diff options
Diffstat (limited to 'doc')
49 files changed, 248 insertions, 104 deletions
diff --git a/doc/administration/auth/ldap-troubleshooting.md b/doc/administration/auth/ldap-troubleshooting.md index 01c22711efc..b852140e80a 100644 --- a/doc/administration/auth/ldap-troubleshooting.md +++ b/doc/administration/auth/ldap-troubleshooting.md @@ -634,7 +634,7 @@ The rails console is a valuable tool to help debug LDAP problems. It allows you directly interact with the application by running commands and seeing how GitLab responds to them. -Please refer to [this guide](https://docs.gitlab.com/omnibus/maintenance/#starting-a-rails-console-session) +Please refer to [this guide](../troubleshooting/debug.md#starting-a-rails-console-session) for instructions on how to use the rails console. #### Enable debug output diff --git a/doc/administration/img/repository_storages_admin_ui_v12_10.png b/doc/administration/img/repository_storages_admin_ui_v12_10.png Binary files differindex b66e2c598bc..e5ac09524b8 100644 --- a/doc/administration/img/repository_storages_admin_ui_v12_10.png +++ b/doc/administration/img/repository_storages_admin_ui_v12_10.png diff --git a/doc/administration/instance_limits.md b/doc/administration/instance_limits.md index c53c46bf0cb..22f2d6ca0b9 100644 --- a/doc/administration/instance_limits.md +++ b/doc/administration/instance_limits.md @@ -70,7 +70,7 @@ There is a limit when embedding metrics in GFM for performance reasons. On GitLab.com, the [maximum number of webhooks](../user/gitlab_com/index.md#maximum-number-of-webhooks) per project, and per group, is limited. To set this limit on a self-managed installation, run the following in the -[GitLab Rails console](https://docs.gitlab.com/omnibus/maintenance/#starting-a-rails-console-session): +[GitLab Rails console](troubleshooting/debug.md#starting-a-rails-console-session): ```ruby # If limits don't exist for the default plan, you can create one with: @@ -120,7 +120,7 @@ will fail with a `job_activity_limit_exceeded` error. This limit is disabled by default. To set this limit on a self-managed installation, run the following in the -[GitLab Rails console](https://docs.gitlab.com/omnibus/maintenance/#starting-a-rails-console-session): +[GitLab Rails console](troubleshooting/debug.md#starting-a-rails-console-session): ```ruby # If limits don't exist for the default plan, you can create one with: @@ -145,7 +145,7 @@ limit, the subscription will be considered invalid. - On [GitLab Starter](https://about.gitlab.com/pricing/#self-managed) tier or higher self-managed installations, this limit is defined for the `default` plan that affects all projects. To set this limit on a self-managed installation, run the following in the -[GitLab Rails console](https://docs.gitlab.com/omnibus/maintenance/#starting-a-rails-console-session): +[GitLab Rails console](troubleshooting/debug.md#starting-a-rails-console-session): ```ruby Plan.default.limits.update!(ci_project_subscriptions: 500) @@ -170,7 +170,7 @@ or higher tiers), this limit is defined for the `default` plan that affects all projects. By default, there is no limit. To set this limit on a self-managed installation, run the following in the -[GitLab Rails console](https://docs.gitlab.com/omnibus/maintenance/#starting-a-rails-console-session): +[GitLab Rails console](troubleshooting/debug.md#starting-a-rails-console-session): ```ruby Plan.default.limits.update!(ci_pipeline_schedules: 100) diff --git a/doc/administration/repository_storage_types.md b/doc/administration/repository_storage_types.md index 29b4179a3f7..562f653765a 100644 --- a/doc/administration/repository_storage_types.md +++ b/doc/administration/repository_storage_types.md @@ -100,7 +100,7 @@ The "Gitaly relative path" is shown there, for example: This is the path under `/var/opt/gitlab/git-data/repositories/` on a default Omnibus installation. -In a [Rails console](troubleshooting/debug.md#starting-a-rails-console), +In a [Rails console](troubleshooting/debug.md#starting-a-rails-console-session), get this information using either the numeric project ID or the full path: ```ruby @@ -112,7 +112,7 @@ Project.find_by_full_path('group/project').disk_path To translate from a hashed storage path to a project name: -1. Start a [Rails console](troubleshooting/debug.md#starting-a-rails-console). +1. Start a [Rails console](troubleshooting/debug.md#starting-a-rails-console-session). 1. Run the following: ```ruby diff --git a/doc/administration/troubleshooting/debug.md b/doc/administration/troubleshooting/debug.md index 6a22b22a5be..295dab2be38 100644 --- a/doc/administration/troubleshooting/debug.md +++ b/doc/administration/troubleshooting/debug.md @@ -3,9 +3,10 @@ Sometimes things don't work the way they should. Here are some tips on debugging issues out in production. -## Starting a Rails console +## Starting a Rails console session -Troubleshooting and debugging often requires a rails console. +Troubleshooting and debugging your GitLab instance often requires a +[Rails console](https://guides.rubyonrails.org/command_line.html#rails-console). **For Omnibus installations** @@ -13,22 +14,81 @@ Troubleshooting and debugging often requires a rails console. sudo gitlab-rails console ``` ---- - **For installations from source** ```shell -bundle exec rails console production +sudo -u git -H bundle exec rails console -e production ``` Kubernetes: the console is in the task-runner pod, refer to our [Kubernetes cheat sheet](kubernetes_cheat_sheet.md#gitlab-specific-kubernetes-information) for details. +### Enabling Active Record logging + +You can enable output of Active Record debug logging