首先去下载软件包
[root@localhost ~]# wget -c https://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/yum/el7/gitlab-ce-14.0.3-ce.0.el7.x86_64.rpm
第一步:
rpm -ivh gitlab-ce-14.0.3-ce.0.el7.x86_64.rpm
第三步 启动重新配置
[root@localhost ~]# sudo gitlab-ctl reconfigure
这个步骤非常耗费内存,土豪不用担心内存,也非常耗时间,执行reconfigure期间如果内存不足会出现
ruby_block[authorize Grafana with GitLab] action run错误
以下是重新配重过程
Starting Chef Infra Client, version 15.14.0
resolving cookbooks for run list: [“gitlab”]
Synchronizing Cookbooks:
Recipe: gitlab::users
directory[/var/opt/gitlab] action create (up to date)
account[GitLab user and group] action create
template[/var/opt/gitlab/.gitconfig] action create
sudo gitlab-ctl reconfigure
.+[user]
name = GitLab
email = [email protected]
+[core]
autocrlf = input
alternateRefsCommand="exit 0 #"
fsyncObjectFiles = true
+[gc]
auto = 0
directory[/var/opt/gitlab/.bundle] action create
storage_directory[/var/opt/gitlab/.ssh] action create
directory[/var/log/gitlab/gitlab-shell/] action create
directory[/var/opt/gitlab/gitlab-shell] action create
templatesymlink[Create a config.yml and create a symlink to Rails root] action create
sudo gitlab-ctl reconfigure
.link[/opt/gitlab/embedded/service/gitlab-shell/.gitlab_shell_secret] action create
file[/var/opt/gitlab/.ssh/authorized_keys] action create_if_missing
storage_directory[/var/opt/gitlab/git-data] action create
storage_directory[/var/opt/gitlab/git-data/repositories] action create
Recipe: gitlab::rails_pages_shared_path
storage_directory[/var/opt/gitlab/gitlab-rails/shared] action create
storage_directory[/var/opt/gitlab/gitlab-rails/shared/pages] action create
Recipe: gitlab::gitlab-rails
storage_directory[/var/opt/gitlab/gitlab-rails/shared/artifacts] action create
storage_directory[/var/opt/gitlab/gitlab-rails/shared/external-diffs] action create
storage_directory[/var/opt/gitlab/gitlab-rails/shared/lfs-objects] action create
storage_directory[/var/opt/gitlab/gitlab-rails/shared/packages] action create
storage_directory[/var/opt/gitlab/gitlab-rails/shared/dependency_proxy] action create
storage_directory[/var/opt/gitlab/gitlab-rails/shared/terraform_state] action create
storage_directory[/var/opt/gitlab/gitlab-rails/shared/encrypted_settings] action create
storage_directory[/var/opt/gitlab/gitlab-rails/uploads] action create
storage_directory[/var/opt/gitlab/gitlab-ci/builds] action create
storage_directory[/var/opt/gitlab/gitlab-rails/shared/cache] action create
storage_directory[/var/opt/gitlab/gitlab-rails/shared/tmp] action create
storage_directory[/opt/gitlab/embedded/service/gitlab-rails/public] action create (skipped due to only_if)
directory[create /var/opt/gitlab/gitlab-rails/etc] action create
directory[create /opt/gitlab/etc/gitlab-rails] action create
directory[create /var/opt/gitlab/gitlab-rails/working] action create
directory[create /var/opt/gitlab/gitlab-rails/tmp] action create
directory[create /var/opt/gitlab/gitlab-rails/upgrade-status] action create
directory[create /var/log/gitlab/gitlab-rails] action create
storage_directory[/var/opt/gitlab/backups] action create
directory[/var/opt/gitlab/gitlab-rails] action create
directory[/var/opt/gitlab/gitlab-ci] action create
file[/var/opt/gitlab/gitlab-rails/etc/gitlab-registry.key] action create (skipped due to only_if)
template[/opt/gitlab/etc/gitlab-rails/gitlab-rails-rc] action create
file[/opt/gitlab/embedded/service/gitlab-rails/.secret] action delete (up to date)
file[/var/opt/gitlab/gitlab-rails/etc/secret] action delete (up to date)
templatesymlink[Create a database.yml and create a symlink to Rails root] action create
sudo gitlab-ctl reconfigure
.templatesymlink[Create a secrets.yml and create a symlink to Rails root] action create
templatesymlink[Create a resque.yml and create a symlink to Rails root] action create
templatesymlink[Create a cable.yml and create a symlink to Rails root] action create
templatesymlink[Create a redis.cache.yml and create a symlink to Rails root] action create (skipped due to not_if)
file[/opt/gitlab/embedded/service/gitlab-rails/config/redis.cache.yml] action delete (up to date)
file[/var/opt/gitlab/gitlab-rails/etc/redis.cache.yml] action delete (up to date)
templatesymlink[Create a redis.queues.yml and create a symlink to Rails root] action create (skipped due to not_if)
file[/opt/gitlab/embedded/service/gitlab-rails/config/redis.queues.yml] action delete (up to date)
file[/var/opt/gitlab/gitlab-rails/etc/redis.queues.yml] action delete (up to date)
templatesymlink[Create a redis.shared_state.yml and create a symlink to Rails root] action create (skipped due to not_if)
file[/opt/gitlab/embedded/service/gitlab-rails/config/redis.shared_state.yml] action delete (up to date)
file[/var/opt/gitlab/gitlab-rails/etc/redis.shared_state.yml] action delete (up to date)
templatesymlink[Create a redis.trace_chunks.yml and create a symlink to Rails root] action create (skipped due to not_if)
file[/opt/gitlab/embedded/service/gitlab-rails/config/redis.trace_chunks.yml] action delete (up to date)
file[/var/opt/gitlab/gitlab-rails/etc/redis.trace_chunks.yml] action delete (up to date)
templatesymlink[Create a smtp_settings.rb and create a symlink to Rails root] action delete
templatesymlink[Create a gitlab.yml and create a symlink to Rails root] action create
sudo gitlab-ctl reconfigure
.host:
value above enabled: false
key_file: /etc/gitlab/ssl/gitlab_smime.key
cert_file: /etc/gitlab/ssl/gitlab_smime.crt
ca_certs_file:
issues:
merge_requests:
wiki:
snippets:
builds:
container_registry:
%{key}
placeholder that will be replaced to reference the item being replied to.@
).mail_room
JSON logs%{key}
placeholder that will be replaced to reference the item being replied to.@
).mail_room
JSON logs enabled: false
direct_upload: false
background_upload: true
proxy_download: false
remote_directory: "artifacts"
connection: {}
enabled: false
direct_upload: false
background_upload: true
proxy_download: false
remote_directory: "external-diffs"
connection: {}
enabled: false
direct_upload: false
background_upload: true
proxy_download: false
remote_directory: "lfs-objects"
connection: {}
enabled: false
direct_upload: false
background_upload: true
proxy_download: false
remote_directory: "uploads"
connection: {}
enabled: false
direct_upload: false
background_upload: true
proxy_download: false
remote_directory: "packages"
connection: {}
enabled: false
direct_upload: false
background_upload: true
proxy_download: false
remote_directory: "dependency_proxy"
connection: {}
enabled: false
remote_directory: "terraform"
connection: {}
enabled: false
remote_directory: "pages"
connection: {}
enabled: true
path: /var/opt/gitlab/gitlab-rails/shared/pages
enabled:
primary_api_url: # internal address to the primary registry, will be used by GitLab to directly communicate with primary registry API
enabled: false
base
DN. For example, ou=users,dc=example,dc=com
would allow usersexample.com
.google_oauth2
for Google. # - { name: 'google_oauth2', app_id: 'YOUR APP ID',
# app_secret: 'YOUR APP SECRET',
# args: { access_type: 'offline', approval_prompt: '' } }
# - { name: 'twitter', app_id: 'YOUR APP ID',
# app_secret: 'YOUR APP SECRET'}
# - { name: 'github', app_id: 'YOUR APP ID',
# app_secret: 'YOUR APP SECRET',
# args: { scope: 'user:email' } }
# Fog storage connection settings, see http://fog.io/storage/ .
connection:
# The remote 'directory' to store your backups. For S3, this would be the bucket name.
remote_directory:
multipart_chunk_size:
encryption:
encryption_key:
storage_class:
remote_directory:
connection: {}
- "127.0.0.0/8"
- "::1/128"
enabled: true
log_enabled: false
address: 127.0.0.1
port: 8082
enabled: false
address: 127.0.0.1
port: 8083
default: { "path": "tmp/tests/repositories/" }
title: "Redmine"
project_url: "http://redmine/projects/:issues_tracker_id"
issues_url: "http://redmine/:project_id/:issues_tracker_id/:id"
new_issue_url: "http://redmine/projects/:issues_tracker_id/issues/new"
title: "JIRA"
url: https://samplecompany.example.net
project_key: PROJECT
main:
label: ldap
host: 127.0.0.1
port: 3890
uid: 'uid'
method: 'plain' # "tls" or "ssl" or "plain"
base: 'dc=example,dc=com'
user_filter: ''
group_base: 'ou=groups,dc=example,dc=com'
admin_group: ''
sync_ssh_keys: false
templatesymlink[Create a gitlab_workhorse_secret and create a symlink to Rails root] action create
templatesymlink[Create a gitlab_shell_secret and create a symlink to Rails root] action create
templatesymlink[Create a gitlab_pages_secret and create a symlink to Rails root] action create
templatesymlink[Create a gitlab_kas_secret and create a symlink to Rails root] action create
link[/opt/gitlab/embedded/service/gitlab-rails/config/initializers/relative_url.rb] action delete (up to date)
file[/var/opt/gitlab/gitlab-rails/etc/relative_url.rb] action delete (up to date)
env_dir[/opt/gitlab/etc/gitlab-rails/env] action create
link[/opt/gitlab/embedded/service/gitlab-rails/tmp] action create
link[/opt/gitlab/embedded/service/gitlab-rails/public/uploads] action create
link[/opt/gitlab/embedded/service/gitlab-rails/log] action create
link[/var/log/gitlab/gitlab-rails/sidekiq.log] action delete (skipped due to only_if)
file[/opt/gitlab/embedded/service/gitlab-rails/db/structure.sql] action create
remote_file[/var/opt/gitlab/gitlab-rails/VERSION] action create/opt/gitlab/embedded/lib/ruby/gems/2.7.0/gems/chef-15.14.0/lib/chef/provider/remote_file/local_file.rb:43: warning: URI.unescape is obsolete
remote_file[/var/opt/gitlab/gitlab-rails/REVISION] action create/opt/gitlab/embedded/lib/ruby/gems/2.7.0/gems/chef-15.14.0/lib/chef/provider/remote_file/local_file.rb:43: warning: URI.unescape is obsolete
version_file[Create version file for Rails] action create
execute[clear the gitlab-rails cache] action nothing (skipped due to action :nothing)
file[/var/opt/gitlab/gitlab-rails/config.ru] action delete (up to date)
Recipe: gitlab::selinux
execute[semodule -i /opt/gitlab/embedded/selinux/rhel/7/gitlab-7.2.0-ssh-keygen.pp] action run
execute[semodule -i /opt/gitlab/embedded/selinux/rhel/7/gitlab-10.5.0-ssh-authorized-keys.pp] action run
execute[semodule -i /opt/gitlab/embedded/selinux/rhel/7/gitlab-13.5.0-gitlab-shell.pp] action run
bash[Set proper security context on ssh files for selinux] action nothing (skipped due to action :nothing)
Recipe: gitlab::add_trusted_certs
directory[/etc/gitlab/trusted-certs] action create
directory[/opt/gitlab/embedded/ssl/certs] action create (up to date)
file[/opt/gitlab/embedded/ssl/certs/README] action create
ruby_block[Move existing certs and link to /opt/gitlab/embedded/ssl/certs] action run
Moving existing certificates found in /opt/gitlab/embedded/ssl/certs
Symlinking existing certificates found in /etc/gitlab/trusted-certs
service[create a temporary puma service] action nothing (skipped due to action :nothing)
service[create a temporary sidekiq service] action nothing (skipped due to action :nothing)
service[create a temporary mailroom service] action nothing (skipped due to action :nothing)
Recipe: package::runit_systemd
directory[/usr/lib/systemd/system] action create (up to date)
template[/usr/lib/systemd/system/gitlab-runsvdir.service] action create
+[Service]
+ExecStart=/opt/gitlab/embedded/bin/runsvdir-start
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
execute[systemctl daemon-reload] action run
execute[systemctl enable gitlab-runsvdir] action run
[execute] Created symlink from /etc/systemd/system/multi-user.target.wants/gitlab-runsvdir.service to /usr/lib/systemd/system/gitlab-runsvdir.service.
