Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/doc/administration/gitaly
diff options
context:
space:
mode:
Diffstat (limited to 'doc/administration/gitaly')
-rw-r--r--doc/administration/gitaly/index.md52
-rw-r--r--doc/administration/gitaly/praefect.md8
-rw-r--r--doc/administration/gitaly/reference.md4
3 files changed, 31 insertions, 33 deletions
diff --git a/doc/administration/gitaly/index.md b/doc/administration/gitaly/index.md
index e6b137bac29..750e6aab687 100644
--- a/doc/administration/gitaly/index.md
+++ b/doc/administration/gitaly/index.md
@@ -90,7 +90,7 @@ When running Gitaly on its own server, note the following regarding GitLab versi
leveraged for redundancy on block-level Git data, but only has to be mounted on the Gitaly
servers.
- From GitLab 11.8 to 12.2, it is possible to use Elasticsearch in a Gitaly setup that doesn't use
- NFS. In order to use Elasticsearch in these versions, the
+ NFS. To use Elasticsearch in these versions, the
[repository indexer](../../integration/elasticsearch.md#elasticsearch-repository-indexer)
must be enabled in your GitLab configuration.
- [Since GitLab 12.3](https://gitlab.com/gitlab-org/gitlab/-/issues/6481), the new indexer is
@@ -382,10 +382,10 @@ if previously enabled manually.
Gitaly makes the following assumptions:
- Your `gitaly1.internal` Gitaly server can be reached at `gitaly1.internal:8075` from your Gitaly
- clients, and that Gitaly server can read and write to `/mnt/gitlab/default` and
+ clients, and that Gitaly server can read, write, and set permissions on `/mnt/gitlab/default` and
`/mnt/gitlab/storage1`.
- Your `gitaly2.internal` Gitaly server can be reached at `gitaly2.internal:8075` from your Gitaly
- clients, and that Gitaly server can read and write to `/mnt/gitlab/storage2`.
+ clients, and that Gitaly server can read, write, and set permissions on `/mnt/gitlab/storage2`.
- Your `gitaly1.internal` and `gitaly2.internal` Gitaly servers can reach each other.
You can't define Gitaly servers with some as a local Gitaly server
@@ -424,17 +424,17 @@ server (with `gitaly_address`) unless you setup with special
storages:
default:
gitaly_address: tcp://gitaly1.internal:8075
- path: /some/dummy/path
+ path: /some/local/path
storage1:
gitaly_address: tcp://gitaly1.internal:8075
- path: /some/dummy/path
+ path: /some/local/path
storage2:
gitaly_address: tcp://gitaly2.internal:8075
- path: /some/dummy/path
+ path: /some/local/path
```
NOTE: **Note:**
- `/some/dummy/path` should be set to a local folder that exists, however no data will be stored in
+ `/some/local/path` should be set to a local folder that exists, however no data will be stored in
this folder. This will no longer be necessary after
[this issue](https://gitlab.com/gitlab-org/gitaly/-/issues/1282) is resolved.
@@ -482,6 +482,14 @@ git_data_dirs({
'storage1' => { 'gitaly_address' => 'tcp://gitlab.internal:8075', 'path' => '/mnt/gitlab/git-data' },
'storage2' => { 'gitaly_address' => 'tcp://gitaly2.internal:8075' },
})
+
+# Make Gitaly accept connections on all network interfaces
+gitaly['listen_addr'] = "0.0.0.0:8075"
+
+# Or for TLS
+gitaly['tls_listen_addr'] = "0.0.0.0:9999"
+gitaly['certificate_path'] = "/etc/gitlab/ssl/cert.pem"
+gitaly['key_path'] = "/etc/gitlab/ssl/key.pem"
```
`path` can only be included for storage shards on the local Gitaly server.
@@ -532,20 +540,12 @@ corresponding to each Gitaly server must be installed on that Gitaly server.
Additionally, the certificate (or its certificate authority) must be installed on all:
-- Gitaly servers, including the Gitaly server using the certificate.
+- Gitaly servers.
- Gitaly clients that communicate with it.
-The process is documented in the
-[GitLab custom certificate configuration](https://docs.gitlab.com/omnibus/settings/ssl.html#install-custom-public-certificates)
-and repeated below.
-
Note the following:
-- The certificate must specify the address you use to access the Gitaly server. If you are:
- - Addressing the Gitaly server by a hostname, you can either use the Common Name field for this,
- or add it as a Subject Alternative Name.
- - Addressing the Gitaly server by its IP address, you must add it as a Subject Alternative Name to
- the certificate. [gRPC does not support using an IP address as Common Name in a certificate](https://github.com/grpc/grpc/issues/2691).
