Commit b2152c3f authored by GitLab Bot's avatar GitLab Bot

Add latest changes from gitlab-org/gitlab@master

parent 58ff3667
...@@ -42,21 +42,6 @@ Now that the Okta app is configured, it's time to enable it in GitLab. ...@@ -42,21 +42,6 @@ Now that the Okta app is configured, it's time to enable it in GitLab.
## Configure GitLab ## Configure GitLab
1. On your GitLab server, open the configuration file:
**For Omnibus GitLab installations**
```shell
sudo editor /etc/gitlab/gitlab.rb
```
**For installations from source**
```shell
cd /home/git/gitlab
sudo -u git -H editor config/gitlab.yml
```
1. See [Initial OmniAuth Configuration](../../integration/omniauth.md#initial-omniauth-configuration) 1. See [Initial OmniAuth Configuration](../../integration/omniauth.md#initial-omniauth-configuration)
for initial settings. for initial settings.
...@@ -66,13 +51,19 @@ Now that the Okta app is configured, it's time to enable it in GitLab. ...@@ -66,13 +51,19 @@ Now that the Okta app is configured, it's time to enable it in GitLab.
**For Omnibus GitLab installations** **For Omnibus GitLab installations**
Edit `/etc/gitlab/gitlab.rb`:
```ruby ```ruby
gitlab_rails['omniauth_allow_single_sign_on'] = ['saml'] gitlab_rails['omniauth_allow_single_sign_on'] = ['saml']
gitlab_rails['omniauth_block_auto_created_users'] = false gitlab_rails['omniauth_block_auto_created_users'] = false
``` ```
---
**For installations from source** **For installations from source**
Edit `config/gitlab.yml`:
```yaml ```yaml
allow_single_sign_on: ["saml"] allow_single_sign_on: ["saml"]
block_auto_created_users: false block_auto_created_users: false
...@@ -83,15 +74,21 @@ Now that the Okta app is configured, it's time to enable it in GitLab. ...@@ -83,15 +74,21 @@ Now that the Okta app is configured, it's time to enable it in GitLab.
**For Omnibus GitLab installations** **For Omnibus GitLab installations**
Edit `/etc/gitlab/gitlab.rb`:
```ruby ```ruby
gitlab_rails['omniauth_auto_link_saml_user'] = true gitlab_rails['omniauth_auto_link_saml_user'] = true
``` ```
---
**For installations from source** **For installations from source**
```yaml Edit `config/gitlab.yml`:
auto_link_saml_user: true
``` ```yaml
auto_link_saml_user: true
```
1. Add the provider configuration. 1. Add the provider configuration.
......
...@@ -22,12 +22,12 @@ in from some of our customers. ...@@ -22,12 +22,12 @@ in from some of our customers.
## Recommended Setups based on number of users ## Recommended Setups based on number of users
- 1 - 1000 Users: A single-node [Omnibus](https://docs.gitlab.com/omnibus/) setup with frequent backups. Refer to the [requirements page](https://docs.gitlab.com/ee/install/requirements.html) for further details of the specs you will require. - 1 - 1000 Users: A single-node [Omnibus](https://docs.gitlab.com/omnibus/) setup with frequent backups. Refer to the [requirements page](../../install/requirements.md) for further details of the specs you will require.
- 2000 - 50000+ Users: A scaled HA environment based on one of our [Reference Architectures](#reference-architectures) below. - 2000 - 50000+ Users: A scaled HA environment based on one of our [Reference Architectures](#reference-architectures) below.
## GitLab Components and Configuration Instructions ## GitLab Components and Configuration Instructions
The GitLab application depends on the following [components](https://docs.gitlab.com/ee/development/architecture.html#component-diagram) The GitLab application depends on the following [components](../../development/architecture.md#component-diagram)
and services. They are included in the reference architectures along with our and services. They are included in the reference architectures along with our
recommendations for their use and configuration. They are presented in the order recommendations for their use and configuration. They are presented in the order
in which you would typically configure them. in which you would typically configure them.