in the Rails console +session by running: + +```ruby +ActiveRecord::Base.logger = Logger.new(STDOUT) +``` + +This will show information about database queries triggered by any Ruby code +you may run in the console. To turn off logging again, run: + +```ruby +ActiveRecord::Base.logger = nil +``` + +### Disabling database statement timeout + +You can disable the PostgreSQL statement timeout for the current Rails console +session by running: + +```ruby +ActiveRecord::Base.connection.execute('SET statement_timeout TO 0') +``` + +Note that this change only affects the current Rails console session and will +not be persisted in the GitLab production environment or in the next Rails +console session. + +### Output Rails console session history + +If you'd like to output your Rails console command history in a format that's +easy to copy and save for future reference, you can run: + +```ruby +puts Readline::HISTORY.to_a +``` + +## Using the Rails Runner + +If you need to run some Ruby code in thex context of your GitLab production +environment, you can do so using the [Rails Runner](https://guides.rubyonrails.org/command_line.html#rails-runner). + +**For Omnibus installations** + +```shell +sudo gitlab-rails runner "RAILS_COMMAND" + +# Example with a two-line Ruby script +sudo gitlab-rails runner "user = User.first; puts user.username" +``` + +**For installations from source** + +```shell +sudo -u git -H bundle exec rails runner -e production "RAILS_COMMAND" + +# Example with a two-line Ruby script +sudo -u git -H bundle exec rails runner -e production "user = User.first; puts user.username" +``` + ## Mail not working A common problem is that mails are not being sent for some reason. Suppose you configured an SMTP server, but you're not seeing mail delivered. Here's how to check the settings: -1. Run a [Rails console.](#starting-a-rails-console) +1. Run a [Rails console](#starting-a-rails-console-session). 1. Look at the ActionMailer `delivery_method` to make sure it matches what you intended. If you configured SMTP, it should say `:smtp`. If you're using @@ -168,7 +228,7 @@ separate Rails process to debug the issue: 1. Log in to your GitLab account. 1. Copy the URL that is causing problems (e.g. `https://gitlab.com/ABC`). 1. Create a Personal Access Token for your user (Profile Settings -> Access Tokens). -1. Bring up the [GitLab Rails console.](#starting-a-rails-console) +1. Bring up the [GitLab Rails console.](#starting-a-rails-console-session) 1. At the Rails console, run: ```ruby diff --git a/doc/administration/troubleshooting/gitlab_rails_cheat_sheet.md b/doc/administration/troubleshooting/gitlab_rails_cheat_sheet.md index 15ed436fb34..0471c7b7ffd 100644 --- a/doc/administration/troubleshooting/gitlab_rails_cheat_sheet.md +++ b/doc/administration/troubleshooting/gitlab_rails_cheat_sheet.md @@ -25,36 +25,6 @@ mentioned above, we recommend running these scripts under the supervision of a Support Engineer, who can also verify that they will continue to work as they should and, if needed, update the script for the latest version of GitLab. -## Use the Rails Runner - -If the script you want to run is short, you can use the Rails Runner to avoid -entering the rails console in the first place. Here's an example of its use: - -```shell -gitlab-rails runner "RAILS_COMMAND" - -# Example with a 2-line script -gitlab-rails runner "user = User.first; puts user.username" -``` - -## Enable debug logging on rails console - -```ruby -Rails.logger.level = 0 -``` - -## Enable debug logging for ActiveRecord (db issues) - -```ruby -ActiveRecord::Base.logger = Logger.new(STDOUT) -``` - -## Temporarily Disable Timeout - -```ruby -ActiveRecord::Base.connection.execute('SET statement_timeout TO 0') -``` - ## Find specific methods for an object ```ruby @@ -85,12 +55,6 @@ o = Object.where('attribute like ?', 'ex') Rails.cache.instance_variable_get(:@data).keys ``` -## Rails console history - -```ruby -puts Readline::HISTORY.to_a -``` - ## Profile a page ```ruby diff --git a/doc/administration/troubleshooting/img/Okta-SAMLsetup.png b/doc/administration/troubleshooting/img/Okta-SAMLsetup.png Binary files differindex 8171febb5bc..1bd9bf4d7e9 100644 --- a/doc/administration/troubleshooting/img/Okta-SAMLsetup.png +++ b/doc/administration/troubleshooting/img/Okta-SAMLsetup.png diff --git a/doc/administration/troubleshooting/img/Okta-advancedsettings.png b/doc/administration/troubleshooting/img/Okta-advancedsettings.png Binary files differindex 43eb546f238..45e378d1d12 100644 --- a/doc/administration/troubleshooting/img/Okta-advancedsettings.png +++ b/doc/administration/troubleshooting/img/Okta-advancedsettings.png diff --git a/doc/administration/troubleshooting/img/Okta-attributes.png b/doc/administration/troubleshooting/img/Okta-attributes.png Binary files differindex e4a7b33fe55..a3405e4de9b 100644 --- a/doc/administration/troubleshooting/img/Okta-attributes.png +++ b/doc/administration/troubleshooting/img/Okta-attributes.png diff --git a/doc/administration/troubleshooting/img/Okta-linkscert.png b/doc/administration/troubleshooting/img/Okta-linkscert.png Binary files differindex 33e6b3cc53e..38cae415f7e 100644 --- a/doc/administration/troubleshooting/img/Okta-linkscert.png +++ b/doc/administration/troubleshooting/img/Okta-linkscert.png diff --git a/doc/administration/troubleshooting/navigating_gitlab_via_rails_console.md b/doc/administration/troubleshooting/navigating_gitlab_via_rails_console.md index 01c3da80481..b78d5490cd2 100644 --- a/doc/administration/troubleshooting/navigating_gitlab_via_rails_console.md +++ b/doc/administration/troubleshooting/navigating_gitlab_via_rails_console.md @@ -3,7 +3,7 @@ At the heart of GitLab is a web application [built using the Ruby on Rails framework](https://about.gitlab.com/blog/2018/10/29/why-we-use-rails-to-build-gitlab/). Thanks to this, we also get access to the amazing tools built right into Rails. -In this guide, we'll introduce the [Rails console](https://docs.gitlab.com/omnibus/maintenance/#starting-a-rails-console-session) +In this guide, we'll introduce the [Rails console](debug.md#starting-a-rails-console-session) and the basics of interacting with your GitLab instance from the command line. CAUTION: **CAUTION:** diff --git a/doc/administration/troubleshooting/ssl.md b/doc/administration/troubleshooting/ssl.md index 9474126e5c8..475b7d44eac 100644 --- a/doc/administration/troubleshooting/ssl.md +++ b/doc/administration/troubleshooting/ssl.md @@ -23,7 +23,7 @@ After configuring a GitLab instance with an internal CA certificate, you might n More details here: https://curl.haxx.se/docs/sslcerts.html ``` -- Testing via the [rails console](https://docs.gitlab.com/omnibus/maintenance/#starting-a-rails-console-session) also fails: +- Testing via the [rails console](debug.md#starting-a-rails-console-session) also fails: ```ruby uri = URI.parse("https://gitlab.domain.tld") diff --git a/doc/api/groups.md b/doc/api/groups.md index 57c71f1ea50..33a3c2305d5 100644 --- a/doc/api/groups.md +++ b/doc/api/groups.md @@ -552,7 +552,6 @@ PUT /groups/:id | `membership_lock` | boolean | no | **(STARTER)** Prevent adding new members to project membership within this group. | | `share_with_group_lock` | boolean | no | Prevent sharing a project with another group within this group. | | `visibility` | string | no | The visibility level of the group. Can be `private`, `internal`, or `public`. | -| `share_with_group_lock` | boolean | no | Prevent sharing a project with another group within this group. | | `require_two_factor_authentication` | boolean | no | Require all users in this group to setup Two-factor authentication. | | `two_factor_grace_period` | integer | no | Time before Two-factor authentication is enforced (in hours). | | `project_creation_level` | string | no | Determine if developers can create projects in the group. Can be `noone` (No one), `maintainer` (Maintainers), or `developer` (Developers + Maintainers). | diff --git a/doc/api/merge_request_approvals.md b/doc/api/merge_request_approvals.md index 8fee23a74e8..84f5e41496c 100644 --- a/doc/api/merge_request_approvals.md +++ b/doc/api/merge_request_approvals.md @@ -676,7 +676,8 @@ This includes additional information about the users who have already approved } ], "source_rule": null, - "approved": true + "approved": true, + "overridden": false } ] } @@ -753,7 +754,8 @@ GET /projects/:id/merge_requests/:merge_request_iid/approval_rules "ldap_access": null } ], - "contains_hidden_groups": false + "contains_hidden_groups": false, + "overridden": false } ] ``` @@ -837,7 +839,8 @@ will be used. "ldap_access": null } ], - "contains_hidden_groups": false + "contains_hidden_groups": false, + "overridden": false } ``` @@ -921,7 +924,8 @@ These are system generated rules. "ldap_access": null } ], - "contains_hidden_groups": false + "contains_hidden_groups": false, + "overridden": false } ``` diff --git a/doc/api/projects.md b/doc/api/projects.md index 39293b28b79..959b263c301 100644 --- a/doc/api/projects.md +++ b/doc/api/projects.md @@ -970,6 +970,7 @@ GET /projects/:id/users | Attribute | Type | Required | Description | | ------------ | ------------- | -------- | ----------- | +| `id` | integer/string | yes | The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding) | | `search` | string | no | Search for specific users | | `skip_users` | integer array | no | Filter out users with the specified IDs | @@ -1515,6 +1516,7 @@ GET /projects/:id/starrers | Attribute | Type | Required | Description | | --------- | ---- | -------- | ----------- | +| `id` | integer/string | yes | The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding) | | `search` | string | no | Search for specific users. | ```shell @@ -1558,6 +1560,10 @@ Get languages used in a project with percentage value. GET /projects/:id/languages ``` +| Attribute | Type | Required | Description | +| --------- | ---- | -------- | ----------- | +| `id` | integer/string | yes | The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding) | + ```shell curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/5/languages" ``` @@ -2183,6 +2189,7 @@ PUT /projects/:id/transfer | Attribute | Type | Required | Description | | --------- | ---- | -------- | ----------- | +| `id` | integer/string | yes | The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding) | | `namespace` | integer/string | yes | The ID or path of the namespace to transfer to project to | ## Branches diff --git a/doc/ci/img/ecs_dashboard_v12_9.png b/doc/ci/img/ecs_dashboard_v12_9.png Binary files differindex bebd6f7903c..62b85c75ec2 100644 --- a/doc/ci/img/ecs_dashboard_v12_9.png +++ b/doc/ci/img/ecs_dashboard_v12_9.png diff --git a/doc/ci/yaml/README.md b/doc/ci/yaml/README.md index 85a2e91682d..b72cf25282b 100644 --- a/doc/ci/yaml/README.md +++ b/doc/ci/yaml/README.md @@ -2549,7 +2549,7 @@ This example creates four paths of execution: The maximum number of jobs that can be defined within `needs:` defaults to 10, but can be changed to 50 via a feature flag. To change the limit to 50, -[start a Rails console session](https://docs.gitlab.com/omnibus/maintenance/#starting-a-rails-console-session) +[start a Rails console session](../../administration/troubleshooting/debug.md#starting-a-rails-console-session) and