· 7 years ago · Jun 29, 2018, 12:42 PM
1## GitLab configuration settings
2##! This file is generated during initial installation and **is not** modified
3##! during upgrades.
4##! Check out the latest version of this file to know about the different
5##! settings that can be configured by this file, which may be found at:
6##! https://gitlab.com/gitlab-org/omnibus-gitlab/raw/master/files/gitlab-config-template/gitlab.rb.template
7
8
9## GitLab URL
10##! URL on which GitLab will be reachable.
11##! For more details on configuring external_url see:
12##! https://docs.gitlab.com/omnibus/settings/configuration.html#configuring-the-external-url-for-gitlab
13external_url 'ssl://gitlab.cpmtech.fr/'
14
15## Roles for multi-instance GitLab
16##! The default is to have no roles enabled, which results in GitLab running as an all-in-one instance.
17##! Options:
18##! redis_sentinel_role redis_master_role redis_slave_role geo_primary_role geo_secondary_role
19##! For more deatils on each role, see:
20##! https://docs.gitlab.com/omnibus/roles/README.html#roles
21##!
22# roles ['redis_sentinel_role', 'redis_master_role']
23
24## Legend
25##! The following notations at the beginning of each line may be used to
26##! differentiate between components of this file and to easily select them using
27##! a regex.
28##! ## Titles, subtitles etc
29##! ##! More information - Description, Docs, Links, Issues etc.
30##! Configuration settings have a single # followed by a single space at the
31##! beginning; Remove them to enable the setting.
32
33##! **Configuration settings below are optional.**
34##! **The values currently assigned are only examples and ARE NOT the default
35##! values.**
36
37
38################################################################################
39################################################################################
40## Configuration Settings for GitLab CE and EE ##
41################################################################################
42################################################################################
43
44################################################################################
45## gitlab.yml configuration
46##! Docs: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/gitlab.yml.md
47################################################################################
48# gitlab_rails['gitlab_ssh_host'] = 'ssh.host_example.com'
49# gitlab_rails['time_zone'] = 'UTC'
50
51### Email Settings
52# gitlab_rails['gitlab_email_enabled'] = true
53# gitlab_rails['gitlab_email_from'] = 'example@example.com'
54# gitlab_rails['gitlab_email_display_name'] = 'Example'
55# gitlab_rails['gitlab_email_reply_to'] = 'noreply@example.com'
56# gitlab_rails['gitlab_email_subject_suffix'] = ''
57
58### GitLab user privileges
59# gitlab_rails['gitlab_default_can_create_group'] = true
60# gitlab_rails['gitlab_username_changing_enabled'] = true
61
62### Default Theme
63# gitlab_rails['gitlab_default_theme'] = 2
64
65### Default project feature settings
66# gitlab_rails['gitlab_default_projects_features_issues'] = true
67# gitlab_rails['gitlab_default_projects_features_merge_requests'] = true
68# gitlab_rails['gitlab_default_projects_features_wiki'] = true
69# gitlab_rails['gitlab_default_projects_features_snippets'] = true
70# gitlab_rails['gitlab_default_projects_features_builds'] = true
71# gitlab_rails['gitlab_default_projects_features_container_registry'] = true
72
73### Automatic issue closing
74###! See https://docs.gitlab.com/ce/customization/issue_closing.html for more
75###! information about this pattern.
76# gitlab_rails['gitlab_issue_closing_pattern'] = "((?:[Cc]los(?:e[sd]?|ing)|[Ff]ix(?:e[sd]|ing)?|[Rr]esolv(?:e[sd]?|ing)|[Ii]mplement(?:s|ed|ing)?)(:?) +(?:(?:issues? +)?%{issue_ref}(?:(?:, *| +and +)?)|([A-Z][A-Z0-9_]+-\d+))+)"
77
78### Download location
79###! When a user clicks e.g. 'Download zip' on a project, a temporary zip file
80###! is created in the following directory.
81# gitlab_rails['gitlab_repository_downloads_path'] = 'tmp/repositories'
82
83### Gravatar Settings
84# gitlab_rails['gravatar_plain_url'] = 'http://www.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon'
85# gitlab_rails['gravatar_ssl_url'] = 'https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon'
86
87### Auxiliary jobs
88###! Periodically executed jobs, to self-heal Gitlab, do external
89###! synchronizations, etc.
90###! Docs: https://github.com/ondrejbartas/sidekiq-cron#adding-cron-job
91###! https://docs.gitlab.com/ce/ci/yaml/README.html#artifacts:expire_in
92# gitlab_rails['stuck_ci_jobs_worker_cron'] = "0 0 * * *"
93# gitlab_rails['expire_build_artifacts_worker_cron'] = "50 * * * *"
94# gitlab_rails['pipeline_schedule_worker_cron'] = "41 * * * *"
95# gitlab_rails['ci_archive_traces_cron_worker_cron'] = "17 * * * *"
96# gitlab_rails['repository_check_worker_cron'] = "20 * * * *"
97# gitlab_rails['admin_email_worker_cron'] = "0 0 * * 0"
98# gitlab_rails['repository_archive_cache_worker_cron'] = "0 * * * *"
99# gitlab_rails['pages_domain_verification_cron_worker'] = "*/15 * * * *"
100
101### Webhook Settings
102###! Number of seconds to wait for HTTP response after sending webhook HTTP POST
103###! request (default: 10)
104# gitlab_rails['webhook_timeout'] = 10
105
106### Trusted proxies
107###! Customize if you have GitLab behind a reverse proxy which is running on a
108###! different machine.
109###! **Add the IP address for your reverse proxy to the list, otherwise users
110###! will appear signed in from that address.**
111# gitlab_rails['trusted_proxies'] = []
112
113### Monitoring settings
114###! IP whitelist controlling access to monitoring endpoints
115# gitlab_rails['monitoring_whitelist'] = ['127.0.0.0/8', '::1/128']
116###! Time between sampling of unicorn socket metrics, in seconds
117# gitlab_rails['monitoring_unicorn_sampler_interval'] = 10
118
119### Reply by email
120###! Allow users to comment on issues and merge requests by replying to
121###! notification emails.
122###! Docs: https://docs.gitlab.com/ce/administration/reply_by_email.html
123# gitlab_rails['incoming_email_enabled'] = true
124
125#### Incoming Email Address
126####! The email address including the `%{key}` placeholder that will be replaced
127####! to reference the item being replied to.
128####! **The placeholder can be omitted but if present, it must appear in the
129####! "user" part of the address (before the `@`).**
130# gitlab_rails['incoming_email_address'] = "gitlab-incoming+%{key}@gmail.com"
131
132#### Email account username
133####! **With third party providers, this is usually the full email address.**
134####! **With self-hosted email servers, this is usually the user part of the
135####! email address.**
136# gitlab_rails['incoming_email_email'] = "gitlab-incoming@gmail.com"
137
138#### Email account password
139# gitlab_rails['incoming_email_password'] = "[REDACTED]"
140
141#### IMAP Settings
142# gitlab_rails['incoming_email_host'] = "imap.gmail.com"
143# gitlab_rails['incoming_email_port'] = 993
144# gitlab_rails['incoming_email_ssl'] = true
145# gitlab_rails['incoming_email_start_tls'] = false
146
147#### Incoming Mailbox Settings
148####! The mailbox where incoming mail will end up. Usually "inbox".
149# gitlab_rails['incoming_email_mailbox_name'] = "inbox"
150####! The IDLE command timeout.
