From 9eb4569ed9330d65fb24e0272402fe5ac739b8be Mon Sep 17 00:00:00 2001 From: Achilleas Pipinellis Date: Fri, 13 May 2016 16:17:01 -0500 Subject: Change all occurrences of doc.gitlab.com to docs.gitlab.com [ci skip] --- doc/administration/environment_variables.md | 2 +- doc/administration/high_availability/load_balancer.md | 2 +- doc/administration/high_availability/nfs.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) (limited to 'doc/administration') diff --git a/doc/administration/environment_variables.md b/doc/administration/environment_variables.md index 43ab153d76d..7f53915a4d7 100644 --- a/doc/administration/environment_variables.md +++ b/doc/administration/environment_variables.md @@ -58,4 +58,4 @@ to the naming scheme `GITLAB_#{name in 1_settings.rb in upper case}`. It's possible to preconfigure the GitLab docker image by adding the environment variable `GITLAB_OMNIBUS_CONFIG` to the `docker run` command. -For more information see the ['preconfigure-docker-container' section in the Omnibus documentation](http://doc.gitlab.com/omnibus/docker/#preconfigure-docker-container). +For more information see the ['preconfigure-docker-container' section in the Omnibus documentation](http://docs.gitlab.com/omnibus/docker/#preconfigure-docker-container). diff --git a/doc/administration/high_availability/load_balancer.md b/doc/administration/high_availability/load_balancer.md index b1fe34ed9a1..136f570ac27 100644 --- a/doc/administration/high_availability/load_balancer.md +++ b/doc/administration/high_availability/load_balancer.md @@ -60,4 +60,4 @@ Read more on high-availability configuration: configure custom domains with custom SSL, which would not be possible if SSL was terminated at the load balancer. -[gitlab-pages]: http://doc.gitlab.com/ee/pages/administration.html +[gitlab-pages]: http://docs.gitlab.com/ee/pages/administration.html diff --git a/doc/administration/high_availability/nfs.md b/doc/administration/high_availability/nfs.md index e4e124e200a..49ff5d536a1 100644 --- a/doc/administration/high_availability/nfs.md +++ b/doc/administration/high_availability/nfs.md @@ -113,4 +113,4 @@ Read more on high-availability configuration: 1. [Configure the GitLab application servers](gitlab.md) 1. [Configure the load balancers](load_balancer.md) -[udp-log-shipping]: http://doc.gitlab.com/omnibus/settings/logs.html#udp-log-shipping-gitlab-enterprise-edition-only "UDP log shipping" +[udp-log-shipping]: http://docs.gitlab.com/omnibus/settings/logs.html#udp-log-shipping-gitlab-enterprise-edition-only "UDP log shipping" -- cgit v1.2.1 From e037faa3f8b9f6238a574e52f85b10dd0464a496 Mon Sep 17 00:00:00 2001 From: donhui <977675308@qq.com> Date: Mon, 16 May 2016 16:22:22 +0800 Subject: typo fix: # Disable all components except Redis typo fix: # Disable all components except Redis --- doc/administration/high_availability/redis.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'doc/administration') diff --git a/doc/administration/high_availability/redis.md b/doc/administration/high_availability/redis.md index d89a1e582ca..f6153216f33 100644 --- a/doc/administration/high_availability/redis.md +++ b/doc/administration/high_availability/redis.md @@ -26,7 +26,7 @@ that runs Redis. ```ruby external_url 'https://gitlab.example.com' - # Disable all components except PostgreSQL + # Disable all components except Redis redis['enable'] = true bootstrap['enable'] = false nginx['enable'] = false -- cgit v1.2.1 From 18dddc0c84f2f88e9b37883f1a745dbbeb74b6f3 Mon Sep 17 00:00:00 2001 From: Marin Jankovski Date: Fri, 13 May 2016 11:44:48 -0400 Subject: Initial docker container registry configuration docs. --- doc/administration/container_registry.md | 127 +++++++++++++++++++++++++++++++ 1 file changed, 127 insertions(+) create mode 100644 doc/administration/container_registry.md (limited to 'doc/administration') diff --git a/doc/administration/container_registry.md b/doc/administration/container_registry.md new file mode 100644 index 00000000000..d89cfd1d43e --- /dev/null +++ b/doc/administration/container_registry.md @@ -0,0 +1,127 @@ +# GitLab Container Registry Administration + +Documentation on how to use Container Registry are under [TODO](TODO.md). + +## Configuration + +Containers can be large in size and they are stored on the server GitLab is +installed on. + +The Container Registry works under HTTPS by default. +This means that the Container Registry requires a SSL certificate. +There are two options on how this can be configured: + +1. Use its own domain - needs a SSL certificate for that specific domain +(eg. registry.example.com) or a wildcard certificate if hosted under a subdomain +(eg. registry.gitlab.example.com) +1. Use existing GitLab domain and expose the registry on a port - can reuse +existing GitLab SSL certificate + +Note that using HTTP is possible, +[see insecure Registry document.](https://github.com/docker/distribution/blob/master/docs/insecure.md) + +Please take this into consideration before configuring Container Registry for +the first time. + +## Container Registry under its own domain + +Lets assume that you want the Container Registry to be accessible at +`https://registry.gitlab.example.com`. + +### Omnibus GitLab packages + +Place your SSL certificate and key in +`/etc/gitlab/ssl/registry.gitlab.example.com.crt` +and +`/etc/gitlab/ssl/registry.gitlab.example.com.key` and make sure they have +correct permissions: + +```bash +chmod 600 /etc/gitlab/ssl/registry.gitlab.example.com.* +``` + +Once the SSL certificate is in place, edit `/etc/gitlab/gitlab.rb` with: + +```ruby +registry_external_url 'https://registry.gitlab.example.com' +``` + +Save the file and [reconfigure GitLab][] for the changes to take effect. + +Users should now be able to login to the Container Registry using: + +```bash +docker login registry.gitlab.example.com +``` + +with their GitLab credentials. + +If you have a [wildcard certificate][], you need to specify the path to the +certificate in addition to the URL, in this case `/etc/gitlab/gitlab.rb` will +look like: + +```ruby +registry_external_url 'https://registry.gitlab.example.com' +registry_nginx['ssl_certificate'] = "/etc/gitlab/ssl/certificate.pem" +registry_nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/certificate.key" +``` + +## Container Registry under existing GitLab domain + +Lets assume that your GitLab instance is accessible at +`https://gitlab.example.com`. You can expose the Container Registry under +a separate port. + +Lets assume that you've exposed port `4567` in your network firewall. + +### Omnibus GitLab packages + +Your `/etc/gitlab/gitlab.rb` should contain the Container Registry URL as +well as the path to the existing SSL certificate and key used by GitLab. + +```ruby +registry_external_url 'https://gitlab.example.com:4567' + +## If your SSL certificate is not in /etc/gitlab/ssl/gitlab.example.com.crt +## and key not in /etc/gitlab/ssl/gitlab.example.com.key uncomment the lines +## below + +# registry_nginx['ssl_certificate'] = "/path/to/certificate.pem" +# registry_nginx['ssl_certificate_key'] = "/path/to/certificate.key" +``` + +Save the file and [reconfigure GitLab][] for the changes to take effect. + +Users should now be able to login to the Container Registry using: + +```bash +docker login gitlab.example.com:4567 +``` + +with their GitLab credentials. + +## Container Registry storage path + +It is possible to change path where containers will be stored by the Container +Registry. + +### Omnibus GitLab packages + +By default, the path Container Registry is using to store the containers is in +`/var/opt/gitlab/gitlab-rails/shared/registry`. +This path is accessible to the user running the Container Registry daemon, +user running GitLab and to the user running Nginx web server. + +In `/etc/gitlab/gitlab.rb`: + +```ruby +gitlab_rails['registry_path'] = "/path/to/registry/storage" +``` + +Save the file and [reconfigure GitLab][] for the changes to take effect. + +**NOTE** You should confirm that the GitLab, registry and the web server user +have access to this directory. + +[reconfigure gitlab]: ../../administration/restart_gitlab.md "How to restart GitLab documentation" +[wildcard certificate]: "https://en.wikipedia.org/wiki/Wildcard_certificate" -- cgit v1.2.1 From 63c1792eface9ae8345d2dfe814b83ab8a401ea4 Mon Sep 17 00:00:00 2001 From: Achilleas Pipinellis Date: Sun, 15 May 2016 10:02:20 -0500 Subject: Rearrange headings --- doc/administration/container_registry.md | 42 +++++++++++++++++++++++--------- 1 file changed, 31 insertions(+), 11 deletions(-) (limited to 'doc/administration') diff --git a/doc/administration/container_registry.md b/doc/administration/container_registry.md index d89cfd1d43e..2b7e143f685 100644 --- a/doc/administration/container_registry.md +++ b/doc/administration/container_registry.md @@ -1,6 +1,18 @@ # GitLab Container Registry Administration -Documentation on how to use Container Registry are under [TODO](TODO.md). +> **Note:** +This feature was [introduced][ce-4040] in GitLab 8.8. + + + +**Table of Contents** *generated with [DocToc](https://github.com/thlorenz/doctoc)* + +- [Configuration](#configuration) + - [Container Registry under its own domain](#container-registry-under-its-own-domain) + - [Container Registry under existing GitLab domain](#container-registry-under-existing-gitlab-domain) +- [Container Registry storage path](#container-registry-storage-path) + + ## Configuration @@ -12,23 +24,25 @@ This means that the Container Registry requires a SSL certificate. There are two options on how this can be configured: 1. Use its own domain - needs a SSL certificate for that specific domain -(eg. registry.example.com) or a wildcard certificate if hosted under a subdomain -(eg. registry.gitlab.example.com) + (eg. registry.example.com) or a wildcard certificate if hosted under a subdomain + (eg. registry.gitlab.example.com) 1. Use existing GitLab domain and expose the registry on a port - can reuse -existing GitLab SSL certificate + existing GitLab SSL certificate -Note that using HTTP is possible, -[see insecure Registry