Gitlab配置详解
2025/8/26...大约 54 分钟
Gitlab配置详解
Gitlab配置文件真是又臭又长,将很多款文件合并到一个文件中,整个配置3601行,英文不太好的朋友很容易因为理解偏差误操作,下面是汉化版本的gitlab.rb文件,我已经将它完全汉化。最后记录了汉化脚本。
这个配置文件是当前最新的,配置文件更新日期:8月 21, 2025
gitlab.rb文件如下
## GitLab配置设置
##! 此文件在初始安装期间生成,在升级过程中不会修改。
##! 查看此文件的最新版本以了解可以配置的不同设置、它们的引入时间和原因:
##! https://gitlab.com/gitlab-org/omnibus-gitlab/blame/master/files/gitlab-config-template/gitlab.rb.template
##! 在本地,可以找到与已安装版本对应的完整模板:
##! /opt/gitlab/etc/gitlab.rb.template
##! 您可以运行 `gitlab-ctl diff-config` 来比较当前 gitlab.rb 与当前运行版本的 gitlab.rb.template 的内容。
##! 您可以运行 `gitlab-ctl show-config` 来显示通过运行 `gitlab-ctl reconfigure` 将生成的配置。
##! 通常,此处指定的值应反映该属性的默认值。
##! 在某些情况下,这种行为是不可能或不希望的。例如,在提供密码或连接到第三方服务时。
##! 在这些情况下,我们努力提供一个示例配置。
## GitLab URL
##! GitLab 可访问的 URL。
##! 有关配置 external_url 的更多详细信息,请参见:
##! https://docs.gitlab.com/omnibus/settings/configuration.html#configuring-the-external-url-for-gitlab
##!
##! 注意:在安装/升级期间,环境变量 EXTERNAL_URL 的值将用于填充/替换此值。
##! 在 AWS EC2 实例上,我们还会尝试从 AWS 获取公共主机名/IP 地址。
##! 有关更多详细信息,请参见:
##! https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instancedata-data-retrieval.html
external_url 'GENERATED_EXTERNAL_URL'
## 多实例 GitLab 的角色
##! 默认情况下不启用任何角色,这会导致 GitLab 作为一体化实例运行。
##! 选项:
##! application_role
##! redis_sentinel_role
##! redis_master_role
##! redis_replica_role
##! monitoring_role
##! geo_primary_role
##! geo_secondary_role
##! postgres_role
##! patroni_role
##! consul_role
##! pgbouncer_role
##! pages_role
##! sidekiq_role
##! spamcheck_role
##! gitaly_role
##! 有关每个角色的更多详细信息,请参见:
##! https://docs.gitlab.com/omnibus/roles/index.html#roles
##!
# roles ['redis_sentinel_role', 'redis_master_role']
## 图例
##! 每行开头的以下符号可用于区分此文件的组件,并使用正则表达式轻松选择它们。
##! ## 标题、副标题等
##! ##! 更多信息 - 描述、文档、链接、问题等
##! 配置设置以单个 # 后跟单个空格开头;删除它们以启用设置。
##! **以下配置设置是可选的。**
################################################################################
################################################################################
## GitLab CE 和 EE 的配置设置 ##
################################################################################
################################################################################
################################################################################
## gitlab.yml 配置
##! 文档: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/gitlab.yml.md
################################################################################
# gitlab_rails['enable'] = true # 除非文档中明确说明,否则不要禁用
# gitlab_rails['gitlab_ssh_host'] = 'ssh.host_example.com'
# gitlab_rails['gitlab_ssh_user'] = ''
# gitlab_rails['time_zone'] = 'UTC'
### Rails 资产 / CDN 主机
###! 定义用于 Rails 资产的主机/cdn 的 URL
###! 文档: https://docs.gitlab.com/omnibus/settings/configuration.html#set-a-content-delivery-network-url
# gitlab_rails['cdn_host'] = 'https://mycdnsubdomain.fictional-cdn.com'
### 请求持续时间
###! 告诉 Rails 应用程序完成请求所需的时间
###! 此值需要低于在 puma 中设置的 worker 超时时间。
###! 默认情况下,我们允许 worker 超时时间的 95%
# gitlab_rails['max_request_duration_seconds'] = 57
### GitLab 邮件服务器设置
###! 文档: https://docs.gitlab.com/omnibus/settings/smtp.html
###! **使用 smtp 而不是 sendmail/postfix。**
# gitlab_rails['smtp_enable'] = true
# gitlab_rails['smtp_address'] = "smtp.server"
# gitlab_rails['smtp_port'] = 465
# gitlab_rails['smtp_user_name'] = "smtp user"
# gitlab_rails['smtp_password'] = "smtp password"
# gitlab_rails['smtp_domain'] = "example.com"
# gitlab_rails['smtp_authentication'] = "login"
# gitlab_rails['smtp_enable_starttls_auto'] = true
# gitlab_rails['smtp_tls'] = false
# gitlab_rails['smtp_pool'] = false
###! **可以是: 'none', 'peer', 'client_once', 'fail_if_no_peer_cert'**
###! 文档: http://api.rubyonrails.org/classes/ActionMailer/Base.html
# gitlab_rails['smtp_openssl_verify_mode'] = 'none'
# gitlab_rails['smtp_ca_path'] = "/etc/ssl/certs"
# gitlab_rails['smtp_ca_file'] = "/etc/ssl/certs/ca-certificates.crt"
### 邮件设置
# gitlab_rails['gitlab_email_enabled'] = true
###! 如果您的 SMTP 服务器不喜欢默认的 'From: gitlab@gitlab.example.com'
###! 可以通过此设置更改 'From'。
# gitlab_rails['gitlab_email_from'] = 'example@example.com'
# gitlab_rails['gitlab_email_display_name'] = 'Example'
# gitlab_rails['gitlab_email_reply_to'] = 'noreply@example.com'
# gitlab_rails['gitlab_email_subject_suffix'] = ''
# gitlab_rails['gitlab_email_smime_enabled'] = false
# gitlab_rails['gitlab_email_smime_key_file'] = '/etc/gitlab/ssl/gitlab_smime.key'
# gitlab_rails['gitlab_email_smime_cert_file'] = '/etc/gitlab/ssl/gitlab_smime.crt'
# gitlab_rails['gitlab_email_smime_ca_certs_file'] = '/etc/gitlab/ssl/gitlab_smime_cas.crt'
### GitLab 用户权限
# gitlab_rails['gitlab_username_changing_enabled'] = true
### 默认主题
###! 可用值:
###! `1` for Indigo
###! `2` for Dark
###! `3` for Light
###! `4` for Blue
###! `5` for Green
###! `6` for Light Indigo
###! `7` for Light Blue
###! `8` for Light Green
###! `9` for Red
###! `10` for Light Red
# gitlab_rails['gitlab_default_theme'] = 2
### 默认颜色模式
### 可用值:
##! `1` for Light mode
##! `2` for Dark mode
##! `3` for Auto (follow system preferences)
# gitlab_rails['gitlab_default_color_mode'] = 1
### 自定义 html 头部标签
###! 查看 https://docs.gitlab.com/ee/administration/custom_html_header_tags.html 了解更多
###! 在某些情况下需要一些自定义头部标签
###! 例如,添加欧盟 cookie 同意
###! 提示:您还必须将外部源添加到 content_security_policy 中,
###! 通常是 script_src 和 style_src。
# gitlab_rails['custom_html_header_tags'] = nil
### 默认项目功能设置
# gitlab_rails['gitlab_default_projects_features_issues'] = true
# gitlab_rails['gitlab_default_projects_features_merge_requests'] = true
# gitlab_rails['gitlab_default_projects_features_wiki'] = true
# gitlab_rails['gitlab_default_projects_features_snippets'] = true
# gitlab_rails['gitlab_default_projects_features_builds'] = true
# gitlab_rails['gitlab_default_projects_features_container_registry'] = true
### 自动关闭问题
###! 查看 https://docs.gitlab.com/ee/administration/issue_closing_pattern.html 了解更多
###! 关于此模式的信息。
# gitlab_rails['gitlab_issue_closing_pattern'] = "\b((?:[Cc]los(?:e[sd]?|ing)|\b[Ff]ix(?:e[sd]|ing)?|\b[Rr]esolv(?:e[sd]?|ing)|\b[Ii]mplement(?:s|ed|ing)?)(:?) +(?:(?:issues? +)?%{issue_ref}(?:(?:, *| +and +)?)|([A-Z][A-Z0-9_]+-\d+))+)"
### 下载位置
###! 当用户点击项目上的 "Download zip" 时,会在以下目录中创建一个临时的 zip 文件。
###! 不应与 `gitaly['configuration'].storage` 路径相同,或为其子目录。
# gitlab_rails['gitlab_repository_downloads_path'] = 'tmp/repositories'
### Gravatar 设置
# gitlab_rails['gravatar_plain_url'] = 'http://www.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon'
# gitlab_rails['gravatar_ssl_url'] = 'https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon'
### 辅助任务
###! 定期执行的任务,用于自我修复 Gitlab,进行外部同步等。
###! 文档: https://github.com/ondrejbartas/sidekiq-cron#adding-cron-job
###! https://docs.gitlab.com/ee/ci/yaml/index.html#artifactsexpire_in
# gitlab_rails['stuck_ci_jobs_worker_cron'] = "0 0 * * *"
# gitlab_rails['expire_build_artifacts_worker_cron'] = "*/7 * * * *"
# gitlab_rails['environments_auto_stop_cron_worker_cron'] = "24 * * * *"
# gitlab_rails['pipeline_schedule_worker_cron'] = "3-59/10 * * * *"
# gitlab_rails['ci_archive_traces_cron_worker_cron'] = "17 * * * *"
# gitlab_rails['repository_check_worker_cron'] = "20 * * * *"
# gitlab_rails['admin_email_worker_cron'] = "0 0 * * 0"
# gitlab_rails['personal_access_tokens_expiring_worker_cron'] = "0 1 * * *"
# gitlab_rails['personal_access_tokens_expired_notification_worker_cron'] = "0 2 * * *"
# gitlab_rails['repository_archive_cache_worker_cron'] = "0 * * * *"
# gitlab_rails['pages_domain_verification_cron_worker'] = "*/15 * * * *"
# gitlab_rails['pages_domain_ssl_renewal_cron_worker'] = "*/10 * * * *"
# gitlab_rails['pages_domain_removal_cron_worker'] = "47 0 * * *"
# gitlab_rails['remove_unaccepted_member_invites_cron_worker'] = "10 15 * * *"
# gitlab_rails['schedule_migrate_external_diffs_worker_cron'] = "15 * * * *"
# gitlab_rails['ci_platform_metrics_update_cron_worker'] = '47 9 * * *'
# gitlab_rails['analytics_usage_trends_count_job_trigger_worker_cron'] = "50 23 */1 * *"
# gitlab_rails['member_invitation_reminder_emails_worker_cron'] = "0 0 * * *"
# gitlab_rails['user_status_cleanup_batch_worker_cron'] = "* * * * *"
# gitlab_rails['namespaces_in_product_marketing_emails_worker_cron'] = "0 9 * * *"
# gitlab_rails['ssh_keys_expired_notification_worker_cron'] = "0 2 * * *"
# gitlab_rails['ssh_keys_expiring_soon_notification_worker_cron'] = "0 1 * * *"
# gitlab_rails['loose_foreign_keys_cleanup_worker_cron'] = "*/5 * * * *"
# gitlab_rails['ci_runner_versions_reconciliation_worker_cron'] = "@daily"
# gitlab_rails['ci_runners_stale_machines_cleanup_worker_cron'] = "36 * * * *"
# gitlab_rails['ci_catalog_resources_process_sync_events_worker_cron'] = "*/1 * * * *"
# gitlab_rails['ci_click_house_finished_pipelines_sync_worker_cron'] = "*/4 * * * *"
# gitlab_rails['ci_click_house_finished_pipelines_sync_worker_args'] = [1]
### Webhook 设置
###! 发送 webhook HTTP POST 请求后等待 HTTP 响应的秒数(默认:10)
# gitlab_rails['webhook_timeout'] = 10
### HTTP 客户端设置
###! 这是用于设置相互 TLS 客户端证书和证书文件密码的。
# gitlab_rails['http_client']['tls_client_cert_file'] = nil
# gitlab_rails['http_client']['tls_client_cert_password'] = nil
### GraphQL 设置
###! 告诉 Rails 应用程序完成 GraphQL 请求所需的时间。
###! 我们建议此值高于数据库超时值且低于在 puma 中设置的 worker 超时时间。(默认:30)
# gitlab_rails['graphql_timeout'] = 30
### 受信任的代理
###! 如果您的 GitLab 位于运行在不同机器上的反向代理后面,请自定义。
###! **将反向代理的 IP 地址添加到列表中,否则用户将显示为从该地址登录。**
# gitlab_rails['trusted_proxies'] = []
### 内容安全策略
###! 如果要启用 Content-Security-Policy 头部,请自定义,这有助于阻止 JavaScript 跨站脚本(XSS)攻击。
###! 查看: https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP
# gitlab_rails['content_security_policy'] = {
# 'enabled' => false,
# 'report_only' => false,
# # 每个指令都是一个字符串(例如 "'self'")。
# # 只有在需要自定义 CSP 指令时才需要设置此部分
# # 查看 https://docs.gitlab.com/omnibus/settings/configuration.html#set-a-content-security-policy
# 'directives' => {
# 'base_uri' => nil,
# 'child_src' => nil,
# 'connect_src' => nil,
# 'default_src' => nil,
# 'font_src' => nil,
# 'form_action' => nil,
# 'frame_ancestors' => nil,
# 'frame_src' => nil,
# 'img_src' => nil,
# 'manifest_src' => nil,
# 'media_src' => nil,
# 'object_src' => nil,
# 'script_src' => nil,
# 'style_src' => nil,
# 'worker_src' => nil,
# 'report_uri' => nil,
# }
# }
### 允许的主机
###! 自定义 Rails 应用程序应处理的 `host` 头部。默认情况下,允许所有。
# gitlab_rails['allowed_hosts'] = []
### 监控设置
###! 控制对监控端点访问的 IP 白名单
# gitlab_rails['monitoring_whitelist'] = ['127.0.0.0/8', '::1/128']
### 会话设置
# gitlab_rails['signed_cookie_salt'] = 'signed cookie'
# gitlab_rails['authenticated_encrypted_cookie_salt'] = 'authenticated encrypted cookie'
### 关机设置
###! 定义阻止健康检查的时间间隔,
###! 但继续接受应用程序请求。
# gitlab_rails['shutdown_blackout_seconds'] = 10
### Microsoft Graph Mailer
###! 允许使用 Microsoft Graph API 和 OAuth 2.0 客户端凭据流发送邮件。
###! 文档: https://docs.gitlab.com/omnibus/settings/microsoft_graph_mailer.html
# gitlab_rails['microsoft_graph_mailer_enabled'] = false
# gitlab_rails['microsoft_graph_mailer_user_id'] = "YOUR-USER-ID"
# gitlab_rails['microsoft_graph_mailer_tenant'] = "YOUR-TENANT-ID"
# gitlab_rails['microsoft_graph_mailer_client_id'] = "YOUR-CLIENT-ID"
# gitlab_rails['microsoft_graph_mailer_client_secret'] = "YOUR-CLIENT-SECRET-ID"
# gitlab_rails['microsoft_graph_mailer_azure_ad_endpoint'] = "https://login.microsoftonline.com"
# gitlab_rails['microsoft_graph_mailer_graph_endpoint'] = "https://graph.microsoft.com"
################################################################
## 通过邮件回复
################################################################
###! 允许用户通过回复通知邮件来评论问题和合并请求。
###! 文档: https://docs.gitlab.com/ee/administration/reply_by_email.html
# gitlab_rails['incoming_email_enabled'] = true
### 收件人邮箱地址
###! 包含 `%{key}` 占位符的邮箱地址,该占位符将被替换以引用被回复的项目。
###! **占位符可以省略,但如果存在,它必须出现在地址的 "user" 部分(`@` 之前)。**
# gitlab_rails['incoming_email_address'] = "gitlab-incoming+%{key}@gmail.com"
#### 邮箱账户用户名
####! **对于第三方提供商,这通常是完整的邮箱地址。**
####! **对于自托管邮箱服务器,这通常是邮箱地址的用户部分。**
# gitlab_rails['incoming_email_email'] = "gitlab-incoming@gmail.com"
#### 邮箱账户密码
# gitlab_rails['incoming_email_password'] = "[REDACTED]"
#### IMAP 设置
# gitlab_rails['incoming_email_host'] = "imap.gmail.com"
# gitlab_rails['incoming_email_port'] = 993
# gitlab_rails['incoming_email_ssl'] = true
# gitlab_rails['incoming_email_start_tls'] = false
#### 收件箱设置 (通过 `mail_room`)
####! 收件邮件将到达的邮箱。通常是 "inbox"。
# gitlab_rails['incoming_email_mailbox_name'] = "inbox"
####! IDLE 命令超时时间。
# gitlab_rails['incoming_email_idle_timeout'] = 60
####! 内部 `mail_room` JSON 日志文件的文件名
# gitlab_rails['incoming_email_log_file'] = "/var/log/gitlab/mailroom/mail_room_json.log"
####! 这会在投递后标记删除收件。
####! 如果您使用 Microsoft Graph API 而不是 IMAP,请将其设置为 false 以保留
####! 收件箱中的邮件,因为删除的邮件会在一段时间后自动清除。
# gitlab_rails['incoming_email_delete_after_delivery'] = true
####! 在投递后标记删除时,从邮箱中永久删除邮件
####! 仅适用于 IMAP。Microsoft Graph 将自动清除任何删除的邮件。
# gitlab_rails['incoming_email_expunge_deleted'] = false
#### 收件箱选项 (for Microsoft Graph)
# gitlab_rails['incoming_email_inbox_method'] = 'microsoft_graph'
# gitlab_rails['incoming_email_inbox_options'] = {
# 'tenant_id': 'YOUR-TENANT-ID',
# 'client_id': 'YOUR-CLIENT-ID',
# 'client_secret': 'YOUR-CLIENT-SECRET',
# 'poll_interval': 60 # 可选
# }
####! 收件邮件如何传递给 Rails 进程。接受 sidekiq 或 webhook。
####! 默认配置是 webhook。
# gitlab_rails['incoming_email_delivery_method'] = "webhook"
####! 用于验证 webhook 请求的令牌。令牌必须恰好是 32 字节,
####! 并使用 base64 编码
# gitlab_rails['incoming_email_auth_token'] = nil
####! mail_room 崩溃日志的格式
# mailroom['exit_log_format'] = "plain"
### 统一(简化)对象存储配置
###! 这使用单个凭据用于具有多个存储桶的对象存储。
###! 它还允许 Workhorse 使用自己的 S3 客户端直接上传文件,
###! 而不是使用预签名 URL。
###!
###! 仅当 object_store 部分未在类型内定义时,此配置才会生效。
###! 例如,启用 gitlab_rails['artifacts_object_store_enabled'] 或
###! gitlab_rails['lfs_object_store_enabled'] 将阻止使用统一设置。
###!