151# gitlab_rails['incoming_email_idle_timeout'] = 60
152
153### Job Artifacts
154# gitlab_rails['artifacts_enabled'] = true
155# gitlab_rails['artifacts_path'] = "/var/opt/gitlab/gitlab-rails/shared/artifacts"
156####! Job artifacts Object Store
157####! Docs: https://docs.gitlab.com/ee/administration/job_artifacts.html#using-object-storage
158# gitlab_rails['artifacts_object_store_enabled'] = false
159# gitlab_rails['artifacts_object_store_direct_upload'] = false
160# gitlab_rails['artifacts_object_store_background_upload'] = true
161# gitlab_rails['artifacts_object_store_proxy_download'] = false
162# gitlab_rails['artifacts_object_store_remote_directory'] = "artifacts"
163# gitlab_rails['artifacts_object_store_connection'] = {
164# 'provider' => 'AWS',
165# 'region' => 'eu-west-1',
166# 'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
167# 'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
168# # # The below options configure an S3 compatible host instead of AWS
169# # 'host' => 's3.amazonaws.com',
170# # 'endpoint' => nil,
171# # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
172# }
173
174### Git LFS
175# gitlab_rails['lfs_enabled'] = true
176# gitlab_rails['lfs_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/lfs-objects"
177# gitlab_rails['lfs_object_store_enabled'] = false # EE only
178# gitlab_rails['lfs_object_store_direct_upload'] = false
179# gitlab_rails['lfs_object_store_background_upload'] = true
180# gitlab_rails['lfs_object_store_proxy_download'] = false
181# gitlab_rails['lfs_object_store_remote_directory'] = "lfs-objects"
182# gitlab_rails['lfs_object_store_connection'] = {
183# 'provider' => 'AWS',
184# 'region' => 'eu-west-1',
185# 'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
186# 'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
187# # # The below options configure an S3 compatible host instead of AWS
188# # 'host' => 's3.amazonaws.com',
189# # 'endpoint' => nil,
190# # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
191# }
192
193### GitLab uploads
194###! Docs: https://docs.gitlab.com/ee/administration/uploads.html
195# gitlab_rails['uploads_storage_path'] = "/var/opt/gitlab/gitlab-rails/public"
196# gitlab_rails['uploads_base_dir'] = "uploads/-/system"
197# gitlab_rails['uploads_object_store_enabled'] = false # EE only
198# gitlab_rails['uploads_object_store_direct_upload'] = false
199# gitlab_rails['uploads_object_store_background_upload'] = true
200# gitlab_rails['uploads_object_store_proxy_download'] = false
201# gitlab_rails['uploads_object_store_remote_directory'] = "uploads"
202# gitlab_rails['uploads_object_store_connection'] = {
203# 'provider' => 'AWS',
204# 'region' => 'eu-west-1',
205# 'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
206# 'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
207# # # The below options configure an S3 compatible host instead of AWS
208# # 'host' => 's3.amazonaws.com',
209# # 'endpoint' => nil,
210# # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
211# }
212
213### Usage Statistics
214# gitlab_rails['usage_ping_enabled'] = true
215
216### GitLab Mattermost
217###! These settings are void if Mattermost is installed on the same omnibus
218###! install
219# gitlab_rails['mattermost_host'] = "https://mattermost.example.com"
220
221### LDAP Settings
222###! Docs: https://docs.gitlab.com/omnibus/settings/ldap.html
223###! **Be careful not to break the indentation in the ldap_servers block. It is
224###! in yaml format and the spaces must be retained. Using tabs will not work.**
225
226# gitlab_rails['ldap_enabled'] = false
227
228###! **remember to close this block with 'EOS' below**
229# gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
230# main: # 'main' is the GitLab 'provider ID' of this LDAP server
231# label: 'LDAP'
232# host: '_your_ldap_server'
233# port: 389
234# uid: 'sAMAccountName'
235# bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
236# password: '_the_password_of_the_bind_user'
237# encryption: 'plain' # "start_tls" or "simple_tls" or "plain"
238# verify_certificates: true
239# active_directory: true
240# allow_username_or_email_login: false
241# lowercase_usernames: false
242# block_auto_created_users: false
243# base: ''
244# user_filter: ''
245# ## EE only
246# group_base: ''
247# admin_group: ''
248# sync_ssh_keys: false
249#
250# secondary: # 'secondary' is the GitLab 'provider ID' of second LDAP server
251# label: 'LDAP'
252# host: '_your_ldap_server'
253# port: 389
254# uid: 'sAMAccountName'
255# bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
256# password: '_the_password_of_the_bind_user'
257# encryption: 'plain' # "start_tls" or "simple_tls" or "plain"
258# verify_certificates: true
259# active_directory: true
260# allow_username_or_email_login: false
261# lowercase_usernames: false
262# block_auto_created_users: false
263# base: ''
264# user_filter: ''
265# ## EE only
266# group_base: ''
267# admin_group: ''
268# sync_ssh_keys: false
269# EOS
270
271### OmniAuth Settings
272###! Docs: https://docs.gitlab.com/ce/integration/omniauth.html
273# gitlab_rails['omniauth_enabled'] = false
274# gitlab_rails['omniauth_allow_single_sign_on'] = ['saml']
275# gitlab_rails['omniauth_sync_email_from_provider'] = 'saml'
276# gitlab_rails['omniauth_sync_profile_from_provider'] = ['saml']
277# gitlab_rails['omniauth_sync_profile_attributes'] = ['email']
278# gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'saml'
279# gitlab_rails['omniauth_block_auto_created_users'] = true
280# gitlab_rails['omniauth_auto_link_ldap_user'] = false
281# gitlab_rails['omniauth_auto_link_saml_user'] = false
282# gitlab_rails['omniauth_external_providers'] = ['twitter', 'google_oauth2']
283# gitlab_rails['omniauth_providers'] = [
284# {
285# "name" => "google_oauth2",
286# "app_id" => "YOUR APP ID",
287# "app_secret" => "YOUR APP SECRET",
288# "args" => { "access_type" => "offline", "approval_prompt" => "" }
289# }
290# ]
291
292### Backup Settings
293###! Docs: https://docs.gitlab.com/omnibus/settings/backups.html
294
295# gitlab_rails['manage_backup_path'] = true
296# gitlab_rails['backup_path'] = "/var/opt/gitlab/backups"
297
298###! Docs: https://docs.gitlab.com/ce/raketasks/backup_restore.html#backup-archive-permissions
299# gitlab_rails['backup_archive_permissions'] = 0644
300
301# gitlab_rails['backup_pg_schema'] = 'public'
302
303###! The duration in seconds to keep backups before they are allowed to be deleted
304# gitlab_rails['backup_keep_time'] = 604800
305
306# gitlab_rails['backup_upload_connection'] = {
307# 'provider' => 'AWS',
308# 'region' => 'eu-west-1',
309# 'aws_access_key_id' => 'AKIAKIAKI',
310# 'aws_secret_access_key' => 'secret123'
311# }
312# gitlab_rails['backup_upload_remote_directory'] = 'my.s3.bucket'
313# gitlab_rails['backup_multipart_chunk_size'] = 104857600
314
315###! **Turns on AWS Server-Side Encryption with Amazon S3-Managed Keys for
316###! backups**
317# gitlab_rails['backup_encryption'] = 'AES256'
318
319###! **Specifies Amazon S3 storage class to use for backups. Valid values
320###! include 'STANDARD', 'STANDARD_IA', 'GLACIER', and
321###! 'REDUCED_REDUNDANCY'**
322# gitlab_rails['backup_storage_class'] = 'STANDARD'
323
324### For setting up different data storing directory
325###! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#storing-git-data-in-an-alternative-directory
326###! **If you want to use a single non-default directory to store git data use a
327###! path that doesn't contain symlinks.**
328# git_data_dirs({
329# "default" => {
330# "path" => "/mnt/nfs-01/git-data"
331# }
332# })
333
334### Gitaly settings
335# gitlab_rails['gitaly_token'] = 'secret token'
336
337### For storing GitLab application uploads, eg. LFS objects, build artifacts
338###! Docs: https://docs.gitlab.com/ce/development/shared_files.html
339# gitlab_rails['shared_path'] = '/var/opt/gitlab/gitlab-rails/shared'
340
341### Wait for file system to be mounted
342###! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#only-start-omnibus-gitlab-services-after-a-given-filesystem-is-mounted
343# high_availability['mountpoint'] = ["/var/opt/gitlab/git-data", "/var/opt/gitlab/gitlab-rails/shared"]
344
345### GitLab Shell settings for GitLab
346# gitlab_rails['gitlab_shell_ssh_port'] = 22
347# gitlab_rails['gitlab_shell_git_timeout'] = 800
348
349### Extra customization
350# gitlab_rails['extra_google_analytics_id'] = '_your_tracking_id'
351# gitlab_rails['extra_piwik_url'] = '_your_piwik_url'
352# gitlab_rails['extra_piwik_site_id'] = '_your_piwik_site_id'
353
354##! Docs: https://docs.gitlab.com/omnibus/settings/environment-variables.html
355# gitlab_rails['env'] = {
356# 'BUNDLE_GEMFILE' => "/opt/gitlab/embedded/service/gitlab-rails/Gemfile",
357# 'PATH' => "/opt/gitlab/bin:/opt/gitlab/embedded/bin:/bin:/usr/bin"
358# }
359
360# gitlab_rails['rack_attack_git_basic_auth'] = {
361# 'enabled' => true,
362# 'ip_whitelist' => ["127.0.0.1"],
363# 'maxretry' => 10,
364# 'findtime' => 60,
365# 'bantime' => 3600
366# }
367
368# gitlab_rails['rack_attack_protected_paths'] = [
369# '/users/password',
370# '/users/sign_in',
371# '/api/#{API::API.version}/session.json',
372# '/api/#{API::API.version}/session',
373# '/users',
374# '/users/confirmation',
375# '/unsubscribes/',
376# '/import/github/personal_access_token'
377# ]
378
379###! **We do not recommend changing these directories.**
380# gitlab_rails['dir'] = "/var/opt/gitlab/gitlab-rails"
381# gitlab_rails['log_directory'] = "/var/log/gitlab/gitlab-rails"
382
383### GitLab application settings
384# gitlab_rails['uploads_directory'] = "/var/opt/gitlab/gitlab-rails/uploads"
385# gitlab_rails['rate_limit_requests_per_period'] = 10
386# gitlab_rails['rate_limit_period'] = 60
387
388#### Change the initial default admin password and shared runner registraion tokens.
389####! **Only applicable on initial setup, changing these settings after database
390####! is created and seeded won't yield any change.**
391# gitlab_rails['initial_root_password'] = "password"
392# gitlab_rails['initial_shared_runners_registration_token'] = "token"
393
394#### Enable or disable automatic database migrations
395# gitlab_rails['auto_migrate'] = true
396
397#### This is advanced feature used by large gitlab deployments where loading
398#### whole RAILS env takes a lot of time.
399# gitlab_rails['rake_cache_clear'] = true
400
401### GitLab database settings
402###! Docs: https://docs.gitlab.com/omnibus/settings/database.html
403###! **Only needed if you use an external database.**
404# gitlab_rails['db_adapter'] = "postgresql"
405# gitlab_rails['db_encoding'] = "unicode"
406# gitlab_rails['db_collation'] = nil
407# gitlab_rails['db_database'] = "gitlabhq_production"
408# gitlab_rails['db_pool'] = 10
409# gitlab_rails['db_username'] = "gitlab"
410# gitlab_rails['db_password'] = nil
411# gitlab_rails['db_host'] = nil
412# gitlab_rails['db_port'] = 5432
413# gitlab_rails['db_socket'] = nil
414# gitlab_rails['db_sslmode'] = nil
415# gitlab_rails['db_sslrootcert'] = nil
416# gitlab_rails['db_prepared_statements'] = false
417# gitlab_rails['db_statements_limit'] = 1000
418
419
420### GitLab Redis settings
421###! Connect to your own Redis instance
422###! Docs: https://docs.gitlab.com/omnibus/settings/redis.html
423
424#### Redis TCP connection
425# gitlab_rails['redis_host'] = "127.0.0.1"
426# gitlab_rails['redis_port'] = 6379
427# gitlab_rails['redis_password'] = nil
428# gitlab_rails['redis_database'] = 0
429
430#### Redis local UNIX socket (will be disabled if TCP method is used)
431# gitlab_rails['redis_socket'] = "/var/opt/gitlab/redis/redis.socket"
432
433#### Sentinel support
434####! To have Sentinel working, you must enable Redis TCP connection support
435####! above and define a few Sentinel hosts below (to get a reliable setup
436####! at least 3 hosts).