...@@ -35,16 +35,16 @@ in which you would typically configure them. ...@@ -35,16 +35,16 @@ in which you would typically configure them.
| Component | Description | Configuration Instructions | | Component | Description | Configuration Instructions |
|-------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------| |-------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------|
| [Load Balancer(s)](load_balancer.md)[^6] | Handles load balancing for the GitLab nodes where required. | [Load balancer HA configuration](load_balancer.md) | | [Load Balancer(s)](load_balancer.md)[^6] | Handles load balancing for the GitLab nodes where required. | [Load balancer HA configuration](load_balancer.md) |
| [Consul](https://docs.gitlab.com/ee/development/architecture.html#consul)[^3] | Service discovery and health checks/failover | [Consul HA configuration](consul.md) | | [Consul](../../development/architecture.md#consul)[^3] | Service discovery and health checks/failover | [Consul HA configuration](consul.md) |
| [PostgreSQL](https://docs.gitlab.com/ee/development/architecture.html#postgresql) | Database | [Database HA configuration](database.md) | | [PostgreSQL](../../development/architecture.md#postgresql) | Database | [Database HA configuration](database.md) |
| [PgBouncer](https://docs.gitlab.com/ee/development/architecture.html#pgbouncer) | Database Pool Manager | [PgBouncer HA configuration](pgbouncer.md) | | [PgBouncer](../../development/architecture.md#pgbouncer) | Database Pool Manager | [PgBouncer HA configuration](pgbouncer.md) |
| [Redis](https://docs.gitlab.com/ee/development/architecture.html#redis)[^3] with Redis Sentinel | Key/Value store for shared data with HA watcher service | [Redis HA configuration](redis.md) | | [Redis](../../development/architecture.md#redis)[^3] with Redis Sentinel | Key/Value store for shared data with HA watcher service | [Redis HA configuration](redis.md) |
| [Gitaly](https://docs.gitlab.com/ee/development/architecture.html#gitaly)[^2] [^5] [^7] | Recommended high-level storage for Git repository data. | [Gitaly HA configuration](gitaly.md) | | [Gitaly](../../development/architecture.md#gitaly)[^2] [^5] [^7] | Recommended high-level storage for Git repository data. | [Gitaly HA configuration](gitaly.md) |
| [Sidekiq](https://docs.gitlab.com/ee/development/architecture.html#sidekiq) | Asynchronous/Background jobs | | | [Sidekiq](../../development/architecture.md#sidekiq) | Asynchronous/Background jobs | |
| [Cloud Object Storage service](object_storage.md)[^4] | Recommended store for shared data objects such as LFS, Uploads, Artifacts, etc... | [Cloud Object Storage configuration](object_storage.md) | | [Cloud Object Storage service](object_storage.md)[^4] | Recommended store for shared data objects such as LFS, Uploads, Artifacts, etc... | [Cloud Object Storage configuration](object_storage.md) |
| [GitLab application nodes](https://docs.gitlab.com/ee/development/architecture.html#unicorn)[^1] | (Unicorn / Puma, Workhorse) - Web-requests (UI, API, Git over HTTP) | [GitLab app HA/scaling configuration](gitlab.md) | | [GitLab application nodes](../../development/architecture.md#unicorn)[^1] | (Unicorn / Puma, Workhorse) - Web-requests (UI, API, Git over HTTP) | [GitLab app HA/scaling configuration](gitlab.md) |
| [NFS](nfs.md)[^5] [^7] | Shared disk storage service. Can be used as an alternative for Gitaly or Object Storage. Required for GitLab Pages. | [NFS configuration](nfs.md) | | [NFS](nfs.md)[^5] [^7] | Shared disk storage service. Can be used as an alternative for Gitaly or Object Storage. Required for GitLab Pages. | [NFS configuration](nfs.md) |
| [Prometheus](https://docs.gitlab.com/ee/development/architecture.html#prometheus) and [Grafana](https://docs.gitlab.com/ee/development/architecture.html#grafana) | GitLab environment monitoring | [Monitoring node for scaling/HA](monitoring_node.md) | | [Prometheus](../../development/architecture.md#prometheus) and [Grafana](../../development/architecture.md#grafana) | GitLab environment monitoring | [Monitoring node for scaling/HA](monitoring_node.md) |
In some cases, components can be combined on the same nodes to reduce complexity as well. In some cases, components can be combined on the same nodes to reduce complexity as well.
......
...@@ -68,7 +68,7 @@ Let's consider the following scenario: ...@@ -68,7 +68,7 @@ Let's consider the following scenario:
A unique job token is generated for each job and provides the user read A unique job token is generated for each job and provides the user read
access all projects that would be normally accessible to the user creating that access all projects that would be normally accessible to the user creating that
job. The unique job token does not have any write permissions, but there job. The unique job token does not have any write permissions, but there
is a [proposal to add support](https://gitlab.com/gitlab-org/gitlab-foss/issues/18106). is a [proposal to add support](https://gitlab.com/gitlab-org/gitlab/issues/35067).
We try to make sure that this token doesn't leak by: We try to make sure that this token doesn't leak by:
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment