Docs: Update repo directory for update keys after expiration
See merge request https://gitlab.com/gitlab-org/omnibus-gitlab/-/merge_requests/7510
Merged-by: Marcin Sedlak-Jakubowski <msedlakjakubowski@gitlab.com>
Approved-by: Axel von Bertoldi <avonbertoldi@gitlab.com>
Approved-by: Marcin Sedlak-Jakubowski <msedlakjakubowski@gitlab.com>
Reviewed-by: alexgit2k <utaker2k-git@yahoo.de>
Co-authored-by: fneill <fneill@gitlab.com>
Add documentation on what happens during gitlab-ctl reconfigure
See merge request https://gitlab.com/gitlab-org/omnibus-gitlab/-/merge_requests/7213
Merged-by: Robert Marshall <rmarshall@gitlab.com>
Approved-by: João Alexandre Cunha <j.a.cunha@gmail.com>
Approved-by: Robert Marshall <rmarshall@gitlab.com>
Reviewed-by: João Alexandre Cunha <j.a.cunha@gmail.com>
Reviewed-by: Robert Marshall <rmarshall@gitlab.com>
Reviewed-by: Evan Read <eread@gitlab.com>
Co-authored-by: Balasankar "Balu" C <balasankar@gitlab.com>
Co-authored-by: Evan Read <eread@gitlab.com>
- Adds much more detail around the process that happens
when gitlab-ctl reconfigure executes.
- Adds notes to the recipes to clarify what happens in
the context of a reconfigure run.
Signed-off-by: Balasankar "Balu" C <balasankar@gitlab.com>
Use bundler to install Omnibus gems
See merge request https://gitlab.com/gitlab-org/omnibus-gitlab/-/merge_requests/7362
Merged-by: Balasankar 'Balu' C <balasankar@gitlab.com>
Approved-by: Balasankar 'Balu' C <balasankar@gitlab.com>
Reviewed-by: Balasankar 'Balu' C <balasankar@gitlab.com>
Reviewed-by: Robert Marshall <rmarshall@gitlab.com>
Co-authored-by: Stan Hu <stanhu@gmail.com>
Instead of calling `gem install <x>` many times, let's define the
`Gemfile` and `Gemfile.lock` and run `bundle install`. This ensures
dependencies are pinned and don't quietly move with a new invocation
of `gem install`. There is also a side benefit to using `bundler`: we
can later use the newly-introduced feature to include and verify
checksums (https://github.com/rubygems/rubygems/pull/6374).
`bundler` generally installs everything in the expected gem directory
that is used by `ruby`, but for gems installed from a Git source,
`bundler` puts those gems in a special `bundler/gems` directory.
We don't use any gems from Git sources now--`gitlab-ruby-shadow`
is now used instead of `ruby-shadow`--there is no issue.
Also, note that if we want to ensure `gitlab-ctl` doesn't try to pull
in gems from GitLab Rails, we could invoke `bundler`, but this is a
slightly riskier change.
Relates to https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/8368
Changelog: changed
Switch to Lychee for link checking
See merge request https://gitlab.com/gitlab-org/omnibus-gitlab/-/merge_requests/7547
Merged-by: Robert Marshall <rmarshall@gitlab.com>
Approved-by: Robert Marshall <rmarshall@gitlab.com>
Reviewed-by: Evan Read <eread@gitlab.com>
Co-authored-by: Evan Read <eread@gitlab.com>
Remove reliable from test runs
See merge request https://gitlab.com/gitlab-org/omnibus-gitlab/-/merge_requests/7562
Merged-by: Balasankar 'Balu' C <balasankar@gitlab.com>
Approved-by: Vishal Patel <vpatel@gitlab.com>
Approved-by: Balasankar 'Balu' C <balasankar@gitlab.com>
Co-authored-by: Sofia Vistas <svistas@gitlab.com>
- Adds a command to re-apply SELinux file context rules based on the
current GitLab provided SELinux policy.
- Documents the existence of this new command.
- Moves semanage tests into SELinuxHelper rspec and extends coverage for
changes made to support the new command.
Related https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/7257
Closes https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/7452
Changelog: added
Signed-off-by: Robert Marshall <rmarshall@gitlab.com>
- Update aws_amis_and_marketplace_listings.md in the
documentation to use the `owner` instead of `ownerAlias`
key in the link to GitLab AWS Marketplace AMIs.
Add doc about scoped maintainership for Build
See merge request https://gitlab.com/gitlab-org/omnibus-gitlab/-/merge_requests/7246
Merged-by: Robert Marshall <rmarshall@gitlab.com>
Approved-by: Robert Marshall <rmarshall@gitlab.com>
Reviewed-by: Balasankar 'Balu' C <balasankar@gitlab.com>
Reviewed-by: Robert Marshall <rmarshall@gitlab.com>
Co-authored-by: Balasankar "Balu" C <balasankar@gitlab.com>
Correctly specify where CA store comes from
See merge request https://gitlab.com/gitlab-org/omnibus-gitlab/-/merge_requests/7436
Merged-by: Andrew Patterson <apatterson@gitlab.com>
Approved-by: Andrew Patterson <apatterson@gitlab.com>
Approved-by: Ryan Egesdahl <regesdahl@gitlab.com>
Co-authored-by: syvb <me@iter.ca>
CAcert.org does not make a collection of trusted root CAs.
GitLab Omnibus uses Curl's version of Mozilla's trust store:
e20cbf834f/config/software/cacerts.rb (L35)
I think this error resulted from confusing the `cacert.pem` file (which is the name for any file that contains a collection of CAs), and the `CAcert.org` non-profit (which is a non-profit CA).
Signed-off-by: syvb <me@iter.ca>
Documents the implementation model when a new component requires its own
database and the requirements for each level of support that Omnibus
GitLab may provide.
- Describes the standard when an existing component is migrated to the
new implementation model.
- Outlines the way a new component with a separate database should be
added to Omnibus GitLab.
- Defines each level of support a component may have from Omnibus GitLab.
Closes https://gitlab.com/gitlab-org/distribution/team-tasks/-/issues/1349
Signed-off-by: Hossein Pursultani <hpursultani@gitlab.com>