From b9f31c6df74d7c9cef9ae03f39d7604776cf88a4 Mon Sep 17 00:00:00 2001 From: GitLab Bot Date: Wed, 12 Feb 2025 06:13:03 +0000 Subject: [PATCH] Add latest changes from gitlab-org/gitlab@master --- .../rspec/avoid_conditional_statements.yml | 1 - Gemfile.checksum | 5 +- Gemfile.lock | 17 +- Gemfile.next.checksum | 5 +- Gemfile.next.lock | 17 +- app/graphql/types/abuse_report_type.rb | 2 +- .../anti_abuse/abuse_report_label_type.rb | 4 + app/graphql/types/label_interface.rb | 2 - app/graphql/types/label_type.rb | 4 + app/graphql/types/query_type.rb | 2 +- .../14-3-repository-push-audit-events.yml | 2 +- ...-9-prometheus-subchart-breaking-update.yml | 20 + data/deprecations/17-9-spotbugs-builds.yml | 2 +- doc/.vale/gitlab_base/British.yml | 2 +- doc/.vale/gitlab_base/CodeblockFences.yml | 2 +- doc/.vale/gitlab_base/HeadingDepth.yml | 2 +- doc/.vale/gitlab_base/MeaningfulLinkWords.yml | 2 +- doc/.vale/gitlab_base/MultiLineLinks.yml | 2 +- doc/.vale/gitlab_base/NonStandardQuotes.yml | 2 +- doc/.vale/gitlab_base/NonStandardSpaces.yml | 2 +- doc/.vale/gitlab_base/OxfordComma.yml | 2 +- doc/.vale/gitlab_base/SentenceLength.yml | 2 +- doc/.vale/gitlab_base/SentenceSpacing.yml | 2 +- doc/.vale/gitlab_docs/AlertBoxStyle.yml | 2 +- doc/.vale/gitlab_docs/ImagesOld.yml | 2 +- doc/.vale/gitlab_docs/InternalLinkCase.yml | 2 +- .../gitlab_docs/InternalLinkExtension.yml | 2 +- doc/.vale/gitlab_docs/InternalLinkFormat.yml | 2 +- doc/.vale/gitlab_docs/InternalLinksCode.yml | 2 +- doc/.vale/gitlab_docs/ReferenceLinks.yml | 2 +- doc/.vale/gitlab_docs/RelativeLinks.yml | 2 +- .../RelativeLinksDoubleSlashes.yml | 2 +- doc/.vale/gitlab_docs/TabsLinks.yml | 2 +- .../backup_large_reference_architectures.md | 4 +- doc/administration/cicd/job_artifacts.md | 2 +- doc/administration/geo/_index.md | 2 +- .../geo/disaster_recovery/_index.md | 4 +- .../geo/replication/configuration.md | 4 +- .../geo/replication/troubleshooting/common.md | 2 +- .../synchronization_verification.md | 582 ++++++++---------- .../geo/secondary_proxy/_index.md | 2 +- doc/administration/gitaly/configure_gitaly.md | 8 +- doc/administration/gitaly/praefect.md | 2 +- doc/administration/gitaly/troubleshooting.md | 2 +- doc/administration/integration/plantuml.md | 2 +- doc/administration/lfs/_index.md | 2 +- doc/administration/load_balancer.md | 8 +- doc/administration/operations/gitlab_sshd.md | 4 +- .../operations/moving_repositories.md | 2 +- doc/administration/operations/puma.md | 4 +- .../packages/container_registry.md | 4 +- doc/administration/pages/_index.md | 4 +- doc/administration/raketasks/maintenance.md | 2 +- .../reference_architectures/10k_users.md | 10 +- .../reference_architectures/25k_users.md | 10 +- .../reference_architectures/2k_users.md | 10 +- .../reference_architectures/3k_users.md | 10 +- .../reference_architectures/50k_users.md | 10 +- .../reference_architectures/5k_users.md | 10 +- .../settings/external_authorization.md | 2 +- .../gitlab_rails_cheat_sheet.md | 12 +- doc/api/graphql/reference/_index.md | 44 +- doc/api/openapi/openapi.yaml | 2 +- doc/api/openapi/openapi_interactive.md | 2 +- doc/api/templates/gitlab_ci_ymls.md | 2 +- doc/ci/docker/authenticate_registry.md | 2 +- doc/ci/docker/using_docker_build.md | 12 +- doc/ci/docker/using_docker_images.md | 4 +- doc/ci/docker/using_kaniko.md | 4 +- doc/ci/migration/bamboo.md | 2 +- doc/ci/runners/configure_runners.md | 2 +- doc/ci/runners/runners_scope.md | 8 +- .../code_quality_codeclimate_scanning.md | 8 +- .../testing/code_quality_troubleshooting.md | 2 +- doc/ci/variables/_index.md | 2 +- doc/development/ai_features/duo_chat.md | 4 +- .../ai_features/model_migration.md | 59 +- .../ai_features/testing_and_validation.md | 63 ++ doc/development/architecture.md | 8 +- .../site_architecture/global_nav.md | 4 +- doc/development/fips_gitlab.md | 2 +- .../quick_start.md | 2 - doc/install/aws/_index.md | 4 +- doc/install/azure/_index.md | 2 +- doc/install/docker/configuration.md | 2 +- doc/install/google_cloud_platform/_index.md | 2 +- doc/install/install_ai_gateway.md | 2 +- doc/install/requirements.md | 2 +- doc/integration/_index.md | 2 +- doc/integration/jira/dvcs/troubleshooting.md | 2 +- doc/raketasks/_index.md | 2 +- doc/topics/autodevops/requirements.md | 2 +- doc/topics/offline/quick_start_guide.md | 2 +- ..._runner_fleet_config_and_best_practices.md | 2 +- doc/update/_index.md | 2 +- doc/update/deprecations.md | 25 +- doc/update/package/package_troubleshooting.md | 2 +- doc/user/clusters/agent/_index.md | 2 +- doc/user/markdown.md | 4 +- .../build_and_push_images.md | 2 +- doc/user/permissions.md | 4 +- doc/user/project/deploy_boards.md | 2 +- doc/user/project/integrations/slack.md | 2 +- .../project/repository/signed_commits/x509.md | 6 +- doc/user/project/service_desk/configure.md | 2 +- doc/user/storage_management_automation.md | 2 +- locale/gitlab.pot | 5 +- .../markup/rendering_service_security_spec.rb | 18 + 108 files changed, 630 insertions(+), 555 deletions(-) create mode 100644 data/deprecations/17-9-prometheus-subchart-breaking-update.yml create mode 100644 doc/development/ai_features/testing_and_validation.md diff --git a/.rubocop_todo/rspec/avoid_conditional_statements.yml b/.rubocop_todo/rspec/avoid_conditional_statements.yml index 780e3c629a5..aa94593d1da 100644 --- a/.rubocop_todo/rspec/avoid_conditional_statements.yml +++ b/.rubocop_todo/rspec/avoid_conditional_statements.yml @@ -13,7 +13,6 @@ RSpec/AvoidConditionalStatements: - 'ee/spec/features/incidents/incident_details_spec.rb' - 'ee/spec/features/issues/user_sees_empty_state_spec.rb' - 'ee/spec/features/labels_hierarchy_spec.rb' - - 'ee/spec/features/profiles/usage_quotas_spec.rb' - 'ee/spec/features/projects/merge_requests/user_approves_merge_request_spec.rb' - 'ee/spec/features/projects/settings/issues_settings_spec.rb' - 'ee/spec/features/registrations/email_confirmation_spec.rb' diff --git a/Gemfile.checksum b/Gemfile.checksum index 0f18a4b62a0..f7dde0069a4 100644 --- a/Gemfile.checksum +++ b/Gemfile.checksum @@ -105,14 +105,13 @@ {"name":"database_cleaner-core","version":"2.0.1","platform":"ruby","checksum":"8646574c32162e59ed7b5258a97a208d3c44551b854e510994f24683865d846c"}, {"name":"date","version":"3.3.3","platform":"java","checksum":"584e0a582d1eb2207b4eaac089d8a43f2ca10bea02682f286099642f15c56cce"}, {"name":"date","version":"3.3.3","platform":"ruby","checksum":"819792019d5712b748fb15f6dfaaedef14b0328723ef23583ea35f186774530f"}, -{"name":"dead_end","version":"3.1.1","platform":"ruby","checksum":"1011df7f7c0149be004e11cbbc37747760227c55305cd902fd3c06e1394b2f5b"}, {"name":"deb_version","version":"1.0.2","platform":"ruby","checksum":"c21f911d7f2fd1d61219caae254fc078e6598e477fdff8a05a18bec6c72ee713"}, {"name":"debug_inspector","version":"1.1.0","platform":"ruby","checksum":"eaa5a2d0195e1d65fb4164e8e7e466cca2e7eb53bc5e608cf12b8bf02c3a8606"}, {"name":"deckar01-task_list","version":"2.3.4","platform":"ruby","checksum":"66abdc7e009ea759732bb53867e1ea42de550e2aa03ac30a015cbf42a04c1667"}, {"name":"declarative","version":"0.0.20","platform":"ruby","checksum":"8021dd6cb17ab2b61233c56903d3f5a259c5cf43c80ff332d447d395b17d9ff9"}, {"name":"declarative_policy","version":"1.1.0","platform":"ruby","checksum":"9af4cf299ade03f2bbf63908f2ce6a117d132fc714c39a128596667fb13331cb"}, {"name":"deprecation_toolkit","version":"1.5.1","platform":"ruby","checksum":"a8a1ab1a19ae40ea12560b65010e099f3459ebde390b76621ef0c21c516a04ba"}, -{"name":"derailed_benchmarks","version":"2.1.2","platform":"ruby","checksum":"eaadc6206ceeb5538ff8f5e04a0023d54ebdd95d04f33e8960fb95a5f189a14f"}, +{"name":"derailed_benchmarks","version":"2.2.1","platform":"ruby","checksum":"654280664fded41c9cd8fc27fc0fcfaf096023afab90eb4ac1185ba70c5d4439"}, {"name":"descendants_tracker","version":"0.0.4","platform":"ruby","checksum":"e9c41dd4cfbb85829a9301ea7e7c48c2a03b26f09319db230e6479ccdc780897"}, {"name":"devfile","version":"0.1.1","platform":"aarch64-linux","checksum":"08a932ea915fa1ae10e40cc33d23ac781bec60b30d4bc9c9d4a9ed7f9a93c460"}, {"name":"devfile","version":"0.1.1","platform":"arm64-darwin","checksum":"390d9dddda5f5d7d7adc04dfacf949bf2b529942988a2f2baf11e785bd9a7d77"}, @@ -641,7 +640,7 @@ {"name":"ruby-openai","version":"3.7.0","platform":"ruby","checksum":"fb735d4c055e282ade264cab9864944c05a8a10e0cddd45a0551e8a9851b1850"}, {"name":"ruby-progressbar","version":"1.11.0","platform":"ruby","checksum":"cc127db3866dc414ffccbf92928a241e585b3aa2b758a5563e74a6ee0f57d50a"}, {"name":"ruby-saml","version":"1.17.0","platform":"ruby","checksum":"0419839ba3312d255e35fe3cc7ae155e4a241fd468796caebcf61164aa01b8a9"}, -{"name":"ruby-statistics","version":"3.0.0","platform":"ruby","checksum":"610301370346931cb701e3a8d3d3e28eb65681162cae6066c0c11abf20efdc81"}, +{"name":"ruby-statistics","version":"4.1.0","platform":"ruby","checksum":"7d697abd5dc4e6141d21ecb4165482807564f11bbe154cf1c60a2677b507f2a9"}, {"name":"ruby2_keywords","version":"0.0.5","platform":"ruby","checksum":"ffd13740c573b7301cf7a2e61fc857b2a8e3d3aff32545d6f8300d8bae10e3ef"}, {"name":"rubyntlm","version":"0.6.3","platform":"ruby","checksum":"5b321456dba3130351f7451f8669f1afa83a0d26fd63cdec285b7b88e667102d"}, {"name":"rubypants","version":"0.2.0","platform":"ruby","checksum":"f07e38eac793655a0323fe91946081052341b9e69807026fcf102346589eedee"}, diff --git a/Gemfile.lock b/Gemfile.lock index 276fc2deba4..de6c36ccc24 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -487,7 +487,6 @@ GEM database_cleaner-core (~> 2.0.0) database_cleaner-core (2.0.1) date (3.3.3) - dead_end (3.1.1) deb_version (1.0.2) debug_inspector (1.1.0) deckar01-task_list (2.3.4) @@ -496,17 +495,23 @@ GEM declarative_policy (1.1.0) deprecation_toolkit (1.5.1) activesupport (>= 4.2) - derailed_benchmarks (2.1.2) + derailed_benchmarks (2.2.1) + base64 benchmark-ips (~> 2) - dead_end - get_process_mem (~> 0) + bigdecimal + drb + get_process_mem heapy (~> 0) + logger memory_profiler (>= 0, < 2) mini_histogram (>= 0.3.0) + mutex_m + ostruct rack (>= 1) rack-test rake (> 10, < 14) - ruby-statistics (>= 2.1) + ruby-statistics (>= 4.0.1) + ruby2_keywords thor (>= 0.19, < 2) descendants_tracker (0.0.4) thread_safe (~> 0.3, >= 0.3.1) @@ -1697,7 +1702,7 @@ GEM ruby-saml (1.17.0) nokogiri (>= 1.13.10) rexml - ruby-statistics (3.0.0) + ruby-statistics (4.1.0) ruby2_keywords (0.0.5) rubyntlm (0.6.3) rubypants (0.2.0) diff --git a/Gemfile.next.checksum b/Gemfile.next.checksum index bdfaa6855fa..bdff1240f76 100644 --- a/Gemfile.next.checksum +++ b/Gemfile.next.checksum @@ -105,14 +105,13 @@ {"name":"database_cleaner-core","version":"2.0.1","platform":"ruby","checksum":"8646574c32162e59ed7b5258a97a208d3c44551b854e510994f24683865d846c"}, {"name":"date","version":"3.3.3","platform":"java","checksum":"584e0a582d1eb2207b4eaac089d8a43f2ca10bea02682f286099642f15c56cce"}, {"name":"date","version":"3.3.3","platform":"ruby","checksum":"819792019d5712b748fb15f6dfaaedef14b0328723ef23583ea35f186774530f"}, -{"name":"dead_end","version":"3.1.1","platform":"ruby","checksum":"1011df7f7c0149be004e11cbbc37747760227c55305cd902fd3c06e1394b2f5b"}, {"name":"deb_version","version":"1.0.2","platform":"ruby","checksum":"c21f911d7f2fd1d61219caae254fc078e6598e477fdff8a05a18bec6c72ee713"}, {"name":"debug_inspector","version":"1.1.0","platform":"ruby","checksum":"eaa5a2d0195e1d65fb4164e8e7e466cca2e7eb53bc5e608cf12b8bf02c3a8606"}, {"name":"deckar01-task_list","version":"2.3.4","platform":"ruby","checksum":"66abdc7e009ea759732bb53867e1ea42de550e2aa03ac30a015cbf42a04c1667"}, {"name":"declarative","version":"0.0.20","platform":"ruby","checksum":"8021dd6cb17ab2b61233c56903d3f5a259c5cf43c80ff332d447d395b17d9ff9"}, {"name":"declarative_policy","version":"1.1.0","platform":"ruby","checksum":"9af4cf299ade03f2bbf63908f2ce6a117d132fc714c39a128596667fb13331cb"}, {"name":"deprecation_toolkit","version":"1.5.1","platform":"ruby","checksum":"a8a1ab1a19ae40ea12560b65010e099f3459ebde390b76621ef0c21c516a04ba"}, -{"name":"derailed_benchmarks","version":"2.1.2","platform":"ruby","checksum":"eaadc6206ceeb5538ff8f5e04a0023d54ebdd95d04f33e8960fb95a5f189a14f"}, +{"name":"derailed_benchmarks","version":"2.2.1","platform":"ruby","checksum":"654280664fded41c9cd8fc27fc0fcfaf096023afab90eb4ac1185ba70c5d4439"}, {"name":"descendants_tracker","version":"0.0.4","platform":"ruby","checksum":"e9c41dd4cfbb85829a9301ea7e7c48c2a03b26f09319db230e6479ccdc780897"}, {"name":"devfile","version":"0.1.1","platform":"aarch64-linux","checksum":"08a932ea915fa1ae10e40cc33d23ac781bec60b30d4bc9c9d4a9ed7f9a93c460"}, {"name":"devfile","version":"0.1.1","platform":"arm64-darwin","checksum":"390d9dddda5f5d7d7adc04dfacf949bf2b529942988a2f2baf11e785bd9a7d77"}, @@ -651,7 +650,7 @@ {"name":"ruby-openai","version":"3.7.0","platform":"ruby","checksum":"fb735d4c055e282ade264cab9864944c05a8a10e0cddd45a0551e8a9851b1850"}, {"name":"ruby-progressbar","version":"1.11.0","platform":"ruby","checksum":"cc127db3866dc414ffccbf92928a241e585b3aa2b758a5563e74a6ee0f57d50a"}, {"name":"ruby-saml","version":"1.17.0","platform":"ruby","checksum":"0419839ba3312d255e35fe3cc7ae155e4a241fd468796caebcf61164aa01b8a9"}, -{"name":"ruby-statistics","version":"3.0.0","platform":"ruby","checksum":"610301370346931cb701e3a8d3d3e28eb65681162cae6066c0c11abf20efdc81"}, +{"name":"ruby-statistics","version":"4.1.0","platform":"ruby","checksum":"7d697abd5dc4e6141d21ecb4165482807564f11bbe154cf1c60a2677b507f2a9"}, {"name":"ruby2_keywords","version":"0.0.5","platform":"ruby","checksum":"ffd13740c573b7301cf7a2e61fc857b2a8e3d3aff32545d6f8300d8bae10e3ef"}, {"name":"rubyntlm","version":"0.6.3","platform":"ruby","checksum":"5b321456dba3130351f7451f8669f1afa83a0d26fd63cdec285b7b88e667102d"}, {"name":"rubypants","version":"0.2.0","platform":"ruby","checksum":"f07e38eac793655a0323fe91946081052341b9e69807026fcf102346589eedee"}, diff --git a/Gemfile.next.lock b/Gemfile.next.lock index 12b1a6ae9ea..8835afd0451 100644 --- a/Gemfile.next.lock +++ b/Gemfile.next.lock @@ -499,7 +499,6 @@ GEM database_cleaner-core (~> 2.0.0) database_cleaner-core (2.0.1) date (3.3.3) - dead_end (3.1.1) deb_version (1.0.2) debug_inspector (1.1.0) deckar01-task_list (2.3.4) @@ -508,17 +507,23 @@ GEM declarative_policy (1.1.0) deprecation_toolkit (1.5.1) activesupport (>= 4.2) - derailed_benchmarks (2.1.2) + derailed_benchmarks (2.2.1) + base64 benchmark-ips (~> 2) - dead_end - get_process_mem (~> 0) + bigdecimal + drb + get_process_mem heapy (~> 0) + logger memory_profiler (>= 0, < 2) mini_histogram (>= 0.3.0) + mutex_m + ostruct rack (>= 1) rack-test rake (> 10, < 14) - ruby-statistics (>= 2.1) + ruby-statistics (>= 4.0.1) + ruby2_keywords thor (>= 0.19, < 2) descendants_tracker (0.0.4) thread_safe (~> 0.3, >= 0.3.1) @@ -1729,7 +1734,7 @@ GEM ruby-saml (1.17.0) nokogiri (>= 1.13.10) rexml - ruby-statistics (3.0.0) + ruby-statistics (4.1.0) ruby2_keywords (0.0.5) rubyntlm (0.6.3) rubypants (0.2.0) diff --git a/app/graphql/types/abuse_report_type.rb b/app/graphql/types/abuse_report_type.rb index 1ba3a9916cb..d5e5834507f 100644 --- a/app/graphql/types/abuse_report_type.rb +++ b/app/graphql/types/abuse_report_type.rb @@ -11,7 +11,7 @@ module Types field :id, Types::GlobalIDType[::AbuseReport], null: false, description: 'Global ID of the abuse report.' - field :labels, ::Types::LabelType.connection_type, + field :labels, ::Types::AntiAbuse::AbuseReportLabelType.connection_type, null: true, description: 'Labels of the abuse report.' field :discussions, ::Types::Notes::AbuseReport::DiscussionType.connection_type, diff --git a/app/graphql/types/anti_abuse/abuse_report_label_type.rb b/app/graphql/types/anti_abuse/abuse_report_label_type.rb index f30cd3ea942..55bc97f9ff4 100644 --- a/app/graphql/types/anti_abuse/abuse_report_label_type.rb +++ b/app/graphql/types/anti_abuse/abuse_report_label_type.rb @@ -11,6 +11,10 @@ module Types authorize :read_label + field :id, Types::GlobalIDType[::AntiAbuse::Reports::Label], + null: false, + description: 'Global ID of the abuse report label.' + markdown_field :description_html, null: true end end diff --git a/app/graphql/types/label_interface.rb b/app/graphql/types/label_interface.rb index 323a23d93ff..79ec8115256 100644 --- a/app/graphql/types/label_interface.rb +++ b/app/graphql/types/label_interface.rb @@ -12,8 +12,6 @@ module Types GraphQL::Types::String, null: true, description: 'Description of the label (Markdown rendered as HTML for caching).' - field :id, GraphQL::Types::ID, null: false, - description: 'Label ID.' field :text_color, GraphQL::Types::String, null: false, description: 'Text color of the label.' field :title, GraphQL::Types::String, null: false, diff --git a/app/graphql/types/label_type.rb b/app/graphql/types/label_type.rb index f37ef4aaf95..9d3f4a3d93c 100644 --- a/app/graphql/types/label_type.rb +++ b/app/graphql/types/label_type.rb @@ -10,6 +10,10 @@ module Types authorize :read_label + field :id, Types::GlobalIDType[::Label], + null: false, + description: 'Global ID of the label.' + field :lock_on_merge, GraphQL::Types::Boolean, null: false, description: 'Indicates this label is locked for merge requests ' \ 'that have been merged.' diff --git a/app/graphql/types/query_type.rb b/app/graphql/types/query_type.rb index ce731ca3375..b3c51d5164f 100644 --- a/app/graphql/types/query_type.rb +++ b/app/graphql/types/query_type.rb @@ -223,7 +223,7 @@ module Types description: 'Find an abuse report.', resolver: Resolvers::AbuseReportResolver - field :abuse_report_labels, ::Types::LabelType.connection_type, + field :abuse_report_labels, ::Types::AntiAbuse::AbuseReportLabelType.connection_type, null: true, experiment: { milestone: '16.3' }, description: 'Abuse report labels.', diff --git a/data/deprecations/14-3-repository-push-audit-events.yml b/data/deprecations/14-3-repository-push-audit-events.yml index 9682c2ddd2c..1bbbe0c49e3 100644 --- a/data/deprecations/14-3-repository-push-audit-events.yml +++ b/data/deprecations/14-3-repository-push-audit-events.yml @@ -11,4 +11,4 @@ stage: Foundations tiers: Premium issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/337993 - documentation_url: https://docs.gitlab.com/ee/administration/index.html + documentation_url: https://docs.gitlab.com/ee/administration/ diff --git a/data/deprecations/17-9-prometheus-subchart-breaking-update.yml b/data/deprecations/17-9-prometheus-subchart-breaking-update.yml new file mode 100644 index 00000000000..f8b61338f29 --- /dev/null +++ b/data/deprecations/17-9-prometheus-subchart-breaking-update.yml @@ -0,0 +1,20 @@ +- title: "Major update of the Prometheus subchart" + removal_milestone: "18.0" + announcement_milestone: "17.9" + breaking_change: true + reporter: clemensbeck + stage: systems + issue_url: https://gitlab.com/gitlab-org/charts/gitlab/-/issues/5927 + impact: small + scope: instance + resolution_role: Admin + manual_task: true + body: | + With GitLab 18.0 and GitLab chart 9.0, the Prometheus subchart will be updated from 15.3 to 27.3. + Along with this update, Prometheus 3 will be shipped by default. + + Manual steps are required to perform the upgrade. If you have Alertmanager, Node Exporter or + Pushgateway enabled, you will also need to update your Helm values. + + Please refer to the [migration guide](https://docs.gitlab.com/charts/releases/9_0.html#prometheus-upgrade) + for more information. diff --git a/data/deprecations/17-9-spotbugs-builds.yml b/data/deprecations/17-9-spotbugs-builds.yml index 1f23e83b974..c82babdb2e6 100644 --- a/data/deprecations/17-9-spotbugs-builds.yml +++ b/data/deprecations/17-9-spotbugs-builds.yml @@ -11,7 +11,7 @@ resolution_role: Developer manual_task: true body: | # (required) Don't change this line. - The SpotBugs [SAST analyzer](https://docs.gitlab.com/ee/user/application_security/sast/index.html#supported-languages-and-frameworks) + The SpotBugs [SAST analyzer](https://docs.gitlab.com/ee/user/application_security/sast/#supported-languages-and-frameworks) can perform a build when the artifacts to be scanned aren't present. While this usually works well for simple projects, it can fail on more complex builds. From GitLab 18.0, to resolve SpotBugs analyzer build failures, you should: diff --git a/doc/.vale/gitlab_base/British.yml b/doc/.vale/gitlab_base/British.yml index 45391d4c9ec..301205388a2 100644 --- a/doc/.vale/gitlab_base/British.yml +++ b/doc/.vale/gitlab_base/British.yml @@ -6,7 +6,7 @@ # For a list of all options, see https://vale.sh/docs/topics/styles/ extends: substitution message: "Use the US spelling '%s' instead of the British '%s'." -link: https://docs.gitlab.com/ee/development/documentation/styleguide/index.html#language +link: https://docs.gitlab.com/ee/development/documentation/styleguide/#language vocab: false level: error action: diff --git a/doc/.vale/gitlab_base/CodeblockFences.yml b/doc/.vale/gitlab_base/CodeblockFences.yml index 4941661378a..27e56a92869 100644 --- a/doc/.vale/gitlab_base/CodeblockFences.yml +++ b/doc/.vale/gitlab_base/CodeblockFences.yml @@ -6,7 +6,7 @@ # For a list of all options, see https://vale.sh/docs/topics/styles/ extends: existence message: "Instead of '%s' for the code block, use yaml, ruby, plaintext, markdown, javascript, shell, go, python, dockerfile, or typescript." -link: https://docs.gitlab.com/ee/development/documentation/styleguide/index.html#code-blocks +link: https://docs.gitlab.com/ee/development/documentation/styleguide/#code-blocks vocab: false level: error scope: raw diff --git a/doc/.vale/gitlab_base/HeadingDepth.yml b/doc/.vale/gitlab_base/HeadingDepth.yml index ab9f0fc3ed3..dbc9860f321 100644 --- a/doc/.vale/gitlab_base/HeadingDepth.yml +++ b/doc/.vale/gitlab_base/HeadingDepth.yml @@ -6,7 +6,7 @@ # For a list of all options, see https://vale.sh/docs/topics/styles/ extends: existence message: "Refactor the section or page to avoid headings greater than H5." -link: https://docs.gitlab.com/ee/development/documentation/styleguide/index.html#heading-levels-in-markdown +link: https://docs.gitlab.com/ee/development/documentation/styleguide/#heading-levels-in-markdown vocab: false level: suggestion scope: raw diff --git a/doc/.vale/gitlab_base/MeaningfulLinkWords.yml b/doc/.vale/gitlab_base/MeaningfulLinkWords.yml index 1866d8dc39a..80bf78437e6 100644 --- a/doc/.vale/gitlab_base/MeaningfulLinkWords.yml +++ b/doc/.vale/gitlab_base/MeaningfulLinkWords.yml @@ -8,7 +8,7 @@ extends: existence message: "Improve SEO and accessibility by rewriting the link text for '%s'." level: warning ignorecase: true -link: https://docs.gitlab.com/ee/development/documentation/styleguide/index.html#text-for-links +link: https://docs.gitlab.com/ee/development/documentation/styleguide/#text-for-links vocab: false scope: raw nonword: true diff --git a/doc/.vale/gitlab_base/MultiLineLinks.yml b/doc/.vale/gitlab_base/MultiLineLinks.yml index b43db78bc96..dd6bb499f46 100644 --- a/doc/.vale/gitlab_base/MultiLineLinks.yml +++ b/doc/.vale/gitlab_base/MultiLineLinks.yml @@ -6,7 +6,7 @@ # For a list of all options, see https://vale.sh/docs/topics/styles/ extends: existence message: "Put the full link on one line, even if the link is very long." -link: https://docs.gitlab.com/ee/development/documentation/styleguide/index.html#links +link: https://docs.gitlab.com/ee/development/documentation/styleguide/#links vocab: false level: error scope: raw diff --git a/doc/.vale/gitlab_base/NonStandardQuotes.yml b/doc/.vale/gitlab_base/NonStandardQuotes.yml index 0e969490d26..b7458731cad 100644 --- a/doc/.vale/gitlab_base/NonStandardQuotes.yml +++ b/doc/.vale/gitlab_base/NonStandardQuotes.yml @@ -9,7 +9,7 @@ message: "Use standard single quotes or double quotes only. Do not use left or r vocab: false level: warning ignorecase: true -link: https://docs.gitlab.com/ee/development/documentation/styleguide/index.html#punctuation +link: https://docs.gitlab.com/ee/development/documentation/styleguide/#punctuation scope: raw raw: - '[‘’“”]' diff --git a/doc/.vale/gitlab_base/NonStandardSpaces.yml b/doc/.vale/gitlab_base/NonStandardSpaces.yml index 05b5939a2b7..1740d52a305 100644 --- a/doc/.vale/gitlab_base/NonStandardSpaces.yml +++ b/doc/.vale/gitlab_base/NonStandardSpaces.yml @@ -13,7 +13,7 @@ message: "Use standard spaces only. Do not use no-break or zero width spaces." vocab: false level: error ignorecase: true -link: https://docs.gitlab.com/ee/development/documentation/styleguide/index.html#punctuation +link: https://docs.gitlab.com/ee/development/documentation/styleguide/#punctuation scope: raw raw: - '[  ​]' diff --git a/doc/.vale/gitlab_base/OxfordComma.yml b/doc/.vale/gitlab_base/OxfordComma.yml index 928d10db484..3801954f252 100644 --- a/doc/.vale/gitlab_base/OxfordComma.yml +++ b/doc/.vale/gitlab_base/OxfordComma.yml @@ -6,7 +6,7 @@ # For a list of all options, see https://vale.sh/docs/topics/styles/ extends: existence message: "Use a comma before the last 'and' or 'or' in a list of four or more items." -link: https://docs.gitlab.com/ee/development/documentation/styleguide/index.html#punctuation +link: https://docs.gitlab.com/ee/development/documentation/styleguide/#punctuation vocab: false level: warning raw: diff --git a/doc/.vale/gitlab_base/SentenceLength.yml b/doc/.vale/gitlab_base/SentenceLength.yml index 29dd1084a5d..1ad6773b64e 100644 --- a/doc/.vale/gitlab_base/SentenceLength.yml +++ b/doc/.vale/gitlab_base/SentenceLength.yml @@ -7,7 +7,7 @@ extends: occurrence message: "Improve readability by using fewer than 25 words in this sentence." scope: sentence -link: https://docs.gitlab.com/ee/development/documentation/styleguide/index.html#language +link: https://docs.gitlab.com/ee/development/documentation/styleguide/#language level: suggestion max: 25 token: \b(\w+)\b diff --git a/doc/.vale/gitlab_base/SentenceSpacing.yml b/doc/.vale/gitlab_base/SentenceSpacing.yml index 45abbcfc763..ab770cdac59 100644 --- a/doc/.vale/gitlab_base/SentenceSpacing.yml +++ b/doc/.vale/gitlab_base/SentenceSpacing.yml @@ -6,7 +6,7 @@ # For a list of all options, see https://vale.sh/docs/topics/styles/ extends: existence message: "Use exactly one space between sentences and clauses. Check '%s' for spacing problems." -link: https://docs.gitlab.com/ee/development/documentation/styleguide/index.html#punctuation +link: https://docs.gitlab.com/ee/development/documentation/styleguide/#punctuation vocab: false level: error nonword: true diff --git a/doc/.vale/gitlab_docs/AlertBoxStyle.yml b/doc/.vale/gitlab_docs/AlertBoxStyle.yml index 000cca995a4..35d233536cb 100644 --- a/doc/.vale/gitlab_docs/AlertBoxStyle.yml +++ b/doc/.vale/gitlab_docs/AlertBoxStyle.yml @@ -10,7 +10,7 @@ # For a list of all options, see https://vale.sh/docs/topics/styles/ extends: existence message: "Update the format of the '%s' alert box. View the style guide for details." -link: https://docs.gitlab.com/ee/development/documentation/styleguide/index.html#alert-boxes +link: https://docs.gitlab.com/ee/development/documentation/styleguide/#alert-boxes vocab: false level: error nonword: true diff --git a/doc/.vale/gitlab_docs/ImagesOld.yml b/doc/.vale/gitlab_docs/ImagesOld.yml index f8029409a50..6711d58eddd 100644 --- a/doc/.vale/gitlab_docs/ImagesOld.yml +++ b/doc/.vale/gitlab_docs/ImagesOld.yml @@ -6,7 +6,7 @@ # For a list of all options, see https://vale.sh/docs/topics/styles/ extends: existence message: "Review this image. It might be out of date." -link: https://docs.gitlab.com/ee/development/documentation/styleguide/index.html#anchor-links +link: https://docs.gitlab.com/ee/development/documentation/styleguide/#anchor-links vocab: false level: suggestion scope: raw diff --git a/doc/.vale/gitlab_docs/InternalLinkCase.yml b/doc/.vale/gitlab_docs/InternalLinkCase.yml index 4863db28674..e19303d4b13 100644 --- a/doc/.vale/gitlab_docs/InternalLinkCase.yml +++ b/doc/.vale/gitlab_docs/InternalLinkCase.yml @@ -6,7 +6,7 @@ # For a list of all options, see https://vale.sh/docs/topics/styles/ extends: existence message: "Use lowercase for the anchor link." -link: https://docs.gitlab.com/ee/development/documentation/styleguide/index.html#anchor-links +link: https://docs.gitlab.com/ee/development/documentation/styleguide/#anchor-links vocab: false level: error scope: raw diff --git a/doc/.vale/gitlab_docs/InternalLinkExtension.yml b/doc/.vale/gitlab_docs/InternalLinkExtension.yml index 21260293573..54aa480f082 100644 --- a/doc/.vale/gitlab_docs/InternalLinkExtension.yml +++ b/doc/.vale/gitlab_docs/InternalLinkExtension.yml @@ -6,7 +6,7 @@ # For a list of all options, see https://vale.sh/docs/topics/styles/ extends: existence message: "Link to a file and use the .md file extension instead of .html." -link: https://docs.gitlab.com/ee/development/documentation/styleguide/index.html#links +link: https://docs.gitlab.com/ee/development/documentation/styleguide/#links vocab: false level: error scope: raw diff --git a/doc/.vale/gitlab_docs/InternalLinkFormat.yml b/doc/.vale/gitlab_docs/InternalLinkFormat.yml index c54557fa65d..058a60c44f9 100644 --- a/doc/.vale/gitlab_docs/InternalLinkFormat.yml +++ b/doc/.vale/gitlab_docs/InternalLinkFormat.yml @@ -6,7 +6,7 @@ # For a list of all options, see https://vale.sh/docs/topics/styles/ extends: existence message: "Edit the link so it does not start with '/' or './'." -link: https://docs.gitlab.com/ee/development/documentation/styleguide/index.html#links +link: https://docs.gitlab.com/ee/development/documentation/styleguide/#links vocab: false level: error scope: raw diff --git a/doc/.vale/gitlab_docs/InternalLinksCode.yml b/doc/.vale/gitlab_docs/InternalLinksCode.yml index d5e41e2fb35..e4333c24263 100644 --- a/doc/.vale/gitlab_docs/InternalLinksCode.yml +++ b/doc/.vale/gitlab_docs/InternalLinksCode.yml @@ -5,7 +5,7 @@ # For a list of all options, see https://vale.sh/docs/topics/styles/ extends: existence message: "Use full URLs for files outside the docs directory." -link: https://docs.gitlab.com/ee/development/documentation/styleguide/index.html#links +link: https://docs.gitlab.com/ee/development/documentation/styleguide/#links vocab: false level: error scope: raw diff --git a/doc/.vale/gitlab_docs/ReferenceLinks.yml b/doc/.vale/gitlab_docs/ReferenceLinks.yml index da0e0ac376c..a4697b8e924 100644 --- a/doc/.vale/gitlab_docs/ReferenceLinks.yml +++ b/doc/.vale/gitlab_docs/ReferenceLinks.yml @@ -6,7 +6,7 @@ # For a list of all options, see https://vale.sh/docs/topics/styles/ extends: existence message: "Put this link inline with the rest of the text." -link: https://docs.gitlab.com/ee/development/documentation/styleguide/index.html#links +link: https://docs.gitlab.com/ee/development/documentation/styleguide/#links vocab: false level: error nonword: true diff --git a/doc/.vale/gitlab_docs/RelativeLinks.yml b/doc/.vale/gitlab_docs/RelativeLinks.yml index 36953d9e994..11aaa348a49 100644 --- a/doc/.vale/gitlab_docs/RelativeLinks.yml +++ b/doc/.vale/gitlab_docs/RelativeLinks.yml @@ -6,7 +6,7 @@ # For a list of all options, see https://vale.sh/docs/topics/styles/ extends: existence message: "Use a relative link instead of a URL, and ensure the file name ends in .md and not .html." -link: https://docs.gitlab.com/ee/development/documentation/styleguide/index.html#links +link: https://docs.gitlab.com/ee/development/documentation/styleguide/#links vocab: false level: error scope: raw diff --git a/doc/.vale/gitlab_docs/RelativeLinksDoubleSlashes.yml b/doc/.vale/gitlab_docs/RelativeLinksDoubleSlashes.yml index 86cd86856bd..868d3d741fa 100644 --- a/doc/.vale/gitlab_docs/RelativeLinksDoubleSlashes.yml +++ b/doc/.vale/gitlab_docs/RelativeLinksDoubleSlashes.yml @@ -6,7 +6,7 @@ # For a list of all options, see https://vale.sh/docs/topics/styles/ extends: existence message: "Do not use double slashes '//' or '../doc' in the link path" -link: https://docs.gitlab.com/ee/development/documentation/styleguide/index.html#links +link: https://docs.gitlab.com/ee/development/documentation/styleguide/#links vocab: false level: error scope: raw diff --git a/doc/.vale/gitlab_docs/TabsLinks.yml b/doc/.vale/gitlab_docs/TabsLinks.yml index fe17de3816c..26434959a1f 100644 --- a/doc/.vale/gitlab_docs/TabsLinks.yml +++ b/doc/.vale/gitlab_docs/TabsLinks.yml @@ -6,7 +6,7 @@ # For a list of all options, see https://vale.sh/docs/topics/styles/ extends: existence message: "Do not include tabs query parameters in links." -link: https://docs.gitlab.com/ee/development/documentation/styleguide/index.html#tabs +link: https://docs.gitlab.com/ee/development/documentation/styleguide/#tabs vocab: false level: error scope: raw diff --git a/doc/administration/backup_restore/backup_large_reference_architectures.md b/doc/administration/backup_restore/backup_large_reference_architectures.md index d95cc625112..d04f4b80d9b 100644 --- a/doc/administration/backup_restore/backup_large_reference_architectures.md +++ b/doc/administration/backup_restore/backup_large_reference_architectures.md @@ -300,7 +300,7 @@ new bucket. [Using a non-packaged PostgreSQL database management server](https://docs.gitlab.com/omnibus/settings/database.html#using-a-non-packaged-postgresql-database-management-server). - For Helm chart (Kubernetes) installations, follow - [Configure the GitLab chart with an external database](https://docs.gitlab.com/charts/advanced/external-db/index.html). + [Configure the GitLab chart with an external database](https://docs.gitlab.com/charts/advanced/external-db/). 1. Before moving on, wait until the new RDS instance is created and ready to use. @@ -313,7 +313,7 @@ new bucket. [Using a non-packaged PostgreSQL database management server](https://docs.gitlab.com/omnibus/settings/database.html#using-a-non-packaged-postgresql-database-management-server). - For Helm chart (Kubernetes) installations, follow - [Configure the GitLab chart with an external database](https://docs.gitlab.com/charts/advanced/external-db/index.html). + [Configure the GitLab chart with an external database](https://docs.gitlab.com/charts/advanced/external-db/). 1. Before moving on, wait until the Cloud SQL instance is ready to use. diff --git a/doc/administration/cicd/job_artifacts.md b/doc/administration/cicd/job_artifacts.md index 901bbdb4733..eb35769ef79 100644 --- a/doc/administration/cicd/job_artifacts.md +++ b/doc/administration/cicd/job_artifacts.md @@ -272,7 +272,7 @@ processing is done in a background worker and requires **no downtime**. ::EndTabs -1. If [Geo](../geo/_index.md) is enabled, [reverify all job artifacts](../geo/replication/troubleshooting/synchronization_verification.md#reverify-all-components-or-any-ssf-data-type-which-supports-verification). +1. If [Geo](../geo/_index.md) is enabled, [reverify all job artifacts](../geo/replication/troubleshooting/synchronization_verification.md#reverify-one-component-on-all-sites). In some cases, you need to run the [orphan artifact file cleanup Rake task](../../raketasks/cleanup.md#remove-orphan-artifact-files) to clean up orphaned artifacts. diff --git a/doc/administration/geo/_index.md b/doc/administration/geo/_index.md index c6f6c06b899..5189e1341a1 100644 --- a/doc/administration/geo/_index.md +++ b/doc/administration/geo/_index.md @@ -344,7 +344,7 @@ of the backfill. ### Runners -- In addition to our standard best practices for deploying a [fleet of runners](https://docs.gitlab.com/runner/fleet_scaling/index.html), runners can also be configured to connect to Geo secondaries to spread out job load. See how to [register runners against secondaries](secondary_proxy/runners.md). +- In addition to our standard best practices for deploying a [fleet of runners](https://docs.gitlab.com/runner/fleet_scaling/), runners can also be configured to connect to Geo secondaries to spread out job load. See how to [register runners against secondaries](secondary_proxy/runners.md). - See also how to handle [Disaster Recovery with runners](disaster_recovery/planned_failover.md#runner-failover). ### Upgrading Geo diff --git a/doc/administration/geo/disaster_recovery/_index.md b/doc/administration/geo/disaster_recovery/_index.md index 36d9bec56ee..dc98052328d 100644 --- a/doc/administration/geo/disaster_recovery/_index.md +++ b/doc/administration/geo/disaster_recovery/_index.md @@ -276,9 +276,9 @@ changing Git remotes and API URLs. 1. Update the **secondary**'s SSL certificate: - - If you use the [Let's Encrypt integration](https://docs.gitlab.com/omnibus/settings/ssl/index.html#enable-the-lets-encrypt-integration), + - If you use the [Let's Encrypt integration](https://docs.gitlab.com/omnibus/settings/ssl/#enable-the-lets-encrypt-integration), the certificate updates automatically. - - If you had [manually set up](https://docs.gitlab.com/omnibus/settings/ssl/index.html#configure-https-manually), + - If you had [manually set up](https://docs.gitlab.com/omnibus/settings/ssl/#configure-https-manually), the **secondary**'s certificate, copy the certificate from the **primary** to the **secondary**. If you don't have access to the **primary**, issue a new certificate and make sure it contains both the **primary** and **secondary** URLs in the subject alternative names. You can check with: diff --git a/doc/administration/geo/replication/configuration.md b/doc/administration/geo/replication/configuration.md index 98275f8213e..e59a1334f75 100644 --- a/doc/administration/geo/replication/configuration.md +++ b/doc/administration/geo/replication/configuration.md @@ -277,12 +277,12 @@ You can safely skip this step if: ### Custom or self-signed certificate for inbound connections -If your GitLab Geo **primary** site uses a custom or [self-signed certificate to secure inbound HTTPS connections](https://docs.gitlab.com/omnibus/settings/ssl/index.html#install-custom-public-certificates), this can be either a single-domain or multi-domain certificate. +If your GitLab Geo **primary** site uses a custom or [self-signed certificate to secure inbound HTTPS connections](https://docs.gitlab.com/omnibus/settings/ssl/#install-custom-public-certificates), this can be either a single-domain or multi-domain certificate. Install the correct certificate based on your certificate type: - **Multi-domain certificate** that includes both primary and secondary site domains: Install the certificate at `/etc/gitlab/ssl` on all **Rails, Sidekiq, and Gitaly** nodes in the **secondary** site. -- **Single-domain certificate** where the certificates are specific to each Geo site domain: Generate a valid certificate for your **secondary** site's domain and install it at `/etc/gitlab/ssl` following [these instructions](https://docs.gitlab.com/omnibus/settings/ssl/index.html#install-custom-public-certificates) on all **Rails, Sidekiq, and Gitaly** nodes in the **secondary** site. +- **Single-domain certificate** where the certificates are specific to each Geo site domain: Generate a valid certificate for your **secondary** site's domain and install it at `/etc/gitlab/ssl` following [these instructions](https://docs.gitlab.com/omnibus/settings/ssl/#install-custom-public-certificates) on all **Rails, Sidekiq, and Gitaly** nodes in the **secondary** site. ### Connecting to external services that use custom certificates diff --git a/doc/administration/geo/replication/troubleshooting/common.md b/doc/administration/geo/replication/troubleshooting/common.md index 67ef1775499..ce96c4f22ff 100644 --- a/doc/administration/geo/replication/troubleshooting/common.md +++ b/doc/administration/geo/replication/troubleshooting/common.md @@ -437,7 +437,7 @@ Geo finds the current Puma or Sidekiq node's Geo [site](../../glossary.md) name 1. Get the "Geo node name" (there is [an issue to rename the settings to "Geo site name"](https://gitlab.com/gitlab-org/gitlab/-/issues/335944)): - Linux package: get the `gitlab_rails['geo_node_name']` setting. - - GitLab Helm charts: get the `global.geo.nodeName` setting (see [Charts with GitLab Geo](https://docs.gitlab.com/charts/advanced/geo/index.html)). + - GitLab Helm charts: get the `global.geo.nodeName` setting (see [Charts with GitLab Geo](https://docs.gitlab.com/charts/advanced/geo/)). 