoring of the Redis server
1382 +# and persistence, you may want to disable this feature so that Redis will
1383 +# continue to work as usual even if there are problems with disk,
1384 +# permissions, and so forth.
1385 +stop-writes-on-bgsave-error yes
1386 +
1387 +# Compress string objects using LZF when dump .rdb databases?
1388 +# For default that's set to 'yes' as it's almost always a win.
1389 +# If you want to save some CPU in the saving child set it to 'no' but
1390 +# the dataset will likely be bigger if you have compressible values or keys.
1391 +rdbcompression yes
1392 +
1393 +# Since version 5 of RDB a CRC64 checksum is placed at the end of the file.
1394 +# This makes the format more resistant to corruption but there is a performance
1395 +# hit to pay (around 10%) when saving and loading RDB files, so you can disable it
1396 +# for maximum performances.
1397 +#
1398 +# RDB files created with checksum disabled have a checksum of zero that will
1399 +# tell the loading code to skip the check.
1400 +rdbchecksum yes
1401 +
1402 +# The filename where to dump the DB
1403 +dbfilename "dump.rdb"
1404 +
1405 +# The working directory.
1406 +#
1407 +# The DB will be written inside this directory, with the filename specified
1408 +# above using the 'dbfilename' configuration directive.
1409 +#
1410 +# The Append Only File will also be created inside this directory.
1411 +#
1412 +# Note that you must specify a directory here, not a file name.
1413 +dir "/var/opt/gitlab/redis"
1414 +
1415 +################################# REPLICATION #################################
1416 +
1417 +# Master-Slave replication. Use slaveof to make a Redis instance a copy of
1418 +# another Redis server. A few things to understand ASAP about Redis replication.
1419 +#
1420 +# 1) Redis replication is asynchronous, but you can configure a master to
1421 +# stop accepting writes if it appears to be not connected with at least
1422 +# a given number of slaves.
1423 +# 2) Redis slaves are able to perform a partial resynchronization with the
1424 +# master if the replication link is lost for a relatively small amount of
1425 +# time. You may want to configure the replication backlog size (see the next
1426 +# sections of this file) with a sensible value depending on your needs.
1427 +# 3) Replication is automatic and does not need user intervention. After a
1428 +# network partition slaves automatically try to reconnect to masters
1429 +# and resynchronize with them.
1430 +#
1431 +# slaveof <masterip> <masterport>
1432 +
1433 +
1434 +# If the master is password protected (using the "requirepass" configuration
1435 +# directive below) it is possible to tell the slave to authenticate before
1436 +# starting the replication synchronization process, otherwise the master will
1437 +# refuse the slave request.
1438 +#
1439 +# masterauth <master-password>
1440 +
1441 +
1442 +# When a slave loses its connection with the master, or when the replication
1443 +# is still in progress, the slave can act in two different ways:
1444 +#
1445 +# 1) if slave-serve-stale-data is set to 'yes' (the default) the slave will
1446 +# still reply to client requests, possibly with out of date data, or the
1447 +# data set may just be empty if this is the first synchronization.
1448 +#
1449 +# 2) if slave-serve-stale-data is set to 'no' the slave will reply with
1450 +# an error "SYNC with master in progress" to all the kind of commands
1451 +# but to INFO and SLAVEOF.
1452 +#
1453 +slave-serve-stale-data yes
1454 +
1455 +# You can configure a slave instance to accept writes or not. Writing against
1456 +# a slave instance may be useful to store some ephemeral data (because data
1457 +# written on a slave will be easily deleted after resync with the master) but
1458 +# may also cause problems if clients are writing to it because of a
1459 +# misconfiguration.
1460 +#
1461 +# Since Redis 2.6 by default slaves are read-only.
1462 +#
1463 +# Note: read only slaves are not designed to be exposed to untrusted clients
1464 +# on the internet. It's just a protection layer against misuse of the instance.
1465 +# Still a read only slave exports by default all the administrative commands
1466 +# such as CONFIG, DEBUG, and so forth. To a limited extent you can improve
1467 +# security of read only slaves using 'rename-command' to shadow all the
1468 +# administrative / dangerous commands.
1469 +slave-read-only yes
1470 +
1471 +# Replication SYNC strategy: disk or socket.
1472 +#
1473 +# -------------------------------------------------------
1474 +# WARNING: DISKLESS REPLICATION IS EXPERIMENTAL CURRENTLY
1475 +# -------------------------------------------------------
1476 +#
1477 +# New slaves and reconnecting slaves that are not able to continue the replication
1478 +# process just receiving differences, need to do what is called a "full
1479 +# synchronization". An RDB file is transmitted from the master to the slaves.
1480 +# The transmission can happen in two different ways:
1481 +#
1482 +# 1) Disk-backed: The Redis master creates a new process that writes the RDB
1483 +# file on disk. Later the file is transferred by the parent
1484 +# process to the slaves incrementally.
1485 +# 2) Diskless: The Redis master creates a new process that directly writes the
1486 +# RDB file to slave sockets, without touching the disk at all.
1487 +#
1488 +# With disk-backed replication, while the RDB file is generated, more slaves
1489 +# can be queued and served with the RDB file as soon as the current child producing
1490 +# the RDB file finishes its work. With diskless replication instead once
1491 +# the transfer starts, new slaves arriving will be queued and a new transfer
1492 +# will start when the current one terminates.
1493 +#
1494 +# When diskless replication is used, the master waits a configurable amount of
1495 +# time (in seconds) before starting the transfer in the hope that multiple slaves
1496 +# will arrive and the transfer can be parallelized.
1497 +#
1498 +# With slow disks and fast (large bandwidth) networks, diskless replication
1499 +# works better.
1500 +# repl-diskless-sync no
1501 +
1502 +# When diskless replication is enabled, it is possible to configure the delay
1503 +# the server waits in order to spawn the child that transfers the RDB via socket
1504 +# to the slaves.
1505 +#
1506 +# This is important since once the transfer starts, it is not possible to serve
1507 +# new slaves arriving, that will be queued for the next RDB transfer, so the server
1508 +# waits a delay in order to let more slaves arrive.
1509 +#
1510 +# The delay is specified in seconds, and by default is 5 seconds. To disable
1511 +# it entirely just set it to 0 seconds and the transfer will start ASAP.
1512 +# repl-diskless-sync-delay 5
1513 +
1514 +# Slaves send PINGs to server in a predefined interval. It's possible to change
1515 +# this interval with the repl_ping_slave_period option. The default value is 10
1516 +# seconds.
1517 +#
1518 +# repl-ping-slave-period 10
1519 +
1520 +# The following option sets the replication timeout for:
1521 +#
1522 +# 1) Bulk transfer I/O during SYNC, from the point of view of slave.
1523 +# 2) Master timeout from the point of view of slaves (data, pings).
1524 +# 3) Slave timeout from the point of view of masters (REPLCONF ACK pings).
1525 +#
1526 +# It is important to make sure that this value is greater than the value
1527 +# specified for repl-ping-slave-period otherwise a timeout will be detected
1528 +# every time there is low traffic between the master and the slave.
1529 +#
1530 +# repl-timeout 60
1531 +
1532 +# Disable TCP_NODELAY on the slave socket after SYNC?
1533 +#
1534 +# If you select "yes" Redis will use a smaller number of TCP packets and
1535 +# less bandwidth to send data to slaves. But this can add a delay for
1536 +# the data to appear on the slave side, up to 40 milliseconds with
1537 +# Linux kernels using a default configuration.
1538 +#
1539 +# If you select "no" the delay for data to appear on the slave side will
1540 +# be reduced but more bandwidth will be used for replication.