document.](https://github.com/docker/distribution/blob/master/docs/insecure.md) +Note that using HTTP is possible but not recommended, +[see insecure Registry document][docker-insecure]. Please take this into consideration before configuring Container Registry for the first time. -## Container Registry under its own domain +### Container Registry under its own domain Lets assume that you want the Container Registry to be accessible at `https://registry.gitlab.example.com`. -### Omnibus GitLab packages +--- + +**Omnibus GitLab packages** Place your SSL certificate and key in `/etc/gitlab/ssl/registry.gitlab.example.com.crt` @@ -66,7 +80,7 @@ registry_nginx['ssl_certificate'] = "/etc/gitlab/ssl/certificate.pem" registry_nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/certificate.key" ``` -## Container Registry under existing GitLab domain +### Container Registry under existing GitLab domain Lets assume that your GitLab instance is accessible at `https://gitlab.example.com`. You can expose the Container Registry under @@ -74,7 +88,9 @@ a separate port. Lets assume that you've exposed port `4567` in your network firewall. -### Omnibus GitLab packages +**Omnibus GitLab packages** + +--- Your `/etc/gitlab/gitlab.rb` should contain the Container Registry URL as well as the path to the existing SSL certificate and key used by GitLab. @@ -105,7 +121,9 @@ with their GitLab credentials. It is possible to change path where containers will be stored by the Container Registry. -### Omnibus GitLab packages +**Omnibus GitLab packages** + +--- By default, the path Container Registry is using to store the containers is in `/var/opt/gitlab/gitlab-rails/shared/registry`. @@ -125,3 +143,5 @@ have access to this directory. [reconfigure gitlab]: ../../administration/restart_gitlab.md "How to restart GitLab documentation" [wildcard certificate]: "https://en.wikipedia.org/wiki/Wildcard_certificate" +[ce-4040]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/4040 +[docker-insecure]: https://github.com/docker/distribution/blob/master/docs/insecure.md -- cgit v1.2.1 From 04d231ef8743db55784f5c1a1f50438445ed908d Mon Sep 17 00:00:00 2001 From: Achilleas Pipinellis Date: Mon, 16 May 2016 19:21:06 -0500 Subject: Rearrange configuration parts --- doc/administration/container_registry.md | 76 ++++++++++++++++---------------- 1 file changed, 38 insertions(+), 38 deletions(-) (limited to 'doc/administration') diff --git a/doc/administration/container_registry.md b/doc/administration/container_registry.md index 2b7e143f685..1791c95df60 100644 --- a/doc/administration/container_registry.md +++ b/doc/administration/container_registry.md @@ -8,8 +8,8 @@ This feature was [introduced][ce-4040] in GitLab 8.8. **Table of Contents** *generated with [DocToc](https://github.com/thlorenz/doctoc)* - [Configuration](#configuration) - - [Container Registry under its own domain](#container-registry-under-its-own-domain) - [Container Registry under existing GitLab domain](#container-registry-under-existing-gitlab-domain) + - [Container Registry under its own domain](#container-registry-under-its-own-domain) - [Container Registry storage path](#container-registry-storage-path) @@ -26,7 +26,7 @@ There are two options on how this can be configured: 1. Use its own domain - needs a SSL certificate for that specific domain (eg. registry.example.com) or a wildcard certificate if hosted under a subdomain (eg. registry.gitlab.example.com) -1. Use existing GitLab domain and expose the registry on a port - can reuse +1. Use the existing GitLab domain and expose the registry on a port - can reuse existing GitLab SSL certificate Note that using HTTP is possible but not recommended, @@ -35,6 +35,42 @@ Note that using HTTP is possible but not recommended, Please take this into consideration before configuring Container Registry for the first time. +### Container Registry under existing GitLab domain + +Lets assume that your GitLab instance is accessible at +`https://gitlab.example.com`. You can expose the Container Registry under +a separate port. + +Lets assume that you've exposed port `4567` in your network firewall. + +**Omnibus GitLab packages** + +--- + +Your `/etc/gitlab/gitlab.rb` should contain the Container Registry URL as +well as the path to the existing SSL certificate and key used by GitLab. + +```ruby +registry_external_url 'https://gitlab.example.com:4567' + +## If your SSL certificate is not in /etc/gitlab/ssl/gitlab.example.com.crt +## and key not in /etc/gitlab/ssl/gitlab.example.com.key uncomment the lines +## below + +# registry_nginx['ssl_certificate'] = "/path/to/certificate.pem" +# registry_nginx['ssl_certificate_key'] = "/path/to/certificate.key" +``` + +Save the file and [reconfigure GitLab][] for the changes to take effect. + +Users should now be able to login to the Container Registry using: + +```bash +docker login gitlab.example.com:4567 +``` + +with their GitLab credentials. + ### Container Registry under its own domain Lets assume that you want the Container Registry to be accessible at @@ -80,42 +116,6 @@ registry_nginx['ssl_certificate'] = "/etc/gitlab/ssl/certificate.pem" registry_nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/certificate.key" ``` -### Container Registry under existing GitLab domain - -Lets assume that your GitLab instance is accessible at -`https://gitlab.example.com`. You can expose the Container Registry under -a separate port. - -Lets assume that you've exposed port `4567` in your network firewall. - -**Omnibus GitLab packages** - ---- - -Your `/etc/gitlab/gitlab.rb` should contain the Container Registry URL as -well as the path to the existing SSL certificate and key used by GitLab. - -```ruby -registry_external_url 'https://gitlab.example.com:4567' - -## If your SSL certificate is not in /etc/gitlab/ssl/gitlab.example.com.crt -## and key not in /etc/gitlab/ssl/gitlab.example.com.key uncomment the lines -## below - -# registry_nginx['ssl_certificate'] = "/path/to/certificate.pem" -# registry_nginx['ssl_certificate_key'] = "/path/to/certificate.key" -``` - -Save the file and [reconfigure GitLab][] for the changes to take effect. - -Users should now be able to login to the Container Registry using: - -```bash -docker login gitlab.example.com:4567 -``` - -with their GitLab credentials. - ## Container Registry storage path It is possible to change path where containers will be stored by the Container -- cgit v1.2.1 From 0695cdee178ac995f7dec81dcd734eef7e28e36e Mon Sep 17 00:00:00 2001 From: Achilleas Pipinellis Date: Wed, 18 May 2016 12:03:57 -0500 Subject: Add assumptions section and refactor domain configuration --- doc/administration/container_registry.md | 56 ++++++++++++++++++++++---------- 1 file changed, 39 insertions(+), 17 deletions(-) (limited to 'doc/administration') diff --git a/doc/administration/container_registry.md b/doc/administration/container_registry.md index 1791c95df60..17a0c229b97 100644 --- a/doc/administration/container_registry.md +++ b/doc/administration/container_registry.md @@ -7,33 +7,49 @@ This feature was [introduced][ce-4040] in GitLab 8.8. **Table of Contents** *generated with [DocToc](https://github.com/thlorenz/doctoc)* -- [Configuration](#configuration) +- [Assumptions](#assumptions) +- [Container Registry domain configuration](#container-registry-domain-configuration) - [Container Registry under existing GitLab domain](#container-registry-under-existing-gitlab-domain) - [Container Registry under its own domain](#container-registry-under-its-own-domain) - [Container Registry storage path](#container-registry-storage-path) +- [Disable Container Registry](#disable-container-registry) +- [Changelog](#changelog) -## Configuration +## Assumptions -Containers can be large in size and they are stored on the server GitLab is -installed on. +If you are using Omnibus, you have to bare in mind the following: -The Container Registry works under HTTPS by default. -This means that the Container Registry requires a SSL certificate. -There are two options on how this can be configured: +- The container Registry will be enabled by default if GitLab is configured + with HTTPS and it will listen on port `5005`. If you want the Registry to + listen on a port other than `5005` which is the default, read [#Container Registry under existing GitLab domain](#container-registry-under-existing-gitlab-domain) + on how to achieve that. You will also have to configure your firewall to allow + connections to that port. +- The Container Registry works under HTTPS by default. Note that using HTTP is + possible but not recommended and out of the scope of this document, + [see the insecure Registry documentation][docker-insecure] if you want to + implement this. -1. Use its own domain - needs a SSL certificate for that specific domain - (eg. registry.example.com) or a wildcard certificate if hosted under a subdomain - (eg. registry.gitlab.example.com) -1. Use the existing GitLab domain and expose the registry on a port - can reuse - existing GitLab SSL certificate +## Container Registry domain configuration -Note that using HTTP is possible but not recommended, -[see insecure Registry document][docker-insecure]. +There are two ways you can configure the container Registry domain. Either use +the existing GitLab domain where in that case the Registry will listen on a port, +or use a completely separate domain. Since the container Registry requires a +TLS certificate, in the end it all boils down to how easy or pricey is to +get a new TLS certificate. -Please take this into consideration before configuring Container Registry for -the first time. +1. If the Registry is configured to use its own domain, you will need a TLS + certificate for that specific domain (e.g., `registry.example.com`) or maybe + a wildcard certificate if hosted under a subdomain (e.g., `registry.gitlab.example.com`). +1. If the Registry is configured to use the existing GitLab domain, you can + expose the Registry on a port so that you can reuse the existing GitLab TLS + certificate. + +Please take this into consideration before configuring the Container Registry +for the first time. + +Read more