execute[systemctl start gitlab-runsvdir] action run
file[/etc/systemd/system/default.target.wants/gitlab-runsvdir.service] action delete (up to date)
file[/etc/systemd/system/basic.target.wants/gitlab-runsvdir.service] action delete (up to date)
execute[systemctl daemon-reload] action nothing (skipped due to action :nothing)
execute[systemctl enable gitlab-runsvdir] action nothing (skipped due to action :nothing)
execute[systemctl start gitlab-runsvdir] action nothing (skipped due to action :nothing)
Recipe: package::sysctl
execute[reload all sysctl conf] action nothing (skipped due to action :nothing)
Recipe: logrotate::folders_and_configs
directory[/var/opt/gitlab/logrotate] action create
directory[/var/opt/gitlab/logrotate/logrotate.d] action create
directory[/var/log/gitlab/logrotate] action create
template[/var/opt/gitlab/logrotate/logrotate.conf] action create
+include /var/opt/gitlab/logrotate/logrotate.d/nginx
+include /var/opt/gitlab/logrotate/logrotate.d/puma
+include /var/opt/gitlab/logrotate/logrotate.d/gitlab-rails
+include /var/opt/gitlab/logrotate/logrotate.d/gitlab-shell
+include /var/opt/gitlab/logrotate/logrotate.d/gitlab-workhorse
+include /var/opt/gitlab/logrotate/logrotate.d/gitlab-pages
+include /var/opt/gitlab/logrotate/logrotate.d/gitlab-kas
+include /var/opt/gitlab/logrotate/logrotate.d/gitaly
+include /var/opt/gitlab/logrotate/logrotate.d/mailroom
template[/var/opt/gitlab/logrotate/logrotate.d/nginx] action create
+/var/log/gitlab/nginx/*.log {
template[/var/opt/gitlab/logrotate/logrotate.d/puma] action create
+/var/log/gitlab/puma/*.log {
template[/var/opt/gitlab/logrotate/logrotate.d/gitlab-rails] action create
+/var/log/gitlab/gitlab-rails/*.log {
template[/var/opt/gitlab/logrotate/logrotate.d/gitlab-shell] action create
+/var/log/gitlab/gitlab-shell//*.log {
template[/var/opt/gitlab/logrotate/logrotate.d/gitlab-workhorse] action create
+/var/log/gitlab/gitlab-workhorse/*.log {
template[/var/opt/gitlab/logrotate/logrotate.d/gitlab-pages] action create
+/var/log/gitlab/gitlab-pages/*.log {
template[/var/opt/gitlab/logrotate/logrotate.d/gitlab-kas] action create
+/var/log/gitlab/gitlab-kas/*.log {
template[/var/opt/gitlab/logrotate/logrotate.d/gitaly] action create
+/var/log/gitlab/gitaly/*.log {
template[/var/opt/gitlab/logrotate/logrotate.d/mailroom] action create
+/var/log/gitlab/mailroom/*.log {
service[logrotate] action nothing (skipped due to action :nothing)
runit_service[logrotate] action enable
execute[/opt/gitlab/bin/gitlab-ctl start logrotate] action run
[execute] ok: run: logrotate: (pid 38721) 2s
redis_service[redis] action create
account[user and group for redis] action create
group[Socket group] action create (up to date)
directory[/var/opt/gitlab/redis] action create
directory[/var/log/gitlab/redis] action create
template[/var/opt/gitlab/redis/redis.conf] action create
sudo gitlab-ctl reconfigure
.+# Redis configuration file example.
+#
+# Note that in order to read the configuration file, Redis must be
+# started with the file path as first argument:
+#
+# ./redis-server /path/to/redis.conf
+
+# Note on units: when memory size is needed, it is possible to specify
+# it in the usual form of 1k 5GB 4M and so forth:
+#
+# 1k => 1000 bytes
+# 1kb => 1024 bytes
+# 1m => 1000000 bytes
+# 1mb => 10241024 bytes
+# 1g => 1000000000 bytes
+# 1gb => 10241024*1024 bytes
+#
+# units are case insensitive so 1GB 1Gb 1gB are all the same.
+
+################################## INCLUDES ###################################
+
+# Include one or more other config files here. This is useful if you
+# have a standard template that goes to all Redis servers but also need
+# to customize a few per-server settings. Include files can include
+# other files, so use this wisely.
+#
+# Notice option “include” won’t be rewritten by command “CONFIG REWRITE”
+# from admin or Redis Sentinel. Since Redis always uses the last processed
+# line as value of a configuration directive, you’d better put includes
+# at the beginning of this file to avoid overwriting config change at runtime.
+#
+# If instead you are interested in using includes to override configuration
+# options, it is better to use include as the last line.
+#
+# include /path/to/local.conf
+# include /path/to/other.conf
+
+################################## NETWORK #####################################
+
+# By default, if no “bind” configuration directive is specified, Redis listens
+# for connections from all the network interfaces available on the server.
+# It is possible to listen to just one or multiple selected interfaces using
+# the “bind” configuration directive, followed by one or more IP addresses.
+#
+# Examples:
+#
+# bind 192.168.1.100 10.0.0.1
+# bind 127.0.0.1 ::1
+#
+# ~~~ WARNING ~~~ If the computer running Redis is directly exposed to the
+# internet, binding to all the interfaces is dangerous and will expose the
+# instance to everybody on the internet. So by default we uncomment the
+# following bind directive, that will force Redis to listen only into
+# the IPv4 lookback interface address (this means Redis will be able to
+# accept connections only from clients running into the same computer it
+# is running).
+#
+# IF YOU ARE SURE YOU WANT YOUR INSTANCE TO LISTEN TO ALL THE INTERFACES
+# JUST COMMENT THE FOLLOWING LINE.
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+bind 127.0.0.1
+
+# Protected mode is a layer of security protection, in order to avoid that
+# Redis instances left open on the internet are accessed and exploited.
+#
+# When protected mode is on and if:
+#
+# 1) The server is not binding explicitly to a set of addresses using the
+# “bind” directive.
+# 2) No password is configured.
+#
+# The server only accepts connections from clients connecting from the
+# IPv4 and IPv6 loopback addresses 127.0.0.1 and ::1, and from Unix domain
+# sockets.
+#
+# By default protected mode is enabled. You should disable it only if
+# you are sure you want clients from other hosts to connect to Redis
+# even if no authentication is configured, nor a specific set of interfaces
+# are explicitly listed using the “bind” directive.
+# protected-mode yes
+
+# Accept connections on the specified port, default is 6379 (IANA #815344).
+# If port 0 is specified Redis will not listen on a TCP socket.
+port 0
+
+# TCP listen() backlog.
+#
+# In high requests-per-second environments you need an high backlog in order
+# to avoid slow clients connections issues. Note that the Linux kernel
+# will silently truncate it to the value of /proc/sys/net/core/somaxconn so
+# make sure to raise both the value of somaxconn and tcp_max_syn_backlog
+# in order to get the desired effect.
+tcp-backlog 511
+
+# Unix socket.
+#
+# Specify the path for the Unix socket that will be used to listen for
+# incoming connections. There is no default, so Redis will not listen
+# on a unix socket when not specified.
+#
+unixsocket /var/opt/gitlab/redis/redis.socket
+unixsocketperm 777
+
+# Close the connection after a client is idle for N seconds (0 to disable)
+timeout 60
+
+# TCP keepalive.
+#
+# If non-zero, use SO_KEEPALIVE to send TCP ACKs to clients in absence
+# of communication. This is useful for two reasons:
+#
+# 1) Detect dead peers.
+# 2) Take the connection alive from the point of view of network
+# equipment in the middle.
+#
+# On Linux, the specified value (in seconds) is the period used to send ACKs.
+# Note that to close the connection the double of the time is needed.
+# On other kernels the period depends on the kernel configuration.
+#
+# A reasonable value for this option is 300 seconds, which is the new
+# Redis default starting with Redis 3.2.1.
+tcp-keepalive 300
+
+################################# GENERAL #####################################
+
+# By default Redis does not run as a daemon. Use ‘yes’ if you need it.
+# Note that Redis will write a pid file in /var/run/redis.pid when daemonized.
+daemonize no
+
+# If you run Redis from upstart or systemd, Redis can interact with your
+# supervision tree. Options:
+# supervised no - no supervision interaction
+# supervised upstart - signal upstart by putting Redis into SIGSTOP mode
+# supervised systemd - signal systemd by writing READY=1 to $NOTIFY_SOCKET
+# supervised auto - detect upstart or systemd method based on
+# UPSTART_JOB or NOTIFY_SOCKET environment variables
+# Note: these supervision methods only signal “process is ready.”
+# They do not enable continuous liveness pings back to your supervisor.
+# supervised no
+
+# If a pid file is specified, Redis writes it where specified at startup
+# and removes it at exit.
+#
+# When the server runs non daemonized, no pid file is created if none is
+# specified in the configuration. When the server is daemonized, the pid file
+# is used even if not specified, defaulting to “/var/run/redis.pid”.
+#
+# Creating a pid file is best effort: if Redis is not able to create it
+# nothing bad happens, the server will start and run normally.
+pidfile “/var/run/redis_0.pid”
+
+# Specify the server verbosity level.
+# This can be one of:
+# debug (a lot of information, useful for development/testing)
+# verbose (many rarely useful info, but not a mess like the debug level)
+# notice (moderately verbose, what you want in production probably)
+# warning (only very important / critical messages are logged)
+loglevel notice
+
+# Specify the log file name. Also the empty string can be used to force
+# Redis to log on the standard output. Note that if you use standard
+# output for logging but daemonize, logs will be sent to /dev/null
+logfile “”
+
+# To enable logging to the system logger, just set ‘syslog-enabled’ to yes,
+# and optionally update the other syslog parameters to suit your needs.
+# syslog-enabled no
+
+# Specify the syslog identity.
+# syslog-ident redis
+
+# Specify the syslog facility. Must be USER or between LOCAL0-LOCAL7.
+# syslog-facility local0
+
+# Set the number of databases. The default database is DB 0, you can select
+# a different one on a per-connection basis using SELECT where
+# dbid is a number between 0 and ‘databases’-1
+databases 16
+
+################################ SNAPSHOTTING ################################
+#
+# Save the DB on disk:
+#
+# save
+#
+# Will save the DB if both the given number of seconds and the given
+# number of write operations against the DB occurred.