###! 确保为每种类型的对象使用不同的存储桶。
###! 文档: https://docs.gitlab.com/ee/administration/object_storage.html
# gitlab_rails['object_store']['enabled'] = false
# gitlab_rails['object_store']['connection'] = {}
# gitlab_rails['object_store']['storage_options'] = {}
# gitlab_rails['object_store']['proxy_download'] = false
# gitlab_rails['object_store']['objects']['artifacts']['bucket'] = nil
# gitlab_rails['object_store']['objects']['external_diffs']['bucket'] = nil
# gitlab_rails['object_store']['objects']['lfs']['bucket'] = nil
# gitlab_rails['object_store']['objects']['uploads']['bucket'] = nil
# gitlab_rails['object_store']['objects']['packages']['bucket'] = nil
# gitlab_rails['object_store']['objects']['dependency_proxy']['bucket'] = nil
# gitlab_rails['object_store']['objects']['terraform_state']['bucket'] = nil
# gitlab_rails['object_store']['objects']['ci_secure_files']['bucket'] = nil
# gitlab_rails['object_store']['objects']['pages']['bucket'] = nil
### 作业产物
# gitlab_rails['artifacts_enabled'] = true
# gitlab_rails['artifacts_path'] = "/var/opt/gitlab/gitlab-rails/shared/artifacts"
###! 作业产物对象存储
###! 文档: https://docs.gitlab.com/ee/administration/job_artifacts.html#using-object-storage
# gitlab_rails['artifacts_object_store_enabled'] = false
# gitlab_rails['artifacts_object_store_proxy_download'] = false
# gitlab_rails['artifacts_object_store_remote_directory'] = "artifacts"
# gitlab_rails['artifacts_object_store_connection'] = {
# 'provider' => 'AWS',
# 'region' => 'eu-west-1',
# 'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
# 'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
# # # 以下选项配置 S3 兼容主机而不是 AWS
# # 'aws_signature_version' => 4, # 用于创建签名 URL。如果提供商不支持 v4,请设置为 2。
# # 'endpoint' => 'https://s3.amazonaws.com', # 默认: nil - 适用于 S3 兼容服务如 DigitalOcean Spaces
# # 'host' => 's3.amazonaws.com',
# # 'path_style' => false # 使用 'host/bucket_name/object' 而不是 'bucket_name.host/object'
# }
### 外部合并请求差异
# gitlab_rails['external_diffs_enabled'] = false
# gitlab_rails['external_diffs_when'] = nil
# gitlab_rails['external_diffs_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/external-diffs"
# gitlab_rails['external_diffs_object_store_enabled'] = false
# gitlab_rails['external_diffs_object_store_proxy_download'] = false
# gitlab_rails['external_diffs_object_store_remote_directory'] = "external-diffs"
# gitlab_rails['external_diffs_object_store_connection'] = {
# 'provider' => 'AWS',
# 'region' => 'eu-west-1',
# 'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
# 'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
# # # 以下选项配置 S3 兼容主机而不是 AWS
# # 'aws_signature_version' => 4, # 用于创建签名 URL。如果提供商不支持 v4,请设置为 2。
# # 'endpoint' => 'https://s3.amazonaws.com', # 默认: nil - 适用于 S3 兼容服务如 DigitalOcean Spaces
# # 'host' => 's3.amazonaws.com',
# # 'path_style' => false # 使用 'host/bucket_name/object' 而不是 'bucket_name.host/object'
# }
### Git LFS
# gitlab_rails['lfs_enabled'] = true
# gitlab_rails['lfs_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/lfs-objects"
# gitlab_rails['lfs_object_store_enabled'] = false
# gitlab_rails['lfs_object_store_proxy_download'] = false
# gitlab_rails['lfs_object_store_remote_directory'] = "lfs-objects"
# gitlab_rails['lfs_object_store_connection'] = {
# 'provider' => 'AWS',
# 'region' => 'eu-west-1',
# 'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
# 'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
# # # 以下选项配置 S3 兼容主机而不是 AWS
# # 'aws_signature_version' => 4, # 用于创建签名 URL。如果提供商不支持 v4,请设置为 2。
# # 'endpoint' => 'https://s3.amazonaws.com', # 默认: nil - 适用于 S3 兼容服务如 DigitalOcean Spaces
# # 'host' => 's3.amazonaws.com',
# # 'path_style' => false # 使用 'host/bucket_name/object' 而不是 'bucket_name.host/object'
# }
### GitLab 上传
###! 文档: https://docs.gitlab.com/ee/administration/uploads.html
# gitlab_rails['uploads_directory'] = "/var/opt/gitlab/gitlab-rails/uploads"
# gitlab_rails['uploads_storage_path'] = "/opt/gitlab/embedded/service/gitlab-rails/public"
# gitlab_rails['uploads_base_dir'] = "uploads/-/system"
# gitlab_rails['uploads_object_store_enabled'] = false
# gitlab_rails['uploads_object_store_proxy_download'] = false
# gitlab_rails['uploads_object_store_remote_directory'] = "uploads"
# gitlab_rails['uploads_object_store_connection'] = {
# 'provider' => 'AWS',
# 'region' => 'eu-west-1',
# 'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
# 'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
# # # 以下选项配置 S3 兼容主机而不是 AWS
# # 'host' => 's3.amazonaws.com',
# # 'aws_signature_version' => 4, # 用于创建签名 URL。如果提供商不支持 v4,请设置为 2。
# # 'endpoint' => 'https://s3.amazonaws.com', # 默认: nil - 适用于 S3 兼容服务如 DigitalOcean Spaces
# # 'path_style' => false # 使用 'host/bucket_name/object' 而不是 'bucket_name.host/object'
# }
### Terraform state
###! 文档: https://docs.gitlab.com/ee/administration/terraform_state
# gitlab_rails['terraform_state_enabled'] = true
# gitlab_rails['terraform_state_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/terraform_state"
# gitlab_rails['terraform_state_object_store_enabled'] = false
# gitlab_rails['terraform_state_object_store_remote_directory'] = "terraform"
# gitlab_rails['terraform_state_object_store_connection'] = {
# 'provider' => 'AWS',
# 'region' => 'eu-west-1',
# 'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
# 'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
# # # The below options configure an S3 compatible host instead of AWS
# # 'host' => 's3.amazonaws.com',
# # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
# # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
# # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
# }
### CI Secure Files
# gitlab_rails['ci_secure_files_enabled'] = true
# gitlab_rails['ci_secure_files_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/ci_secure_files"
# gitlab_rails['ci_secure_files_object_store_enabled'] = false
# gitlab_rails['ci_secure_files_object_store_remote_directory'] = "ci-secure-files"
# gitlab_rails['ci_secure_files_object_store_connection'] = {
# 'provider' => 'AWS',
# 'region' => 'eu-west-1',
# 'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
# 'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
# # # The below options configure an S3 compatible host instead of AWS
# # 'host' => 's3.amazonaws.com',
# # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
# # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
# # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
# }
### GitLab Pages
# gitlab_rails['pages_object_store_enabled'] = false
# gitlab_rails['pages_object_store_remote_directory'] = "pages"
# gitlab_rails['pages_object_store_connection'] = {
# 'provider' => 'AWS',
# 'region' => 'eu-west-1',
# 'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
# 'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
# # # The below options configure an S3 compatible host instead of AWS
# # 'host' => 's3.amazonaws.com',
# # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
# # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
# # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
# }
# gitlab_rails['pages_local_store_enabled'] = true
# gitlab_rails['pages_local_store_path'] = "/var/opt/gitlab/gitlab-rails/shared/pages"
### Impersonation settings
# gitlab_rails['impersonation_enabled'] = true
### Disable jQuery and CSS animations
# gitlab_rails['disable_animations'] = false
### Application settings cache expiry in seconds. (default: 60)
# gitlab_rails['application_settings_cache_seconds'] = 60
### Usage Statistics
# gitlab_rails['usage_ping_enabled'] = true
### GitLab Mattermost
###! 如果 Mattermost 安装在同一个 omnibus 实例上,这些设置无效
# gitlab_rails['mattermost_host'] = "https://mattermost.example.com"
### LDAP 设置
###! 文档: https://docs.gitlab.com/ee/administration/auth/ldap/index.html
###! **注意不要破坏 ldap_servers 块的缩进。该块为 yaml 格式,必须保留空格。使用 tab 无效。**
# gitlab_rails['ldap_enabled'] = false
# gitlab_rails['prevent_ldap_sign_in'] = false
###! **记得用下方 'EOS' 结束此块**
# gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
# main: # 'main' is the GitLab 'provider ID' of this LDAP server
# label: 'LDAP'
# host: '_your_ldap_server'
# port: 389
# uid: 'sAMAccountName'
# bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
# password: '_the_password_of_the_bind_user'
# encryption: 'plain' # "start_tls" or "simple_tls" or "plain"
# verify_certificates: true
# smartcard_auth: false
# active_directory: true
# smartcard_ad_cert_field: 'altSecurityIdentities'
# smartcard_ad_cert_format: null # 'issuer_and_serial_number', 'issuer_and_subject' , 'principal_name'
# allow_username_or_email_login: false
# lowercase_usernames: false
# block_auto_created_users: false
# base: ''
# user_filter: ''
# ## EE only
# group_base: ''
# admin_group: ''
# sync_ssh_keys: false
#
# secondary: # 'secondary' is the GitLab 'provider ID' of second LDAP server
# label: 'LDAP'
# host: '_your_ldap_server'
# port: 389
# uid: 'sAMAccountName'
# bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
# password: '_the_password_of_the_bind_user'
# encryption: 'plain' # "start_tls" or "simple_tls" or "plain"
# verify_certificates: true
# smartcard_auth: false
# active_directory: true
# smartcard_ad_cert_field: 'altSecurityIdentities'
# smartcard_ad_cert_format: null # 'issuer_and_serial_number', 'issuer_and_subject' , 'principal_name'
# allow_username_or_email_login: false
# lowercase_usernames: false
# block_auto_created_users: false
# base: ''
# user_filter: ''
# ## EE only
# group_base: ''
# admin_group: ''
# sync_ssh_keys: false
# EOS
### 智能卡认证设置
###! 文档: https://docs.gitlab.com/ee/administration/auth/smartcard.html
# gitlab_rails['smartcard_enabled'] = false
# gitlab_rails['smartcard_ca_file'] = "/etc/gitlab/ssl/CA.pem"
# gitlab_rails['smartcard_client_certificate_required_host'] = 'smartcard.gitlab.example.com'
# gitlab_rails['smartcard_client_certificate_required_port'] = 3444
# gitlab_rails['smartcard_required_for_git_access'] = false
# gitlab_rails['smartcard_san_extensions'] = false
### OmniAuth 设置
###! 文档: https://docs.gitlab.com/ee/integration/omniauth.html
# gitlab_rails['omniauth_enabled'] = nil
# gitlab_rails['omniauth_allow_single_sign_on'] = ['saml']
# gitlab_rails['omniauth_sync_email_from_provider'] = 'saml'
# gitlab_rails['omniauth_sync_profile_from_provider'] = ['saml']
# gitlab_rails['omniauth_sync_profile_attributes'] = ['email']
# gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'saml'
# gitlab_rails['omniauth_block_auto_created_users'] = true
# gitlab_rails['omniauth_auto_link_ldap_user'] = false
# gitlab_rails['omniauth_auto_link_saml_user'] = false
# gitlab_rails['omniauth_auto_link_user'] = ['twitter']
# gitlab_rails['omniauth_external_providers'] = ['twitter', 'google_oauth2']
# gitlab_rails['omniauth_allow_bypass_two_factor'] = ['google_oauth2']
# gitlab_rails['omniauth_providers'] = [
# {
# "name" => "google_oauth2",
# "app_id" => "YOUR APP ID",
# "app_secret" => "YOUR APP SECRET",
# "args" => { "access_type" => "offline", "approval_prompt" => "" }
# }
# ]
# gitlab_rails['omniauth_cas3_session_duration'] = 28800
# gitlab_rails['omniauth_saml_message_max_byte_size'] = 250000
### OIDC 设置
# 配置自定义 ID Token 有效期(默认 120 秒)。
#! 文档: https://docs.gitlab.com/administration/auth/oidc/?tab=Linux+package+%28Omnibus%29#configure-a-custom-duration-for-id-tokens
# gitlab_rails['oidc_provider_openid_id_token_expire_in_seconds'] = 120
### JWT ID Token 设置
# 配置 CI JWT ID token 的自定义发行者 URL
# gitlab_rails['ci_id_tokens_issuer_url'] = https://example-oidc-configuration-bucket.s3.eu-north-1.amazonaws.com
### FortiAuthenticator 认证设置
# gitlab_rails['forti_authenticator_enabled'] = false
# gitlab_rails['forti_authenticator_host'] = 'forti_authenticator.example.com'
# gitlab_rails['forti_authenticator_port'] = 443
# gitlab_rails['forti_authenticator_username'] = 'admin'
# gitlab_rails['forti_authenticator_access_token'] = 's3cr3t'
### FortiToken Cloud 认证设置
# gitlab_rails['forti_token_cloud_enabled'] = false
# gitlab_rails['forti_token_cloud_client_id'] = 'forti_token_cloud_client_id'
# gitlab_rails['forti_token_cloud_client_secret'] = 's3cr3t'
### DuoAuth 认证设置
# gitlab_rails['duo_auth_enabled'] = false
# gitlab_rails['duo_auth_integration_key'] = 'duo_auth_integration_key'
# gitlab_rails['duo_auth_secret_key'] = 'duo_auth_secret_key'
# gitlab_rails['duo_auth_hostname'] = 'duo_auth.example.com'
### 备份设置
###! 文档: https://docs.gitlab.com/omnibus/settings/backups.html
# gitlab_rails['manage_backup_path'] = true
# gitlab_rails['backup_path'] = "/var/opt/gitlab/backups"
# gitlab_rails['backup_gitaly_backup_path'] = "/opt/gitlab/embedded/bin/gitaly-backup"
###! 文档: https://docs.gitlab.com/ee/administration/backup_restore/backup_gitlab.html#backup-archive-permissions
# gitlab_rails['backup_archive_permissions'] = 0644
# gitlab_rails['backup_pg_schema'] = 'public'
###! 保留备份允许删除前的秒数
# gitlab_rails['backup_keep_time'] = 604800
# gitlab_rails['backup_upload_connection'] = {
# 'provider' => 'AWS',
# 'region' => 'eu-west-1',
# 'aws_access_key_id' => 'AKIAKIAKI',
# 'aws_secret_access_key' => 'secret123',
# # # If IAM profile use is enabled, remove aws_access_key_id and aws_secret_access_key
# 'use_iam_profile' => false
# }
# gitlab_rails['backup_upload_remote_directory'] = 'my.s3.bucket'
# gitlab_rails['backup_multipart_chunk_size'] = 104857600
###! **开启 AWS S3 服务端加密(S3 管理密钥)用于备份**
# gitlab_rails['backup_encryption'] = 'AES256'
###! 加密备份时使用的密钥。
###! 设置此值将启用客户提供密钥的服务端加密;否则使用 S3 管理密钥。
# gitlab_rails['backup_encryption_key'] = '<base64-encoded encryption key>'
###! **开启 AWS SSE-KMS(AWS 管理但客户主密钥)服务端加密
# gitlab_rails['backup_upload_storage_options'] = {
# 'server_side_encryption' => 'aws:kms',
# 'server_side_encryption_kms_key_id' => 'arn:aws:kms:YOUR-KEY-ID-HERE'
# }
###! **指定用于备份的 Amazon S3 存储类型。有效值包括 'STANDARD'、'STANDARD_IA' 和 'REDUCED_REDUNDANCY'**
# gitlab_rails['backup_storage_class'] = 'STANDARD'
###! 跳过部分备份。用逗号分隔。
###! 文档: https://docs.gitlab.com/ee/administration/backup_restore/backup_gitlab.html#excluding-specific-data-from-the-backup
#gitlab_rails['env'] = {
# "SKIP" => "db,uploads,repositories,builds,artifacts,lfs,registry,pages"
#}
### Gitaly 设置
# gitlab_rails['gitaly_token'] = 'secret token'
# gitlab_rails['repositories_storages'] = {
# 'default' => {
# 'gitaly_address' => 'tcp://praefect-lb:2305',
# 'gitaly_token' => 'secret_token'
# }
# }
### 用于存储 GitLab 应用上传内容,如 LFS 对象、构建产物
###! 文档: https://docs.gitlab.com/ee/development/shared_files.html
# gitlab_rails['shared_path'] = '/var/opt/gitlab/gitlab-rails/shared'
### 用于存储加密配置文件
###! 文档: https://docs.gitlab.com/ee/administration/encrypted_configuration.html
# gitlab_rails['encrypted_settings_path'] = '/var/opt/gitlab/gitlab-rails/shared/encrypted_settings'
### 等待文件系统挂载
###! 文档: https://docs.gitlab.com/omnibus/settings/configuration.html#start-linux-package-installation-services-only-after-a-given-file-system-is-mounted
# high_availability['mountpoint'] = ["/var/opt/gitlab/git-data", "/var/opt/gitlab/gitlab-rails/shared"]
### GitLab Shell 设置
# gitlab_rails['gitlab_shell_ssh_port'] = 22
# gitlab_rails['gitlab_shell_git_timeout'] = 800
### 额外自定义
# gitlab_rails['extra_google_analytics_id'] = '_your_tracking_id'
# gitlab_rails['extra_google_tag_manager_id'] = '_your_tracking_id'
# gitlab_rails['extra_one_trust_id'] = '_your_one_trust_id'
# gitlab_rails['extra_google_tag_manager_nonce_id'] = '_your_google_tag_manager_id'
# gitlab_rails['extra_bizible'] = false
# gitlab_rails['extra_matomo_url'] = '_your_matomo_url'
# gitlab_rails['extra_matomo_site_id'] = '_your_matomo_site_id'
# gitlab_rails['extra_matomo_disable_cookies'] = false
# gitlab_rails['extra_maximum_text_highlight_size_kilobytes'] = 512
##! 文档: https://docs.gitlab.com/omnibus/settings/environment-variables.html
# gitlab_rails['env'] = {
# 'BUNDLE_GEMFILE' => "/opt/gitlab/embedded/service/gitlab-rails/Gemfile",
# 'PATH' => "/opt/gitlab/bin:/opt/gitlab/embedded/bin:/bin:/usr/bin"
# }
# gitlab_rails['rack_attack_git_basic_auth'] = {
# 'enabled' => false,
# 'ip_whitelist' => ["127.0.0.1"],
# 'maxretry' => 10,
# 'findtime' => 60,
# 'bantime' => 3600
# }
# gitlab_rails['dir'] = "/var/opt/gitlab/gitlab-rails"
# gitlab_rails['log_directory'] = "/var/log/gitlab/gitlab-rails"
# gitlab_rails['log_group'] = nil
#### 更改初始默认管理员密码和共享 runner 注册令牌。
####! **仅首次初始化时有效,数据库创建并初始化后更改无效。**
# gitlab_rails['initial_root_password'] = "password"
# gitlab_rails['initial_shared_runners_registration_token'] = "token"
### 产品使用数据
# 此设置用于启用 GitLab 实例的产品使用数据。
# 仅在首次安装时读取。GitLab 运行后应在管理页面 UI 切换此设置。
# gitlab_rails['initial_gitlab_product_usage_data'] = nil
#### 是否在初始化时将 root 密码打印到 STDOUT
# gitlab_rails['display_initial_root_password'] = false
#### 是否将初始 root 密码写入 /etc/gitlab/initial_root_password
# gitlab_rails['store_initial_root_password'] = true
#### 设置初始化时使用的许可证路径。
####! **仅首次初始化时有效,后续许可证更新需通过 UI 完成。
####! 首次 reconfigure 后更新此路径无效。
# gitlab_rails['initial_license_file'] = '/etc/gitlab/company.gitlab-license'
####! 启用或禁用自动数据库迁移
# gitlab_rails['auto_migrate'] = true
####! 此为高级功能,适用于大型 GitLab 部署,RAILS 环境加载耗时较长。
# gitlab_rails['rake_cache_clear'] = true
### GitLab 数据库设置
###! 文档: https://docs.gitlab.com/omnibus/settings/database.html
###! **仅在使用外部数据库时需要。**
# gitlab_rails['db_adapter'] = "postgresql"
# gitlab_rails['db_encoding'] = "unicode"
# gitlab_rails['db_collation'] = nil
# gitlab_rails['db_database'] = "gitlabhq_production"
# gitlab_rails['db_username'] = "gitlab"
# gitlab_rails['db_password'] = nil
# gitlab_rails['db_host'] = nil
# gitlab_rails['db_port'] = 5432
# gitlab_rails['db_socket'] = nil
# gitlab_rails['db_sslmode'] = nil
# gitlab_rails['db_sslcompression'] = 0
# gitlab_rails['db_sslrootcert'] = nil
# gitlab_rails['db_sslcert'] = nil
# gitlab_rails['db_sslkey'] = nil
# gitlab_rails['db_prepared_statements'] = false
# gitlab_rails['db_statements_limit'] = 1000
# gitlab_rails['db_connect_timeout'] = nil
# gitlab_rails['db_keepalives'] = nil
# gitlab_rails['db_keepalives_idle'] = nil
# gitlab_rails['db_keepalives_interval'] = nil
# gitlab_rails['db_keepalives_count'] = nil
# gitlab_rails['db_tcp_user_timeout'] = nil
# gitlab_rails['db_application_name'] = nil
# gitlab_rails['db_database_tasks'] = true
##! 生成额外数据库配置的命令
# gitlab_rails['db_extra_config_command'] = nil
### Gitlab 分解数据库设置
###! 文档: https://docs.gitlab.com/omnibus/settings/database.html
# gitlab_rails['databases']['main']['db_database'] = 'gitlabhq_production'
# gitlab_rails['databases']['main']['database_tasks'] = true
# gitlab_rails['databases']['ci']['enable'] = true
# gitlab_rails['databases']['ci']['db_database'] = 'gitlabhq_production'
# gitlab_rails['databases']['ci']['database_tasks'] = false
### GitLab ClickHouse 连接设置
###! 实验性
# gitlab_rails['clickhouse_databases']['main']['database'] = 'dbname'
# gitlab_rails['clickhouse_databases']['main']['url'] = 'https://example.com/path'
# gitlab_rails['clickhouse_databases']['main']['username'] = 'gitlab'
# gitlab_rails['clickhouse_databases']['main']['password'] = 'password'
### GitLab Redis 设置
###! 连接自有 Redis 实例
###! 文档: https://docs.gitlab.com/omnibus/settings/redis.html
#### Redis TCP 连接
# gitlab_rails['redis_host'] = "127.0.0.1"
# gitlab_rails['redis_port'] = 6379
# gitlab_rails['redis_ssl'] = false
# gitlab_rails['redis_password'] = nil
# gitlab_rails['redis_database'] = 0
# gitlab_rails['redis_enable_client'] = true
# gitlab_rails['redis_tls_ca_cert_dir'] = '/opt/gitlab/embedded/ssl/certs/'
# gitlab_rails['redis_tls_ca_cert_file'] = '/opt/gitlab/embedded/ssl/certs/cacert.pem'
# gitlab_rails['redis_tls_client_cert_file'] = nil
# gitlab_rails['redis_tls_client_key_file'] = nil
# gitlab_rails['redis_connect_timeout'] = nil
# gitlab_rails['redis_read_timeout'] = nil
# gitlab_rails['redis_write_timeout'] = nil
#### Redis 本地 UNIX socket(如使用 TCP 则禁用)
# gitlab_rails['redis_socket'] = "/var/opt/gitlab/redis/redis.socket"
#### Cells
# gitlab_rails['cell'] = {
# enabled: false,
# id: nil,
# database: {
# skip_sequence_alteration: false
# },
# topology_service_client: {
# address: 'topology-service.gitlab.example.com:443',
# ca_file: 'path/to/your/ca/.pem',
# certificate_file: 'path/to/your/cert/.pem',
# private_key_file: 'path/to/your/key/.pem'
# }
# }
#### 会话 cookie 设置
# gitlab_rails['session_store_session_cookie_token_prefix'] = ''
#### Sentinel 支持
####! 要启用 Sentinel,需先启用 Redis TCP 连接支持
####! 并在下方定义若干 Sentinel 主机(可靠配置建议至少 3 个主机)。
####! **无需列出所有 sentinel 主机,未列出的主机在故障转移时不会用于查询新主机。**
# gitlab_rails['redis_sentinels'] = [
# {'host' => '127.0.0.1', 'port' => 26379},
# ]
# gitlab_rails['redis_sentinels_password'] = 'sentinel-requirepass-goes-here'
# gitlab_rails['redis_sentinel_master'] = nil
# gitlab_rails['redis_sentinel_master_ip'] = nil
# gitlab_rails['redis_sentinel_master_port'] = nil
#### 集群支持
####! 集群支持仅适用于部分 Redis 实例。为保持与 GitLab rails 应用的完全兼容,`resque.yml` 不支持集群模式。
####!