1541 +#
1542 +# By default we optimize for low latency, but in very high traffic conditions
1543 +# or when the master and slaves are many hops away, turning this to "yes" may
1544 +# be a good idea.
1545 +repl-disable-tcp-nodelay no
1546 +
1547 +# Set the replication backlog size. The backlog is a buffer that accumulates
1548 +# slave data when slaves are disconnected for some time, so that when a slave
1549 +# wants to reconnect again, often a full resync is not needed, but a partial
1550 +# resync is enough, just passing the portion of data the slave missed while
1551 +# disconnected.
1552 +#
1553 +# The bigger the replication backlog, the longer the time the slave can be
1554 +# disconnected and later be able to perform a partial resynchronization.
1555 +#
1556 +# The backlog is only allocated once there is at least a slave connected.
1557 +#
1558 +# repl-backlog-size 1mb
1559 +
1560 +# After a master has no longer connected slaves for some time, the backlog
1561 +# will be freed. The following option configures the amount of seconds that
1562 +# need to elapse, starting from the time the last slave disconnected, for
1563 +# the backlog buffer to be freed.
1564 +#
1565 +# A value of 0 means to never release the backlog.
1566 +#
1567 +# repl-backlog-ttl 3600
1568 +
1569 +# The slave priority is an integer number published by Redis in the INFO output.
1570 +# It is used by Redis Sentinel in order to select a slave to promote into a
1571 +# master if the master is no longer working correctly.
1572 +#
1573 +# A slave with a low priority number is considered better for promotion, so
1574 +# for instance if there are three slaves with priority 10, 100, 25 Sentinel will
1575 +# pick the one with priority 10, that is the lowest.
1576 +#
1577 +# However a special priority of 0 marks the slave as not able to perform the
1578 +# role of master, so a slave with priority of 0 will never be selected by
1579 +# Redis Sentinel for promotion.
1580 +#
1581 +# By default the priority is 100.
1582 +slave-priority 100
1583 +
1584 +# It is possible for a master to stop accepting writes if there are less than
1585 +# N slaves connected, having a lag less or equal than M seconds.
1586 +#
1587 +# The N slaves need to be in "online" state.
1588 +#
1589 +# The lag in seconds, that must be <= the specified value, is calculated from
1590 +# the last ping received from the slave, that is usually sent every second.
1591 +#
1592 +# This option does not GUARANTEE that N replicas will accept the write, but
1593 +# will limit the window of exposure for lost writes in case not enough slaves
1594 +# are available, to the specified number of seconds.
1595 +#
1596 +# For example to require at least 3 slaves with a lag <= 10 seconds use:
1597 +#
1598 +# min-slaves-to-write 3
1599 +# min-slaves-max-lag 10
1600 +#
1601 +# Setting one or the other to 0 disables the feature.
1602 +#
1603 +# By default min-slaves-to-write is set to 0 (feature disabled) and
1604 +# min-slaves-max-lag is set to 10.
1605 +
1606 +# A Redis master is able to list the address and port of the attached
1607 +# slaves in different ways. For example the "INFO replication" section
1608 +# offers this information, which is used, among other tools, by
1609 +# Redis Sentinel in order to discover slave instances.
1610 +# Another place where this info is available is in the output of the
1611 +# "ROLE" command of a masteer.
1612 +#
1613 +# The listed IP and address normally reported by a slave is obtained
1614 +# in the following way:
1615 +#
1616 +# IP: The address is auto detected by checking the peer address
1617 +# of the socket used by the slave to connect with the master.
1618 +#
1619 +# Port: The port is communicated by the slave during the replication
1620 +# handshake, and is normally the port that the slave is using to
1621 +# list for connections.
1622 +#
1623 +# However when port forwarding or Network Address Translation (NAT) is
1624 +# used, the slave may be actually reachable via different IP and port
1625 +# pairs. The following two options can be used by a slave in order to
1626 +# report to its master a specific set of IP and port, so that both INFO
1627 +# and ROLE will report those values.
1628 +#
1629 +# There is no need to use both the options if you need to override just
1630 +# the port or the IP address.
1631 +#
1632 +
1633 +
1634 +
1635 +################################## SECURITY ###################################
1636 +
1637 +# Require clients to issue AUTH <PASSWORD> before processing any other
1638 +# commands. This might be useful in environments in which you do not trust
1639 +# others with access to the host running redis-server.
1640 +#
1641 +# This should stay commented out for backward compatibility and because most
1642 +# people do not need auth (e.g. they run their own servers).
1643 +#
1644 +# Warning: since Redis is pretty fast an outside user can try up to
1645 +# 150k passwords per second against a good box. This means that you should
1646 +# use a very strong password otherwise it will be very easy to break.
1647 +#
1648 +
1649 +
1650 +# Command renaming.
1651 +#
1652 +# It is possible to change the name of dangerous commands in a shared
1653 +# environment. For instance the CONFIG command may be renamed into something
1654 +# hard to guess so that it will still be available for internal-use tools
1655 +# but not available for general clients.
1656 +#
1657 +# Example:
1658 +#
1659 +# rename-command CONFIG b840fc02d524045429941cc15f59e41cb7be6c52
1660 +#
1661 +# It is also possible to completely kill a command by renaming it into
1662 +# an empty string:
1663 +#
1664 +# rename-command CONFIG ""
1665 +#
1666 +# Please note that changing the name of commands that are logged into the
1667 +# AOF file or transmitted to slaves may cause problems.
1668 +
1669 +################################### LIMITS ####################################
1670 +
1671 +# Set the max number of connected clients at the same time. By default
1672 +# this limit is set to 10000 clients, however if the Redis server is not
1673 +# able to configure the process file limit to allow for the specified limit
1674 +# the max number of allowed clients is set to the current file limit
1675 +# minus 32 (as Redis reserves a few file descriptors for internal uses).
1676 +#
1677 +# Once the limit is reached Redis will close all the new connections sending
1678 +# an error 'max number of clients reached'.
1679 +#
1680 +maxclients 10000
1681 +
1682 +# Don't use more memory than the specified amount of bytes.
1683 +# When the memory limit is reached Redis will try to remove keys
1684 +# according to the eviction policy selected (see maxmemory-policy).
1685 +#
1686 +# If Redis can't remove keys according to the policy, or if the policy is
1687 +# set to 'noeviction', Redis will start to reply with errors to commands
1688 +# that would use more memory, like SET, LPUSH, and so on, and will continue
1689 +# to reply to read-only commands like GET.
1690 +#
1691 +# This option is usually useful when using Redis as an LRU cache, or to set
1692 +# a hard memory limit for an instance (using the 'noeviction' policy).
1693 +#
1694 +# WARNING: If you have slaves attached to an instance with maxmemory on,
1695 +# the size of the output buffers needed to feed the slaves are subtracted
1696 +# from the used memory count, so that network problems / resyncs will
1697 +# not trigger a loop where keys are evicted, and in turn the output
1698 +# buffer of slaves is full with DELs of keys evicted triggering the deletion
1699 +# of more keys, and so forth until the database is completely emptied.
1700 +#
1701 +# In short... if you have slaves attached it is suggested that you set a lower
1702 +# limit for maxmemory so that there is some free RAM on the system for slave
1703 +# output buffers (but this is not needed if the policy is 'noeviction').
1704 +#
1705 +# maxmemory <bytes>
1706 +maxmemory 0
1707 +
1708 +# MAXMEMORY POLICY: how Redis will select what to remove when maxmemory
1709 +# is reached. You can select among five behaviors:
1710 +#
1711 +# volatile-lru -> remove the key with an expire set using an LRU algorithm
1712 +# allkeys-lru -> remove any key according to the LRU algorithm
1713 +# volatile-random -> remove a random key with an expire set
1714 +# allkeys-random -> remove a random key, any key
1715 +# volatile-ttl -> remove the key with the nearest expire time (minor TTL)
1716 +# noeviction -> don't expire at all, just return an error on write operations
1717 +#
1718 +# Note: with any of the above policies, Redis will return an error on write
1719 +# operations, when there are no suitable keys for eviction.
1720 +#
1721 +# At the date of writing these commands are: set setnx setex append
1722 +# incr decr rpush lpush rpushx lpushx linsert lset rpoplpush sadd
1723 +# sinter sinterstore sunion sunionstore sdiff sdiffstore zadd zincrby
1724 +# zunionstore zinterstore hset hsetnx hmset hincrby incrby decrby
1725 +# getset mset msetnx exec sort
1726 +#
1727 +# The default is:
1728 +#
1729 +# maxmemory-policy noeviction
1730 +maxmemory-policy noeviction
1731 +
1732 +# LRU and minimal TTL algorithms are not precise algorithms but approximated
1733 +# algorithms (in order to save memory), so you can tune it for speed or
1734 +# accuracy. For default Redis will check five keys and pick the one that was
1735 +# used less recently, you can change the sample size using the following
1736 +# configuration directive.
1737 +#
1738 +# The default of 5 produces good enough results. 10 Approximates very closely
1739 +# true LRU but costs a bit more CPU. 3 is very fast but not very accurate.
1740 +#
1741 +# maxmemory-samples 5
1742 +maxmemory-samples 5
1743 +
1744 +############################## APPEND ONLY MODE ###############################
1745 +
1746 +# By default Redis asynchronously dumps the dataset on disk. This mode is
1747 +# good enough in many applications, but an issue with the Redis process or
1748 +# a power outage may result into a few minutes of writes lost (depending on
1749 +# the configured save points).
1750 +#
1751 +# The Append Only File is an alternative persistence mode that provides
1752 +# much better durability. For instance using the default data fsync policy
1753 +# (see later in the config file) Redis can lose just one second of writes in a
1754 +# dramatic event like a server power outage, or a single write if something
1755 +# wrong with the Redis process itself happens, but the operating system is
1756 +# still running correctly.
1757 +#
1758 +# AOF and RDB persistence can be enabled at the same time without problems.
1759 +# If the AOF is enabled on startup Redis will load the AOF, that is the file
1760 +# with the better durability guarantees.
1761 +#
1762 +# Please check http://redis.io/topics/persistence for more information.
1763 +
1764 +appendonly no
1765 +
1766 +# The name of the append only file (default: "appendonly.aof")
1767 +
1768 +# appendfilename "appendonly.aof"
1769 +
1770 +# The fsync() call tells the Operating System to actually write data on disk
1771 +# instead of waiting for more data in the output buffer. Some OS will really flush
1772 +# data on disk, some other OS will just try to do it ASAP.
1773 +#
1774 +# Redis supports three different modes:
1775 +#
1776 +# no: don't fsync, just let the OS flush the data when it wants. Faster.
1777 +# always: fsync after every write to the append only log. Slow, Safest.
1778 +# everysec: fsync only one time every second. Compromise.
1779 +#
1780 +# The default is "everysec", as that's usually the right compromise between
1781 +# speed and data safety. It's up to you to understand if you can relax this to
1782 +# "no" that will let the operating system flush the output buffer when
1783 +# it wants, for better performances (but if you can live with the idea of
1784 +# some data loss consider the default persistence mode that's snapshotting),
1785 +# or on the contrary, use "always" that's very slow but a bit safer than
1786 +# everysec.
1787 +#
1788 +# More details please check the following article:
1789 +# http://antirez.com/post/redis-persistence-demystified.html
1790 +#
1791 +# If unsure, use "everysec".
1792 +
1793 +# appendfsync always
1794 +appendfsync everysec
1795 +# appendfsync no
1796 +
1797 +# When the AOF fsync policy is set to always or everysec, and a background
1798 +# saving process (a background save or AOF log background rewriting) is
1799 +# performing a lot of I/O against the disk, in some Linux configurations
1800 +# Redis may block too long on the fsync() call. Note that there is no fix for
1801 +# this currently, as even performing fsync in a different thread will block
1802 +# our synchronous write(2) call.
1803 +#
1804 +# In order to mitigate this problem it's possible to use the following option
1805 +# that will prevent fsync() from being called in the main process while a
1806 +# BGSAVE or BGREWRITEAOF is in progress.
1807 +#
1808 +# This means that while another child is saving, the durability of Redis is
1809 +# the same as "appendfsync none". In practical terms, this means that it is
1810 +# possible to lose up to 30 seconds of log in the worst scenario (with the
1811 +# default Linux settings).
1812 +#
1813 +# If you have latency problems turn this to "yes". Otherwise leave it as
1814 +# "no" that is the safest pick from the point of view of durability.
1815 +
1816 +no-appendfsync-on-rewrite no
1817 +
1818 +# Automatic rewrite of the append only file.
1819 +# Redis is able to automatically rewrite the log file implicitly calling
1820 +# BGREWRITEAOF when the AOF log size grows by the specified percentage.
1821 +#
1822 +# This is how it works: Redis remembers the size of the AOF file after the
1823 +# latest rewrite (if no rewrite has happened since the restart, the size of
1824 +# the AOF at startup is used).
1825 +#
1826 +# This base size is compared to the current size. If the current size is
1827 +# bigger than the specified percentage, the rewrite is triggered. Also
1828 +# you need to specify a minimal size for the AOF file to be rewritten, this
1829 +# is useful to avoid rewriting the AOF file even if the percentage increase
1830 +# is reached but it is still pretty small.
1831 +#
1832 +# Specify a percentage of zero in order to disable the automatic AOF
1833 +# rewrite feature.
1834 +
1835 +auto-aof-rewrite-percentage 100
1836 +auto-aof-rewrite-min-size 64mb
1837 +
1838 +# An AOF file may be found to be truncated at the end during the Redis
1839 +# startup process, when the AOF data gets loaded back into memory.
1840 +# This may happen when the system where Redis is running
1841 +# crashes, especially when an ext4 filesystem is mounted without the
1842 +# data=ordered option (however this can't happen when Redis itself
1843 +# crashes or aborts but the operating system still works correctly).
1844 +#
1845 +# Redis can either exit with an error when this happens, or load as much
1846 +# data as possible (the default now) and start if the AOF file is found
1847 +# to be truncated at the end. The following option controls this behavior.
1848 +#
1849 +# If aof-load-truncated is set to yes, a truncated AOF file is loaded and
1850 +# the Redis server starts emitting a log to inform the user of the event.
1851 +# Otherwise if the option is set to no, the server aborts with an error
1852 +# and refuses to start. When the option is set to no, the user requires
1853 +# to fix the AOF file using the "redis-check-aof" utility before to restart
1854 +# the server.
1855 +#
1856 +# Note that if the AOF file will be found to be corrupted in the middle
1857 +# the server will still exit with an error. This option only applies when
1858 +# Redis will try to read more data from the AOF file but not enough bytes
1859 +# will be found.
1860 +# aof-load-truncated yes
1861 +
1862 +################################ LUA SCRIPTING ###############################
1863 +
1864 +# Max execution time of a Lua script in milliseconds.
1865 +#
1866 +# If the maximum execution time is reached Redis will log that a script is
1867 +# still in execution after the maximum allowed time and will start to
1868 +# reply to queries with an error.