run: ```ruby diff --git a/doc/development/pipelines.md b/doc/development/pipelines.md index 8e13c5e7efc..c123722dc4e 100644 --- a/doc/development/pipelines.md +++ b/doc/development/pipelines.md @@ -176,7 +176,7 @@ graph RL; O[coverage-frontend]; N["pages (master only)"]; Q[package-and-qa]; - S["RSpec<br/>(e.g. rspec unit pg9)"] + S["RSpec<br/>(e.g. rspec unit pg10)"] T[retrieve-tests-metadata]; QA["qa:internal, qa:selectors"]; QA2["qa:internal-as-if-foss, qa:selectors-as-if-foss<br/>(EE default refs only)"]; diff --git a/doc/install/aws/img/aws_ha_architecture_diagram.png b/doc/install/aws/img/aws_ha_architecture_diagram.png Binary files differindex b3f4d5b2bd8..e019ed61abf 100644 --- a/doc/install/aws/img/aws_ha_architecture_diagram.png +++ b/doc/install/aws/img/aws_ha_architecture_diagram.png diff --git a/doc/install/aws/index.md b/doc/install/aws/index.md index ee4f759be3a..c2b1198940b 100644 --- a/doc/install/aws/index.md +++ b/doc/install/aws/index.md @@ -315,10 +315,8 @@ persistence and is used for certain types of the GitLab application. 1. Navigate back to the ElastiCache dashboard. 1. Select **Redis** on the left menu and click **Create** to create a new - Redis cluster. Depending on your load, you can choose whether to enable - cluster mode or not. Even without cluster mode on, you still get the - chance to deploy Redis in multi availability zones. In this guide, we chose - not to enable it. + Redis cluster. Do not enable **Cluster Mode** as it is [not supported](../../administration/high_availability/redis.md#provide-your-own-redis-instance-core-only). Even without cluster mode on, you still get the + chance to deploy Redis in multiple availability zones. 1. In the settings section: 1. Give the cluster a name (`gitlab-redis`) and a description. 1. For the version, select the latest of `5.0` series (e.g., `5.0.6`). @@ -383,6 +381,37 @@ EC2 instances running Linux use private key files for SSH authentication. You'll Storing private key files on your bastion host is a bad idea. To get around this, use SSH agent forwarding on your client. See [Securely Connect to Linux Instances Running in a Private Amazon VPC](https://aws.amazon.com/blogs/security/securely-connect-to-linux-instances-running-in-a-private-amazon-vpc/) for a step-by-step guide on how to use SSH agent forwarding. +## Setting up Gitaly + +CAUTION: **Caution:** In this architecture, having a single Gitaly server creates a single point of failure. This limitation will be removed once [Gitaly HA](https://gitlab.com/groups/gitlab-org/-/epics/842) is released. + +Gitaly is a service that provides high-level RPC access to Git repositories. +It should be enabled and configured on a separate EC2 instance in one of the +[private subnets](#subnets) we configured previously. + +Let's create an EC2 instance where we'll install Gitaly: + +1. From the EC2 dashboard, click **Launch instance**. +1. Choose an AMI. In this example, we'll select the **Ubuntu Server 18.04 LTS (HVM), SSD Volume Type**. +1. Choose an instance type. We'll pick a **c5.xlarge**. +1. Click **Configure Instance Details**. + 1. In the **Network** dropdown, select `gitlab-vpc`, the VPC we created earlier. + 1. In the **Subnet** dropdown, select `gitlab-private-10.0.1.0` from the list of subnets we created earlier. + 1. Double check that **Auto-assign Public IP** is set to `Use subnet setting (Disable)`. + 1. Click **Add Storage**. +1. Increase the Root volume size to `20 GiB` and change the **Volume Type** to `Provisoned IOPS SSD (io1)`. (This is an arbitrary size. Create a volume big enough for your repository storage requirements.) + 1. For **IOPS** set `1000` (20 GiB x 50 IOPS). You can provision up to 50 IOPS per GiB. If you select a larger volume, increase the IOPS accordingly. Workloads where many small files are written in a serialized manner, like `git`, requires performant storage, hence the choice of `Provisoned IOPS SSD (io1)`. +1. Click on **Add Tags** and add your tags. In our case, we'll only set `Key: Name` and `Value: Gitaly`. +1. Click on **Configure Security Group** and let's **Create a new security group**. + 1. Give your security group a name and description. We'll use `gitlab-gitaly-sec-group` for both. + 1. Create a **Custom TCP** rule and add port `8075` to the **Port Range**. For the **Source**, select the `gitlab-loadbalancer-sec-group`. +1. Click **Review and launch** followed by **Launch** if you're happy with your settings. +1. Finally, acknowledge that you have access to the selected private key file or create a new one. Click **Launch Instances**. + + > **Optional:** Instead of storing configuration _and_ repository data on the root volume, you can also choose to add an additional EBS volume for repository storage. Follow the same guidance as above. See the [Amazon EBS pricing](https://aws.amazon.com/ebs/pricing/). + +Now that we have our EC2 instance ready, follow the [documentation to install GitLab and set up Gitaly on its own server](../../administration/gitaly/index.md#running-gitaly-on-its-own-server). + ## Deploying GitLab inside an auto scaling group We'll use AWS's wizard to deploy GitLab and then SSH into the instance to @@ -551,37 +580,6 @@ sudo gitlab-ctl status If everything looks good, you should be able to reach GitLab in your browser. -### Setting up Gitaly - -CAUTION: **Caution:** In this architecture, having a single Gitaly server creates a single point of failure. This limitation will be removed once [Gitaly HA](https://gitlab.com/groups/gitlab-org/-/epics/842) is released. - -Gitaly is a service that provides high-level RPC access to Git repositories. -It should be