+#
+# In the example below the behaviour will be to save:
+# after 900 sec (15 min) if at least 1 key changed
+# after 300 sec (5 min) if at least 10 keys changed
+# after 60 sec if at least 10000 keys changed
+#
+# Note: you can disable saving completely by commenting out all “save” lines.
+#
+# It is also possible to remove all the previously configured save
+# points by adding a save directive with a single empty string argument
+# like in the following example:
+#
+# save “”
+
+save 900 1
+save 300 10
+save 60 10000
+
+# By default Redis will stop accepting writes if RDB snapshots are enabled
+# (at least one save point) and the latest background save failed.
+# This will make the user aware (in a hard way) that data is not persisting
+# on disk properly, otherwise chances are that no one will notice and some
+# disaster will happen.
+#
+# If the background saving process will start working again Redis will
+# automatically allow writes again.
+#
+# However if you have setup your proper monitoring of the Redis server
+# and persistence, you may want to disable this feature so that Redis will
+# continue to work as usual even if there are problems with disk,
+# permissions, and so forth.
+stop-writes-on-bgsave-error yes
+
+# Compress string objects using LZF when dump .rdb databases?
+# For default that’s set to ‘yes’ as it’s almost always a win.
+# If you want to save some CPU in the saving child set it to ‘no’ but
+# the dataset will likely be bigger if you have compressible values or keys.
+rdbcompression yes
+
+# Since version 5 of RDB a CRC64 checksum is placed at the end of the file.
+# This makes the format more resistant to corruption but there is a performance
+# hit to pay (around 10%) when saving and loading RDB files, so you can disable it
+# for maximum performances.
+#
+# RDB files created with checksum disabled have a checksum of zero that will
+# tell the loading code to skip the check.
+rdbchecksum yes
+
+# The filename where to dump the DB
+dbfilename “dump.rdb”
+
+# The working directory.
+#
+# The DB will be written inside this directory, with the filename specified
+# above using the ‘dbfilename’ configuration directive.
+#
+# The Append Only File will also be created inside this directory.
+#
+# Note that you must specify a directory here, not a file name.
+dir “/var/opt/gitlab/redis”
+
+################################# REPLICATION #################################
+
+# Master-Replica replication. Use replicaof to make a Redis instance a copy of
+# another Redis server. A few things to understand ASAP about Redis replication.
+#
+# 1) Redis replication is asynchronous, but you can configure a master to
+# stop accepting writes if it appears to be not connected with at least
+# a given number of replicas.
+# 2) Redis replicas are able to perform a partial resynchronization with the
+# master if the replication link is lost for a relatively small amount of
+# time. You may want to configure the replication backlog size (see the next
+# sections of this file) with a sensible value depending on your needs.
+# 3) Replication is automatic and does not need user intervention. After a
+# network partition replicas automatically try to reconnect to masters
+# and resynchronize with them.
+#
+# replicaof
+
+
+# If the master is password protected (using the “requirepass” configuration
+# directive below) it is possible to tell the replica to authenticate before
+# starting the replication synchronization process, otherwise the master will
+# refuse the replica request.
+#
+# masterauth
+
+
+# When a replica loses its connection with the master, or when the replication
+# is still in progress, the replica can act in two different ways:
+#
+# 1) if replica-serve-stale-data is set to ‘yes’ (the default) the replica will
+# still reply to client requests, possibly with out of date data, or the
+# data set may just be empty if this is the first synchronization.
+#
+# 2) if replica-serve-stale-data is set to ‘no’ the replica will reply with
+# an error “SYNC with master in progress” to all the kind of commands
+# but to INFO and REPLICAOF.
+#
+replica-serve-stale-data yes
+
+# You can configure a replica instance to accept writes or not. Writing against
+# a replica instance may be useful to store some ephemeral data (because data
+# written on a replica will be easily deleted after resync with the master) but
+# may also cause problems if clients are writing to it because of a
+# misconfiguration.
+#
+# Since Redis 2.6 by default replicas are read-only.
+#
+# Note: read only replicas are not designed to be exposed to untrusted clients
+# on the internet. It’s just a protection layer against misuse of the instance.
+# Still a read only replica exports by default all the administrative commands
+# such as CONFIG, DEBUG, and so forth. To a limited extent you can improve
+# security of read only replicas using ‘rename-command’ to shadow all the
+# administrative / dangerous commands.
+replica-read-only yes
+
+# Replication SYNC strategy: disk or socket.
+#
+# -------------------------------------------------------
+# WARNING: DISKLESS REPLICATION IS EXPERIMENTAL CURRENTLY
+# -------------------------------------------------------
+#
+# New replicas and reconnecting replicas that are not able to continue the replication
+# process just receiving differences, need to do what is called a “full
+# synchronization”. An RDB file is transmitted from the master to the replicas.
+# The transmission can happen in two different ways:
+#
+# 1) Disk-backed: The Redis master creates a new process that writes the RDB
+# file on disk. Later the file is transferred by the parent
+# process to the replicas incrementally.
+# 2) Diskless: The Redis master creates a new process that directly writes the
+# RDB file to replica sockets, without touching the disk at all.
+#
+# With disk-backed replication, while the RDB file is generated, more replicas
+# can be queued and served with the RDB file as soon as the current child producing
+# the RDB file finishes its work. With diskless replication instead once
+# the transfer starts, new replicas arriving will be queued and a new transfer
+# will start when the current one terminates.
+#
+# When diskless replication is used, the master waits a configurable amount of
+# time (in seconds) before starting the transfer in the hope that multiple replicas
+# will arrive and the transfer can be parallelized.
+#
+# With slow disks and fast (large bandwidth) networks, diskless replication
+# works better.
+# repl-diskless-sync no
+
+# When diskless replication is enabled, it is possible to configure the delay
+# the server waits in order to spawn the child that transfers the RDB via socket
+# to the replicas.
+#
+# This is important since once the transfer starts, it is not possible to serve
+# new replicas arriving, that will be queued for the next RDB transfer, so the server
+# waits a delay in order to let more replicas arrive.
+#
+# The delay is specified in seconds, and by default is 5 seconds. To disable
+# it entirely just set it to 0 seconds and the transfer will start ASAP.
+# repl-diskless-sync-delay 5
+
+# replicas send PINGs to server in a predefined interval. It’s possible to change
+# this interval with the repl_ping_replica_period option. The default value is 10
+# seconds.
+#
+# repl-ping-replica-period 10
+
+# The following option sets the replication timeout for:
+#
+# 1) Bulk transfer I/O during SYNC, from the point of view of replica.
+# 2) Master timeout from the point of view of replicas (data, pings).
+# 3) replica timeout from the point of view of masters (REPLCONF ACK pings).
+#
+# It is important to make sure that this value is greater than the value
+# specified for repl-ping-replica-period otherwise a timeout will be detected
+# every time there is low traffic between the master and the replica.
+#
+# repl-timeout 60
+
+# Disable TCP_NODELAY on the replica socket after SYNC?
+#
+# If you select “yes” Redis will use a smaller number of TCP packets and
+# less bandwidth to send data to replicas. But this can add a delay for
+# the data to appear on the replica side, up to 40 milliseconds with
+# Linux kernels using a default configuration.
+#
+# If you select “no” the delay for data to appear on the replica side will
+# be reduced but more bandwidth will be used for replication.
+#
+# By default we optimize for low latency, but in very high traffic conditions
+# or when the master and replicas are many hops away, turning this to “yes” may
+# be a good idea.
+repl-disable-tcp-nodelay no
+
+# Set the replication backlog size. The backlog is a buffer that accumulates
+# replica data when replicas are disconnected for some time, so that when a replica
+# wants to reconnect again, often a full resync is not needed, but a partial
+# resync is enough, just passing the portion of data the replica missed while
+# disconnected.
+#
+# The bigger the replication backlog, the longer the time the replica can be
+# disconnected and later be able to perform a partial resynchronization.
+#
+# The backlog is only allocated once there is at least a replica connected.
+#
+# repl-backlog-size 1mb
+
+# After a master has no longer connected replicas for some time, the backlog
+# will be freed. The following option configures the amount of seconds that
+# need to elapse, starting from the time the last replica disconnected, for
+# the backlog buffer to be freed.
+#
+# A value of 0 means to never release the backlog.
+#
+# repl-backlog-ttl 3600
+
+# The replica priority is an integer number published by Redis in the INFO output.
+# It is used by Redis Sentinel in order to select a replica to promote into a
+# master if the master is no longer working correctly.
+#
+# A replica with a low priority number is considered better for promotion, so
+# for instance if there are three replicas with priority 10, 100, 25 Sentinel will
+# pick the one with priority 10, that is the lowest.
+#
+# However a special priority of 0 marks the replica as not able to perform the
+# role of master, so a replica with priority of 0 will never be selected by
+# Redis Sentinel for promotion.
+#
+# By default the priority is 100.
+replica-priority 100
+
+# It is possible for a master to stop accepting writes if there are less than
+# N replicas connected, having a lag less or equal than M seconds.
+#
+# The N replicas need to be in “online” state.
+#
+# The lag in seconds, that must be <= the specified value, is calculated from
+# the last ping received from the replica, that is usually sent every second.
+#
+# This option does not GUARANTEE that N replicas will accept the write, but
+# will limit the window of exposure for lost writes in case not enough replicas
+# are available, to the specified number of seconds.
+#
+# For example to require at least 3 replicas with a lag <= 10 seconds use:
+#
+# min-replicas-to-write 3
+# min-replicas-max-lag 10
+#
+# Setting one or the other to 0 disables the feature.
+#
+# By default min-replicas-to-write is set to 0 (feature disabled) and
+# min-replicas-max-lag is set to 10.
+
+# A Redis master is able to list the address and port of the attached
+# replicas in different ways. For example the “INFO replication” section
+# offers this information, which is used, among other tools, by
+# Redis Sentinel in order to discover replica instances.
+# Another place where this info is available is in the output of the
+# “ROLE” command of a masteer.
+#
+# The listed IP and address normally reported by a replica is obtained
+# in the following way:
+#
+# IP: The address is auto detected by checking the peer address
+# of the socket used by the replica to connect with the master.
+#
+# Port: The port is communicated by the replica during the replication
+# handshake, and is normally the port that the replica is using to
+# list for connections.
+#
+# However when port forwarding or Network Address Translation (NAT) is
+# used, the replica may be actually reachable via different IP and port
+# pairs. The following two options can be used by a replica in order to
+# report to its master a specific set of IP and port, so that both INFO
+# and ROLE will report those values.
+#
+# There is no need to use both the options if you need to override just
+# the port or the IP address.
+#
+
+
+
+################################## SECURITY ###################################
+
+# Require clients to issue AUTH before processing any other
+# commands. This might be useful in environments in which you do not trust
+# others with access to the host running redis-server.
+#
+# This should stay commented out for backward compatibility and because most
+# people do not need auth (e.g. they run their own servers).
+#
+# Warning: since Redis is pretty fast an outside user can try up to
+# 150k passwords per second against a good box. This means that you should
+# use a very strong password otherwise it will be very easy to break.
+#
+
+
+# Command renaming.
+#
+# It is possible to change the name of dangerous commands in a shared
+# environment. For instance the CONFIG command may be renamed into something
+# hard to guess so that it will still be available for internal-use tools
+# but not available for general clients.
