- Ensure legacy redis sentinel master configuration for rails
gets parsed and loaded into resque with the new redis helper.
Closes https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/8540
Signed-off-by: Balasankar 'Balu' C <balasankar@gitlab.com>
Skip Gitaly storages uniqueness check if Gitaly is not enabled
See merge request https://gitlab.com/gitlab-org/omnibus-gitlab/-/merge_requests/7600
Merged-by: Robert Marshall <rmarshall@gitlab.com>
Approved-by: Igor <iwiedler@gitlab.com>
Approved-by: Toon Claes <toon@gitlab.com>
Approved-by: Alessio Caiazza <acaiazza@gitlab.com>
Approved-by: Robert Marshall <rmarshall@gitlab.com>
Co-authored-by: Balasankar 'Balu' C <balasankar@gitlab.com>
- If a node has legacy `git-data` storages configured but no
longer runs the gitaly service, skip the unique storage path
validation check.
Signed-off-by: Balasankar 'Balu' C <balasankar@gitlab.com>
redis: Fix password auth with UNIX domain sockets
See merge request https://gitlab.com/gitlab-org/omnibus-gitlab/-/merge_requests/7573
Merged-by: Balasankar 'Balu' C <balasankar@gitlab.com>
Approved-by: Ian Baum <ibaum@gitlab.com>
Approved-by: Balasankar 'Balu' C <balasankar@gitlab.com>
Reviewed-by: Gabriel Mazetto <gabriel@gitlab.com>
Reviewed-by: Ian Baum <ibaum@gitlab.com>
Co-authored-by: Stan Hu <stanhu@gmail.com>
Gitaly is making a breaking change with v17.0 to prevent multiple
storages from sharing the same local path. This is being done as part of
the work to add a write-ahead log to Gitaly, see
https://gitlab.com/gitlab-org/gitaly/-/issues/5598 for further details.
Validate that Gitaly's config does not have more than one storage using
the same path, dereferencing any symlinks.
Changelog: changed
Remove PostgreSQL 13
Closes#8341
See merge request https://gitlab.com/gitlab-org/omnibus-gitlab/-/merge_requests/7546
Merged-by: Balasankar 'Balu' C <balasankar@gitlab.com>
Approved-by: Ryan Egesdahl <regesdahl@gitlab.com>
Approved-by: Balasankar 'Balu' C <balasankar@gitlab.com>
Reviewed-by: Balasankar 'Balu' C <balasankar@gitlab.com>
Reviewed-by: Ryan Egesdahl <regesdahl@gitlab.com>
Co-authored-by: Clemens Beck <cbeck@gitlab.com>
Previously if a Redis instance listened on a UNIX socket but a
password were set, GitLab Rails would not be able to authenticate.
This occurred because the UNIX URL doesn't contain a password.
Both Ruby and Go Redis clients support URLs in the form:
unix://<user>:<password>@</path/to/redis.sock>?db=<db_number>
Relates to work started in
https://gitlab.com/gitlab-org/omnibus-gitlab/-/merge_requests/2194
Changelog: fixed
Modify the Dockerfile and library code around Docker image builds to
support building multiarch images. The Dockerfile will download the
package for the correct architecture based on TARGETARCH variable.
Closes: https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/8470
Signed-off-by: Balasankar 'Balu' C <balasankar@gitlab.com>
Move away from docker-api gem which does not have support for `docker
buildx`. Add a wrapper to execute `docker buildx` commands in the shell
and use that for Docker operations.