about Docker Registry at https://docs.docker.com/registry/introduction/. ### Container Registry under existing GitLab domain @@ -141,7 +157,13 @@ Save the file and [reconfigure GitLab][] for the changes to take effect. **NOTE** You should confirm that the GitLab, registry and the web server user have access to this directory. +## Disable Container Registry + + +## Changelog + + [reconfigure gitlab]: ../../administration/restart_gitlab.md "How to restart GitLab documentation" [wildcard certificate]: "https://en.wikipedia.org/wiki/Wildcard_certificate" [ce-4040]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/4040 -[docker-insecure]: https://github.com/docker/distribution/blob/master/docs/insecure.md +[docker-insecure]: https://docs.docker.com/registry/insecure/ -- cgit v1.2.1 From 0cdc080a4a4d8146f6c874c91b8bff6960214c56 Mon Sep 17 00:00:00 2001 From: Achilleas Pipinellis Date: Fri, 20 May 2016 13:18:18 -0500 Subject: Refactor container docs --- doc/administration/container_registry.md | 179 +++++++++++++++++++++++++------ 1 file changed, 147 insertions(+), 32 deletions(-) (limited to 'doc/administration') diff --git a/doc/administration/container_registry.md b/doc/administration/container_registry.md index 17a0c229b97..15c3c1a7470 100644 --- a/doc/administration/container_registry.md +++ b/doc/administration/container_registry.md @@ -3,11 +3,18 @@ > **Note:** This feature was [introduced][ce-4040] in GitLab 8.8. +With the Docker container Registry integrated into GitLab, every project can +have its own space for Docker images. + +You can read more about Docker Registry at https://docs.docker.com/registry/introduction/. + +--- + **Table of Contents** *generated with [DocToc](https://github.com/thlorenz/doctoc)* -- [Assumptions](#assumptions) +- [Differences between Omnibus and source installations](#differences-between-omnibus-and-source-installations) - [Container Registry domain configuration](#container-registry-domain-configuration) - [Container Registry under existing GitLab domain](#container-registry-under-existing-gitlab-domain) - [Container Registry under its own domain](#container-registry-under-its-own-domain) @@ -17,67 +24,110 @@ This feature was [introduced][ce-4040] in GitLab 8.8. -## Assumptions + +## Differences between Omnibus and source installations If you are using Omnibus, you have to bare in mind the following: - The container Registry will be enabled by default if GitLab is configured with HTTPS and it will listen on port `5005`. If you want the Registry to - listen on a port other than `5005` which is the default, read [#Container Registry under existing GitLab domain](#container-registry-under-existing-gitlab-domain) + listen on a port other than `5005`, read [#Container Registry under existing GitLab domain](#container-registry-under-existing-gitlab-domain) on how to achieve that. You will also have to configure your firewall to allow connections to that port. -- The Container Registry works under HTTPS by default. Note that using HTTP is - possible but not recommended and out of the scope of this document, +- The container Registry works under HTTPS by default. Using HTTP is possible + but not recommended and out of the scope of this document, [see the insecure Registry documentation][docker-insecure] if you want to implement this. +--- + +If you have installed GitLab from source: +- Omnibus has some things configured for you + +- You will have to install Docker Registry by yourself. You can follow the + [official documentation][registry-deploy]. +- The container Registry will not be enabled by default, you will have to + configure it in `gitlab.yml`. + +The contents of `gitlab.yml` are: + +``` +registry: + enabled: true + host: registry.gitlab.example.com + port: 5005 + api_url: http://localhost:5000/ + key_path: config/registry.key + path: shared/registry + issuer: gitlab-issuer +``` + +where: + +| Parameter | Description | +| --------- | ----------- | +| `enabled` | Enables the Registry in GitLab. By default this is false. | +| `host` | The host URL under which the Registry will run and the users will be able to use. | +| `port` | The port under which the external Registry domain will listen on. | +| `api_url` | The internal API URL under which the Registry is exposed to. It defaults to `http://localhost:5000`. | +| `key_path`| The private key location that is a pair of Registry's `rootcertbundle`. Read the [token auth configuration documentation][token-config]. | +| `path` | This should be the same directory like specified in Registry's `rootdirectory`. Read the [storage configuration documentation][storage-config]. | +| `issuer` | This should be the same value as configured in Registry's `issuer`. Read the [token auth configuration documentation][token-config]. | + ## Container Registry domain configuration -There are two ways you can configure the container Registry domain. Either use +There are two ways you can configure the Registry's external domain. Either use the existing GitLab domain where in that case the Registry will listen on a port, or use a completely separate domain. Since the container Registry requires a TLS certificate, in the end it all boils down to how easy or pricey is to get a new TLS certificate. -1. If the Registry is configured to use its own domain, you will need a TLS - certificate for that specific domain (e.g., `registry.example.com`) or maybe - a wildcard certificate if hosted under a subdomain (e.g., `registry.gitlab.example.com`). -1. If the Registry is configured to use the existing GitLab domain, you can - expose the Registry on a port so that you can reuse the existing GitLab TLS - certificate. - Please take this into consideration before configuring the Container Registry for the first time. -Read more about Docker Registry at https://docs.docker.com/registry/introduction/. - ### Container Registry under existing GitLab domain -Lets assume that your GitLab instance is accessible at -`https://gitlab.example.com`. You can expose the Container Registry under -a separate port. +If the Registry is configured to use the existing GitLab domain, you can +expose the Registry on a port so that you can reuse the existing GitLab TLS +certificate. -Lets assume that you've exposed port `4567` in your network firewall. +Assuming that the GitLab domain is `https://gitlab.example.com` and the port the +Registry is exposed to the outside world is `4567`, here is what you need to set +in `gitlab.rb` or `gitlab.yml` if you are using Omnibus GitLab or installed +GitLab from source respectively. **Omnibus GitLab packages** ---- +1. Your `/etc/gitlab/gitlab.rb` should contain the Registry URL as well as the + path to the existing TLS certificate and key used by GitLab. -Your `/etc/gitlab/gitlab.rb` should contain the Container Registry URL as -well as the path to the existing SSL certificate and key used by GitLab. + ```ruby + registry_external_url 'https://gitlab.example.com:4567' -```ruby -registry_external_url 'https://gitlab.example.com:4567' + ## If your SSL certificate is not in /etc/gitlab/ssl/gitlab.example.com.crt + ## and key not in /etc/gitlab/ssl/gitlab.example.com.key uncomment the lines + ## below -## If your SSL certificate is not in /etc/gitlab/ssl/gitlab.example.com.crt -## and key not in /etc/gitlab/ssl/gitlab.example.com.key uncomment the lines -## below + # registry_nginx['ssl_certificate'] = "/path/to/certificate.pem" + # registry_nginx['ssl_certificate_key'] = "/path/to/certificate.key" + ``` -# registry_nginx['ssl_certificate'] = "/path/to/certificate.pem" -# registry_nginx['ssl_certificate_key'] = "/path/to/certificate.key" -``` +1. Save the file and [reconfigure GitLab][] for the changes to take effect. -Save the file and [reconfigure GitLab][] for the changes to take effect. +--- + +**Installation from source** + +``` +registry: + enabled: true + host: registry.gitlab.example.com + port: 5005 + api_url: http://localhost:5000/ + key_path: config/registry.key + path: shared/registry + issuer: gitlab-issuer +``` Users should now be able to login to the Container Registry using: @@ -89,7 +139,11 @@ with their GitLab credentials. ### Container Registry under its own domain -Lets assume that you want the Container Registry to be accessible at +If the Registry is configured to use its own domain, you will need a TLS +certificate for that specific domain (e.g., `registry.example.com`) or maybe +a wildcard certificate if hosted under a subdomain (e.g., `registry.gitlab.example.com`). + +Let's assume that you want the container Registry to be accessible at `https://registry.gitlab.example.com`. --- @@ -114,6 +168,17 @@ registry_external_url 'https://registry.gitlab.example.com' Save the file and [reconfigure GitLab][] for the changes to take effect. +``` +registry: + enabled: true + host: registry.gitlab.example.com + port: 5005 + api_url: http://localhost:5000/ + key_path: config/registry.key + path: shared/registry + issuer: gitlab-issuer +``` + Users should now be able to login to the Container Registry using: ```bash @@ -132,6 +197,17 @@ registry_nginx['ssl_certificate'] = "/etc/gitlab/ssl/certificate.pem" registry_nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/certificate.key" ``` +``` +registry: + enabled: true + host: registry.gitlab.example.com + port: 5005 + api_url: http://localhost:5000/ + key_path: config/registry.key + path: shared/registry + issuer: gitlab-issuer +``` + ## Container Registry storage path It is possible to change path where containers will be stored by the Container @@ -152,6 +228,17 @@ In `/etc/gitlab/gitlab.rb`: gitlab_rails['registry_path'] = "/path/to/registry/storage" ``` +``` +registry: + enabled: true + host: registry.gitlab.example.com + port: 5005 + api_url: http://localhost:5000/ + key_path: config/registry.key + path: shared/registry + issuer: gitlab-issuer +``` + Save the file and [reconfigure GitLab][] for the changes to take effect. **NOTE** You should confirm that the GitLab, registry and the web server user @@ -159,6 +246,31 @@ have access to this directory. ## Disable Container Registry +**Omnibus GitLab** + +``` +# Settings used by GitLab application +# gitlab_rails['registry_enabled'] = true +``` + +``` +# gitlab_rails['registry_host'] = "registry.gitlab.example.com" +# gitlab_rails['registry_api_url'] = "http://localhost:5000" +# gitlab_rails['registry_key_path'] = "/var/opt/gitlab/gitlab-rails/certificate.key" +# gitlab_rails['registry_path'] = "/var/opt/gitlab/gitlab-rails/shared/registry" +# gitlab_rails['registry_issuer'] = "omnibus-gitlab-issuer" + +# Settings used by Registry application +# registry['enable'] = true +# registry['username'] = "registry" +# registry['group'] = "registry" +# registry['uid'] = nil +# registry['gid'] = nil +# registry['dir'] = "/var/opt/gitlab/registry" +# registry['log_directory'] = "/var/log/gitlab/registry" +# registry['log_level'] = "info" +# registry['rootcertbundle'] = "/var/opt/gitlab/registry/certificate.crt" +``` ## Changelog @@ -167,3 +279,6 @@ have access to this directory. [wildcard certificate]: "https://en.wikipedia.org/wiki/Wildcard_certificate" [ce-4040]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/4040 [docker-insecure]: https://docs.docker.com/registry/insecure/ +[registry-deploy]: https://docs.docker.com/registry/deploying/ +[storage-config]: https://docs.docker.com/registry/configuration/#storage +[token-config]: https://docs.docker.com/registry/configuration/#token -- cgit v1.2.1 From e9817f21f4baa20244095f56dd0d45b5c2e9c5dc Mon Sep 17 00:00:00 2001 From: Achilleas Pipinellis Date: Sat, 21 May 2016 20:08:26 -0500 Subject: Major overhaul of the Registry admin docs --- doc/administration/container_registry.md | 294 ++++++++++++++++++++----------- 1 file changed, 187 insertions(+), 107 deletions(-) (limited to 'doc/administration') diff --git a/doc/administration/container_registry.md b/doc/administration/container_registry.md index 15c3c1a7470..21f086792cd 100644 --- a/doc/administration/container_registry.md +++ b/doc/administration/container_registry.md @@ -3,8 +3,8 @@ > **Note:** This feature was [introduced][ce-4040] in GitLab 8.8. -With the Docker container Registry integrated into GitLab, every project can -have its own space for Docker images. +With the Docker Container Registry integrated into GitLab, every project can +have its own space to store its Docker images. You can read more about Docker Registry at https://docs.docker.com/registry/introduction/. @@ -14,18 +14,22 @@ You can read more about Docker Registry at https://docs.docker.com/registry/intr **Table of Contents** *generated with [DocToc](https://github.com/thlorenz/doctoc)* -- [Differences between Omnibus and source installations](#differences-between-omnibus-and-source-installations) +- [How to enable the Container Registry](#how-to-enable-the-container-registry) - [Container Registry domain configuration](#container-registry-domain-configuration) - - [Container Registry under existing GitLab domain](#container-registry-under-existing-gitlab-domain) - - [Container Registry under its own domain](#container-registry-under-its-own-domain) + - [Configure Container Registry under an existing GitLab domain](#configure-container-registry-under-an-existing-gitlab-domain) + - [Configure Container Registry under its own domain](#configure-container-registry-under-its-own-domain) +- [Disable Container Registry site-wide](#disable-container-registry-site-wide) +- [Disable Container Registry per project](#disable-container-registry-per-project) +- [Disable Container Registry for new projects site-wide](#disable-container-registry-for-new-projects-site-wide) - [Container Registry storage path](#container-registry-storage-path) -- [Disable Container Registry](#disable-container-registry) +- [Storage limitations](#storage-limitations) - [Changelog](#changelog) +## How to enable the Container Registry -## Differences between Omnibus and source installations +**Omnibus GitLab installations** If you are using Omnibus, you have to bare in mind the following: @@ -35,19 +39,21 @@ If you are using Omnibus, you have to bare in mind the following: on how to achieve that. You will also have to configure your firewall to allow connections to that port. - The container Registry works under HTTPS by default. Using HTTP is possible - but not recommended and out of the scope of this document, - [see the insecure Registry documentation][docker-insecure] if you want to + but not recommended and out of the scope of this document. + [See the insecure Registry documentation][docker-insecure] if you want to implement this. --- +**Installations from source** + If you have installed GitLab from source: -- Omnibus has some things configured for you -- You will have to install Docker Registry by yourself. You can follow the - [official documentation][registry-deploy]. -- The container Registry will not be enabled by default, you will have to - configure it in `gitlab.yml`. +1. You will have to [install Docker Registry][registry-deploy] by yourself. +1. After the installation is complete, you will have to configure the Registry's + settings `gitlab.yml` in order to enable it. +1. Use the sample NGINX configuration file that is found under + [`lib/support/nginx/registry-ssl`][registry-ssl]. The contents of `gitlab.yml` are: @@ -66,26 +72,31 @@ where: | Parameter | Description | | --------- | ----------- | -| `enabled` | Enables the Registry in GitLab. By default this is false. | +| `enabled` | `true` or `false`. Enables the Registry in GitLab. By default this is `false`. | | `host` | The host URL under which the Registry will run and the users will be able to use. | | `port` | The port under which the external Registry domain will listen on. | | `api_url` | The internal API URL under which the Registry is exposed to. It defaults to `http://localhost:5000`. | | `key_path`| The private key location that is a pair of Registry's `rootcertbundle`. Read the [token auth configuration documentation][token-config]. | -| `path` | This should be the same directory like specified in Registry's `rootdirectory`. Read the [storage configuration documentation][storage-config]. | +| `path` | This should be the same directory like specified in Registry's `rootdirectory`. Read the [storage configuration documentation][storage-config]. This path needs to be readable by the GitLab user, the web-server user and the Registry user. Read more in [#container-registry-storage-path](#container-registry-storage-path). | | `issuer` | This should be the same value as configured in Registry's `issuer`. Read the [token auth configuration documentation][token-config]. | +>**Note:** +GitLab does not ship with a Registry init file. Hence, [restarting GitLab][restart gitlab] +will not restart the Registry should you modify its settings. Read the upstream +documentation on how to achieve that. + ## Container Registry domain configuration There are two ways you can configure the Registry's external domain. Either use the existing GitLab domain where in that case the Registry will listen on a port, or use a completely separate domain. Since the container Registry requires a -TLS certificate, in the end it all boils down to how easy or pricey is to -get a new TLS certificate. +TLS certificate, in the end it all boils down to how easy or pricey is to get a +new TLS certificate. Please take this into consideration before configuring the Container Registry for the first time. -### Container Registry under existing GitLab domain +### Configure Container Registry under an existing GitLab domain If the Registry is configured to use the existing GitLab domain, you can expose the Registry on a port so that you can reuse the existing GitLab TLS @@ -96,118 +107,203 @@ Registry is exposed to the outside world is `4567`, here is what you need to set in `gitlab.rb` or `gitlab.yml` if you are using Omnibus GitLab or installed GitLab from source respectively. -**Omnibus GitLab packages** +--- + +**Omnibus GitLab installations** + +>**Note:** +If you are using HTTPS in your Omnibus packages, then the Registry will be +enabled by default and exposed under port `5005`. Follow the steps below only if +you want to change the default port. 1. Your `/etc/gitlab/gitlab.rb` should contain the Registry URL as well as the - path to the existing TLS certificate and key used by GitLab. + path to the existing TLS certificate and key used by GitLab: ```ruby + gitlab_rails['registry_port'] = "4567" + gitlab_rails['registry_host'] = "gitlab.example.com" + + # The following setting is needed for NGINX registry_external_url 'https://gitlab.example.com:4567' + ``` - ## If your SSL certificate is not in /etc/gitlab/ssl/gitlab.example.com.crt - ## and key not in /etc/gitlab/ssl/gitlab.example.com.key uncomment the lines - ## below + If your TLS certificate is not in `/etc/gitlab/ssl/gitlab.example.com.crt` + and key not in `/etc/gitlab/ssl/gitlab.example.com.key` uncomment the lines + below: - # registry_nginx['ssl_certificate'] = "/path/to/certificate.pem" - # registry_nginx['ssl_certificate_key'] = "/path/to/certificate.key" + ```ruby + registry_nginx['ssl_certificate'] = "/path/to/certificate.pem" + registry_nginx['ssl_certificate_key'] = "/path/to/certificate.key" ``` 1. Save the file and [reconfigure GitLab][] for the changes to take effect. --- -**Installation from source** +**Installations from source** -``` -registry: - enabled: true - host: registry.gitlab.example.com - port: 5005 - api_url: http://localhost:5000/ - key_path: config/registry.key - path: shared/registry - issuer: gitlab-issuer -``` +1. Open `/home/git/gitlab/config/gitlab.yml`, find the `registry` entry and + configure it with the following settings: + + ``` + registry: + enabled: true + host: gitlab.example.com + port: 4567 + ``` -Users should now be able to login to the Container Registry using: +1. Save the file and [restart GitLab][] for the changes to take effect. +1. Make the relevant changes in NGINX as well (domain, port, TLS certificates path). + +--- + +Users should now be able to login to the Container Registry with their GitLab +credentials using: ```bash docker login gitlab.example.com:4567 ``` -with their GitLab credentials. - -### Container Registry under its own domain +### Configure Container Registry under its own domain If the Registry is configured to use its own domain, you will need a TLS certificate for that specific domain (e.g., `registry.example.com`) or maybe -a wildcard certificate if hosted under a subdomain (e.g., `registry.gitlab.example.com`). +a wildcard certificate if hosted under a subdomain of your existing GitLab +domain (e.g., `registry.gitlab.example.com`). Let's assume that you want the container Registry to be accessible at `https://registry.gitlab.example.com`. --- -**Omnibus GitLab packages** +**Omnibus GitLab installations** -Place your SSL certificate and key in -`/etc/gitlab/ssl/registry.gitlab.example.com.crt` -and -`/etc/gitlab/ssl/registry.gitlab.example.com.key` and make sure they have -correct permissions: +1. Place your TLS certificate and key in + `/etc/gitlab/ssl/registry.gitlab.example.com.crt` and + `/etc/gitlab/ssl/registry.gitlab.example.com.key` and make sure they have + correct permissions: -```bash -chmod 600 /etc/gitlab/ssl/registry.gitlab.example.com.* -``` + ```bash + chmod 600 /etc/gitlab/ssl/registry.gitlab.example.com.* + ``` + +1. Once the TLS certificate is in place, edit `/etc/gitlab/gitlab.rb` with: + + ```ruby + registry_external_url 'https://registry.gitlab.example.com' + ``` -Once the SSL certificate is in place, edit `/etc/gitlab/gitlab.rb` with: +1. Save the file and [reconfigure GitLab][] for the changes to take effect. +> **Note:** +If you have a [wildcard certificate][], you need to specify the path to the +certificate in addition to the URL, in this case `/etc/gitlab/gitlab.rb` will +look like: +> ```ruby registry_external_url 'https://registry.gitlab.example.com' +registry_nginx['ssl_certificate'] = "/etc/gitlab/ssl/certificate.pem" +registry_nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/certificate.key" ``` -Save the file and [reconfigure GitLab][] for the changes to take effect. +--- -``` -registry: - enabled: true - host: registry.gitlab.example.com - port: 5005 - api_url: http://localhost:5000/ - key_path: config/registry.key - path: shared/registry - issuer: gitlab-issuer -``` +**Installations from source** + +1. Open `/home/git/gitlab/config/gitlab.yml`, find the `registry` entry and + configure it with the following settings: + + ``` + registry: + enabled: true + host: registry.gitlab.example.com + port: 4567 + ``` + +1. Save the file and [restart GitLab][] for the changes to take effect. +1. Make the relevant changes in NGINX as well (domain, port, TLS certificates path). + +--- -Users should now be able to login to the Container Registry using: +Users should now be able to login to the Container Registry using their GitLab +credentials: ```bash docker login registry.gitlab.example.com ``` -with their GitLab credentials. +## Disable Container Registry site-wide -If you have a [wildcard certificate][], you need to specify the path to the -certificate in addition to the URL, in this case `/etc/gitlab/gitlab.rb` will -look like: +**Omnibus GitLab** ```ruby -registry_external_url 'https://registry.gitlab.example.com' -registry_nginx['ssl_certificate'] = "/etc/gitlab/ssl/certificate.pem" -registry_nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/certificate.key" +gitlab_rails['registry_enabled'] = true ``` ``` -registry: - enabled: true - host: registry.gitlab.example.com - port: 5005 - api_url: http://localhost:5000/ - key_path: config/registry.key - path: shared/registry - issuer: gitlab-issuer +# gitlab_rails['registry_port'] = "5005" +# gitlab_rails['registry_host'] = "registry.gitlab.example.com" +# gitlab_rails['registry_api_url'] = "http://localhost:5000" +# gitlab_rails['registry_key_path'] = "/var/opt/gitlab/gitlab-rails/certificate.key" +# gitlab_rails['registry_path'] = "/var/opt/gitlab/gitlab-rails/shared/registry" +# gitlab_rails['registry_issuer'] = "omnibus-gitlab-issuer" + +# Settings used by Registry application +# registry['enable'] = true +# registry['username'] = "registry" +# registry['group'] = "registry" +# registry['uid'] = nil +# registry['gid'] = nil +# registry['dir'] = "/var/opt/gitlab/registry" +# registry['log_directory'] = "/var/log/gitlab/registry" +# registry['log_level'] = "info" +# registry['rootcertbundle'] = "/var/opt/gitlab/registry/certificate.crt" ``` +## Disable Container Registry per project + +If Registry is enabled in your GitLab instance, but you don't need it for your +project, you can disable it from your project's settings. Read the user guide +on how to achieve that. + +## Disable Container Registry for new projects site-wide + +The Registry is enabled by default on all new projects. To disable this function +and let the owners of a project to enable Registry by themselves, follow the +steps below. + +--- + +**Omnibus GitLab installations** + +1. Edit `/etc/gitlab/gitlab.rb` and add the following line: + + ```ruby + gitlab_rails['gitlab_default_projects_features_container_registry'] = false + ``` + +1. Save the file and [reconfigure GitLab][] for the changes to take effect. + +--- + +**Installations from source** + +1. Open `/home/git/gitlab/config/gitlab.yml`, find the `default_projects_features` + entry and configure it so that `container_registry` is set to `false`: + + ``` + ## Default project features settings + default_projects_features: + issues: true + merge_requests: true + wiki: true + snippets: false + builds: true + container_registry: false + ``` + +1. Save the file and [restart GitLab][] for the changes to take effect. + ## Container Registry storage path It is possible to change path where containers will be stored by the Container @@ -244,41 +340,25 @@ Save the file and [reconfigure GitLab][] for the changes to take effect. **NOTE** You should confirm that the GitLab, registry and the web server user have access to this directory. -## Disable Container Registry - -**Omnibus GitLab** - -``` -# Settings used by GitLab application -# gitlab_rails['registry_enabled'] = true -``` - -``` -# gitlab_rails['registry_host'] = "registry.gitlab.example.com" -# gitlab_rails['registry_api_url'] = "http://localhost:5000" -# gitlab_rails['registry_key_path'] = "/var/opt/gitlab/gitlab-rails/certificate.key" -# gitlab_rails['registry_path'] = "/var/opt/gitlab/gitlab-rails/shared/registry" -# gitlab_rails['registry_issuer'] = "omnibus-gitlab-issuer" +## Storage limitations -# Settings used by Registry application -# registry['enable'] = true -# registry['username'] = "registry" -# registry['group'] = "registry" -# registry['uid'] = nil -# registry['gid'] = nil -# registry['dir'] = "/var/opt/gitlab/registry" -# registry['log_directory'] = "/var/log/gitlab/registry" -# registry['log_level'] = "info" -# registry['rootcertbundle'] = "/var/opt/gitlab/registry/certificate.crt" -``` +Currently, there is no storage limitation, which means a user can upload an +infinite amount of Docker images with arbitrary sizes. This setting will be +configurable in future releases. ## Changelog +**GitLab 8.8 ([source docs][8-8-docs])** + +- GitLab Container Registry feature was introduced. -[reconfigure gitlab]: ../../administration/restart_gitlab.md "How to restart GitLab documentation" -[wildcard certificate]: "https://en.wikipedia.org/wiki/Wildcard_certificate" +[reconfigure gitlab]: restart_gitlab.md#omnibus-gitlab-reconfigure +[restart gitlab]: restart_gitlab.md#installations-from-source +[wildcard certificate]: https://en.wikipedia.org/wiki/Wildcard_certificate [ce-4040]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/4040 [docker-insecure]: https://docs.docker.com/registry/insecure/ [registry-deploy]: https://docs.docker.com/registry/deploying/ [storage-config]: https://docs.docker.com/registry/configuration/#storage [token-config]: https://docs.docker.com/registry/configuration/#token +[8-8-docs]: https://gitlab.com/gitlab-org/gitlab-ce/blob/8-8-stable/doc/administration/container_registry.md +[registry-ssl]: https://gitlab.com/gitlab-org/gitlab-ce/blob/master/lib/support/nginx/registry-ssl -- cgit v1.2.1 From 27067e565fb5c425b307a8e28c5dcab95fa8b0bf Mon Sep 17 00:00:00 2001 From: Achilleas Pipinellis Date: Sat, 21 May 2016 20:15:42 -0500 Subject: Clarify how the Registry is enabled in Omnibus --- doc/administration/container_registry.md | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) (limited to 'doc/administration') diff --git a/doc/administration/container_registry.md b/doc/administration/container_registry.md index 21f086792cd..435e7f627b0 100644 --- a/doc/administration/container_registry.md +++ b/doc/administration/container_registry.md @@ -34,14 +34,17 @@ You can read more about Docker Registry at https://docs.docker.com/registry/intr If you are using Omnibus, you have to bare in mind the following: - The container Registry will be enabled by default if GitLab is configured - with HTTPS and it will listen on port `5005`. If you want the Registry to - listen on a port other than `5005`, read [#Container Registry under existing GitLab domain](#container-registry-under-existing-gitlab-domain) + with HTTPS in new and existing installations (no action is required from the + administrator), and it will listen on port `5005`. If you wish to change it, + read [#Container Registry under existing GitLab domain](#container-registry-under-existing-gitlab-domain) on how to achieve that. You will also have to configure your firewall to allow - connections to that port. -- The container Registry works under HTTPS by default. Using HTTP is possible - but not recommended and out of the scope of this document. - [See the insecure Registry documentation][docker-insecure] if you want to - implement this. + incoming connections to that port. + +>**Note:** +The container Registry works under HTTPS by default. Using HTTP is possible +but not recommended and out of the scope of this document. +Read the [insecure Registry documentation][docker-insecure] if you want to +implement this. --- -- cgit v1.2.1 From e955f49fb7d8edeefc0d2647539276acf34d5731 Mon Sep 17 00:00:00 2001 From: Achilleas Pipinellis Date: Sun, 22 May 2016 17:23:30 -0500 Subject: Fix Registry docs now that it is not enabled