437####! **You don't need to list every sentinel host, but the ones not listed will
438####! not be used in a fail-over situation to query for the new master.**
439# gitlab_rails['redis_sentinels'] = [
440# {'host' => '127.0.0.1', 'port' => 26379},
441# ]
442
443#### Separate instances support
444###! Docs: https://docs.gitlab.com/omnibus/settings/redis.html#running-with-multiple-redis-instances
445# gitlab_rails['redis_cache_instance'] = nil
446# gitlab_rails['redis_cache_sentinels'] = nil
447# gitlab_rails['redis_queues_instance'] = nil
448# gitlab_rails['redis_queues_sentinels'] = nil
449# gitlab_rails['redis_shared_state_instance'] = nil
450# gitlab_rails['redis_shared_sentinels'] = nil
451
452### GitLab email server settings
453###! Docs: https://docs.gitlab.com/omnibus/settings/smtp.html
454###! **Use smtp instead of sendmail/postfix.**
455
456# gitlab_rails['smtp_enable'] = true
457# gitlab_rails['smtp_address'] = "smtp.server"
458# gitlab_rails['smtp_port'] = 465
459# gitlab_rails['smtp_user_name'] = "smtp user"
460# gitlab_rails['smtp_password'] = "smtp password"
461# gitlab_rails['smtp_domain'] = "example.com"
462# gitlab_rails['smtp_authentication'] = "login"
463# gitlab_rails['smtp_enable_starttls_auto'] = true
464# gitlab_rails['smtp_tls'] = false
465
466###! **Can be: 'none', 'peer', 'client_once', 'fail_if_no_peer_cert'**
467###! Docs: http://api.rubyonrails.org/classes/ActionMailer/Base.html
468# gitlab_rails['smtp_openssl_verify_mode'] = 'none'
469
470# gitlab_rails['smtp_ca_path'] = "/etc/ssl/certs"
471# gitlab_rails['smtp_ca_file'] = "/etc/ssl/certs/ca-certificates.crt"
472
473################################################################################
474## Container Registry settings
475##! Docs: https://docs.gitlab.com/ce/administration/container_registry.html
476################################################################################
477
478# registry_external_url 'https://registry.gitlab.example.com'
479
480### Settings used by GitLab application
481# gitlab_rails['registry_enabled'] = true
482# gitlab_rails['registry_host'] = "registry.gitlab.example.com"
483# gitlab_rails['registry_port'] = "5005"
484# gitlab_rails['registry_path'] = "/var/opt/gitlab/gitlab-rails/shared/registry"
485
486###! **Do not change the following 3 settings unless you know what you are
487###! doing**
488# gitlab_rails['registry_api_url'] = "http://localhost:5000"
489# gitlab_rails['registry_key_path'] = "/var/opt/gitlab/gitlab-rails/certificate.key"
490# gitlab_rails['registry_issuer'] = "omnibus-gitlab-issuer"
491
492### Settings used by Registry application
493# registry['enable'] = true
494# registry['username'] = "registry"
495# registry['group'] = "registry"
496# registry['uid'] = nil
497# registry['gid'] = nil
498# registry['dir'] = "/var/opt/gitlab/registry"
499# registry['registry_http_addr'] = "localhost:5000"
500# registry['debug_addr'] = "localhost:5001"
501# registry['log_directory'] = "/var/log/gitlab/registry"
502# registry['env_directory'] = "/opt/gitlab/etc/registry/env"
503# registry['env'] = {}
504# registry['log_level'] = "info"
505# registry['rootcertbundle'] = "/var/opt/gitlab/registry/certificate.crt"
506# registry['health_storagedriver_enabled'] = true
507# registry['storage_delete_enabled'] = true
508
509### Registry backend storage
510###! Docs: https://docs.gitlab.com/ce/administration/container_registry.html#container-registry-storage-driver
511# registry['storage'] = {
512# 's3' => {
513# 'accesskey' => 'AKIAKIAKI',
514# 'secretkey' => 'secret123',
515# 'bucket' => 'gitlab-registry-bucket-AKIAKIAKI'
516# }
517# }
518
519### Registry notifications endpoints
520# registry['notifications'] = [
521# {
522# 'name' => 'test_endpoint',
523# 'url' => 'https://gitlab.example.com/notify2',
524# 'timeout' => '500ms',
525# 'threshold' => 5,
526# 'backoff' => '1s',
527# 'headers' => {
528# "Authorization" => ["AUTHORIZATION_EXAMPLE_TOKEN"]
529# }
530# }
531# ]
532### Default registry notifications
533# registry['default_notifications_timeout'] = "500ms"
534# registry['default_notifications_threshold'] = 5
535# registry['default_notifications_backoff'] = "1s"
536# registry['default_notifications_headers'] = {}
537
538
539
540################################################################################
541## GitLab Workhorse
542##! Docs: https://gitlab.com/gitlab-org/gitlab-workhorse/blob/master/README.md
543################################################################################
544
545# gitlab_workhorse['enable'] = true
546# gitlab_workhorse['ha'] = false
547# gitlab_workhorse['listen_network'] = "unix"
548# gitlab_workhorse['listen_umask'] = 000
549# gitlab_workhorse['listen_addr'] = "/var/opt/gitlab/gitlab-workhorse/socket"
550# gitlab_workhorse['auth_backend'] = "http://localhost:8080"
551
552##! the empty string is the default in gitlab-workhorse option parser
553# gitlab_workhorse['auth_socket'] = "''"
554
555##! put an empty string on the command line
556# gitlab_workhorse['pprof_listen_addr'] = "''"
557
558# gitlab_workhorse['prometheus_listen_addr'] = "localhost:9229"
559
560# gitlab_workhorse['dir'] = "/var/opt/gitlab/gitlab-workhorse"
561# gitlab_workhorse['log_directory'] = "/var/log/gitlab/gitlab-workhorse"
562# gitlab_workhorse['proxy_headers_timeout'] = "1m0s"
563
564##! limit number of concurrent API requests, defaults to 0 which is unlimited
565# gitlab_workhorse['api_limit'] = 0
566
567##! limit number of API requests allowed to be queued, defaults to 0 which
568##! disables queuing
569# gitlab_workhorse['api_queue_limit'] = 0
570
571##! duration after which we timeout requests if they sit too long in the queue
572# gitlab_workhorse['api_queue_duration'] = "30s"
573
574##! Long polling duration for job requesting for runners
575# gitlab_workhorse['api_ci_long_polling_duration'] = "60s"
576
577##! Log format: default is text, can also be json or none.
578# gitlab_workhorse['log_format'] = "json"
579
580# gitlab_workhorse['env'] = {
581# 'PATH' => "/opt/gitlab/bin:/opt/gitlab/embedded/bin:/bin:/usr/bin"
582# }
583
584################################################################################
585## GitLab User Settings
586##! Modify default git user.
587##! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#changing-the-name-of-the-git-user-group
588################################################################################
589
590# user['username'] = "git"
591# user['group'] = "git"
592# user['uid'] = nil
593# user['gid'] = nil
594
595##! The shell for the git user
596# user['shell'] = "/bin/sh"
597
598##! The home directory for the git user
599# user['home'] = "/var/opt/gitlab"
600
601# user['git_user_name'] = "GitLab"
602# user['git_user_email'] = "gitlab@#{node['fqdn']}"
603
604################################################################################
605## GitLab Unicorn
606##! Tweak unicorn settings.
607##! Docs: https://docs.gitlab.com/omnibus/settings/unicorn.html
608################################################################################
609
610# unicorn['worker_timeout'] = 60
611###! Minimum worker_processes is 2 at this moment
612###! See https://gitlab.com/gitlab-org/gitlab-ce/issues/18771
613# unicorn['worker_processes'] = 2
614
615### Advanced settings
616# unicorn['listen'] = 'localhost'
617# unicorn['port'] = 8080
618# unicorn['socket'] = '/var/opt/gitlab/gitlab-rails/sockets/gitlab.socket'
619# unicorn['pidfile'] = '/opt/gitlab/var/unicorn/unicorn.pid'
620# unicorn['tcp_nopush'] = true
621# unicorn['backlog_socket'] = 1024
622
623###! **Make sure somaxconn is equal or higher then backlog_socket**
624# unicorn['somaxconn'] = 1024
625
626###! **We do not recommend changing this setting**
627# unicorn['log_directory'] = "/var/log/gitlab/unicorn"
628
629### **Only change these settings if you understand well what they mean**
630###! Docs: https://about.gitlab.com/2015/06/05/how-gitlab-uses-unicorn-and-unicorn-worker-killer/
631###! https://github.com/kzk/unicorn-worker-killer
632# unicorn['worker_memory_limit_min'] = "400 * 1 << 20"
633# unicorn['worker_memory_limit_max'] = "650 * 1 << 20"
634
635################################################################################
636## GitLab Sidekiq
637################################################################################
638
639# sidekiq['log_directory'] = "/var/log/gitlab/sidekiq"
640# sidekiq['log_format'] = "default"
641# sidekiq['shutdown_timeout'] = 4
642# sidekiq['concurrency'] = 25
643# sidekiq['metrics_enabled'] = true
644# sidekiq['listen_address'] = "localhost"
645# sidekiq['listen_port'] = 8082
646
647################################################################################
648## gitlab-shell
649################################################################################
650
651# gitlab_shell['audit_usernames'] = false
652# gitlab_shell['log_level'] = 'INFO'
653# gitlab_shell['log_format'] = 'json'
654# gitlab_shell['http_settings'] = { user: 'username', password: 'password', ca_file: '/etc/ssl/cert.pem', ca_path: '/etc/pki/tls/certs', self_signed_cert: false}
655# gitlab_shell['log_directory'] = "/var/log/gitlab/gitlab-shell/"
656# gitlab_shell['custom_hooks_dir'] = "/opt/gitlab/embedded/service/gitlab-shell/hooks"
657
658# gitlab_shell['auth_file'] = "/var/opt/gitlab/.ssh/authorized_keys"
659
660### Git trace log file.
661###! If set, git commands receive GIT_TRACE* environment variables
662###! Docs: https://git-scm.com/book/es/v2/Git-Internals-Environment-Variables#Debugging
663###! An absolute path starting with / – the trace output will be appended to
664###! that file. It needs to exist so we can check permissions and avoid
665###! throwing warnings to the users.
666# gitlab_shell['git_trace_log_file'] = "/var/log/gitlab/gitlab-shell/gitlab-shell-git-trace.log"
667
668##! **We do not recommend changing this directory.**
669# gitlab_shell['dir'] = "/var/opt/gitlab/gitlab-shell"
670
671################################################################
672## GitLab PostgreSQL
673################################################################
674
675###! Changing any of these settings requires a restart of postgresql.