Closes: https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/8469
Signed-off-by: Balasankar 'Balu' C <balasankar@gitlab.com>
Support custom auth_redirect_uri when namespace_in_path is enabled
See merge request https://gitlab.com/gitlab-org/omnibus-gitlab/-/merge_requests/7516
Merged-by: Robert Marshall <rmarshall@gitlab.com>
Approved-by: Mitchell Nielsen <mnielsen@gitlab.com>
Approved-by: Robert Marshall <rmarshall@gitlab.com>
Co-authored-by: ngala <ngala@gitlab.com>
Enable KAS in FIPS mode
Closes gitlab-org/build/CNG#1948
See merge request https://gitlab.com/gitlab-org/omnibus-gitlab/-/merge_requests/7528
Merged-by: Robert Marshall <rmarshall@gitlab.com>
Approved-by: Vishal Patel <vpatel@gitlab.com>
Approved-by: Andrew Patterson <apatterson@gitlab.com>
Approved-by: Robert Marshall <rmarshall@gitlab.com>
Co-authored-by: Taka Nishida <tnishida@gitlab.com>
Accept multiple bind addresses in Redis config
See merge request https://gitlab.com/gitlab-org/omnibus-gitlab/-/merge_requests/7500
Merged-by: Balasankar 'Balu' C <balasankar@gitlab.com>
Approved-by: Hossein Pursultani <hpursultani@gitlab.com>
Approved-by: Balasankar 'Balu' C <balasankar@gitlab.com>
Co-authored-by: Stan Hu <stanhu@gmail.com>
Support optional grpc log level config for KAS
See merge request https://gitlab.com/gitlab-org/omnibus-gitlab/-/merge_requests/7518
Merged-by: Robert Marshall <rmarshall@gitlab.com>
Approved-by: Gabriel Mazetto <gabriel@gitlab.com>
Approved-by: Robert Marshall <rmarshall@gitlab.com>
Co-authored-by: Taka Nishida <tnishida@gitlab.com>
- Adds DEV_BUILDER_IMAGE_REGISTRY when invoking triggers to
allow build-package-on-all-os jobs to work with SLES from
the GitLab Omnibus Builder repository.
Signed-off-by: Balasankar 'Balu' C <balasankar@gitlab.com>
Support TLS for kas->kas communication for KAS
See merge request https://gitlab.com/gitlab-org/omnibus-gitlab/-/merge_requests/7453
Merged-by: Robert Marshall <rmarshall@gitlab.com>
Approved-by: Timo Furrer <tfurrer@gitlab.com>
Approved-by: João Alexandre Cunha <j.a.cunha@gmail.com>
Approved-by: Robert Marshall <rmarshall@gitlab.com>
Co-authored-by: Taka Nishida <tnishida@gitlab.com>
Drop trigger build jobs in favor of normal branch build jobs
Closes#6333 and #7187
See merge request https://gitlab.com/gitlab-org/omnibus-gitlab/-/merge_requests/7497
Merged-by: Andrew Patterson <apatterson@gitlab.com>
Approved-by: Clemens Beck <cbeck@gitlab.com>
Approved-by: Andrew Patterson <apatterson@gitlab.com>
Reviewed-by: Balasankar 'Balu' C <balasankar@gitlab.com>
Reviewed-by: Clemens Beck <cbeck@gitlab.com>
Co-authored-by: Balasankar 'Balu' C <balasankar@gitlab.com>
- Control cache policy by variable.
- Drop trigger build jobs in favor of normal branch build jobs.
Signed-off-by: Balasankar 'Balu' C <balasankar@gitlab.com>
As specified in https://redis.io/docs/management/config-file/, Redis
can bind to multiple addresses with a space-separated field. Previously
attempting to do this without setting `gitlab_rails['redis_host']`
would fail because a URI could not be built with a space in the
hostname.
This commit now splits the string with the space and picks the first
address as the default Redis host.