be default --- doc/administration/container_registry.md | 43 ++++++++++++++++++++------------ 1 file changed, 27 insertions(+), 16 deletions(-) (limited to 'doc/administration') diff --git a/doc/administration/container_registry.md b/doc/administration/container_registry.md index 435e7f627b0..a3df14019f3 100644 --- a/doc/administration/container_registry.md +++ b/doc/administration/container_registry.md @@ -14,7 +14,7 @@ You can read more about Docker Registry at https://docs.docker.com/registry/intr **Table of Contents** *generated with [DocToc](https://github.com/thlorenz/doctoc)* -- [How to enable the Container Registry](#how-to-enable-the-container-registry) +- [Enable the Container Registry](#enable-the-container-registry) - [Container Registry domain configuration](#container-registry-domain-configuration) - [Configure Container Registry under an existing GitLab domain](#configure-container-registry-under-an-existing-gitlab-domain) - [Configure Container Registry under its own domain](#configure-container-registry-under-its-own-domain) @@ -27,18 +27,19 @@ You can read more about Docker Registry at https://docs.docker.com/registry/intr -## How to enable the Container Registry +## Enable the Container Registry **Omnibus GitLab installations** -If you are using Omnibus, you have to bare in mind the following: +1. Open `/etc/gitlab/gitlab.rb` and edit or add the following line: -- The container Registry will be enabled by default if GitLab is configured - with HTTPS in new and existing installations (no action is required from the - administrator), and it will listen on port `5005`. If you wish to change it, - read [#Container Registry under existing GitLab domain](#container-registry-under-existing-gitlab-domain) - on how to achieve that. You will also have to configure your firewall to allow - incoming connections to that port. + ```ruby + gitlab_rails['registry_enabled'] = true + ``` + +1. The next step is to configure the domain name under which the Container + Registry will listen to. Read [#container-registry-domain-configuration](#container-registry-domain-configuration) + and pick one of the two options that fits your case. >**Note:** The container Registry works under HTTPS by default. Using HTTP is possible @@ -54,9 +55,10 @@ If you have installed GitLab from source: 1. You will have to [install Docker Registry][registry-deploy] by yourself. 1. After the installation is complete, you will have to configure the Registry's - settings `gitlab.yml` in order to enable it. + settings in `gitlab.yml` in order to enable it. 1. Use the sample NGINX configuration file that is found under - [`lib/support/nginx/registry-ssl`][registry-ssl]. + [`lib/support/nginx/registry-ssl`][registry-ssl] and edit it to match the + `host`, `port` and TLS certs paths. The contents of `gitlab.yml` are: @@ -90,11 +92,15 @@ documentation on how to achieve that. ## Container Registry domain configuration -There are two ways you can configure the Registry's external domain. Either use -the existing GitLab domain where in that case the Registry will listen on a port, -or use a completely separate domain. Since the container Registry requires a -TLS certificate, in the end it all boils down to how easy or pricey is to get a -new TLS certificate. +There are two ways you can configure the Registry's external domain. + +- Either [use the existing GitLab domain][existing-domain] where in that case + the Registry will have to listen on a port and reuse GitLab's TLS certificate, +- or [use a completely separate domain][new-domain] with a new TLS certificate + for that domain. + +Since the container Registry requires a TLS certificate, in the end it all boils +down to how easy or pricey is to get a new one. Please take this into consideration before configuring the Container Registry for the first time. @@ -193,6 +199,9 @@ Let's assume that you want the container Registry to be accessible at 1. Once the TLS certificate is in place, edit `/etc/gitlab/gitlab.rb` with: ```ruby + gitlab_rails['registry_host'] = "registry.gitlab.example.com" + + # The following setting is needed for NGINX registry_external_url 'https://registry.gitlab.example.com' ``` @@ -365,3 +374,5 @@ configurable in future releases. [token-config]: https://docs.docker.com/registry/configuration/#token [8-8-docs]: https://gitlab.com/gitlab-org/gitlab-ce/blob/8-8-stable/doc/administration/container_registry.md [registry-ssl]: https://gitlab.com/gitlab-org/gitlab-ce/blob/master/lib/support/nginx/registry-ssl +[existing-domain]: #configure-container-registry-under-an-existing-gitlab-domain +[new-domain]: #configure-container-registry-under-its-own-domain -- cgit v1.2.1 From b565cfa50fa53bede268904d318547e593931f0b Mon Sep 17 00:00:00 2001 From: Achilleas Pipinellis Date: Sun, 22 May 2016 18:52:42 -0500 Subject: Fix remaining docs on enabling/disabling Registry --- doc/administration/container_registry.md | 67 ++++++++++++++++---------------- 1 file changed, 34 insertions(+), 33 deletions(-) (limited to 'doc/administration') diff --git a/doc/administration/container_registry.md b/doc/administration/container_registry.md index a3df14019f3..7d7d5fd1e84 100644 --- a/doc/administration/container_registry.md +++ b/doc/administration/container_registry.md @@ -120,22 +120,20 @@ GitLab from source respectively. **Omnibus GitLab installations** ->**Note:** -If you are using HTTPS in your Omnibus packages, then the Registry will be -enabled by default and exposed under port `5005`. Follow the steps below only if -you want to change the default port. - 1. Your `/etc/gitlab/gitlab.rb` should contain the Registry URL as well as the path to the existing TLS certificate and key used by GitLab: ```ruby - gitlab_rails['registry_port'] = "4567" gitlab_rails['registry_host'] = "gitlab.example.com" + gitlab_rails['registry_port'] = "4567" # The following setting is needed for NGINX registry_external_url 'https://gitlab.example.com:4567' ``` + Note how the `registry_external_url` is listening on HTTPS and is a + conjunction of `registry_host` and `registry_port`. + If your TLS certificate is not in `/etc/gitlab/ssl/gitlab.example.com.crt` and key not in `/etc/gitlab/ssl/gitlab.example.com.key` uncomment the lines below: @@ -213,7 +211,6 @@ certificate in addition to the URL, in this case `/etc/gitlab/gitlab.rb` will look like: > ```ruby -registry_external_url 'https://registry.gitlab.example.com' registry_nginx['ssl_certificate'] = "/etc/gitlab/ssl/certificate.pem" registry_nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/certificate.key" ``` @@ -229,7 +226,6 @@ registry_nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/certificate.key" registry: enabled: true host: registry.gitlab.example.com - port: 4567 ``` 1. Save the file and [restart GitLab][] for the changes to take effect. @@ -246,31 +242,36 @@ docker login registry.gitlab.example.com ## Disable Container Registry site-wide +>**Note:** +Disabling the Registry in the Rails GitLab application as set by the following +steps, will not remove any existing Docker images. This is handled by the +Registry application itself. + **Omnibus GitLab** -```ruby -gitlab_rails['registry_enabled'] = true -``` +1. Open `/etc/gitlab/gitlab.rb` and set `gitlab_rails['registry_enabled']` to + `false` and comment out the `registry_external_url`: -``` -# gitlab_rails['registry_port'] = "5005" -# gitlab_rails['registry_host'] = "registry.gitlab.example.com" -# gitlab_rails['registry_api_url'] = "http://localhost:5000" -# gitlab_rails['registry_key_path'] = "/var/opt/gitlab/gitlab-rails/certificate.key" -# gitlab_rails['registry_path'] = "/var/opt/gitlab/gitlab-rails/shared/registry" -# gitlab_rails['registry_issuer'] = "omnibus-gitlab-issuer" - -# Settings used by Registry application -# registry['enable'] = true -# registry['username'] = "registry" -# registry['group'] = "registry" -# registry['uid'] = nil -# registry['gid'] = nil -# registry['dir'] = "/var/opt/gitlab/registry" -# registry['log_directory'] = "/var/log/gitlab/registry" -# registry['log_level'] = "info" -# registry['rootcertbundle'] = "/var/opt/gitlab/registry/certificate.crt" -``` + ```ruby + gitlab_rails['registry_enabled'] = false + # registry_external_url 'https://registry.gitlab.example.com' + ``` + +1. Save the file and [reconfigure GitLab][] for the changes to take effect. + +--- + +**Installations from source** + +1. Open `/home/git/gitlab/config/gitlab.yml`, find the `registry` entry and + set `enabled` to `false`: + + ``` + registry: + enabled: false + ``` + +1. Save the file and [restart GitLab][] for the changes to take effect. ## Disable Container Registry per project @@ -280,9 +281,9 @@ on how to achieve that. ## Disable Container Registry for new projects site-wide -The Registry is enabled by default on all new projects. To disable this function -and let the owners of a project to enable Registry by themselves, follow the -steps below. +If the Container Registry is enabled, then it will be available on all new +projects. To disable this function and let the owners of a project to enable +the Container Registry by themselves, follow the steps below. --- -- cgit v1.2.1 From f896a4e0c1cb66392e069556c1c298915fc55d0e Mon Sep 17 00:00:00 2001 From: Achilleas Pipinellis Date: Sun, 22 May 2016 19:31:19 -0500 Subject: Refactor storage location section --- doc/administration/container_registry.md | 58 +++++++++++++++++++------------- 1 file changed, 34 insertions(+), 24 deletions(-) (limited to 'doc/administration') diff --git a/doc/administration/container_registry.md b/doc/administration/container_registry.md index 7d7d5fd1e84..e9d850ca685 100644 --- a/doc/administration/container_registry.md +++ b/doc/administration/container_registry.md @@ -319,39 +319,49 @@ the Container Registry by themselves, follow the steps below. ## Container Registry storage path -It is possible to change path where containers will be stored by the Container -Registry. +To change the storage path where Docker images will be stored, follow the +steps below. -**Omnibus GitLab packages** +This path is accessible to: + +- the user running the