1. If that is not defined, then get the `external_url` setting. This name is used to look up the Geo site with the same **Name** in the **Geo Sites** diff --git a/doc/administration/geo/replication/troubleshooting/synchronization_verification.md b/doc/administration/geo/replication/troubleshooting/synchronization_verification.md index 8c1dd585193..98a0fd8df23 100644 --- a/doc/administration/geo/replication/troubleshooting/synchronization_verification.md +++ b/doc/administration/geo/replication/troubleshooting/synchronization_verification.md @@ -17,9 +17,171 @@ If you notice replication or verification failures in `Admin > Geo > Sites` or t ## Manually retry replication or verification -A Geo data type is a specific class of data that is required by one or more GitLab features to store relevant information and is replicated by Geo to secondary sites. +In [Rails console](../../../operations/rails_console.md#starting-a-rails-console-session) in a +secondary Geo site, you can: -### Geo data type classes +- [Manually resync and reverify individual components](#resync-and-reverify-individual-components) +- [Manually resync and reverify multiple components](#resync-and-reverify-multiple-components) + +### Resync and reverify individual components + +[You can force a resync and reverify individual items](https://gitlab.com/gitlab-org/gitlab/-/issues/364727) +for all component types managed by the +[self-service framework](../../../../development/geo/framework.md) using the UI. On the secondary +site, visit **Admin > Geo > Replication**. + +However, if this doesn't work, you can perform the same action using the Rails console. The +following sections describe how to use internal application commands in the +[Rails console](../../../operations/rails_console.md#starting-a-rails-console-session) to cause +replication or verification for individual records synchronously or asynchronously. + +#### Obtaining a Replicator instance + +WARNING: +Commands that change data can cause damage if not run correctly or under the right conditions. +Always run commands in a test environment first and have a backup instance ready to restore. + +Before you can perform any sync or verify operations, you need to obtain a Replicator instance. + +First, [start a Rails console session](../../../operations/rails_console.md#starting-a-rails-console-session) +in a **primary** or **secondary** site, depending on what you want to do. + +**Primary** site: + +- You can checksum a resource + +**Secondary** site: + +- You can sync a resource +- You can checksum a resource and verify that checksum against the primary site's checksum + +Next, run one of the following snippets to get a Replicator instance. + +##### Given a model record's ID + +- Replace `123` with the actual ID. +- Replace `Packages::PackageFile` with any of the + [Geo data type Model classes](#geo-data-type-model-classes). + +```ruby +model_record = Packages::PackageFile.find_by(id: 123) +replicator = model_record.replicator +``` + +##### Given a registry record's ID + +- Replace `432` with the actual ID. Note that a Registry record may or may not have the same ID + value as the Model record that it tracks. +- Replace `Geo::PackageFileRegistry` with any of the [Geo Registry classes](#geo-registry-classes). + +In a secondary Geo site: + +```ruby +registry_record = Geo::PackageFileRegistry.find_by(id: 432) +replicator = registry_record.replicator +``` + +##### Given an error message in a Registry record's `last_sync_failure` + +- Replace `Geo::PackageFileRegistry` with any of the [Geo Registry classes](#geo-registry-classes). +- Replace `error message here` with the actual error message. + +```ruby +registry = Geo::PackageFileRegistry.find_by("last_sync_failure LIKE '%error message here%'") +replicator = registry.replicator +``` + +##### Given an error message in a Registry record's `verification_failure` + +- Replace `Geo::PackageFileRegistry` with any of the [Geo Registry classes](#geo-registry-classes). +- Replace `error message here` with the actual error message. + +```ruby +registry = Geo::PackageFileRegistry.find_by("verification_failure LIKE '%error message here%'") +replicator = registry.replicator +``` + +#### Performing operations with a Replicator instance + +After you have a Replicator instance stored in a `replicator` variable, you can perform many +operations: + +##### Sync in the console + +This snippet only works in a **secondary** site. + +This executes the sync code synchronously in the console, so you can observe how long it takes to +sync a resource, or view a full error backtrace. + +```ruby +replicator.sync +``` + +Optionally, make the log level of the console more verbose than the configured log level, and then +perform a sync: + +```ruby +Rails.logger.level = :debug +``` + +##### Checksum or verify in the console + +This snippet works in any **primary** or **secondary** site. + +In a **primary** site, it checksums the resource and stores the result in the main GitLab +database. In a **secondary** site, it checksums the resource, compares it against the checksum in +the main GitLab database (generated by the **primary** site), and stores the result in the Geo +Tracking database. + +This executes the checksum and verification code synchronously in the console, so you can observe +how long it takes, or view a full error backtrace. + +```ruby +replicator.verify +``` + +##### Sync in a Sidekiq job + +This snippet only works in a **secondary** site. + +It enqueues a job for Sidekiq to perform a [sync](#sync-in-the-console) of the resource. + +```ruby +replicator.enqueue_sync +``` + +##### Verify in a Sidekiq job + +This snippet works in any **primary** or **secondary** site. + +It enqueues a job for Sidekiq to perform a +[checksum or verify](#checksum-or-verify-in-the-console) of the resource. + +```ruby +replicator.verify_async +``` + +##### Get a model record + +This snippet works in any **primary** or **secondary** site. + +```ruby +replicator.model_record +``` + +##### Get a registry record + +This snippet only works in a **secondary** site because registry tables are stored in the Geo +Tracking DB. + +```ruby +replicator.registry +``` + +#### Geo data type Model classes + +A Geo data type is a specific class of data that is required by one or more GitLab features to store +relevant data and is replicated by Geo to secondary sites. - **Blob types:** - `Ci::JobArtifact` @@ -42,165 +204,109 @@ A Geo data type is a specific class of data that is required by one or more GitL - **Other types:** - `ContainerRepository` -The main kinds of classes are Registry, Model, and Replicator. If you have an instance of one of these classes, you can get the others. The Registry and Model mostly manage PostgreSQL DB state. The Replicator knows how to replicate/verify (or it can call a service to do it): +The main kinds of classes are Registry, Model, and Replicator. If you have an instance of one of +these classes, you can get the others. The Registry and Model mostly manage PostgreSQL DB state. The +Replicator knows how to replicate or verify the non-PostgreSQL data (file/Git repository/Container +repository). -```ruby -model_record = Packages::PackageFile.last -model_record.replicator.registry.replicator.model_record # just showing that these methods exist -``` - -With all this information, you can: - -- [Manually resync and reverify individual components](#resync-and-reverify-individual-components) -- [Manually resync and reverify multiple components](#resync-and-reverify-multiple-components) - -### Resync and reverify individual components - -[You can force a resync and reverify individual items](https://gitlab.com/gitlab-org/gitlab/-/issues/364727) -for all component types managed by the [self-service framework](../../../../development/geo/framework.md) using the UI. -On the secondary site, visit **Admin > Geo > Replication**. - -However, if this doesn't work, you can perform the same action using the Rails -console. The following sections describe how to use internal application -commands in the Rails console to cause replication or verification for -individual records synchronously or asynchronously. - -### Geo registry table models +#### Geo Registry classes In the context of GitLab Geo, a **registry record** refers to registry tables in the Geo tracking database. Each record tracks a single replicable in the main GitLab database, such as an LFS file, or a project Git repository. The Rails models that correspond to Geo registry tables that can be queried are: -- `Geo::CiSecureFileRegistry` -- `Geo::ContainerRepositoryRegistry` -- `Geo::DependencyProxyBlobRegistry` -- `Geo::DependencyProxyManifestRegistry` -- `Geo::JobArtifactRegistry` -- `Geo::LfsObjectRegistry` -- `Geo::MergeRequestDiffRegistry` -- `Geo::PackageFileRegistry` -- `Geo::PagesDeploymentRegistry` -- `Geo::PipelineArtifactRegistry` -- `Geo::ProjectWikiRepositoryRegistry` -- `Geo::SnippetRepositoryRegistry` -- `Geo::TerraformStateVersionRegistry` -- `Geo::UploadRegistry` - -You can use Rails to perform basic troubleshooting. Troubleshooting steps vary -depending on the object type. - -#### For blob types - -WARNING: -Commands that change data can cause damage if not run correctly or under the right conditions. Always run commands in a test environment first and have a backup instance ready to restore. - -[Start a Rails console session](../../../operations/rails_console.md#starting-a-rails-console-session) -on a **secondary site**. - -Using the `Packages::PackageFile` component as an example: - -- Find registry records that failed to sync: - - ```ruby - Geo::PackageFileRegistry.failed - ``` - -- Find registry records that are missing on the primary site: - - ```ruby - Geo::PackageFileRegistry.where(last_sync_failure: 'The file is missing on the Geo primary site') - ``` - -- Resync a package file, synchronously, given an ID: - - ```ruby - model_record = Packages::PackageFile.find() - model_record.replicator.sync - ``` - -- Resync a package file, synchronously, given a registry ID: - - ```ruby - registry = Geo::PackageFileRegistry.find() - registry.replicator.sync - ``` - -- Resync a package file, asynchronously, given a registry ID. - Since GitLab 16.2, a component can be asynchronously replicated as follows: - - ```ruby - registry = Geo::PackageFileRegistry.find() - registry.replicator.enqueue_sync - ``` - -- Reverify a package file, asynchronously, given a registry ID. - Since GitLab 16.2, a component can be asynchronously reverified as follows: - - ```ruby - registry = Geo::PackageFileRegistry.find() - registry.replicator.verify_async - ``` - -#### For repository types - -WARNING: -Commands that change data can cause damage if not run correctly or under the right conditions. Always run commands in a test environment first and have a backup instance ready to restore. - -[Start a Rails console session](../../../operations/rails_console.md#starting-a-rails-console-session) -on a **secondary site**. - -Using the `SnippetRepository` component as an example: - -- Resync a snippet repository, synchronously, given an ID: - - ```ruby - model_record = Geo::SnippetRepositoryRegistry.find() - model_record.replicator.sync - ``` - -- Resync a snippet repository, synchronously, given a registry ID: - - ```ruby - registry = Geo::SnippetRepositoryRegistry.find() - registry.replicator.sync - ``` - -- Since GitLab 16.2, a component can be asynchronously replicated. Resync a - snippet repository, asynchronously, given a registry ID: - - ```ruby - registry = Geo::SnippetRepositoryRegistry.find() - registry.replicator.enqueue_sync - ``` - -- Since GitLab 16.2, a component can be asynchronously reverified. Reverify a - snippet repository, asynchronously, given a registry ID: - - ```ruby - registry = Geo::SnippetRepositoryRegistry.find() - registry.replicator.verify_async - ``` +- **Blob types:** + - `Geo::CiSecureFileRegistry` + - `Geo::DependencyProxyBlobRegistry` + - `Geo::DependencyProxyManifestRegistry` + - `Geo::JobArtifactRegistry` + - `Geo::LfsObjectRegistry` + - `Geo::MergeRequestDiffRegistry` + - `Geo::PackageFileRegistry` + - `Geo::PagesDeploymentRegistry` + - `Geo::PipelineArtifactRegistry` + - `Geo::ProjectWikiRepositoryRegistry` + - `Geo::SnippetRepositoryRegistry` + - `Geo::TerraformStateVersionRegistry` + - `Geo::UploadRegistry` +- **Git Repository types:** + - `Geo::DesignManagementRepositoryRegistry` + - `Geo::ProjectRepositoryRegistry` + - `Geo::ProjectWikiRepositoryRegistry` + - `Geo::SnippetRepositoryRegistry` + - `Geo::GroupWikiRepositoryRegistry` +- **Other types:** + - `Geo::ContainerRepositoryRegistry` ### Resync and reverify multiple components > - Bulk resync and reverify [added](https://gitlab.com/gitlab-org/gitlab/-/issues/364729) in GitLab 16.5. WARNING: -Commands that change data can cause damage if not run correctly or under the right conditions. Always run commands in a test environment first and have a backup instance ready to restore. +Commands that change data can cause damage if not run correctly or under the right conditions. +Always run commands in a test environment first and have a backup instance ready to restore. -The following sections describe how to use internal application commands in the [Rails console](../../../operations/rails_console.md#starting-a-rails-console-session) -to cause bulk replication or verification. +The following sections describe how to use internal application commands in the +[Rails console](../../../operations/rails_console.md#starting-a-rails-console-session) to cause bulk +replication or verification. -#### Reverify all components (or any SSF data type which supports verification) +#### Resync all resources of one component -You can reverify any [data type](#geo-data-type-classes) that supports verification from the Rails console. +You can schedule a full resync of all resources of one component from the UI: -For example, to reverify the `Upload` class: +1. On the left sidebar, at the bottom, select **Admin**. +1. Select **Geo > Sites**. +1. Under **Replication details**, select the desired component. +1. Select **Resync all**. -1. SSH into a GitLab Rails node in the primary Geo site. +Alternatively, +[start a Rails console session](../../../operations/rails_console.md#starting-a-rails-console-session) +**on the secondary Geo site** to gather more information, or execute these operations manually using +the snippets below. + +WARNING: +Commands that change data can cause damage if not run correctly or under the right conditions. +Always run commands in a test environment first and have a backup instance ready to restore. + +##### Sync all resources of one component that failed to sync + +The following script: + +- Loops over all failed repositories. +- Displays the Geo sync and verification metadata, including the reasons for the last failure. +- Attempts to resync the repository. +- Reports back if a failure occurs, and why. +- Might take some time to complete. Each repository check must complete + before reporting back the result. If your session times out, take measures + to allow the process to continue running such as starting a `screen` session, + or running it using [Rails runner](../../../operations/rails_console.md#using-the-rails-runner) + and `nohup`. + +```ruby +Geo::ProjectRepositoryRegistry.failed.find_each do |registry| + begin + puts "ID: #{registry.id}, Project ID: #{registry.project_id}, Last Sync Failure: '#{registry.last_sync_failure}'" + registry.replicator.sync + puts "Sync initiated for registry ID: #{registry.id}" + rescue => e + puts "ID: #{registry.id}, Project ID: #{registry.project_id}, Failed: '#{e}'", e.backtrace.join("\n") + end +end; nil +``` + +#### Reverify one component on all sites + +If the **primary** site's checksums are in question, then you need to make the **primary** site recalculate checksums. A "full re-verification" is then achieved, because after each checksum is recalculated on a **primary** site, events are generated which propagate to all **secondary** sites, causing them to recalculate their checksums and compare values. Any mismatch marks the registry as `sync failed`, which causes sync retries to be scheduled. + +The UI does not provide a button to do a "full re-verification". You can simulate this by setting your **primary** site's `Re-verification interval` to 1 (day) in **Admin > Geo > Nodes > Edit**. The **primary** site will then recalculate the checksum of any resource that has been checksummed more than 1 day ago. + +Optionally, you can do this manually: + +1. SSH into a GitLab Rails node in the **primary** site. 1. Open the [Rails console](../../../operations/rails_console.md#starting-a-rails-console-session). -1. Mark all uploads as `pending verification`: +1. Replacing `Upload` with any of the [Geo data type Model classes](#geo-data-type-model-classes), + mark all resources as `pending verification`: ```ruby Upload.verification_state_table_class.each_batch do |relation| @@ -208,37 +314,36 @@ For example, to reverify the `Upload` class: end ``` -1. This causes the primary to start checksumming all Uploads. -1. When a primary successfully checksums a record, then all secondaries recalculate the checksum as well, and they compare the values. +##### Reverify all resources that failed to checksum on the primary site -For other SSF data types replace `Upload` in the command above with the desired model class. +The system automatically reverifies all resources that failed to checksum on the primary site, but +it uses a progressive backoff scheme to avoid an excessive volume of failures. -#### Verify blob files on the secondary manually +Optionally, for example if you've completed an attempted intervention, you can manually trigger +reverification sooner: -This iterates over all package files on the secondary, looking at the -`verification_checksum` stored in the database (which came from the primary) -and then calculate this value on the secondary to check if they match. This -does not change anything in the UI. +1. SSH into a GitLab Rails node in the **primary** site. +1. Open the [Rails console](../../../operations/rails_console.md#starting-a-rails-console-session). +1. Replacing `Upload` with any of the [Geo data type Model classes](#geo-data-type-model-classes), + mark all resources as `pending verification`: -```ruby -# Run on secondary -status = {} + ```ruby + Upload.verification_state_table_class.where(verification_state: 3).each_batch do |relation| + relation.update_all(verification_state: 0) + end + ``` -Packages::PackageFile.find_each do |package_file| - primary_checksum = package_file.verification_checksum - secondary_checksum = Packages::PackageFile.sha256_hexdigest(package_file.file.path) - verification_status = (primary_checksum == secondary_checksum) +#### Reverify one component on one secondary site - status[verification_status.to_s] ||= [] - status[verification_status.to_s] << package_file.id -end +If you believe the **primary** site checksums are correct, you can schedule a reverification of one +component on one **secondary** site from the UI: -# Count how many of each value we get -status.keys.each {|key| puts "#{key} count: #{status[key].count}"} +1. On the left sidebar, at the bottom, select **Admin**. +1. Select **Geo > Sites**. +1. Under **Replication details**, select the desired component. +1. Select **Reverify all**. -# See the output in its entirety -status -``` +## Errors ### Failed verification of Uploads on the primary Geo site @@ -435,56 +540,7 @@ Failed to open TCP connection to localhost:5000 (Connection refused - connect(2) It happens if the container registry is not enabled on the secondary site. To fix it, check that the container registry is [enabled on the secondary site](../../../packages/container_registry.md#enable-the-container-registry). Note that if [Let’s Encrypt integration is disabled](https://docs.gitlab.com/omnibus/settings/ssl/#configure-https-manually), container registry is disabled as well, and you must [configure it manually](../../../packages/container_registry.md#configure-container-registry-under-its-own-domain). -## Reverify all uploads (or any SSF data type which is verified) - -1. SSH into a GitLab Rails node in the primary Geo site. -1. Open [Rails console](../../../operations/rails_console.md). -1. Mark all uploads as "pending verification": - -WARNING: -Commands that change data can cause damage if not run correctly or under the right conditions. Always run commands in a test environment first and have a backup instance ready to restore. - -### Reverify all uploads - -```ruby -Upload.verification_state_table_class.each_batch do |relation| - relation.update_all(verification_state: 0) -end -``` - -### Reverify failed uploads only - -```ruby -Upload.verification_state_table_class.where(verification_state: 3).each_batch do |relation| - relation.update_all(verification_state: 0) -end -``` - -### How the reverification process works - -When you [reverify all uploads](#reverify-all-uploads) or [reverify failed uploads only](#reverify-failed-uploads-only): - -1. This causes the primary to start checksumming the Uploads depending on which commands were executed. -1. When a primary successfully checksums a record, then all secondaries recalculate the checksum as well, and they compare the values. - -You can perform a similar operation with other the Models handled by the [Geo Self-Service Framework](../../../../development/geo/framework.md) which have implemented verification: - -- `LfsObject` -- `MergeRequestDiff` -- `Packages::PackageFile` -- `Terraform::StateVersion` -- `SnippetRepository` -- `Ci::PipelineArtifact` -- `PagesDeployment` -- `Upload` -- `Ci::JobArtifact` -- `Ci::SecureFile` - -NOTE: -`GroupWikiRepository` is not in the previous list since verification is not implemented. -There is an [issue to implement this functionality in the **Admin** area UI](https://gitlab.com/gitlab-org/gitlab/-/issues/364729). - -## Message: `Synchronization failed - Error syncing repository` +### Message: `Synchronization failed - Error syncing repository` WARNING: If large repositories are affected by this problem, @@ -514,7 +570,7 @@ A second synchronization error can also be caused by repository check issues: Error syncing repository: 13:Received RST_STREAM with error code 2. ``` -These errors can be observed by [immediately syncing all failed repositories](#sync-all-failed-repositories-now). +These errors can be observed by [immediately syncing all failed repositories](#sync-all-resources-of-one-component-that-failed-to-sync). Removing the malformed objects causing consistency errors involves rewriting the repository history, which is usually not an option. @@ -646,100 +702,6 @@ We recommend transferring each