+- The certificate must specify the address you use to access the Gitaly server. You must add the hostname or IP address as a Subject Alternative Name to the certificate.
- You can configure Gitaly servers with both an unencrypted listening address `listen_addr` and an
encrypted listening address `tls_listen_addr` at the same time. This allows you to gradually
transition from unencrypted to encrypted traffic if necessary.
@@ -631,17 +631,17 @@ To configure Gitaly with TLS:
storages:
default:
gitaly_address: tls://gitaly1.internal:9999
- path: /some/dummy/path
+ path: /some/local/path
storage1:
gitaly_address: tls://gitaly1.internal:9999
- path: /some/dummy/path
+ path: /some/local/path
storage2:
gitaly_address: tls://gitaly2.internal:9999
- path: /some/dummy/path
+ path: /some/local/path
```
NOTE: **Note:**
- `/some/dummy/path` should be set to a local folder that exists, however no data will be stored
+ `/some/local/path` should be set to a local folder that exists, however no data will be stored
in this folder. This will no longer be necessary after
[Gitaly issue #1282](https://gitlab.com/gitlab-org/gitaly/-/issues/1282) is resolved.
@@ -1021,6 +1021,9 @@ The second facet presents the only real solution. For this, we developed
## Troubleshooting Gitaly
+Check [Gitaly timeouts](../../user/admin_area/settings/gitaly_timeouts.md) when troubleshooting
+Gitaly.
+
### Checking versions when using standalone Gitaly servers
When using standalone Gitaly servers, you must make sure they are the same version
@@ -1242,13 +1245,6 @@ unset http_proxy
unset https_proxy
```
-### Gitaly not listening on new address after reconfiguring
-
-When updating the `gitaly['listen_addr']` or `gitaly['prometheus_listen_addr']`
-values, Gitaly may continue to listen on the old address after a `sudo gitlab-ctl reconfigure`.
-
-When this occurs, performing a `sudo gitlab-ctl restart` will resolve the issue. This will no longer be necessary after [this issue](https://gitlab.com/gitlab-org/gitaly/-/issues/2521) is resolved.
-
### Permission denied errors appearing in Gitaly logs when accessing repositories from a standalone Gitaly server
If this error occurs even though file permissions are correct, it's likely that
diff --git a/doc/administration/gitaly/praefect.md b/doc/administration/gitaly/praefect.md
index 876904a2093..45c077cded1 100644
--- a/doc/administration/gitaly/praefect.md
+++ b/doc/administration/gitaly/praefect.md
@@ -547,14 +547,14 @@ To configure Praefect with TLS:
storages:
default:
gitaly_address: tls://praefect1.internal:3305
- path: /some/dummy/path
+ path: /some/local/path
storage1:
gitaly_address: tls://praefect2.internal:3305
- path: /some/dummy/path
+ path: /some/local/path
```
NOTE: **Note:**
- `/some/dummy/path` should be set to a local folder that exists, however no
+ `/some/local/path` should be set to a local folder that exists, however no
data will be stored in this folder. This will no longer be necessary after
[this issue](https://gitlab.com/gitlab-org/gitaly/-/issues/1282) is resolved.
@@ -993,6 +993,8 @@ information, see the [strong consistency epic](https://gitlab.com/groups/gitlab-
To enable strong consistency:
+- In GitLab 13.5, you must use Git v2.28.0 or higher on Gitaly nodes to enable
+ strong consistency.
- In GitLab 13.4 and later, the strong consistency voting strategy has been
improved. Instead of requiring all nodes to agree, only the primary and half
of the secondaries need to agree. This strategy is enabled by default. To
diff --git a/doc/administration/gitaly/reference.md b/doc/administration/gitaly/reference.md
index 0c211c220d7..53001b946d8 100644
--- a/doc/administration/gitaly/reference.md
+++ b/doc/administration/gitaly/reference.md
@@ -138,8 +138,8 @@ Most of the time we use `git cat-file --batch` processes for that. For
better performance, Gitaly can re-use these `git cat-file` processes
across RPC calls. Previously used processes are kept around in a
["Git cat-file cache"](https://about.gitlab.com/blog/2019/07/08/git-performance-on-nfs/#enter-cat-file-cache).
-In order to control how much system resources this uses, we have a maximum number
-of cat-file processes that can go into the cache.
+To control how much system resources this uses, we have a maximum number of
+cat-file processes that can go into the cache.
The default limit is 100 `cat-file`s, which constitute a pair of
`git cat-file --batch` and `git cat-file --batch-check` processes. If
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-01 14:51:04 +0300