Container Registry daemon, +- the user running GitLab +- and to the user running the Nginx web server. + +> **Warning** You should confirm that all GitLab, Registry and web server users +have access to this directory. --- -By default, the path Container Registry is using to store the containers is in -`/var/opt/gitlab/gitlab-rails/shared/registry`. -This path is accessible to the user running the Container Registry daemon, -user running GitLab and to the user running Nginx web server. +**Omnibus GitLab installations** -In `/etc/gitlab/gitlab.rb`: +The default location where images are stored in Omnibus, is +`/var/opt/gitlab/gitlab-rails/shared/registry`. To change it: -```ruby -gitlab_rails['registry_path'] = "/path/to/registry/storage" -``` +1. Edit `/etc/gitlab/gitlab.rb`: -``` -registry: - enabled: true - host: registry.gitlab.example.com - port: 5005 - api_url: http://localhost:5000/ - key_path: config/registry.key - path: shared/registry - issuer: gitlab-issuer -``` + ```ruby + gitlab_rails['registry_path'] = "/path/to/registry/storage" + ``` -Save the file and [reconfigure GitLab][] for the changes to take effect. +1. Save the file and [reconfigure GitLab][] for the changes to take effect. -**NOTE** You should confirm that the GitLab, registry and the web server user -have access to this directory. +--- + +**Installations from source** + +The default location where images are stored in source installations, is +`/home/git/gitlab/shared/registry`. To change it: + +1. Open `/home/git/gitlab/config/gitlab.yml`, find the `registry` entry and + change the `path` setting: + + ``` + registry: + path: shared/registry + ``` + +1. Save the file and [restart GitLab][] for the changes to take effect. ## Storage limitations -- cgit v1.2.1 From c01f99b768d0209c67e73b16751cacede2d8d6ad Mon Sep 17 00:00:00 2001 From: Achilleas Pipinellis Date: Sun, 22 May 2016 19:53:19 -0500 Subject: Fixes suggested by Kamil --- doc/administration/container_registry.md | 32 +++++++++----------------------- 1 file changed, 9 insertions(+), 23 deletions(-) (limited to 'doc/administration') diff --git a/doc/administration/container_registry.md b/doc/administration/container_registry.md index e9d850ca685..caf9a5bef2c 100644 --- a/doc/administration/container_registry.md +++ b/doc/administration/container_registry.md @@ -31,15 +31,9 @@ You can read more about Docker Registry at https://docs.docker.com/registry/intr **Omnibus GitLab installations** -1. Open `/etc/gitlab/gitlab.rb` and edit or add the following line: - - ```ruby - gitlab_rails['registry_enabled'] = true - ``` - -1. The next step is to configure the domain name under which the Container - Registry will listen to. Read [#container-registry-domain-configuration](#container-registry-domain-configuration) - and pick one of the two options that fits your case. +All you have to do is configure the domain name under which the Container +Registry will listen to. Read [#container-registry-domain-configuration](#container-registry-domain-configuration) +and pick one of the two options that fits your case. >**Note:** The container Registry works under HTTPS by default. Using HTTP is possible @@ -124,15 +118,11 @@ GitLab from source respectively. path to the existing TLS certificate and key used by GitLab: ```ruby - gitlab_rails['registry_host'] = "gitlab.example.com" - gitlab_rails['registry_port'] = "4567" - - # The following setting is needed for NGINX registry_external_url 'https://gitlab.example.com:4567' ``` - Note how the `registry_external_url` is listening on HTTPS and is a - conjunction of `registry_host` and `registry_port`. + Note how the `registry_external_url` is listening on HTTPS under the + existing GitLab URL, but on a different port. If your TLS certificate is not in `/etc/gitlab/ssl/gitlab.example.com.crt` and key not in `/etc/gitlab/ssl/gitlab.example.com.key` uncomment the lines @@ -197,12 +187,11 @@ Let's assume that you want the container Registry to be accessible at 1. Once the TLS certificate is in place, edit `/etc/gitlab/gitlab.rb` with: ```ruby - gitlab_rails['registry_host'] = "registry.gitlab.example.com" - - # The following setting is needed for NGINX registry_external_url 'https://registry.gitlab.example.com' ``` + Note how the `registry_external_url` is listening on HTTPS. + 1. Save the file and [reconfigure GitLab][] for the changes to take effect. > **Note:** @@ -249,12 +238,10 @@ Registry application itself. **Omnibus GitLab** -1. Open `/etc/gitlab/gitlab.rb` and set `gitlab_rails['registry_enabled']` to - `false` and comment out the `registry_external_url`: +1. Open `/etc/gitlab/gitlab.rb` and set `registry['enable']` to `false`: ```ruby - gitlab_rails['registry_enabled'] = false - # registry_external_url 'https://registry.gitlab.example.com' + registry['enable'] = false ``` 1. Save the file and [reconfigure GitLab][] for the changes to take effect. @@ -326,7 +313,6 @@ This path is accessible to: - the user running the Container Registry daemon, - the user running GitLab -- and to the user running the Nginx web server. > **Warning** You should confirm that all GitLab, Registry and web server users have access to this directory. -- cgit v1.2.1 From b10b6f963dd0d0da26e1750263e6b970b839ba0f Mon Sep 17 00:00:00 2001 From: Drew Blessing Date: Wed, 25 May 2016 11:30:11 -0500 Subject: Add new HA diagrams [ci skip] --- doc/administration/high_availability/README.md | 4 ++++ .../img/high_availability/active-active-diagram.png | Bin 0 -> 29607 bytes .../img/high_availability/active-passive-diagram.png | Bin 0 -> 24246 bytes 3 files changed, 4 insertions(+) create mode 100644 doc/administration/img/high_availability/active-active-diagram.png create mode 100644 doc/administration/img/high_availability/active-passive-diagram.png (limited to 'doc/administration') diff --git a/doc/administration/high_availability/README.md b/doc/administration/high_availability/README.md index 43d85ffb775..d74a786ac24 100644 --- a/doc/administration/high_availability/README.md +++ b/doc/administration/high_availability/README.md @@ -19,6 +19,8 @@ Components/Servers Required: - 2 servers/virtual machines (one active/one passive) +![Active/Passive HA Diagram](../img/high_availability/active-passive-diagram.png) + ### Active/Active This architecture scales easily because all application servers handle @@ -26,6 +28,8 @@ user requests simultaneously. The database, Redis, and GitLab application are all deployed on separate servers. The configuration is **only** highly-available if the database, Redis and storage are also configured as such. +![Active/Active HA Diagram](../img/high_availability/active-active-diagram.png) + **Steps to configure active/active:** 1. [Configure the database](database.md) diff --git a/doc/administration/img/high_availability/active-active-diagram.png b/doc/administration/img/high_availability/active-active-diagram.png new file mode 100644 index 00000000000..81259e0ae93 Binary files /dev/null and b/doc/administration/img/high_availability/active-active-diagram.png differ diff --git a/doc/administration/img/high_availability/active-passive-diagram.png b/doc/administration/img/high_availability/active-passive-diagram.png new file mode 100644 index 00000000000..f69ff1d0357 Binary files /dev/null and b/doc/administration/img/high_availability/active-passive-diagram.png differ -- cgit v1.2.1 From 8e31da9445255f43ee230b8cfaecafbcf7f1ade6 Mon Sep 17 00:00:00 2001 From: Chris Spicer Date: Sun, 29 May 2016 22:30:16 -0700 Subject: commited -> committed --- doc/administration/repository_checks.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'doc/administration') diff --git a/doc/administration/repository_checks.md b/doc/administration/repository_checks.md index 3411e4af6a7..4172b604cec 100644 --- a/doc/administration/repository_checks.md +++ b/doc/administration/repository_checks.md @@ -5,7 +5,7 @@ This feature was [introduced][ce-3232] in GitLab 8.7. It is OFF by default because it still causes too many false alarms. Git has a built-in mechanism, [git fsck][git-fsck], to verify the -integrity of all data commited to a repository. GitLab administrators +integrity of all data committed to a repository. GitLab administrators can trigger such a check for a project via the project page under the admin panel. The checks run asynchronously so it may take a few minutes before the check result is visible on the project admin page. If the @@ -41,4 +41,4 @@ alarms you can choose to clear ALL repository check states from the --- [ce-3232]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/3232 "Auto git fsck" -[git-fsck]: https://www.kernel.org/pub/software/scm/git/docs/git-fsck.html "git fsck documentation" \ No newline at end of file +[git-fsck]: https://www.kernel.org/pub/software/scm/git/docs/git-fsck.html "git fsck documentation" -- cgit v1.2.1 From 91496a09656948e713910a05f1c49417b628c26c Mon Sep 17 00:00:00 2001 From: Drew Blessing Date: Wed, 1 Jun 2016 14:44:29 -0500 Subject: Add gdb detach instructions --- doc/administration/troubleshooting/sidekiq.md | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'doc/administration') diff --git a/doc/administration/troubleshooting/sidekiq.md b/doc/administration/troubleshooting/sidekiq.md index 134a7583762..a776cd3f05e 100644 --- a/doc/administration/troubleshooting/sidekiq.md +++ b/doc/administration/troubleshooting/sidekiq.md @@ -150,6 +150,14 @@ To output a backtrace from all threads at once: apply all thread bt ``` +Once you're done debugging with `gdb`, be sure to detach from the process and +exit: + +``` +detach +exit +``` + ## Check for blocking queries Sometimes the speed at which Sidekiq processes jobs can be so fast that it can -- cgit v1.2.1 From c1923aef04d63050376e14033a6a04a1e3ae0904 Mon Sep 17 00:00:00 2001 From: Drew Blessing Date: Wed, 1 Jun 2016 14:46:07 -0500 Subject: Explicitly mention advisory file locking --- doc/administration/high_availability/nfs.