1869 +#
1870 +# When a long running script exceeds the maximum execution time only the
1871 +# SCRIPT KILL and SHUTDOWN NOSAVE commands are available. The first can be
1872 +# used to stop a script that did not yet called write commands. The second
1873 +# is the only way to shut down the server in the case a write command was
1874 +# already issued by the script but the user doesn't want to wait for the natural
1875 +# termination of the script.
1876 +#
1877 +# Set it to 0 or a negative value for unlimited execution without warnings.
1878 +lua-time-limit 5000
1879 +
1880 +################################ REDIS CLUSTER ###############################
1881 +#
1882 +# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
1883 +# WARNING EXPERIMENTAL: Redis Cluster is considered to be stable code, however
1884 +# in order to mark it as "mature" we need to wait for a non trivial percentage
1885 +# of users to deploy it in production.
1886 +# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
1887 +#
1888 +# Normal Redis instances can't be part of a Redis Cluster; only nodes that are
1889 +# started as cluster nodes can. In order to start a Redis instance as a
1890 +# cluster node enable the cluster support uncommenting the following:
1891 +#
1892 +# cluster-enabled yes
1893 +
1894 +# Every cluster node has a cluster configuration file. This file is not
1895 +# intended to be edited by hand. It is created and updated by Redis nodes.
1896 +# Every Redis Cluster node requires a different cluster configuration file.
1897 +# Make sure that instances running in the same system do not have
1898 +# overlapping cluster configuration file names.
1899 +#
1900 +# cluster-config-file nodes-6379.conf
1901 +
1902 +# Cluster node timeout is the amount of milliseconds a node must be unreachable
1903 +# for it to be considered in failure state.
1904 +# Most other internal time limits are multiple of the node timeout.
1905 +#
1906 +# cluster-node-timeout 15000
1907 +
1908 +# A slave of a failing master will avoid to start a failover if its data
1909 +# looks too old.
1910 +#
1911 +# There is no simple way for a slave to actually have a exact measure of
1912 +# its "data age", so the following two checks are performed:
1913 +#
1914 +# 1) If there are multiple slaves able to failover, they exchange messages
1915 +# in order to try to give an advantage to the slave with the best
1916 +# replication offset (more data from the master processed).
1917 +# Slaves will try to get their rank by offset, and apply to the start
1918 +# of the failover a delay proportional to their rank.
1919 +#
1920 +# 2) Every single slave computes the time of the last interaction with
1921 +# its master. This can be the last ping or command received (if the master
1922 +# is still in the "connected" state), or the time that elapsed since the
1923 +# disconnection with the master (if the replication link is currently down).
1924 +# If the last interaction is too old, the slave will not try to failover
1925 +# at all.
1926 +#
1927 +# The point "2" can be tuned by user. Specifically a slave will not perform
1928 +# the failover if, since the last interaction with the master, the time
1929 +# elapsed is greater than:
1930 +#
1931 +# (node-timeout * slave-validity-factor) + repl-ping-slave-period
1932 +#
1933 +# So for example if node-timeout is 30 seconds, and the slave-validity-factor
1934 +# is 10, and assuming a default repl-ping-slave-period of 10 seconds, the
1935 +# slave will not try to failover if it was not able to talk with the master
1936 +# for longer than 310 seconds.
1937 +#
1938 +# A large slave-validity-factor may allow slaves with too old data to failover
1939 +# a master, while a too small value may prevent the cluster from being able to
1940 +# elect a slave at all.
1941 +#
1942 +# For maximum availability, it is possible to set the slave-validity-factor
1943 +# to a value of 0, which means, that slaves will always try to failover the
1944 +# master regardless of the last time they interacted with the master.
1945 +# (However they'll always try to apply a delay proportional to their
1946 +# offset rank).
1947 +#
1948 +# Zero is the only value able to guarantee that when all the partitions heal
1949 +# the cluster will always be able to continue.
1950 +#
1951 +# cluster-slave-validity-factor 10
1952 +
1953 +# Cluster slaves are able to migrate to orphaned masters, that are masters
1954 +# that are left without working slaves. This improves the cluster ability
1955 +# to resist to failures as otherwise an orphaned master can't be failed over
1956 +# in case of failure if it has no working slaves.
1957 +#
1958 +# Slaves migrate to orphaned masters only if there are still at least a
1959 +# given number of other working slaves for their old master. This number
1960 +# is the "migration barrier". A migration barrier of 1 means that a slave
1961 +# will migrate only if there is at least 1 other working slave for its master
1962 +# and so forth. It usually reflects the number of slaves you want for every
1963 +# master in your cluster.
1964 +#
1965 +# Default is 1 (slaves migrate only if their masters remain with at least
1966 +# one slave). To disable migration just set it to a very large value.
1967 +# A value of 0 can be set but is useful only for debugging and dangerous
1968 +# in production.
1969 +#
1970 +# cluster-migration-barrier 1
1971 +
1972 +# By default Redis Cluster nodes stop accepting queries if they detect there
1973 +# is at least an hash slot uncovered (no available node is serving it).
1974 +# This way if the cluster is partially down (for example a range of hash slots
1975 +# are no longer covered) all the cluster becomes, eventually, unavailable.
1976 +# It automatically returns available as soon as all the slots are covered again.
1977 +#
1978 +# However sometimes you want the subset of the cluster which is working,
1979 +# to continue to accept queries for the part of the key space that is still
1980 +# covered. In order to do so, just set the cluster-require-full-coverage
1981 +# option to no.
1982 +#
1983 +# cluster-require-full-coverage yes
1984 +
1985 +# In order to setup your cluster make sure to read the documentation
1986 +# available at http://redis.io web site.
1987 +
1988 +################################## SLOW LOG ###################################
1989 +
1990 +# The Redis Slow Log is a system to log queries that exceeded a specified
1991 +# execution time. The execution time does not include the I/O operations
1992 +# like talking with the client, sending the reply and so forth,
1993 +# but just the time needed to actually execute the command (this is the only
1994 +# stage of command execution where the thread is blocked and can not serve
1995 +# other requests in the meantime).
1996 +#
1997 +# You can configure the slow log with two parameters: one tells Redis
1998 +# what is the execution time, in microseconds, to exceed in order for the
1999 +# command to get logged, and the other parameter is the length of the
2000 +# slow log. When a new command is logged the oldest one is removed from the
2001 +# queue of logged commands.
2002 +
2003 +# The following time is expressed in microseconds, so 1000000 is equivalent
2004 +# to one second. Note that a negative number disables the slow log, while
2005 +# a value of zero forces the logging of every command.
2006 +slowlog-log-slower-than 10000
2007 +
2008 +# There is no limit to this length. Just be aware that it will consume memory.
2009 +# You can reclaim memory used by the slow log with SLOWLOG RESET.
2010 +slowlog-max-len 128
2011 +
2012 +################################ LATENCY MONITOR ##############################
2013 +
2014 +# The Redis latency monitoring subsystem samples different operations
2015 +# at runtime in order to collect data related to possible sources of
2016 +# latency of a Redis instance.
2017 +#
2018 +# Via the LATENCY command this information is available to the user that can
2019 +# print graphs and obtain reports.
2020 +#
2021 +# The system only logs operations that were performed in a time equal or
2022 +# greater than the amount of milliseconds specified via the
2023 +# latency-monitor-threshold configuration directive. When its value is set
2024 +# to zero, the latency monitor is turned off.
2025 +#
2026 +# By default latency monitoring is disabled since it is mostly not needed
2027 +# if you don't have latency issues, and collecting data has a performance
2028 +# impact, that while very small, can be measured under big load. Latency
2029 +# monitoring can easily be enabled at runtime using the command
2030 +# "CONFIG SET latency-monitor-threshold <milliseconds>" if needed.