enabled and configured on a separate EC2 instance in one of the -[private subnets](#subnets) we configured previously. - -Let's create an EC2 instance where we'll install Gitaly: - -1. From the EC2 dashboard, click **Launch instance**. -1. Choose an AMI. In this example, we'll select the **Ubuntu Server 18.04 LTS (HVM), SSD Volume Type**. -1. Choose an instance type. We'll pick a **c5.xlarge**. -1. Click **Configure Instance Details**. - 1. In the **Network** dropdown, select `gitlab-vpc`, the VPC we created earlier. - 1. In the **Subnet** dropdown, select `gitlab-private-10.0.1.0` from the list of subnets we created earlier. - 1. Double check that **Auto-assign Public IP** is set to `Use subnet setting (Disable)`. - 1. Click **Add Storage**. -1. Increase the Root volume size to `20 GiB` and change the **Volume Type** to `Provisoned IOPS SSD (io1)`. (This is an arbitrary size. Create a volume big enough for your repository storage requirements.) - 1. For **IOPS** set `1000` (20 GiB x 50 IOPS). You can provision up to 50 IOPS per GiB. If you select a larger volume, increase the IOPS accordingly. Workloads where many small files are written in a serialized manner, like `git`, requires performant storage, hence the choice of `Provisoned IOPS SSD (io1)`. -1. Click on **Add Tags** and add your tags. In our case, we'll only set `Key: Name` and `Value: Gitaly`. -1. Click on **Configure Security Group** and let's **Create a new security group**. - 1. Give your security group a name and description. We'll use `gitlab-gitaly-sec-group` for both. - 1. Create a **Custom TCP** rule and add port `8075` to the **Port Range**. For the **Source**, select the `gitlab-loadbalancer-sec-group`. -1. Click **Review and launch** followed by **Launch** if you're happy with your settings. -1. Finally, acknowledge that you have access to the selected private key file or create a new one. Click **Launch Instances**. - - > **Optional:** Instead of storing configuration _and_ repository data on the root volume, you can also choose to add an additional EBS volume for repository storage. Follow the same guidance as above. See the [Amazon EBS pricing](https://aws.amazon.com/ebs/pricing/). - -Now that we have our EC2 instance ready, follow the [documentation to install GitLab and set up Gitaly on its own server](../../administration/gitaly/index.md#running-gitaly-on-its-own-server). - ### Using Amazon S3 object storage GitLab stores many objects outside the Git repository, many of which can be diff --git a/doc/integration/github.md b/doc/integration/github.md index f95159731aa..c957fc24eb8 100644 --- a/doc/integration/github.md +++ b/doc/integration/github.md @@ -151,7 +151,7 @@ via Omnibus, or [restart GitLab] if you installed from source. Check the [`production.log`](../administration/logs.md#productionlog) on your GitLab server to obtain further details. If you are getting the error like `Faraday::ConnectionFailed (execution expired)` in the log, there may be a connectivity issue -between your GitLab instance and GitHub Enterprise. To verify it, [start the rails console](https://docs.gitlab.com/omnibus/maintenance/#starting-a-rails-console-session) +between your GitLab instance and GitHub Enterprise. To verify it, [start the rails console](../administration/troubleshooting/debug.md#starting-a-rails-console-session) and run the commands below replacing `<github_url>` with the URL of your GitHub Enterprise instance: ```ruby diff --git a/doc/raketasks/import.md b/doc/raketasks/import.md index 09d919d0120..cda742b6077 100644 --- a/doc/raketasks/import.md +++ b/doc/raketasks/import.md @@ -125,7 +125,7 @@ There is an [open issue to add a migration to make all bare repositories importable](https://gitlab.com/gitlab-org/gitlab-foss/issues/41776). Until then, you may wish to manually migrate repositories yourself. You can use -[Rails console](https://docs.gitlab.com/omnibus/maintenance/#starting-a-rails-console-session) +[Rails console](../administration/troubleshooting/debug.md#starting-a-rails-console-session) to do so. In a Rails console session, run the following to migrate a project: ```ruby diff --git a/doc/update/README.md b/doc/update/README.md index a72e0e1e6ae..c7be3f3cb2b 100644 --- a/doc/update/README.md +++ b/doc/update/README.md @@ -122,7 +122,7 @@ If using GitLab 12.9 and newer, run: sudo gitlab-rails runner -e production 'puts Gitlab::BackgroundMigration.remaining' ``` -If using GitLab 12.8 and older, run the following using a [Rails console](../administration/troubleshooting/debug.md#starting-a-rails-console): +If using GitLab 12.8 and older, run the following using a [Rails console](../administration/troubleshooting/debug.md#starting-a-rails-console-session): ```ruby puts Sidekiq::Queue.new("background_migration").size @@ -140,7 +140,7 @@ cd /home/git/gitlab sudo -u git -H bundle exec rails runner -e production 'puts Gitlab::BackgroundMigration.remaining' ``` -If using GitLab 12.8 and older, run the following using a [Rails console](../administration/troubleshooting/debug.md#starting-a-rails-console): +If using GitLab 12.8 and older, run the following using a [Rails console](../administration/troubleshooting/debug.md#starting-a-rails-console-session): ```ruby puts Sidekiq::Queue.new("background_migration").size diff --git a/doc/user/admin_area/img/broadcast_messages_banner_v12_10.png b/doc/user/admin_area/img/broadcast_messages_banner_v12_10.png Binary files differindex f3c468d158e..2e893476bc6 100644 --- a/doc/user/admin_area/img/broadcast_messages_banner_v12_10.png +++ b/doc/user/admin_area/img/broadcast_messages_banner_v12_10.png diff --git