Relates to https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/8465
Changelog: added
Enable skopeo for container releases
See merge request https://gitlab.com/gitlab-org/omnibus-gitlab/-/merge_requests/7489
Merged-by: Robert Marshall <rmarshall@gitlab.com>
Approved-by: João Alexandre Cunha <j.a.cunha@gmail.com>
Approved-by: Robert Marshall <rmarshall@gitlab.com>
Co-authored-by: Balasankar 'Balu' C <balasankar@gitlab.com>
- Adds option that enables container copies with skopeo
instead of pull the image, re-tag, and then push it
- Retains current pull/re-tag/push behavior as default
Related https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/5673
Signed-off-by: Balasankar 'Balu' C <balasankar@gitlab.com>
Move Redis server information to NewRedisHelper
See merge request https://gitlab.com/gitlab-org/omnibus-gitlab/-/merge_requests/7465
Merged-by: Robert Marshall <rmarshall@gitlab.com>
Approved-by: Dustin Collins <714871-dustinmm80@users.noreply.gitlab.com>
Approved-by: Andrew Patterson <apatterson@gitlab.com>
Approved-by: Robert Marshall <rmarshall@gitlab.com>
Co-authored-by: Balasankar 'Balu' C <balasankar@gitlab.com>
- Continue conversion to the new style redis helper with
refactors against the redis server functionality methods
Signed-off-by: Balasankar 'Balu' C <balasankar@gitlab.com>
- Ensures package is built for both branch pipelines and
the nightly job
- Fixes package download URL calculations
Closes https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/8451
Signed-off-by: Balasankar 'Balu' C <balasankar@gitlab.com>
Create git_data_dirs even if gitlab_rails is disabled
See merge request https://gitlab.com/gitlab-org/omnibus-gitlab/-/merge_requests/7459
Merged-by: Balasankar 'Balu' C <balasankar@gitlab.com>
Approved-by: Jason Plum <jplum@gitlab.com>
Approved-by: Andrew Patterson <apatterson@gitlab.com>
Approved-by: Balasankar 'Balu' C <balasankar@gitlab.com>
Co-authored-by: Ahmad Sherif <ahmad@gitlab.com>
- Adds a command to re-apply SELinux file context rules based on the
current GitLab provided SELinux policy.
- Documents the existence of this new command.
- Moves semanage tests into SELinuxHelper rspec and extends coverage for
changes made to support the new command.
Related https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/7257
Closes https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/7452
Changelog: added
Signed-off-by: Robert Marshall <rmarshall@gitlab.com>
Currently, `gitlab_rails` service needs to be enabled in order for
`gitaly` service to function properly. Specifically, `gitlab_rails`
creates `git_data_dirs` (e.g. `/var/opt/gitlab/git-data/repositories`)
which is needed for Gitaly to start-up. If only the `gitaly` service is
enabled, then Gitaly won't start due to config validation error (i.e.
storage directories have to be present).
This MR makes the creation of these directories the responsibility of
the `gitaly` cookbook. The `gitlab` cookbook still creates the
directories as backward-compatibility measure, as I'm not sure if these
directories are needed outside of Gitaly.
This is needed as part of
https://gitlab.com/gitlab-com/gl-infra/production-engineering/-/issues/24530.
Changelog: fixed
This reverts merge request !7460 because the `Trigger:package` job
was not present. Adding it would build the Ubuntu package twice, so
we chose to revert and determine if this can be done with the
package already built in the pipeline.
Ensure nightly pipelines are correctly detected in Canonical
See merge request https://gitlab.com/gitlab-org/omnibus-gitlab/-/merge_requests/7460
Merged-by: Andrew Patterson <apatterson@gitlab.com>
Approved-by: Jason Plum <jplum@gitlab.com>
Approved-by: Andrew Patterson <apatterson@gitlab.com>
Co-authored-by: Balasankar 'Balu' C <balasankar@gitlab.com>
Rutger Wessels
Balasankar 'Balu' C
Robert Marshall
Will Chandler
Clemens Beck
Gregorius Marco
Stan Hu
Ian Baum
Andrew Patterson
ngala
Taka Nishida
Sylvester Chin
Reuben Pereira
Javiera Tapia
Ahmad Sherif
Ryan Egesdahl
Ash McKenzie