+#
+# Example:
+#
+# rename-command CONFIG b840fc02d524045429941cc15f59e41cb7be6c52
+#
+# It is also possible to completely kill a command by renaming it into
+# an empty string:
+#
+# rename-command CONFIG “”
+#
+# Please note that changing the name of commands that are logged into the
+# AOF file or transmitted to replicas may cause problems.
+rename-command KEYS “”
+################################### LIMITS ####################################
+
+# Set the max number of connected clients at the same time. By default
+# this limit is set to 10000 clients, however if the Redis server is not
+# able to configure the process file limit to allow for the specified limit
+# the max number of allowed clients is set to the current file limit
+# minus 32 (as Redis reserves a few file descriptors for internal uses).
+#
+# Once the limit is reached Redis will close all the new connections sending
+# an error ‘max number of clients reached’.
+#
+maxclients 10000
+
+# Don’t use more memory than the specified amount of bytes.
+# When the memory limit is reached Redis will try to remove keys
+# according to the eviction policy selected (see maxmemory-policy).
+#
+# If Redis can’t remove keys according to the policy, or if the policy is
+# set to ‘noeviction’, Redis will start to reply with errors to commands
+# that would use more memory, like SET, LPUSH, and so on, and will continue
+# to reply to read-only commands like GET.
+#
+# This option is usually useful when using Redis as an LRU cache, or to set
+# a hard memory limit for an instance (using the ‘noeviction’ policy).
+#
+# WARNING: If you have replicas attached to an instance with maxmemory on,
+# the size of the output buffers needed to feed the replicas are subtracted
+# from the used memory count, so that network problems / resyncs will
+# not trigger a loop where keys are evicted, and in turn the output
+# buffer of replicas is full with DELs of keys evicted triggering the deletion
+# of more keys, and so forth until the database is completely emptied.
+#
+# In short… if you have replicas attached it is suggested that you set a lower
+# limit for maxmemory so that there is some free RAM on the system for replica
+# output buffers (but this is not needed if the policy is ‘noeviction’).
+#
+# maxmemory
+maxmemory 0
+
+# MAXMEMORY POLICY: how Redis will select what to remove when maxmemory
+# is reached. You can select among five behaviors:
+#
+# volatile-lru -> remove the key with an expire set using an LRU algorithm
+# allkeys-lru -> remove any key according to the LRU algorithm
+# volatile-random -> remove a random key with an expire set
+# allkeys-random -> remove a random key, any key
+# volatile-ttl -> remove the key with the nearest expire time (minor TTL)
+# noeviction -> don’t expire at all, just return an error on write operations
+#
+# Note: with any of the above policies, Redis will return an error on write
+# operations, when there are no suitable keys for eviction.
+#
+# At the date of writing these commands are: set setnx setex append
+# incr decr rpush lpush rpushx lpushx linsert lset rpoplpush sadd
+# sinter sinterstore sunion sunionstore sdiff sdiffstore zadd zincrby
+# zunionstore zinterstore hset hsetnx hmset hincrby incrby decrby
+# getset mset msetnx exec sort
+#
+# The default is:
+#
+# maxmemory-policy noeviction
+maxmemory-policy noeviction
+
+# LRU and minimal TTL algorithms are not precise algorithms but approximated
+# algorithms (in order to save memory), so you can tune it for speed or
+# accuracy. For default Redis will check five keys and pick the one that was
+# used less recently, you can change the sample size using the following
+# configuration directive.
+#
+# The default of 5 produces good enough results. 10 Approximates very closely
+# true LRU but costs a bit more CPU. 3 is very fast but not very accurate.
+#
+# maxmemory-samples 5
+maxmemory-samples 5
+
+############################# LAZY FREEING ####################################
+
+# Redis has two primitives to delete keys. One is called DEL and is a blocking
+# deletion of the object. It means that the server stops processing new commands
+# in order to reclaim all the memory associated with an object in a synchronous
+# way. If the key deleted is associated with a small object, the time needed
+# in order to execute the DEL command is very small and comparable to most other
+# O(1) or O(log_N) commands in Redis. However if the key is associated with an
+# aggregated value containing millions of elements, the server can block for
+# a long time (even seconds) in order to complete the operation.
+#
+# For the above reasons Redis also offers non blocking deletion primitives
+# such as UNLINK (non blocking DEL) and the ASYNC option of FLUSHALL and
+# FLUSHDB commands, in order to reclaim memory in background. Those commands
+# are executed in constant time. Another thread will incrementally free the
+# object in the background as fast as possible.
+#
+# DEL, UNLINK and ASYNC option of FLUSHALL and FLUSHDB are user-controlled.
+# It’s up to the design of the application to understand when it is a good
+# idea to use one or the other. However the Redis server sometimes has to
+# delete keys or flush the whole database as a side effect of other operations.
+# Specifically Redis deletes objects independently of a user call in the
+# following scenarios:
+#
+# 1) On eviction, because of the maxmemory and maxmemory policy configurations,
+# in order to make room for new data, without going over the specified
+# memory limit.
+# 2) Because of expire: when a key with an associated time to live (see the
+# EXPIRE command) must be deleted from memory.
+# 3) Because of a side effect of a command that stores data on a key that may
+# already exist. For example the RENAME command may delete the old key
+# content when it is replaced with another one. Similarly SUNIONSTORE
+# or SORT with STORE option may delete existing keys. The SET command
+# itself removes any old content of the specified key in order to replace
+# it with the specified string.
+# 4) During replication, when a replica performs a full resynchronization with
+# its master, the content of the whole database is removed in order to
+# load the RDB file just transferred.
+#
+# In all the above cases the default is to delete objects in a blocking way,
+# like if DEL was called. However you can configure each case specifically
+# in order to instead release memory in a non-blocking way like if UNLINK
+# was called, using the following configuration directives:
+
+lazyfree-lazy-eviction no
+lazyfree-lazy-expire no
+lazyfree-lazy-server-del no
+replica-lazy-flush no
+
+################################ THREADED I/O #################################
+
+# Redis is mostly single threaded, however there are certain threaded
+# operations such as UNLINK, slow I/O accesses and other things that are
+# performed on side threads.
+#
+# Now it is also possible to handle Redis clients socket reads and writes
+# in different I/O threads. Since especially writing is so slow, normally
+# Redis users use pipelining in order to speed up the Redis performances per
+# core, and spawn multiple instances in order to scale more. Using I/O
+# threads it is possible to easily speedup two times Redis without resorting
+# to pipelining nor sharding of the instance.
+#
+# By default threading is disabled, we suggest enabling it only in machines
+# that have at least 4 or more cores, leaving at least one spare core.
+# Using more than 8 threads is unlikely to help much. We also recommend using
+# threaded I/O only if you actually have performance problems, with Redis
+# instances being able to use a quite big percentage of CPU time, otherwise
+# there is no point in using this feature.
+#
+# So for instance if you have a four cores boxes, try to use 2 or 3 I/O
+# threads, if you have a 8 cores, try to use 6 threads. In order to
+# enable I/O threads use the following configuration directive:
+#
+# io-threads 4
+#
+# Setting io-threads to 1 will just use the main thread as usual.
+# When I/O threads are enabled, we only use threads for writes, that is
+# to thread the write(2) syscall and transfer the client buffers to the
+# socket. However it is also possible to enable threading of reads and
+# protocol parsing using the following configuration directive, by setting
+# it to yes:
+#
+# io-threads-do-reads no
+#
+# Usually threading reads doesn’t help much.
+#
+# NOTE 1: This configuration directive cannot be changed at runtime via
+# CONFIG SET. Aso this feature currently does not work when SSL is
+# enabled.
+#
+# NOTE 2: If you want to test the Redis speedup using redis-benchmark, make
+# sure you also run the benchmark itself in threaded mode, using the
+# --threads option to match the number of Redis threads, otherwise you’ll not
+# be able to notice the improvements.
+
+io-threads 1
+io-threads-do-reads no
+
+############################## APPEND ONLY MODE ###############################
+
+# By default Redis asynchronously dumps the dataset on disk. This mode is
+# good enough in many applications, but an issue with the Redis process or
+# a power outage may result into a few minutes of writes lost (depending on
+# the configured save points).
+#
+# The Append Only File is an alternative persistence mode that provides
+# much better durability. For instance using the default data fsync policy
+# (see later in the config file) Redis can lose just one second of writes in a
+# dramatic event like a server power outage, or a single write if something
+# wrong with the Redis process itself happens, but the operating system is
+# still running correctly.
+#
+# AOF and RDB persistence can be enabled at the same time without problems.
+# If the AOF is enabled on startup Redis will load the AOF, that is the file
+# with the better durability guarantees.
+#
+# Please check http://redis.io/topics/persistence for more information.
+
+appendonly no
+
+# The name of the append only file (default: “appendonly.aof”)
+
+# appendfilename “appendonly.aof”
+
+# The fsync() call tells the Operating System to actually write data on disk
+# instead of waiting for more data in the output buffer. Some OS will really flush
+# data on disk, some other OS will just try to do it ASAP.
+#
+# Redis supports three different modes:
+#
+# no: don’t fsync, just let the OS flush the data when it wants. Faster.
+# always: fsync after every write to the append only log. Slow, Safest.
+# everysec: fsync only one time every second. Compromise.
+#
+# The default is “everysec”, as that’s usually the right compromise between
+# speed and data safety. It’s up to you to understand if you can relax this to
+# “no” that will let the operating system flush the output buffer when
+# it wants, for better performances (but if you can live with the idea of
+# some data loss consider the default persistence mode that’s snapshotting),
+# or on the contrary, use “always” that’s very slow but a bit safer than
+# everysec.
+#
+# More details please check the following article:
+# http://antirez.com/post/redis-persistence-demystified.html
+#
+# If unsure, use “everysec”.
+
+# appendfsync always
+appendfsync everysec
+# appendfsync no
+
+# When the AOF fsync policy is set to always or everysec, and a background
+# saving process (a background save or AOF log background rewriting) is
+# performing a lot of I/O against the disk, in some Linux configurations
+# Redis may block too long on the fsync() call. Note that there is no fix for
+# this currently, as even performing fsync in a different thread will block
+# our synchronous write(2) call.
+#
+# In order to mitigate this problem it’s possible to use the following option
+# that will prevent fsync() from being called in the main process while a
+# BGSAVE or BGREWRITEAOF is in progress.
+#
+# This means that while another child is saving, the durability of Redis is
+# the same as “appendfsync none”. In practical terms, this means that it is
+# possible to lose up to 30 seconds of log in the worst scenario (with the
+# default Linux settings).
+#
+# If you have latency problems turn this to “yes”. Otherwise leave it as
+# “no” that is the safest pick from the point of view of durability.
+
+no-appendfsync-on-rewrite no
+
+# Automatic rewrite of the append only file.
+# Redis is able to automatically rewrite the log file implicitly calling
+# BGREWRITEAOF when the AOF log size grows by the specified percentage.
+#
+# This is how it works: Redis remembers the size of the AOF file after the
+# latest rewrite (if no rewrite has happened since the restart, the size of
+# the AOF at startup is used).
+#
+# This base size is compared to the current size. If the current size is
+# bigger than the specified percentage, the rewrite is triggered. Also
+# you need to specify a minimal size for the AOF file to be rewritten, this
+# is useful to avoid rewriting the AOF file even if the percentage increase
+# is reached but it is still pretty small.
+#
+# Specify a percentage of zero in order to disable the automatic AOF
+# rewrite feature.