676###! By default, reconfigure reloads postgresql if it is running. If you
677###! change any of these settings, be sure to run `gitlab-ctl restart postgresql`
678###! after reconfigure in order for the changes to take effect.
679# postgresql['enable'] = true
680# postgresql['listen_address'] = nil
681# postgresql['port'] = 5432
682# postgresql['data_dir'] = "/var/opt/gitlab/postgresql/data"
683
684##! **recommend value is 1/4 of total RAM, up to 14GB.**
685# postgresql['shared_buffers'] = "256MB"
686
687### Advanced settings
688# postgresql['ha'] = false
689# postgresql['dir'] = "/var/opt/gitlab/postgresql"
690# postgresql['log_directory'] = "/var/log/gitlab/postgresql"
691# postgresql['username'] = "gitlab-psql"
692##! `SQL_USER_PASSWORD_HASH` can be generated using the command `gitlab-ctl pg-password-md5 gitlab`
693# postgresql['sql_user_password'] = 'SQL_USER_PASSWORD_HASH'
694# postgresql['uid'] = nil
695# postgresql['gid'] = nil
696# postgresql['shell'] = "/bin/sh"
697# postgresql['home'] = "/var/opt/gitlab/postgresql"
698# postgresql['user_path'] = "/opt/gitlab/embedded/bin:/opt/gitlab/bin:$PATH"
699# postgresql['sql_user'] = "gitlab"
700# postgresql['max_connections'] = 200
701# postgresql['md5_auth_cidr_addresses'] = []
702# postgresql['trust_auth_cidr_addresses'] = []
703# postgresql['wal_buffers'] = "-1"
704# postgresql['autovacuum_max_workers'] = "3"
705# postgresql['autovacuum_freeze_max_age'] = "200000000"
706# postgresql['log_statement'] = nil
707# postgresql['track_activity_query_size'] = "1024"
708# postgresql['shared_preload_libraries'] = nil
709# postgresql['dynamic_shared_memory_type'] = nil
710# postgresql['hot_standby'] = "off"
711
712### SSL settings
713# See https://www.postgresql.org/docs/9.6/static/runtime-config-connection.html#GUC-SSL-CERT-FILE for more details
714# postgresql['ssl'] = 'on'
715# postgresql['ssl_ciphers'] = 'HIGH:MEDIUM:+3DES:!aNULL:!SSLv3:!TLSv1'
716# postgresql['ssl_cert_file'] = 'server.crt'
717# postgresql['ssl_key_file'] = 'server.key'
718# postgresql['ssl_ca_file'] = '/opt/gitlab/embedded/ssl/certs/cacert.pem'
719# postgresql['ssl_crl_file'] = nil
720
721### Replication settings
722###! Note, some replication settings do not require a full restart. They are documented below.
723# postgresql['wal_level'] = "hot_standby"
724# postgresql['max_wal_senders'] = 5
725# postgresql['max_replication_slots'] = 0
726# postgresql['max_locks_per_transaction'] = 128
727
728# Backup/Archive settings
729# postgresql['archive_mode'] = "off"
730
731###! Changing any of these settings only requires a reload of postgresql. You do not need to
732###! restart postgresql if you change any of these and run reconfigure.
733# postgresql['work_mem'] = "16MB"
734# postgresql['maintenance_work_mem'] = "16MB"
735# postgresql['checkpoint_segments'] = 10
736# postgresql['checkpoint_timeout'] = "5min"
737# postgresql['checkpoint_completion_target'] = 0.9
738# postgresql['effective_io_concurrency'] = 1
739# postgresql['checkpoint_warning'] = "30s"
740# postgresql['effective_cache_size'] = "1MB"
741# postgresql['shmmax'] = 17179869184 # or 4294967295
742# postgresql['shmall'] = 4194304 # or 1048575
743# postgresql['autovacuum'] = "on"
744# postgresql['log_autovacuum_min_duration'] = "-1"
745# postgresql['autovacuum_naptime'] = "1min"
746# postgresql['autovacuum_vacuum_threshold'] = "50"
747# postgresql['autovacuum_analyze_threshold'] = "50"
748# postgresql['autovacuum_vacuum_scale_factor'] = "0.02"
749# postgresql['autovacuum_analyze_scale_factor'] = "0.01"
750# postgresql['autovacuum_vacuum_cost_delay'] = "20ms"
751# postgresql['autovacuum_vacuum_cost_limit'] = "-1"
752# postgresql['statement_timeout'] = "60000"
753# postgresql['idle_in_transaction_session_timeout'] = "60000"
754# postgresql['log_line_prefix'] = "%a"
755# postgresql['max_worker_processes'] = 8
756# postgresql['max_parallel_workers_per_gather'] = 0
757# postgresql['log_lock_waits'] = 1
758# postgresql['deadlock_timeout'] = '5s'
759# postgresql['track_io_timing'] = 0
760# postgresql['default_statistics_target'] = 1000
761
762### Available in PostgreSQL 9.6 and later
763# postgresql['min_wal_size'] = 80MB
764# postgresql['max_wal_size'] = 1GB
765
766# Backup/Archive settings
767# postgresql['archive_command'] = nil
768# postgresql['archive_timeout'] = "0"
769
770### Replication settings
771# postgresql['sql_replication_user'] = "gitlab_replicator"
772# postgresql['sql_replication_password'] = "md5 hash of postgresql password" # You can generate with `gitlab-ctl pg-password-md5 <dbuser>`
773# postgresql['wal_keep_segments'] = 10
774# postgresql['max_standby_archive_delay'] = "30s"
775# postgresql['max_standby_streaming_delay'] = "30s"
776# postgresql['synchronous_commit'] = on
777# postgresql['synchronous_standby_names'] = ''
778# postgresql['hot_standby_feedback'] = 'off'
779# postgresql['random_page_cost'] = 2.0
780# postgresql['log_temp_files'] = -1
781# postgresql['log_checkpoints'] = 'off'
782# To add custom entries to pg_hba.conf use the following
783# postgresql['custom_pg_hba_entries'] = {
784# APPLICATION: [ # APPLICATION should identify what the settings are used for
785# {
786# type: example,
787# database: example,
788# user: example,
789# cidr: example,
790# method: example,
791# option: example
792# }
793# ]
794# }
795# See https://www.postgresql.org/docs/9.6/static/auth-pg-hba-conf.html for an explanation
796# of the values
797
798
799################################################################################
800## GitLab Redis
801##! **Can be disabled if you are using your own Redis instance.**
802##! Docs: https://docs.gitlab.com/omnibus/settings/redis.html
803################################################################################
804
805# redis['enable'] = true
806# redis['username'] = "gitlab-redis"
807# redis['maxclients'] = "10000"
808# redis['maxmemory'] = "0"
809# redis['maxmemory_policy'] = "noeviction"
810# redis['maxmemory_samples'] = "5"
811# redis['tcp_timeout'] = "60"
812# redis['tcp_keepalive'] = "300"
813# redis['uid'] = nil
814# redis['gid'] = nil
815
816###! **To enable only Redis service in this machine, uncomment
817###! one of the lines below (choose master or slave instance types).**
818###! Docs: https://docs.gitlab.com/omnibus/settings/redis.html
819###! https://docs.gitlab.com/ce/administration/high_availability/redis.html
820# redis_master_role['enable'] = true
821# redis_slave_role['enable'] = true
822
823### Redis TCP support (will disable UNIX socket transport)
824# redis['bind'] = '0.0.0.0' # or specify an IP to bind to a single one
825# redis['port'] = 6379
826# redis['password'] = 'redis-password-goes-here'
827
828### Redis Sentinel support
829###! **You need a master slave Redis replication to be able to do failover**
830###! **Please read the documentation before enabling it to understand the
831###! caveats:**
832###! Docs: https://docs.gitlab.com/ce/administration/high_availability/redis.html
833
834### Replication support
835#### Slave Redis instance
836# redis['master'] = false # by default this is true
837
838#### Slave and Sentinel shared configuration
839####! **Both need to point to the master Redis instance to get replication and
840####! heartbeat monitoring**
841# redis['master_name'] = 'gitlab-redis'
842# redis['master_ip'] = nil
843# redis['master_port'] = 6379
844
845#### Support to run redis slaves in a Docker or NAT environment
846####! Docs: https://redis.io/topics/replication#configuring-replication-in-docker-and-nat
847# redis['announce_ip'] = nil
848# redis['announce_port'] = nil
849
850####! **Master password should have the same value defined in
851####! redis['password'] to enable the instance to transition to/from
852####! master/slave in a failover event.**
853# redis['master_password'] = 'redis-password-goes-here'
854
855####! Increase these values when your slaves can't catch up with master
856# redis['client_output_buffer_limit_normal'] = '0 0 0'
857# redis['client_output_buffer_limit_slave'] = '256mb 64mb 60'
858# redis['client_output_buffer_limit_pubsub'] = '32mb 8mb 60'
859
860#####! Redis snapshotting frequency
861#####! Set to [] to disable
862#####! Set to [''] to clear previously set values
863# redis['save'] = [ '900 1', '300 10', '60 10000' ]
864
865################################################################################
866## GitLab Web server
867##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#using-a-non-bundled-web-server
868################################################################################
869
870##! When bundled nginx is disabled we need to add the external webserver user to
871##! the GitLab webserver group.
