... | ... | @@ -674,20 +674,18 @@ Untested procedure extracted from the [upstream docs](https://docs.gitlab.com/ee |
|
|
|
|
|
The current GitLab server was setup in the [howto/ganeti](howto/ganeti) cluster in a
|
|
|
regular virtual machine. It was configured with [howto/puppet](howto/puppet) with the
|
|
|
`roles::gitlab`. That, in turn, relies on a series of `profile`
|
|
|
elements which configure:
|
|
|
`roles::gitlab`. That, in turn, includes a series of `profile`
|
|
|
classes which configure:
|
|
|
|
|
|
* `profile::gitlab::web`: nginx vhost and TLS cert, depends on
|
|
|
* `profile::gitlab::web`: nginx vhost and TLS cert, which depends on
|
|
|
`profile::nginx` built for the [howto/cache](howto/cache) service and relying on the
|
|
|
[puppet/nginx](https://forge.puppet.com/puppet/nginx) module from the Forge
|
|
|
* `profile::gitlab::mail`: dovecot and postfix configuration, for
|
|
|
email replies
|
|
|
* `profile::gitlab::database`: postgresql configuration, possibly not
|
|
|
used by the Omnibus package, see [issue 20][]
|
|
|
* `profile::gitlab::app`: the core of the configuration of gitlab
|
|
|
itself, uses the [puppet/gitlab](https://forge.puppet.com/puppet/gitlab) module from the Forge, with
|
|
|
Prometheus, Grafana, and Nginx support disabled, but Redis,
|
|
|
PostgreSQL, and Prometheus exporters enabled
|
|
|
PostgreSQL, and other exporters enabled
|
|
|
* `profile::dovecot::private`: a simple IMAP server to receive mails
|
|
|
destined to GitLab
|
|
|
|
|
|
[issue 20]: https://gitlab.torproject.org/tpo/tpa/gitlab/-/issues/20
|
|
|
|
... | ... | @@ -706,7 +704,9 @@ Note that the first gitlab server (gitlab-01) was setup using the |
|
|
Ansible recipes used by the Debian.org project. That install was not
|
|
|
working so well (e.g. [503 errors on merge requests](https://gitlab.torproject.org/tpo/tpa/team/-/issues/32197)) so we
|
|
|
[migrated to the omnibus package](https://gitlab.torproject.org/tpo/tpa/team/-/issues/32949) in March 2020, which seems to
|
|
|
work better.
|
|
|
work better. There might still be some leftovers of that configuration
|
|
|
here and there, but some effort was done during the 2022 hackweek
|
|
|
(2022-06-28) to clean that up in Puppet at least.
|
|
|
|
|
|
### GitLab CI installation
|
|
|
|
... | ... | @@ -739,7 +739,7 @@ Puppet class. The following GitLab settings were added: |
|
|
},
|
|
|
pages_external_url => 'https://pages.torproject.net',
|
|
|
|
|
|
The virtual host for the `pages.torproject.org` domain was configured
|
|
|
The virtual host for the `pages.torproject.net` domain was configured
|
|
|
through the `profile::gitlab::web` class.
|
|
|
|
|
|
## SLA
|
... | ... | |