+
+auto-aof-rewrite-percentage 100
+auto-aof-rewrite-min-size 64mb
+
+# An AOF file may be found to be truncated at the end during the Redis
+# startup process, when the AOF data gets loaded back into memory.
+# This may happen when the system where Redis is running
+# crashes, especially when an ext4 filesystem is mounted without the
+# data=ordered option (however this can’t happen when Redis itself
+# crashes or aborts but the operating system still works correctly).
+#
+# Redis can either exit with an error when this happens, or load as much
+# data as possible (the default now) and start if the AOF file is found
+# to be truncated at the end. The following option controls this behavior.
+#
+# If aof-load-truncated is set to yes, a truncated AOF file is loaded and
+# the Redis server starts emitting a log to inform the user of the event.
+# Otherwise if the option is set to no, the server aborts with an error
+# and refuses to start. When the option is set to no, the user requires
+# to fix the AOF file using the “redis-check-aof” utility before to restart
+# the server.
+#
+# Note that if the AOF file will be found to be corrupted in the middle
+# the server will still exit with an error. This option only applies when
+# Redis will try to read more data from the AOF file but not enough bytes
+# will be found.
+# aof-load-truncated yes
+
+################################ LUA SCRIPTING ###############################
+
+# Max execution time of a Lua script in milliseconds.
+#
+# If the maximum execution time is reached Redis will log that a script is
+# still in execution after the maximum allowed time and will start to
+# reply to queries with an error.
+#
+# When a long running script exceeds the maximum execution time only the
+# SCRIPT KILL and SHUTDOWN NOSAVE commands are available. The first can be
+# used to stop a script that did not yet called write commands. The second
+# is the only way to shut down the server in the case a write command was
+# already issued by the script but the user doesn’t want to wait for the natural
+# termination of the script.
+#
+# Set it to 0 or a negative value for unlimited execution without warnings.
+lua-time-limit 5000
+
+################################ REDIS CLUSTER ###############################
+#
+# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+# WARNING EXPERIMENTAL: Redis Cluster is considered to be stable code, however
+# in order to mark it as “mature” we need to wait for a non trivial percentage
+# of users to deploy it in production.
+# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+#
+# Normal Redis instances can’t be part of a Redis Cluster; only nodes that are
+# started as cluster nodes can. In order to start a Redis instance as a
+# cluster node enable the cluster support uncommenting the following:
+#
+# cluster-enabled yes
+
+# Every cluster node has a cluster configuration file. This file is not
+# intended to be edited by hand. It is created and updated by Redis nodes.
+# Every Redis Cluster node requires a different cluster configuration file.
+# Make sure that instances running in the same system do not have
+# overlapping cluster configuration file names.
+#
+# cluster-config-file nodes-6379.conf
+
+# Cluster node timeout is the amount of milliseconds a node must be unreachable
+# for it to be considered in failure state.
+# Most other internal time limits are multiple of the node timeout.
+#
+# cluster-node-timeout 15000
+
+# A replica of a failing master will avoid to start a failover if its data
+# looks too old.
+#
+# There is no simple way for a replica to actually have a exact measure of
+# its “data age”, so the following two checks are performed:
+#
+# 1) If there are multiple replicas able to failover, they exchange messages
+# in order to try to give an advantage to the replica with the best
+# replication offset (more data from the master processed).
+# replicas will try to get their rank by offset, and apply to the start
+# of the failover a delay proportional to their rank.
+#
+# 2) Every single replica computes the time of the last interaction with
+# its master. This can be the last ping or command received (if the master
+# is still in the “connected” state), or the time that elapsed since the
+# disconnection with the master (if the replication link is currently down).
+# If the last interaction is too old, the replica will not try to failover
+# at all.
+#
+# The point “2” can be tuned by user. Specifically a replica will not perform
+# the failover if, since the last interaction with the master, the time
+# elapsed is greater than:
+#
+# (node-timeout * replica-validity-factor) + repl-ping-replica-period
+#
+# So for example if node-timeout is 30 seconds, and the replica-validity-factor
+# is 10, and assuming a default repl-ping-replica-period of 10 seconds, the
+# replica will not try to failover if it was not able to talk with the master
+# for longer than 310 seconds.
+#
+# A large replica-validity-factor may allow replicas with too old data to failover
+# a master, while a too small value may prevent the cluster from being able to
+# elect a replica at all.
+#
+# For maximum availability, it is possible to set the replica-validity-factor
+# to a value of 0, which means, that replicas will always try to failover the
+# master regardless of the last time they interacted with the master.
+# (However they’ll always try to apply a delay proportional to their
+# offset rank).
+#
+# Zero is the only value able to guarantee that when all the partitions heal
+# the cluster will always be able to continue.
+#
+# cluster-replica-validity-factor 10
+
+# Cluster replicas are able to migrate to orphaned masters, that are masters
+# that are left without working replicas. This improves the cluster ability
+# to resist to failures as otherwise an orphaned master can’t be failed over
+# in case of failure if it has no working replicas.
+#
+# replicas migrate to orphaned masters only if there are still at least a
+# given number of other working replicas for their old master. This number
+# is the “migration barrier”. A migration barrier of 1 means that a replica
+# will migrate only if there is at least 1 other working replica for its master
+# and so forth. It usually reflects the number of replicas you want for every
+# master in your cluster.
+#
+# Default is 1 (replicas migrate only if their masters remain with at least
+# one replica). To disable migration just set it to a very large value.
+# A value of 0 can be set but is useful only for debugging and dangerous
+# in production.
+#
+# cluster-migration-barrier 1
+
+# By default Redis Cluster nodes stop accepting queries if they detect there
+# is at least an hash slot uncovered (no available node is serving it).
+# This way if the cluster is partially down (for example a range of hash slots
+# are no longer covered) all the cluster becomes, eventually, unavailable.
+# It automatically returns available as soon as all the slots are covered again.
+#
+# However sometimes you want the subset of the cluster which is working,
+# to continue to accept queries for the part of the key space that is still
+# covered. In order to do so, just set the cluster-require-full-coverage
+# option to no.
+#
+# cluster-require-full-coverage yes
+
+# In order to setup your cluster make sure to read the documentation
+# available at http://redis.io web site.
+
+################################## SLOW LOG ###################################
+
+# The Redis Slow Log is a system to log queries that exceeded a specified
+# execution time. The execution time does not include the I/O operations
+# like talking with the client, sending the reply and so forth,
+# but just the time needed to actually execute the command (this is the only
+# stage of command execution where the thread is blocked and can not serve
+# other requests in the meantime).
+#
+# You can configure the slow log with two parameters: one tells Redis
+# what is the execution time, in microseconds, to exceed in order for the
+# command to get logged, and the other parameter is the length of the
+# slow log. When a new command is logged the oldest one is removed from the
+# queue of logged commands.
+
+# The following time is expressed in microseconds, so 1000000 is equivalent
+# to one second. Note that a negative number disables the slow log, while
+# a value of zero forces the logging of every command.
+slowlog-log-slower-than 10000
+
+# There is no limit to this length. Just be aware that it will consume memory.
+# You can reclaim memory used by the slow log with SLOWLOG RESET.
+slowlog-max-len 128
+
+################################ LATENCY MONITOR ##############################
+
+# The Redis latency monitoring subsystem samples different operations
+# at runtime in order to collect data related to possible sources of
+# latency of a Redis instance.
+#
+# Via the LATENCY command this information is available to the user that can
+# print graphs and obtain reports.
+#
+# The system only logs operations that were performed in a time equal or
+# greater than the amount of milliseconds specified via the
+# latency-monitor-threshold configuration directive. When its value is set
+# to zero, the latency monitor is turned off.
+#
+# By default latency monitoring is disabled since it is mostly not needed
+# if you don’t have latency issues, and collecting data has a performance
+# impact, that while very small, can be measured under big load. Latency
+# monitoring can easily be enabled at runtime using the command
+# “CONFIG SET latency-monitor-threshold ” if needed.
+# latency-monitor-threshold 0
+
+############################# EVENT NOTIFICATION ##############################
+
+# Redis can notify Pub/Sub clients about events happening in the key space.
+# This feature is documented at http://redis.io/topics/notifications
+#
+# For instance if keyspace events notification is enabled, and a client
+# performs a DEL operation on key “foo” stored in the Database 0, two
+# messages will be published via Pub/Sub:
+#
+# PUBLISH keyspace@0:foo del
+# PUBLISH keyevent@0:del foo
+#
+# It is possible to select the events that Redis will notify among a set
+# of classes. Every class is identified by a single character:
+#
+# K Keyspace events, published with keyspace@ prefix.
+# E Keyevent events, published with keyevent@ prefix.
+# g Generic commands (non-type specific) like DEL, EXPIRE, RENAME, …
+# $ String commands
+# l List commands
+# s Set commands
+# h Hash commands
+# z Sorted set commands
+# x Expired events (events generated every time a key expires)
+# e Evicted events (events generated when a key is evicted for maxmemory)
+# A Alias for g$lshzxe, so that the “AKE” string means all the events.
+#
+# The “notify-keyspace-events” takes as argument a string that is composed
+# of zero or multiple characters. The empty string means that notifications
+# are disabled.
+#
+# Example: to enable list and generic events, from the point of view of the
+# event name, use:
+#
+# notify-keyspace-events Elg
+#
+# Example 2: to get the stream of the expired keys subscribing to channel
+# name keyevent@0:expired use:
+#
+# notify-keyspace-events Ex
+#
+# By default all notifications are disabled because most users don’t need
+# this feature and the feature has some overhead. Note that if you don’t
+# specify at least one of K or E, no events will be delivered.
+notify-keyspace-events “”
+
+############################### ADVANCED CONFIG ###############################
+
+# Hashes are encoded using a memory efficient data structure when they have a
+# small number of entries, and the biggest entry does not exceed a given
+# threshold. These thresholds can be configured using the following directives.
+hash-max-ziplist-entries 512
+hash-max-ziplist-value 64
+
+# Lists are also encoded in a special way to save a lot of space.
+# The number of entries allowed per internal list node can be specified
+# as a fixed maximum size or a maximum number of elements.
+# For a fixed maximum size, use -5 through -1, meaning:
+# -5: max size: 64 Kb <-- not recommended for normal workloads
+# -4: max size: 32 Kb <-- not recommended
+# -3: max size: 16 Kb <-- probably not recommended
+# -2: max size: 8 Kb <-- good
+# -1: max size: 4 Kb <-- good
+# Positive numbers mean store up to exactly that number of elements
+# per list node.
+# The highest performing option is usually -2 (8 Kb size) or -1 (4 Kb size),
+# but if your use case is unique, adjust the settings as necessary.
+# list-max-ziplist-size -2
+
+# Lists may also be compressed.
+# Compress depth is the number of quicklist ziplist nodes from each side of
+# the list to exclude from compression. The head and tail of the list
+# are always uncompressed for fast push/pop operations. Settings are:
+# 0: disable all list compression
+# 1: depth 1 means “don’t start compressing until after 1 node into the list,
+# going from either the head or tail”
+# So: [head]->node->node->…->node->[tail]
+# [head], [tail] will always be uncompressed; inner nodes will compress.
+# 2: [head]->[next]->node->node->…->node->[prev]->[tail]
+# 2 here means: don’t compress head or head->next or tail->prev or tail,
+# but compress all nodes between them.
+# 3: [head]->[next]->[next]->node->node->…->node->[prev]->[prev]->[tail]
+# etc.