####! 要使 Redis 集群工作,您必须声明 `redis_{instance}_cluster_nodes`
####! 如果 Redis 服务器启用了 ACL,则需要 `redis_{instance}_username` 和 `redis_{instance}_password`。
# gitlab_rails['redis_xxxx_cluster_nodes'] = [
# {'host' => '127.0.0.1', 'port' => 6379},
# ]
#### 单独实例支持
####! 文档: https://docs.gitlab.com/omnibus/settings/redis.html#running-with-multiple-redis-instances
# gitlab_rails['redis_cache_instance'] = nil
# gitlab_rails['redis_cache_sentinels'] = nil
# gitlab_rails['redis_cache_sentinels_password'] = nil
# gitlab_rails['redis_cache_username'] = nil
# gitlab_rails['redis_cache_password'] = nil
# gitlab_rails['redis_cache_cluster_nodes'] = nil
# gitlab_rails['redis_cache_tls_ca_cert_dir'] = '/opt/gitlab/embedded/ssl/certs/'
# gitlab_rails['redis_cache_tls_ca_cert_file'] = '/opt/gitlab/embedded/ssl/certs/cacert.pem'
# gitlab_rails['redis_cache_tls_client_cert_file'] = nil
# gitlab_rails['redis_cache_tls_client_key_file'] = nil
# gitlab_rails['redis_queues_instance'] = nil
# gitlab_rails['redis_queues_sentinels'] = nil
# gitlab_rails['redis_queues_sentinels_password'] = nil
# gitlab_rails['redis_queues_username'] = nil
# gitlab_rails['redis_queues_password'] = nil
# gitlab_rails['redis_queues_cluster_nodes'] = nil
# gitlab_rails['redis_queues_tls_ca_cert_dir'] = '/opt/gitlab/embedded/ssl/certs/'
# gitlab_rails['redis_queues_tls_ca_cert_file'] = '/opt/gitlab/embedded/ssl/certs/cacert.pem'
# gitlab_rails['redis_queues_tls_client_cert_file'] = nil
# gitlab_rails['redis_queues_tls_client_key_file'] = nil
# gitlab_rails['redis_shared_state_instance'] = nil
# gitlab_rails['redis_shared_state_sentinels'] = nil
# gitlab_rails['redis_shared_state_sentinels_password'] = nil
# gitlab_rails['redis_shared_state_username'] = nil
# gitlab_rails['redis_shared_state_password'] = nil
# gitlab_rails['redis_shared_state_cluster_nodes'] = nil
# gitlab_rails['redis_shared_state_tls_ca_cert_dir'] = '/opt/gitlab/embedded/ssl/certs/'
# gitlab_rails['redis_shared_state_tls_ca_cert_file'] = '/opt/gitlab/embedded/ssl/certs/cacert.pem'
# gitlab_rails['redis_shared_state_tls_client_cert_file'] = nil
# gitlab_rails['redis_shared_state_tls_client_key_file'] = nil
# gitlab_rails['redis_trace_chunks_instance'] = nil
# gitlab_rails['redis_trace_chunks_sentinels'] = nil
# gitlab_rails['redis_trace_chunks_sentinels_password'] = nil
# gitlab_rails['redis_trace_chunks_username'] = nil
# gitlab_rails['redis_trace_chunks_password'] = nil
# gitlab_rails['redis_trace_chunks_cluster_nodes'] = nil
# gitlab_rails['redis_trace_chunks_tls_ca_cert_dir'] = '/opt/gitlab/embedded/ssl/certs/'
# gitlab_rails['redis_trace_chunks_tls_ca_cert_file'] = '/opt/gitlab/embedded/ssl/certs/cacert.pem'
# gitlab_rails['redis_trace_chunks_tls_client_cert_file'] = nil
# gitlab_rails['redis_trace_chunks_tls_client_key_file'] = nil
# gitlab_rails['redis_actioncable_instance'] = nil
# gitlab_rails['redis_actioncable_sentinels'] = nil
# gitlab_rails['redis_actioncable_sentinels_password'] = nil
# gitlab_rails['redis_actioncable_username'] = nil
# gitlab_rails['redis_actioncable_password'] = nil
# gitlab_rails['redis_actioncable_cluster_nodes'] = nil
# gitlab_rails['redis_actioncable_tls_ca_cert_dir'] = '/opt/gitlab/embedded/ssl/certs/'
# gitlab_rails['redis_actioncable_tls_ca_cert_file'] = '/opt/gitlab/embedded/ssl/certs/cacert.pem'
# gitlab_rails['redis_actioncable_tls_client_cert_file'] = nil
# gitlab_rails['redis_actioncable_tls_client_key_file'] = nil
# gitlab_rails['redis_rate_limiting_instance'] = nil
# gitlab_rails['redis_rate_limiting_sentinels'] = nil
# gitlab_rails['redis_rate_limiting_sentinels_password'] = nil
# gitlab_rails['redis_rate_limiting_username'] = nil
# gitlab_rails['redis_rate_limiting_password'] = nil
# gitlab_rails['redis_rate_limiting_cluster_nodes'] = nil
# gitlab_rails['redis_rate_limiting_tls_ca_cert_dir'] = '/opt/gitlab/embedded/ssl/certs/'
# gitlab_rails['redis_rate_limiting_tls_ca_cert_file'] = '/opt/gitlab/embedded/ssl/certs/cacert.pem'
# gitlab_rails['redis_rate_limiting_tls_client_cert_file'] = nil
# gitlab_rails['redis_rate_limiting_tls_client_key_file'] = nil
# gitlab_rails['redis_sessions_instance'] = nil
# gitlab_rails['redis_sessions_sentinels'] = nil
# gitlab_rails['redis_sessions_sentinels_password'] = nil
# gitlab_rails['redis_sessions_username'] = nil
# gitlab_rails['redis_sessions_password'] = nil
# gitlab_rails['redis_sessions_cluster_nodes'] = nil
# gitlab_rails['redis_sessions_tls_ca_cert_dir'] = '/opt/gitlab/embedded/ssl/certs/'
# gitlab_rails['redis_sessions_tls_ca_cert_file'] = '/opt/gitlab/embedded/ssl/certs/cacert.pem'
# gitlab_rails['redis_sessions_tls_client_cert_file'] = nil
# gitlab_rails['redis_sessions_tls_client_key_file'] = nil
# gitlab_rails['redis_cluster_rate_limiting_instance'] = nil
# gitlab_rails['redis_cluster_rate_limiting_sentinels'] = nil
# gitlab_rails['redis_cluster_rate_limiting_sentinels_password'] = nil
# gitlab_rails['redis_cluster_rate_limiting_username'] = nil
# gitlab_rails['redis_cluster_rate_limiting_password'] = nil
# gitlab_rails['redis_cluster_rate_limiting_cluster_nodes'] = nil
# gitlab_rails['redis_cluster_rate_limiting_tls_ca_cert_dir'] = '/opt/gitlab/embedded/ssl/certs/'
# gitlab_rails['redis_cluster_rate_limiting_tls_ca_cert_file'] = '/opt/gitlab/embedded/ssl/certs/cacert.pem'
# gitlab_rails['redis_cluster_rate_limiting_tls_client_cert_file'] = nil
# gitlab_rails['redis_cluster_rate_limiting_tls_client_key_file'] = nil
# gitlab_rails['redis_repository_cache_instance'] = nil
# gitlab_rails['redis_repository_cache_sentinels'] = nil
# gitlab_rails['redis_repository_cache_sentinels_password'] = nil
# gitlab_rails['redis_repository_cache_username'] = nil
# gitlab_rails['redis_repository_cache_password'] = nil
# gitlab_rails['redis_repository_cache_cluster_nodes'] = nil
# gitlab_rails['redis_repository_cache_tls_ca_cert_dir'] = '/opt/gitlab/embedded/ssl/certs/'
# gitlab_rails['redis_repository_cache_tls_ca_cert_file'] = '/opt/gitlab/embedded/ssl/certs/cacert.pem'
# gitlab_rails['redis_repository_cache_tls_client_cert_file'] = nil
# gitlab_rails['redis_repository_cache_tls_client_key_file'] = nil
# gitlab_rails['redis_workhorse_instance'] = nil
# gitlab_rails['redis_workhorse_sentinels'] = nil
# gitlab_rails['redis_workhorse_sentinels_password'] = nil
# gitlab_rails['redis_workhorse_username'] = nil
# gitlab_rails['redis_workhorse_password'] = nil
# gitlab_rails['redis_workhorse_cluster_nodes'] = nil
# gitlab_rails['redis_workhorse_tls_ca_cert_dir'] = '/opt/gitlab/embedded/ssl/certs/'
# gitlab_rails['redis_workhorse_tls_ca_cert_file'] = '/opt/gitlab/embedded/ssl/certs/cacert.pem'
# gitlab_rails['redis_workhorse_tls_client_cert_file'] = nil
# gitlab_rails['redis_workhorse_tls_client_key_file'] = nil
# gitlab_rails['redis_workhorse_sentinel_master'] = nil
# gitlab_rails['redis_yml_override'] = nil
################################################################################
## Container Registry 设置
##! 文档: https://docs.gitlab.com/ee/administration/packages/container_registry.html
################################################################################
# registry_external_url 'https://registry.example.com'
### Settings used by GitLab application
# gitlab_rails['registry_enabled'] = true
# gitlab_rails['registry_host'] = "registry.gitlab.example.com"
# gitlab_rails['registry_port'] = "5005"
# gitlab_rails['registry_path'] = "/var/opt/gitlab/gitlab-rails/shared/registry"
###! 通知密钥,用于认证发往 GitLab 应用的通知请求
###! 仅在使用外部 Registry 服务时需更改,否则
###! 会直接从 Registry 的通知设置中获取
# gitlab_rails['registry_notification_secret'] = nil
###! **除非非常清楚,否则不要更改以下 3 个设置**
# gitlab_rails['registry_api_url'] = "http://127.0.0.1:5000"
# gitlab_rails['registry_key_path'] = "/var/opt/gitlab/gitlab-rails/certificate.key"
# gitlab_rails['registry_issuer'] = "omnibus-gitlab-issuer"
### Settings used by Registry application
# registry['enable'] = true
# registry['username'] = "registry"
# registry['group'] = "registry"
# registry['uid'] = nil
# registry['gid'] = nil
# registry['dir'] = "/var/opt/gitlab/registry"
# registry['shell'] = "/usr/sbin/nologin"
# registry['registry_http_addr'] = "127.0.0.1:5000"
# registry['debug_addr'] = "localhost:5001"
# registry['log_directory'] = "/var/log/gitlab/registry"
# registry['env_directory'] = "/opt/gitlab/etc/registry/env"
# registry['env'] = {
# 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/",
# 'GODEBUG' => "tlsmlkem=0",
# }
# registry['log_level'] = "info"
# registry['log_formatter'] = "text"
# registry['rootcertbundle'] = "/var/opt/gitlab/registry/certificate.crt"
# registry['health_storagedriver_enabled'] = true
# registry['middleware'] = nil
# registry['storage_delete_enabled'] = true
# registry['validation_enabled'] = false
# registry['autoredirect'] = false
# registry['compatibility_schema1_enabled'] = false
### Registry 后端存储
###! 文档: https://docs.gitlab.com/ee/administration/packages/container_registry.html#configure-storage-for-the-container-registry
# registry['storage'] = {
# 's3' => {
# 'accesskey' => 's3-access-key',
# 'secretkey' => 's3-secret-key-for-access-key',
# 'bucket' => 'your-s3-bucket',
# 'region' => 'your-s3-region',
# 'regionendpoint' => 'your-s3-regionendpoint'
# },
# 'redirect' => {
# 'disable' => false
# }
# }
### Registry 数据库
###! 文档: https://docs.gitlab.com/ee/administration/packages/container_registry_metadata_database.html#new-installations
# registry['auto_migrate'] = true
# registry['database'] = {
# 'enabled' => false,
# 'host' => 'localhost',
# 'port' => 5432,
# 'user' => 'registry',
# 'password' => 'registry',
# 'dbname' => 'registry',
# 'sslmode' => 'prefer',
# 'sslcert' => '/path/to/client.crt',
# 'sslkey' => '/path/to/client.key',
# 'sslrootcert' => '/path/to/root.crt',
# 'connecttimeout' => '5s',
# 'draintimeout' => '2m',
# 'preparedstatements' => false,
# 'primary' => 'primary.record.fqdn',
# 'pool' => {
# 'maxidle' => 25,
# 'maxopen' => 25,
# 'maxlifetime' => '5m'
# }
# }
### Registry 垃圾回收
###! 文档: https://gitlab.com/gitlab-org/container-registry/-/blob/master/docs/configuration.md?ref_type=heads#gc
# registry['gc'] = {
# 'disabled' => false,
# 'maxbackoff' => '24h',
# 'noidlebackoff' => false,
# 'transactiontimeout' => '10s',
# 'reviewafter' => '24h',
# 'manifests' => {
# 'disabled' => false,
# 'interval' => '5s'
# },
# 'blobs' => {
# 'disabled' => false,
# 'interval' => '5s',
# 'storagetimeout' => '5s'
# }
# }
### Registry 报告
###! 文档: https://gitlab.com/gitlab-org/container-registry/-/blob/master/docs/configuration.md?ref_type=heads#reporting
# registry['reporting'] = {
# 'sentry' => {
# 'enabled' => true,
# 'dsn' => 'https://<key>@sentry.io/<project>',
# 'environment' => 'production'
# }
# }
### Registry 通知端点
# registry['notifications'] = [
# {
# 'name' => 'test_endpoint',
# 'url' => 'https://gitlab.example.com/notify2',
# 'timeout' => '500ms',
# 'threshold' => 5, # DEPRECATED: use maxretries instead https://gitlab.com/gitlab-org/container-registry/-/issues/1243
# 'maxretries' => 5,
# 'backoff' => '1s',
# 'headers' => {
# "Authorization" => ["AUTHORIZATION_EXAMPLE_TOKEN"]
# }
# }
# ]
### 默认 registry 通知
# registry['default_notifications_timeout'] = "500ms"
# registry['default_notifications_threshold'] = 5
# registry['default_notifications_maxretries'] = 5
# registry['default_notifications_backoff'] = "1s"
# registry['default_notifications_headers'] = {}
### Registry Redis
# registry['redis'] = {
# 'loadbalancing' => {
# 'enabled' => true,
# 'addr' => 'localhost:16379,localhost:26379',
# 'username' => 'registry',
# 'password' => 'secret',
# 'db' => 0,
# 'dialtimeout' => '10ms',
# 'readtimeout' => '10ms',
# 'writetimeout' => '10ms',
# 'tls' => {
# 'enabled' => true,
# 'insecure' => true
# },
# 'pool' => {
# 'size' => 10,
# 'maxlifetime' => '1h',
# 'idletimeout' => '300s'
# }
# }
# }
################################################################################
## Sentry 错误报告与日志
################################################################################
# gitlab_rails['sentry_enabled'] = false
# gitlab_rails['sentry_dsn'] = 'https://<key>@sentry.io/<project>'
# gitlab_rails['sentry_clientside_dsn'] = 'https://<key>@sentry.io/<project>'
# gitlab_rails['sentry_environment'] = 'production'
################################################################################
## GitLab 主力
##!文档:https://gitlab.com/gitlab-org/gitlab/-/blob/master/workhorse/README.md
################################################################################
# gitlab_workhorse['enable'] = true
# gitlab_workhorse['ha'] = false
# gitlab_workhorse['alt_document_root'] = nil
##!等待所有请求完成的持续时间(例如,“10s”表示 10秒)。默认情况下,这是禁用的,以保留现有的
##!快速关机行为。这不应设置为高于 30秒,因为 gitlab-ctl 将等待长达 30 秒(如SVWAIT 变量),如果进程没有关闭。
# gitlab_workhorse['shutdown_timeout'] = nil
# gitlab_workhorse['listen_network'] = "unix"
# gitlab_workhorse['listen_umask'] = 000
# gitlab_workhorse['listen_addr'] = "/var/opt/gitlab/gitlab-workhorse/sockets/socket"
# gitlab_workhorse['auth_backend'] = "http://localhost:8080"
##! 启用 Redis keywatcher,未设置时默认为 true
# gitlab_workhorse['workhorse_keywatcher'] = true
##! 空字符串为 gitlab-workhorse 选项解析器的默认值
# gitlab_workhorse['auth_socket'] = "''"
##! 在命令行上放置空字符串
# gitlab_workhorse['pprof_listen_addr'] = "''"
# gitlab_workhorse['prometheus_listen_addr'] = "localhost:9229"
# gitlab_workhorse['dir'] = "/var/opt/gitlab/gitlab-workhorse"
# gitlab_workhorse['log_directory'] = "/var/log/gitlab/gitlab-workhorse"
# gitlab_workhorse['proxy_headers_timeout'] = "1m0s"
##! 限制并发 API 请求数,默认 0 表示无限制
# gitlab_workhorse['api_limit'] = 0
##! 限制允许排队的 API 请求数,默认 0 表示禁用排队
# gitlab_workhorse['api_queue_limit'] = 0
##! 请求在队列中等待超时的时长
# gitlab_workhorse['api_queue_duration'] = "30s"
##! CI 任务请求 runner 的长轮询时长
# gitlab_workhorse['api_ci_long_polling_duration'] = "60s"
##! 若有则传递 X-Request-Id,否则 Workhorse 会生成随机值。
# gitlab_workhorse['propagate_correlation_id'] = false
##! 允许传递关联 ID 的 CIDR 块列表。
##! 需同时设置 propagate_correlation_id 为 true。
##! 例如:%w(127.0.0.1/32 192.168.0.1/32)
# gitlab_workhorse['trusted_cidrs_for_propagation'] = nil
##! 必须匹配远程 IP 地址的 CIDR 块列表,才能用 X-Forwarded-For HTTP 头作为实际客户端 IP。
##! 与 propagate_correlation_id 和 trusted_cidrs_for_propagation 配合使用。
##! 例如:%w(127.0.0.1/32 192.168.0.1/32)
# gitlab_workhorse['trusted_cidrs_for_x_forwarded_for'] = nil
##! 日志格式:默认 json,也可为 text 或 none。
# gitlab_workhorse['log_format'] = "json"
# gitlab_workhorse['env_directory'] = "/opt/gitlab/etc/gitlab-workhorse/env"
# gitlab_workhorse['env'] = {
# 'PATH' => "/opt/gitlab/bin:/opt/gitlab/embedded/bin:/bin:/usr/bin",
# 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/".
# 'GODEBUG' => "tlsmlkem=0",
# }
##! 动态图片缩放器的资源限制。
##! 超过阈值时 Workhorse 会以原始尺寸提供图片。
##!
##! 允许并发执行的缩放进程最大数。建议不超过 CPU 数量。
# gitlab_workhorse['image_scaler_max_procs'] = 4
##!
##! 图片可缩放的最大文件大小(字节)
# gitlab_workhorse['image_scaler_max_filesize'] = 250000
##! 用于将 GitLab Workhorse 注册为 Consul 服务的服务名
# gitlab_workhorse['consul_service_name'] = 'workhorse'
##! 注册 GitLab Workhorse 为 Consul 服务时使用的语义元数据
# gitlab_workhorse['consul_service_meta'] = {}
##! Workhorse 专用 Redis 设置
##! 当 Workhorse 需使用不同于其他组件的 Redis 实例时使用。
##! 此处设置应与 `gitlab_rails['redis_workhorse_*']` 保持一致(如有设置)。如未设置,则从下方值推断。
##! `gitlab_rails['redis_workhorse_*']` 告诉 Rails 应用发布消息的 Redis,
##! `gitlab_workhorse['redis_*']` 告诉 Workhorse 订阅消息的 Redis。
##! 因此两者需一致。
# gitlab_workhorse['redis_socket'] = "/var/opt/gitlab/redis/redis.socket"
# gitlab_workhorse['redis_host'] = "127.0.0.1"
# gitlab_workhorse['redis_port'] = nil
# gitlab_workhorse['redis_database'] = nil
# gitlab_workhorse['redis_username'] = nil
# gitlab_workhorse['redis_password'] = nil
# gitlab_workhorse['redis_ssl'] = false
# gitlab_workhorse['redis_cluster_nodes'] = []
# gitlab_workhorse['redis_sentinels'] = []
# gitlab_workhorse['redis_sentinels_password'] = nil
# gitlab_workhorse['redis_sentinel_master'] = nil
# gitlab_workhorse['redis_sentinel_master_ip'] = nil
# gitlab_workhorse['redis_sentinel_master_port'] = nil
##! 生成额外配置的命令
# gitlab_workhorse['extra_config_command'] = nil
##! 元数据配置部分
# gitlab_workhorse['metadata_zip_reader_limit_bytes'] = nil
################################################################################
## GitLab 用户设置
##! 修改默认 git 用户。
##! 文档:https://docs.gitlab.com/omnibus/settings/configuration.html#change-the-name-of-the-git-user-or-group
################################################################################
# user['username'] = "git"
# user['group'] = "git"
# user['uid'] = nil
# user['gid'] = nil
##! git 用户的 shell
# user['shell'] = "/bin/sh"
##! git 用户的主目录
# user['home'] = "/var/opt/gitlab"
# user['git_user_name'] = "GitLab"
# user['git_user_email'] = "gitlab@#{node['fqdn']}"
################################################################################
## GitLab Puma
##! 调整 puma 设置。
##! 文档:https://docs.gitlab.com/ee/administration/operations/puma.html
################################################################################
# puma['enable'] = true
# puma['ha'] = false
# puma['worker_timeout'] = 60
# puma['worker_processes'] = 2
# puma['min_threads'] = 4
# puma['max_threads'] = 4
### 高级设置
# puma['listen'] = '127.0.0.1'
# puma['port'] = 8080
# puma['socket'] = '/var/opt/gitlab/gitlab-rails/sockets/gitlab.socket'
# puma['somaxconn'] = 2048
### SSL 设置
# puma['ssl_listen'] = nil
# puma['ssl_port'] = nil
# puma['ssl_certificate'] = nil
# puma['ssl_certificate_key'] = nil
# puma['ssl_client_certificate'] = nil
# puma['ssl_cipher_filter'] = nil
# puma['ssl_key_password_command'] = nil
# puma['ssl_verify_mode'] = 'none'
# puma['pidfile'] = '/opt/gitlab/var/puma/puma.pid'
# puma['state_path'] = '/opt/gitlab/var/puma/puma.state'
###! **不建议更改此设置**
# puma['log_directory'] = "/var/log/gitlab/puma"
###! **仅在充分理解含义时更改这些设置**
###! 文档:https://github.com/schneems/puma_worker_killer
# puma['per_worker_max_memory_mb'] = 1024
# puma['exporter_enabled'] = false
# puma['exporter_address'] = "127.0.0.1"
# puma['exporter_port'] = 8083
# puma['exporter_tls_enabled'] = false
# puma['exporter_tls_cert_path'] = ""
# puma['exporter_tls_key_path'] = ""
# puma['prometheus_scrape_scheme'] = 'http'
# puma['prometheus_scrape_tls_server_name'] = 'localhost'
# puma['prometheus_scrape_tls_skip_verification'] = false
##! 用于将 Puma 注册为 Consul 服务的服务名
# puma['consul_service_name'] = 'rails'
##! 注册 Puma 为 Consul 服务时使用的语义元数据
# puma['consul_service_meta'] = {}
################################################################################
## GitLab Sidekiq
################################################################################
##! GitLab 支持启动多个 sidekiq 进程。
##! 这些进程可用于消费专用队列。
##! 可确保特定队列能处理更多工作负载。
##! https://docs.gitlab.com/ee/administration/sidekiq/extra_sidekiq_processes.html
# sidekiq['enable'] = true
# sidekiq['log_directory'] = "/var/log/gitlab/sidekiq"
# sidekiq['log_format'] = "json"
# sidekiq['shutdown_timeout'] = 4
# sidekiq['interval'] = nil
# sidekiq['concurrency'] = 20
##! GitLab 支持通过 routing rules 数组将任务路由到特定队列。
##! 每条规则为队列选择器查询和对应队列的元组。默认未配置(空数组)。
# sidekiq['routing_rules'] = []
##! queue_groups 数组每项表示需由 Sidekiq 进程处理的一组队列。
##! 多个队列可由同一进程处理,组内用逗号分隔,`*` 表示处理所有队列。
# sidekiq['queue_groups'] = ['*']
##! 指定 Sidekiq 进程的 Prometheus 指标端点。
# sidekiq['metrics_enabled'] = true
# sidekiq['exporter_log_enabled'] = false
# sidekiq['exporter_tls_enabled'] = false
# sidekiq['exporter_tls_cert_path'] = ""
# sidekiq['exporter_tls_key_path'] = ""
# sidekiq['listen_address'] = "localhost"
# sidekiq['listen_port'] = 8082
##! 指定 Sidekiq 进程的健康检查端点。
##! 默认与 Prometheus 指标设置相同(见上)。
# sidekiq['health_checks_enabled'] = true
# sidekiq['health_checks_listen_address'] = "localhost"
# sidekiq['health_checks_listen_port'] = 8092
##! 用于将 Sidekiq 注册为 Consul 服务的服务名
# sidekiq['consul_service_name'] = 'sidekiq'
##! 注册 Sidekiq 为 Consul 服务时使用的语义元数据
# sidekiq['consul_service_meta'] = {}
################################################################################
## gitlab-shell
################################################################################
# gitlab_shell['audit_usernames'] = false
# gitlab_shell['log_level'] = 'INFO'
# gitlab_shell['log_format'] = 'json'
# gitlab_shell['http_settings'] = { user: 'username', password: 'password', ca_file: '/etc/ssl/cert.pem', ca_path: '/etc/pki/tls/certs'}
# gitlab_shell['log_directory'] = "/var/log/gitlab/gitlab-shell"
# gitlab_shell['auth_file'] = "/var/opt/gitlab/.ssh/authorized_keys"
### Git trace 日志文件。
###! 设置后,git 命令会收到 GIT_TRACE* 环境变量
###! 文档:https://git-scm.com/book/en/v2/Git-Internals-Environment-Variables#_debugging
###! 绝对路径(以 / 开头)——跟踪输出会追加到该文件。
###! 需确保文件存在以检查权限,避免向用户抛出警告。
# gitlab_shell['git_trace_log_file'] = "/var/log/gitlab/gitlab-shell/gitlab-shell-git-trace.log"
##! **不建议更改此目录。**
# gitlab_shell['dir'] = "/var/opt/gitlab/gitlab-shell"
# gitlab_shell['lfs_pure_ssh_protocol'] = false
# gitlab_shell['pat'] = { enabled: true, allowed_scopes: [] }
################################################################################
## gitlab-sshd
################################################################################
# gitlab_sshd['enable'] = false
# gitlab_sshd['generate_host_keys'] = true
# gitlab_sshd['dir'] = "/var/opt/gitlab/gitlab-sshd"
###! gitlab-sshd 大部分日志输出到 /var/log/gitlab/gitlab-shell/gitlab-shell.log。
###! 此目录仅存储守护进程的 stdout/stderr 输出。
# gitlab_sshd['log_directory'] = "/var/log/gitlab/gitlab-sshd/"
# gitlab_sshd['env_directory'] = '/opt/gitlab/etc/gitlab-sshd/env'
# gitlab_sshd['listen_address'] = 'localhost:2222'
# gitlab_sshd['metrics_address'] = 'localhost:9122'
# gitlab_sshd['concurrent_sessions_limit'] = 100
# gitlab_sshd['proxy_protocol'] = false
# gitlab_sshd['proxy_policy'] = 'use'
# gitlab_sshd['proxy_header_timeout'] = '500ms'
# gitlab_sshd['grace_period'] = 55
# gitlab_sshd['client_alive_interval'] = nil
# gitlab_sshd['ciphers'] = nil
# gitlab_sshd['kex_algorithms'] = nil
# gitlab_sshd['macs'] = nil
##! 要接受的公钥算法列表。
##! 例如:%w(ssh-ed25519 ecdsa-sha2-nistp256 rsa-sha2-256 rsa-sha2-512)
# gitlab_sshd['public_key_algorithms'] = nil
# gitlab_sshd['login_grace_time'] = 60
# gitlab_sshd['host_keys_dir'] = '/var/opt/gitlab/gitlab-sshd'
# gitlab_sshd['host_keys_glob'] = 'ssh_host_*_key'
# gitlab_sshd['host_certs_dir'] = '/var/opt/gitlab/gitlab-sshd'
# gitlab_sshd['host_certs_glob'] = 'ssh_host_*-cert.pub'
################################################################
## GitLab PostgreSQL
################################################################
##! 更改以下任意设置需重启 postgresql。
##! 默认情况下,reconfigure 会重载 postgresql(如正在运行)。如更改这些设置,
##! 请在 reconfigure 后运行 `gitlab-ctl restart postgresql` 以使更改生效。
# postgresql['enable'] = true
# postgresql['listen_address'] = nil
# postgresql['port'] = 5432
##! 仅在启用 Patroni 时使用。此端口用于 PostgreSQL 响应其他集群成员。
##! Patroni 用此端口通告 PostgreSQL 连接端点。##! 连接到集群的端口。默认与 postgresql['port'] 相同。
# postgresql['connect_port'] = 5432
##! **推荐值为总内存的 1/4,最高 14GB。**
##! 对于 Docker 容器,默认 256MB,配置见 docker/assets/gitlab.rb。
##! 其他情况,默认用总内存的 1/4,配置见 files/gitlab-cookbooks/postgresql/attributes/default.rb。
# postgresql['shared_buffers'] = "256MB"
### 高级设置
# postgresql['ha'] = false
# postgresql['dir'] = "/var/opt/gitlab/postgresql"
# postgresql['log_directory'] = "/var/log/gitlab/postgresql"
# postgresql['log_destination'] = nil
# postgresql['logging_collector'] = nil
# postgresql['log_truncate_on_rotation'] = nil
# postgresql['log_rotation_age'] = nil
# postgresql['log_rotation_size'] = nil
# postgresql['log_connections'] = "off"
# postgresql['log_disconnections'] = "off"
##! 'username' 影响安装时创建的系统和 PostgreSQL 用户账户,安装后不可更改。
##! 详情见:https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/3606
# postgresql['username'] = "gitlab-psql"
# postgresql['group'] = "gitlab-psql"
##! `SQL_USER_PASSWORD_HASH` 可通过命令 `gitlab-ctl pg-password-md5 gitlab` 生成
# postgresql['sql_user_password'] = 'SQL_USER_PASSWORD_HASH'
# postgresql['uid'] = nil
# postgresql['gid'] = nil
# postgresql['shell'] = "/bin/sh"
# postgresql['home'] = "/var/opt/gitlab/postgresql"
# postgresql['user_path'] = "/opt/gitlab/embedded/bin:/opt/gitlab/bin:$PATH"
# postgresql['sql_user'] = "gitlab"
# postgresql['max_connections'] = 400
# postgresql['md5_auth_cidr_addresses'] = []
# postgresql['trust_auth_cidr_addresses'] = []
# postgresql['wal_buffers'] = "-1"
# postgresql['autovacuum_max_workers'] = "3"
# postgresql['autovacuum_freeze_max_age'] = "200000000"
# postgresql['log_statement'] = nil
# postgresql['track_activity_query_size'] = "1024"
# postgresql['shared_preload_libraries'] = nil
# postgresql['dynamic_shared_memory_type'] = nil
# postgresql['hot_standby'] = "off"
### Registry 元数据数据库设置
### 通过 GitLab 管理的 PostgreSQL 自动化支持正在开发中。
# postgresql['registry']['user'] = "registry"
# postgresql['registry']['password'] = nil
# postgresql['registry']['dbname'] = "registry"
# postgresql['registry']['auto_create'] = true
### SSL 设置
###! 详情见 https://www.postgresql.org/docs/13/static/runtime-config-connection.html#GUC-SSL-CERT-FILE
# postgresql['ssl'] = 'on'
# postgresql['hostssl'] = false
# postgresql['ssl_ciphers'] = 'HIGH:MEDIUM:+3DES:!aNULL:!SSLv3:!TLSv1'
# postgresql['ssl_cert_file'] = 'server.crt'
# postgresql['ssl_key_file'] = 'server.key'
# postgresql['ssl_ca_file'] = '/opt/gitlab/embedded/ssl/certs/cacert.pem'
# postgresql['ssl_crl_file'] = nil
# postgresql['cert_auth_addresses'] = {
# 'ADDRESS' => {
# database: 'gitlabhq_production',
# user: 'gitlab'
# }
# }
### 复制设置
###! 注意,部分复制设置无需完全重启,具体见下文。
# postgresql['wal_level'] = "hot_standby"
# postgresql['wal_log_hints'] = 'off'
# postgresql['max_wal_senders'] = 5
# postgresql['max_replication_slots'] = 0
# postgresql['max_locks_per_transaction'] = 128
### 备份/归档设置
# postgresql['archive_mode'] = "off"
###! 更改以下任意设置只需重载 postgresql,无需重启。修改后运行 reconfigure 即可。
# postgresql['work_mem'] = "16MB"
# postgresql['maintenance_work_mem'] = "16MB"
# postgresql['checkpoint_timeout'] = "5min"
# postgresql['checkpoint_completion_target'] = 0.9
# postgresql['effective_io_concurrency'] = 1
# postgresql['checkpoint_warning'] = "30s"
# postgresql['effective_cache_size'] = "1MB"
# postgresql['shmmax'] = 17179869184 # or 4294967295
# postgresql['shmall'] = 4194304 # or 1048575
# postgresql['autovacuum'] = "on"
# postgresql['log_autovacuum_min_duration'] = "-1"
# postgresql['autovacuum_naptime'] = "1min"
# postgresql['autovacuum_vacuum_threshold'] = "50"
# postgresql['autovacuum_analyze_threshold'] = "50"
# postgresql['autovacuum_vacuum_scale_factor'] = "0.02"
# postgresql['autovacuum_analyze_scale_factor'] = "0.01"
# postgresql['autovacuum_vacuum_cost_delay'] = "20ms"
# postgresql['autovacuum_vacuum_cost_limit'] = "-1"
# postgresql['statement_timeout'] = "60000"
# postgresql['idle_in_transaction_session_timeout'] = "60000"
# postgresql['log_line_prefix'] = "%a"
# postgresql['max_worker_processes'] = 8
# postgresql['max_parallel_workers_per_gather'] = 0
# postgresql['log_lock_waits'] = 1
# postgresql['deadlock_timeout'] = '5s'
# postgresql['track_io_timing'] = 0
# postgresql['default_statistics_target'] = 1000
### 可在 PostgreSQL 9.6 及更高版本中使用
# postgresql['min_wal_size'] = "80MB"
# postgresql['max_wal_size'] = "1GB"
### 备份/归档设置
# postgresql['archive_command'] = nil
# postgresql['archive_timeout'] = "0"
### 复制设置
# postgresql['sql_replication_user'] = "gitlab_replicator"
# postgresql['sql_replication_password'] = "md5 hash of postgresql password" # You can generate with `gitlab-ctl pg-password-md5 <dbuser>`
# postgresql['wal_keep_segments'] = 10
# postgresql['max_standby_archive_delay'] = "30s"
# postgresql['max_standby_streaming_delay'] = "30s"
# postgresql['synchronous_commit'] = on
# postgresql['synchronous_standby_names'] = ''
# postgresql['hot_standby_feedback'] = 'off'
# postgresql['random_page_cost'] = 2.0
# postgresql['log_temp_files'] = -1
# postgresql['log_checkpoints'] = 'off'
###! 如需向 pg_hba.conf 添加自定义项请用如下格式
# postgresql['custom_pg_hba_entries'] = {
# APPLICATION: [ # APPLICATION 应标识设置的用途
# {
# type: example,
# database: example,
# user: example,
# cidr: example,
# method: example,
# option: example
# }
# ]
# }
###! 详情见 https://www.postgresql.org/docs/13/static/auth-pg-hba-conf.html
###! 了解各项值的说明
### 版本设置
# 若禁用内置 PostgreSQL 但仍需使用备份 rake 任务可设置此项
# postgresql['version'] = 16
##! PostgreSQL 版本变更时自动重启服务。
# postgresql['auto_restart_on_version_change'] = true
################################################################################
## GitLab Redis
##! **如使用自有 Redis 实例可禁用此项。**
##! 文档:https://docs.gitlab.com/omnibus/settings/redis.html
################################################################################
# redis['enable'] = true
# redis['ha'] = false
# redis['start_down'] = false
# redis['set_replicaof'] = false
# redis['hz'] = 10
# redis['dir'] = "/var/opt/gitlab/redis"
# redis['log_directory'] = "/var/log/gitlab/redis"
# redis['log_group'] = nil
# redis['username'] = "gitlab-redis"
# redis['group'] = "gitlab-redis"
# redis['maxclients'] = "10000"
# redis['open_files_ulimit'] = nil # Maximum number of open files allowed for the redis process (defaults to ope
# redis['maxmemory'] = "0"
# redis['maxmemory_policy'] = "noeviction"
# redis['maxmemory_samples'] = "5"
# redis['stop_writes_on_bgsave_error'] = true
# redis['tcp_backlog'] = 511
# redis['tcp_timeout'] = "60"
# redis['tcp_keepalive'] = "300"
# redis['uid'] = nil
# redis['gid'] = nil
# redis['startup_delay'] = 0
### Redis TLS 设置
###! 通过 TLS 运行 Redis 时需指定以下设置
# redis['tls_port'] = nil
# redis['tls_cert_file'] = nil
# redis['tls_key_file'] = nil
###! 其他 TLS 相关可选设置
# redis['tls_dh_params_file'] = nil
# redis['tls_ca_cert_dir'] = '/opt/gitlab/embedded/ssl/certs/'
# redis['tls_ca_cert_file'] = '/opt/gitlab/embedded/ssl/certs/cacert.pem'
# redis['tls_auth_clients'] = 'optional'
# redis['tls_replication'] = nil
# redis['tls_cluster'] = nil
# redis['tls_protocols'] = nil
# redis['tls_ciphers'] = nil
# redis['tls_ciphersuites'] = nil
# redis['tls_prefer_server_ciphers'] = nil
# redis['tls_session_caching'] = nil
# redis['tls_session_cache_size'] = nil
# redis['tls_session_cache_timeout'] = nil
###! 禁用或混淆不必要的 redis 命令名
###! 取消注释并编辑此块以添加或移除条目。
###! 详细用法见 https://docs.gitlab.com/omnibus/settings/redis.html#renamed-commands
###!
# redis['rename_commands'] = {
# 'KEYS': ''
# }
###! 配置 runit 的 sv 命令超时时间(秒),用于管理 Redis 服务
# redis['runit_sv_timeout'] = nil
###! **如需仅在本机启用 Redis 服务,取消下面一行注释(主或副本实例类型二选一)。**
###! 文档:https://docs.gitlab.com/omnibus/settings/redis.html
###! https://docs.gitlab.com/ee/administration/redis/replication_and_failover.html
# redis_master_role['enable'] = true
# redis_replica_role['enable'] = true
### Redis TCP 支持(会禁用 UNIX socket 传输)
# redis['bind'] = '0.0.0.0' # or specify an IP to bind to a single one
# redis['port'] = 6379
# redis['password'] = 'redis-password-goes-here'
### Redis Sentinel 支持
###! **需主副本 Redis 复制以实现故障转移**
###! **启用前请阅读文档了解注意事项:**
###! 文档:https://docs.gitlab.com/ee/administration/redis/replication_and_failover.html
### 复制支持
#### 副本 Redis 实例
# redis['master'] = false # by default this is true
#### 副本与 Sentinel 共享配置
####! **两者需指向主 Redis 实例以实现复制和心跳监控**
# redis['master_name'] = 'gitlab-redis'
# redis['master_ip'] = nil
# redis['master_port'] = 6379
#### 支持在 Docker 或 NAT 环境下运行 redis 副本
####! 文档:https://redis.io/topics/replication#configuring-replication-in-docker-and-nat
# redis['announce_ip'] = nil
# redis['announce_port'] = nil
# redis['announce_ip_from_hostname'] = false
####! **主密码需与 redis['password'] 保持一致,以便实例在故障转移时切换主/副本角色。**
# redis['master_password'] = 'redis-password-goes-here'
####! 副本跟不上主时可增大这些值
# redis['client_output_buffer_limit_normal'] = '0 0 0'
# redis['client_output_buffer_limit_replica'] = '256mb 64mb 60'
# redis['client_output_buffer_limit_pubsub'] = '32mb 8mb 60'
#####! Redis 快照频率
#####! 设为 [] 表示禁用
#####! 设为 [''] 表示清除已设值
# redis['save'] = [ '900 1', '300 10', '60 10000' ]
#####! Redis 惰性释放
#####! 默认 false
# redis['lazyfree_lazy_eviction'] = true
# redis['lazyfree_lazy_expire'] = true
# redis['lazyfree_lazy_server_del'] = true
# redis['replica_lazy_flush'] = true
#####! Redis 多线程 I/O
#####! 默认禁用
# redis['io_threads'] = 4
# redis['io_threads_do_reads'] = true
################################################################################
## GitLab Web 服务器
##! 文档:https://docs.gitlab.com/omnibus/settings/nginx.html#using-a-non-bundled-web-server
################################################################################
##! 禁用内置 nginx 时需将外部 web 服务器用户加入 GitLab web 服务器组。
# web_server['external_users'] = []
# web_server['username'] = 'gitlab-www'
# web_server['group'] = 'gitlab-www'
# web_server['uid'] = nil
# web_server['gid'] = nil
# web_server['shell'] = '/bin/false'
# web_server['home'] = '/var/opt/gitlab/nginx'
################################################################################
## GitLab NGINX
##! 文档:https://docs.gitlab.com/omnibus/settings/nginx.html
################################################################################
# nginx['enable'] = true
# nginx['client_max_body_size'] = '0'
# nginx['redirect_http_to_https'] = false
# nginx['redirect_http_to_https_port'] = 80
##! 大多数根 CA 默认已包含
# nginx['ssl_client_certificate'] = "/etc/gitlab/ssl/ca.crt"
##! 启用/禁用双向 SSL 客户端认证
# nginx['ssl_verify_client'] = "off"
##! 若 ssl_verify_client 为 on,客户端证书链的验证深度
# nginx['ssl_verify_depth'] = "1"
# nginx['ssl_certificate'] = "/etc/gitlab/ssl/#{node['fqdn']}.crt"
# nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/#{node['fqdn']}.key"
# nginx['ssl_ciphers'] = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"
# nginx['ssl_prefer_server_ciphers'] = "off"
##! **推荐配置:https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
# nginx['ssl_protocols'] = "TLSv1.2 TLSv1.3"
##! **推荐配置:https://nginx.org/en/docs/http/ngx_http_ssl_module.html**
# nginx['ssl_session_cache'] = "shared:SSL:10m"
##! **推荐配置:https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1d&ocsp=false&guideline=5.6**
# nginx['ssl_session_tickets'] = "off"
##! **默认值参考:https://nginx.org/en/docs/http/ngx_http_ssl_module.html**
# nginx['ssl_session_timeout'] = "1d"
# nginx['ssl_dhparam'] = nil # Path to dhparams.pem, eg. /etc/gitlab/ssl/dhparams.pem
# nginx['ssl_password_file'] = nil # Path to file with passphrases for ssl certificate secret keys
# nginx['listen_addresses'] = ['*']
##! **默认强制浏览器始终使用 HTTPS 通信**
##! 文档:https://docs.gitlab.com/omnibus/settings/ssl/#configure-the-http-strict-transport-security-hsts
# nginx['hsts_max_age'] = 63072000
# nginx['hsts_include_subdomains'] = false
##! 默认跨域请求时去除路径信息
# nginx['referrer_policy'] = 'strict-origin-when-cross-origin'
##! **文档:http://nginx.org/en/docs/http/ngx_http_gzip_module.html**
# nginx['gzip_enabled'] = true
##! **仅在使用反向代理时覆盖**
##! 文档:https://docs.gitlab.com/omnibus/settings/nginx.html#setting-the-nginx-listen-port
# nginx['listen_port'] = nil
##! **仅在反向代理内部通过 HTTP 通信时覆盖**
##! 文档:https://docs.gitlab.com/omnibus/settings/ssl/#configure-a-reverse-proxy-or-load-balancer-ssl-termination
# nginx['listen_https'] = nil
##! **仅在反向代理启用 proxy protocol 时覆盖**
##! 文档:https://docs.gitlab.com/omnibus/settings/nginx.html#configuring-the-proxy-protocol
# nginx['proxy_protocol'] = false
# nginx['custom_gitlab_server_config'] = "location ^~ /foo-namespace/bar-project/raw/ {\n deny all;\n}\n"
# nginx['custom_nginx_config'] = "include /etc/nginx/conf.d/example.conf;"
# nginx['proxy_read_timeout'] = 3600
# nginx['proxy_connect_timeout'] = 300
# nginx['proxy_set_headers'] = {
# "Host" => "$http_host_with_default",
# "X-Real-IP" => "$remote_addr",
# "X-Forwarded-For" => "$proxy_add_x_forwarded_for",
# "Upgrade" => "$http_upgrade",
# "Connection" => "$connection_upgrade"
# }
# nginx['proxy_cache_path'] = 'proxy_cache keys_zone=gitlab:10m max_size=1g levels=1:2'
# nginx['proxy_cache'] = 'gitlab'
# nginx['proxy_custom_buffer_size'] = nil
# nginx['http2_enabled'] = true
# nginx['real_ip_trusted_addresses'] = []
# nginx['real_ip_header'] = nil
# nginx['real_ip_recursive'] = nil
# nginx['custom_error_pages'] = {
# '404' => {
# 'title' => 'Example title',
# 'header' => 'Example header',
# 'message' => 'Example message'
# }
# }
### 高级设置
# nginx['dir'] = "/var/opt/gitlab/nginx"
# nginx['log_directory'] = "/var/log/gitlab/nginx"
# nginx['log_group'] = nil
# nginx['error_log_level'] = "error"
# nginx['worker_processes'] = 4
# nginx['worker_connections'] = 10240
# nginx['log_format'] = '$remote_addr - $remote_user [$time_local] "$request_method $filtered_request_uri $server_protocol" $status $body_bytes_sent "$filtered_http_referer" "$http_user_agent" $gzip_ratio'
# nginx['sendfile'] = 'on'
# nginx['tcp_nopush'] = 'on'
# nginx['tcp_nodelay'] = 'on'
# nginx['hide_server_tokens'] = 'off'
# nginx['gzip_http_version'] = "1.0"
# nginx['gzip_comp_level'] = "2"
# nginx['gzip_proxied'] = "any"
# nginx['gzip_types'] = [ "text/plain", "text/css", "application/x-javascript", "text/xml", "application/xml", "application/xml+rss", "text/javascript", "application/json" ]
# nginx['keepalive_timeout'] = 65
# nginx['keepalive_time'] = '1h'
# nginx['cache_max_size'] = '5000m'
# nginx['server_names_hash_bucket_size'] = 64
##! 这些路径禁用 proxy_request_buffering
# nginx['request_buffering_off_path_regex'] = "/api/v\\d/jobs/\\d+/artifacts$|/import/gitlab_project$|\\.git/git-receive-pack$|\\.git/ssh-receive-pack$|\\.git/ssh-upload-pack$|\\.git/gitlab-lfs/objects|\\.git/info/lfs/objects/batch$"
### Nginx 状态
# nginx['status'] = {
# "enable" => true,
# "listen_addresses" => ["127.0.0.1"],
# "fqdn" => "dev.example.com",
# "port" => 9999,
# "vts_enable" => true,
# "options" => {
# "server_tokens" => "off", # Don't show the version of NGINX
# "access_log" => "off", # Disable logs for stats
# "allow" => "127.0.0.1", # Only allow access from localhost
# "deny" => "all" # Deny access to anyone else
# }
# }
##! 用于将 Nginx 注册为 Consul 服务的服务名
# nginx['consul_service_name'] = 'nginx'
##! 注册 NGINX 为 Consul 服务时使用的语义元数据
# nginx['consul_service_meta'] = {}
################################################################################
## GitLab 日志
##! 文档:https://docs.gitlab.com/omnibus/settings/logs.html
################################################################################
# logging['svlogd_size'] = 200 * 1024 * 1024 # rotate after 200 MB of log data
# logging['svlogd_num'] = 30 # keep 30 rotated log files
# logging['svlogd_timeout'] = 24 * 60 * 60 # rotate after 24 hours
# logging['svlogd_filter'] = "gzip" # compress logs with gzip
# logging['svlogd_udp'] = nil # transmit log messages via UDP
# logging['svlogd_prefix'] = nil # custom prefix for log messages
# logging['logrotate_frequency'] = "daily" # rotate logs daily
# logging['logrotate_maxsize'] = nil # rotate logs when they grow bigger than size bytes even before the specified time interval (daily, weekly, monthly, or yearly)
# logging['logrotate_size'] = nil # do not rotate by size by default
# logging['logrotate_rotate'] = 30 # keep 30 rotated logs
# logging['logrotate_compress'] = "compress" # see 'man logrotate'
# logging['logrotate_method'] = "copytruncate" # see 'man logrotate'
# logging['logrotate_postrotate'] = nil # no postrotate command by default
# logging['logrotate_dateformat'] = nil # use date extensions for rotated files rather than numbers e.g. a value of "-%Y-%m-%d" would give rotated files like production.log-2016-03-09.gz
# logging['log_group'] = nil # assign this group to specified log directories and use it for runit-managed logs, can be overridden per-service
### UDP 日志转发
##! 文档:http://docs.gitlab.com/omnibus/settings/logs.html#udp-log-forwarding
##! 通过 UDP 发送日志消息的远程主机
# logging['udp_log_shipping_host'] = nil
##! 通过 UDP 发送日志时覆盖主机名,默认使用系统主机名。
# logging['udp_log_shipping_hostname'] = nil
##! 通过 UDP 发送日志消息的远程端口
# logging['udp_log_shipping_port'] = 514
################################################################################
## Logrotate
##! 文档:https://docs.gitlab.com/omnibus/settings/logs.html#logrotate
##! 可禁用内置 logrotate 功能。
################################################################################
# logrotate['enable'] = true
# logrotate['log_directory'] = "/var/log/gitlab/logrotate"
# logrotate['log_group'] = nil
################################################################################
## 用户和组账户
##! 禁用用户和组账户管理。
##! **仅在手动创建账户时设置**
##! 文档:https://docs.gitlab.com/omnibus/settings/configuration.html#disable-user-and-group-account-management
################################################################################
# manage_accounts['enable'] = true
################################################################################
## 存储目录
##! 禁用存储目录管理
##! 文档:https://docs.gitlab.com/omnibus/settings/configuration.html#disable-storage-directories-management
################################################################################
##! **仅在手动创建目录时设置**
# manage_storage_directories['enable'] = false
# manage_storage_directories['manage_etc'] = false
################################################################################
## 运行时目录
##! 文档:https://docs.gitlab.com//omnibus/settings/configuration.html#configure-the-runtime-directory
################################################################################
# runtime_dir '/run'
################################################################################
## GitLab Pages
##! 文档:https://docs.gitlab.com/ee/administration/pages/
################################################################################
##! 定义以启用 GitLab Pages
# pages_external_url "http://pages.example.com/"
# gitlab_pages['enable'] = false
##! 配置以在外部 IP 地址上暴露 GitLab Pages,服务 HTTP
# gitlab_pages['external_http'] = []
##! 配置以在外部 IP 地址上暴露 GitLab Pages,服务 HTTPS
# gitlab_pages['external_https'] = []
##! 配置以在外部 IP 地址上通过 PROXYv2 服务 HTTPS
# gitlab_pages['external_https_proxyv2'] = []
##! 使用外部 IP 地址时配置证书
# gitlab_pages['cert'] = "/etc/gitlab/ssl/#{Gitlab['gitlab_pages']['domain']}.crt"
# gitlab_pages['cert_key'] = "/etc/gitlab/ssl/#{Gitlab['gitlab_pages']['domain']}.key"
##! 使用默认密码套件列表
# gitlab_pages['insecure_ciphers'] = false
##! 启用 GitLab Pages 健康检查端点
# gitlab_pages['status_uri'] = "/@status"
##! 调整 GitLab Pages 可处理的最大并发连接数。
##! 默认 0 表示无限制。
# gitlab_pages['max_connections'] = 0
##! 配置 GitLab Pages 接受的最大 URI 长度
##! 默认有限制以保证安全。设为 0 表示无限制
# gitlab_pages['max_uri_length'] = 2048
##! 设置 propagate_correlation_id 为 true 可让反向代理后端
##! 生成并设置关联 ID 到发往 GitLab Pages 的请求。如果反向代理
##! 设置了 X-Request-ID 头,则该值会在请求链中传递。
# gitlab_pages['propagate_correlation_id'] = false
##! 配置 GitLab Pages 使用 JSON 结构化日志
# gitlab_pages['log_format'] = "json"
##! 配置 GitLab Pages 的详细日志
# gitlab_pages['log_verbose'] = false
##! Sentry 错误报告与日志
# gitlab_pages['sentry_enabled'] = false
# gitlab_pages['sentry_dsn'] = 'https://<key>@sentry.io/<project>'
# gitlab_pages['sentry_environment'] = 'production'
##! 监听反向代理转发的请求
# gitlab_pages['listen_proxy'] = "localhost:8090"
# gitlab_pages['redirect_http'] = true
# gitlab_pages['use_http2'] = true
# gitlab_pages['dir'] = "/var/opt/gitlab/gitlab-pages"
# gitlab_pages['log_directory'] = "/var/log/gitlab/gitlab-pages"
# gitlab_pages['log_group'] = nil
# gitlab_pages['artifacts_server'] = true
# gitlab_pages['artifacts_server_url'] = nil # Defaults to external_url + '/api/v4'
# gitlab_pages['artifacts_server_timeout'] = 10
##! Pages 的 Prometheus 指标,文档:https://gitlab.com/gitlab-org/gitlab-pages/#enable-prometheus-metrics
# gitlab_pages['metrics_address'] = ":9235"
##! 指定最小 TLS 版本(“tls1.2”或“tls1.3”)
# gitlab_pages['tls_min_version'] = "tls1.2"
##! 指定最大 TLS 版本(“tls1.2”或“tls1.3”)
# gitlab_pages['tls_max_version'] = "tls1.3"
##! Pages 访问控制
# gitlab_pages['access_control'] = false
# gitlab_pages['gitlab_id'] = nil # Automatically generated if not present
# gitlab_pages['gitlab_secret'] = nil # Generated if not present
# gitlab_pages['auth_redirect_uri'] = nil # Defaults to projects subdomain of pages_external_url and + '/auth'
# gitlab_pages['gitlab_server'] = nil # Defaults to external_url
# gitlab_pages['internal_gitlab_server'] = nil # Defaults to gitlab_server, can be changed to internal load balancer
# gitlab_pages['auth_secret'] = nil # Generated if not present
# gitlab_pages['auth_scope'] = nil # Defaults to api, can be changed to read_api to increase security
# gitlab_pages['auth_timeout'] = "5s" # GitLab application client timeout for authentication
# gitlab_pages['auth_cookie_session_timeout'] = "10m" # Authentication cookie session timeout (truncated to seconds). A zero value means the cookie will be deleted after the browser session ends
##! GitLab Pages 服务器关闭超时时间
##! 时长(如“30s”表示 30 秒)
# gitlab_pages['server_shutdown_timeout'] = "30s"
##! GitLab API HTTP 客户端连接超时
# gitlab_pages['gitlab_client_http_timeout'] = "10s"
##! GitLab API JWT Token 过期时间
# gitlab_pages['gitlab_client_jwt_expiry'] = "30s"
##! 基于 API 的 Pages 配置高级设置。
##! 推荐默认值已在 GitLab Pages 内部设置。
##! 仅在确有需要时修改。
##! 域配置在缓存中存储的最长时间。
# gitlab_pages['gitlab_cache_expiry'] = "600s"
##! 域配置刷新到期的间隔(默认:60s)。
# gitlab_pages['gitlab_cache_refresh'] = "60s"
##! 过期项从缓存中移除的间隔(默认:60s)。
# gitlab_pages['gitlab_cache_cleanup'] = "60s"
##! 每次请求等待 GitLab API 响应的最长时间。
# gitlab_pages['gitlab_retrieval_timeout'] = "30s"
##! 重试解析域配置(通过 GitLab API)前的等待间隔。
# gitlab_pages['gitlab_retrieval_interval'] = "1s"
##! 解析域配置(通过 API)最大重试次数
# gitlab_pages['gitlab_retrieval_retries'] = 3
##! 为整个实例定义自定义 gitlab-pages HTTP 头
# gitlab_pages['headers'] = []
##! Pages 与 GitLab 之间认证用的共享密钥
# gitlab_pages['api_secret_key'] = nil # Will be generated if not set. Base64 encoded and exactly 32 bytes long.
##! 从 zip 压缩包服务 GitLab Pages 的高级设置。
##! 推荐默认值已在 GitLab Pages 内部设置。
##! 仅在确有需要时修改。
##! 压缩包在内存中缓存的最长时间。
# gitlab_pages['zip_cache_expiration'] = "60s"
##! zip 缓存清理间隔。
# gitlab_pages['zip_cache_cleanup'] = "30s"
##! 缓存未过期时访问会刷新缓存的间隔。
# gitlab_pages['zip_cache_refresh'] = "30s"
##! 从文件系统或对象存储打开 zip 的最长时间。
# gitlab_pages['zip_open_timeout'] = "30s"
##! Zip HTTP 客户端超时
# gitlab_pages['zip_http_client_timeout'] = "30m"
##! ReadTimeout 为读取整个请求(含 body)的最长时间。为零或负值则无超时。
# gitlab_pages['server_read_timeout'] = "5s"
##! ReadHeaderTimeout 为读取请求头的最长时间。为零或负值则无超时。
# gitlab_pages['server_read_header_timeout'] = "1s"
##! WriteTimeout 为响应写入超时的最长时间。为零或负值则无超时。
# gitlab_pages['server_write_timeout'] = "5m"
##! KeepAlive 指定此监听器接受的网络连接的 keep-alive 时长。为零则启用 keep-alive(如协议和系统支持),为负则禁用。
# gitlab_pages['server_keep_alive'] = "15s"
##! 启用从磁盘而非对象存储服务内容
# gitlab_pages['enable_disk'] = nil
##! 下方限流选项仅报告被拒绝请求,不实际拒绝。
##! 启用 `FF_ENABLE_RATE_LIMITER=true` 环境变量可拒绝请求。
##! 限流规则详见 https://docs.gitlab.com/ee/administration/pages/#rate-limits
##! 单 IP 每秒 HTTP 请求限流,0 表示禁用
# gitlab_pages['rate_limit_source_ip'] = 50.0
##! 单 IP 每秒允许的最大突发 HTTP 请求
# gitlab_pages['rate_limit_source_ip_burst'] = 600
##! 单域名每秒 HTTP 请求限流,0 表示禁用
# gitlab_pages['rate_limit_domain'] = 0
##! 单域名每秒允许的最大突发 HTTP 请求
# gitlab_pages['rate_limit_domain_burst'] = 10000
##! 单 IP 每秒新建 TLS 连接限流,0 表示禁用
# gitlab_pages['rate_limit_tls_source_ip'] = 50.0
##! 单 IP 每秒允许的最大突发 TLS 连接
# gitlab_pages['rate_limit_tls_source_ip_burst'] = 600
##! 单域名每秒新建 TLS 连接限流,0 表示禁用
# gitlab_pages['rate_limit_tls_domain'] = 0
##! 单域名每秒允许的最大突发 TLS 连接
# gitlab_pages['rate_limit_tls_domain_burst'] = 10000
##! _redirects 文件最大大小(字节)
# gitlab_pages['redirects_max_config_size'] = 65536
##! _redirects 规则 URL 允许的最大路径段数
# gitlab_pages['redirects_max_path_segments'] = 25
##! _redirects 允许的最大规则数
# gitlab_pages['redirects_max_rule_count'] = 1000
# gitlab_pages['env_directory'] = "/opt/gitlab/etc/gitlab-pages/env"
# gitlab_pages['env'] = {
# 'SSL_CERT_DIR' => "#{node['package']['install-dir']}/embedded/ssl/certs/",
# 'GODEBUG' => "tlsmlkem=0",
# }
##! 实验性 - 启用路径中的命名空间
# gitlab_pages['namespace_in_path'] = false
##! 配置 GitLab Pages 客户端证书和密钥,用于与 GitLab API 的双向 TLS
# gitlab_pages['client_cert'] = "/path/to/client.crt"
# gitlab_pages['client_key'] = "/path/to/client.key"
##! 配置用于签发客户端证书的根 CA 证书(用于 GitLab API)
# gitlab_pages['client_ca_certs'] = "/path/to/ca.crt"
################################################################################
## GitLab Pages NGINX
################################################################################
##! “GitLab Nginx”部分定义的所有设置在本节也可用,使用 `pages_nginx` 键。
##! 但这些设置需显式设置。即 `nginx['some_setting']` 不会自动复制为 `pages_nginx['some_setting']`,需单独设置。
##! 以下为仅“GitLab Pages NGINX”专属的设置
# pages_nginx['enable'] = true
# gitlab_rails['pages_path'] = "/var/opt/gitlab/gitlab-rails/shared/pages"
################################################################################
## GitLab CI
##! 文档:https://docs.gitlab.com/ee/ci/quick_start/
################################################################################
# gitlab_ci['gitlab_ci_all_broken_builds'] = true
# gitlab_ci['gitlab_ci_add_pusher'] = true
# gitlab_ci['builds_directory'] = '/var/opt/gitlab/gitlab-ci/builds'
################################################################################
## GitLab Kubernetes Agent Server
##! 文档:https://gitlab.com/gitlab-org/cluster-integration/gitlab-agent/blob/master/README.md
################################################################################
##! GitLab 应用使用的设置
# gitlab_rails['gitlab_kas_enabled'] = true
# gitlab_rails['gitlab_kas_external_url'] = 'ws://gitlab.example.com/-/kubernetes-agent/'
# gitlab_rails['gitlab_kas_internal_url'] = 'grpc://localhost:8153'
# gitlab_rails['gitlab_kas_external_k8s_proxy_url'] = 'https://gitlab.example.com/-/kubernetes-agent/k8s-proxy/'
##! GitLab KAS 的设置
# gitlab_kas_external_url "ws://gitlab.example.com/-/kubernetes-agent/"
# gitlab_kas['enable'] = true
##! GitLab KAS 的代理配置
# gitlab_kas['agent_configuration_poll_period'] = 300
# gitlab_kas['agent_info_cache_ttl'] = 300
# gitlab_kas['agent_info_cache_error_ttl'] = 60
##! KAS 与 GitLab 之间认证用的共享密钥
# gitlab_kas['api_secret_key'] = nil # Will be generated if not set. Base64 encoded and exactly 32 bytes long.
##! 多节点部署下 KAS 实例间认证用的共享密钥
# gitlab_kas['private_api_secret_key'] = nil # Will be generated if not set. Base64 encoded and exactly 32 bytes long.
#
##! WebSocket Token 签名与校验用密钥。多节点部署需共享。
# gitlab_kas['websocket_token_secret_key'] = nil # Will be generated if not set. Base64 encoded and exactly 72 bytes long.
##! GitLab KAS 的监听配置
# gitlab_kas['listen_address'] = 'localhost:8150'
# gitlab_kas['listen_network'] = 'tcp'
# gitlab_kas['listen_websocket'] = true
# gitlab_kas['certificate_file'] = "/path/to/certificate.pem"
# gitlab_kas['key_file'] = "/path/to/key.pem"
# gitlab_kas['observability_listen_network'] = 'tcp'
# gitlab_kas['observability_listen_address'] = 'localhost:8151'
# gitlab_kas['internal_api_listen_network'] = 'tcp'
# gitlab_kas['internal_api_listen_address'] = 'localhost:8153'
# gitlab_kas['internal_api_certificate_file'] = "/path/to/certificate.pem"
# gitlab_kas['internal_api_key_file'] = "/path/to/key.pem"
# gitlab_kas['kubernetes_api_listen_address'] = 'localhost:8154'
# gitlab_kas['kubernetes_api_certificate_file'] = "/path/to/certificate.pem"
# gitlab_kas['kubernetes_api_key_file'] = "/path/to/key.pem"
# gitlab_kas['private_api_listen_network'] = 'tcp'
# gitlab_kas['private_api_listen_address'] = 'localhost:8155'
# gitlab_kas['private_api_certificate_file'] = "/path/to/certificate.pem"
# gitlab_kas['private_api_key_file'] = "/path/to/key.pem"
##! GitLab KAS 的指标配置
# gitlab_kas['metrics_usage_reporting_period'] = 60
##! GitLab KAS 的日志配置
# gitlab_kas['log_level'] = 'info'
# gitlab_kas['grpc_log_level'] = 'error'
##! GitLab KAS 的环境变量
# gitlab_kas['env'] = {
# 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/",
# 'GODEBUG' => "tlsmlkem=0",
# # In a multi-node setup, this address MUST be reachable from other KAS instances. In a single-node setup,
# # it can be on localhost for simplicity.
# # Use OWN_PRIVATE_API_CIDR + OWN_PRIVATE_API_PORT (optional) + OWN_PRIVATE_API_SCHEME (optional) if you cannot
# # specify a correct address for each KAS instance in OWN_PRIVATE_API_URL.
# # 'OWN_PRIVATE_API_URL' => 'grpc://localhost:8155'
# # 'OWN_PRIVATE_API_CIDR' => '10.0.0.0/8', # IPv4 example
# # 'OWN_PRIVATE_API_CIDR' => '2001:db8:8a2e:370::7334/64', # IPv6 example
# # 'OWN_PRIVATE_API_PORT' => '8155', # if not set, port from private_api_listen_address is used
# # 'OWN_PRIVATE_API_SCHEME' => 'grpc', # use grpcs when using TLS on private API endpoint
# # OWN_PRIVATE_API_HOST is used to verify the TLS cert hostname.
# # Set KAS' host name if you want to use TLS for KAS->KAS communication.
# # 'OWN_PRIVATE_API_HOST' => '<server-name-from-cert>',
# }
##! Sentry 错误报告与日志
# gitlab_kas['sentry_dsn'] = 'https://<key>@sentry.io/<project>'
# gitlab_kas['sentry_environment'] = 'production'
##! GitLab KAS 的目录
# gitlab_kas['dir'] = '/var/opt/gitlab/gitlab-kas'
# gitlab_kas['log_directory'] = '/var/log/gitlab/gitlab-kas'
# gitlab_kas['log_group'] = nil
# gitlab_kas['env_directory'] = '/opt/gitlab/etc/gitlab-kas/env'
##! GitLab KAS 的 Redis 设置
# gitlab_kas['redis_socket'] = ''
# gitlab_kas['redis_host'] = '127.0.0.1'
# gitlab_kas['redis_port'] = '6379'
# gitlab_kas['redis_password'] = nil
# gitlab_kas['redis_sentinels'] = []
# gitlab_kas['redis_sentinels_master_name'] = nil
# gitlab_kas['redis_sentinels_password'] = ''
# gitlab_kas['redis_ssl'] = false
# gitlab_kas['redis_tls_ca_cert_file'] = '/opt/gitlab/embedded/ssl/certs/cacert.pem'
# gitlab_kas['redis_tls_client_cert_file'] = nil
# gitlab_kas['redis_tls_client_key_file'] = nil
##! GitLab KAS 的工作区配置。该功能尚在开发中,暂不适用于生产环境。
# gitlab_kas['workspaces']['enabled'] = false
# gitlab_kas['workspaces']['listen']['network'] = 'tcp'
# gitlab_kas['workspaces']['listen']['address'] = 'localhost:8160'
# gitlab_kas['workspaces']['listen']['listen_grace_period'] = '1s'
# gitlab_kas['workspaces']['listen']['shutdown_grace_period'] = '200s'
##! 生成额外配置的命令
# gitlab_kas['extra_config_command'] = nil
################################################################################
## GitLab 推荐审阅人(仅限企业版)
##! 文档:https://docs.gitlab.com/ee/user/project/merge_requests/reviews/#suggested-reviewers
################################################################################
##! 推荐审阅人与 GitLab 之间认证用的共享密钥
# suggested_reviewers['api_secret_key'] = nil # Will be generated if not set. Base64 encoded and exactly 32 bytes long.
################################################################################
## GitLab Mattermost
##! 文档:https://docs.gitlab.com/ee/integration/mattermost/
################################################################################
# mattermost_external_url 'http://mattermost.example.com'
# mattermost['enable'] = false
# mattermost['username'] = 'mattermost'
# mattermost['group'] = 'mattermost'
# mattermost['uid'] = nil
# mattermost['gid'] = nil
# mattermost['home'] = '/var/opt/gitlab/mattermost'
# mattermost['database_name'] = 'mattermost_production'
# mattermost['env'] = {
# 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/",
# 'GODEBUG` => "tlsmlkem=0",
# }
# mattermost['service_address'] = "127.0.0.1"
# mattermost['service_port'] = "8065"
# mattermost['service_site_url'] = nil
# mattermost['service_allowed_untrusted_internal_connections'] = ""
# mattermost['service_enable_api_team_deletion'] = true
# mattermost['team_site_name'] = "GitLab Mattermost"
# mattermost['sql_driver_name'] = 'mysql'
# mattermost['sql_data_source'] = "mmuser:mostest@tcp(dockerhost:3306)/mattermost_test?charset=utf8mb4,utf8"
# mattermost['log_file_directory'] = '/var/log/gitlab/mattermost/'
# mattermost['gitlab_enable'] = false
# mattermost['gitlab_id'] = "12345656"
# mattermost['gitlab_secret'] = "123456789"
# mattermost['gitlab_scope'] = ""
# mattermost['gitlab_auth_endpoint'] = "http://gitlab.example.com/oauth/authorize"
# mattermost['gitlab_token_endpoint'] = "http://gitlab.example.com/oauth/token"
# mattermost['gitlab_user_api_endpoint'] = "http://gitlab.example.com/api/v4/user"
# mattermost['file_directory'] = "/var/opt/gitlab/mattermost/data"
# mattermost['plugin_directory'] = "/var/opt/gitlab/mattermost/plugins"
# mattermost['plugin_client_directory'] = "/var/opt/gitlab/mattermost/client-plugins"
################################################################################
## Mattermost NGINX
################################################################################
##! “GitLab Nginx”部分定义的所有设置在本节也可用,使用 `mattermost_nginx` 键。
##! 但这些设置需显式设置。即 `nginx['some_setting']` 不会自动复制为 `mattermost_nginx['some_setting']`,需单独设置。
##! 以下为仅“Mattermost NGINX”专属的设置
# mattermost_nginx['enable'] = false
# mattermost_nginx['custom_gitlab_mattermost_server_config'] = "location ^~ /foo-namespace/bar-project/raw/ {\n deny all;\n}\n"
# mattermost_nginx['proxy_set_headers'] = {
# "Host" => "$http_host",
# "X-Real-IP" => "$remote_addr",
# "X-Forwarded-For" => "$proxy_add_x_forwarded_for",
# "X-Frame-Options" => "SAMEORIGIN",
# "X-Forwarded-Proto" => "https",
# "X-Forwarded-Ssl" => "on",
# "Upgrade" => "$http_upgrade",
# "Connection" => "$connection_upgrade"
# }
################################################################################
## Registry NGINX
################################################################################
##! “GitLab Nginx”部分定义的所有设置在本节也可用,使用 `registry_nginx` 键。
##! 但这些设置需显式设置。即 `nginx['some_setting']` 不会自动复制为 `registry_nginx['some_setting']`,需单独设置。
##! 以下为仅“Registry NGINX”专属的设置##! `nginx['some_setting']` 不会自动复制为
##! `registry_nginx['some_setting']`,需单独设置。
##! 以下为仅“Registry NGINX”专属的设置
# registry_nginx['enable'] = false
# registry_nginx['proxy_set_headers'] = {
# "Host" => "$http_host",
# "X-Real-IP" => "$remote_addr",
# "X-Forwarded-For" => "$proxy_add_x_forwarded_for",
# "X-Forwarded-Proto" => "https",
# "X-Forwarded-Ssl" => "on"
# }
##! 当注册表自动启用并使用与 `external_url` 相同的域时,
##! 会监听此端口
# registry_nginx['listen_port'] = 5050
################################################################################
## Prometheus
##! 文档:https://docs.gitlab.com/ee/administration/monitoring/prometheus/
################################################################################
###! **如需仅在本机启用监控服务,请取消下面这行的注释。**
# monitoring_role['enable'] = true
# prometheus['enable'] = true
# prometheus['monitor_kubernetes'] = true
# prometheus['username'] = 'gitlab-prometheus'
# prometheus['group'] = 'gitlab-prometheus'
# prometheus['uid'] = nil
# prometheus['gid'] = nil
# prometheus['shell'] = '/bin/sh'
# prometheus['home'] = '/var/opt/gitlab/prometheus'
# prometheus['log_directory'] = '/var/log/gitlab/prometheus'
# prometheus['log_group'] = nil
# prometheus['rules_files'] = ['/var/opt/gitlab/prometheus/rules/*.rules']
# prometheus['scrape_interval'] = 15
# prometheus['scrape_timeout'] = 15
# prometheus['external_labels'] = { }
# prometheus['env_directory'] = '/opt/gitlab/etc/prometheus/env'
# prometheus['env'] = {
# 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/",
# 'GODEBUG' => "tlsmlkem=0",
# }
### 自定义采集配置
###! Prometheus 可通过 scrape_configs 采集额外任务。默认会自动包含 omnibus 配置支持的所有导出器。
###!
###! 参见:https://prometheus.io/docs/operating/configuration/#scrape_config
# prometheus['scrape_configs'] = [
# {
# 'job_name': 'example',
# 'static_configs' => [
# 'targets' => ['hostname:port'],
# ],
# },
# ]
### 自定义 alertmanager 配置
###! 如需配置外部 alertmanager,请创建 alertmanager 配置。
###! 参见:https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config
# prometheus['alertmanagers'] = [
# {
# 'static_configs' => [
# {
# 'targets' => [
# 'hostname:port'
# ]
# }
# ]
# }
# ]
### 自定义 Prometheus 参数
# prometheus['flags'] = {
# 'storage.tsdb.path' => "/var/opt/gitlab/prometheus/data",
# 'storage.tsdb.retention.time' => "15d",
# 'config.file' => "/var/opt/gitlab/prometheus/prometheus.yml"
# }
###! 高级设置。仅在确有需要时修改。
# prometheus['listen_address'] = 'localhost:9090'
#
###! 用于将 Prometheus 注册为 Consul 服务的服务名
# prometheus['consul_service_name'] = 'prometheus'
###! 注册 Prometheus 为 Consul 服务时使用的语义元数据
# prometheus['consul_service_meta'] = {}
###! **仅当 Prometheus 与 Rails 不在同一服务器时需要。**
###! 例如,在多节点架构中,Prometheus 安装在监控节点,Rails 安装在 Rails 节点。
###! https://docs.gitlab.com/ee/administration/monitoring/prometheus/index.html#using-an-external-prometheus-server
###! 此值应为 Prometheus 可被 GitLab Rails(Puma, Sidekiq) 节点访问的地址。
# gitlab_rails['prometheus_address'] = 'your.prom:9090'
################################################################################
## Prometheus Alertmanager
################################################################################
# alertmanager['enable'] = true
# alertmanager['home'] = '/var/opt/gitlab/alertmanager'
# alertmanager['log_directory'] = '/var/log/gitlab/alertmanager'
# alertmanager['log_group'] = nil
# alertmanager['admin_email'] = 'admin@example.com'
# alertmanager['flags'] = {
# 'web.listen-address' => "localhost:9093",
# 'storage.path' => "/var/opt/gitlab/alertmanager/data",
# 'config.file' => "/var/opt/gitlab/alertmanager/alertmanager.yml"
# }
# alertmanager['env_directory'] = '/opt/gitlab/etc/alertmanager/env'
# alertmanager['env'] = {
# 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/",
# 'GODEBUG' => "tlsmlkem=0",
# }
##! 高级设置。仅在确有需要时修改。
# alertmanager['listen_address'] = 'localhost:9093'
# alertmanager['global'] = {}
################################################################################
## Prometheus Node Exporter
##! 文档:https://docs.gitlab.com/ee/administration/monitoring/prometheus/node_exporter.html
################################################################################
# node_exporter['enable'] = true
# node_exporter['home'] = '/var/opt/gitlab/node-exporter'
# node_exporter['log_directory'] = '/var/log/gitlab/node-exporter'
# node_exporter['log_group'] = nil
# node_exporter['flags'] = {
# 'collector.textfile.directory' => "/var/opt/gitlab/node-exporter/textfile_collector"
# }
# node_exporter['env_directory'] = '/opt/gitlab/etc/node-exporter/env'
# node_exporter['env'] = {
# 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/",
# 'GODEBUG' => "tlsmlkem=0",
# }
##! 高级设置。仅在确有需要时修改。
# node_exporter['listen_address'] = 'localhost:9100'
##! 用于将 Node Exporter 注册为 Consul 服务的服务名
# node_exporter['consul_service_name'] = 'node-exporter'
##! 注册 Node Exporter 为 Consul 服务时使用的语义元数据
# node_exporter['consul_service_meta'] = {}
################################################################################
## Prometheus Redis exporter
##! 文档:https://docs.gitlab.com/ee/administration/monitoring/prometheus/redis_exporter.html
################################################################################
# redis_exporter['enable'] = true
# redis_exporter['log_directory'] = '/var/log/gitlab/redis-exporter'
# redis_exporter['log_group'] = nil
# redis_exporter['flags'] = {
# 'redis.addr' => "unix:///var/opt/gitlab/redis/redis.socket",
# }
# redis_exporter['env_directory'] = '/opt/gitlab/etc/redis-exporter/env'
# redis_exporter['env'] = {
# 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/",
# 'GODEBUG' => "tlsmlkem=0",
# }
##! 高级设置。仅在确有需要时修改。
# redis_exporter['listen_address'] = 'localhost:9121'
##! 用于将 Redis Exporter 注册为 Consul 服务的服务名
# redis_exporter['consul_service_name'] = 'redis-exporter'
##! 注册 Redis Exporter 为 Consul 服务时使用的语义元数据
# redis_exporter['consul_service_meta'] = {}
################################################################################
## Prometheus Postgres exporter
##! 文档:https://docs.gitlab.com/ee/administration/monitoring/prometheus/postgres_exporter.html
################################################################################
# postgres_exporter['enable'] = true
# postgres_exporter['home'] = '/var/opt/gitlab/postgres-exporter'
# postgres_exporter['log_directory'] = '/var/log/gitlab/postgres-exporter'
# postgres_exporter['log_group'] = nil
# postgres_exporter['flags'] = {
# 'collector.stat_user_tables' => false,
# 'collector.postmaster' => true
# }
# postgres_exporter['listen_address'] = 'localhost:9187'
# postgres_exporter['env_directory'] = '/opt/gitlab/etc/postgres-exporter/env'
# postgres_exporter['env'] = {
# 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/",
# 'GODEBUG' => "tlsmlkem=0",
# }
# postgres_exporter['sslmode'] = nil
##! 用于将 Postgres Exporter 注册为 Consul 服务的服务名
# postgres_exporter['consul_service_name'] = 'postgres-exporter'
##! 注册 Postgres Exporter 为 Consul 服务时使用的语义元数据
# postgres_exporter['consul_service_meta'] = {}
################################################################################
## Prometheus PgBouncer exporter(仅限企业版)
##! 文档:https://docs.gitlab.com/ee/administration/monitoring/prometheus/pgbouncer_exporter.html
################################################################################
# pgbouncer_exporter['enable'] = false
# pgbouncer_exporter['log_directory'] = "/var/log/gitlab/pgbouncer-exporter"
# pgbouncer_exporter['log_group'] = nil
# pgbouncer_exporter['listen_address'] = 'localhost:9188'
# pgbouncer_exporter['env_directory'] = '/opt/gitlab/etc/pgbouncer-exporter/env'
# pgbouncer_exporter['env'] = {
# 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/",
# 'GODEBUG' => "tlsmlkem=0",
# }
################################################################################
## Prometheus Gitlab exporter
##! 文档:https://docs.gitlab.com/ee/administration/monitoring/prometheus/gitlab_exporter.html
################################################################################
# gitlab_exporter['enable'] = true
# gitlab_exporter['log_directory'] = "/var/log/gitlab/gitlab-exporter"
# gitlab_exporter['log_group'] = nil
# gitlab_exporter['home'] = "/var/opt/gitlab/gitlab-exporter"
##! 高级设置。仅在确有需要时修改。
# gitlab_exporter['server_name'] = 'webrick'
# gitlab_exporter['listen_address'] = 'localhost'
# gitlab_exporter['listen_port'] = '9168'
##! TLS 设置。
# gitlab_exporter['tls_enabled'] = false
# gitlab_exporter['tls_cert_path'] = '/etc/gitlab/ssl/gitlab-exporter.crt'
# gitlab_exporter['tls_key_path'] = '/etc/gitlab/ssl/gitlab-exporter.key'
##! Prometheus 采集相关配置
# gitlab_exporter['prometheus_scrape_scheme'] = 'http'
# gitlab_exporter['prometheus_scrape_tls_server_name'] = 'localhost'
# gitlab_exporter['prometheus_scrape_tls_skip_verification'] = false
##! 管理 gitlab-exporter sidekiq 探针。若发现 Sentinel,默认关闭。
# gitlab_exporter['probe_sidekiq'] = true
##! 管理 gitlab-exporter elasticsearch 探针。若启用安全性则添加授权头。
# gitlab_exporter['probe_elasticsearch'] = false
# gitlab_exporter['elasticsearch_url'] = 'http://localhost:9200'
# gitlab_exporter['elasticsearch_authorization'] = 'Basic <yourbase64encodedcredentials>'
##! 用于将 GitLab Exporter 注册为 Consul 服务的服务名
# gitlab_exporter['consul_service_name'] = 'gitlab-exporter'
##! 注册 GitLab Exporter 为 Consul 服务时使用的语义元数据
# gitlab_exporter['consul_service_meta'] = {}
##! 生成额外配置的命令
# gitlab_exporter['extra_config_command'] = nil
##! 如需完全禁用 prometheus 及其所有导出器,设为 false
# prometheus_monitoring['enable'] = true
################################################################################
## Gitaly
##! 文档:https://docs.gitlab.com/ee/administration/gitaly/configure_gitaly.html
################################################################################
##! gitaly['enable'] 选项用于集群部署,详见 https://docs.gitlab.com/ee/administration/gitaly/index.html。
# gitaly['enable'] = true
# gitaly['dir'] = "/var/opt/gitlab/gitaly"
# gitaly['log_group'] = nil
# gitaly['bin_path'] = "/opt/gitlab/embedded/bin/gitaly"
# gitaly['use_wrapper'] = true
# gitaly['env_directory'] = "/opt/gitlab/etc/gitaly/env"
# gitaly['env'] = {
# 'PATH' => "/opt/gitlab/bin:/opt/gitlab/embedded/bin:/bin:/usr/bin",
# 'HOME' => '/var/opt/gitlab',
# 'TZ' => ':/etc/localtime',
# 'PYTHONPATH' => "/opt/gitlab/embedded/lib/python3.9/site-packages",
# 'ICU_DATA' => "/opt/gitlab/embedded/share/icu/current",
# 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/",
# 'WRAPPER_JSON_LOGGING' => true
# 'GODEBUG' => "tlsmlkem=0",
# }
# gitaly['gitlab_secret'] = <secret>
# gitaly['open_files_ulimit'] = 15000 # gitaly 进程允许的最大打开文件数
##! 用于将 Gitaly 注册为 Consul 服务的服务名
# gitaly['consul_service_name'] = 'gitaly'
##! 注册 Gitaly 为 Consul 服务时使用的语义元数据
# gitaly['consul_service_meta'] = {}
# gitaly['configuration'] = {
# socket_path: '/var/opt/gitlab/gitaly/gitaly.socket',
# runtime_dir: '/var/opt/gitlab/gitaly/run',
# listen_addr: 'localhost:8075',
# prometheus_listen_addr: 'localhost:9236',
# tls_listen_addr: 'localhost:9075',
# tls: {
# certificate_path: '/var/opt/gitlab/gitaly/certificate.pem',
# key_path: '/var/opt/gitlab/gitaly/key.pem',
# },
# graceful_restart_timeout: '1m', # Grace time for a gitaly process to finish ongoing requests
# logging: {
# dir: "/var/log/gitlab/gitaly",
# level: 'warn',
# format: 'json',
# sentry_dsn: 'https://<key>:<secret>@sentry.io/<project>',
# sentry_environment: 'production',
# },
# prometheus: {
# grpc_latency_buckets: [0.001, 0.005, 0.025, 0.1, 0.5, 1.0, 10.0, 30.0, 60.0, 300.0, 1500.0],
# },
# auth: {
# token: '<secret>',
# transitioning: false, # When true, auth is logged to Prometheus but NOT enforced
# },
# git: {
# catfile_cache_size: 100, # Number of 'git cat-file' processes kept around for re-use
# signing_key: '/var/opt/gitlab/gitaly/signing_key.gpg',
# ## Gitaly knows to set up the required default configuration for spawned Git
# ## commands automatically. It should thus not be required to configure anything
# ## here, except in very special situations where you must e.g. tweak specific
# ## performance-related settings or enable debugging facilities. It is not safe in
# ## general to set Git configuration that may change Git output in ways that are
# ## unexpected by Gitaly.
# config: [
# { key: 'pack.threads', value: '4' },
# { key: 'http.http://example.com.proxy', value: 'http://example.proxy.com' },
# ],
# },
# gitlab: {
# url: 'http://localhost:9999',
# relative_url_root: '/gitlab-ee',
# },
# hooks: {
# custom_hooks_dir: '/var/opt/gitlab/gitaly/custom_hooks',
# },
# daily_maintenance: {
# disabled: false,
# start_hour: 22,
# start_minute: 30,
# duration: '30m',
# storages: ['default'],
# },
# cgroups: {
# mountpoint: '/sys/fs/cgroup',
# hierarchy_root: 'gitaly',
# memory_bytes: 1048576,
# cpu_shares: 512,
# cpu_quota_us: 400000,
# repositories: {
# count: 1000,
# memory_bytes: 12884901888,
# cpu_shares: 128,
# cpu_quota_us: 200000
# max_cgroups_per_repo: 2
# },
# },
# concurrency: [
# {
# rpc: '/gitaly.SmartHTTPService/PostReceivePack',
# max_per_repo: 20,
# },
# {
# rpc: '/gitaly.SSHService/SSHUploadPack',
# max_per_repo: 5,
# },
# ],
# rate_limiting: [
# {
# rpc: '/gitaly.SmartHTTPService/PostReceivePack',
# interval: '1m',
# burst: 10,
# },
# {
# rpc: '/gitaly.SSHService/SSHUploadPack',
# interval: '1m',
# burst: 5,
# },
# ],
# pack_objects_cache: {
# enabled: true,
# dir: '/var/opt/gitlab/git-data/repositories/+gitaly/PackObjectsCache',
# max_age: '5m',
# },
# storage: [
# {
# name: 'gitaly-1',
# path: '/var/opt/gitlab/git-data/repositories',
# },
# ],
# }
################################################################################
## Praefect
##! 文档:https://docs.gitlab.com/ee/administration/gitaly/praefect.html
################################################################################
# praefect['enable'] = false
# praefect['dir'] = "/var/opt/gitlab/praefect"
# praefect['log_directory'] = "/var/log/gitlab/praefect"
# praefect['log_group'] = nil
# praefect['env_directory'] = "/opt/gitlab/etc/praefect/env"
# praefect['env'] = {
# 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/",
# 'GODEBUG' => "tlsmlkem=0",
# 'GITALY_PID_FILE' => "/var/opt/gitlab/praefect/praefect.pid",
# 'WRAPPER_JSON_LOGGING' => true
# }
# praefect['wrapper_path'] = "/opt/gitlab/embedded/bin/gitaly-wrapper"
# praefect['auto_migrate'] = true
##! 用于将 Praefect 注册为 Consul 服务的服务名
# praefect['consul_service_name'] = 'praefect'
##! 注册 Praefect 为 Consul 服务时使用的语义元数据
# praefect['consul_service_meta'] = {}
# praefect['configuration'] = {
# listen_addr: 'localhost:2305',
# prometheus_listen_addr: 'localhost:9652',
# tls_listen_addr: 'localhost:3305',
# auth: {
# token: '',
# transitioning: false,
# },
# logging: {
# format: 'json',
# level: 'warn',
# },
# failover: {
# enabled: true,
# },
# background_verification: {
# delete_invalid_records: false,
# verification_interval: '72h',
# },
# reconciliation: {
# scheduling_interval: '5m',
# histogram_buckets: [0.001, 0.005, 0.025, 0.1, 0.5, 1.0, 10.0],
# },
# tls: {
# certificate_path: '/var/opt/gitlab/prafect/certificate.pem',
# key_path: '/var/opt/gitlab/prafect/key.pem',
# },
# database: {
# host: 'postgres.external',
# port: 6432,
# user: 'praefect',
# password: 'secret',
# dbname: 'praefect_production',
# sslmode: 'disable',
# sslcert: '/path/to/client-cert',
# sslkey: '/path/to/client-key',
# sslrootcert: '/path/to/rootcert',
# session_pooled: {
# host: 'postgres.internal',
# port: 5432,
# user: 'praefect',
# password: 'secret',
# dbname: 'praefect_production_direct',
# sslmode: 'disable',
# sslcert: '/path/to/client-cert',
# sslkey: '/path/to/client-key',
# sslrootcert: '/path/to/rootcert',
# },
# },
# sentry: {
# sentry_dsn: 'https://<key>:<secret>@sentry.io/<project>',
# sentry_environment: 'production',
# },
# prometheus: {
# grpc_latency_buckets: [0.001, 0.005, 0.025, 0.1, 0.5, 1.0, 10.0, 30.0, 60.0, 300.0, 1500.0],
# },
# graceful_stop_timeout: '1m',
# virtual_storage: [
# {
# name: 'default',
# default_replication_factor: 3,
# node: [
# {
# storage: 'praefect-internal-0',
# address: 'tcp://10.23.56.78:8075',
# token: 'abc123',
# },
# {
# storage: 'praefect-internal-1',
# address: 'tcp://10.76.23.31:8075',
# token: 'xyz456',
# },
# ],
# },
# {
# name: 'alternative',
# node: [
# {
# storage: 'praefect-internal-2',
# address: 'tcp://10.34.1.16:8075',
# token: 'abc321',
# },
# {
# storage: 'praefect-internal-3',
# address: 'tcp://10.23.18.6:8075',
# token: 'xyz890',
# },
# ],
# },
# ],
# }
################################################################################
## 存储检查
################################################################################
# storage_check['enable'] = false
# storage_check['target'] = 'unix:///var/opt/gitlab/gitlab-rails/sockets/gitlab.socket'
# storage_check['log_directory'] = '/var/log/gitlab/storage-check'
# storage_check['log_group'] = nil
################################################################################
## Let's Encrypt 集成
################################################################################
# letsencrypt['enable'] = nil
# letsencrypt['contact_emails'] = [] # This should be an array of email addresses to add as contacts
# letsencrypt['group'] = 'root'
# letsencrypt['key_size'] = 2048
# letsencrypt['owner'] = 'root'
# letsencrypt['wwwroot'] = '/var/opt/gitlab/nginx/www'
##! 更多设置见 https://docs.gitlab.com/omnibus/settings/ssl/index.html#renew-the-certificates-automatically
# letsencrypt['auto_renew'] = true
# letsencrypt['auto_renew_hour'] = 0
# letsencrypt['auto_renew_minute'] = nil # Should be a number or cron expression, if specified.
# letsencrypt['auto_renew_day_of_month'] = "*/4"
# letsencrypt['auto_renew_log_directory'] = '/var/log/gitlab/lets-encrypt'
# letsencrypt['alt_names'] = []
##! 关闭自动初始化系统检测。用于跳过非 docker 容器中的初始化检测。不建议更改。
# package['detect_init'] = true
##! 尝试修改内核参数。若容器相关文件系统为只读,可设为 false 跳过。
# package['modify_kernel_parameters'] = true
##! 指定 systemd 单元可创建的最大任务数
##! 若用户系统 systemd 版本支持(>= 227),将作为 TasksMax 写入单元文件。否则无效。
# package['systemd_tasks_max'] = 4915
##! 配置 GitLab systemd 单元的启动顺序。
##! 注意:除非必要,不建议更改这些值
# package['systemd_after'] = 'multi-user.target'
# package['systemd_wanted_by'] = 'multi-user.target'
##! 控制密钥生成和存储的设置
##! 注意:除非必要,不建议更改这些值
##! 设为 false 时只解析 `gitlab-secrets.json` 文件中的密钥,不生成新密钥。
# package['generate_default_secrets'] = true
##! 设为 false 时不创建默认的 `gitlab-secrets.json` 文件
# package['generate_secrets_json_file'] = true
##! 控制 SELinux 策略的设置
##! 实验性。设为 1.0 时从旧多策略模块切换为新单一 `gitlab` SELinux 策略模块。
# package['selinux_policy_version'] = nil
################################################################################
################################################################################
## 仅适用于 GitLab EE 的配置设置 ##
################################################################################
################################################################################
################################################################################
## 仅适用于 GitLab EE 的辅助定时任务
################################################################################
# gitlab_rails['geo_repository_sync_worker_cron'] = "*/5 * * * *"
# gitlab_rails['geo_secondary_registry_consistency_worker'] = "* * * * *"
# gitlab_rails['geo_secondary_usage_data_cron_worker'] = "0 0 * * 0"
# gitlab_rails['geo_prune_event_log_worker_cron'] = "*/5 * * * *"
# gitlab_rails['geo_repository_verification_primary_batch_worker_cron'] = "*/5 * * * *"
# gitlab_rails['geo_repository_verification_secondary_scheduler_worker_cron'] = "*/5 * * * *"
# gitlab_rails['geo_metrics_update_worker_cron'] = "*/1 * * * *"
# gitlab_rails['ldap_sync_worker_cron'] = "30 1 * * *"
# gitlab_rails['ldap_group_sync_worker_cron'] = "0 * * * *"
# gitlab_rails['historical_data_worker_cron'] = "0 12 * * *"
# gitlab_rails['elastic_index_bulk_cron'] = "*/1 * * * *"
# gitlab_rails['analytics_devops_adoption_create_all_snapshots_worker_cron'] = "0 4 * * 0"
# gitlab_rails['ci_runners_stale_group_runners_prune_worker_cron'] = "30 * * * *"
# gitlab_rails['click_house_ci_finished_builds_sync_worker_cron'] = "*/3 * * * *"
# gitlab_rails['click_house_ci_finished_builds_sync_worker_args'] = [1]
################################################################################
## Kerberos(仅限企业版)
##! 文档:https://docs.gitlab.com/ee/integration/kerberos.html#http-git-access
################################################################################
# gitlab_rails['kerberos_enabled'] = true
# gitlab_rails['kerberos_keytab'] = /etc/http.keytab
# gitlab_rails['kerberos_service_principal_name'] = HTTP/gitlab.example.com@EXAMPLE.COM
# gitlab_rails['kerberos_simple_ldap_linking_allowed_realms'] = ['example.com','kerberos.example.com']
# gitlab_rails['kerberos_use_dedicated_port'] = true
# gitlab_rails['kerberos_port'] = 8443
# gitlab_rails['kerberos_https'] = true
################################################################################
## 软件包仓库
##! 文档:https://docs.gitlab.com/ee/administration/packages/
################################################################################
# gitlab_rails['packages_enabled'] = true
# gitlab_rails['packages_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/packages"
# gitlab_rails['packages_object_store_enabled'] = false
# gitlab_rails['packages_object_store_proxy_download'] = false
# gitlab_rails['packages_object_store_remote_directory'] = "packages"
# gitlab_rails['packages_object_store_connection'] = {
# 'provider' => 'AWS',
# 'region' => 'eu-west-1',
# 'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
# 'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
# # # The below options configure an S3 compatible host instead of AWS
# # 'host' => 's3.amazonaws.com',
# # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
# # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
# # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
# }
################################################################################
## 依赖代理
##! 文档:https://docs.gitlab.com/ee/administration/packages/dependency_proxy.html
################################################################################
# gitlab_rails['dependency_proxy_enabled'] = true
# gitlab_rails['dependency_proxy_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/dependency_proxy"
# gitlab_rails['dependency_proxy_object_store_enabled'] = false
# gitlab_rails['dependency_proxy_object_store_proxy_download'] = false
# gitlab_rails['dependency_proxy_object_store_remote_directory'] = "dependency_proxy"
# gitlab_rails['dependency_proxy_object_store_connection'] = {
# 'provider' => 'AWS',
# 'region' => 'eu-west-1',
# 'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
# 'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
# # # The below options configure an S3 compatible host instead of AWS
# # 'host' => 's3.amazonaws.com',
# # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
# # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
# # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
# }
################################################################################
## GitLab Sentinel(仅限企业版)
##! 文档:https://docs.gitlab.com/ee/administration/redis/replication_and_failover.html
################################################################################
##! **请确保在继续之前已配置所有 redis['master_*'] 键。**
##! 要启用 Sentinel 并禁用本机上的所有其他服务,
##! 取消下面这行的注释(如果已启用 Redis 角色,则会保留该角色)。
##! 文档:https://docs.gitlab.com/ee/administration/redis/replication_and_failover.html
# redis_sentinel_role['enable'] = true
# sentinel['enable'] = true
##! 绑定所有接口,取消注释以指定 IP 并仅绑定到一个接口
# sentinel['bind'] = '0.0.0.0'
##! 取消注释以更改默认端口
# sentinel['port'] = 26379
##! 取消注释以要求 Sentinel 密码。此密码可与 Redis 主密码不同。
# sentinel['password'] = 'sentinel-password-goes-here'
### 支持在 Docker 或 NAT 环境下运行 Sentinel
###! 文档:https://redis.io/topics/sentinel#sentinel-docker-nat-and-possible-issues
###! 标准情况下,Sentinel 与 Redis 运行在同一网络服务中,因此会为 Redis 和 Sentinel 通告同一 IP
###! 仅在需要为 Sentinel 通告不同于 Redis 的 IP 服务时定义这些值
# sentinel['announce_ip'] = nil # If not defined, its value will be taken from redis['announce_ip'] or nil if not present
# sentinel['announce_port'] = nil # If not defined, its value will be taken from sentinel['port'] or nil if redis['announce_ip'] not present
##! Quorum 必须反映启动故障转移所需的投票 Sentinel 数量。
##! **值不能大于 Sentinel 数量。**
##! Quorum 可用于两种方式调整 Sentinel :
##! 1. 如果 quorum 设置为小于我们部署的 Sentinel 多数的值,
##! 实际上是让 Sentinel 对主故障更敏感,只要少数 Sentinel 无法与主通信就会触发故障转移。
##! 2. 如果 quorum 设置为大于 Sentinel 多数的值,
##! 则只有大量(超过多数)的 Sentinel 同意主故障时才会进行故障转移。
# sentinel['quorum'] = 1
### 服务器无响应后判定为宕机的毫秒数。
# sentinel['down_after_milliseconds'] = 10000
### 指定故障转移超时时间(毫秒)。
##! 用途如下:
##!
##! - 针对同一主机已尝试故障转移后,重新启动故障转移所需时间为两倍超时时间。
##!
##! - 副本因 Sentinel 当前配置而连接错误主机,强制其连接正确主机的时间为超时时间(自 Sentinel 检测到错误起计)。
##!
##! - 已在进行但未产生配置变更的故障转移(REPLICAOF NO ONE 未被提升副本确认)取消所需时间。
##!
##! - 故障转移进行中等待所有副本重新配置为新主的最大时间。即使超时,Sentinel 仍会重新配置副本,但不会按指定的并行同步进度。
# sentinel['failover_timeout'] = 60000
### Sentinel TLS 设置
###! 要通过 TLS 运行 Sentinel,请为以下设置指定值
# sentinel['tls_port'] = nil
# sentinel['tls_cert_file'] = nil
# sentinel['tls_key_file'] = nil
###! 其他 TLS 相关可选设置
# sentinel['tls_dh_params_file'] = nil
# sentinel['tls_ca_cert_dir'] = '/opt/gitlab/embedded/ssl/certs/'
# sentinel['tls_ca_cert_file'] = '/opt/gitlab/embedded/ssl/certs/cacert.pem'
# sentinel['tls_auth_clients'] = 'optional'
# sentinel['tls_replication'] = nil
# sentinel['tls_cluster'] = nil
# sentinel['tls_protocols'] = nil
# sentinel['tls_ciphers'] = nil
# sentinel['tls_ciphersuites'] = nil
# sentinel['tls_prefer_server_ciphers'] = nil
# sentinel['tls_session_caching'] = nil
# sentinel['tls_session_cache_size'] = nil
# sentinel['tls_session_cache_timeout'] = nil
### Sentinel 主机名支持
###! 启用后,Redis 将支持主机名
###! 通常无需更改,我们会根据 `redis['announce_ip']` 输入自动判断
###! * 若提供完整主机名则配置为 true
###! * 若提供 IP 地址则配置为 false
# sentinel['use_hostnames'] = <calculated>
### Sentinel 日志设置
# sentinel['log_directory'] = '/var/log/gitlab/sentinel'
################################################################################
## 其他数据库设置(仅限企业版)
##! 文档:https://docs.gitlab.com/ee/administration/postgresql/database_load_balancing.html
################################################################################
# gitlab_rails['db_load_balancing'] = { 'hosts' => ['secondary1.example.com'] }
################################################################################
## GitLab Geo
##! 文档:https://docs.gitlab.com/ee/administration/geo/
################################################################################
##! Geo 角色 'geo_primary_role' 和 'geo_secondary_role' 已在上方与其他角色一起设置。
##! 更多信息见:https://docs.gitlab.com/omnibus/roles/index.html#roles 。
##! 这是一个可选标识符,Geo 节点可用来标识自身。
##! 例如,如果两个二级节点的 external_url 相同,必须为这些二级节点指定唯一的 Geo 节点名称。
##! 若留空,则默认为 external_url。
# gitlab_rails['geo_node_name'] = nil
# gitlab_rails['geo_registry_replication_enabled'] = true
# gitlab_rails['geo_registry_replication_primary_api_url'] = 'https://example.com:5050'
################################################################################
## GitLab Geo Secondary(仅限企业版)
################################################################################
# geo_secondary['auto_migrate'] = true
# geo_secondary['db_adapter'] = "postgresql"
# geo_secondary['db_encoding'] = "unicode"
# geo_secondary['db_collation'] = nil
# geo_secondary['db_database'] = "gitlabhq_geo_production"
# geo_secondary['db_username'] = "gitlab_geo"
# geo_secondary['db_password'] = nil
# geo_secondary['db_host'] = "/var/opt/gitlab/geo-postgresql"
# geo_secondary['db_port'] = 5431
# geo_secondary['db_socket'] = nil
# geo_secondary['db_sslmode'] = nil
# geo_secondary['db_sslcompression'] = 0
# geo_secondary['db_sslrootcert'] = nil
# geo_secondary['db_sslca'] = nil
# geo_secondary['db_prepared_statements'] = false
# geo_secondary['db_database_tasks'] = true
################################################################################
## GitLab Geo Secondary 跟踪数据库(仅限企业版)
################################################################################
# geo_postgresql['enable'] = false
# geo_postgresql['ha'] = false
# geo_postgresql['dir'] = '/var/opt/gitlab/geo-postgresql'
# geo_postgresql['pgbouncer_user'] = nil
# geo_postgresql['pgbouncer_user_password'] = nil
##! `SQL_USER_PASSWORD_HASH` can be generated using the command `gitlab-ctl pg-password-md5 gitlab`
# geo_postgresql['sql_user_password'] = 'SQL_USER_PASSWORD_HASH'
# geo_postgresql['log_directory'] = '/var/log/gitlab/geo-postgresql'
##! 当 PostgreSQL 版本变更时自动重启服务。
# geo_postgresql['auto_restart_on_version_change'] = true
################################################################################
## GitLab Geo 日志游标守护进程(仅限企业版)
################################################################################
# geo_logcursor['enable'] = false
# geo_logcursor['log_directory'] = '/var/log/gitlab/geo-logcursor'
# geo_logcursor['log_group'] = nil
################################################################################
## Unleash
##! 这些设置供 GitLab 内部使用。
##! 用于在 GitLab 开发期间控制功能开关。
##! 文档:https://docs.gitlab.com/ee/development/feature_flags
################################################################################
# gitlab_rails['feature_flags_unleash_enabled'] = false
# gitlab_rails['feature_flags_unleash_url'] = nil
# gitlab_rails['feature_flags_unleash_app_name'] = nil
# gitlab_rails['feature_flags_unleash_instance_id'] = nil
################################################################################
## Pgbouncer(仅限企业版)
##! 参见 GitLab PgBouncer 文档:https://docs.gitlab.com/ee/administration/postgresql/pgbouncer.html
##! 参见 PgBouncer 页面 http://www.pgbouncer.org/config.html 获取详情
################################################################################
# pgbouncer['enable'] = false
# pgbouncer['log_directory'] = '/var/log/gitlab/pgbouncer'
# pgbouncer['log_group'] = nil
# pgbouncer['data_directory'] = '/var/opt/gitlab/pgbouncer'
# pgbouncer['env_directory'] = '/opt/gitlab/etc/pgbouncer/env'
# pgbouncer['env'] = {
# 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
# }
# pgbouncer['listen_addr'] = '0.0.0.0'
# pgbouncer['listen_port'] = '6432'
# pgbouncer['pool_mode'] = 'transaction'
# pgbouncer['max_prepared_statements'] = 0
# pgbouncer['server_reset_query'] = 'DISCARD ALL'
# pgbouncer['application_name_add_host'] = '1'
# pgbouncer['max_client_conn'] = '2048'
# pgbouncer['default_pool_size'] = '100'
# pgbouncer['min_pool_size'] = '0'
# pgbouncer['reserve_pool_size'] = '5'
# pgbouncer['reserve_pool_timeout'] = '5.0'
# pgbouncer['server_round_robin'] = '0'
# pgbouncer['log_connections'] = '0'
# pgbouncer['server_idle_timeout'] = '30'
# pgbouncer['dns_max_ttl'] = '15.0'
# pgbouncer['dns_zone_check_period'] = '0'
# pgbouncer['dns_nxdomain_ttl'] = '15.0'
# pgbouncer['admin_users'] = %w(gitlab-psql postgres pgbouncer)
# pgbouncer['stats_users'] = %w(gitlab-psql postgres pgbouncer)
# pgbouncer['ignore_startup_parameters'] = 'extra_float_digits'
# pgbouncer['track_extra_parameters'] = %w(IntervalStyle)
# pgbouncer['databases'] = {
# DATABASE_NAME: {
# host: HOSTNAME,
# port: PORT
# user: USERNAME,
# password: PASSWORD
##! generate this with `echo -n '$password + $username' | md5sum`
# }
# ...
# }
# pgbouncer['logfile'] = nil
# pgbouncer['unix_socket_dir'] = nil
# pgbouncer['unix_socket_mode'] = '0777'
# pgbouncer['unix_socket_group'] = nil
# pgbouncer['auth_type'] = 'md5'
# pgbouncer['auth_hba_file'] = nil
# pgbouncer['auth_dbname'] = nil
# pgbouncer['auth_query'] = 'SELECT username, password FROM public.pg_shadow_lookup($1)'
# pgbouncer['users'] = {
# USERNAME: {
# 'password': MD5_PASSWORD_HASH,
# }
# }
# postgresql['pgbouncer_user'] = nil
# postgresql['pgbouncer_user_password'] = nil
# pgbouncer['server_reset_query_always'] = 0
# pgbouncer['server_check_query'] = 'select 1'
# pgbouncer['server_check_delay'] = 30
# pgbouncer['max_db_connections'] = nil
# pgbouncer['max_user_connections'] = nil
# pgbouncer['syslog'] = 0
# pgbouncer['syslog_facility'] = 'daemon'
# pgbouncer['syslog_ident'] = 'pgbouncer'
# pgbouncer['log_disconnections'] = 1
# pgbouncer['log_pooler_errors'] = 1
# pgbouncer['stats_period'] = 60
# pgbouncer['verbose'] = 0
# pgbouncer['server_lifetime'] = 3600
# pgbouncer['server_connect_timeout'] = 15
# pgbouncer['server_login_retry'] = 15
# pgbouncer['query_timeout'] = 0
# pgbouncer['query_wait_timeout'] = 120
# pgbouncer['client_idle_timeout'] = 0
# pgbouncer['client_login_timeout'] = 60
# pgbouncer['autodb_idle_timeout'] = 3600
# pgbouncer['suspend_timeout'] = 10
# pgbouncer['idle_transaction_timeout'] = 0
# pgbouncer['cancel_wait_timeout'] = 10
# pgbouncer['pkt_buf'] = 4096
# pgbouncer['listen_backlog'] = 128
# pgbouncer['sbuf_loopcnt'] = 5
# pgbouncer['max_packet_size'] = 2147483647
# pgbouncer['so_reuseport'] = 0
# pgbouncer['tcp_defer_accept'] = 0
# pgbouncer['tcp_socket_buffer'] = 0
# pgbouncer['tcp_keepalive'] = 1
# pgbouncer['tcp_keepcnt'] = 0
# pgbouncer['tcp_keepidle'] = 0
# pgbouncer['tcp_keepintvl'] = 0
# pgbouncer['disable_pqexec'] = 0
# default['pgbouncer']['peers'] = {}
### Pgbouncer 客户端 TLS 选项
# pgbouncer['client_tls_sslmode'] = 'disable'
# pgbouncer['client_tls_ca_file'] = nil
# pgbouncer['client_tls_key_file'] = nil
# pgbouncer['client_tls_cert_file'] = nil
# pgbouncer['client_tls_protocols'] = 'all'
# pgbouncer['client_tls_dheparams'] = 'auto'
# pgbouncer['client_tls_ecdhcurve'] = 'auto'
#
### Pgbouncer 服务端 TLS 选项
# pgbouncer['server_tls_sslmode'] = 'disable'
# pgbouncer['server_tls_ca_file'] = nil
# pgbouncer['server_tls_key_file'] = nil
# pgbouncer['server_tls_cert_file'] = nil
# pgbouncer['server_tls_protocols'] = 'all'
# pgbouncer['server_tls_ciphers'] = 'fast'
################################################################################
## Patroni(仅限企业版)
################################################################################
# patroni['enable'] = false
# patroni['dir'] = '/var/opt/gitlab/patroni'
# patroni['ctl_command'] = '/opt/gitlab/embedded/bin/patronictl'
### Patroni 动态配置设置
# patroni['loop_wait'] = 10
# patroni['ttl'] = 30
# patroni['retry_timeout'] = 10
# patroni['maximum_lag_on_failover'] = 1_048_576
# patroni['max_timelines_history'] = 0
# patroni['master_start_timeout'] = 300
# patroni['use_pg_rewind'] = true
# patroni['remove_data_directory_on_rewind_failure'] = false
# patroni['remove_data_directory_on_diverged_timelines'] = false
# patroni['use_slots'] = true
# patroni['replication_password'] = nil
# patroni['replication_slots'] = {}
# patroni['callbacks'] = {}
# patroni['recovery_conf'] = {}
# patroni['tags'] = {}
### 备用集群复制设置
# patroni['standby_cluster']['enable'] = false
# patroni['standby_cluster']['host'] = nil
# patroni['standby_cluster']['port'] = 5432
# patroni['standby_cluster']['primary_slot_name'] = nil
### 全局/通用设置
# patroni['scope'] = 'gitlab-postgresql-ha'
# patroni['name'] = nil
### 日志设置
# patroni['log_directory'] = '/var/log/gitlab/patroni'
# patroni['log_group'] = nil
# patroni['log_level'] = 'INFO'
### Consul 专用设置
# patroni['consul']['url'] = 'http://127.0.0.1:8500'
# patroni['consul']['service_check_interval'] = '10s'
# patroni['consul']['register_service'] = true
# patroni['consul']['checks'] = []
### PostgreSQL 配置覆盖
# patroni['postgresql']['hot_standby'] = 'on'
###! 以下设置在所有节点上必须保持一致。
###! 留空则使用 PostgreSQL 默认值。
# patroni['postgresql']['wal_level'] = 'replica'
# patroni['postgresql']['wal_log_hints'] = 'on'
# patroni['postgresql']['max_worker_processes'] = 8
# patroni['postgresql']['max_locks_per_transaction'] = 64
# patroni['postgresql']['max_connections'] = 400
# patroni['postgresql']['checkpoint_timeout'] = 30
###! 以下设置可在各节点不同。
###! 留空则使用 PostgreSQL 默认值。
# patroni['postgresql']['wal_keep_segments'] = 8
# patroni['postgresql']['max_wal_senders'] = 5
# patroni['postgresql']['max_replication_slots'] = 5
### 流复制的永久复制槽
# patroni['replication_slots'] = {
# 'geo_secondary' => { 'type' => 'physical' }
# }
###! Patroni API 绑定和监听的地址和端口。
# patroni['listen_address'] = nil
# patroni['port'] = '8008'
###! Patroni 节点向其他集群成员通告的 API 和 PostgreSQL 通信地址。
###! 如果未指定,则尝试使用第一个可用的私有 IP,最后回退到默认网卡。
# patroni['connect_address'] = nil
###! Patroni API 响应其他集群成员的端口。该端口会被通告,默认与 patroni['port'] 相同。
# patroni['connect_port'] = '8008'
###! 允许调用不安全 REST API 端点的主机集合。
###! 每项可以是主机名、IP 或 CIDR 地址。
###! 如果未设置,则允许所有主机。
# patroni['allowlist'] = []
# patroni['allowlist_include_members'] = false
###! Patroni API 写命令的基本认证用户名和密码。
###! 如果未指定,则 API 不使用基本认证。
# patroni['username'] = nil
# patroni['password'] = nil
###! Patroni API 的 TLS 配置。需同时指定证书和密钥文件才启用 TLS。
###! 如果未指定,则 API 使用明文 HTTP。
# patroni['tls_certificate_file'] = nil
# patroni['tls_key_file'] = nil
# patroni['tls_key_password'] = nil
# patroni['tls_ca_file'] = nil
# patroni['tls_ciphers'] = nil
# patroni['tls_client_mode'] = nil
# patroni['tls_client_certificate_file'] = nil
# patroni['tls_client_key_file'] = nil
# patroni['tls_verify'] = true
################################################################################
## Consul(仅限企业版)
################################################################################
# consul['enable'] = false
# consul['binary_path'] = '/opt/gitlab/embedded/bin/consul'
# consul['dir'] = '/var/opt/gitlab/consul'
# consul['username'] = 'gitlab-consul'
# consul['group'] = 'gitlab-consul'
# consul['config_file'] = '/var/opt/gitlab/consul/config.json'
# consul['config_dir'] = '/var/opt/gitlab/consul/config.d'
# consul['data_dir'] = '/var/opt/gitlab/consul/data'
# consul['log_directory'] = '/var/log/gitlab/consul'
# consul['log_group'] = nil
# consul['env_directory'] = '/opt/gitlab/etc/consul/env'
# consul['env'] = {
# 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
# 'GODEBUG' => "tlsmlkem=0",
# }
# consul['monitoring_service_discovery'] = false
# consul['node_name'] = nil
# consul['script_directory'] = '/var/opt/gitlab/consul/scripts'
# consul['configuration'] = {
# 'client_addr' => nil,
# 'datacenter' => 'gitlab_consul',
# 'enable_script_checks' => false,
# 'enable_local_script_checks' => true,
# 'server' => false
# }
# consul['services'] = []
# consul['service_config'] = {
# 'postgresql' => {
# 'service' => {
# 'name' => "postgresql",
# 'address' => '',
# 'port' => 5432,
# 'checks' => [
# {
# 'script' => "/var/opt/gitlab/consul/scripts/check_postgresql",
# 'interval' => "10s"
# }
# ]
# }
# }
# }
# consul['watchers'] = []
# consul['custom_config_dir'] = '/path/to/service/configs/directory'
### HTTP API 端口
# consul['http_port'] = nil
# consul['https_port'] = nil
### Gossip 加密
# consul['encryption_key'] = nil
# consul['encryption_verify_incoming'] = nil
# consul['encryption_verify_outgoing'] = nil
### TLS 设置
# consul['use_tls'] = false
# consul['tls_ca_file'] = nil
# consul['tls_certificate_file'] = nil
# consul['tls_key_file'] = nil
# consul['tls_verify_client'] = nil
################################################################################
## 服务台邮箱设置
################################################################################
### 服务台邮箱
###! 允许用户通过发送邮件到服务台地址创建新服务台工单。
###! 文档:https://docs.gitlab.com/ee/user/project/service_desk/index.html
# gitlab_rails['service_desk_email_enabled'] = false
#### 服务台邮箱设置(通过 `mail_room`)
#### 服务台邮箱地址
####! 邮箱地址包含 `%{key}` 占位符,该占位符会被替换为被回复的项目。
####! **占位符可以省略,但如果存在,必须出现在地址的“用户”部分(@前)。**
# gitlab_rails['service_desk_email_address'] = "contact_project+%{key}@gmail.com"
#### 服务台邮箱账户用户名
####! **第三方邮箱通常为完整邮箱地址。**
####! **自建邮箱服务器通常为邮箱的用户部分。**
# gitlab_rails['service_desk_email_email'] = "contact_project@gmail.com"
#### 服务台邮箱账户密码
# gitlab_rails['service_desk_email_password'] = "[REDACTED]"
####! 服务台邮件将进入的邮箱,通常为“inbox”。
# gitlab_rails['service_desk_email_mailbox_name'] = "inbox"
####! IDLE 命令超时。
# gitlab_rails['service_desk_email_idle_timeout'] = 60
####! 内部 `mail_room` JSON 日志文件名
# gitlab_rails['service_desk_email_log_file'] = "/var/log/gitlab/mailroom/mail_room_json.log"
#### 服务台 IMAP 设置
# gitlab_rails['service_desk_email_host'] = "imap.gmail.com"
# gitlab_rails['service_desk_email_port'] = 993
# gitlab_rails['service_desk_email_ssl'] = true
# gitlab_rails['service_desk_email_start_tls'] = false
#### 收件箱选项(用于 Microsoft Graph)
# gitlab_rails['service_desk_email_inbox_method'] = 'microsoft_graph'
# gitlab_rails['service_desk_email_inbox_options'] = {
# 'tenant_id': 'YOUR-TENANT-ID',
# 'client_id': 'YOUR-CLIENT-ID',
# 'client_secret': 'YOUR-CLIENT-SECRET',
# 'poll_interval': 60 # 可选
# }
####! 服务台邮件如何传递到 Rails 进程。可选 sidekiq 或 webhook。默认配置为 webhook。
# gitlab_rails['service_desk_email_delivery_method'] = "webhook"
####! 用于 webhook 请求认证的令牌。令牌必须正好 32 字节,base64 编码
# gitlab_rails['service_desk_email_auth_token'] = nil
#################################################################################
## 垃圾邮件检查(仅限企业版)
#################################################################################
# spamcheck['enable'] = false
# spamcheck['dir'] = '/var/opt/gitlab/spamcheck'
# spamcheck['port'] = 8001
# spamcheck['external_port'] = nil
# spamcheck['monitoring_address'] = ':8003'
# spamcheck['log_level'] = 'info'
# spamcheck['log_format'] = 'json'
# spamcheck['log_output'] = 'stdout'
# spamcheck['monitor_mode'] = false
# spamcheck['allowlist'] = {}
# spamcheck['denylist'] = {}
# spamcheck['log_directory'] = "/var/log/gitlab/spamcheck"
# spamcheck['log_group'] = nil
# spamcheck['env_directory'] = "/opt/gitlab/etc/spamcheck/env"
# spamcheck['env'] = {
# 'SSL_CERT_DIR' => '/opt/gitlab/embedded/ssl/certs/',
# 'GODEBUG' => "tlsmlkem=0",
# }
# spamcheck['classifier']['log_directory'] = "/var/log/gitlab/spam-classifier"
#################################################################################
## (Go-)Crond
#################################################################################
# crond['log_directory'] = '/var/log/gitlab/crond'
# crond['cron_d'] = '/var/opt/gitlab/crond'
# crond['flags'] = {}
#################################################################################
## gitlab-backup-cli 设置
#################################################################################
# gitlab_backup_cli['enable'] = false
# gitlab_backup_cli['user'] = 'gitlab-backup'
# gitlab_backup_cli['group'] = 'gitlab-backup'
# gitlab_backup_cli['dir'] = '/var/opt/gitlab/backups'
# gitlab_backup_cli['additional_groups'] = %w[git gitlab-psql registry]汉化过程如下
我使用了AI助理工具进行汉化,但是配置文件太长啦,已经超过了当下AI软件最长的上下文空间,我写了个python切片合并工具解决这个问题,最后使用微软copilot进行解决。这里对汉化过程使用的关键文件进行记录,以备下次使用。
切片合并代码
使用方法
分割文件: python split.py split <文件名> [每文件行数]
合并文件: python split.py merge <基本文件名>split文件的python源码
import os
import re
import glob
def split_file_by_lines(filename, lines_per_file=300):
"""
将文件按指定行数切分
Args:
filename (str): 原始文件名
lines_per_file (int): 每个文件的行数,默认300行
"""
with open(filename, 'r', encoding='utf-8') as file:
file_number = 1
lines = []
for line in file:
lines.append(line)
# 当达到指定行数时,写入新文件
if len(lines) == lines_per_file:
output_filename = f"{filename[:-4]}_{file_number}.txt"
with open(output_filename, 'w', encoding='utf-8') as output_file:
output_file.writelines(lines)
print(f"创建文件: {output_filename}")
# 重置lines列表,准备下一组行
lines = []
file_number += 1
# 处理最后一批不足300行的行
if lines:
output_filename = f"{filename[:-4]}_{file_number}.txt"
with open(output_filename, 'w', encoding='utf-8') as output_file:
output_file.writelines(lines)
print(f"创建文件: {output_filename}")
def merge_files(basename):
"""
将分片文件合并成原始文件
Args:
basename (str): 原始文件的基本名称(不含.txt扩展名)
"""
# 查找所有匹配的分片文件
pattern = f"{basename}_*.txt"
fragment_files = glob.glob(pattern)
# 如果没有找到分片文件,提示用户
if not fragment_files:
print(f"未找到 {basename} 的分片文件")
return
# 按照序号排序分片文件
def get_file_number(file):
match = re.search(r'_(\d+)\.txt$', file)
return int(match.group(1)) if match else 0
fragment_files.sort(key=get_file_number)
# 合并文件
output_filename = f"{basename}-merge.txt"
with open(output_filename, 'w', encoding='utf-8') as output_file:
for fragment_file in fragment_files:
with open(fragment_file, 'r', encoding='utf-8') as f:
output_file.write(f.read())
print(f"已合并: {fragment_file}")
print(f"所有分片文件已合并为: {output_filename}")
# 使用示例
if __name__ == "__main__":
import sys
if len(sys.argv) < 2:
print("用法:")
print(" 分割文件: python split.py split <文件名> [每文件行数]")
print(" 合并文件: python split.py merge <基本文件名>")
sys.exit(1)
action = sys.argv[1]
if action == "split":
filename = sys.argv[2]
lines_per_file = int(sys.argv[3]) if len(sys.argv) > 3 else 300
split_file_by_lines(filename, lines_per_file)
elif action == "merge":
basename = sys.argv[2]
# 如果用户提供了带.txt的文件名,去掉扩展名
if basename.endswith('.txt'):
basename = basename[:-4]
merge_files(basename)
else:
print("无效操作。请使用 'split' 或 'merge'")AI指令
翻译gitlab.rb_*.txt文件里的注释,两个#开头的是注释,一个#开头的是代码更新日志
2025/8/26 02:32
查看所有更新日志
5da80-于