diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-04-10 00:09:19 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-04-10 00:09:19 +0300 |
commit | 254ec28f5448f6f353cd98f637985de3d1405854 (patch) | |
tree | 1c84ed7b7dd32db96454af034cd6c7e90699e76d /doc/administration | |
parent | 141902c04943d5fb43c014b8cf42af60a3bc0cdf (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'doc/administration')
-rw-r--r-- | doc/administration/gitaly/praefect.md | 40 | ||||
-rw-r--r-- | doc/administration/logs.md | 37 |
2 files changed, 68 insertions, 9 deletions
diff --git a/doc/administration/gitaly/praefect.md b/doc/administration/gitaly/praefect.md index 0a0e193658e..737deaa7f4e 100644 --- a/doc/administration/gitaly/praefect.md +++ b/doc/administration/gitaly/praefect.md @@ -60,12 +60,18 @@ GitLab](https://about.gitlab.com/install/). - 1 Praefect node (minimal storage required) - 3 Gitaly nodes (high CPU, high memory, fast storage) +- 1 GitLab server You will need the IP/host address for each node. 1. `POSTGRESQL_SERVER_ADDRESS`: the IP/host address of the PostgreSQL server -1. `PRAEFECT_SERVER_ADDRESS`: the IP/host address of the Praefect server -1. `GITALY_SERVER_ADDRESS`: the IP/host address of each Gitaly node +1. `PRAEFECT_HOST`: the IP/host address of the Praefect server +1. `GITALY_HOST`: the IP/host address of each Gitaly server +1. `GITLAB_HOST`: the IP/host address of the GitLab server + +If you are using a cloud provider, you can look up the addresses for each server through your cloud provider's management console. + +If you are using Google Cloud Platform, SoftLayer, or any other vendor that provides a virtual private cloud (VPC) you can use the private addresses for each cloud instance (corresponds to “internal address” for Google Cloud Platform) for `PRAEFECT_HOST`, `GITALY_HOST`, and `GITLAB_HOST`. #### Secrets @@ -183,14 +189,18 @@ application server, or a Gitaly node. 1. Configure **Praefect** to listen on network interfaces by editing `/etc/gitlab/gitlab.rb`: + You will need to replace: + + - `PRAEFECT_HOST` with the IP address or hostname of the Praefect node + ```ruby # Make Praefect accept connections on all network interfaces. # Use firewalls to restrict access to this address/port. - praefect['listen_addr'] = '0.0.0.0:2305' + praefect['listen_addr'] = 'PRAEFECT_HOST:2305' # Enable Prometheus metrics access to Praefect. You must use firewalls # to restrict access to this address/port. - praefect['prometheus_listen_addr'] = '0.0.0.0:9652' + praefect['prometheus_listen_addr'] = 'PRAEFECT_HOST:9652' ``` 1. Configure a strong `auth_token` for **Praefect** by editing @@ -357,14 +367,18 @@ documentation](index.md#3-gitaly-server-configuration). 1. Configure **Gitaly** to listen on network interfaces by editing `/etc/gitlab/gitlab.rb`: + You will need to replace: + + - `GITALY_HOST` with the IP address or hostname of the Gitaly node + ```ruby # Make Gitaly accept connections on all network interfaces. # Use firewalls to restrict access to this address/port. - gitaly['listen_addr'] = '0.0.0.0:8075' + gitaly['listen_addr'] = 'GITALY_HOST:8075' # Enable Prometheus metrics access to Gitaly. You must use firewalls # to restrict access to this address/port. - gitaly['prometheus_listen_addr'] = '0.0.0.0:9236' + gitaly['prometheus_listen_addr'] = 'GITALY_HOST:9236' ``` 1. Configure a strong `auth_token` for **Gitaly** by editing @@ -387,7 +401,7 @@ documentation](index.md#3-gitaly-server-configuration). # Configure the gitlab-shell API callback URL. Without this, `git push` will # fail. This can be your front door GitLab URL or an internal load