failing repository individually and checking for after each transfer. Follow the [single target `rsync` instructions](../../../operations/moving_repositories.md#single-rsync-to-another-server) to transfer each affected repository from the primary to the secondary site. -## Project or project wiki repositories - -### Resync all Geo-replicable objects - -You can schedule a full resync or reverification of all Geo-replicable objects -from the UI: - -1. On the left sidebar, at the bottom, select **Admin**. -1. Select **Geo > Sites**. -1. Under **Replication details**, select the desired object. -1. Select **Resync all** or **Reverify all**. - -Alternatively, [start a Rails console session](../../../operations/rails_console.md#starting-a-rails-console-session) -**on the secondary Geo site** to gather more information, or execute these operations manually using the snippets below. - -WARNING: -Commands that change data can cause damage if not run correctly or under the right conditions. Always run commands in a test environment first and have a backup instance ready to restore. - -### Find repository verification failures - -#### Get the number of verification failed repositories - -```ruby -Geo::ProjectRepositoryRegistry.verification_failed.count -``` - -#### Find the verification failed repositories - -```ruby -Geo::ProjectRepositoryRegistry.verification_failed -``` - -#### Find repositories that failed to sync - -```ruby -Geo::ProjectRepositoryRegistry.failed -``` - -#### Mark all repositories for reverification - -The following snippet marks all project repositories for reverification. After a minute or two, the system should begin to schedule Sidekiq jobs according to your concurrency limits: - -```ruby -Geo::ProjectRepositoryRegistry.update_all(verification_state: 0) -``` - -If there's a very large number of repositories to reverify, the single update query can time out. If this happens, you should run update queries in batches of rows using the same code as the **Reverify all** feature in the admin area: - -```ruby -::Geo::RegistryBulkUpdateService.new(:reverify_all, Geo::ProjectRepositoryRegistry).execute -``` - -### Resync project and project wiki repositories - -#### Queue up all repositories for resync - -The following snippet marks all project repositories for reverification. After a minute or two, the system should begin to schedule Sidekiq jobs according to your concurrency limits: - -```ruby -Geo::ProjectRepositoryRegistry.update_all(state: 0, last_synced_at: nil) -``` - -If there's a very large number of repositories to reverify, the single update query can time out. If this happens, you should run update queries in batches of rows using the same code as the **Reverify all** feature in the admin area: - -```ruby -::Geo::RegistryBulkUpdateService.new(:resync_all, Geo::ProjectRepositoryRegistry).execute -``` - -#### Sync all failed repositories now - -The following script: - -- Loops over all failed repositories. -- Displays the project details and the reasons for the last failure. -- Attempts to resync the repository. -- Reports back if a failure occurs, and why. -- Might take some time to complete. Each repository check must complete - before reporting back the result. If your session times out, take measures - to allow the process to continue running such as starting a `screen` session, - or running it using [Rails runner](../../../operations/rails_console.md#using-the-rails-runner) - and `nohup`. - -```ruby -Geo::ProjectRepositoryRegistry.failed.find_each do |registry| - begin - puts "ID: #{registry.id}, Project ID: #{registry.project_id}, Last Sync Failure: '#{registry.last_sync_failure}'" - registry.replicator.sync - puts "Sync initiated for registry ID: #{registry.id}" - rescue => e - puts "ID: #{registry.id}, Project ID: #{registry.project_id}, Failed: '#{e}'", e.backtrace.join("\n") - end -end ; nil -``` - ## Find repository check failures in a Geo secondary site NOTE: diff --git a/doc/administration/geo/secondary_proxy/_index.md b/doc/administration/geo/secondary_proxy/_index.md index 43eb5d0533e..54186a28885 100644 --- a/doc/administration/geo/secondary_proxy/_index.md +++ b/doc/administration/geo/secondary_proxy/_index.md @@ -151,7 +151,7 @@ the following steps if your sites use different URLs: To allow the sites to talk to each other, [make sure the `Internal URL` field is unique for each site](../../geo_sites.md#set-up-the-internal-urls). -In Kubernetes, you can [use the same domain under `global.hosts.domain` as for the primary site](https://docs.gitlab.com/charts/advanced/geo/index.html). +In Kubernetes, you can [use the same domain under `global.hosts.domain` as for the primary site](https://docs.gitlab.com/charts/advanced/geo/). ## Set up a separate URL for a secondary Geo site diff --git a/doc/administration/gitaly/configure_gitaly.md b/doc/administration/gitaly/configure_gitaly.md index 1ec9e8391c8..0288a1a230a 100644 --- a/doc/administration/gitaly/configure_gitaly.md +++ b/doc/administration/gitaly/configure_gitaly.md @@ -1315,7 +1315,7 @@ gitaly['configuration'] = { :::TabTitle Helm chart (Kubernetes) For Helm-based deployments, see the -[server-side backup documentation for Gitaly chart](https://docs.gitlab.com/charts/charts/gitlab/gitaly/index.html#server-side-backups). +[server-side backup documentation for Gitaly chart](https://docs.gitlab.com/charts/charts/gitlab/gitaly/#server-side-backups). :::TabTitle Self-compiled (source) @@ -1360,7 +1360,7 @@ gitaly['configuration'] = { :::TabTitle Helm chart (Kubernetes) For Helm-based deployments, see the -[server-side backup documentation for Gitaly chart](https://docs.gitlab.com/charts/charts/gitlab/gitaly/index.html#server-side-backups). +[server-side backup documentation for Gitaly chart](https://docs.gitlab.com/charts/charts/gitlab/gitaly/#server-side-backups). :::TabTitle Self-compiled (source) @@ -1406,7 +1406,7 @@ gitaly['configuration'] = { :::TabTitle Helm chart (Kubernetes) For Helm-based deployments, see the -[server-side backup documentation for Gitaly chart](https://docs.gitlab.com/charts/charts/gitlab/gitaly/index.html#server-side-backups). +[server-side backup documentation for Gitaly chart](https://docs.gitlab.com/charts/charts/gitlab/gitaly/#server-side-backups). :::TabTitle Self-compiled (source) @@ -1435,7 +1435,7 @@ The following parameters are supported: :::TabTitle Helm chart (Kubernetes) For Helm-based deployments, see the -[server-side backup documentation for Gitaly chart](https://docs.gitlab.com/charts/charts/gitlab/gitaly/index.html#server-side-backups). +[server-side backup documentation for Gitaly chart](https://docs.gitlab.com/charts/charts/gitlab/gitaly/#server-side-backups). :::TabTitle Linux package (Omnibus) diff --git a/doc/administration/gitaly/praefect.md b/doc/administration/gitaly/praefect.md index 03238d897f5..dabe3698cce 100644 --- a/doc/administration/gitaly/praefect.md +++ b/doc/administration/gitaly/praefect.md @@ -733,7 +733,7 @@ for secure connections, you must: Additionally the certificate, or its certificate authority, must be installed on all Gitaly servers and on all Praefect clients that communicate with it following the procedure described in -[GitLab custom certificate configuration](https://docs.gitlab.com/omnibus/settings/ssl/index.html#install-custom-public-certificates) (and repeated below). +[GitLab custom certificate configuration](https://docs.gitlab.com/omnibus/settings/ssl/#install-custom-public-certificates) (and repeated below). Note the following: diff --git a/doc/administration/gitaly/troubleshooting.md b/doc/administration/gitaly/troubleshooting.md index e091e2efbed..1d6949b915c 100644 --- a/doc/administration/gitaly/troubleshooting.md +++ b/doc/administration/gitaly/troubleshooting.md @@ -105,7 +105,7 @@ check for an SSL or TLS problem: ``` Check whether `Verify return code` field indicates a -[known Linux package installation configuration problem](https://docs.gitlab.com/omnibus/settings/ssl/index.html). +[known Linux package installation configuration problem](https://docs.gitlab.com/omnibus/settings/ssl/). If `openssl` succeeds but `gitlab-rake gitlab:gitaly:check` fails, check [certificate requirements](tls_support.md#certificate-requirements) for Gitaly. diff --git a/doc/administration/integration/plantuml.md b/doc/administration/integration/plantuml.md index 5436b34609c..aab32557904 100644 --- a/doc/administration/integration/plantuml.md +++ b/doc/administration/integration/plantuml.md @@ -295,7 +295,7 @@ following: - `http://plantuml:8005/` - `http://localhost:8005/plantuml/` -If you're running [GitLab with TLS](https://docs.gitlab.com/omnibus/settings/ssl/index.html) +If you're running [GitLab with TLS](https://docs.gitlab.com/omnibus/settings/ssl/) you must configure this redirection, because PlantUML uses the insecure HTTP protocol. Newer browsers, such as [Google Chrome 86+](https://www.chromestatus.com/feature/4926989725073408), don't load insecure HTTP resources on pages served over HTTPS. diff --git a/doc/administration/lfs/_index.md b/doc/administration/lfs/_index.md index a369d63267a..ed87ce8311a 100644 --- a/doc/administration/lfs/_index.md +++ b/doc/administration/lfs/_index.md @@ -520,7 +520,7 @@ error: failed to fetch some objects from 'https://username:[MASKED]@gitlab.examp ``` When using GitLab CI over a TLS v1.3 configured GitLab server, you must -[upgrade to GitLab Runner](https://docs.gitlab.com/runner/install/index.html) 13.2.0 +[upgrade to GitLab Runner](https://docs.gitlab.com/runner/install/) 13.2.0 or later to receive an updated Git LFS client version with the included [GitLab Runner Helper image](https://docs.gitlab.com/runner/configuration/advanced-configuration.html#helper-image). diff --git a/doc/administration/load_balancer.md b/doc/administration/load_balancer.md index ae3fcb7ae01..7f67a134c8e 100644 --- a/doc/administration/load_balancer.md +++ b/doc/administration/load_balancer.md @@ -34,7 +34,7 @@ Configure your load balancers to pass connections on port 443 as 'TCP' rather than 'HTTP(S)' protocol. This passes the connection to the application nodes NGINX service untouched. NGINX has the SSL certificate and listen on port 443. -See the [HTTPS documentation](https://docs.gitlab.com/omnibus/settings/ssl/index.html) +See the [HTTPS documentation](https://docs.gitlab.com/omnibus/settings/ssl/) for details on managing SSL certificates and configuring NGINX. ### Load Balancers terminate SSL without backend SSL @@ -45,7 +45,7 @@ terminating SSL. Because communication between the load balancers and GitLab isn't secure, there is some additional configuration needed. See the -[proxied SSL documentation](https://docs.gitlab.com/omnibus/settings/ssl/index.html#configure-a-reverse-proxy-or-load-balancer-ssl-termination) +[proxied SSL documentation](https://docs.gitlab.com/omnibus/settings/ssl/#configure-a-reverse-proxy-or-load-balancer-ssl-termination) for details. ### Load Balancers terminate SSL with backend SSL @@ -58,7 +58,7 @@ Traffic is secure between the load balancers and NGINX in this scenario. There is no need to add configuration for proxied SSL because the connection is secure all the way. However, configuration must be added to GitLab to configure SSL certificates. See -the [HTTPS documentation](https://docs.gitlab.com/omnibus/settings/ssl/index.html) +the [HTTPS documentation](https://docs.gitlab.com/omnibus/settings/ssl/) for details on managing SSL certificates and configuring NGINX. ## Ports @@ -134,7 +134,7 @@ The default ciphers for a GitLab version can be viewed in the [`files/gitlab-cookbooks/gitlab/attributes/default.rb`](https://gitlab.com/gitlab-org/omnibus-gitlab/-/blob/master/files/gitlab-cookbooks/gitlab/attributes/default.rb) file and selecting the Git tag that correlates with your target GitLab version (for example `15.0.5+ee.0`). If required by your load balancer, you can then define -[custom SSL ciphers](https://docs.gitlab.com/omnibus/settings/ssl/index.html#use-custom-ssl-ciphers) +[custom SSL ciphers](https://docs.gitlab.com/omnibus/settings/ssl/#use-custom-ssl-ciphers) for NGINX. ### Some pages and links are downloaded instead of rendered in the browser diff --git a/doc/administration/operations/gitlab_sshd.md b/doc/administration/operations/gitlab_sshd.md index 7b4fbff93d0..37043ff73e2 100644 --- a/doc/administration/operations/gitlab_sshd.md +++ b/doc/administration/operations/gitlab_sshd.md @@ -81,7 +81,7 @@ generation and copy the existing OpenSSH host keys into The following instructions switch OpenSSH in favor of `gitlab-sshd`: 1. Set the `gitlab-shell` charts `sshDaemon` option to - [`gitlab-sshd`](https://docs.gitlab.com/charts/charts/gitlab/gitlab-shell/index.html#installation-command-line-options). + [`gitlab-sshd`](https://docs.gitlab.com/charts/charts/gitlab/gitlab-shell/#installation-command-line-options). For example: ```yaml @@ -133,7 +133,7 @@ To enable the PROXY protocol: :::TabTitle Helm chart (Kubernetes) -1. Set the [`gitlab.gitlab-shell.config` options](https://docs.gitlab.com/charts/charts/gitlab/gitlab-shell/index.html#installation-command-line-options). For example: +1. Set the [`gitlab.gitlab-shell.config` options](https://docs.gitlab.com/charts/charts/gitlab/gitlab-shell/#installation-command-line-options). For example: ```yaml gitlab: diff --git a/doc/administration/operations/moving_repositories.md b/doc/administration/operations/moving_repositories.md index e149eed01f2..9122dba754c 100644 --- a/doc/administration/operations/moving_repositories.md +++ b/doc/administration/operations/moving_repositories.md @@ -55,7 +55,7 @@ To move repositories: - [All groups](#move-all-groups) or [individual groups](../../api/group_repository_storage_moves.md#schedule-a-repository-storage-move-for-a-group). 1. If [Geo](../geo/_index.md) is enabled, - [resync all repositories](../geo/replication/troubleshooting/synchronization_verification.md#queue-up-all-repositories-for-resync). + [resync all repositories](../geo/replication/troubleshooting/synchronization_verification.md#resync-all-resources-of-one-component). #### Move all projects diff --git a/doc/administration/operations/puma.md b/doc/administration/operations/puma.md index 42374c2609e..88e12413cf2 100644 --- a/doc/administration/operations/puma.md +++ b/doc/administration/operations/puma.md @@ -154,7 +154,7 @@ steps below: NOTE: If using a self-signed certificate from a custom Certificate Authority (CA), - follow [the documentation](https://docs.gitlab.com/omnibus/settings/ssl/index.html#install-custom-public-certificates) + follow [the documentation](https://docs.gitlab.com/omnibus/settings/ssl/#install-custom-public-certificates) to make them trusted by other GitLab components. 1. Edit `/etc/gitlab/gitlab.rb`: @@ -251,7 +251,7 @@ configure this: NOTE: For Helm-based deployments, see the -[`webservice` chart documentation](https://docs.gitlab.com/charts/charts/gitlab/webservice/index.html). +[`webservice` chart documentation](https://docs.gitlab.com/charts/charts/gitlab/webservice/). Puma is the default web server and Unicorn is no longer supported. diff --git a/doc/administration/packages/container_registry.md b/doc/administration/packages/container_registry.md index abbb49660da..f981a536527 100644 --- a/doc/administration/packages/container_registry.md +++ b/doc/administration/packages/container_registry.md @@ -37,7 +37,7 @@ If you installed GitLab by using the Linux package, the container registry may or may not be available by default. The container registry is automatically enabled and available on your GitLab domain, port 5050 if -you're using the built-in [Let's Encrypt integration](https://docs.gitlab.com/omnibus/settings/ssl/index.html#enable-the-lets-encrypt-integration). +you're using the built-in [Let's Encrypt integration](https://docs.gitlab.com/omnibus/settings/ssl/#enable-the-lets-encrypt-integration). Otherwise, the container registry is not enabled. To enable it: @@ -224,7 +224,7 @@ domain. For example, `*.gitlab.example.com`, is a wildcard that matches `registr and is distinct from `*.example.com`. As well as manually generated SSL certificates (explained here), certificates automatically -generated by Let's Encrypt are also [supported in Linux package installations](https://docs.gitlab.com/omnibus/settings/ssl/index.html). +generated by Let's Encrypt are also [supported in Linux package installations](https://docs.gitlab.com/omnibus/settings/ssl/). Let's assume that you want the container registry to be accessible at `https://registry.gitlab.example.com`. diff --git a/doc/administration/pages/_index.md b/doc/administration/pages/_index.md index f8e8fad9f29..44666fdae75 100644 --- a/doc/administration/pages/_index.md +++ b/doc/administration/pages/_index.md @@ -677,7 +677,7 @@ fails to work if the custom CA is not recognized. This usually results in this error: `Post /oauth/token: x509: certificate signed by unknown authority`. -For Linux package installations, this is fixed by [installing a custom CA](https://docs.gitlab.com/omnibus/settings/ssl/index.html#install-custom-public-certificates). +For Linux package installations, this is fixed by [installing a custom CA](https://docs.gitlab.com/omnibus/settings/ssl/#install-custom-public-certificates). For self-compiled installations, this can be fixed by installing the custom Certificate Authority (CA) in the system certificate store. @@ -1259,7 +1259,7 @@ To allow certain IP ranges (subnets) to bypass all rate limits: - `rate_limit_subnets_allow_list`: Sets the allow list with the IP ranges (subnets) that should bypass all rate limits. For example, `['1.2.3.4/24', '2001:db8::1/32']`. - [Charts example](https://docs.gitlab.com/charts/charts/gitlab/gitlab-pages/index.html#configure-rate-limits-subnets-allow-list) is available. + [Charts example](https://docs.gitlab.com/charts/charts/gitlab/gitlab-pages/#configure-rate-limits-subnets-allow-list) is available. An IPv6 address receives a large prefix in the 128-bit address space. The prefix is typically at least size /64. Because of the large number of possible addresses, if the client's IP address is IPv6, the limit is applied to the IPv6 prefix with a length of 64, rather than the entire IPv6 address. diff --git a/doc/administration/raketasks/maintenance.md b/doc/administration/raketasks/maintenance.md index c8b219c985e..bee047129ee 100644 --- a/doc/administration/raketasks/maintenance.md +++ b/doc/administration/raketasks/maintenance.md @@ -131,7 +131,7 @@ component servers like [Gitaly](../gitaly/configure_gitaly.md#run-gitaly-on-its- You may also have a look at our troubleshooting guides for: - [GitLab](../troubleshooting/_index.md). -- [Linux package installations](https://docs.gitlab.com/omnibus/index.html#troubleshooting). +- [Linux package installations](https://docs.gitlab.com/omnibus/#troubleshooting). Additionally you should also [verify database values can be decrypted using the current secrets](check.md#verify-database-values-can-be-decrypted-using-the-current-secrets). diff --git a/doc/administration/reference_architectures/10k_users.md b/doc/administration/reference_architectures/10k_users.md index bbc5a9e54b5..2609521a3ae 100644 --- a/doc/administration/reference_architectures/10k_users.md +++ b/doc/administration/reference_architectures/10k_users.md @@ -326,7 +326,7 @@ Configure your load balancer to pass connections on port 443 as `TCP` rather than `HTTP(S)` protocol. This will pass the connection to the application node's NGINX service untouched. NGINX will have the SSL certificate and listen on port 443. -See the [HTTPS documentation](https://docs.gitlab.com/omnibus/settings/ssl/index.html) +See the [HTTPS documentation](https://docs.gitlab.com/omnibus/settings/ssl/) for details on managing SSL certificates and configuring NGINX. #### Load balancer terminates SSL without backend SSL @@ -337,7 +337,7 @@ terminating SSL. Since communication between the load balancer and GitLab will not be secure, there is some additional configuration needed. See the -[proxied SSL documentation](https://docs.gitlab.com/omnibus/settings/ssl/index.html#configure-a-reverse-proxy-or-load-balancer-ssl-termination) +[proxied SSL documentation](https://docs.gitlab.com/omnibus/settings/ssl/#configure-a-reverse-proxy-or-load-balancer-ssl-termination) for details. #### Load balancer terminates SSL with backend SSL @@ -350,7 +350,7 @@ Traffic will also be secure between the load balancers and NGINX in this scenario. There is no need to add configuration for proxied SSL since the connection will be secure all the way. However, configuration will need to be added to GitLab to configure SSL certificates. See -the [HTTPS documentation](https://docs.gitlab.com/omnibus/settings/ssl/index.html) +the [HTTPS documentation](https://docs.gitlab.com/omnibus/settings/ssl/) for details on managing SSL certificates and configuring NGINX.