872 web_server['external_users'] = ['www-data']
873# web_server['username'] = 'gitlab-www'
874# web_server['group'] = 'gitlab-www'
875# web_server['uid'] = nil
876# web_server['gid'] = nil
877# web_server['shell'] = '/bin/false'
878# web_server['home'] = '/var/opt/gitlab/nginx'
879
880################################################################################
881## GitLab NGINX
882##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html
883################################################################################
884
885nginx['enable'] = false
886# nginx['client_max_body_size'] = '250m'
887# nginx['redirect_http_to_https'] = false
888# nginx['redirect_http_to_https_port'] = 80
889
890##! Most root CA's are included by default
891# nginx['ssl_client_certificate'] = "/etc/gitlab/ssl/ca.crt"
892
893##! enable/disable 2-way SSL client authentication
894# nginx['ssl_verify_client'] = "off"
895
896##! if ssl_verify_client on, verification depth in the client certificates chain
897# nginx['ssl_verify_depth'] = "1"
898
899# nginx['ssl_certificate'] = "/etc/gitlab/ssl/#{node['fqdn']}.crt"
900# nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/#{node['fqdn']}.key"
901# nginx['ssl_ciphers'] = "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256"
902# nginx['ssl_prefer_server_ciphers'] = "on"
903
904##! **Recommended by: https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
905##! https://cipherli.st/**
906# nginx['ssl_protocols'] = "TLSv1.1 TLSv1.2"
907
908##! **Recommended in: https://nginx.org/en/docs/http/ngx_http_ssl_module.html**
909# nginx['ssl_session_cache'] = "builtin:1000 shared:SSL:10m"
910
911##! **Default according to https://nginx.org/en/docs/http/ngx_http_ssl_module.html**
912# nginx['ssl_session_timeout'] = "5m"
913
914# nginx['ssl_dhparam'] = nil # Path to dhparams.pem, eg. /etc/gitlab/ssl/dhparams.pem
915# nginx['listen_addresses'] = ['*', '[::]']
916
917##! **Defaults to forcing web browsers to always communicate using only HTTPS**
918##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#setting-http-strict-transport-security
919# nginx['hsts_max_age'] = 31536000
920# nginx['hsts_include_subdomains'] = false
921
922##! **Docs: http://nginx.org/en/docs/http/ngx_http_gzip_module.html**
923# nginx['gzip_enabled'] = true
924
925##! **Override only if you use a reverse proxy**
926##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#setting-the-nginx-listen-port
927# nginx['listen_port'] = nil
928
929##! **Override only if your reverse proxy internally communicates over HTTP**
930##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#supporting-proxied-ssl
931# nginx['listen_https'] = nil
932
933# nginx['custom_gitlab_server_config'] = "location ^~ /foo-namespace/bar-project/raw/ {\n deny all;\n}\n"
934# nginx['custom_nginx_config'] = "include /etc/nginx/conf.d/example.conf;"
935# nginx['proxy_read_timeout'] = 3600
936# nginx['proxy_connect_timeout'] = 300
937# nginx['proxy_set_headers'] = {
938# "Host" => "$http_host_with_default",
939# "X-Real-IP" => "$remote_addr",
940# "X-Forwarded-For" => "$proxy_add_x_forwarded_for",
941# "X-Forwarded-Proto" => "https",
942# "X-Forwarded-Ssl" => "on",
943# "Upgrade" => "$http_upgrade",
944# "Connection" => "$connection_upgrade"
945# }
946# nginx['proxy_cache_path'] = 'proxy_cache keys_zone=gitlab:10m max_size=1g levels=1:2'
947# nginx['proxy_cache'] = 'gitlab'
948# nginx['http2_enabled'] = true
949# nginx['real_ip_trusted_addresses'] = []
950# nginx['real_ip_header'] = nil
951# nginx['real_ip_recursive'] = nil
952# nginx['custom_error_pages'] = {
953# '404' => {
954# 'title' => 'Example title',
955# 'header' => 'Example header',
956# 'message' => 'Example message'
957# }
958# }
959
960### Advanced settings
961# nginx['dir'] = "/var/opt/gitlab/nginx"
962# nginx['log_directory'] = "/var/log/gitlab/nginx"
963# nginx['worker_processes'] = 4
964# nginx['worker_connections'] = 10240
965# nginx['log_format'] = '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"'
966# nginx['sendfile'] = 'on'
967# nginx['tcp_nopush'] = 'on'
968# nginx['tcp_nodelay'] = 'on'
969# nginx['gzip'] = "on"
970# nginx['gzip_http_version'] = "1.0"
971# nginx['gzip_comp_level'] = "2"
972# nginx['gzip_proxied'] = "any"
973# nginx['gzip_types'] = [ "text/plain", "text/css", "application/x-javascript", "text/xml", "application/xml", "application/xml+rss", "text/javascript", "application/json" ]
974# nginx['keepalive_timeout'] = 65
975# nginx['cache_max_size'] = '5000m'
976# nginx['server_names_hash_bucket_size'] = 64
977
978### Nginx status
979# nginx['status'] = {
980# "enable" => true,
981# "listen_addresses" => ["127.0.0.1"],
982# "fqdn" => "dev.example.com",
983# "port" => 9999,
984# "options" => {
985# "stub_status" => "on", # Turn on stats
986# "server_tokens" => "off", # Don't show the version of NGINX
987# "access_log" => "off", # Disable logs for stats
988# "allow" => "127.0.0.1", # Only allow access from localhost
989# "deny" => "all" # Deny access to anyone else
990# }
991# }
992
993################################################################################
994## GitLab Logging
995##! Docs: https://docs.gitlab.com/omnibus/settings/logs.html
996################################################################################
997
998# logging['svlogd_size'] = 200 * 1024 * 1024 # rotate after 200 MB of log data
999# logging['svlogd_num'] = 30 # keep 30 rotated log files
1000# logging['svlogd_timeout'] = 24 * 60 * 60 # rotate after 24 hours
1001# logging['svlogd_filter'] = "gzip" # compress logs with gzip
1002# logging['svlogd_udp'] = nil # transmit log messages via UDP
1003# logging['svlogd_prefix'] = nil # custom prefix for log messages
1004# logging['logrotate_frequency'] = "daily" # rotate logs daily
1005# logging['logrotate_size'] = nil # do not rotate by size by default
1006# logging['logrotate_rotate'] = 30 # keep 30 rotated logs
1007# logging['logrotate_compress'] = "compress" # see 'man logrotate'
1008# logging['logrotate_method'] = "copytruncate" # see 'man logrotate'
1009# logging['logrotate_postrotate'] = nil # no postrotate command by default
1010# logging['logrotate_dateformat'] = nil # use date extensions for rotated files rather than numbers e.g. a value of "-%Y-%m-%d" would give rotated files like production.log-2016-03-09.gz
1011
1012### UDP log forwarding
1013##! Docs: http://docs.gitlab.com/omnibus/settings/logs.html#udp-log-forwarding
1014
1015##! remote host to ship log messages to via UDP
1016# logging['udp_log_shipping_host'] = nil
1017
1018##! override the hostname used when logs are shipped via UDP,
1019## by default the system hostname will be used.
1020# logging['udp_log_shipping_hostname'] = nil
1021
1022##! remote port to ship log messages to via UDP
1023# logging['udp_log_shipping_port'] = 514
1024
1025################################################################################
1026## Logrotate
1027##! Docs: https://docs.gitlab.com/omnibus/settings/logs.html#logrotate
1028##! You can disable built in logrotate feature.
1029################################################################################
1030# logrotate['enable'] = true
1031
1032################################################################################
1033## Users and groups accounts
1034##! Disable management of users and groups accounts.
1035##! **Set only if creating accounts manually**
1036##! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#disable-user-and-group-account-management
1037################################################################################
1038
1039# manage_accounts['enable'] = false
1040
1041################################################################################
1042## Storage directories
1043##! Disable managing storage directories
1044##! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#disable-storage-directories-management
1045################################################################################
1046
1047##! **Set only if the select directories are created manually**
1048# manage_storage_directories['enable'] = false
1049# manage_storage_directories['manage_etc'] = false
1050
1051################################################################################
1052## Runtime directory
1053##! Docs: https://docs.gitlab.com//omnibus/settings/configuration.html#configuring-runtime-directory
1054################################################################################
1055
1056# runtime_dir '/run'
1057
1058################################################################################
1059## Git
1060##! Advanced setting for configuring git system settings for omnibus-gitlab
1061##! internal git
1062################################################################################
1063
1064##! For multiple options under one header use array of comma separated values,
1065##! eg.:
1066##! { "receive" => ["fsckObjects = true"], "alias" => ["st = status", "co = checkout"] }
1067
1068# omnibus_gitconfig['system'] = {
1069# "pack" => ["threads = 1"],
1070# "receive" => ["fsckObjects = true", "advertisePushOptions = true"],
1071# "repack" => ["writeBitmaps = true"],
1072# "transfer" => ["hideRefs=^refs/tmp/", "hideRefs=^refs/keep-around/"],
1073# }
1074
1075################################################################################
1076## GitLab Pages
1077##! Docs: https://docs.gitlab.com/ce/pages/administration.html
1078################################################################################
1079
1080##! Define to enable GitLab Pages
1081# pages_external_url "http://pages.example.com/"
1082# gitlab_pages['enable'] = false
1083
1084##! Configure to expose GitLab Pages on external IP address, serving the HTTP
1085# gitlab_pages['external_http'] = []
1086
1087##! Configure to expose GitLab Pages on external IP address, serving the HTTPS
1088# gitlab_pages['external_https'] = []
1089
1090##! Configure to enable health check endpoint on GitLab Pages
1091# gitlab_pages['status_uri'] = "/@status"
1092
1093##! Configure to use JSON structured logging in GitLab Pages
1094# gitlab_pages['log_format'] = "json"
1095
1096# gitlab_pages['listen_proxy'] = "localhost:8090"
1097# gitlab_pages['redirect_http'] = true
1098# gitlab_pages['use_http2'] = true
1099# gitlab_pages['dir'] = "/var/opt/gitlab/gitlab-pages"