+# list-compress-depth 0
+
+# Sets have a special encoding in just one case: when a set is composed
+# of just strings that happen to be integers in radix 10 in the range
+# of 64 bit signed integers.
+# The following configuration setting sets the limit in the size of the
+# set in order to use this special memory saving encoding.
+set-max-intset-entries 512
+
+# Similarly to hashes and lists, sorted sets are also specially encoded in
+# order to save a lot of space. This encoding is only used when the length and
+# elements of a sorted set are below the following limits:
+zset-max-ziplist-entries 128
+zset-max-ziplist-value 64
+
+# HyperLogLog sparse representation bytes limit. The limit includes the
+# 16 bytes header. When an HyperLogLog using the sparse representation crosses
+# this limit, it is converted into the dense representation.
+#
+# A value greater than 16000 is totally useless, since at that point the
+# dense representation is more memory efficient.
+#
+# The suggested value is ~ 3000 in order to have the benefits of
+# the space efficient encoding without slowing down too much PFADD,
+# which is O(N) with the sparse encoding. The value can be raised to
+# ~ 10000 when CPU is not a concern, but space is, and the data set is
+# composed of many HyperLogLogs with cardinality in the 0 - 15000 range.
+# hll-sparse-max-bytes 3000
+
+# Active rehashing uses 1 millisecond every 100 milliseconds of CPU time in
+# order to help rehashing the main Redis hash table (the one mapping top-level
+# keys to values). The hash table implementation Redis uses (see dict.c)
+# performs a lazy rehashing: the more operation you run into a hash table
+# that is rehashing, the more rehashing “steps” are performed, so if the
+# server is idle the rehashing is never complete and some more memory is used
+# by the hash table.
+#
+# The default is to use this millisecond 10 times every second in order to
+# actively rehash the main dictionaries, freeing memory when possible.
+#
+# If unsure:
+# use “activerehashing no” if you have hard latency requirements and it is
+# not a good thing in your environment that Redis can reply from time to time
+# to queries with 2 milliseconds delay.
+#
+# use “activerehashing yes” if you don’t have such hard requirements but
+# want to free memory asap when possible.
+activerehashing yes
+
+# The client output buffer limits can be used to force disconnection of clients
+# that are not reading data from the server fast enough for some reason (a
+# common reason is that a Pub/Sub client can’t consume messages as fast as the
+# publisher can produce them).
+#
+# The limit can be set differently for the three different classes of clients:
+#
+# normal -> normal clients including MONITOR clients
+# replica -> replica clients
+# pubsub -> clients subscribed to at least one pubsub channel or pattern
+#
+# The syntax of every client-output-buffer-limit directive is the following:
+#
+# client-output-buffer-limit
+#
+# A client is immediately disconnected once the hard limit is reached, or if
+# the soft limit is reached and remains reached for the specified number of
+# seconds (continuously).
+# So for instance if the hard limit is 32 megabytes and the soft limit is
+# 16 megabytes / 10 seconds, the client will get disconnected immediately
+# if the size of the output buffers reach 32 megabytes, but will also get
+# disconnected if the client reaches 16 megabytes and continuously overcomes
+# the limit for 10 seconds.
+#
+# By default normal clients are not limited because they don’t receive data
+# without asking (in a push way), but just after a request, so only
+# asynchronous clients may create a scenario where data is requested faster
+# than it can read.
+#
+# Instead there is a default limit for pubsub and replica clients, since
+# subscribers and replicas receive data in a push fashion.
+#
+# Both the hard or the soft limit can be disabled by setting them to zero.
+client-output-buffer-limit normal 0 0 0
+client-output-buffer-limit replica 256mb 64mb 60
+client-output-buffer-limit pubsub 32mb 8mb 60
+
+# Redis calls an internal function to perform many background tasks, like
+# closing connections of clients in timeout, purging expired keys that are
+# never requested, and so forth.
+#
+# Not all tasks are performed with the same frequency, but Redis checks for
+# tasks to perform according to the specified “hz” value.
+#
+# By default “hz” is set to 10. Raising the value will use more CPU when
+# Redis is idle, but at the same time will make Redis more responsive when
+# there are many keys expiring at the same time, and timeouts may be
+# handled with more precision.
+#
+# The range is between 1 and 500, however a value over 100 is usually not
+# a good idea. Most users should use the default of 10 and raise this up to
+# 100 only in environments where very low latency is required.
+hz 10
+
+# When a child rewrites the AOF file, if the following option is enabled
+# the file will be fsync-ed every 32 MB of data generated. This is useful
+# in order to commit the file to the disk more incrementally and avoid
+# big latency spikes.
+aof-rewrite-incremental-fsync yes
service[redis] action nothing (skipped due to action :nothing)
runit_service[redis] action enable
file[/opt/gitlab/etc/gitaly/env/SSL_CERT_DIR] action create
file[/opt/gitlab/etc/gitaly/env/GITALY_PID_FILE] action create
file[/opt/gitlab/etc/gitaly/env/WRAPPER_JSON_LOGGING] action create
template[Create Gitaly config.toml] action create
+socket_path = ‘/var/opt/gitlab/gitaly/gitaly.socket’
+
+internal_socket_dir = ‘/var/opt/gitlab/gitaly/internal_sockets’
+bin_dir = ‘/opt/gitlab/embedded/bin’
+
+
+# Optional: export metrics via Prometheus
+prometheus_listen_addr = ‘localhost:9236’
+
+
+[[storage]]
+name = ‘default’
+path = ‘/var/opt/gitlab/git-data/repositories’
+
+[logging]
+format = ‘json’
+dir = ‘/var/log/gitlab/gitaly’
+
+
+[auth]
+
+[git]
+
+
+[gitaly-ruby]
+dir = “/opt/gitlab/embedded/service/gitaly-ruby”
+rugged_git_config_search_path = “/opt/gitlab/embedded/etc”
service[gitaly] action nothing (skipped due to action :nothing)
runit_service[gitaly] action enable
execute[/opt/gitlab/bin/gitlab-ctl start gitaly] action run
[execute] ok: run: gitaly: (pid 39050) 2s
version_file[Create version file for Gitaly] action create
version_file[Create Ruby version file for Gitaly] action create
consul_service[gitaly] action delete
ruby_block[check_postgresql_version] action run (skipped due to not_if)
ruby_block[check_postgresql_version_is_deprecated] action run (skipped due to not_if)
ruby_block[Link postgresql bin files to the correct version] action run
template[/opt/gitlab/etc/gitlab-psql-rc] action create
account[Postgresql user and group] action create
directory[/var/opt/gitlab/postgresql] action create
file[/var/opt/gitlab/postgresql/.profile] action create
gitlab_sysctl[kernel.shmmax] action create
gitlab_sysctl[kernel.shmall] action create
gitlab_sysctl[kernel.sem] action create
directory[create /etc/sysctl.d for kernel.sem] action create (up to date)
file[create /opt/gitlab/embedded/etc/90-omnibus-gitlab-kernel.sem.conf kernel.sem] action create
link[/etc/sysctl.d/90-omnibus-gitlab-kernel.sem.conf] action create
execute[load sysctl conf kernel.sem] action nothing (skipped due to action :nothing)
execute[load sysctl conf kernel.sem] action run
[execute] kernel.sem = 250 32000 32 262
# (change requires restart, also requires 'wal_level' of 'hot_standby' OR 'replica')
-#restore_command = ‘’ # command to use to restore an archived logfile segment
# placeholders: %p = path of file to restore
# %f = file name only
# e.g. 'cp /mnt/server/archivedir/%f %p'
# (change requires restart)
-#recovery_target = ‘’ # ‘immediate’ to end recovery as soon as a
# consistent state is reached
# (change requires restart)
-#recovery_target_name = ‘’ # the named restore point to which recovery will proceed
# (change requires restart)
-#recovery_target_time = ‘’ # the time stamp up to which recovery will proceed
# (change requires restart)
-#recovery_target_xid = ‘’ # the transaction ID up to which recovery will proceed
# (change requires restart)
-#recovery_target_lsn = ‘’ # the WAL LSN up to which recovery will proceed
# (change requires restart)
-#recovery_target_inclusive = on # Specifies whether to stop:
# just after the specified recovery target (on)
# just before the recovery target (off)
# (change requires restart)
-#recovery_target_timeline = ‘latest’ # ‘current’, ‘latest’, or timeline ID
# (change requires restart)
-#recovery_target_action = ‘pause’ # ‘pause’, ‘promote’, ‘shutdown’
# (change requires restart)
#------------------------------------------------------------------------------
#------------------------------------------------------------------------------
-#max_wal_senders = 10 # max number of walsender processes
# (change requires restart)
-#max_replication_slots = 10 # max number of replication slots
# (change requires restart)
-#track_commit_timestamp = off # collect timestamp of transaction commit
# (change requires restart)
-# These settings are ignored on a standby server.
+# These settings are ignored on a standby server
-#synchronous_standby_names = ‘’ # standby servers that provide sync rep
# method to choose sync standbys, number of sync standbys,
# and comma-separated list of application_name
# from standby(s); '*' = all
-#vacuum_defer_cleanup_age = 0 # number of xacts by which cleanup is delayed
+max_wal_senders = 0
# (change requires restart)
+#wal_sender_delay = 1s # walsender cycle time, 1-10000 milliseconds
+#vacuum_defer_cleanup_age = 0 # number of xacts by which cleanup is delayed
+#replication_timeout = 60s # in milliseconds; 0 disables
+#synchronous_standby_names = ‘’ # standby servers that provide sync rep
# comma-separated list of application_name
# from standby(s); '*' = all
-# These settings are ignored on a master server.