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'doc/administration') diff --git a/doc/administration/high_availability/nfs.md b/doc/administration/high_availability/nfs.md index 49ff5d536a1..537f4f3501d 100644 --- a/doc/administration/high_availability/nfs.md +++ b/doc/administration/high_availability/nfs.md @@ -2,8 +2,8 @@ ## Required NFS Server features -**File locking**: GitLab **requires** file locking which is only supported -natively in NFS version 4. NFSv3 also supports locking as long as +**File locking**: GitLab **requires** advisory file locking, which is only +supported natively in NFS version 4. NFSv3 also supports locking as long as Linux Kernel 2.6.5+ is used. We recommend using version 4 and do not specifically test NFSv3. -- cgit v1.2.1 From 0e7abb4c2851131ccc5a81e1923824ac845bbe3f Mon Sep 17 00:00:00 2001 From: Achilleas Pipinellis Date: Fri, 10 Jun 2016 15:53:38 +0200 Subject: Fix incorrect registry key value Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/18441 --- doc/administration/container_registry.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'doc/administration') diff --git a/doc/administration/container_registry.md b/doc/administration/container_registry.md index caf9a5bef2c..7870669fa77 100644 --- a/doc/administration/container_registry.md +++ b/doc/administration/container_registry.md @@ -62,7 +62,7 @@ registry: host: registry.gitlab.example.com port: 5005 api_url: http://localhost:5000/ - key_path: config/registry.key + key: config/registry.key path: shared/registry issuer: gitlab-issuer ``` @@ -75,7 +75,7 @@ where: | `host` | The host URL under which the Registry will run and the users will be able to use. | | `port` | The port under which the external Registry domain will listen on. | | `api_url` | The internal API URL under which the Registry is exposed to. It defaults to `http://localhost:5000`. | -| `key_path`| The private key location that is a pair of Registry's `rootcertbundle`. Read the [token auth configuration documentation][token-config]. | +| `key` | The private key location that is a pair of Registry's `rootcertbundle`. Read the [token auth configuration documentation][token-config]. | | `path` | This should be the same directory like specified in Registry's `rootdirectory`. Read the [storage configuration documentation][storage-config]. This path needs to be readable by the GitLab user, the web-server user and the Registry user. Read more in [#container-registry-storage-path](#container-registry-storage-path). | | `issuer` | This should be the same value as configured in Registry's `issuer`. Read the [token auth configuration documentation][token-config]. | -- cgit v1.2.1 From 35e9fc98655e72ea67f4e04015d255fe7f242717 Mon Sep 17 00:00:00 2001 From: Achilleas Pipinellis Date: Mon, 13 Jun 2016 13:52:20 +0200 Subject: Move logs/logs.md to administration/logs.md [ci skip] --- doc/administration/logs.md | 137 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 137 insertions(+) create mode 100644 doc/administration/logs.md (limited to 'doc/administration') diff --git a/doc/administration/logs.md b/doc/administration/logs.md new file mode 100644 index 00000000000..737b39db16c --- /dev/null +++ b/doc/administration/logs.md @@ -0,0 +1,137 @@ +## Log system + +GitLab has an advanced log system where everything is logged so that you +can analyze your instance using various system log files. In addition to +system log files, GitLab Enterprise Edition comes with Audit Events. +Find more about them [in Audit Events +documentation](http://docs.gitlab.com/ee/administration/audit_events.html) + +System log files are typically plain text in a standard log file format. +This guide talks about how to read and use these system log files. + +### production.log + +This file lives in `/var/log/gitlab/gitlab-rails/production.log` for +omnibus package or in `/home/git/gitlab/log/production.log` for +installations from source. + +It contains information about all performed requests. You can see the +URL and type of request, IP address and what exactly parts of code were +involved to service this particular request. Also you can see all SQL +request that have been performed and how much time it took. This task is +more useful for GitLab contributors and developers. Use part of this log +file when you are going to report bug. For example: + +``` +Started GET "/gitlabhq/yaml_db/tree/master" for 168.111.56.1 at 2015-02-12 19:34:53 +0200 +Processing by Projects::TreeController#show as HTML + Parameters: {"project_id"=>"gitlabhq/yaml_db", "id"=>"master"} + + ... [CUT OUT] + + Namespaces"."created_at" DESC, "namespaces"."id" DESC LIMIT 1 [["id", 26]] + CACHE (0.0ms) SELECT "members".* FROM "members" WHERE "members"."source_type" = 'Project' AND "members"."type" IN ('ProjectMember') AND "members"."source_id" = $1 AND "members"."source_type" = $2 AND "members"."user_id" = 1 ORDER BY "members"."created_at" DESC, "members"."id" DESC LIMIT 1 [["source_id", 18], ["source_type", "Project"]] + CACHE (0.0ms) SELECT "members".* FROM "members" WHERE "members"."source_type" = 'Project' AND "members". + (1.4ms) SELECT COUNT(*) FROM "merge_requests" WHERE "merge_requests"."target_project_id" = $1 AND ("merge_requests"."state" IN ('opened','reopened')) [["target_project_id", 18]] + Rendered layouts/nav/_project.html.haml (28.0ms) + Rendered layouts/_collapse_button.html.haml (0.2ms) + Rendered layouts/_flash.html.haml (0.1ms) + Rendered layouts/_page.html.haml (32.9ms) +Completed 200 OK in 166ms (Views: 117.4ms | ActiveRecord: 27.2ms) +``` + +In this example we can see that server processed an HTTP request with URL +`/gitlabhq/yaml_db/tree/master` from IP 168.111.56.1 at 2015-02-12 +19:34:53 +0200. Also we can see that request was processed by +`Projects::TreeController`. + +### application.log + +This file lives in `/var/log/gitlab/gitlab-rails/application.log` for +omnibus package or in `/home/git/gitlab/log/application.log` for +installations from source. + +It helps you discover events happening in your instance such as user creation, +project removing and so on. For example: + +``` +October 06, 2014 11:56: User "Administrator" (admin@example.com) was created +October 06, 2014 11:56: Documentcloud created a new project "Documentcloud / Underscore" +October 06, 2014 11:56: Gitlab Org created a new project "Gitlab Org / Gitlab Ce" +October 07, 2014 11:25: User "Claudie Hodkiewicz" (nasir_stehr@olson.co.uk) was removed +October 07, 2014 11:25: Project "project133" was removed +``` + +### githost.log + +This file lives in `/var/log/gitlab/gitlab-rails/githost.log` for +omnibus package or in `/home/git/gitlab/log/githost.log` for +installations from source. + +GitLab has to interact with Git repositories but in some rare cases +something can go wrong and in this case you will know what exactly +happened. This log file contains all failed requests from GitLab to Git +repositories. In the majority of cases this file will be useful for developers +only. For example: + +``` +December 03, 2014 13:20 -> ERROR -> Command failed [1]: /usr/bin/git --git-dir=/Users/vsizov/gitlab-development-kit/gitlab/tmp/tests/gitlab-satellites/group184/gitlabhq/.git --work-tree=/Users/vsizov/gitlab-development-kit/gitlab/tmp/tests/gitlab-satellites/group184/gitlabhq merge --no-ff -mMerge branch 'feature_conflict' into 'feature' source/feature_conflict + +error: failed to push some refs to '/Users/vsizov/gitlab-development-kit/repositories/gitlabhq/gitlab_git.git' +``` + +### sidekiq.log + +This file lives in `/var/log/gitlab/gitlab-rails/sidekiq.log` for +omnibus package or in `/home/git/gitlab/log/sidekiq.log` for +installations from source. + +GitLab uses background jobs for processing tasks which can take a long +time. All information about processing these jobs are written down to +this file. For example: + +``` +2014-06-10T07:55:20Z 2037 TID-tm504 ERROR: /opt/bitnami/apps/discourse/htdocs/vendor/bundle/ruby/1.9.1/gems/redis-3.0.7/lib/redis/client.rb:228:in `read' +2014-06-10T18:18:26Z 14299 TID-55uqo INFO: Booting Sidekiq 3.0.0 with redis options {:url=>"redis://localhost:6379/0", :namespace=>"sidekiq"} +``` + +### gitlab-shell.log + +This file lives in `/var/log/gitlab/gitlab-shell/gitlab-shell.log` for +omnibus package or in `/home/git/gitlab-shell/gitlab-shell.log` for +installations from source. + +GitLab shell is used by Gitlab for executing Git commands and provide +SSH access to Git repositories. For example: + +``` +I, [2015-02-13T06:17:00.671315 #9291] INFO -- : Adding project root/example.git at . +I, [2015-02-13T06:17:00.679433 #9291] INFO -- : Moving existing hooks directory and symlinking global hooks directory for /var/opt/gitlab/git-data/repositories/root/example.git. +``` + +### unicorn\_stderr.log + +This file lives in `/var/log/gitlab/unicorn/unicorn_stderr.log` for +omnibus package or in `/home/git/gitlab/log/unicorn_stderr.log` for +installations from source. + +Unicorn is a high-performance forking Web server which is used for +serving the GitLab application. You can look at this log if, for +example, your application does not respond. This log contains all +information about the state of unicorn processes at any given time. + +``` +I, [2015-02-13T06:14:46.680381 #9047] INFO -- : Refreshing Gem list +I, [2015-02-13T06:14:56.931002 #9047] INFO -- : listening on addr=127.0.0.1:8080 fd=12 +I, [2015-02-13T06:14:56.931381 #9047] INFO -- : listening on addr=/var/opt/gitlab/gitlab-rails/sockets/gitlab.socket fd=13 +I, [2015-02-13T06:14:56.936638 #9047] INFO -- : master process ready +I, [2015-02-13T06:14:56.946504 #9092] INFO -- : worker=0 spawned pid=9092 +I, [2015-02-13T06:14:56.946943 #9092] INFO -- : worker=0 ready +I, [2015-02-13T06:14:56.947892 #9094] INFO -- : worker=1 spawned pid=9094 +I, [2015-02-13T06:14:56.948181 #9094] INFO -- : worker=1 ready +W, [2015-02-13T07:16:01.312916 #9094] WARN -- : #: worker (pid: 9094) exceeds memory limit (320626688 bytes > 247066940 bytes) +W, [2015-02-13T07:16:01.313000 #9094] WARN -- : Unicorn::WorkerKiller send SIGQUIT (pid: 9094) alive: 3621 sec (trial 1) +I, [2015-02-13T07:16:01.530733 #9047] INFO -- : reaped # worker=1 +I, [2015-02-13T07:16:01.534501 #13379] INFO -- : worker=1 spawned pid=13379 +I, [2015-02-13T07:16:01.534848 #13379] INFO -- : worker=1 ready +``` -- cgit v1.2.1