1100# gitlab_pages['log_directory'] = "/var/log/gitlab/gitlab-pages"
1101
1102# gitlab_pages['artifacts_server'] = true
1103# gitlab_pages['artifacts_server_url'] = nil # Defaults to external_url + '/api/v4'
1104# gitlab_pages['artifacts_server_timeout'] = 10
1105
1106##! Environments that do not support bind-mounting should set this parameter to
1107##! true. This is incompatible with the artifacts server
1108# gitlab_pages['inplace_chroot'] = false
1109
1110##! Prometheus metrics for Pages docs: https://gitlab.com/gitlab-org/gitlab-pages/#enable-prometheus-metrics
1111# gitlab_pages['metrics_address'] = ":9235"
1112
1113##! Configure the pages admin API
1114# gitlab_pages['admin_secret_token'] = 'custom secret'
1115# gitlab_pages['admin_https_listener'] = '0.0.0.0:5678'
1116# gitlab_pages['admin_https_cert'] = '/etc/gitlab/pages-admin.crt'
1117# gitlab_pages['admin_https_key'] = '/etc/gitlab/pages-admin.key'
1118
1119##! Client side configuration for gitlab-pages admin API, in case pages runs on a different host
1120# gitlab_rails['pages_admin_address'] = 'pages.gitlab.example.com:5678'
1121# gitlab_rails['pages_admin_certificate'] = '/etc/gitlab/pages-admin.crt'
1122
1123################################################################################
1124## GitLab Pages NGINX
1125################################################################################
1126
1127# All the settings defined in the "GitLab Nginx" section are also available in this "GitLab Pages NGINX" section
1128# You just have to change the key "nginx['some_settings']" with "pages_nginx['some_settings']"
1129
1130# Below you can find settings that are exclusive to "GitLab Pages NGINX"
1131# pages_nginx['enable'] = false
1132
1133# gitlab_rails['pages_path'] = "/var/opt/gitlab/gitlab-rails/shared/pages"
1134
1135################################################################################
1136## GitLab CI
1137##! Docs: https://docs.gitlab.com/ce/ci/quick_start/README.html
1138################################################################################
1139
1140# gitlab_ci['gitlab_ci_all_broken_builds'] = true
1141# gitlab_ci['gitlab_ci_add_pusher'] = true
1142# gitlab_ci['builds_directory'] = '/var/opt/gitlab/gitlab-ci/builds'
1143
1144################################################################################
1145## GitLab Mattermost
1146##! Docs: https://docs.gitlab.com/omnibus/gitlab-mattermost
1147################################################################################
1148
1149# mattermost_external_url 'http://mattermost.example.com'
1150
1151# mattermost['enable'] = false
1152# mattermost['username'] = 'mattermost'
1153# mattermost['group'] = 'mattermost'
1154# mattermost['uid'] = nil
1155# mattermost['gid'] = nil
1156# mattermost['home'] = '/var/opt/gitlab/mattermost'
1157# mattermost['database_name'] = 'mattermost_production'
1158# mattermost['env'] = {}
1159
1160# mattermost['service_address'] = "127.0.0.1"
1161# mattermost['service_port'] = "8065"
1162# mattermost['service_site_url'] = nil
1163# mattermost['service_allowed_untrusted_internal_connections'] = ""
1164# mattermost['team_site_name'] = "GitLab Mattermost"
1165# mattermost['sql_driver_name'] = 'mysql'
1166# mattermost['sql_data_source'] = "mmuser:mostest@tcp(dockerhost:3306)/mattermost_test?charset=utf8mb4,utf8"
1167# mattermost['log_file_directory'] = '/var/log/gitlab/mattermost/'
1168# mattermost['gitlab_enable'] = false
1169# mattermost['gitlab_id'] = "12345656"
1170# mattermost['gitlab_secret'] = "123456789"
1171# mattermost['gitlab_scope'] = ""
1172# mattermost['gitlab_auth_endpoint'] = "http://gitlab.example.com/oauth/authorize"
1173# mattermost['gitlab_token_endpoint'] = "http://gitlab.example.com/oauth/token"
1174# mattermost['gitlab_user_api_endpoint'] = "http://gitlab.example.com/api/v4/user"
1175# mattermost['file_directory'] = "/var/opt/gitlab/mattermost/data"
1176
1177################################################################################
1178## Mattermost NGINX
1179################################################################################
1180
1181# All the settings defined in the "GitLab NGINX" section are also available in this "Mattermost NGINX" section
1182# You just have to change the key "nginx['some_settings']" with "mattermost_nginx['some_settings']"
1183
1184# Below you can find settings that are exclusive to "Mattermost NGINX"
1185# mattermost_nginx['enable'] = false
1186
1187# mattermost_nginx['custom_gitlab_mattermost_server_config'] = "location ^~ /foo-namespace/bar-project/raw/ {\n deny all;\n}\n"
1188# mattermost_nginx['proxy_set_headers'] = {
1189# "Host" => "$http_host",
1190# "X-Real-IP" => "$remote_addr",
1191# "X-Forwarded-For" => "$proxy_add_x_forwarded_for",
1192# "X-Frame-Options" => "SAMEORIGIN",
1193# "X-Forwarded-Proto" => "https",
1194# "X-Forwarded-Ssl" => "on",
1195# "Upgrade" => "$http_upgrade",
1196# "Connection" => "$connection_upgrade"
1197# }
1198
1199
1200################################################################################
1201## Registry NGINX
1202################################################################################
1203
1204# All the settings defined in the "GitLab NGINX" section are also available in this "Registry NGINX" section
1205# You just have to change the key "nginx['some_settings']" with "registry_nginx['some_settings']"
1206
1207# Below you can find settings that are exclusive to "Registry NGINX"
1208# registry_nginx['enable'] = false
1209
1210# registry_nginx['proxy_set_headers'] = {
1211# "Host" => "$http_host",
1212# "X-Real-IP" => "$remote_addr",
1213# "X-Forwarded-For" => "$proxy_add_x_forwarded_for",
1214# "X-Forwarded-Proto" => "https",
1215# "X-Forwarded-Ssl" => "on"
1216# }
1217
1218################################################################################
1219## Prometheus
1220##! Docs: https://docs.gitlab.com/ce/administration/monitoring/prometheus/
1221################################################################################
1222
1223# prometheus['enable'] = true
1224# prometheus['monitor_kubernetes'] = true
1225# prometheus['username'] = 'gitlab-prometheus'
1226# prometheus['uid'] = nil
1227# prometheus['gid'] = nil
1228# prometheus['shell'] = '/bin/sh'
1229# prometheus['home'] = '/var/opt/gitlab/prometheus'
1230# prometheus['log_directory'] = '/var/log/gitlab/prometheus'
1231# prometheus['scrape_interval'] = 15
1232# prometheus['scrape_timeout'] = 15
1233# prometheus['chunk_encoding_version'] = 2
1234#
1235### Custom scrape configs
1236#
1237# Prometheus can scrape additional jobs via scrape_configs. The default automatically
1238# includes all of the exporters supported by the omnibus config.
1239#
1240# See: https://prometheus.io/docs/operating/configuration/#<scrape_config>
1241#
1242# Example:
1243#
1244# prometheus['scrape_configs'] = [
1245# {
1246# 'job_name': 'example',
1247# 'static_configs' => [
1248# 'targets' => ['hostname:port'],
1249# ],
1250# },
1251# ]
1252#
1253### Prometheus Memory Management
1254#
1255# Prometheus needs to be configured for how much memory is used.
1256# * This sets the target heap size.
1257# * This value accounts for approximately 2/3 of the memory used by the server.
1258# * The recommended memory is 4kb per unique metrics time-series.
1259# See: https://prometheus.io/docs/operating/storage/#memory-usage
1260#
1261# prometheus['target_heap_size'] = (
1262# # Use 25mb + 2% of total memory for Prometheus memory.
1263# 26_214_400 + (node['memory']['total'].to_i * 1024 * 0.02 )
1264# ).to_i
1265#
1266# prometheus['flags'] = {
1267# 'storage.local.path' => "#{node['gitlab']['prometheus']['home']}/data",
1268# 'storage.local.chunk-encoding-version' => user_config['chunk-encoding-version'],
1269# 'storage.local.target-heap-size' => node['gitlab']['prometheus']['target-heap-size'],
1270# 'config.file' => "#{node['gitlab']['prometheus']['home']}/prometheus.yml"
1271# }
1272
1273##! Advanced settings. Should be changed only if absolutely needed.
1274# prometheus['listen_address'] = 'localhost:9090'
1275
1276################################################################################
1277## Prometheus Alertmanager
1278##! Docs: https://docs.gitlab.com/ce/administration/monitoring/prometheus/alertmanager.html
1279################################################################################
1280
1281# alertmanager['enable'] = true
1282# alertmanager['home'] = '/var/opt/gitlab/alertmanager'
1283# alertmanager['log_directory'] = '/var/log/gitlab/alertmanager'
1284# alertmanager['admin_email'] = 'admin@example.com'
1285# alertmanager['flags'] = {
1286# 'web.listen-address' => "#{node['gitlab']['alertmanager']['listen_address']}"
1287# 'storage.path' => "#{node['gitlab']['alertmanager']['home']}/data"
1288# 'config.file' => "#{node['gitlab']['alertmanager']['home']}/alertmanager.yml"
1289# }
1290
1291##! Advanced settings. Should be changed only if absolutely needed.
1292# alertmanager['listen_address'] = 'localhost:9093'
1293
1294################################################################################
1295## Prometheus Node Exporter
1296##! Docs: https://docs.gitlab.com/ce/administration/monitoring/prometheus/node_exporter.html
1297################################################################################
1298
1299# node_exporter['enable'] = true
1300# node_exporter['home'] = '/var/opt/gitlab/node-exporter'
1301# node_exporter['log_directory'] = '/var/log/gitlab/node-exporter'
1302# node_exporter['flags'] = {
1303# 'collector.textfile.directory' => "#{node['gitlab']['node-exporter']['home']}/textfile_collector"
1304# }
1305
1306##! Advanced settings. Should be changed only if absolutely needed.
1307# node_exporter['listen_address'] = 'localhost:9100'
1308
1309################################################################################
1310## Prometheus Redis exporter
1311##! Docs: https://docs.gitlab.com/ce/administration/monitoring/prometheus/redis_exporter.html
1312################################################################################
1313
1314# redis_exporter['enable'] = true
1315# redis_exporter['log_directory'] = '/var/log/gitlab/redis-exporter'
1316# redis_exporter['flags'] = {
1317# 'redis.addr' => "unix://#{node['gitlab']['gitlab-rails']['redis_socket']}",
1318# }
1319
1320##! Advanced settings. Should be changed only if absolutely needed.
1321# redis_exporter['listen_address'] = 'localhost:9121'
1322
1323################################################################################
1324## Prometheus Postgres exporter
1325##! Docs: https://docs.gitlab.com/ce/administration/monitoring/prometheus/postgres_exporter.html
1326################################################################################
1327
1328# postgres_exporter['enable'] = true
1329# postgres_exporter['home'] = '/var/opt/gitlab/postgres-exporter'
1330# postgres_exporter['log_directory'] = '/var/log/gitlab/postgres-exporter'
1331# postgres_exporter['flags'] = {}
1332# postgres_exporter['listen_address'] = 'localhost:9187'
1333
1334################################################################################
1335## Prometheus PgBouncer exporter (EE only)
1336##! Docs: https://docs.gitlab.com/ee/administration/monitoring/prometheus/pgbouncer_exporter.html
1337################################################################################
1338
1339# pgbouncer-exporter['enable'] = false
1340# pgbouncer-exporter['log_directory'] = "/var/log/gitlab/pgbouncer-exporter"
1341# pgbouncer-exporter['listen_address'] = 'localhost:9188'
1342
1343################################################################################
1344## Prometheus Gitlab monitor
1345##! Docs: https://docs.gitlab.com/ce/administration/monitoring/prometheus/gitlab_monitor_exporter.html
1346################################################################################
1347
1348
1349# gitlab_monitor['enable'] = true
1350# gitlab_monitor['log_directory'] = "/var/log/gitlab/gitlab-monitor"
1351# gitlab_monitor['home'] = "/var/opt/gitlab/gitlab-monitor"
1352
1353##! Advanced settings. Should be changed only if absolutely needed.
1354# gitlab_monitor['listen_address'] = 'localhost'
1355# gitlab_monitor['listen_port'] = '9168'
1356
1357# To completely disable prometheus, and all of it's exporters, set to false
1358# prometheus_monitoring['enable'] = true
1359
1360################################################################################
1361## Gitaly
1362##! Docs:
1363################################################################################
1364
1365# The gitaly['enable'] option exists for the purpose of cluster
1366# deployments, see https://docs.gitlab.com/ee/administration/gitaly/index.html .
1367# gitaly['enable'] = true
1368# gitaly['dir'] = "/var/opt/gitlab/gitaly"
1369# gitaly['log_directory'] = "/var/log/gitlab/gitaly"
1370# gitaly['bin_path'] = "/opt/gitlab/embedded/bin/gitaly"
1371# gitaly['env_directory'] = "/opt/gitlab/etc/gitaly"
1372# gitaly['env'] = {
1373# 'PATH' => "/opt/gitlab/bin:/opt/gitlab/embedded/bin:/bin:/usr/bin",
1374# 'HOME' => '/var/opt/gitlab'
1375# }
1376# gitaly['socket_path'] = "/var/opt/gitlab/gitaly/gitaly.socket"
1377# gitaly['listen_addr'] = "localhost:8075"
1378# gitaly['prometheus_listen_addr'] = "localhost:9236"
1379# gitaly['logging_format'] = "json"
1380# gitaly['logging_sentry_dsn'] = "https://<key>:<secret>@sentry.io/<project>"
1381# gitaly['logging_ruby_sentry_dsn'] = "https://<key>:<secret>@sentry.io/<project>"
1382# gitaly['prometheus_grpc_latency_buckets'] = "[0.001, 0.005, 0.025, 0.1, 0.5, 1.0, 10.0, 30.0, 60.0, 300.0, 1500.0]"
1383# gitaly['auth_token'] = '<secret>'
1384# gitaly['auth_transitioning'] = false # When true, auth is logged to Prometheus but NOT enforced
1385# gitaly['ruby_max_rss'] = 300000000 # RSS threshold in bytes for triggering a gitaly-ruby restart
1386# gitaly['ruby_graceful_restart_timeout'] = '10m' # Grace time for a gitaly-ruby process to finish ongoing requests
1387# gitaly['ruby_restart_delay'] = '5m' # Period of sustained high RSS that needs to be observed before restarting gitaly-ruby
1388# gitaly['ruby_num_workers'] = 3 # Number of gitaly-ruby worker processes. Minimum 2, default 2.
1389# gitaly['storage'] = [
1390# {
1391# 'name' => 'default',
1392# 'path' => '/tmp/path-1'
1393# },
1394# {
1395# 'name' => 'nfs1',
1396# 'path' => '/mnt/nfs1'
1397# }
1398# ]
1399# gitaly['concurrency'] = [
1400# {
1401# 'rpc' => "/gitaly.SmartHTTPService/PostReceivePack",
1402# 'max_per_repo' => 20
1403# }, {
1404# 'rpc' => "/gitaly.SSHService/SSHUploadPack",
1405# 'max_per_repo' => 5
1406# }
1407# ]
1408
1409################################################################################
1410# Storage check
1411################################################################################
1412# storage_check['enable'] = false
1413# storage_check['target'] = 'unix:///var/opt/gitlab/gitlab-rails/sockets/gitlab.socket'
1414# storage_check['log_directory'] = '/var/log/gitlab/storage-check'
1415
1416################################################################################
1417# Let's Encrypt integration
1418################################################################################
1419# letsencrypt['enable'] = nil
1420# letsencrypt['contact_emails'] = [] # This should be an array of email addresses to add as contacts
1421# letsencrypt['group'] = 'root'
1422# letsencrypt['key_size'] = 2048
1423# letsencrypt['owner'] = 'root'
1424# letsencrypt['wwwroot'] = '/var/opt/gitlab/nginx/www'
1425# See http://docs.gitlab.com/omnibus/settings/ssl.html#automatic-renewal for more on these sesttings
1426# letsencrypt['auto_renew'] = true
1427# letsencrypt['auto_renew_hour'] = 0
1428# letsencrypt['auto_renew_minute'] = nil # Should be a number or cron expression, if specified.
1429# letsencrypt['auto_renew_day_of_month'] = "*/4"
1430
1431################################################################################
1432################################################################################
1433## Configuration Settings for GitLab EE only ##
1434################################################################################
1435################################################################################
1436
1437
1438################################################################################
1439## Auxiliary cron jobs applicable to GitLab EE only
1440################################################################################
1441#
1442# gitlab_rails['geo_file_download_dispatch_worker_cron'] = "*/10 * * * *"
1443# gitlab_rails['geo_repository_sync_worker_cron'] = "*/5 * * * *"
1444# gitlab_rails['geo_repository_verification_primary_batch_worker_cron'] = "*/5 * * * *"
1445# gitlab_rails['geo_repository_verification_secondary_scheduler_worker_cron'] = "*/5 * * * *"
1446# gitlab_rails['geo_migrated_local_files_clean_up_worker_cron'] = "15 */6 * * *"
1447# gitlab_rails['ldap_sync_worker_cron'] = "30 1 * * *"
1448# gitlab_rails['ldap_group_sync_worker_cron'] = "0 * * * *"
1449# gitlab_rails['historical_data_worker_cron'] = "0 12 * * *"
1450
1451################################################################################
1452## Kerberos (EE Only)
1453##! Docs: https://docs.gitlab.com/ee/integration/kerberos.html#http-git-access
1454################################################################################
1455
1456# gitlab_rails['kerberos_enabled'] = true
1457# gitlab_rails['kerberos_keytab'] = /etc/http.keytab
1458# gitlab_rails['kerberos_service_principal_name'] = HTTP/gitlab.example.com@EXAMPLE.COM
1459# gitlab_rails['kerberos_use_dedicated_port'] = true
1460# gitlab_rails['kerberos_port'] = 8443
1461# gitlab_rails['kerberos_https'] = true
1462
1463################################################################################
1464## GitLab Sentinel (EE Only)
1465##! Docs: http://docs.gitlab.com/ce/administration/high_availability/redis.html#high-availability-with-sentinel
1466################################################################################
1467
1468##! **Make sure you configured all redis['master_*'] keys above before
1469##! continuing.**
1470
1471##! To enable Sentinel and disable all other services in this machine,
1472##! uncomment the line below (if you've enabled Redis role, it will keep it).
1473##! Docs: https://docs.gitlab.com/ce/administration/high_availability/redis.html
1474# redis_sentinel_role['enable'] = true
1475
1476# sentinel['enable'] = true
1477
1478##! Bind to all interfaces, uncomment to specify an IP and bind to a single one
1479# sentinel['bind'] = '0.0.0.0'
1480
1481##! Uncomment to change default port
1482# sentinel['port'] = 26379
1483
1484#### Support to run sentinels in a Docker or NAT environment
1485#####! Docs: https://redis.io/topics/sentinel#sentinel-docker-nat-and-possible-issues
1486# In an standard case, Sentinel will run in the same network service as Redis, so the same IP will be announce for Redis and Sentinel
1487# Only define these values if it is needed to announce for Sentinel a differen IP service than Redis
1488# sentinel['announce_ip'] = nil # If not defined, its value will be taken from redis['announce_ip'] or nil if not present
1489# sentinel['announce_port'] = nil # If not defined, its value will be taken from sentinel['port'] or nil if redis['announce_ip'] not present
1490
1491##! Quorum must reflect the amount of voting sentinels it take to start a
1492##! failover.
1493##! **Value must NOT be greater then the amount of sentinels.**
1494##! The quorum can be used to tune Sentinel in two ways:
1495##! 1. If a the quorum is set to a value smaller than the majority of Sentinels
1496##! we deploy, we are basically making Sentinel more sensible to master
1497##! failures, triggering a failover as soon as even just a minority of
1498##! Sentinels is no longer able to talk with the master.
1499##! 2. If a quorum is set to a value greater than the majority of Sentinels, we
1500##! are making Sentinel able to failover only when there are a very large
1501##! number (larger than majority) of well connected Sentinels which agree
1502##! about the master being down.
1503# sentinel['quorum'] = 1
1504
1505### Consider unresponsive server down after x amount of ms.
1506# sentinel['down_after_milliseconds'] = 10000
1507
1508### Specifies the failover timeout in milliseconds.
1509##! It is used in many ways:
1510##!
1511##! - The time needed to re-start a failover after a previous failover was
1512##! already tried against the same master by a given Sentinel, is two
1513##! times the failover timeout.
1514##!
1515##! - The time needed for a slave replicating to a wrong master according
1516##! to a Sentinel current configuration, to be forced to replicate
1517##! with the right master, is exactly the failover timeout (counting since
1518##! the moment a Sentinel detected the misconfiguration).
1519##!
1520##! - The time needed to cancel a failover that is already in progress but
1521##! did not produced any configuration change (SLAVEOF NO ONE yet not
1522##! acknowledged by the promoted slave).
1523##!
1524##! - The maximum time a failover in progress waits for all the slaves to be
1525##! reconfigured as slaves of the new master. However even after this time
1526##! the slaves will be reconfigured by the Sentinels anyway, but not with
1527##! the exact parallel-syncs progression as specified.