+# These settings are ignored on a master server
-#primary_conninfo = ‘’ # connection string to sending server
# (change requires restart)
-#primary_slot_name = ‘’ # replication slot on sending server
# (change requires restart)
-#promote_trigger_file = ‘’ # file name whose presence ends recovery
-#hot_standby = on # “off” disallows queries during recovery
# (change requires restart)
-#max_standby_archive_delay = 30s # max delay before canceling queries
# when reading WAL from archive;
# -1 allows indefinite delay
-#max_standby_streaming_delay = 30s # max delay before canceling queries
# when reading streaming WAL;
# -1 allows indefinite delay
-#wal_receiver_status_interval = 10s # send replies at least this often
# 0 disables
-#hot_standby_feedback = off # send info from standby to prevent
# query conflicts
-#wal_receiver_timeout = 60s # time that receiver waits for
# communication from master
# in milliseconds; 0 disables
-#wal_retrieve_retry_interval = 5s # time to wait before retrying to
# retrieve WAL after a failed attempt
-#recovery_min_apply_delay = 0 # minimum delay for applying changes during recovery
+hot_standby = off
# (change requires restart)
+#wal_receiver_status_interval = 10s # send replies at least this often
# 0 disables
-#max_logical_replication_workers = 4 # taken from max_worker_processes
# (change requires restart)
#------------------------------------------------------------------------------
#------------------------------------------------------------------------------
@@ -350,218 +228,126 @@
#enable_hashagg = on
#enable_hashjoin = on
#enable_indexscan = on
-#enable_indexonlyscan = on
#enable_material = on
#enable_mergejoin = on
#enable_nestloop = on
-#enable_parallel_append = on
#enable_seqscan = on
#enable_sort = on
#enable_tidscan = on
-#enable_partitionwise_join = off
-#enable_partitionwise_aggregate = off
-#enable_parallel_hash = on
-#enable_partition_pruning = on
-#seq_page_cost = 1.0 # measured on an arbitrary scale
-#random_page_cost = 4.0 # same scale as above
-#cpu_tuple_cost = 0.01 # same scale as above
-#cpu_index_tuple_cost = 0.005 # same scale as above
-#cpu_operator_cost = 0.0025 # same scale as above
-#parallel_tuple_cost = 0.1 # same scale as above
-#parallel_setup_cost = 1000.0 # same scale as above
+#cpu_tuple_cost = 0.01 # same scale as above
+#cpu_index_tuple_cost = 0.005 # same scale as above
+#cpu_operator_cost = 0.0025 # same scale as above
-#jit_above_cost = 100000 # perform JIT compilation if available
# and query more expensive than this;
# -1 disables
-#jit_inline_above_cost = 500000 # inline small functions if query is
# more expensive than this; -1 disables
-#jit_optimize_above_cost = 500000 # use expensive JIT optimizations if
# query is more expensive than this;
# -1 disables
#geqo = on
#geqo_threshold = 12
-#geqo_effort = 5 # range 1-10
-#geqo_pool_size = 0 # selects default based on effort
-#geqo_generations = 0 # selects default based on effort
-#geqo_selection_bias = 2.0 # range 1.5-2.0
-#geqo_seed = 0.0 # range 0.0-1.0
+#geqo_effort = 5 # range 1-10
+#geqo_pool_size = 0 # selects default based on effort
+#geqo_generations = 0 # selects default based on effort
+#geqo_selection_bias = 2.0 # range 1.5-2.0
+#geqo_seed = 0.0 # range 0.0-1.0
-#default_statistics_target = 100 # range 1-10000
-#constraint_exclusion = partition # on, off, or partition
-#cursor_tuple_fraction = 0.1 # range 0.0-1.0
+#default_statistics_target = 100 # range 1-10000
+#constraint_exclusion = partition # on, off, or partition
+#cursor_tuple_fraction = 0.1 # range 0.0-1.0
#from_collapse_limit = 8
-#join_collapse_limit = 8 # 1 disables collapsing of explicit
# JOIN clauses
-#force_parallel_mode = off
-#jit = on # allow JIT compilation
-#plan_cache_mode = auto # auto, force_generic_plan or
# force_custom_plan
+#join_collapse_limit = 8 # 1 disables collapsing of explicit
# JOIN clauses
#debug_print_parse = off
#debug_print_rewritten = off
#debug_print_plan = off
#debug_pretty_print = on
-#log_checkpoints = off
#log_connections = off
#log_disconnections = off
#log_duration = off
-#log_error_verbosity = default # terse, default, or verbose messages
+#log_error_verbosity = default # terse, default, or verbose messages
#log_hostname = off
-#log_line_prefix = '%m [%p] ’ # special values:
# %a = application name
# %u = user name
# %d = database name
# %r = remote host and port
# %h = remote host
# %p = process ID
# %t = timestamp without milliseconds
# %m = timestamp with milliseconds
# %n = timestamp with milliseconds (as a Unix epoch)
# %i = command tag
# %e = SQL state
# %c = session ID
# %l = session line number
# %s = session start timestamp
# %v = virtual transaction ID
# %x = transaction ID (0 if none)
# %q = stop here in non-session
# processes
# %% = '%'
# e.g. '<%u%%%d> '
-#log_lock_waits = off # log lock waits >= deadlock_timeout
-#log_statement = ‘none’ # none, ddl, mod, all
-#log_replication_commands = off
-#log_temp_files = -1 # log temporary files equal or larger
# than the specified size in kilobytes;
# -1 disables, 0 logs all temp files
-log_timezone = ‘Asia/Shanghai’
+#log_lock_waits = off # log lock waits >= deadlock_timeout
+#log_statement = ‘none’ # none, ddl, mod, all
+#log_timezone = ‘(defaults to server environment setting)’
-#------------------------------------------------------------------------------
-# PROCESS TITLE
-#------------------------------------------------------------------------------
-#cluster_name = ‘’ # added to process titles if nonempty
# (change requires restart)
#------------------------------------------------------------------------------
-# STATISTICS
+# RUNTIME STATISTICS
#------------------------------------------------------------------------------
-# - Query and Index Statistics Collector -
+# - Query/Index Statistics Collector -
#track_activities = on
#track_counts = on
-#track_io_timing = off
-#track_functions = none # none, pl, all
-#track_activity_query_size = 1024 # (change requires restart)
+#track_functions = none # none, pl, all
+track_activity_query_size = 1024 # (change requires restart)
+#update_process_title = on
#stats_temp_directory = ‘pg_stat_tmp’
-# - Monitoring -
+# - Statistics Monitoring -
#log_parser_stats = off
#log_planner_stats = off
@@ -570,117 +356,53 @@
#------------------------------------------------------------------------------
-# AUTOVACUUM
+# AUTOVACUUM PARAMETERS
#------------------------------------------------------------------------------
-#autovacuum = on # Enable autovacuum subprocess? ‘on’
# requires track_counts to also be on.
-#log_autovacuum_min_duration = -1 # -1 disables, 0 logs all actions and
# their durations, > 0 logs only
# actions running at least this number
# of milliseconds.
-#autovacuum_max_workers = 3 # max number of autovacuum subprocesses
# (change requires restart)
-#autovacuum_naptime = 1min # time between autovacuum runs
-#autovacuum_vacuum_threshold = 50 # min number of row updates before
# vacuum
-#autovacuum_analyze_threshold = 50 # min number of row updates before
# analyze
-#autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum
-#autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze
-#autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum
# (change requires restart)
-#autovacuum_multixact_freeze_max_age = 400000000 # maximum multixact age
# before forced vacuum
# (change requires restart)
-#autovacuum_vacuum_cost_delay = 2ms # default vacuum cost delay for
# autovacuum, in milliseconds;
# -1 means use vacuum_cost_delay
-#autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for
# autovacuum, -1 means use
# vacuum_cost_limit
+autovacuum_max_workers = 3 # max number of autovacuum subprocesses
# (change requires restart)
+autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum
# (change requires restart)
#------------------------------------------------------------------------------
#------------------------------------------------------------------------------
-#search_path = ‘“$user”, public’ # schema names
-#row_security = on
-#default_tablespace = ‘’ # a tablespace name, ‘’ uses the default
-#temp_tablespaces = ‘’ # a list of tablespace names, ‘’ uses
# only default tablespace
-#default_table_access_method = ‘heap’
+#search_path = ‘“$user”,public’ # schema names
+#default_tablespace = ‘’ # a tablespace name, ‘’ uses the default
+#temp_tablespaces = ‘’ # a list of tablespace names, ‘’ uses
# only default tablespace
#check_function_bodies = on
#default_transaction_isolation = ‘read committed’
#default_transaction_read_only = off
#default_transaction_deferrable = off
#session_replication_role = ‘origin’
-#statement_timeout = 0 # in milliseconds, 0 is disabled
-#lock_timeout = 0 # in milliseconds, 0 is disabled
-#idle_in_transaction_session_timeout = 0 # in milliseconds, 0 is disabled
#vacuum_freeze_min_age = 50000000
#vacuum_freeze_table_age = 150000000
-#vacuum_multixact_freeze_min_age = 5000000
-#vacuum_multixact_freeze_table_age = 150000000
-#vacuum_cleanup_index_scale_factor = 0.1 # fraction of total number of tuples
# before index cleanup, 0 always performs
# index cleanup
-#bytea_output = ‘hex’ # hex, escape
+#bytea_output = ‘hex’ # hex, escape
#xmlbinary = ‘base64’
#xmloption = ‘content’
-#gin_fuzzy_search_limit = 0
-#gin_pending_list_limit = 4MB
-datestyle = ‘iso, ymd’
#intervalstyle = ‘postgres’
-timezone = ‘Asia/Shanghai’
+#timezone = ‘(defaults to server environment setting)’
#timezone_abbreviations = ‘Default’ # Select the set of available time zone
# abbreviations. Currently, there are
# Default
# Australia (historical usage)
# India
# You can create your own file in
# share/timezonesets/.
-#extra_float_digits = 1 # min -15, max 3; any value >0 actually
# selects precise output mode
-#client_encoding = sql_ascii # actually, defaults to database
# encoding
# abbreviations. Currently, there are
# Default
# Australia
# India
# You can create your own file in
# share/timezonesets/.
+#extra_float_digits = 0 # min -15, max 3
+#client_encoding = sql_ascii # actually, defaults to database
# encoding
-# These settings are initialized by initdb, but they can be changed.
-lc_messages = ‘zh_CN.UTF-8’ # locale for system error message
# strings
#dynamic_library_path = ‘$libdir’
+#local_preload_libraries = ‘’
#------------------------------------------------------------------------------
@@ -688,28 +410,27 @@
#------------------------------------------------------------------------------
#deadlock_timeout = 1s
-#max_locks_per_transaction = 64 # min 10
# (change requires restart)
-#max_pred_locks_per_transaction = 64 # min 10
# (change requires restart)
-#max_pred_locks_per_relation = -2 # negative values mean
# (max_pred_locks_per_transaction
# / -max_pred_locks_per_relation) - 1
-#max_pred_locks_per_page = 2 # min 0
+max_locks_per_transaction = 128 # min 10
# (change requires restart)
+# Note: Each lock table slot uses ~270 bytes of shared memory, and there are
+# max_locks_per_transaction * (max_connections + max_prepared_transactions)
+# lock table slots.
+#max_pred_locks_per_transaction = 64 # min 10
# (change requires restart)
#------------------------------------------------------------------------------
-# VERSION AND PLATFORM COMPATIBILITY
+# VERSION/PLATFORM COMPATIBILITY
#------------------------------------------------------------------------------
#array_nulls = on
-#backslash_quote = safe_encoding # on, off, or safe_encoding
+#backslash_quote = safe_encoding # on, off, or safe_encoding
+#default_with_oids = off
#escape_string_warning = on
#lo_compat_privileges = off
-#operator_precedence_warning = off
#quote_all_identifiers = off
+#sql_inheritance = on
#standard_conforming_strings = on
#synchronize_seqscans = on
@@ -722,30 +443,15 @@
#------------------------------------------------------------------------------
-#exit_on_error = off # terminate session on any error?
-#restart_after_crash = on # reinitialize after backend crash?
-#data_sync_retry = off # retry or panic on failure to fsync
# data?
# (change requires restart)
+#exit_on_error = off # terminate session on any error?
+#restart_after_crash = on # reinitialize after backend crash?