a/doc/user/admin_area/img/broadcast_messages_notification_v12_10.png b/doc/user/admin_area/img/broadcast_messages_notification_v12_10.png Binary files differindex 98ea48ccd3c..fb03748c892 100644 --- a/doc/user/admin_area/img/broadcast_messages_notification_v12_10.png +++ b/doc/user/admin_area/img/broadcast_messages_notification_v12_10.png diff --git a/doc/user/analytics/img/label_based_stage_vsm_v12_9.png b/doc/user/analytics/img/label_based_stage_vsm_v12_9.png Binary files differindex f1cbd9e1a8e..84ce33aece5 100644 --- a/doc/user/analytics/img/label_based_stage_vsm_v12_9.png +++ b/doc/user/analytics/img/label_based_stage_vsm_v12_9.png diff --git a/doc/user/analytics/img/vsm_stage_list_v12_9.png b/doc/user/analytics/img/vsm_stage_list_v12_9.png Binary files differindex 3775cdeddb4..3b50dd48543 100644 --- a/doc/user/analytics/img/vsm_stage_list_v12_9.png +++ b/doc/user/analytics/img/vsm_stage_list_v12_9.png diff --git a/doc/user/application_security/container_scanning/img/container_scanning_v12_9.png b/doc/user/application_security/container_scanning/img/container_scanning_v12_9.png Binary files differindex dd96fc7aacb..13cacc6a489 100644 --- a/doc/user/application_security/container_scanning/img/container_scanning_v12_9.png +++ b/doc/user/application_security/container_scanning/img/container_scanning_v12_9.png diff --git a/doc/user/application_security/dast/img/dast_all_v12_9.png b/doc/user/application_security/dast/img/dast_all_v12_9.png Binary files differindex 9871d1e6a43..548cea3f7f9 100644 --- a/doc/user/application_security/dast/img/dast_all_v12_9.png +++ b/doc/user/application_security/dast/img/dast_all_v12_9.png diff --git a/doc/user/application_security/dependency_scanning/index.md b/doc/user/application_security/dependency_scanning/index.md index b4fdf307d8b..c83e69ed6c4 100644 --- a/doc/user/application_security/dependency_scanning/index.md +++ b/doc/user/application_security/dependency_scanning/index.md @@ -160,6 +160,7 @@ The following variables are used for configuring specific analyzers (used for a | `GEMNASIUM_DB_LOCAL_PATH` | `gemnasium` | `/gemnasium-db` | Path to local gemnasium database. | | `GEMNASIUM_DB_REMOTE_URL` | `gemnasium` | `https://gitlab.com/gitlab-org/security-products/gemnasium-db.git` | Repository URL for fetching the gemnasium database. | | `GEMNASIUM_DB_REF_NAME` | `gemnasium` | `master` | Branch name for remote repository database. `GEMNASIUM_DB_REMOTE_URL` is required. | +| `DS_REMEDIATE` | `gemnasium` | `"true"` | Enable automatic remediation of vulnerable dependencies. | | `PIP_INDEX_URL` | `gemnasium-python` | `https://pypi.org/simple` | Base URL of Python Package Index. | | `PIP_EXTRA_INDEX_URL` | `gemnasium-python` | | Array of [extra URLs](https://pip.pypa.io/en/stable/reference/pip_install/#cmdoption-extra-index-url) of package indexes to use in addition to `PIP_INDEX_URL`. Comma separated. | | `PIP_REQUIREMENTS_FILE` | `gemnasium-python` | | Pip requirements file to be scanned. | @@ -167,7 +168,7 @@ The following variables are used for configuring specific analyzers (used for a | `DS_PIP_DEPENDENCY_PATH` | `gemnasium-python` | | Path to load Python pip dependencies from. ([Introduced](https://gitlab.com/gitlab-org/gitlab/issues/12412) in GitLab 12.2) | | `DS_PYTHON_VERSION` | `retire.js` | | Version of Python. If set to 2, dependencies are installed using Python 2.7 instead of Python 3.6. ([Introduced](https://gitlab.com/gitlab-org/gitlab/issues/12296) in GitLab 12.1)| | `MAVEN_CLI_OPTS` | `gemnasium-maven` | `"-DskipTests --batch-mode"` | List of command line arguments that will be passed to `maven` by the analyzer. See an example for [using private repos](#using-private-maven-repos). | -| `BUNDLER_AUDIT_UPDATE_DISABLED` | `bundler-audit` | `false` | Disable automatic updates for the `bundler-audit` analyzer. Useful if you're running Dependency Scanning in an offline environment. | +| `BUNDLER_AUDIT_UPDATE_DISABLED` | `bundler-audit` | `"false"` | Disable automatic updates for the `bundler-audit` analyzer. Useful if you're running Dependency Scanning in an offline, air-gapped environment.| | `BUNDLER_AUDIT_ADVISORY_DB_URL` | `bundler-audit` | `https://github.com/rubysec/ruby-advisory-db` | URL of the advisory database used by bundler-audit. | | `BUNDLER_AUDIT_ADVISORY_DB_REF_NAME` | `bundler-audit` | `master` | Git ref for the advisory database specified by `BUNDLER_AUDIT_ADVISORY_DB_URL`. | | `RETIREJS_JS_ADVISORY_DB` | `retire.js` | `https://raw.githubusercontent.com/RetireJS/retire.js/master/repository/jsrepository.json` | Path or URL to Retire.js js vulnerability data file. | diff --git a/doc/user/application_security/img/multi_select_v12_9.png b/doc/user/application_security/img/multi_select_v12_9.png Binary files differindex b2b171e13d0..ec3648bff08 100644 --- a/doc/user/application_security/img/multi_select_v12_9.png +++ b/doc/user/application_security/img/multi_select_v12_9.png diff --git a/doc/user/application_security/sast/img/sast_v12_9.png b/doc/user/application_security/sast/img/sast_v12_9.png Binary files differindex 91f4b8a8e2e..3c6ee7a276b 100644 --- a/doc/user/application_security/sast/img/sast_v12_9.png +++ b/doc/user/application_security/sast/img/sast_v12_9.png diff --git a/doc/user/application_security/threat_monitoring/index.md b/doc/user/application_security/threat_monitoring/index.md index 07427af7c7d..3a3e2b36133 100644 --- a/doc/user/application_security/threat_monitoring/index.md +++ b/doc/user/application_security/threat_monitoring/index.md @@ -13,6 +13,7 @@ navigating to your project's **Security & Compliance > Threat Monitoring** page. GitLab supports statistics for the following security