balancer. # Examples: 'https://example.gitlab.com', 'http://1.2.3.4' - gitlab_rails['internal_api_url'] = 'GITLAB_SERVER_URL' + gitlab_rails['internal_api_url'] = 'http://GITLAB_HOST' ``` 1. Configure the storage location for Git data by setting `git_data_dirs` in @@ -499,12 +513,13 @@ Particular attention should be shown to: You will need to replace: - `PRAEFECT_HOST` with the IP address or hostname of the Praefect node + - `GITLAB_HOST` with the IP address or hostname of the GitLab server - `PRAEFECT_EXTERNAL_TOKEN` with the real secret ```ruby git_data_dirs({ "default" => { - "path" => "/var/opt/gitlab/git-data" + "gitaly_address" => "tcp://GITLAB_HOST:8075" }, "praefect" => { "gitaly_address" => "tcp://PRAEFECT_HOST:2305", @@ -513,6 +528,13 @@ Particular attention should be shown to: }) ``` +1. Allow Gitaly to listen on a tcp port by editing + `/etc/gitlab/gitlab.rb` + + ```ruby + gitaly['listen_addr'] = 'tcp://GITLAB_HOST:8075' + ``` + 1. Configure the `gitlab_shell['secret_token']` so that callbacks from Gitaly nodes during a `git push` are properly authenticated by editing `/etc/gitlab/gitlab.rb`: @@ -526,7 +548,7 @@ Particular attention should be shown to: 1. Configure the `external_url` so that files could be served by GitLab by proper endpoint access by editing `/etc/gitlab/gitlab.rb`: - You will need to replace `GITLAB_SERVER_URL` with the real URL on which + You will need to replace `GITLAB_SERVER_URL` with the real external facing URL on which current GitLab instance is serving: ```ruby diff --git a/doc/administration/logs.md b/doc/administration/logs.md index 889a8b2d6b0..c43406fb647 100644 --- a/doc/administration/logs.md +++ b/doc/administration/logs.md @@ -635,6 +635,43 @@ Each line contains a JSON line that can be ingested by Elasticsearch. For exampl } ``` +## `geo.log` + +> Introduced in 9.5. + +Geo stores structured log messages in a `geo.log` file. For Omnibus installations, this file is at `/var/log/gitlab/gitlab-rails/geo.log`. + +This file contains information about when Geo attempts to sync repositories and files. Each line in the file contains a separate JSON entry that can be ingested into. For example, Elasticsearch or Splunk. + +For example: + +```json +{"severity":"INFO","time":"2017-08-06T05:40:16.104Z","message":"Repository update","project_id":1,"source":"repository","resync_repository":true,"resync_wiki":true,"class":"Gitlab::Geo::LogCursor::Daemon","cursor_delay_s":0.038} +``` + +This message shows that Geo detected that a repository update was needed for project `1`. + +## Registry Logs + +For Omnibus installations, Container Registry logs reside in `/var/log/gitlab/registry/current`. + +## NGINX Logs + +For Omnibus installations, NGINX logs reside in: + +- `/var/log/gitlab/nginx/gitlab_access.log` contains a log of requests made to GitLab. +- `/var/log/gitlab/nginx/gitlab_error.log` contains a log of NGINX errors for GitLab. +- `/var/log/gitlab/nginx/gitlab_pages_access.log` contains a log of requests made to Pages static sites. +- `/var/log/gitlab/nginx/gitlab_pages_error.log` contains a log of NGINX errors for Pages static sites. +- `/var/log/gitlab/nginx/gitlab_registry_access.log` contains a log of requests made to the Container Registry. +- `/var/log/gitlab/nginx/gitlab_registry_error.log` contains a log of NGINX errors for the Container Regsitry. + +Below is the default GitLab NGINX access log format: + +```plaintext +$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" +``` + [repocheck]: repository_checks.md [Rack Attack]: ../security/rack_attack.md [Rate Limit]: ../user/admin_area/settings/rate_limits_on_raw_endpoints.md |