@@ -1681,7 +1681,7 @@ for secure connections, you must: Additionally the certificate, or its certificate authority, must be installed on all Gitaly servers and on all Praefect clients that communicate with it following the procedure described in -[GitLab custom certificate configuration](https://docs.gitlab.com/omnibus/settings/ssl/index.html#install-custom-public-certificates) (and repeated below). +[GitLab custom certificate configuration](https://docs.gitlab.com/omnibus/settings/ssl/#install-custom-public-certificates) (and repeated below). Note the following: @@ -2094,7 +2094,7 @@ On each node perform the following: When you specify `https` in the `external_url`, as in the previous example, GitLab expects that the SSL certificates are in `/etc/gitlab/ssl/`. If the certificates aren't present, NGINX will fail to start. For more information, see -the [HTTPS documentation](https://docs.gitlab.com/omnibus/settings/ssl/index.html). +the [HTTPS documentation](https://docs.gitlab.com/omnibus/settings/ssl/). ### GitLab Rails post-configuration diff --git a/doc/administration/reference_architectures/25k_users.md b/doc/administration/reference_architectures/25k_users.md index 872938a1f6f..f1e22e8a623 100644 --- a/doc/administration/reference_architectures/25k_users.md +++ b/doc/administration/reference_architectures/25k_users.md @@ -328,7 +328,7 @@ Configure your load balancer to pass connections on port 443 as `TCP` rather than `HTTP(S)` protocol. This will pass the connection to the application node's NGINX service untouched. NGINX will have the SSL certificate and listen on port 443. -See the [HTTPS documentation](https://docs.gitlab.com/omnibus/settings/ssl/index.html) +See the [HTTPS documentation](https://docs.gitlab.com/omnibus/settings/ssl/) for details on managing SSL certificates and configuring NGINX. #### Load balancer terminates SSL without backend SSL @@ -339,7 +339,7 @@ terminating SSL. Since communication between the load balancer and GitLab will not be secure, there is some additional configuration needed. See the -[proxied SSL documentation](https://docs.gitlab.com/omnibus/settings/ssl/index.html#configure-a-reverse-proxy-or-load-balancer-ssl-termination) +[proxied SSL documentation](https://docs.gitlab.com/omnibus/settings/ssl/#configure-a-reverse-proxy-or-load-balancer-ssl-termination) for details. #### Load balancer terminates SSL with backend SSL @@ -352,7 +352,7 @@ Traffic will also be secure between the load balancers and NGINX in this scenario. There is no need to add configuration for proxied SSL since the connection will be secure all the way. However, configuration will need to be added to GitLab to configure SSL certificates. See -the [HTTPS documentation](https://docs.gitlab.com/omnibus/settings/ssl/index.html) +the [HTTPS documentation](https://docs.gitlab.com/omnibus/settings/ssl/) for details on managing SSL certificates and configuring NGINX.
@@ -1687,7 +1687,7 @@ for secure connections, you must: Additionally the certificate, or its certificate authority, must be installed on all Gitaly servers and on all Praefect clients that communicate with it following the procedure described in -[GitLab custom certificate configuration](https://docs.gitlab.com/omnibus/settings/ssl/index.html#install-custom-public-certificates) (and repeated below). +[GitLab custom certificate configuration](https://docs.gitlab.com/omnibus/settings/ssl/#install-custom-public-certificates) (and repeated below). Note the following: @@ -2102,7 +2102,7 @@ On each node perform the following: When you specify `https` in the `external_url`, as in the previous example, GitLab expects that the SSL certificates are in `/etc/gitlab/ssl/`. If the certificates aren't present, NGINX will fail to start. For more information, see -the [HTTPS documentation](https://docs.gitlab.com/omnibus/settings/ssl/index.html). +the [HTTPS documentation](https://docs.gitlab.com/omnibus/settings/ssl/). ### GitLab Rails post-configuration diff --git a/doc/administration/reference_architectures/2k_users.md b/doc/administration/reference_architectures/2k_users.md index e7dda045cc4..ab2e0ae6aa5 100644 --- a/doc/administration/reference_architectures/2k_users.md +++ b/doc/administration/reference_architectures/2k_users.md @@ -227,7 +227,7 @@ Configure your load balancer to pass connections on port 443 as `TCP` rather than `HTTP(S)` protocol. This will pass the connection to the application node's NGINX service untouched. NGINX will have the SSL certificate and listen on port 443. -See the [HTTPS documentation](https://docs.gitlab.com/omnibus/settings/ssl/index.html) +See the [HTTPS documentation](https://docs.gitlab.com/omnibus/settings/ssl/) for details on managing SSL certificates and configuring NGINX. #### Load balancer terminates SSL without backend SSL @@ -238,7 +238,7 @@ terminating SSL. Since communication between the load balancer and GitLab will not be secure, there is some additional configuration needed. See the -[proxied SSL documentation](https://docs.gitlab.com/omnibus/settings/ssl/index.html#configure-a-reverse-proxy-or-load-balancer-ssl-termination) +[proxied SSL documentation](https://docs.gitlab.com/omnibus/settings/ssl/#configure-a-reverse-proxy-or-load-balancer-ssl-termination) for details. #### Load balancer terminates SSL with backend SSL @@ -251,7 +251,7 @@ Traffic will also be secure between the load balancers and NGINX in this scenario. There is no need to add configuration for proxied SSL since the connection will be secure all the way. However, configuration will need to be added to GitLab to configure SSL certificates. See -the [HTTPS documentation](https://docs.gitlab.com/omnibus/settings/ssl/index.html) +the [HTTPS documentation](https://docs.gitlab.com/omnibus/settings/ssl/) for details on managing SSL certificates and configuring NGINX.
@@ -558,7 +558,7 @@ You must bring your own certificates as this isn't provided automatically. The certificate, or its certificate authority, must be installed on all Gitaly nodes (including the Gitaly node using the certificate) and on all client nodes that communicate with it following the procedure described in -[GitLab custom certificate configuration](https://docs.gitlab.com/omnibus/settings/ssl/index.html#install-custom-public-certificates). +[GitLab custom certificate configuration](https://docs.gitlab.com/omnibus/settings/ssl/#install-custom-public-certificates). NOTE: The self-signed certificate must specify the address you use to access the @@ -910,7 +910,7 @@ On each node perform the following: When you specify `https` in the `external_url`, as in the previous example, GitLab expects that the SSL certificates are in `/etc/gitlab/ssl/`. If the certificates aren't present, NGINX will fail to start. For more information, see -the [HTTPS documentation](https://docs.gitlab.com/omnibus/settings/ssl/index.html). +the [HTTPS documentation](https://docs.gitlab.com/omnibus/settings/ssl/). ### GitLab Rails post-configuration diff --git a/doc/administration/reference_architectures/3k_users.md b/doc/administration/reference_architectures/3k_users.md index 5e21086a291..8c7ab803052 100644 --- a/doc/administration/reference_architectures/3k_users.md +++ b/doc/administration/reference_architectures/3k_users.md @@ -316,7 +316,7 @@ Configure your load balancer to pass connections on port 443 as `TCP` rather than `HTTP(S)` protocol. This will pass the connection to the application node's NGINX service untouched. NGINX will have the SSL certificate and listen on port 443. -See the [HTTPS documentation](https://docs.gitlab.com/omnibus/settings/ssl/index.html) +See the [HTTPS documentation](https://docs.gitlab.com/omnibus/settings/ssl/) for details on managing SSL certificates and configuring NGINX. #### Load balancer terminates SSL without backend SSL @@ -327,7 +327,7 @@ terminating SSL. Since communication between the load balancer and GitLab will not be secure, there is some additional configuration needed. See the -[proxied SSL documentation](https://docs.gitlab.com/omnibus/settings/ssl/index.html#configure-a-reverse-proxy-or-load-balancer-ssl-termination) +[proxied SSL documentation](https://docs.gitlab.com/omnibus/settings/ssl/#configure-a-reverse-proxy-or-load-balancer-ssl-termination) for details. #### Load balancer terminates SSL with backend SSL @@ -340,7 +340,7 @@ Traffic will also be secure between the load balancers and NGINX in this scenario. There is no need to add configuration for proxied SSL since the connection will be secure all the way. However, configuration will need to be added to GitLab to configure SSL certificates. See -the [HTTPS documentation](https://docs.gitlab.com/omnibus/settings/ssl/index.html) +the [HTTPS documentation](https://docs.gitlab.com/omnibus/settings/ssl/) for details on managing SSL certificates and configuring NGINX.
@@ -1521,7 +1521,7 @@ for secure connections, you must: Additionally the certificate, or its certificate authority, must be installed on all Gitaly servers and on all Praefect clients that communicate with it following the procedure described in -[GitLab custom certificate configuration](https://docs.gitlab.com/omnibus/settings/ssl/index.html#install-custom-public-certificates) (and repeated below). +[GitLab custom certificate configuration](https://docs.gitlab.com/omnibus/settings/ssl/#install-custom-public-certificates) (and repeated below). Note the following: @@ -1962,7 +1962,7 @@ On each node perform the following: When you specify `https` in the `external_url`, as in the previous example, GitLab expects that the SSL certificates are in `/etc/gitlab/ssl/`. If the certificates aren't present, NGINX will fail to start. For more information, see -the [HTTPS documentation](https://docs.gitlab.com/omnibus/settings/ssl/index.html). +the [HTTPS documentation](https://docs.gitlab.com/omnibus/settings/ssl/). ### GitLab Rails post-configuration diff --git a/doc/administration/reference_architectures/50k_users.md b/doc/administration/reference_architectures/50k_users.md index 8c3665b8a8f..bf71fae30fc 100644 --- a/doc/administration/reference_architectures/50k_users.md +++ b/doc/administration/reference_architectures/50k_users.md @@ -334,7 +334,7 @@ Configure your load balancer to pass connections on port 443 as `TCP` rather than `HTTP(S)` protocol. This will pass the connection to the application node's NGINX service untouched. NGINX will have the SSL certificate and listen on port 443. -See the [HTTPS documentation](https://docs.gitlab.com/omnibus/settings/ssl/index.html) +See the [HTTPS documentation](https://docs.gitlab.com/omnibus/settings/ssl/) for details on managing SSL certificates and configuring NGINX. #### Load balancer terminates SSL without backend SSL @@ -345,7 +345,7 @@ terminating SSL. Since communication between the load balancer and GitLab will not be secure, there is some additional configuration needed. See the -[proxied SSL documentation](https://docs.gitlab.com/omnibus/settings/ssl/index.html#configure-a-reverse-proxy-or-load-balancer-ssl-termination) +[proxied SSL documentation](https://docs.gitlab.com/omnibus/settings/ssl/#configure-a-reverse-proxy-or-load-balancer-ssl-termination) for details. #### Load balancer terminates SSL with backend SSL @@ -358,7 +358,7 @@ Traffic will also be secure between the load balancers and NGINX in this scenario. There is no need to add configuration for proxied SSL since the connection will be secure all the way. However, configuration will need to be added to GitLab to configure SSL certificates. See -the [HTTPS documentation](https://docs.gitlab.com/omnibus/settings/ssl/index.html) +the [HTTPS documentation](https://docs.gitlab.com/omnibus/settings/ssl/) for details on managing SSL certificates and configuring NGINX.
@@ -1694,7 +1694,7 @@ for secure connections, you must: Additionally the certificate, or its certificate authority, must be installed on all Gitaly servers and on all Praefect clients that communicate with it following the procedure described in -[GitLab custom certificate configuration](https://docs.gitlab.com/omnibus/settings/ssl/index.html#install-custom-public-certificates) (and repeated below). +[GitLab custom certificate configuration](https://docs.gitlab.com/omnibus/settings/ssl/#install-custom-public-certificates) (and repeated below). Note the following: @@ -2117,7 +2117,7 @@ On each node perform the following: When you specify `https` in the `external_url`, as in the previous example, GitLab expects that the SSL certificates are in `/etc/gitlab/ssl/`. If the certificates aren't present, NGINX will fail to start. For more information, see -the [HTTPS documentation](https://docs.gitlab.com/omnibus/settings/ssl/index.html). +the [HTTPS documentation](https://docs.gitlab.com/omnibus/settings/ssl/). ### GitLab Rails post-configuration diff --git a/doc/administration/reference_architectures/5k_users.md b/doc/administration/reference_architectures/5k_users.md index 1ab4e4151fa..99d6f7cab4a 100644 --- a/doc/administration/reference_architectures/5k_users.md +++ b/doc/administration/reference_architectures/5k_users.md @@ -316,7 +316,7 @@ Configure your load balancer to pass connections on port 443 as `TCP` rather than `HTTP(S)` protocol. This will pass the connection to the application node's NGINX service untouched. NGINX will have the SSL certificate and listen on port 443. -See the [HTTPS documentation](https://docs.gitlab.com/omnibus/settings/ssl/index.html) +See the [HTTPS documentation](https://docs.gitlab.com/omnibus/settings/ssl/) for details on managing SSL certificates and configuring NGINX. #### Load balancer terminates SSL without backend SSL @@ -327,7 +327,7 @@ terminating SSL. Since communication between the load balancer and GitLab will not be secure, there is some additional configuration needed. See the -[proxied SSL documentation](https://docs.gitlab.com/omnibus/settings/ssl/index.html#configure-a-reverse-proxy-or-load-balancer-ssl-termination) +[proxied SSL documentation](https://docs.gitlab.com/omnibus/settings/ssl/#configure-a-reverse-proxy-or-load-balancer-ssl-termination) for details. #### Load balancer terminates SSL with backend SSL @@ -340,7 +340,7 @@ Traffic will also be secure between the load balancers and NGINX in this scenario. There is no need to add configuration for proxied SSL since the connection will be secure all the way. However, configuration will need to be added to GitLab to configure SSL certificates. See -the [HTTPS documentation](https://docs.gitlab.com/omnibus/settings/ssl/index.html) +the [HTTPS documentation](https://docs.gitlab.com/omnibus/settings/ssl/) for details on managing SSL certificates and configuring NGINX.
@@ -1518,7 +1518,7 @@ for secure connections, you must: Additionally the certificate, or its certificate authority, must be installed on all Gitaly servers and on all Praefect clients that communicate with it following the procedure described in -[GitLab custom certificate configuration](https://docs.gitlab.com/omnibus/settings/ssl/index.html#install-custom-public-certificates) (and repeated below). +[GitLab custom certificate configuration](https://docs.gitlab.com/omnibus/settings/ssl/#install-custom-public-certificates) (and repeated below). Note the following: @@ -1962,7 +1962,7 @@ On each node perform the following: When you specify `https` in the `external_url`, as in the previous example, GitLab expects that the SSL certificates are in `/etc/gitlab/ssl/`. If the certificates aren't present, NGINX fails to start. For more information, see -the [HTTPS documentation](https://docs.gitlab.com/omnibus/settings/ssl/index.html). +the [HTTPS documentation](https://docs.gitlab.com/omnibus/settings/ssl/). ### GitLab Rails post-configuration diff --git a/doc/administration/settings/external_authorization.md b/doc/administration/settings/external_authorization.md index 99a3d0f5be3..252be07a76b 100644 --- a/doc/administration/settings/external_authorization.md +++ b/doc/administration/settings/external_authorization.md @@ -40,7 +40,7 @@ the [Linux package documentation](https://docs.gitlab.com/omnibus/settings/logs. When using TLS Authentication with a self signed certificate, the CA certificate needs to be trusted by the OpenSSL installation. When using GitLab installed using the Linux package, learn to install a custom CA in the -[Linux package documentation](https://docs.gitlab.com/omnibus/settings/ssl/index.html). +[Linux package documentation](https://docs.gitlab.com/omnibus/settings/ssl/). Alternatively, learn where to install custom certificates by using `openssl version -d`. diff --git a/doc/administration/troubleshooting/gitlab_rails_cheat_sheet.md b/doc/administration/troubleshooting/gitlab_rails_cheat_sheet.md index b8177abb06d..1eb81d671e5 100644 --- a/doc/administration/troubleshooting/gitlab_rails_cheat_sheet.md +++ b/doc/administration/troubleshooting/gitlab_rails_cheat_sheet.md @@ -73,25 +73,25 @@ This content has been moved to [Troubleshooting Sidekiq](../sidekiq/sidekiq_trou ### Reverify all uploads (or any SSF data type which is verified) -Moved to [Geo replication troubleshooting](../geo/replication/troubleshooting/synchronization_verification.md#reverify-all-uploads-or-any-ssf-data-type-which-is-verified). +Moved to [Geo replication troubleshooting](../geo/replication/troubleshooting/synchronization_verification.md#resync-and-reverify-multiple-components). ### Artifacts -Moved to [Geo replication troubleshooting](../geo/replication/troubleshooting/synchronization_verification.md#resync-and-reverify-individual-components). +Moved to [Geo replication troubleshooting](../geo/replication/troubleshooting/synchronization_verification.md#manually-retry-replication-or-verification). ### Repository verification failures -Moved to [Geo replication troubleshooting](../geo/replication/troubleshooting/synchronization_verification.md#find-repository-verification-failures). +Moved to [Geo replication troubleshooting](../geo/replication/troubleshooting/synchronization_verification.md#manually-retry-replication-or-verification). ### Resync repositories -Moved to [Geo replication troubleshooting - Resync repository types](../geo/replication/troubleshooting/synchronization_verification.md#resync-and-reverify-individual-components). +Moved to [Geo replication troubleshooting - Resync repository types](../geo/replication/troubleshooting/synchronization_verification.md#manually-retry-replication-or-verification). -Moved to [Geo replication troubleshooting - Resync project and project wiki repositories](../geo/replication/troubleshooting/synchronization_verification.md#resync-project-and-project-wiki-repositories). +Moved to [Geo replication troubleshooting - Resync project and project wiki repositories](../geo/replication/troubleshooting/synchronization_verification.md#manually-retry-replication-or-verification). ### Blob types -Moved to [Geo replication troubleshooting](../geo/replication/troubleshooting/synchronization_verification.md#resync-and-reverify-individual-components). +Moved to [Geo replication troubleshooting](../geo/replication/troubleshooting/synchronization_verification.md#manually-retry-replication-or-verification). ## Generate Service Ping diff --git a/doc/api/graphql/reference/_index.md b/doc/api/graphql/reference/_index.md index 6b26dd0e84e..05dfcf626c1 100644 --- a/doc/api/graphql/reference/_index.md +++ b/doc/api/graphql/reference/_index.md @@ -63,7 +63,7 @@ DETAILS: **Introduced** in GitLab 16.3. **Status**: Experiment. -Returns [`LabelConnection`](#labelconnection). +Returns [`AbuseReportLabelConnection`](#abusereportlabelconnection). This field returns a [connection](#connections). It accepts the four standard [pagination arguments](#pagination-arguments): @@ -12348,6 +12348,30 @@ The edge type for [`AbuseReportDiscussion`](#abusereportdiscussion). | `cursor` | [`String!`](#string) | A cursor for use in pagination. | | `node` | [`AbuseReportDiscussion`](#abusereportdiscussion) | The item at the end of the edge. | +#### `AbuseReportLabelConnection` + +The connection type for [`AbuseReportLabel`](#abusereportlabel). + +##### Fields + +| Name | Type | Description | +| ---- | ---- | ----------- | +| `count` | [`Int!`](#int) | Total count of collection. | +| `edges` | [`[AbuseReportLabelEdge]`](#abusereportlabeledge) | A list of edges. | +| `nodes` | [`[AbuseReportLabel]`](#abusereportlabel) | A list of nodes. | +| `pageInfo` | [`PageInfo!`](#pageinfo) | Information to aid in pagination. | + +#### `AbuseReportLabelEdge` + +The edge type for [`AbuseReportLabel`](#abusereportlabel). + +##### Fields + +| Name | Type | Description | +| ---- | ---- | ----------- | +| `cursor` | [`String!`](#string) | A cursor for use in pagination. | +| `node` | [`AbuseReportLabel`](#abusereportlabel) | The item at the end of the edge. | + #### `AbuseReportNoteConnection` The connection type for [`AbuseReportNote`](#abusereportnote). @@ -19016,7 +19040,7 @@ An abuse report. | ---- | ---- | ----------- | | `discussions` | [`AbuseReportDiscussionConnection!`](#abusereportdiscussionconnection) | All discussions on the noteable. (see [Connections](#connections)) | | `id` | [`AbuseReportID!`](#abusereportid) | Global ID of the abuse report. | -| `labels` | [`LabelConnection`](#labelconnection) | Labels of the abuse report. (see [Connections](#connections)) | +| `labels` | [`AbuseReportLabelConnection`](#abusereportlabelconnection) | Labels of the abuse report. (see [Connections](#connections)) | | `notes` | [`AbuseReportNoteConnection!`](#abusereportnoteconnection) | All notes on the noteable. (see [Connections](#connections)) | ### `AbuseReportDiscussion` @@ -19045,7 +19069,7 @@ An abuse report. | `createdAt` | [`Time!