features: - [Web Application Firewall](../../clusters/applications.md#web-application-firewall-modsecurity) +- [Container Network Policies](../../../topics/autodevops/index.md#network-policy) ## Web Application Firewall @@ -38,3 +39,38 @@ about your Ingress traffic: If a significant percentage of traffic is anomalous, you should investigate it for potential threats by [examining the application logs](../../clusters/applications.md#web-application-firewall-modsecurity). + +## Container Network Policy + +> [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/32365) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.9. + +The **Container Network Policy** section provides packet flow metrics for +your application's Kubernetes namespace. This section has the following +prerequisites: + +- Your project contains at least one [environment](../../../ci/environments.md) +- You've [installed Cilium](../../clusters/applications.md#install-cilium-using-gitlab-cicd) +- You've configured the [Prometheus service](../../project/integrations/prometheus.md#enabling-prometheus-integration) + +If you're using custom Helm values for Cilium, you must enable Hubble +with flow metrics for each namespace by adding the following lines to +your [Hubble values](../../clusters/applications.md#install-cilium-using-gitlab-cicd): + +```yaml +metrics: + enabled: + - 'flow:sourceContext=namespace;destinationContext=namespace' +``` + +The **Container Network Policy** section displays the following information +about your packet flow: + +- The total amount of the inbound and outbound packets +- The proportion of packets dropped according to the configured + policies +- The per-second average rate of the forwarded and dropped packets + accumulated over time window for the requested time interval + +If a significant percentage of packets is dropped, you should +investigate it for potential threats by +[examining the Cilium logs](../../clusters/applications.md#install-cilium-using-gitlab-cicd). diff --git a/doc/user/clusters/applications.md b/doc/user/clusters/applications.md index 0aff09910d2..08ac82ed781 100644 --- a/doc/user/clusters/applications.md +++ b/doc/user/clusters/applications.md @@ -825,6 +825,28 @@ agent: enabled: false ``` +The [Hubble](https://github.com/cilium/hubble) monitoring daemon is +enabled by default and it's set to collect per namespace flow +metrics. This metrics are accessible on the [Threat Monitoring](../application_security/threat_monitoring/index.md) +dashboard. You can disable Hubble by adding the following to +`.gitlab/managed-apps/config.yaml`: + +```yaml +cilium: + installed: true + hubble: + installed: false +``` + +You can also adjust Helm values for Hubble via +`.gitlab/managed-apps/cilium/hubble-values.yaml`: + +```yaml +metrics: + enabled: + - 'flow:sourceContext=namespace;destinationContext=namespace' +``` + ### Install Vault using GitLab CI/CD > [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/9982) in GitLab 12.9. diff --git a/doc/user/compliance/license_compliance/img/policies_maintainer_add_v12_9.png b/doc/user/compliance/license_compliance/img/policies_maintainer_add_v12_9.png Binary files differindex 6dc7d3a0924..ad5a49eebe5 100644 --- a/doc/user/compliance/license_compliance/img/policies_maintainer_add_v12_9.png +++ b/doc/user/compliance/license_compliance/img/policies_maintainer_add_v12_9.png diff --git a/doc/user/compliance/license_compliance/img/policies_maintainer_edit_v12_9.png b/doc/user/compliance/license_compliance/img/policies_maintainer_edit_v12_9.png Binary files differindex 31abbcf2d44..4f2380a0bf6 100644 --- a/doc/user/compliance/license_compliance/img/policies_maintainer_edit_v12_9.png +++ b/doc/user/compliance/license_compliance/img/policies_maintainer_edit_v12_9.png diff --git a/doc/user/compliance/license_compliance/img/policies_v12_9.png b/doc/user/compliance/license_compliance/img/policies_v12_9.png Binary files differindex 6c6247320dc..b3bca716ae5 100644 --- a/doc/user/compliance/license_compliance/img/policies_v12_9.png +++ b/doc/user/compliance/license_compliance/img/policies_v12_9.png diff --git a/doc/user/group/roadmap/img/roadmap_view_v12_10.png b/doc/user/group/roadmap/img/roadmap_view_v12_10.png Binary files differindex 7fc888ec2ca..69579fd1c1e 100644 --- a/doc/user/group/roadmap/img/roadmap_view_v12_10.png +++ b/doc/user/group/roadmap/img/roadmap_view_v12_10.png diff --git a/doc/user/packages/container_registry/img/container_registry_group_repositories_v12_10.png b/doc/user/packages/container_registry/img/container_registry_group_repositories_v12_10.png Binary files differnew file mode 100644 index 00000000000..e2b606d024f --- /dev/null +++ b/doc/user/packages/container_registry/img/container_registry_group_repositories_v12_10.png diff --git a/doc/user/packages/container_registry/img/container_registry_repositories_with_quickstart_v12_10.png b/doc/user/packages/container_registry/img/container_registry_repositories_with_quickstart_v12_10.png Binary files differnew file mode 100644 index 00000000000..e94aab58a1d --- /dev/null +++ b/doc/user/packages/container_registry/img/container_registry_repositories_with_quickstart_v12_10.png diff --git a/doc/user/packages/container_registry/img/container_registry_repository_details_v12.10.png b/doc/user/packages/container_registry/img/container_registry_repository_details_v12.10.png Binary files differnew file mode 100644 index 00000000000..b911ffea935 --- /dev/null +++ b/doc/user/packages/container_registry/img/container_registry_repository_details_v12.10.png diff --git a/doc/user/packages/container_registry/index.md b/doc/user/packages/container_registry/index.md