GitLab: Difference between revisions
link out to mw:GitLab for how to get a repo. |
|||
| Line 10: | Line 10: | ||
{{Special:PrefixIndex/{{FULLPAGENAME}}/ |hideredirects=1 |stripprefix=1}} |
{{Special:PrefixIndex/{{FULLPAGENAME}}/ |hideredirects=1 |stripprefix=1}} |
||
* External resources: |
* External resources: |
||
** [[mw:GitLab]] - User documentation |
|||
** [https://gitlab.wikimedia.org/ Production GitLab] |
** [https://gitlab.wikimedia.org/ Production GitLab] |
||
** [https://docs.gitlab.com GitLab docs] |
** [https://docs.gitlab.com Upstream GitLab docs] |
||
** [https://www.mediawiki.org/wiki/GitLab GitLab in MediaWiki] |
|||
** [https://phabricator.wikimedia.org/project/view/5057/ GitLab in Phabricator] |
** [https://phabricator.wikimedia.org/project/view/5057/ GitLab in Phabricator] |
||
}} |
}} |
||
| Line 46: | Line 46: | ||
also see the status of this ticket: [[phab:T296944]] |
also see the status of this ticket: [[phab:T296944]] |
||
== How to |
== How to create or migrate a repo / group / project == |
||
See [[mw:GitLab/Hosting a project on GitLab]] for full user documentation. |
|||
Generally gitlab is subdivided into namespaces or groups. Almost all of them are organized under the top-level group /repos/. |
|||
First you should check if an appropriate group for youre repo already exists. Check the [https://gitlab.wikimedia.org/repos list of subgroups under /repos]. Most of them correlate to WMF teams or affiliate organizations. |
|||
If you see an existing group that seems to be a match, click on "Subgroup information" in the upper left corner. Then navigate to "Members" to see existing members of the group. Ask one of them to invite you to the group. (To be determined _how_ you ping them specifically?). |
|||
After you join the group you can create repos yourself under /repos/<group name>/ as needed. |
|||
If you do not find an appropriate group but think one should be created please use this [https://phabricator.wikimedia.org/maniphest/task/edit/form/105/ form to request a new group]. |
|||
You can also create repos without being added to any group but will be limited to a personal user name space. This is usually not recommended. Though existing repos can also be moved under a different group (namespace). |
|||
== Tickets == |
== Tickets == |
||
Revision as of 20:53, 18 May 2022
This page contains SRE related topics for GitLab. For GitLab application-specific information, user documentation, and policy, please see mw:GitLab on mediawiki.org.
GitLab is reachable at https://gitlab.wikimedia.org/. We run multiple instances of GitLab:
- gitlab1001 runs production GitLab serving https://gitlab.wikimedia.org/
- gitlab2001 runs a passive GitLab replica serving https://gitlab-replica.wikimedia.org/
- gitlab-prod-1001.devtools.eqiad1.wikimedia.cloud runs a production-like test instance in WMCS/VPS serving https://gitlab.devtools.wmcloud.org/
GitLab instances
gitlab1001, gitlab2001 and test instance gitlab-prod-1001 are setup using puppet. The configuration currently lives in profile::gitlab. Former configuration from gitlab-ansible was migrated completely to puppet (see T283076). GitLab is installed as a Omnibus installation on all instances. So all GitLab components are installed using the official packages and are executed on a single host. The reasons for this setup can be found in the Initialization docs in Mediawiki.
GitLab login is implemented with SSO using the CAS/SSO. So users will be redirected to idp.wikimedia.org (idp.wmcloud.org on WMCS/VPS) to login to the SSO portal. Authentication is currently open to all users with a Wikimedia developer account for the production instance. Access to the replica and test instance is restricted to WMF/NDA groups.
GitLab runners
GitLab offers CI/CD capabilities. For our current and Runner documentation, see GitLab/Gitlab Runner.
SSH fingerprints
See Help:SSH_Fingerprints/gitlab.wikimedia.org for an overview of all fingerprints at once.
Each gitlab server has 4 IPs on the same network interface. One IPv4 and one IPv6 for server, the standard sshd that admins use to connect to the individual backend (gitlab1001.wikimedia.org/gitlab2001.wikimedia.org) and one IPv4 and IPv6 for the service address (gitlab.wikimedia.org).
If you connect to the service as a user you _should_ expect to see the one for the service IP but currently you will see the one for the backend you are connecting to. Currently this is gitlab1001 but it could change when we switch data centers or fail over.
We are looking into getting a new configuration option into gitlab upstream to properly fix this. Meanwhile you can find fingerprints linked on the server pages, gitlab1001 and gitlab2001 and all fingerprints in a single place at Help:SSH_Fingerprints/gitlab.wikimedia.org.
also see the status of this ticket: phab:T296944
How to create or migrate a repo / group / project
See mw:GitLab/Hosting a project on GitLab for full user documentation.
Tickets
- phab:T274459 (VM creation request)
- phab:T296944 (Self-reported GitLab SSH host key fingerprints donβt appear to match actual host key fingerprints)
- phab:T295481 (Setup GitLab Runner in trusted environment)