1528# sentinel['failover_timeout'] = 60000
1529
1530################################################################################
1531## GitLab Sidekiq Cluster (EE only)
1532################################################################################
1533
1534##! GitLab Enterprise Edition allows one to start an extra set of Sidekiq processes
1535##! besides the default one. These processes can be used to consume a dedicated set
1536##! of queues. This can be used to ensure certain queues always have dedicated
1537##! workers, no matter the amount of jobs that need to be processed.
1538
1539# sidekiq_cluster['enable'] = false
1540# sidekiq_cluster['ha'] = false
1541# sidekiq_cluster['log_directory'] = "/var/log/gitlab/sidekiq-cluster"
1542# sidekiq_cluster['interval'] = 5 # The number of seconds to wait between worker checks
1543
1544##! Each entry in the queue_groups array denotes a group of queues that have to be processed by a
1545##! Sidekiq process. Multiple queues can be processed by the same process by
1546##! separating them with a comma within the group entry
1547
1548# sidekiq_cluster['queue_groups'] = [
1549# "process_commit,post_receive",
1550# "gitlab_shell"
1551# ]
1552#
1553
1554##! If negate is enabled then sidekiq-cluster will process all the queues that
1555##! don't match those in queue_groups.
1556
1557# sidekiq_cluster['negate'] = false
1558
1559################################################################################
1560## Additional Database Settings (EE only)
1561##! Docs: https://docs.gitlab.com/ee/administration/database_load_balancing.html
1562################################################################################
1563# gitlab_rails['db_load_balancing'] = { 'hosts' => ['secondary1.example.com'] }
1564
1565################################################################################
1566## GitLab Geo
1567##! Docs: https://docs.gitlab.com/ee/gitlab-geo
1568################################################################################
1569# geo_primary_role['enable'] = false
1570# geo_secondary_role['enable'] = false
1571
1572################################################################################
1573## GitLab Geo Secondary (EE only)
1574################################################################################
1575# geo_secondary['auto_migrate'] = true
1576# geo_secondary['db_adapter'] = "postgresql"
1577# geo_secondary['db_encoding'] = "unicode"
1578# geo_secondary['db_collation'] = nil
1579# geo_secondary['db_database'] = "gitlabhq_geo_production"
1580# geo_secondary['db_pool'] = 10
1581# geo_secondary['db_username'] = "gitlab_geo"
1582# geo_secondary['db_password'] = nil
1583# geo_secondary['db_host'] = "/var/opt/gitlab/geo-postgresql"
1584# geo_secondary['db_port'] = 5431
1585# geo_secondary['db_socket'] = nil
1586# geo_secondary['db_sslmode'] = nil
1587# geo_secondary['db_sslrootcert'] = nil
1588# geo_secondary['db_sslca'] = nil
1589# geo_secondary['db_fdw'] = true
1590
1591################################################################################
1592## GitLab Geo Secondary Tracking Database (EE only)
1593################################################################################
1594
1595# geo_postgresql['enable'] = false
1596# geo_postgresql['ha'] = false
1597# geo_postgresql['dir'] = '/var/opt/gitlab/geo-postgresql'
1598# geo_postgresql['data_dir'] = '/var/opt/gitlab/geo-postgresql/data'
1599# geo_postgresql['pgbouncer_user'] = nil
1600# geo_postgresql['pgbouncer_user_password'] = nil
1601
1602################################################################################
1603# Pgbouncer (EE only)
1604# See [GitLab PgBouncer documentation](http://docs.gitlab.com/omnibus/settings/database.html#enabling-pgbouncer-ee-only)
1605# See the [PgBouncer page](https://pgbouncer.github.io/config.html) for details
1606################################################################################
1607# pgbouncer['enable'] = false
1608# pgbouncer['log_directory'] = '/var/log/gitlab/pgbouncer'
1609# pgbouncer['data_directory'] = '/var/opt/gitlab/pgbouncer'
1610# pgbouncer['listen_addr'] = '0.0.0.0'
1611# pgbouncer['listen_port'] = '6432'
1612# pgbouncer['pool_mode'] = 'transaction'
1613# pgbouncer['server_reset_query'] = 'DISCARD ALL'
1614# pgbouncer['application_name_add_host'] = '1'
1615# pgbouncer['max_client_conn'] = '2048'
1616# pgbouncer['default_pool_size'] = '100'
1617# pgbouncer['min_pool_size'] = '0'
1618# pgbouncer['reserve_pool_size'] = '5'
1619# pgbouncer['reserve_pool_timeout'] = '5.0'
1620# pgbouncer['server_round_robin'] = '0'
1621# pgbouncer['log_connections'] = '0'
1622# pgbouncer['server_idle_timeout'] = '30'
1623# pgbouncer['dns_max_ttl'] = '15.0'
1624# pgbouncer['dns_zone_check_period'] = '0'
1625# pgbouncer['dns_nxdomain_ttl'] = '15.0'
1626# pgbouncer['admin_users'] = %w(gitlab-psql postgres pgbouncer)
1627# pgbouncer['stats_users'] = %w(gitlab-psql postgres pgbouncer)
1628# pgbouncer['ignore_startup_parameters'] = 'extra_float_digits'
1629# pgbouncer['databases'] = {
1630# DATABASE_NAME: {
1631# host: HOSTNAME,
1632# port: PORT
1633# user: USERNAME,
1634# password: PASSWORD
1635###! generate this with `echo -n '$password + $username' | md5sum`
1636# }
1637# ...
1638# }
1639# pgbouncer['logfile'] = nil
1640# pgbouncer['unix_socket_dir'] = nil
1641# pgbouncer['auth_type'] = 'md5'
1642# pgbouncer['auth_hba_file'] = nil
1643# pgbouncer['auth_query'] = 'SELECT username, password FROM public.pg_shadow_lookup($1)'
1644# pgbouncer['users'] = {
1645# {
1646# name: USERNAME,
1647# password: MD5_PASSWORD_HASH
1648# }
1649# }
1650# postgresql['pgbouncer_user'] = nil
1651# postgresql['pgbouncer_user_password'] = nil
1652#
1653
1654################################################################################
1655# Repmgr (EE only)
1656################################################################################
1657# repmgr['enable'] = false
1658# repmgr['cluster'] = 'gitlab_cluster'
1659# repmgr['database'] = 'gitlab_repmgr'
1660# repmgr['host'] = nil
1661# repmgr['node_number'] = nil
1662# repmgr['port'] = 5432
1663# repmgr['trust_auth_cidr_addresses'] = []
1664# repmgr['user'] = 'gitlab_repmgr'
1665# repmgr['failover'] = 'automatic'
1666# repmgr['log_directory'] = '/var/log/gitlab/repmgrd'
1667# repmgr['node_name'] = nil
1668# repmgr['pg_bindir'] = '/opt/gitlab/embedded/bin'
1669# repmgr['service_start_command'] = '/opt/gitlab/bin/gitlab-ctl start postgresql'
1670# repmgr['service_stop_command'] = '/opt/gitlab/bin/gitlab-ctl stop postgresql'
1671# repmgr['service_reload_command'] = '/opt/gitlab/bin/gitlab-ctl hup postgresql'
1672# repmgr['service_restart_command'] = '/opt/gitlab/bin/gitlab-ctl restart postgresql'
1673# repmgr['service_promote_command'] = nil
1674# repmgr['promote_command'] = '/opt/gitlab/embedded/bin/repmgr standby promote -f /var/opt/gitlab/postgresql/repmgr.conf'
1675# repmgr['follow_command'] = '/opt/gitlab/embedded/bin/repmgr standby follow -f /var/opt/gitlab/postgresql/repmgr.conf'
1676
1677# repmgr['upstream_node'] = nil
1678# repmgr['use_replication_slots'] = false
1679# repmgr['loglevel'] = 'INFO'
1680# repmgr['logfacility'] = 'STDERR'
1681# repmgr['logfile'] = nil
1682
1683# repmgr['event_notification_command'] = nil
1684# repmgr['event_notifications'] = nil
1685
1686# repmgr['rsync_options'] = nil
1687# repmgr['ssh_options'] = nil
1688# repmgr['priority'] = nil
1689#
1690# HA setting to specify if a node should attempt to be master on initialization
1691# repmgr['master_on_initialization'] = true
1692
1693# repmgr['retry_promote_interval_secs'] = 300
1694# repmgr['witness_repl_nodes_sync_interval_secs'] = 15
1695# repmgr['reconnect_attempts'] = 6
1696# repmgr['reconnect_interval'] = 10
1697# repmgr['monitor_interval_secs'] = 2
1698# repmgr['master_response_timeout'] = 60
1699# repmgr['daemon'] = true
1700# repmgrd['enable'] = true
1701
1702################################################################################
1703# Consul (EEP only)
1704################################################################################
1705# consul['enable'] = false
1706# consul['dir'] = '/var/opt/gitlab/consul'
1707# consul['user'] = 'gitlab-consul'
1708# consul['config_file'] = '/var/opt/gitlab/consul/config.json'
1709# consul['config_dir'] = '/var/opt/gitlab/consul/config.d'
1710# consul['data_dir'] = '/var/opt/gitlab/consul/data'
1711# consul['log_directory'] = '/var/log/gitlab/consul'
1712# consul['node_name'] = nil
1713# consul['script_directory'] = '/var/opt/gitlab/consul/scripts'
1714# consul['configuration'] = {
1715# 'client_addr' => nil,
1716# 'datacenter' => 'gitlab_consul',
1717# 'enable_script_checks' => true,
1718# 'server' => false
1719# }
1720# consul['services'] = []
1721# consul['service_config'] = {
1722# 'postgresql' => {
1723# 'service' => {
1724# 'name' => "postgresql",
1725# 'address' => '',
1726# 'port' => 5432,
1727# 'checks' => [
1728# {
1729# 'script' => "/var/opt/gitlab/consul/scripts/check_postgresql",
1730# 'interval' => "10s"
1731# }
1732# ]
1733# }
1734# }
1735# }
1736# consul['watchers'] = {
1737# 'postgresql' => {
1738# enable: false,
1739# handler: 'failover_pgbouncer'
1740# }
1741# }