index 37072eea39e..f5b8bd82a2b 100644 --- a/doc/user/packages/container_registry/index.md +++ b/doc/user/packages/container_registry/index.md @@ -7,6 +7,7 @@ > to pass a [personal access token](../../profile/personal_access_tokens.md) instead of your password in order to > login to GitLab's Container Registry. > - Multiple level image names support was added in GitLab 9.1. +> - The group level Container Registry was [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/23315) in GitLab 12.10. NOTE: **Note:** This document is the user guide. To learn how to enable GitLab Container @@ -47,11 +48,51 @@ project: ## Control Container Registry from within GitLab -GitLab offers a simple Container Registry management panel. Go to your project -and click **Packages > Container Registry** in the project menu. +GitLab offers a simple Container Registry management panel. This management panel is available +for both projects and groups. -This view will show you all Docker images in your project and will easily allow you to -delete them. +### Control Container Registry for your project + +Navigate to your project's **{package}** **Packages > Container Registry**. + + + +This view will: + +- Show all the image repositories that belong to the project. +- Allow you to [delete](#delete-images-from-within-gitlab) one or more image repository. +- Allow you to navigate to the image repository details page. +- Show a **Quick start** dropdown with the most common commands to log in, build and push +- Optionally, a banner will be visible if the [expiration policy](#expiration-policy) is enabled for this project. + +### Control Container Registry for your group + +Navigate to your groups's **{package}** **Packages > Container Registry**. + + + +This view will: + +- Show all the image repositories of the projects that belong to this group. +- Allow to [delete](#delete-images-from-within-gitlab) one or more image repositories. +- Allow to navigate to a specific image repository details page. + +### Image Repository details page + +Clicking on the name of any image repository will navigate to the details. + + + +NOTE: **Note:** +The following page has the same functionalities both in the **Group level container registry** +and in the **Project level container registry**. + +This view: + +- Shows all the image repository details. +- Shows all the tags of the image repository. +- Allows you to quickly copy the tag path (by clicking on the clipboard button near the tag name). +- Allows you to [delete one or more tags](#delete-images-from-within-gitlab). ## Use images from GitLab Container Registry diff --git a/doc/user/packages/nuget_repository/index.md b/doc/user/packages/nuget_repository/index.md index 15772d1303d..ed936b546d2 100644 --- a/doc/user/packages/nuget_repository/index.md +++ b/doc/user/packages/nuget_repository/index.md @@ -18,7 +18,7 @@ NuGet CLI is probably already installed. Alternatively, you can use [.NET SDK 3.0 or later](https://dotnet.microsoft.com/download/dotnet-core/3.0), which installs NuGet CLI. -You can confirm that [nuget CLI](https://www.nuget.org/) is properly installed with: +You can confirm that [NuGet CLI](https://www.nuget.org/) is properly installed with: ```shell nuget help @@ -36,6 +36,18 @@ Available commands: [output truncated] ``` +### macOS support + +For macOS, you can also use [Mono](https://www.mono-project.com/) to run +the NuGet CLI. For Homebrew users, run `brew install mono` to install +Mono. Then you should be able to download the Windows C# binary +`nuget.exe` from the [NuGet CLI page](https://www.nuget.org/downloads) +and run: + +```shell +mono nuget.exe +``` + ## Enabling the NuGet Repository NOTE: **Note:** diff --git a/doc/user/project/issues/img/csv_export_button_v12_9.png b/doc/user/project/issues/img/csv_export_button_v12_9.png Binary files differindex 88083cacbfb..702b6439d7c 100644 --- a/doc/user/project/issues/img/csv_export_button_v12_9.png +++ b/doc/user/project/issues/img/csv_export_button_v12_9.png diff --git a/doc/user/project/issues/img/design_drag_and_drop_uploads_v12_9.png b/doc/user/project/issues/img/design_drag_and_drop_uploads_v12_9.png Binary files differindex 61ce3692808..6680c792063 100644 --- a/doc/user/project/issues/img/design_drag_and_drop_uploads_v12_9.png +++ b/doc/user/project/issues/img/design_drag_and_drop_uploads_v12_9.png diff --git a/doc/user/project/issues/img/issue_health_status_v12_10.png b/doc/user/project/issues/img/issue_health_status_v12_10.png Binary files differindex bcd6af144fb..dd6becbb970 100644 --- a/doc/user/project/issues/img/issue_health_status_v12_10.png +++ b/doc/user/project/issues/img/issue_health_status_v12_10.png diff --git a/doc/user/project/merge_requests/img/test_coverage_visualization_v12_9.png b/doc/user/project/merge_requests/img/test_coverage_visualization_v12_9.png Binary files differindex c2cd28adc95..1922a566dd5 100644 --- a/doc/user/project/merge_requests/img/test_coverage_visualization_v12_9.png +++ b/doc/user/project/merge_requests/img/test_coverage_visualization_v12_9.png diff --git a/doc/user/project/pages/img/change_path_v12_10.png b/doc/user/project/pages/img/change_path_v12_10.png Binary files differindex 79c6432707a..7ca09bd21a3 100644 --- a/doc/user/project/pages/img/change_path_v12_10.png +++ b/doc/user/project/pages/img/change_path_v12_10.png diff --git a/doc/user/project/web_ide/img/commit_changes_v12_9.png b/doc/user/project/web_ide/img/commit_changes_v12_9.png Binary files differindex 48491360626..d26c9cc82e1 100644 --- a/doc/user/project/web_ide/img/commit_changes_v12_9.png +++ b/doc/user/project/web_ide/img/commit_changes_v12_9.png |