-#include_dir = ‘…’ # include files ending in ‘.conf’ from
# a directory, e.g., 'conf.d'
-#------------------------------------------------------------------------------
#------------------------------------------------------------------------------
-# Add settings for extensions here
+#custom_variable_classes = ‘’ # list of custom variable class names
+
+include ‘runtime.conf’
template[/var/opt/gitlab/postgresql/data/runtime.conf] action create
sudo gitlab-ctl reconfigure
.+# Changing variables in this file should only require a reload of PostgreSQL
+# As the gitlab-psql user, run:
+# /opt/gitlab/embedded/bin/pg_ctl reload -D /var/opt/gitlab/postgresql/data
+work_mem = 16MB # min 64kB
+maintenance_work_mem = 16MB # 16MB # min 1MB
+synchronous_commit = on # synchronization level; on, off, or local
+synchronous_standby_names = ‘’
+
+# - Checkpoints -
+min_wal_size = 80MB
+max_wal_size = 1GB
+
+checkpoint_timeout = 5min # range 30s-1h, default 5min
+checkpoint_completion_target = 0.9 # checkpoint target duration, 0.0 - 1.0, default 0.5
+checkpoint_warning = 30s # 0 disables, default 30s
+
+# - Logging -
+log_directory = ‘/var/log/gitlab/postgresql’
+
+# - Archiving -
+archive_command = ‘’ # command to use to archive a logfile segment
+archive_timeout = 0 # force a logfile segment switch after this
# number of seconds; 0 disables
+# - Replication
+wal_keep_segments = 10
+
+max_standby_archive_delay = 30s # max delay before canceling queries
# when reading WAL from archive;
# -1 allows indefinite delay
+max_standby_streaming_delay = 30s # max delay before canceling queries
# when reading streaming WAL;
# -1 allows indefinite delay
+hot_standby_feedback = off # send info from standby to prevent
# query conflicts
+# - Planner Cost Constants -
+#seq_page_cost = 1.0 # measured on an arbitrary scale
+random_page_cost = 2.0 # same scale as above
+
+effective_cache_size = 1751MB # Default 128MB
+
+log_min_duration_statement = -1 # -1 is disabled, 0 logs all statements
# and their durations, > 0 logs only
# statements running at least this number
# of milliseconds
+log_checkpoints = off
+
+log_line_prefix = ‘’ # default ‘’, special values:
# %a = application name
# %u = user name
# %d = database name
# %r = remote host and port
# %h = remote host
# %p = process ID
# %t = timestamp without milliseconds
# %m = timestamp with milliseconds
# %i = command tag
# %e = SQL state
# %c = session ID
# %l = session line number
# %s = session start timestamp
# %v = virtual transaction ID
# %x = transaction ID (0 if none)
# %q = stop here in non-session
# processes
# %% = '%'
+log_temp_files = -1 # log temporary files equal or larger
# than the specified size in kilobytes;
# -1 disables, 0 logs all temp files
+# - Autovacuum parameters -
+autovacuum = on # Enable autovacuum subprocess? ‘on’
# requires track_counts to also be on.
+log_autovacuum_min_duration = -1 # -1 disables, 0 logs all actions and
# their durations, > 0 logs only
# actions running at least this number
# of milliseconds.
+autovacuum_naptime = 1min # time between autovacuum runs
+autovacuum_vacuum_threshold = 50 # min number of row updates before
# vacuum
+autovacuum_analyze_threshold = 50 # min number of row updates before
# analyze
+autovacuum_vacuum_scale_factor = 0.02 # fraction of table size before vacuum
+autovacuum_analyze_scale_factor = 0.01 # fraction of table size before analyze
+autovacuum_vacuum_cost_delay = 20ms # default vacuum cost delay for
# autovacuum, in milliseconds;
# -1 means use vacuum_cost_delay
+autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for
# autovacuum, -1 means use
# vacuum_cost_limit
+# Parameters for gathering statistics
+default_statistics_target = 1000
+
+# - Client connection timeouts
+statement_timeout = 60000
+
+idle_in_transaction_session_timeout = 60000
+
+# IO settings
+effective_io_concurrency = 1
+track_io_timing = ‘off’
+
+# Parallel worker settings
+max_worker_processes = 8
+max_parallel_workers_per_gather = 0
+
+# Deadlock handling and logging
+deadlock_timeout = ‘5s’
+log_lock_waits = 1
+
+# - Locale and Formatting -
+datestyle = ‘iso, mdy’
+
+# These settings are initialized by initdb, but they can be changed.
+lc_messages = ‘C’ # locale for system error message
# strings
+lc_monetary = ‘C’ # locale for monetary formatting
+lc_numeric = ‘C’ # locale for number formatting
+lc_time = ‘C’ # locale for time formatting
+
+# default configuration for text search
+default_text_search_config = ‘pg_catalog.english’
template[/var/opt/gitlab/postgresql/data/pg_hba.conf] action create
sudo gitlab-ctl reconfigure
.-# Refer to the “Client Authentication” section in the PostgreSQL
-# documentation for a complete description of this file. A short
-# synopsis follows.
+# Refer to the “Client Authentication” section in the
+# PostgreSQL documentation for a complete description
+# of this file. A short synopsis follows.
-# local DATABASE USER METHOD [OPTIONS]
-# host DATABASE USER ADDRESS METHOD [OPTIONS]
-# hostssl DATABASE USER ADDRESS METHOD [OPTIONS]
-# hostnossl DATABASE USER ADDRESS METHOD [OPTIONS]
-# hostgssenc DATABASE USER ADDRESS METHOD [OPTIONS]
-# hostnogssenc DATABASE USER ADDRESS METHOD [OPTIONS]
+# local DATABASE USER METHOD [OPTION]
+# host DATABASE USER CIDR-ADDRESS METHOD [OPTION]
+# hostssl DATABASE USER CIDR-ADDRESS METHOD [OPTION]
+# hostnossl DATABASE USER CIDR-ADDRESS METHOD [OPTION]
-# The first field is the connection type: “local” is a Unix-domain
-# socket, “host” is either a plain or SSL-encrypted TCP/IP socket,
-# “hostssl” is an SSL-encrypted TCP/IP socket, and “hostnossl” is a
-# non-SSL TCP/IP socket. Similarly, “hostgssenc” uses a
-# GSSAPI-encrypted TCP/IP socket, while “hostnogssenc” uses a
-# non-GSSAPI socket.
+# The first field is the connection type: “local” is a Unix-domain socket,
+# “host” is either a plain or SSL-encrypted TCP/IP socket, “hostssl” is an
+# SSL-encrypted TCP/IP socket, and “hostnossl” is a plain TCP/IP socket.
-# DATABASE can be “all”, “sameuser”, “samerole”, “replication”, a
-# database name, or a comma-separated list thereof. The “all”
-# keyword does not match “replication”. Access to replication
-# must be enabled in a separate record (see example below).
+# DATABASE can be “all”, “sameuser”, “samerole”, a database name, or
+# a comma-separated list thereof.
-# USER can be “all”, a user name, a group name prefixed with “+”, or a
-# comma-separated list thereof. In both the DATABASE and USER fields
-# you can also write a file name prefixed with “@” to include names
-# from a separate file.
+# USER can be “all”, a user name, a group name prefixed with “+”, or
+# a comma-separated list thereof. In both the DATABASE and USER fields
+# you can also write a file name prefixed with “@” to include names from
+# a separate file.
-# ADDRESS specifies the set of hosts the record matches. It can be a
-# host name, or it is made up of an IP address and a CIDR mask that is
-# an integer (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that
-# specifies the number of significant bits in the mask. A host name
-# that starts with a dot (.) matches a suffix of the actual host name.
-# Alternatively, you can write an IP address and netmask in separate
-# columns to specify the set of hosts. Instead of a CIDR-address, you
-# can write “samehost” to match any of the server’s own IP addresses,
-# or “samenet” to match any address in any subnet that the server is
-# directly connected to.
+# CIDR-ADDRESS specifies the set of hosts the record matches.
+# It is made up of an IP address and a CIDR mask that is an integer
+# (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that specifies
+# the number of significant bits in the mask. Alternatively, you can write
+# an IP address and netmask in separate columns to specify the set of hosts.
-# METHOD can be “trust”, “reject”, “md5”, “password”, “scram-sha-256”,
-# “gss”, “sspi”, “ident”, “peer”, “pam”, “ldap”, “radius” or “cert”.
-# Note that “password” sends passwords in clear text; “md5” or
-# “scram-sha-256” are preferred since they send encrypted passwords.
+# METHOD can be “trust”, “reject”, “md5”, “crypt”, “password”, “gss”, “sspi”,
+# “krb5”, “ident”, “pam” or “ldap”. Note that “password” sends passwords
+# in clear text; “md5” is preferred since it sends encrypted passwords.
-# OPTIONS are a set of options for the authentication in the format
-# NAME=VALUE. The available options depend on the different
-# authentication methods – refer to the “Client Authentication”
-# section in the documentation for a list of which options are
-# available for which authentication methods.
+# OPTION is the ident map or the name of the PAM service, depending on METHOD.
-# Database and user names containing spaces, commas, quotes and other
-# special characters must be quoted. Quoting one of the keywords
-# “all”, “sameuser”, “samerole” or “replication” makes the name lose
-# its special character, and just match a database or username with
-# that name.
+# Database and user names containing spaces, commas, quotes and other special
+# characters must be quoted. Quoting one of the keywords “all”, “sameuser” or
+# “samerole” makes the name lose its special character, and just match a
+# database or username with that name.
-# This file is read on server startup and when the server receives a
-# SIGHUP signal. If you edit the file on a running system, you have to
-# SIGHUP the server for the changes to take effect, run “pg_ctl reload”,
-# or execute “SELECT pg_reload_conf()”.
-#
+# This file is read on server startup and when the postmaster receives
+# a SIGHUP signal. If you edit the file on a running system, you have
+# to SIGHUP the postmaster for the changes to take effect. You can use
+# “pg_ctl reload” to do that.
+
-# “host” records. In that case you will also need to make PostgreSQL
-# listen on a non-local interface via the listen_addresses
-# configuration parameter, or via the -i or -h command line switches.
+# “host” records. In that case you will also need to make PostgreSQL listen
+# on a non-local interface via the listen_addresses configuration parameter,
+# or via the -i or -h command line switches.
+#
Notes:
Default admin account has been configured with following details:
Username: root
Password: You didn’t opt-in to print initial root password to STDOUT.
Password stored to /etc/gitlab/initial_root_password. This file will be cleaned up in first reconfigure run after 24 hours.
NOTE: Because these credentials might be present in your log files in plain text, it is highly recommended to reset the password following https://docs.gitlab.com/ee/security/reset_user_password.html#reset-your-root-password.
gitlab Reconfigured!
这里开启gitlab 服务
[root@localhost ~]# sudo gitlab-ctl start
ok: run: alertmanager: (pid 44149) 31s
ok: run: gitaly: (pid 43988) 34s
ok: run: gitlab-exporter: (pid 43997) 33s
ok: run: gitlab-workhorse: (pid 43928) 34s
ok: run: grafana: (pid 44179) 30s
ok: run: logrotate: (pid 38721) 234s
ok: run: nginx: (pid 41150) 144s
ok: run: node-exporter: (pid 43962) 34s
ok: run: postgres-exporter: (pid 44158) 30s
ok: run: postgresql: (pid 39386) 215s
ok: run: prometheus: (pid 44020) 32s
ok: run: puma: (pid 40667) 164s
ok: run: redis: (pid 38892) 228s
ok: run: redis-exporter: (pid 43999) 33s
ok: run: sidekiq: (pid 40827) 157s
这里要看防护墙是否放开9000端口,没有要放开
**[root@localhost ~]# firewall-cmd --query-port=9000/tcp
no
[root@localhost ~]# firewall-cmd --add-port=9000/tcp --permanent
success
[root@localhost ~]# firewall-cmd --reload
success
[root@localhost ~]# firewall-cmd --query-port=9000/tcp
yes
**查看gitlab初始密码不然没法登陆
[root@localhost ~]# cat /etc/gitlab/initial_root_password **
GITLAB_ROOT_PASSWORD
environment variable or via gitlab_rails['initial_root_password']
setting in gitlab.rb
, it was provided before database was seeded for the first time (usually, the first reconfigure run).Password: wCV+vmN5oA/GxtpBNYxZNrIL+prnHpiKhZt+pQD6+L8=