2031 +# latency-monitor-threshold 0
2032 +
2033 +############################# EVENT NOTIFICATION ##############################
2034 +
2035 +# Redis can notify Pub/Sub clients about events happening in the key space.
2036 +# This feature is documented at http://redis.io/topics/notifications
2037 +#
2038 +# For instance if keyspace events notification is enabled, and a client
2039 +# performs a DEL operation on key "foo" stored in the Database 0, two
2040 +# messages will be published via Pub/Sub:
2041 +#
2042 +# PUBLISH __keyspace@0__:foo del
2043 +# PUBLISH __keyevent@0__:del foo
2044 +#
2045 +# It is possible to select the events that Redis will notify among a set
2046 +# of classes. Every class is identified by a single character:
2047 +#
2048 +# K Keyspace events, published with __keyspace@<db>__ prefix.
2049 +# E Keyevent events, published with __keyevent@<db>__ prefix.
2050 +# g Generic commands (non-type specific) like DEL, EXPIRE, RENAME, ...
2051 +# $ String commands
2052 +# l List commands
2053 +# s Set commands
2054 +# h Hash commands
2055 +# z Sorted set commands
2056 +# x Expired events (events generated every time a key expires)
2057 +# e Evicted events (events generated when a key is evicted for maxmemory)
2058 +# A Alias for g$lshzxe, so that the "AKE" string means all the events.
2059 +#
2060 +# The "notify-keyspace-events" takes as argument a string that is composed
2061 +# of zero or multiple characters. The empty string means that notifications
2062 +# are disabled.
2063 +#
2064 +# Example: to enable list and generic events, from the point of view of the
2065 +# event name, use:
2066 +#
2067 +# notify-keyspace-events Elg
2068 +#
2069 +# Example 2: to get the stream of the expired keys subscribing to channel
2070 +# name __keyevent@0__:expired use:
2071 +#
2072 +# notify-keyspace-events Ex
2073 +#
2074 +# By default all notifications are disabled because most users don't need
2075 +# this feature and the feature has some overhead. Note that if you don't
2076 +# specify at least one of K or E, no events will be delivered.
2077 +notify-keyspace-events ""
2078 +
2079 +############################### ADVANCED CONFIG ###############################
2080 +
2081 +# Hashes are encoded using a memory efficient data structure when they have a
2082 +# small number of entries, and the biggest entry does not exceed a given
2083 +# threshold. These thresholds can be configured using the following directives.
2084 +hash-max-ziplist-entries 512
2085 +hash-max-ziplist-value 64
2086 +
2087 +# Lists are also encoded in a special way to save a lot of space.
2088 +# The number of entries allowed per internal list node can be specified
2089 +# as a fixed maximum size or a maximum number of elements.
2090 +# For a fixed maximum size, use -5 through -1, meaning:
2091 +# -5: max size: 64 Kb <-- not recommended for normal workloads
2092 +# -4: max size: 32 Kb <-- not recommended
2093 +# -3: max size: 16 Kb <-- probably not recommended
2094 +# -2: max size: 8 Kb <-- good
2095 +# -1: max size: 4 Kb <-- good
2096 +# Positive numbers mean store up to _exactly_ that number of elements
2097 +# per list node.
2098 +# The highest performing option is usually -2 (8 Kb size) or -1 (4 Kb size),
2099 +# but if your use case is unique, adjust the settings as necessary.
2100 +# list-max-ziplist-size -2
2101 +
2102 +# Lists may also be compressed.
2103 +# Compress depth is the number of quicklist ziplist nodes from *each* side of
2104 +# the list to *exclude* from compression. The head and tail of the list
2105 +# are always uncompressed for fast push/pop operations. Settings are:
2106 +# 0: disable all list compression
2107 +# 1: depth 1 means "don't start compressing until after 1 node into the list,
2108 +# going from either the head or tail"
2109 +# So: [head]->node->node->...->node->[tail]
2110 +# [head], [tail] will always be uncompressed; inner nodes will compress.
2111 +# 2: [head]->[next]->node->node->...->node->[prev]->[tail]
2112 +# 2 here means: don't compress head or head->next or tail->prev or tail,
2113 +# but compress all nodes between them.
2114 +# 3: [head]->[next]->[next]->node->node->...->node->[prev]->[prev]->[tail]
2115 +# etc.
2116 +# list-compress-depth 0
2117 +
2118 +# Sets have a special encoding in just one case: when a set is composed
2119 +# of just strings that happen to be integers in radix 10 in the range
2120 +# of 64 bit signed integers.
2121 +# The following configuration setting sets the limit in the size of the
2122 +# set in order to use this special memory saving encoding.
2123 +set-max-intset-entries 512
2124 +
2125 +# Similarly to hashes and lists, sorted sets are also specially encoded in
2126 +# order to save a lot of space. This encoding is only used when the length and
2127 +# elements of a sorted set are below the following limits:
2128 +zset-max-ziplist-entries 128
2129 +zset-max-ziplist-value 64
2130 +
2131 +# HyperLogLog sparse representation bytes limit. The limit includes the
2132 +# 16 bytes header. When an HyperLogLog using the sparse representation crosses
2133 +# this limit, it is converted into the dense representation.
2134 +#
2135 +# A value greater than 16000 is totally useless, since at that point the
2136 +# dense representation is more memory efficient.
2137 +#
2138 +# The suggested value is ~ 3000 in order to have the benefits of
2139 +# the space efficient encoding without slowing down too much PFADD,
2140 +# which is O(N) with the sparse encoding. The value can be raised to
2141 +# ~ 10000 when CPU is not a concern, but space is, and the data set is
2142 +# composed of many HyperLogLogs with cardinality in the 0 - 15000 range.
2143 +# hll-sparse-max-bytes 3000
2144 +
2145 +# Active rehashing uses 1 millisecond every 100 milliseconds of CPU time in
2146 +# order to help rehashing the main Redis hash table (the one mapping top-level
2147 +# keys to values). The hash table implementation Redis uses (see dict.c)
2148 +# performs a lazy rehashing: the more operation you run into a hash table
2149 +# that is rehashing, the more rehashing "steps" are performed, so if the
2150 +# server is idle the rehashing is never complete and some more memory is used
2151 +# by the hash table.
2152 +#
2153 +# The default is to use this millisecond 10 times every second in order to
2154 +# actively rehash the main dictionaries, freeing memory when possible.
2155 +#
2156 +# If unsure:
2157 +# use "activerehashing no" if you have hard latency requirements and it is
2158 +# not a good thing in your environment that Redis can reply from time to time
2159 +# to queries with 2 milliseconds delay.
2160 +#
2161 +# use "activerehashing yes" if you don't have such hard requirements but
2162 +# want to free memory asap when possible.
2163 +activerehashing yes
2164 +
2165 +# The client output buffer limits can be used to force disconnection of clients
2166 +# that are not reading data from the server fast enough for some reason (a
2167 +# common reason is that a Pub/Sub client can't consume messages as fast as the
2168 +# publisher can produce them).
2169 +#
2170 +# The limit can be set differently for the three different classes of clients:
2171 +#
2172 +# normal -> normal clients including MONITOR clients
2173 +# slave -> slave clients
2174 +# pubsub -> clients subscribed to at least one pubsub channel or pattern
2175 +#
2176 +# The syntax of every client-output-buffer-limit directive is the following:
2177 +#
2178 +# client-output-buffer-limit <class> <hard limit> <soft limit> <soft seconds>
2179 +#
2180 +# A client is immediately disconnected once the hard limit is reached, or if
2181 +# the soft limit is reached and remains reached for the specified number of
2182 +# seconds (continuously).
2183 +# So for instance if the hard limit is 32 megabytes and the soft limit is
2184 +# 16 megabytes / 10 seconds, the client will get disconnected immediately
2185 +# if the size of the output buffers reach 32 megabytes, but will also get
2186 +# disconnected if the client reaches 16 megabytes and continuously overcomes
2187 +# the limit for 10 seconds.
2188 +#
2189 +# By default normal clients are not limited because they don't receive data
2190 +# without asking (in a push way), but just after a request, so only
2191 +# asynchronous clients may create a scenario where data is requested faster
2192 +# than it can read.
2193 +#
2194 +# Instead there is a default limit for pubsub and slave clients, since
2195 +# subscribers and slaves receive data in a push fashion.
2196 +#
2197 +# Both the hard or the soft limit can be disabled by setting them to zero.
2198 +client-output-buffer-limit normal 0 0 0
2199 +client-output-buffer-limit slave 256mb 64mb 60
2200 +client-output-buffer-limit pubsub 32mb 8mb 60
2201 +
2202 +# Redis calls an internal function to perform many background tasks, like
2203 +# closing connections of clients in timeout, purging expired keys that are
2204 +# never requested, and so forth.
2205 +#
2206 +# Not all tasks are performed with the same frequency, but Redis checks for
2207 +# tasks to perform according to the specified "hz" value.
2208 +#
2209 +# By default "hz" is set to 10. Raising the value will use more CPU when
2210 +# Redis is idle, but at the same time will make Redis more responsive when
2211 +# there are many keys expiring at the same time, and timeouts may be
2212 +# handled with more precision.
2213 +#
2214 +# The range is between 1 and 500, however a value over 100 is usually not
2215 +# a good idea. Most users should use the default of 10 and raise this up to
2216 +# 100 only in environments where very low latency is required.
2217 +hz 10
2218 +
2219 +# When a child rewrites the AOF file, if the following option is enabled
2220 +# the file will be fsync-ed every 32 MB of data generated. This is useful
2221 +# in order to commit the file to the disk more incrementally and avoid
2222 +# big latency spikes.
2223 +aof-rewrite-incremental-fsync yes
2224 - change mode from '' to '0644'
2225 - change owner from '' to 'gitlab-redis'
2226 * directory[/opt/gitlab/sv/redis] action create
2227 - create new directory /opt/gitlab/sv/redis
2228 - change mode from '' to '0755'
2229 - change owner from '' to 'root'
2230 - change group from '' to 'root'
2231 * directory[/opt/gitlab/sv/redis/log] action create
2232 - create new directory /opt/gitlab/sv/redis/log
2233 - change mode from '' to '0755'
2234 - change owner from '' to 'root'
2235 - change group from '' to 'root'
2236 * directory[/opt/gitlab/sv/redis/log/main] action create
2237 - create new directory /opt/gitlab/sv/redis/log/main
2238 - change mode from '' to '0755'
2239 - change owner from '' to 'root'
2240 - change group from '' to 'root'
2241 * template[/opt/gitlab/sv/redis/run] action create
2242 - create new file /opt/gitlab/sv/redis/run
2243 - update content in file /opt/gitlab/sv/redis/run from none to 535f80
2244 --- /opt/gitlab/sv/redis/run 2018-10-06 22:07:12.879457703 +0000
2245 +++ /opt/gitlab/sv/redis/.chef-run20181006-31-16wostx 2018-10-06 22:07:12.878457696 +0000
2246 @@ -1 +1,6 @@
2247 +#!/bin/sh
2248 +exec 2>&1
2249 +
2250 +umask 077
2251 +exec chpst -P -U gitlab-redis -u gitlab-redis /opt/gitlab/embedded/bin/redis-server /var/opt/gitlab/redis/redis.conf
2252 - change mode from '' to '0755'
2253 - change owner from '' to 'root'
2254 - change group from '' to 'root'
2255 * template[/opt/gitlab/sv/redis/log/run] action create
2256 - create new file /opt/gitlab/sv/redis/log/run
2257 - update content in file /opt/gitlab/sv/redis/log/run from none to af1017
2258 --- /opt/gitlab/sv/redis/log/run 2018-10-06 22:07:12.889457770 +0000
2259 +++ /opt/gitlab/sv/redis/log/.chef-run20181006-31-2h57hy 2018-10-06 22:07:12.889457770 +0000
2260 @@ -1 +1,3 @@
2261 +#!/bin/sh
2262 +exec svlogd -tt /var/log/gitlab/redis
2263 - change mode from '' to '0755'
2264 - change owner from '' to 'root'
2265 - change group from '' to 'root'
2266 * template[/var/log/gitlab/redis/config] action create
2267 - create new file /var/log/gitlab/redis/config
2268 - update content in file /var/log/gitlab/redis/config from none to 623c00
2269 --- /var/log/gitlab/redis/config 2018-10-06 22:07:12.902457857 +0000
2270 +++ /var/log/gitlab/redis/.chef-config20181006-31-7cagz1 2018-10-06 22:07:12.901457850 +0000
2271 @@ -1 +1,7 @@
2272 +s209715200
2273 +n30
2274 +t86400
2275 +!gzip
2276 +
2277 +
2278 - change owner from '' to 'root'
2279 - change group from '' to 'root'
2280 * ruby_block[reload redis svlogd configuration] action nothing (skipped due to action :nothing)
2281 * ruby_block[restart redis svlogd configuration] action nothing (skipped due to action :nothing)
2282 * file[/opt/gitlab/sv/redis/down] action delete (up to date)
2283 * link[/opt/gitlab/init/redis] action create
2284 - create symlink at /opt/gitlab/init/redis to /opt/gitlab/embedded/bin/sv
2285 * link[/opt/gitlab/service/redis] action create
2286 - create symlink at /opt/gitlab/service/redis to /opt/gitlab/sv/redis
2287 * ruby_block[supervise_redis_sleep] action run
2288 - execute the ruby block supervise_redis_sleep
2289 * directory[/opt/gitlab/sv/redis/supervise] action create
2290 - change mode from '0700' to '0755'
2291 * directory[/opt/gitlab/sv/redis/log/supervise] action create
2292 - change mode from '0700' to '0755'
2293 * file[/opt/gitlab/sv/redis/supervise/ok] action touch (skipped due to only_if)
2294 * file[/opt/gitlab/sv/redis/log/supervise/ok] action touch (skipped due to only_if)
2295 * file[/opt/gitlab/sv/redis/supervise/control] action touch (skipped due to only_if)
2296 * file[/opt/gitlab/sv/redis/log/supervise/control] action touch (skipped due to only_if)
2297 * service[redis] action nothing (skipped due to action :nothing)
2298 * execute[/opt/gitlab/bin/gitlab-ctl start redis] action run
2299 [execute] ok: run: redis: (pid 732) 6s
2300 - execute /opt/gitlab/bin/gitlab-ctl start redis
2301Recipe: postgresql::user
2302 * account[Postgresql user and group] action create (up to date)
2303Recipe: postgresql::enable
2304 * directory[/var/opt/gitlab/postgresql] action create (up to date)
2305 * directory[/var/opt/gitlab/postgresql/data] action create
2306 - create new directory /var/opt/gitlab/postgresql/data
2307 - change mode from '' to '0700'
2308 - change owner from '' to 'gitlab-psql'
2309 * directory[/var/log/gitlab/postgresql] action create
2310 - create new directory /var/log/gitlab/postgresql
2311 - change mode from '' to '0700'
2312 - change owner from '' to 'gitlab-psql'
2313 * link[/var/opt/gitlab/postgresql/data] action create (skipped due to not_if)
2314 * file[/var/opt/gitlab/postgresql/.profile] action create
2315 - update content in file /var/opt/gitlab/postgresql/.profile from d8c4ba to 3b0387
2316 --- /var/opt/gitlab/postgresql/.profile 2017-05-16 12:49:38.000000000 +0000
2317 +++ /var/opt/gitlab/postgresql/.chef-.profile20181006-31-2viaty.profile 2018-10-06 22:07:21.954518621 +0000
2318 @@ -1,21 +1,2 @@
2319 -# ~/.profile: executed by the command interpreter for login shells.
2320 -# This file is not read by bash(1), if ~/.bash_profile or ~/.bash_login
2321 -# exists.
2322 -# see /usr/share/doc/bash/examples/startup-files for examples.
2323 -# the files are located in the bash-doc package.
2324 -
2325 -# the default umask is set in /etc/profile; for setting the umask
2326 -# for ssh logins, install and configure the libpam-umask package.
2327 -#umask 022
2328 -
2329 -# if running bash
2330 -if [ -n "$BASH_VERSION" ]; then
2331 - # include .bashrc if it exists
2332 - if [ -f "$HOME/.bashrc" ]; then
2333 - . "$HOME/.bashrc"
2334 - fi
2335 -fi
2336 -
2337 -# set PATH so it includes user's private bin directories
2338 -PATH="$HOME/bin:$HOME/.local/bin:$PATH"
2339 +PATH=/opt/gitlab/embedded/bin:/opt/gitlab/bin:$PATH
2340 - change mode from '0644' to '0600'
2341 * sysctl[kernel.shmmax] action create
2342 * directory[create /etc/sysctl.d for kernel.shmmax] action create (up to date)
2343 * file[create /opt/gitlab/embedded/etc/90-omnibus-gitlab-kernel.shmmax.conf kernel.shmmax] action create
2344 - create new file /opt/gitlab/embedded/etc/90-omnibus-gitlab-kernel.shmmax.conf
2345 - update content in file /opt/gitlab/embedded/etc/90-omnibus-gitlab-kernel.shmmax.conf from none to 75a195
2346 --- /opt/gitlab/embedded/etc/90-omnibus-gitlab-kernel.shmmax.conf 2018-10-06 22:07:21.999518923 +0000
2347 +++ /opt/gitlab/embedded/etc/.chef-90-omnibus-gitlab-kernel20181006-31-kd73o5.shmmax.conf 2018-10-06 22:07:21.998518916 +0000
2348 @@ -1 +1,2 @@
2349 +kernel.shmmax = 17179869184
2350 * execute[load sysctl conf kernel.shmmax] action run
2351 [execute] sysctl: setting key "kernel.printk": Read-only file system
2352 sysctl: setting key "net.ipv6.conf.all.use_tempaddr": Read-only file system
2353 sysctl: setting key "net.ipv6.conf.default.use_tempaddr": Read-only file system
2354 sysctl: setting key "kernel.kptr_restrict": Read-only file system
2355 sysctl: setting key "fs.protected_hardlinks": Read-only file system
2356 sysctl: setting key "fs.protected_symlinks": Read-only file system
2357 sysctl: setting key "kernel.sysrq": Read-only file system
2358 sysctl: setting key "net.ipv4.conf.default.rp_filter": Read-only file system
2359 sysctl: setting key "net.ipv4.conf.all.rp_filter": Read-only file system
2360 sysctl: setting key "net.ipv4.tcp_syncookies": Read-only file system
2361 sysctl: setting key "vm.mmap_min_addr": Read-only file system
2362 - execute cat /etc/sysctl.conf /etc/sysctl.d/*.conf | sysctl -e -p -
2363 * link[/etc/sysctl.d/90-omnibus-gitlab-kernel.shmmax.conf] action create
2364 - create symlink at /etc/sysctl.d/90-omnibus-gitlab-kernel.shmmax.conf to /opt/gitlab/embedded/etc/90-omnibus-gitlab-kernel.shmmax.conf
2365 * execute[load sysctl conf kernel.shmmax] action run
2366 [execute] sysctl: setting key "kernel.printk": Read-only file system
2367 sysctl: setting key "net.ipv6.conf.all.use_tempaddr": Read-only file system
2368 sysctl: setting key "net.ipv6.conf.default.use_tempaddr": Read-only file system
2369 sysctl: setting key "kernel.kptr_restrict": Read-only file system
2370 sysctl: setting key "fs.protected_hardlinks": Read-only file system
2371 sysctl: setting key "fs.protected_symlinks": Read-only file system
2372 sysctl: setting key "kernel.sysrq": Read-only file system
2373 sysctl: setting key "net.ipv4.conf.default.rp_filter": Read-only file system
2374 sysctl: setting key "net.ipv4.conf.all.rp_filter": Read-only file system
2375 sysctl: setting key "net.ipv4.tcp_syncookies": Read-only file system
2376 sysctl: setting key "vm.mmap_min_addr": Read-only file system
2377 sysctl: setting key "kernel.shmmax": Read-only file system
2378 - execute cat /etc/sysctl.conf /etc/sysctl.d/*.conf | sysctl -e -p -
2379 * file[delete /etc/sysctl.d/90-postgresql.conf kernel.shmmax] action delete (skipped due to only_if)
2380 * file[delete /etc/sysctl.d/90-unicorn.conf kernel.shmmax] action delete (skipped due to only_if)
2381 * file[delete /opt/gitlab/embedded/etc/90-omnibus-gitlab.conf kernel.shmmax] action delete (skipped due to only_if)
2382 * file[delete /etc/sysctl.d/90-omnibus-gitlab.conf kernel.shmmax] action delete (skipped due to only_if)
2383 * execute[load sysctl conf kernel.shmmax] action nothing (skipped due to action :nothing)
2384
2385 * sysctl[kernel.shmall] action create
2386 * directory[create /etc/sysctl.d for kernel.shmall] action create (up to date)
2387 * file[create /opt/gitlab/embedded/etc/90-omnibus-gitlab-kernel.shmall.conf kernel.shmall] action create
2388 - create new file /opt/gitlab/embedded/etc/90-omnibus-gitlab-kernel.shmall.conf
2389 - update content in file /opt/gitlab/embedded/etc/90-omnibus-gitlab-kernel.shmall.conf from none to 6d765d
2390 --- /opt/gitlab/embedded/etc/90-omnibus-gitlab-kernel.shmall.conf 2018-10-06 22:07:22.150519936 +0000
2391 +++ /opt/gitlab/embedded/etc/.chef-90-omnibus-gitlab-kernel20181006-31-is60hr.shmall.conf 2018-10-06 22:07:22.150519936 +0000
2392 @@ -1 +1,2 @@
2393 +kernel.shmall = 4194304
2394 * execute[load sysctl conf kernel.shmall] action run
2395 [execute] sysctl: setting key "kernel.printk": Read-only file system
2396 sysctl: setting key "net.ipv6.conf.all.use_tempaddr": Read-only file system
2397 sysctl: setting key "net.ipv6.conf.default.use_tempaddr": Read-only file system
2398 sysctl: setting key "kernel.kptr_restrict": Read-only file system
2399 sysctl: setting key "fs.protected_hardlinks": Read-only file system
2400 sysctl: setting key "fs.protected_symlinks": Read-only file system
2401 sysctl: setting key "kernel.sysrq": Read-only file system
2402 sysctl: setting key "net.ipv4.conf.default.rp_filter": Read-only file system
2403 sysctl: setting key "net.ipv4.conf.all.rp_filter": Read-only file system
2404 sysctl: setting key "net.ipv4.tcp_syncookies": Read-only file system
2405 sysctl: setting key "vm.mmap_min_addr": Read-only file system
2406 sysctl: setting key "kernel.shmmax": Read-only file system
2407 - execute cat /etc/sysctl.conf /etc/sysctl.d/*.conf | sysctl -e -p -
2408 * link[/etc/sysctl.d/90-omnibus-gitlab-kernel.shmall.conf] action create
2409 - create symlink at /etc/sysctl.d/90-omnibus-gitlab-kernel.shmall.conf to /opt/gitlab/embedded/etc/90-omnibus-gitlab-kernel.shmall.conf
