delta/gitlab/gitlab-ce.git/doc/api/settings.md, branch ide-diff-cursor gitlab.com: gitlab-org/gitlab-ce.git Update settings.md 2018-01-04T16:26:14+00:00 Gauthier Wallet gauthier.wallet@gmail.com 2018-01-04T16:26:14+00:00 0a02b0d8eada41b72d19bee3f963d7cee5b19c57 






Move the circuitbreaker check out in a separate process
2017-12-08T08:11:39+00:00

Bob Van Landuyt
bob@vanlanduyt.co

2017-11-13T15:52:07+00:00

f1ae1e39ce6b7578c5697c977bc3b52b119301ab

Moving the check out of the general requests, makes sure we don't have
any slowdown in the regular requests.

To keep the process performing this checks small, the check is still
performed inside a unicorn. But that is called from a process running
on the same server.

Because the checks are now done outside normal request, we can have a
simpler failure strategy:

The check is now performed in the background every
`circuitbreaker_check_interval`. Failures are logged in redis. The
failures are reset when the check succeeds. Per check we will try
`circuitbreaker_access_retries` times within
`circuitbreaker_storage_timeout` seconds.

When the number of failures exceeds
`circuitbreaker_failure_count_threshold`, we will block access to the
storage.

After `failure_reset_time` of no checks, we will clear the stored
failures. This could happen when the process that performs the checks
is not running.





Moving the check out of the general requests, makes sure we don't have
any slowdown in the regular requests.

To keep the process performing this checks small, the check is still
performed inside a unicorn. But that is called from a process running
on the same server.

Because the checks are now done outside normal request, we can have a
simpler failure strategy:

The check is now performed in the background every
`circuitbreaker_check_interval`. Failures are logged in redis. The
failures are reset when the check succeeds. Per check we will try
`circuitbreaker_access_retries` times within
`circuitbreaker_storage_timeout` seconds.

When the number of failures exceeds
`circuitbreaker_failure_count_threshold`, we will block access to the
storage.

After `failure_reset_time` of no checks, we will clear the stored
failures. This could happen when the process that performs the checks
is not running.







Allow password authentication to be disabled entirely
2017-11-23T13:16:14+00:00

Markus Koller
markus-koller@gmx.ch

2017-11-23T13:16:14+00:00

257fd5713485a05460a9170190100643199a7e48












Clarify wording of protected branch settings for the default branch
2017-11-20T16:09:56+00:00

Sean McGivern
sean@gitlab.com

2017-11-20T16:09:56+00:00

c82ae26565fdbffd205476929a2c08c9448a1365

No-one is allowed to force push to a protected branch, or delete it. That's
correct in the documentation, but was wrong in the drop-down.





No-one is allowed to force push to a protected branch, or delete it. That's
correct in the documentation, but was wrong in the drop-down.







Allow configuring new circuitbreaker settings from the UI and API
2017-10-23T09:02:23+00:00

Bob Van Landuyt
bob@vanlanduyt.co

2017-10-18T12:57:35+00:00

1881d4f8ecbf52afd7bc732cd6c1296fafd38405












Allow configuring the circuitbreaker through the API and UI
2017-10-17T09:50:32+00:00

Bob Van Landuyt
bob@vanlanduyt.co

2017-10-12T14:35:59+00:00

38af7c1613e75561b405b15d6b8db1724da59ef6












Update the settings api documentation
2017-10-13T15:59:26+00:00

Bob Van Landuyt
bob@vanlanduyt.co

2017-10-13T15:59:26+00:00

c96a138d3559097aa6dc04da7e0ea25ee68c6706












Rework the permissions model for SSH key restrictions
2017-08-30T19:50:44+00:00

Nick Thomas
nick@gitlab.com

2017-08-25T13:08:48+00:00

6847060266792471c9c14518a5106e0f622cd6c5

`allowed_key_types` is removed and the `minimum_<type>_bits` fields are
renamed to `<tech>_key_restriction`. A special sentinel value (`-1`) signifies
that the key type is disabled.

This also feeds through to the UI - checkboxes per key type are out, inline
selection of "forbidden" and "allowed" (i.e., no restrictions) are in.

As with the previous model, unknown key types are disallowed, even if the
underlying ssh daemon happens to support them. The defaults have also been
changed from the lowest known bit size to "no restriction". So if someone
does happen to have a 768-bit RSA key, it will continue to work on upgrade, at
least until the administrator restricts them.





`allowed_key_types` is removed and the `minimum_<type>_bits` fields are
renamed to `<tech>_key_restriction`. A special sentinel value (`-1`) signifies
that the key type is disabled.

This also feeds through to the UI - checkboxes per key type are out, inline
selection of "forbidden" and "allowed" (i.e., no restrictions) are in.

As with the previous model, unknown key types are disallowed, even if the
underlying ssh daemon happens to support them. The defaults have also been
changed from the lowest known bit size to "no restriction". So if someone
does happen to have a 768-bit RSA key, it will continue to work on upgrade, at
least until the administrator restricts them.







Add settings for minimum key strength and allowed key type
2017-08-30T19:50:44+00:00

Nick Thomas
nick@gitlab.com

2017-08-21T10:30:03+00:00

b0f982fbdf69c292ab4530c0aaaf1ab42f4e7a01

This is an amalgamation of:

* Cory Hinshaw: Initial implementation !5552
* Rémy Coutable: Updates !9350
* Nick Thomas: Resolve conflicts and add ED25519 support !13712





This is an amalgamation of:

* Cory Hinshaw: Initial implementation !5552
* Rémy Coutable: Updates !9350
* Nick Thomas: Resolve conflicts and add ED25519 support !13712







Remove deprecated `repository_storage` attribute
2017-07-27T09:49:27+00:00

Bob Van Landuyt
bob@vanlanduyt.co

2017-07-13T16:10:01+00:00

c11ed138a02d29230e192a064011347e93b7fb9f

In favor of the new `repository_storages`





In favor of the new `repository_storages`