`](#time) | When the label was created. | | `description` | [`String`](#string) | Description of the label (Markdown rendered as HTML for caching). | | `descriptionHtml` | [`String`](#string) | GitLab Flavored Markdown rendering of `description`. | -| `id` | [`ID!`](#id) | Label ID. | +| `id` | [`AntiAbuseReportsLabelID!`](#antiabusereportslabelid) | Global ID of the abuse report label. | | `textColor` | [`String!`](#string) | Text color of the label. | | `title` | [`String!`](#string) | Content of the label. | | `updatedAt` | [`Time!`](#time) | When the label was last updated. | @@ -23742,6 +23766,7 @@ A software dependency used by a project. | `packager` | [`PackageManager`](#packagemanager) | Description of the tool used to manage the dependency. | | `reachability` | [`ReachabilityType`](#reachabilitytype) | Information about reachability of a dependency. | | `version` | [`String`](#string) | Version of the dependency. | +| `vulnerabilityCount` | [`Int!`](#int) | Number of vulnerabilities within the dependency. | ### `DependencyProxyBlob` @@ -28619,7 +28644,7 @@ Label to apply to associated Kubernetes objects of a workspace. | `createdAt` | [`Time!`](#time) | When the label was created. | | `description` | [`String`](#string) | Description of the label (Markdown rendered as HTML for caching). | | `descriptionHtml` | [`String`](#string) | GitLab Flavored Markdown rendering of `description`. | -| `id` | [`ID!`](#id) | Label ID. | +| `id` | [`LabelID!`](#labelid) | Global ID of the label. | | `lockOnMerge` | [`Boolean!`](#boolean) | Indicates this label is locked for merge requests that have been merged. | | `textColor` | [`String!`](#string) | Text color of the label. | | `title` | [`String!`](#string) | Content of the label. | @@ -28661,7 +28686,8 @@ Represents the Geo sync and verification state of an LFS object. | Name | Type | Description | | ---- | ---- | ----------- | | `name` | [`String!`](#string) | Name of the license. | -| `url` | [`String!`](#string) | License URL in relation to SPDX. | +| `spdxIdentifier` | [`String`](#string) | Name of the SPDX identifier. | +| `url` | [`String`](#string) | License URL in relation to SPDX. | ### `LicenseHistoryEntry` @@ -28705,6 +28731,7 @@ Represents an entry from the Cloud License history. | ---- | ---- | ----------- | | `blobPath` | [`String`](#string) | HTTP URI path to view the input file in GitLab. | | `path` | [`String`](#string) | Path, relative to the root of the repository, of the filewhich was analyzed to detect the dependency. | +| `topLevel` | [`Boolean`](#boolean) | Is top level dependency. | ### `MLCandidateLinks` @@ -43493,6 +43520,12 @@ A `AnalyticsDevopsAdoptionEnabledNamespaceID` is a global ID. It is encoded as a An example `AnalyticsDevopsAdoptionEnabledNamespaceID` is: `"gid://gitlab/Analytics::DevopsAdoption::EnabledNamespace/1"`. +### `AntiAbuseReportsLabelID` + +A `AntiAbuseReportsLabelID` is a global ID. It is encoded as a string. + +An example `AntiAbuseReportsLabelID` is: `"gid://gitlab/AntiAbuse::Reports::Label/1"`. + ### `AntiAbuseReportsNoteID` A `AntiAbuseReportsNoteID` is a global ID. It is encoded as a string. @@ -45042,7 +45075,6 @@ Implementations: | `color` | [`String!`](#string) | Background color of the label. | | `createdAt` | [`Time!`](#time) | When the label was created. | | `description` | [`String`](#string) | Description of the label (Markdown rendered as HTML for caching). | -| `id` | [`ID!`](#id) | Label ID. | | `textColor` | [`String!`](#string) | Text color of the label. | | `title` | [`String!`](#string) | Content of the label. | | `updatedAt` | [`Time!`](#time) | When the label was last updated. | diff --git a/doc/api/openapi/openapi.yaml b/doc/api/openapi/openapi.yaml index 900ec55a4a3..3baace5e5b9 100644 --- a/doc/api/openapi/openapi.yaml +++ b/doc/api/openapi/openapi.yaml @@ -10,7 +10,7 @@ info: When viewing this on gitlab.com, you can test API calls directly from the browser against the `gitlab.com` instance, if you are logged in. - The feature uses the current [GitLab session cookie](https://docs.gitlab.com/ee/api/index.html#session-cookie), + The feature uses the current [GitLab session cookie](https://docs.gitlab.com/ee/api/#session-cookie), so each request is made using your account. Instructions for using this tool can be found in [Interactive API Documentation](https://docs.gitlab.com/ee/api/openapi/openapi_interactive.html) diff --git a/doc/api/openapi/openapi_interactive.md b/doc/api/openapi/openapi_interactive.md index 71d87f91da3..e1c1ca59ec8 100644 --- a/doc/api/openapi/openapi_interactive.md +++ b/doc/api/openapi/openapi_interactive.md @@ -19,7 +19,7 @@ For general information about the GitLab APIs, see [API Docs](../_index.md). The [interactive API documentation tool](https://gitlab.com/gitlab-org/gitlab/-/blob/master/doc/api/openapi/openapi.yaml) allows API testing directly on the GitLab.com website. Only a few of the available endpoints are diff --git a/doc/api/templates/gitlab_ci_ymls.md b/doc/api/templates/gitlab_ci_ymls.md index 83ab49edc29..3e5d359c769 100644 --- a/doc/api/templates/gitlab_ci_ymls.md +++ b/doc/api/templates/gitlab_ci_ymls.md @@ -139,7 +139,7 @@ Example response: ```json { "name": "Ruby", - "content": "# This file is a template, and might need editing before it works on your project.\n# To contribute improvements to CI/CD templates, please follow the Development guide at:\n# https://docs.gitlab.com/ee/development/cicd/templates.html\n# This specific template is located at:\n# https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Ruby.gitlab-ci.yml\n\n# Official language image. Look for the different tagged releases at:\n# https://hub.docker.com/r/library/ruby/tags/\nimage: ruby:latest\n\n# Pick zero or more services to be used on all builds.\n# Only needed when using a docker container to run your tests in.\n# Check out: https://docs.gitlab.com/ee/ci/services/index.html\nservices:\n - mysql:latest\n - redis:latest\n - postgres:latest\n\nvariables:\n POSTGRES_DB: database_name\n\n# Cache gems in between builds\ncache:\n paths:\n - vendor/ruby\n\n# This is a basic example for a gem or script which doesn't use\n# services such as redis or postgres\nbefore_script:\n - ruby -v # Print out ruby version for debugging\n # Uncomment next line if your rails app needs a JS runtime:\n # - apt-get update -q \u0026\u0026 apt-get install nodejs -yqq\n - bundle config set --local deployment true # Install dependencies into ./vendor/ruby\n - bundle install -j $(nproc)\n\n# Optional - Delete if not using `rubocop`\nrubocop:\n script:\n - rubocop\n\nrspec:\n script:\n - rspec spec\n\nrails:\n variables:\n DATABASE_URL: \"postgresql://postgres:postgres@postgres:5432/$POSTGRES_DB\"\n script:\n - rails db:migrate\n - rails db:seed\n - rails test\n\n# This deploy job uses a simple deploy flow to Heroku, other providers, for example, AWS Elastic Beanstalk\n# are supported too: https://github.com/travis-ci/dpl\ndeploy:\n stage: deploy\n environment: production\n script:\n - gem install dpl\n - dpl --provider=heroku --app=$HEROKU_APP_NAME --api-key=$HEROKU_PRODUCTION_KEY\n" + "content": "# This file is a template, and might need editing before it works on your project.\n# To contribute improvements to CI/CD templates, please follow the Development guide at:\n# https://docs.gitlab.com/ee/development/cicd/templates.html\n# This specific template is located at:\n# https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Ruby.gitlab-ci.yml\n\n# Official language image. Look for the different tagged releases at:\n# https://hub.docker.com/r/library/ruby/tags/\nimage: ruby:latest\n\n# Pick zero or more services to be used on all builds.\n# Only needed when using a docker container to run your tests in.\n# Check out: https://docs.gitlab.com/ee/ci/services/\nservices:\n - mysql:latest\n - redis:latest\n - postgres:latest\n\nvariables:\n POSTGRES_DB: database_name\n\n# Cache gems in between builds\ncache:\n paths:\n - vendor/ruby\n\n# This is a basic example for a gem or script which doesn't use\n# services such as redis or postgres\nbefore_script:\n - ruby -v # Print out ruby version for debugging\n # Uncomment next line if your rails app needs a JS runtime:\n # - apt-get update -q \u0026\u0026 apt-get install nodejs -yqq\n - bundle config set --local deployment true # Install dependencies into ./vendor/ruby\n - bundle install -j $(nproc)\n\n# Optional - Delete if not using `rubocop`\nrubocop:\n script:\n - rubocop\n\nrspec:\n script:\n - rspec spec\n\nrails:\n variables:\n DATABASE_URL: \"postgresql://postgres:postgres@postgres:5432/$POSTGRES_DB\"\n script:\n - rails db:migrate\n - rails db:seed\n - rails test\n\n# This deploy job uses a simple deploy flow to Heroku, other providers, for example, AWS Elastic Beanstalk\n# are supported too: https://github.com/travis-ci/dpl\ndeploy:\n stage: deploy\n environment: production\n script:\n - gem install dpl\n - dpl --provider=heroku --app=$HEROKU_APP_NAME --api-key=$HEROKU_PRODUCTION_KEY\n" } ``` diff --git a/doc/ci/docker/authenticate_registry.md b/doc/ci/docker/authenticate_registry.md index c26d2a6b6a4..583357b8872 100644 --- a/doc/ci/docker/authenticate_registry.md +++ b/doc/ci/docker/authenticate_registry.md @@ -90,7 +90,7 @@ of this file. You can do this with a command like: kubectl create configmap docker-client-config --namespace gitlab-runner --from-file /opt/.docker/config.json ``` -Update the [volume mounts](https://docs.gitlab.com/runner/executors/kubernetes/index.html#custom-volume-mount) +Update the [volume mounts](https://docs.gitlab.com/runner/executors/kubernetes/#custom-volume-mount) to include the file. ```toml diff --git a/doc/ci/docker/using_docker_build.md b/doc/ci/docker/using_docker_build.md index 0a569193ada..bca891dbd9e 100644 --- a/doc/ci/docker/using_docker_build.md +++ b/doc/ci/docker/using_docker_build.md @@ -83,7 +83,7 @@ For more information, see [security of the `docker` group](https://blog.zopyx.co "Docker-in-Docker" (`dind`) means: - Your registered runner uses the [Docker executor](https://docs.gitlab.com/runner/executors/docker.html) or - the [Kubernetes executor](https://docs.gitlab.com/runner/executors/kubernetes/index.html). + the [Kubernetes executor](https://docs.gitlab.com/runner/executors/kubernetes/). - The executor uses a [container image of Docker](https://hub.docker.com/_/docker/), provided by Docker, to run your CI/CD jobs. @@ -296,7 +296,7 @@ For more information, see [Proxy settings when using dind service](https://docs. #### Use the Kubernetes executor with Docker-in-Docker -You can use the [Kubernetes executor](https://docs.gitlab.com/runner/executors/kubernetes/index.html) to run jobs in a Docker container. +You can use the [Kubernetes executor](https://docs.gitlab.com/runner/executors/kubernetes/) to run jobs in a Docker container. ##### Docker-in-Docker with TLS enabled in Kubernetes @@ -519,7 +519,7 @@ services: If you are a GitLab Runner administrator, you can specify the `command` to configure the registry mirror for the Docker daemon. The `dind` service must be defined for the [Docker](https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runnersdockerservices-section) -or [Kubernetes executor](https://docs.gitlab.com/runner/executors/kubernetes/index.html#define-a-list-of-services). +or [Kubernetes executor](https://docs.gitlab.com/runner/executors/kubernetes/#define-a-list-of-services). Docker: @@ -587,7 +587,7 @@ detected by the `dind` service. If you are a GitLab Runner administrator, you can use the mirror for every `dind` service. Update the [configuration](https://docs.gitlab.com/runner/configuration/advanced-configuration.html) -to specify a [ConfigMap volume mount](https://docs.gitlab.com/runner/executors/kubernetes/index.html#configmap-volume). +to specify a [ConfigMap volume mount](https://docs.gitlab.com/runner/executors/kubernetes/#configmap-volume). For example, if you have a `/tmp/daemon.json` file with the following content: @@ -743,7 +743,7 @@ use one of these alternatives: To use Buildah with GitLab CI/CD, you need [a runner](https://docs.gitlab.com/runner/) with one of the following executors: -- [Kubernetes](https://docs.gitlab.com/runner/executors/kubernetes/index.html). +- [Kubernetes](https://docs.gitlab.com/runner/executors/kubernetes/). - [Docker](https://docs.gitlab.com/runner/executors/docker.html). - [Docker Machine](https://docs.gitlab.com/runner/executors/docker_machine.html). @@ -807,7 +807,7 @@ This error occurs because Docker starts on TLS automatically. - If you are upgrading from v18.09 or earlier, see the [upgrade guide](https://about.gitlab.com/blog/2019/07/31/docker-in-docker-with-docker-19-dot-03/). -This error can also occur with the [Kubernetes executor](https://docs.gitlab.com/runner/executors/kubernetes/index.html#using-dockerdind) when attempts are made to access the Docker-in-Docker service before it has fully started up. For a more detailed explanation, see [issue 27215](https://gitlab.com/gitlab-org/gitlab-runner/-/issues/27215). +This error can also occur with the [Kubernetes executor](https://docs.gitlab.com/runner/executors/kubernetes/#using-dockerdind) when attempts are made to access the Docker-in-Docker service before it has fully started up. For a more detailed explanation, see [issue 27215](https://gitlab.com/gitlab-org/gitlab-runner/-/issues/27215). ### Docker `no such host` error diff --git a/doc/ci/docker/using_docker_images.md b/doc/ci/docker/using_docker_images.md index 518df3a40aa..df9a01a4d4f 100644 --- a/doc/ci/docker/using_docker_images.md +++ b/doc/ci/docker/using_docker_images.md @@ -231,7 +231,7 @@ To define which option should be used, the runner process reads the configuratio ### Requirements and limitations -- Available for [Kubernetes executor](https://docs.gitlab.com/runner/executors/kubernetes/index.html) +- Available for [Kubernetes executor](https://docs.gitlab.com/runner/executors/kubernetes/) in GitLab Runner 13.1 and later. - [Credentials Store](#use-a-credentials-store) and [Credential Helpers](#use-credential-helpers) require binaries to be added to the GitLab Runner `$PATH`, and require access to do so. Therefore, @@ -560,4 +560,4 @@ and manual credential management. - Dockerfile ``` -1. [Register the runner](https://docs.gitlab.com/runner/register/index.html#docker). +1. [Register the runner](https://docs.gitlab.com/runner/register/#docker). diff --git a/doc/ci/docker/using_kaniko.md b/doc/ci/docker/using_kaniko.md index 3314b655561..d2ce25f1817 100644 --- a/doc/ci/docker/using_kaniko.md +++ b/doc/ci/docker/using_kaniko.md @@ -25,7 +25,7 @@ method: To use kaniko with GitLab, [a runner](https://docs.gitlab.com/runner/) with one of the following executors is required: -- [Kubernetes](https://docs.gitlab.com/runner/executors/kubernetes/index.html). +- [Kubernetes](https://docs.gitlab.com/runner/executors/kubernetes/). - [Docker](https://docs.gitlab.com/runner/executors/docker.html). - [Docker Machine](https://docs.gitlab.com/runner/executors/docker_machine.html). @@ -146,7 +146,7 @@ video is a walkthrough of the [Kaniko Docker Build](https://gitlab.com/guided-ex Guided Exploration project pipeline. It was tested on: - [GitLab.com instance runners](../runners/_index.md) -- [The Kubernetes runner executor](https://docs.gitlab.com/runner/executors/kubernetes/index.html) +- [The Kubernetes runner executor](https://docs.gitlab.com/runner/executors/kubernetes/) The example can be copied to your own group or instance for testing. More details on what other GitLab CI patterns are demonstrated are available at the project page. diff --git a/doc/ci/migration/bamboo.md b/doc/ci/migration/bamboo.md index c7f8ca9fa6f..841a884e087 100644 --- a/doc/ci/migration/bamboo.md +++ b/doc/ci/migration/bamboo.md @@ -46,7 +46,7 @@ GitLab uses a similar concept to agents called [runners](https://docs.gitlab.com which use [executors](https://docs.gitlab.com/runner/executors/) to run builds. Examples of executors are shell, Docker, or Kubernetes. You can choose to use [GitLab.com runners](../runners/_index.md) -or deploy your own [self-managed runners](https://docs.gitlab.com/runner/install/index.html). +or deploy your own [self-managed runners](https://docs.gitlab.com/runner/install/). ### Workflow diff --git a/doc/ci/runners/configure_runners.md b/doc/ci/runners/configure_runners.md index 8ae47f76d29..ee50c83a77b 100644 --- a/doc/ci/runners/configure_runners.md +++ b/doc/ci/runners/configure_runners.md @@ -472,7 +472,7 @@ You can also use variables to configure how many times a runner [attempts certain stages of job execution](#job-stages-attempts). When using the Kubernetes executor, you can use variables to -[override Kubernetes CPU and memory allocations for requests and limits](https://docs.gitlab.com/runner/executors/kubernetes/index.html#overwrite-container-resources). +[override Kubernetes CPU and memory allocations for requests and limits](https://docs.gitlab.com/runner/executors/kubernetes/#overwrite-container-resources). ### Git strategy diff --git a/doc/ci/runners/runners_scope.md b/doc/ci/runners/runners_scope.md index c75c465fc43..0cbc00eb939 100644 --- a/doc/ci/runners/runners_scope.md +++ b/doc/ci/runners/runners_scope.md @@ -26,7 +26,7 @@ multiple projects. If you are using GitLab Self-Managed, administrators can: -- [Install GitLab Runner](https://docs.gitlab.com/runner/install/index.html) and register an instance runner. +- [Install GitLab Runner](https://docs.gitlab.com/runner/install/) and register an instance runner. - Configure a maximum number of instance runner [compute minutes for each group](../../administration/cicd/compute_minutes.md#set-the-compute-quota-for-a-group). If you are using GitLab.com: @@ -137,8 +137,8 @@ On GitLab Self-Managed, an administrator can [enable them for all new projects](../../administration/settings/continuous_integration.md#enable-instance-runners-for-new-projects). For existing projects, an administrator must -[install](https://docs.gitlab.com/runner/install/index.html) and -[register](https://docs.gitlab.com/runner/register/index.html) them. +[install](https://docs.gitlab.com/runner/install/) and +[register](https://docs.gitlab.com/runner/register/) them. To enable instance runners for a project: @@ -644,7 +644,7 @@ DETAILS: > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/365078) in GitLab 15.3. The version of GitLab Runner used by your runners should be -[kept up-to-date](https://docs.gitlab.com/runner/index.html#gitlab-runner-versions). +[kept up-to-date](https://docs.gitlab.com/runner/#gitlab-runner-versions). To determine which runners need to be upgraded: diff --git a/doc/ci/testing/code_quality_codeclimate_scanning.md b/doc/ci/testing/code_quality_codeclimate_scanning.md index 587acfbc876..f56b123507f 100644 --- a/doc/ci/testing/code_quality_codeclimate_scanning.md +++ b/doc/ci/testing/code_quality_codeclimate_scanning.md @@ -471,11 +471,11 @@ The same configuration is required if your goal is to [use rootless Podman to ru ### Configure Kubernetes or OpenShift runners -You must set up Docker in a Docker container (Docker-in-Docker) to use Code Quality. The Kubernetes executor [supports Docker-in-Docker](https://docs.gitlab.com/runner/executors/kubernetes/index.html#using-dockerdind). +You must set up Docker in a Docker container (Docker-in-Docker) to use Code Quality. The Kubernetes executor [supports Docker-in-Docker](https://docs.gitlab.com/runner/executors/kubernetes/#using-dockerdind). To ensure Code Quality jobs can run on a Kubernetes executor: -- If you're using TLS to communicate with the Docker daemon, the executor [must be running in privileged mode](https://docs.gitlab.com/runner/executors/kubernetes/index.html#other-configtoml-settings). Additionally, the certificate directory must be [specified as a volume mount](../docker/using_docker_build.md#docker-in-docker-with-tls-enabled-in-kubernetes). +- If you're using TLS to communicate with the Docker daemon, the executor [must be running in privileged mode](https://docs.gitlab.com/runner/executors/kubernetes/#other-configtoml-settings). Additionally, the certificate directory must be [specified as a volume mount](../docker/using_docker_build.md#docker-in-docker-with-tls-enabled-in-kubernetes). - It is possible that the DinD service doesn't start up fully before the Code Quality job starts. This is a limitation documented in [Troubleshooting the Kubernetes executor](https://docs.gitlab.com/runner/executors/kubernetes/troubleshooting.html#docker-cannot-connect-to-the-docker-daemon-at-tcpdocker2375-is-the-docker-daemon-running). To resolve the issue, use `before_script` to wait for the Docker daemon to fully boot up. For an example, see the configuration in the `.gitlab-ci.yml` file below. @@ -524,7 +524,7 @@ To ensure that you use the `overlay2` [storage driver](https://docs.docker.com/s - Specify the `DOCKER_HOST` that the Docker CLI communicates with. - Set the `DOCKER_DRIVER` variable to empty. -Use the `before_script` section to wait for the Docker daemon to fully boot up. Since GitLab Runner v16.9, this can also be done [by just setting the `HEALTHCHECK_TCP_PORT` variable](https://docs.gitlab.com/runner/executors/kubernetes/index.html#define-a-list-of-services). +Use the `before_script` section to wait for the Docker daemon to fully boot up. Since GitLab Runner v16.9, this can also be done [by just setting the `HEALTHCHECK_TCP_PORT` variable](https://docs.gitlab.com/runner/executors/kubernetes/#define-a-list-of-services). ```yaml include: @@ -595,7 +595,7 @@ name = "docker:20.10.12-dind" oc adm policy add-scc-to-user -z dind-sa privileged ``` -1. Set the permissions in the [`[runners.kubernetes]` section](https://docs.gitlab.com/runner/executors/kubernetes/index.html#other-configtoml-settings). +1. Set the permissions in the [`[runners.kubernetes]` section](https://docs.gitlab.com/runner/executors/kubernetes/#other-configtoml-settings). 1. Set the job definition stays the same as in Kubernetes case: ```yaml diff --git a/doc/ci/testing/code_quality_troubleshooting.md b/doc/ci/testing/code_quality_troubleshooting.md index 573e39822b4..a392eb19fed 100644 --- a/doc/ci/testing/code_quality_troubleshooting.md +++ b/doc/ci/testing/code_quality_troubleshooting.md @@ -151,7 +151,7 @@ Example: ### Kubernetes If you have access to GitLab Runner configuration and the Kubernetes cluster, -you can [mount a ConfigMap](https://docs.gitlab.com/runner/executors/kubernetes/index.html#configmap-volume). +you can [mount a ConfigMap](https://docs.gitlab.com/runner/executors/kubernetes/#configmap-volume). Replace `gitlab.example.com` with the actual domain of the registry. diff --git a/doc/ci/variables/_index.md b/doc/ci/variables/_index.md index b7b9a79b79e..c650153f0a0 100644 --- a/doc/ci/variables/_index.md +++ b/doc/ci/variables/_index.md @@ -18,7 +18,7 @@ CI/CD variables are a type of environment variable. You can use them to: You can [override variable values](#cicd-variable-precedence) for a specific pipeline when you [run a pipeline manually](../pipelines/_index.md#run-a-pipeline-manually), [run a manual job](../jobs/job_control.md#specify-variables-when-running-manual-jobs), or have them [prefilled in manual pipelines](../pipelines/_index.md#prefill-variables-in-manual-pipelines). -Variable names are limited by the [shell the runner uses](https://docs.gitlab.com/runner/shells/index.html) +Variable names are limited by the [shell the runner uses](https://docs.gitlab.com/runner/shells/) to execute scripts. Each shell has its own set of reserved variable names. To ensure consistent behavior, you should always put variable values in single or double quotes. diff --git a/doc/development/ai_features/duo_chat.md b/doc/development/ai_features/duo_chat.md index 55e8555b1bb..540cc80335c 100644 --- a/doc/development/ai_features/duo_chat.md +++ b/doc/development/ai_features/duo_chat.md @@ -505,7 +505,7 @@ Please, see the video ([internal link](https://drive.google.com/file/d/1X6CARf0g ### (Deprecated) Issue and epic experiments NOTE: -This section is deprecated in favor of the [development seed file](model_migration.md#seed-project-and-group-resources-for-testing-and-evaluation). +This section is deprecated in favor of the [development seed file](testing_and_validation.md#seed-project-and-group-resources-for-testing-and-evaluation). If you would like to use the evaluation framework (as described [here](https://gitlab.com/gitlab-org/modelops/ai-model-validation-and-research/ai-evaluation/prompt-library/-/blob/main/doc/how-to/run_duo_chat_eval.md?ref_type=heads#evaluation-on-issueepic)) you can import the required groups and projects using this Rake task: @@ -523,7 +523,7 @@ desired. #### (Deprecated) Epic and issue fixtures NOTE: -This section is deprecated in favor of the [development seed file](model_migration.md#seed-project-and-group-resources-for-testing-and-evaluation). +This section is deprecated in favor of the [development seed file](testing_and_validation.md#seed-project-and-group-resources-for-testing-and-evaluation). The fixtures are the replicas of the _public_ issues and epics from projects and groups _owned by_ GitLab. The internal notes were excluded when they were sampled. The fixtures have been committed into the canonical `gitlab` repository. diff --git a/doc/development/ai_features/model_migration.md b/doc/development/ai_features/model_migration.md index d9494982356..786c9cefca2 100644 --- a/doc/development/ai_features/model_migration.md +++ b/doc/development/ai_features/model_migration.md @@ -136,7 +136,7 @@ The model selection logic should be implemented in: - If issues arise, quickly disable the feature flag to rollback to the previous model - Once stability is confirmed, remove the feature flag and make the migration permanent -For more details on monitoring during migrations, see the [Monitoring and Metrics](#monitoring-and-metrics) section below. +For more details on monitoring during migrations, see the [Monitoring and Metrics](testing_and_validation.md#monitoring-and-metrics) section below. ## Scope of Work @@ -156,60 +156,3 @@ For more details on monitoring during migrations, see the [Monitoring and Metric - **Experimental Tools:** - Summarize Comments Chat - Fill MR Description - -## Testing and Validation - -### Model Evaluation - -The `ai-model-validation` team created the following library to evaluate the performance of prompt changes as well as model changes. The [Prompt Library README.MD](https://gitlab.com/gitlab-org/modelops/ai-model-validation-and-research/ai-evaluation/prompt-library/-/blob/main/doc/how-to/run_duo_chat_eval.md) provides details on how to evaluate the performance of AI features. - -> Another use-case for running chat evaluation is during feature development cycle. The purpose is to verify how the changes to the code base and prompts affect the quality of chat responses before the code reaches the production environment. - -For evaluation in merge request pipelines, we use: - -- One click [Duo Chat evaluation](https://gitlab.com/gitlab-org/modelops/ai-model-validation-and-research/ai-evaluation/evaluation-runner) -- Automated evaluation in [merge request pipelines](https://gitlab.com/gitlab-org/gitlab/-/issues/495410) - -### Seed project and group resources for testing and evaluation - -To seed project and group resources for testing and evaluation, run the following command: - -```shell -SEED_GITLAB_DUO=1 FILTER=gitlab_duo bundle exec rake db:seed_fu -``` - -This command executes the [development seed file](../development_seed_files.md) for GitLab Duo, which creates `gitlab-duo` group in your GDK. - -This command is responsible for seeding group and project resources for testing GitLab Duo features. -It's mainly used by the following scenarios: - -- Developers or UX designers have a local GDK but don't know how to set up the group and project resources to test a feature in UI. -- Evaluators (e.g. CEF) have input dataset that refers to a group or project resource e.g. (`Summarize issue #123` requires a corresponding issue record in PosstgreSQL) - -Currently, the input dataset of evaluators and this development seed file are managed separately. -To ensure that the integration keeps working, this seeder has to create the **same** group/project resources every time. -For example, ID and IID of the inserted PostgreSQL records must be the same every time we run this seeding process. - -These fixtures are depended by the following projects: - -- [Central Evaluation Framework](https://gitlab.com/gitlab-org/modelops/ai-model-validation-and-research/ai-evaluation/prompt-library) -- [Evaluation Runner](https://gitlab.com/gitlab-org/modelops/ai-model-validation-and-research/ai-evaluation/evaluation-runner) - -See [this architecture doc](https://gitlab.com/gitlab-org/modelops/ai-model-validation-and-research/ai-evaluation/evaluation-runner/-/blob/main/docs/architecture.md) for more information. - -### Local Development - -A valuable tool for local development to ensure the changes are correct outside of unit tests is to use [LangSmith](duo_chat.md#tracing-with-langsmith) for tracing. The tool allows you to trace LLM calls within Duo Chat to verify the LLM tool is using the correct model. - -To prevent regressions, we also have CI jobs to make sure our tools are working correctly. For more details, see the [Duo Chat testing section](duo_chat.md#prevent-regressions-in-your-merge-request). - -## Monitoring and Metrics - -Monitor the following during migration: - -- **Performance Metrics:** - - Error ratio and response latency apdex for each AI action on [Sidekiq Service dashboard](https://dashboards.gitlab.net/d/sidekiq-main/sidekiq-overview) - - Spent tokens, usage of each AI feature and other statistics on [periscope dashboard](https://app.periscopedata.com/app/gitlab/1137231/Ai-Features) - - [AI gateway logs](https://log.gprd.gitlab.net/app/r/s/zKEel) - - [AI gateway metrics](https://dashboards.gitlab.net/d/ai-gateway-main/ai-gateway3a-overview?orgId=1) - - [Feature usage dashboard via proxy](https://log.gprd.gitlab.net/app/r/s/egybF) diff --git a/doc/development/ai_features/testing_and_validation.md b/doc/development/ai_features/testing_and_validation.md new file mode 100644 index 00000000000..f9e8d05cb5f --- /dev/null +++ b/doc/development/ai_features/testing_and_validation.md @@ -0,0 +1,63 @@ +--- +stage: AI-powered +group: AI Framework +info: Any user with at least the Maintainer role can merge updates to this content. For details, see https://docs.gitlab.com/ee/development/development_processes.html#development-guidelines-review. +title: Testing and Validation +--- + +## Testing and validation + +### Model Evaluation + +The `ai-model-validation` team created the following library to evaluate the performance of prompt changes as well as model changes. The [Prompt Library README.MD](https://gitlab.com/gitlab-org/modelops/ai-model-validation-and-research/ai-evaluation/prompt-library/-/blob/main/doc/how-to/run_duo_chat_eval.md) provides details on how to evaluate the performance of AI features. + +> Another use-case for running chat evaluation is during feature development cycle. The purpose is to verify how the changes to the code base and prompts affect the quality of chat responses before the code reaches the production environment. + +For evaluation in merge request pipelines, we use: + +- One click [Duo Chat evaluation](https://gitlab.com/gitlab-org/modelops/ai-model-validation-and-research/ai-evaluation/evaluation-runner) +- Automated evaluation in [merge request pipelines](https://gitlab.com/gitlab-org/gitlab/-/issues/495410) + +### Seed project and group resources for testing and evaluation + +To seed project and group resources for testing and evaluation, run the following command: + +```shell +SEED_GITLAB_DUO=1 FILTER=gitlab_duo bundle exec rake db:seed_fu +``` + +This command executes the [development seed file](../development_seed_files.md) for GitLab Duo, which creates `gitlab-duo` group in your GDK. + +This command is responsible for seeding group and project resources for testing GitLab Duo features. +It's mainly used by the following scenarios: + +- Developers or UX designers have a local GDK but don't know how to set up the group and project resources to test a feature in UI. +- Evaluators (e.g. CEF) have input dataset that refers to a group or project resource e.g. (`Summarize issue #123` requires a corresponding issue record in PosstgreSQL) + +Currently, the input dataset of evaluators and this development seed file are managed separately. +To ensure that the integration keeps working, this seeder has to create the **same** group/project resources every time. +For example, ID and IID of the inserted PostgreSQL records must be the same every time we run this seeding process. + +These fixtures are depended by the following projects: + +- [Central Evaluation Framework](https://gitlab.com/gitlab-org/modelops/ai-model-validation-and-research/ai-evaluation/prompt-library) +- [Evaluation Runner](https://gitlab.com/gitlab-org/modelops/ai-model-validation-and-research/ai-evaluation/evaluation-runner) + +See [this architecture doc](https://gitlab.com/gitlab-org/modelops/ai-model-validation-and-research/ai-evaluation/evaluation-runner/-/blob/main/docs/architecture.md) for more information. + +### Local Development + +A valuable tool for local development to ensure the changes are correct outside of unit tests is to use [LangSmith](duo_chat.md#tracing-with-langsmith) for tracing. The tool allows you to trace LLM calls within Duo Chat to verify the LLM tool is using the correct model. + +To prevent regressions, we also have CI jobs to make sure our tools are working correctly. For more details, see the [Duo Chat testing section](duo_chat.md#prevent-regressions-in-your-merge-request). + +## Monitoring and Metrics + +Monitor the following during migration: + +- **Performance Metrics:** + - Error ratio and response latency apdex for each AI action on [Sidekiq Service dashboard](https://dashboards.gitlab.net/d/sidekiq-main/sidekiq-overview) + - Spent tokens, usage of each AI feature and other statistics on [periscope dashboard](https://app.periscopedata.com/app/gitlab/1137231/Ai-Features) + - [AI gateway logs](https://log.gprd.gitlab.net/app/r/s/zKEel) + - [AI gateway metrics](https://dashboards.gitlab.net/d/ai-gateway-main/ai-gateway3a-overview?orgId=1) + - [Feature usage dashboard via proxy](https://log.gprd.gitlab.net/app/r/s/egybF) diff --git a/doc/development/architecture.md b/doc/development/architecture.md index 6a98ba2ed21..c3a47b23de2 100644 --- a/doc/development/architecture.md +++ b/doc/development/architecture.md @@ -452,7 +452,7 @@ GitLab can be considered to have two layers from a process perspective: - [Omnibus](https://github.com/certbot/certbot/blob/master/README.rst) - [Charts](https://github.com/cert-manager/cert-manager/blob/master/README.md) - Configuration: - - [Omnibus](https://docs.gitlab.com/omnibus/settings/ssl/index.html) + - [Omnibus](https://docs.gitlab.com/omnibus/settings/ssl/) - [Charts](https://docs.gitlab.com/charts/installation/tls.html) - [Source](../install/installation.md#using-https) - [GDK](https://gitlab.com/gitlab-org/gitlab-development-kit/-/blob/main/doc/howto/nginx.md) @@ -530,7 +530,7 @@ Geo is a premium feature built to help speed up the development of distributed t - [Project page](https://gitlab.com/gitlab-org/ruby/gems/gitlab-exporter) - Configuration: - [Omnibus](../administration/monitoring/prometheus/gitlab_exporter.md) - - [Charts](https://docs.gitlab.com/charts/charts/gitlab/gitlab-exporter/index.html) + - [Charts](https://docs.gitlab.com/charts/charts/gitlab/gitlab-exporter/) - Layer: Monitoring - Process: `gitlab-exporter` - GitLab.com: [Monitoring of GitLab.com](https://handbook.gitlab.com/handbook/engineering/monitoring/) @@ -542,7 +542,7 @@ GitLab Exporter is a process designed in house that allows us to export metrics - [Project page](https://gitlab.com/gitlab-org/cluster-integration/gitlab-agent) - Configuration: - [Omnibus](https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-config-template/gitlab.rb.template) - - [Charts](https://docs.gitlab.com/charts/charts/gitlab/kas/index.html) + - [Charts](https://docs.gitlab.com/charts/charts/gitlab/kas/) The [GitLab agent](../user/clusters/agent/_index.md) is an active in-cluster component for solving GitLab and Kubernetes integration tasks in a secure and @@ -831,7 +831,7 @@ For monitoring deployed apps, see the [Sentry integration docs](../operations/er - Configuration: - [Omnibus](https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-config-template/gitlab.rb.template) - [Charts](https://docs.gitlab.com/charts/charts/gitlab/sidekiq/) - - [minikube Minimal](https://docs.gitlab.com/charts/charts/gitlab/sidekiq/index.html) + - [minikube Minimal](https://docs.gitlab.com/charts/charts/gitlab/sidekiq/) - [Source](https://gitlab.com/gitlab-org/gitlab/-/blob/master/config/gitlab.yml.example) - [GDK](https://gitlab.com/gitlab-org/gitlab/-/blob/master/config/gitlab.yml.example) - Layer: Core Service (Processor) diff --git a/doc/development/documentation/site_architecture/global_nav.md b/doc/development/documentation/site_architecture/global_nav.md index 462002b9052..fbae6af292f 100644 --- a/doc/development/documentation/site_architecture/global_nav.md +++ b/doc/development/documentation/site_architecture/global_nav.md @@ -272,7 +272,7 @@ URLs must be relative. In addition: - All links in the data file must end with `.html` (with the exception of `index.html` files), and not `.md`. -- For `index.html` files, use the clean (canonical) URL: `path/to/`. For example, `https://docs.gitlab.com/ee/install/index.html` becomes `ee/install/`. +- For `index.html` files, use the clean (canonical) URL: `path/to/`. For example, `https://docs.gitlab.com/ee/install/` becomes `ee/install/`. - Do not start any relative link with a forward slash `/`. - As convention, always wrap URLs in single quotes `'url'`. - Always use the project prefix depending on which project the link you add @@ -285,7 +285,7 @@ Examples of relative URLs: | Full URL | Global nav URL | | -------------------------------------------------------------- | ------------------------------------- | | `https://docs.gitlab.com/ee/api/avatar.html` | `ee/api/avatar.html` | -| `https://docs.gitlab.com/ee/install/index.html` | `ee/install/` | +| `https://docs.gitlab.com/ee/install/` | `ee/install/` | | `https://docs.gitlab.com/omnibus/settings/database.html` | `omnibus/settings/database.html` | | `https://docs.gitlab.com/charts/installation/deployment.html` | `charts/installation/deployment.html` | | `https://docs.gitlab.com/runner/install/docker.html` | `runner/install/docker.html` | diff --git a/doc/development/fips_gitlab.md b/doc/development/fips_gitlab.md index 9776701fde9..d0577d93fe1 100644 --- a/doc/development/fips_gitlab.md +++ b/doc/development/fips_gitlab.md @@ -274,7 +274,7 @@ all: Now create `charts.yml` in the location specified above and specify tags with a `-fips` suffix. -See our [Charts documentation on FIPS](https://docs.gitlab.com/charts/advanced/fips/index.html) for more details, including +See our [Charts documentation on FIPS](https://docs.gitlab.com/charts/advanced/fips/) for more details, including an [example values file](https://gitlab.com/gitlab-org/charts/gitlab/blob/master/examples/fips/values.yaml) as a reference. You can also use release tags, but the versioning is tricky because each diff --git a/doc/development/internal_analytics/internal_event_instrumentation/quick_start.md b/doc/development/internal_analytics/internal_event_instrumentation/quick_start.md index d6a425ba7f4..6cd432344fd 100644 --- a/doc/development/internal_analytics/internal_event_instrumentation/quick_start.md +++ b/doc/development/internal_analytics/internal_event_instrumentation/quick_start.md @@ -299,8 +299,6 @@ The `trigger_internal_events` matcher can also be used for testing [Haml with da Any frontend tracking call automatically passes the values `user.id`, `namespace.id`, and `project.id` from the current context of the page. -If you need to pass any further properties, such as `extra`, `context`, `label`, `property`, and `value`, you can use the [deprecated snowplow implementation](https://archives.docs.gitlab.com/16.4/ee/development/internal_analytics/snowplow/implementation.html). In this case, let us know about your specific use-case in our [feedback issue for Internal Events](https://gitlab.com/gitlab-org/analytics-section/analytics-instrumentation/internal/-/issues/690). - #### Vue components In Vue components, tracking can be done with [Vue mixin](https://gitlab.com/gitlab-org/gitlab/-/blob/master/app/assets/javascripts/tracking/internal_events.js#L29). diff --git a/doc/install/aws/_index.md b/doc/install/aws/_index.md index 8f6e4cd5414..7f2e9840666 100644 --- a/doc/install/aws/_index.md +++ b/doc/install/aws/_index.md @@ -531,7 +531,7 @@ Connect to your GitLab instance via **Bastion Host A** using [SSH Agent Forwardi #### Disable Let's Encrypt -Because we're adding our SSL certificate at the load balancer, we do not need the GitLab built-in support for Let's Encrypt. Let's Encrypt [is enabled by default](https://docs.gitlab.com/omnibus/settings/ssl/index.html#enable-the-lets-encrypt-integration) when using an `https` domain, so we must explicitly disable it: +Because we're adding our SSL certificate at the load balancer, we do not need the GitLab built-in support for Let's Encrypt. Let's Encrypt [is enabled by default](https://docs.gitlab.com/omnibus/settings/ssl/#enable-the-lets-encrypt-integration) when using an `https` domain, so we must explicitly disable it: 1. Open `/etc/gitlab/gitlab.rb` and disable it: @@ -652,7 +652,7 @@ Now that we have our EC2 instance ready, follow the [documentation to install Gi #### Add Support for Proxied SSL -As we are terminating SSL at our [load balancer](#load-balancer), follow the steps at [Supporting proxied SSL](https://docs.gitlab.com/omnibus/settings/ssl/index.html#configure-a-reverse-proxy-or-load-balancer-ssl-termination) to configure this in `/etc/gitlab/gitlab.rb`. +As we are terminating SSL at our [load balancer](#load-balancer), follow the steps at [Supporting proxied SSL](https://docs.gitlab.com/omnibus/settings/ssl/#configure-a-reverse-proxy-or-load-balancer-ssl-termination) to configure this in `/etc/gitlab/gitlab.rb`. Remember to run `sudo gitlab-ctl reconfigure` after saving the changes to the `gitlab.rb` file. diff --git a/doc/install/azure/_index.md b/doc/install/azure/_index.md index ab694d2fe10..dd02a105c05 100644 --- a/doc/install/azure/_index.md +++ b/doc/install/azure/_index.md @@ -191,7 +191,7 @@ To set up the GitLab external URL: 1. Find `external_url` and replace it with your own domain name. For the sake of this example, use the default domain name Azure sets up. Using `https` in the URL - [automatically enables](https://docs.gitlab.com/omnibus/settings/ssl/index.html#lets-encrypt-integration), + [automatically enables](https://docs.gitlab.com/omnibus/settings/ssl/#lets-encrypt-integration), Let's Encrypt, and sets HTTPS by default: ```ruby diff --git a/doc/install/docker/configuration.md b/doc/install/docker/configuration.md index 2380f41bb81..ae651979b7d 100644 --- a/doc/install/docker/configuration.md +++ b/doc/install/docker/configuration.md @@ -38,7 +38,7 @@ context of a running container. [SMTP settings](https://docs.gitlab.com/omnibus/settings/smtp.html). The GitLab Docker image doesn't have an SMTP server pre-installed. - 1. If desired [enable HTTPS](https://docs.gitlab.com/omnibus/settings/ssl/index.html). + 1. If desired [enable HTTPS](https://docs.gitlab.com/omnibus/settings/ssl/). 1. Save the file and restart the container to reconfigure GitLab: diff --git a/doc/install/google_cloud_platform/_index.md b/doc/install/google_cloud_platform/_index.md index bf43ac68454..84c61b1b166 100644 --- a/doc/install/google_cloud_platform/_index.md +++ b/doc/install/google_cloud_platform/_index.md @@ -121,7 +121,7 @@ here's how you configure GitLab to be aware of the change: ### Configuring HTTPS with the domain name Although not needed, it's strongly recommended to secure GitLab with a -[TLS certificate](https://docs.gitlab.com/omnibus/settings/ssl/index.html). +[TLS certificate](https://docs.gitlab.com/omnibus/settings/ssl/). ### Configuring the email SMTP settings diff --git a/doc/install/install_ai_gateway.md b/doc/install/install_ai_gateway.md index 0eeb0c2727d..1f044dc52e8 100644 --- a/doc/install/install_ai_gateway.md +++ b/doc/install/install_ai_gateway.md @@ -72,7 +72,7 @@ Prerequisites: - Working installation of `kubectl`. - Working installation of Helm, version v3.11.0 or later. -For more information, see [Test the GitLab chart on GKE or EKS](https://docs.gitlab.com/charts/quickstart/index.html). +For more information, see [Test the GitLab chart on GKE or EKS](https://docs.gitlab.com/charts/quickstart/). ### Add the AI gateway Helm repository diff --git a/doc/install/requirements.md b/doc/install/requirements.md index 7c431b16cdc..e70969a2ff9 100644 --- a/doc/install/requirements.md +++ b/doc/install/requirements.md @@ -140,7 +140,7 @@ To adjust Puma settings: - For the Linux package, see [Puma settings](../administration/operations/puma.md). - For the GitLab Helm chart, see the - [`webservice` chart](https://docs.gitlab.com/charts/charts/gitlab/webservice/index.html). + [`webservice` chart](https://docs.gitlab.com/charts/charts/gitlab/webservice/). ### Workers diff --git a/doc/integration/_index.md b/doc/integration/_index.md index 2daa53a99cc..79c93d033be 100644 --- a/doc/integration/_index.md +++ b/doc/integration/_index.md @@ -68,7 +68,7 @@ As a workaround, do one of the following: - [Adding trusted root certificates to the server](https://manuals.gfi.com/en/kerio/connect/content/server-configuration/ssl-certificates/adding-trusted-root-certificates-to-the-server-1605.html) - [How do you add a certificate authority (CA) to Ubuntu?](https://superuser.com/questions/437330/how-do-you-add-a-certificate-authority-ca-to-ubuntu) - For installations that use the Linux package, add the certificate to the GitLab trusted chain: - 1. [Install the self-signed certificate](https://docs.gitlab.com/omnibus/settings/ssl/index.html#install-custom-public-certificates). + 1. [Install the self-signed certificate](https://docs.gitlab.com/omnibus/settings/ssl/#install-custom-public-certificates). 1. Concatenate the self-signed certificate with the GitLab trusted certificate. The self-signed certificate might be overwritten during upgrades. diff --git a/doc/integration/jira/dvcs/troubleshooting.md b/doc/integration/jira/dvcs/troubleshooting.md index 198410c7611..5858ec53be6 100644 --- a/doc/integration/jira/dvcs/troubleshooting.md +++ b/doc/integration/jira/dvcs/troubleshooting.md @@ -40,7 +40,7 @@ Error obtaining access token. Cannot access https://gitlab.example.com from Jira - The [Jira issues integration](../_index.md) requires GitLab to connect to Jira. Any TLS issues that arise from a private certificate authority or self-signed certificate are resolved - [on the GitLab server](https://docs.gitlab.com/omnibus/settings/ssl/index.html#install-custom-public-certificates), + [on the GitLab server](https://docs.gitlab.com/omnibus/settings/ssl/#install-custom-public-certificates), as GitLab is the TLS client. - The Jira development panel requires Jira to connect to GitLab, which causes Jira to be the TLS client. If your GitLab server's certificate is not diff --git a/doc/raketasks/_index.md b/doc/raketasks/_index.md index 7541c9bc6cb..8055d122641 100644 --- a/doc/raketasks/_index.md +++ b/doc/raketasks/_index.md @@ -14,7 +14,7 @@ processes. You can perform GitLab Rake tasks by using: -- `gitlab-rake ` for [Linux package](https://docs.gitlab.com/omnibus/index.html) and [GitLab Helm chart](https://docs.gitlab.com/charts/troubleshooting/kubernetes_cheat_sheet.html#gitlab-specific-kubernetes-information) installations. +- `gitlab-rake ` for [Linux package](https://docs.gitlab.com/omnibus/) and [GitLab Helm chart](https://docs.gitlab.com/charts/troubleshooting/kubernetes_cheat_sheet.html#gitlab-specific-kubernetes-information) installations. - `bundle exec rake ` for [self-compiled](../install/installation.md) installations. ## Available Rake tasks diff --git a/doc/topics/autodevops/requirements.md b/doc/topics/autodevops/requirements.md index 6199bde4cb8..b3137859de4 100644 --- a/doc/topics/autodevops/requirements.md +++ b/doc/topics/autodevops/requirements.md @@ -128,7 +128,7 @@ To make full use of Auto DevOps with Kubernetes, you need: Your runner must be configured to run Docker, usually with either the [Docker](https://docs.gitlab.com/runner/executors/docker.html) - or [Kubernetes](https://docs.gitlab.com/runner/executors/kubernetes/index.html) executors, with + or [Kubernetes](https://docs.gitlab.com/runner/executors/kubernetes/) executors, with [privileged mode enabled](https://docs.gitlab.com/runner/executors/docker.html#use-docker-in-docker-with-privileged-mode). The runners don't need to be installed in the Kubernetes cluster, but the Kubernetes executor is easy to use and automatically autoscales. diff --git a/doc/topics/offline/quick_start_guide.md b/doc/topics/offline/quick_start_guide.md index 9d903f70b27..1e7e2bc65ce 100644 --- a/doc/topics/offline/quick_start_guide.md +++ b/doc/topics/offline/quick_start_guide.md @@ -74,7 +74,7 @@ sudo EXTERNAL_URL="http://my-host.internal" dpkg -i .deb ## Enabling SSL Follow these steps to enable SSL for your fresh instance. These steps reflect those for -[manually configuring SSL in Omnibus's NGINX configuration](https://docs.gitlab.com/omnibus/settings/ssl/index.html#configure-https-manually): +[manually configuring SSL in Omnibus's NGINX configuration](https://docs.gitlab.com/omnibus/settings/ssl/#configure-https-manually): 1. Make the following changes to `/etc/gitlab/gitlab.rb`: diff --git a/doc/topics/runner_fleet_design_guides/gitlab_runner_fleet_config_and_best_practices.md b/doc/topics/runner_fleet_design_guides/gitlab_runner_fleet_config_and_best_practices.md index def61ed0683..3b5009a4ea1 100644 --- a/doc/topics/runner_fleet_design_guides/gitlab_runner_fleet_config_and_best_practices.md +++ b/doc/topics/runner_fleet_design_guides/gitlab_runner_fleet_config_and_best_practices.md @@ -522,7 +522,7 @@ As a final step in the deployment phase, you must establish a solution to monito - Network utilization - Disk utilization -See the [Dedicated GitLab Runner monitoring page](https://docs.gitlab.com/runner/monitoring/index.html) for more details on how to proceed. +See the [Dedicated GitLab Runner monitoring page](https://docs.gitlab.com/runner/monitoring/) for more details on how to proceed. ## Optimize diff --git a/doc/update/_index.md b/doc/update/_index.md index f549c800369..8e109ebb898 100644 --- a/doc/update/_index.md +++ b/doc/update/_index.md @@ -171,7 +171,7 @@ To address the above two scenarios, it is advised to do the following prior to u 1. Wait until all jobs are finished. 1. Upgrade GitLab. -1. [Upgrade GitLab Runner](https://docs.gitlab.com/runner/install/index.html) to the same version +1. [Upgrade GitLab Runner](https://docs.gitlab.com/runner/install/) to the same version as your GitLab version. Both versions [should be the same](https://docs.gitlab.com/runner/#gitlab-runner-versions). 1. Unpause your runners and unblock new jobs from starting by reverting the previous `/etc/gitlab/gitlab.rb` change. diff --git a/doc/update/deprecations.md b/doc/update/deprecations.md index 286b03154fd..3cb07c93ad8 100644 --- a/doc/update/deprecations.md +++ b/doc/update/deprecations.md @@ -1111,6 +1111,29 @@ For GitLab Self-Managed administrators, you can configure a custom limit with th
+### Major update of the Prometheus subchart + +
+ +- Announced in GitLab 17.9 +- Removal in GitLab 18.0 ([breaking change](https://docs.gitlab.com/ee/update/terminology.html#breaking-change)) +- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/charts/gitlab/-/issues/5927). + +
+ +With GitLab 18.0 and GitLab chart 9.0, the Prometheus subchart will be updated from 15.3 to 27.3. +Along with this update, Prometheus 3 will be shipped by default. + +Manual steps are required to perform the upgrade. If you have Alertmanager, Node Exporter or +Pushgateway enabled, you will also need to update your Helm values. + +Please refer to the [migration guide](https://docs.gitlab.com/charts/releases/9_0.html#prometheus-upgrade) +for more information. + +
+ +
+ ### OpenTofu CI/CD template
@@ -1655,7 +1678,7 @@ SLES 15 SP6 for continued support.
-The SpotBugs [SAST analyzer](https://docs.gitlab.com/ee/user/application_security/sast/index.html#supported-languages-and-frameworks) +The SpotBugs [SAST analyzer](https://docs.gitlab.com/ee/user/application_security/sast/#supported-languages-and-frameworks) can perform a build when the artifacts to be scanned aren't present. While this usually works well for simple projects, it can fail on more complex builds. From GitLab 18.0, to resolve SpotBugs analyzer build failures, you should: diff --git a/doc/update/package/package_troubleshooting.md b/doc/update/package/package_troubleshooting.md index 31655979f59..d55f6a72fdf 100644 --- a/doc/update/package/package_troubleshooting.md +++ b/doc/update/package/package_troubleshooting.md @@ -18,7 +18,7 @@ sudo gitlab-rake gitlab:check SANITIZE=true For more information on: -- Using `gitlab-ctl` for maintenance, see [Maintenance commands](https://docs.gitlab.com/omnibus/maintenance/index.html). +- Using `gitlab-ctl` for maintenance, see [Maintenance commands](https://docs.gitlab.com/omnibus/maintenance/). - Using `gitlab-rake` for configuration checking, see [Check GitLab configuration](../../administration/raketasks/maintenance.md#check-gitlab-configuration). diff --git a/doc/user/clusters/agent/_index.md b/doc/user/clusters/agent/_index.md index 53c95c6e4b1..84a6df57963 100644 --- a/doc/user/clusters/agent/_index.md +++ b/doc/user/clusters/agent/_index.md @@ -51,7 +51,7 @@ You can use agents and receptive agents simultaneously. GitLab supports the following Kubernetes versions. If you want to run GitLab in a Kubernetes cluster, you might need a different version of Kubernetes: -- For the [Helm Chart](https://docs.gitlab.com/charts/installation/cloud/index.html). +- For the [Helm Chart](https://docs.gitlab.com/charts/installation/cloud/). - For [GitLab Operator](https://docs.gitlab.com/operator/installation.html). You can upgrade your diff --git a/doc/user/markdown.md b/doc/user/markdown.md index 37501b2606d..9eb14a7c304 100644 --- a/doc/user/markdown.md +++ b/doc/user/markdown.md @@ -381,7 +381,7 @@ Examples: 1. First ordered list item @@ -415,7 +415,7 @@ They can even: Unordered lists can: diff --git a/doc/user/packages/container_registry/build_and_push_images.md b/doc/user/packages/container_registry/build_and_push_images.md index d0f2380aeee..0d67961dd26 100644 --- a/doc/user/packages/container_registry/build_and_push_images.md +++ b/doc/user/packages/container_registry/build_and_push_images.md @@ -213,5 +213,5 @@ deploy: NOTE: This example explicitly calls `docker pull`. If you prefer to implicitly pull the container image using `image:`, -and use either the [Docker](https://docs.gitlab.com/runner/executors/docker.html) or [Kubernetes](https://docs.gitlab.com/runner/executors/kubernetes/index.html) executor, +and use either the [Docker](https://docs.gitlab.com/runner/executors/docker.html) or [Kubernetes](https://docs.gitlab.com/runner/executors/kubernetes/) executor, make sure that [`pull_policy`](https://docs.gitlab.com/runner/executors/docker.html#how-pull-policies-work) is set to `always`. diff --git a/doc/user/permissions.md b/doc/user/permissions.md index 086be7f72d1..3039e7047cb 100644 --- a/doc/user/permissions.md +++ b/doc/user/permissions.md @@ -166,11 +166,11 @@ Guest users and members with the Reporter role cannot do any of these actions. | Clone source and LFS from current project | ✓ | ✓ | | | Clone source and LFS from public projects | ✓ | ✓ | | | Clone source and LFS from internal projects | ✓ | ✓ | Developers and Maintainers: Only if the triggering user is not an external user. | -| Clone source and LFS from private projects | ✓ | ✓ | Only if the triggering user is a member of the project. See also [Usage of private Docker images with `if-not-present` pull policy](https://docs.gitlab.com/runner/security/index.html#usage-of-private-docker-images-with-if-not-present-pull-policy). | +| Clone source and LFS from private projects | ✓ | ✓ | Only if the triggering user is a member of the project. See also [Usage of private Docker images with `if-not-present` pull policy](https://docs.gitlab.com/runner/security/#usage-of-private-docker-images-with-if-not-present-pull-policy). | | Pull container images from current project | ✓ | ✓ | | | Pull container images from public projects | ✓ | ✓ | | | Pull container images from internal projects | ✓ | ✓ | Developers and Maintainers: Only if the triggering user is not an external user. | -| Pull container images from private projects | ✓ | ✓ | Only if the triggering user is a member of the project. See also [Usage of private Docker images with `if-not-present` pull policy](https://docs.gitlab.com/runner/security/index.html#usage-of-private-docker-images-with-if-not-present-pull-policy). | +| Pull container images from private projects | ✓ | ✓ | Only if the triggering user is a member of the project. See also [Usage of private Docker images with `if-not-present` pull policy](https://docs.gitlab.com/runner/security/#usage-of-private-docker-images-with-if-not-present-pull-policy). | | Push container images to current project | ✓ | ✓ | You cannot push container images to other projects. | ### Compliance diff --git a/doc/user/project/deploy_boards.md b/doc/user/project/deploy_boards.md index ea0d78f5ebb..753b3d7ecc2 100644 --- a/doc/user/project/deploy_boards.md +++ b/doc/user/project/deploy_boards.md @@ -92,7 +92,7 @@ To display the deploy boards for a specific [environment](../../ci/environments/ and [GitLab issue #4584](https://gitlab.com/gitlab-org/gitlab/-/issues/4584). 1. [Configure GitLab Runner](../../ci/runners/_index.md) with the [`docker`](https://docs.gitlab.com/runner/executors/docker.html) or - [`kubernetes`](https://docs.gitlab.com/runner/executors/kubernetes/index.html) executor. + [`kubernetes`](https://docs.gitlab.com/runner/executors/kubernetes/) executor. 1. Configure the [Kubernetes integration](../infrastructure/clusters/_index.md) in your project for the cluster. The Kubernetes namespace is of particular note as you need it for your deployment scripts (exposed by the `KUBE_NAMESPACE` deployment variable). diff --git a/doc/user/project/integrations/slack.md b/doc/user/project/integrations/slack.md index 0680e993725..f262613a33c 100644 --- a/doc/user/project/integrations/slack.md +++ b/doc/user/project/integrations/slack.md @@ -140,7 +140,7 @@ To view which of these problems is the cause of the issue: ``` If GitLab does not trust HTTPS connections to itself, -[add your certificate to the GitLab trusted certificates](https://docs.gitlab.com/omnibus/settings/ssl/index.html#install-custom-public-certificates). +[add your certificate to the GitLab trusted certificates](https://docs.gitlab.com/omnibus/settings/ssl/#install-custom-public-certificates). If GitLab does not trust connections to Slack, the GitLab OpenSSL trust store is incorrect. Typical causes are: diff --git a/doc/user/project/repository/signed_commits/x509.md b/doc/user/project/repository/signed_commits/x509.md index e49fbd7522d..3d11f8636a1 100644 --- a/doc/user/project/repository/signed_commits/x509.md +++ b/doc/user/project/repository/signed_commits/x509.md @@ -34,7 +34,7 @@ For a commit or tag to be *verified* by GitLab: from the certificate in the signature to a trusted certificate in the GitLab certificate store. This chain may include intermediate certificates supplied in the signature. You may need to add certificates, such as Certificate Authority root certificates, - [to the GitLab certificate store](https://docs.gitlab.com/omnibus/settings/ssl/index.html#install-custom-public-certificates). + [to the GitLab certificate store](https://docs.gitlab.com/omnibus/settings/ssl/#install-custom-public-certificates). - The signing time must be in the time range of the [certificate validity](https://www.rfc-editor.org/rfc/rfc5280.html#section-4.1.2.5), which is usually up to three years. @@ -56,7 +56,7 @@ GitLab checks certificate revocation lists on a daily basis with a background wo recommend using certificates from a PKI that are in line with [RFC 5280](https://www.rfc-editor.org/rfc/rfc5280). - The **Verified** badge is not displayed on the GitLab SaaS offering - because [uploading a custom Certification Authority (CA)](https://docs.gitlab.com/omnibus/settings/ssl/index.html#install-custom-public-certificates) + because [uploading a custom Certification Authority (CA)](https://docs.gitlab.com/omnibus/settings/ssl/#install-custom-public-certificates) is only available to GitLab Self-Managed. - Setting values in the Extended Key Usage (EKU) section of your certificate in addition to the required Key Usage (KU) of `Digital Signature` is likely to cause your commits to @@ -357,7 +357,7 @@ step of the previous [main verification checks](#main-verification-checks). ``` 1. If this fails, add the missing certificates required to establish trust - [to the GitLab certificate store](https://docs.gitlab.com/omnibus/settings/ssl/index.html#install-custom-public-certificates). + [to the GitLab certificate store](https://docs.gitlab.com/omnibus/settings/ssl/#install-custom-public-certificates). 1. After adding more certificates, (if these troubleshooting steps then pass) run the Rake task to [re-verify commits](#re-verify-commits). diff --git a/doc/user/project/service_desk/configure.md b/doc/user/project/service_desk/configure.md index 7c8632f4ad5..c14f209c5cb 100644 --- a/doc/user/project/service_desk/configure.md +++ b/doc/user/project/service_desk/configure.md @@ -1097,7 +1097,7 @@ from the `incoming_email` and `service_desk_email` mailboxes. ### Helm chart (Kubernetes) The [GitLab Helm chart](https://docs.gitlab.com/charts/) is made up of multiple subcharts, and one of them is -the [Mailroom subchart](https://docs.gitlab.com/charts/charts/gitlab/mailroom/index.html). Configure the +the [Mailroom subchart](https://docs.gitlab.com/charts/charts/gitlab/mailroom/). Configure the [common settings for `incoming_email`](https://docs.gitlab.com/charts/installation/command-line-options.html#incoming-email-configuration) and the [common settings for `service_desk_email`](https://docs.gitlab.com/charts/installation/command-line-options.html#service-desk-email-configuration). diff --git a/doc/user/storage_management_automation.md b/doc/user/storage_management_automation.md index 5e1b7890ec6..1f39ff37bc0 100644 --- a/doc/user/storage_management_automation.md +++ b/doc/user/storage_management_automation.md @@ -617,7 +617,7 @@ The full script `get_cicd_pipelines_compare_age_threshold_example.sh` is located #!/bin/bash # Required programs: -# - GitLab CLI (glab): https://docs.gitlab.com/ee/editor_extensions/gitlab_cli/index.html +# - GitLab CLI (glab): https://docs.gitlab.com/ee/editor_extensions/gitlab_cli/ # - jq: https://jqlang.github.io/jq/ # Required variables: diff --git a/locale/gitlab.pot b/locale/gitlab.pot index 59e9c6d0b1d..69272fe3f9d 100644 --- a/locale/gitlab.pot +++ b/locale/gitlab.pot @@ -61659,7 +61659,7 @@ msgstr "" msgid "UsageQuota|Code packages and container images." msgstr "" -msgid "UsageQuota|Compute units usage is calculated based on shared runners duration with cost factors applied." +msgid "UsageQuota|Compute units usage is calculated based on instance runners duration with cost factors applied." msgstr "" msgid "UsageQuota|Compute usage" @@ -61716,6 +61716,9 @@ msgstr "" msgid "UsageQuota|Instance runner duration" msgstr "" +msgid "UsageQuota|Instance runners are disabled in all projects in this namespace." +msgstr "" + msgid "UsageQuota|Job artifacts created by CI/CD." msgstr "" diff --git a/spec/services/markup/rendering_service_security_spec.rb b/spec/services/markup/rendering_service_security_spec.rb index 6456c6626ab..b535931e063 100644 --- a/spec/services/markup/rendering_service_security_spec.rb +++ b/spec/services/markup/rendering_service_security_spec.rb @@ -337,6 +337,24 @@ RSpec.describe Markup::RenderingService, feature_category: :markdown do output = render(input, file_name, context) expect(output).to eq('') end + + it 'does not allow reading arbitrary files via include' do + # https://docs.gitlab.com/ee/user/markdown.html#includes + input = "::include{file=/etc/hosts}" + output = render(input, file_name, context) + expect(output).to eq('

::include{file=/etc/hosts}

') + end + + it 'does not allow reading arbitrary files via include with file URL' do + # https://docs.gitlab.com/ee/user/markdown.html#includes + input = "::include{file=file:///etc/hosts}" + output = render(input, file_name, context) + expect(output).to eq( + '

' \ + '::include{file=file:///etc/hosts' \ + '}

' + ) + end end end