2410 * execute[load sysctl conf kernel.shmall] action run
2411 [execute] sysctl: setting key "kernel.printk": Read-only file system
2412 sysctl: setting key "net.ipv6.conf.all.use_tempaddr": Read-only file system
2413 sysctl: setting key "net.ipv6.conf.default.use_tempaddr": Read-only file system
2414 sysctl: setting key "kernel.kptr_restrict": Read-only file system
2415 sysctl: setting key "fs.protected_hardlinks": Read-only file system
2416 sysctl: setting key "fs.protected_symlinks": Read-only file system
2417 sysctl: setting key "kernel.sysrq": Read-only file system
2418 sysctl: setting key "net.ipv4.conf.default.rp_filter": Read-only file system
2419 sysctl: setting key "net.ipv4.conf.all.rp_filter": Read-only file system
2420 sysctl: setting key "net.ipv4.tcp_syncookies": Read-only file system
2421 sysctl: setting key "vm.mmap_min_addr": Read-only file system
2422 sysctl: setting key "kernel.shmall": Read-only file system
2423 sysctl: setting key "kernel.shmmax": Read-only file system
2424 - execute cat /etc/sysctl.conf /etc/sysctl.d/*.conf | sysctl -e -p -
2425 * file[delete /etc/sysctl.d/90-postgresql.conf kernel.shmall] action delete (skipped due to only_if)
2426 * file[delete /etc/sysctl.d/90-unicorn.conf kernel.shmall] action delete (skipped due to only_if)
2427 * file[delete /opt/gitlab/embedded/etc/90-omnibus-gitlab.conf kernel.shmall] action delete (skipped due to only_if)
2428 * file[delete /etc/sysctl.d/90-omnibus-gitlab.conf kernel.shmall] action delete (skipped due to only_if)
2429 * execute[load sysctl conf kernel.shmall] action nothing (skipped due to action :nothing)
2430
2431 * sysctl[kernel.sem] action create
2432 * directory[create /etc/sysctl.d for kernel.sem] action create (up to date)
2433 * file[create /opt/gitlab/embedded/etc/90-omnibus-gitlab-kernel.sem.conf kernel.sem] action create
2434 - create new file /opt/gitlab/embedded/etc/90-omnibus-gitlab-kernel.sem.conf
2435 - update content in file /opt/gitlab/embedded/etc/90-omnibus-gitlab-kernel.sem.conf from none to 09a346
2436 --- /opt/gitlab/embedded/etc/90-omnibus-gitlab-kernel.sem.conf 2018-10-06 22:07:22.207520319 +0000
2437 +++ /opt/gitlab/embedded/etc/.chef-90-omnibus-gitlab-kernel20181006-31-1i71ig6.sem.conf 2018-10-06 22:07:22.207520319 +0000
2438 @@ -1 +1,2 @@
2439 +kernel.sem = 250 32000 32 262
2440 * execute[load sysctl conf kernel.sem] action run
2441 [execute] sysctl: setting key "kernel.printk": Read-only file system
2442 sysctl: setting key "net.ipv6.conf.all.use_tempaddr": Read-only file system
2443 sysctl: setting key "net.ipv6.conf.default.use_tempaddr": Read-only file system
2444 sysctl: setting key "kernel.kptr_restrict": Read-only file system
2445 sysctl: setting key "fs.protected_hardlinks": Read-only file system
2446 sysctl: setting key "fs.protected_symlinks": Read-only file system
2447 sysctl: setting key "kernel.sysrq": Read-only file system
2448 sysctl: setting key "net.ipv4.conf.default.rp_filter": Read-only file system
2449 sysctl: setting key "net.ipv4.conf.all.rp_filter": Read-only file system
2450 sysctl: setting key "net.ipv4.tcp_syncookies": Read-only file system
2451 sysctl: setting key "vm.mmap_min_addr": Read-only file system
2452 sysctl: setting key "kernel.shmall": Read-only file system
2453 sysctl: setting key "kernel.shmmax": Read-only file system
2454 - execute cat /etc/sysctl.conf /etc/sysctl.d/*.conf | sysctl -e -p -
2455 * link[/etc/sysctl.d/90-omnibus-gitlab-kernel.sem.conf] action create
2456 - create symlink at /etc/sysctl.d/90-omnibus-gitlab-kernel.sem.conf to /opt/gitlab/embedded/etc/90-omnibus-gitlab-kernel.sem.conf
2457 * execute[load sysctl conf kernel.sem] action run
2458 [execute] sysctl: setting key "kernel.printk": Read-only file system
2459 sysctl: setting key "net.ipv6.conf.all.use_tempaddr": Read-only file system
2460 sysctl: setting key "net.ipv6.conf.default.use_tempaddr": Read-only file system
2461 sysctl: setting key "kernel.kptr_restrict": Read-only file system
2462 sysctl: setting key "fs.protected_hardlinks": Read-only file system
2463 sysctl: setting key "fs.protected_symlinks": Read-only file system
2464 sysctl: setting key "kernel.sysrq": Read-only file system
2465 sysctl: setting key "net.ipv4.conf.default.rp_filter": Read-only file system
2466 sysctl: setting key "net.ipv4.conf.all.rp_filter": Read-only file system
2467 sysctl: setting key "net.ipv4.tcp_syncookies": Read-only file system
2468 sysctl: setting key "vm.mmap_min_addr": Read-only file system
2469 sysctl: setting key "kernel.sem": Read-only file system
2470 sysctl: setting key "kernel.shmall": Read-only file system
2471 sysctl: setting key "kernel.shmmax": Read-only file system
2472 - execute cat /etc/sysctl.conf /etc/sysctl.d/*.conf | sysctl -e -p -
2473 * file[delete /etc/sysctl.d/90-postgresql.conf kernel.sem] action delete (skipped due to only_if)
2474 * file[delete /etc/sysctl.d/90-unicorn.conf kernel.sem] action delete (skipped due to only_if)
2475 * file[delete /opt/gitlab/embedded/etc/90-omnibus-gitlab.conf kernel.sem] action delete (skipped due to only_if)
2476 * file[delete /etc/sysctl.d/90-omnibus-gitlab.conf kernel.sem] action delete (skipped due to only_if)
2477 * execute[load sysctl conf kernel.sem] action nothing (skipped due to action :nothing)
2478
2479 * execute[/opt/gitlab/embedded/bin/initdb -D /var/opt/gitlab/postgresql/data -E UTF8] action run
2480 [execute] The files belonging to this database system will be owned by user "gitlab-psql".
2481 This user must also own the server process.
2482
2483 The database cluster will be initialized with locale "C".
2484 The default text search configuration will be set to "english".
2485
2486 Data page checksums are disabled.
2487
2488 fixing permissions on existing directory /var/opt/gitlab/postgresql/data ... ok
2489 creating subdirectories ... ok
2490 selecting default max_connections ... 100
2491 selecting default shared_buffers ... 128MB
2492 selecting dynamic shared memory implementation ... posix
2493 creating configuration files ... ok
2494 running bootstrap script ... ok
2495 performing post-bootstrap initialization ... ok