Practical GitLab Services : A Complete DevOps Guide for Developers and Administrators

Table of Contents
About the Author
About the Technical Reviewer
Acknowledgments
Introduction
Chapter 1: Only the Beginning
	Introducing GitLab
	Setting Up a GitLab Account
		Creating a GitLab SaaS Account
		Creating Your First Project
		A Glimpse at GitLab’s Main Interface
	Exploring User Options
		Updating Your User Profile
		Setting Your Preferences
		Accessing Your Dashboard Home Page
	Summary
Chapter 2: Just the Source
	Exploring the Web IDE
		Editing with the Web IDE
		Previewing Markdown Files
		Viewing Changes via the Source Control Panel
		Committing Your Changes
		Reviewing the Project Summary Page
	Working with Branches
		Creating a New Branch
		Reviewing Project Changes After Branch Creation
		Committing Changes on a Branch
		Visualizing Branch Changes with the Repository Graph
		Committing Multiple Changes on a Branch
	Submitting Merge Requests
		Creating a Merge Request
		Viewing Merge Request Details
		Tracking Open Merge Requests
		Merging Changes from a Merge Request
		Reviewing Project Changes After an MR Merge
	Resolving Merge Conflicts
		Setting Up the Conditions for a Merge Conflict
		Generating the Merge Conflict
		Exploring Ways to Resolve the Merge Conflict
		Committing the Conflict Resolution Change
		Performing an MR Merge After Committing a Conflict Resolution
		Reviewing Project Status After Merge of Conflicting MRs
	Considering Branching Strategies
	Summary
Chapter 3: Working the Remote Life
	Installing Git
	Cloning with HTTPS
		Preparing Your Local Environment
		Determining the URL to Use for Cloning with HTTPS
		Performing the HTTPS Clone with the Git Credential Manager
		Performing the HTTPS Clone Using Username and Password Credentials
	Cloning with SSH
		Creating the SSH Key Pair on Your Local Environment
		Registering the SSH Public Key with GitLab
		Testing SSH Connectivity to GitLab
		Debugging Common Issues Connecting with SSH
		Determining the URL to Use for Cloning with SSH
		Cloning Your Project with SSH
	Configuring Git
		Configuring Your Username and Email Address
		Locating the Global Configuration File
	Making Changes with Git
		Creating a New Branch in GitLab for Use by Your Local Repository
		Synchronizing the New GitLab Branch with Your Local Environment
		Making Changes in the Local Repository
		Staging Changes in Your Local Repository
		Committing Changes in Your Local Repository
		Pushing Changes Up to the GitLab Project Repository
		Confirming Changes in the GitLab Project Repository
		Creating the Merge Request in GitLab and Merging It
		Cleaning Up the Local Repository
	Summary
Chapter 4: Build, Test, Rinse, and Repeat
	Introducing the GitLab Configuration File
		General Overview of the Configuration File
		Creating a Basic CI/CD Pipeline Configuration
		Associating Jobs to Stages
		Validating Account Upon First Pipeline Run
		Restarting a Pipeline
		Pipeline Job Execution Through the Various Stages
		Viewing a Job’s Output
		Viewing a Project’s Pipeline Status Page
		Project Status Impacts After a Pipeline Run
	Working with Docker
		A Personal Experience with Jenkins and GitLab
		The Case for Docker
		Exploring Docker Hub
		Specifying a New Default Image
		Defining Tasks to Run by Default Before Every Job
		Overriding the Default Image and before_script Tasks for a Given Job
	Introducing CI/CD Variables
		Defining and Using Variables Within a Configuration File
		Using Predefined Variables in a Configuration File
		Defining Variables When Manually Running a Pipeline
		Setting Descriptions and Default Values for “Run Pipeline” Variables
		Defining CI/CD Variables at the Project or Group Level
		Masking Secret Values for CI/CD Variables
	Managing CI/CD Configurations
		Breaking a Pipeline Configuration into Multiple Files
		Viewing a Merged Configuration with the CI/CD Editor
		Additional Include Types
		Breaking Jobs into Reusable Pieces Using Extends
		Enabling Fine-Grain Reusability with Reference Tags
	Summary
Chapter 5: Under One Condition
	Following the Rules
		Overview of Rules
		Changing Rule Behavior with the When Keyword
		Preparing Scripts to Explore Impacts of Rules
		A Simple Rule Example
		Variable Expression Conditions
			String Comparisons
			Variable Status Tests
			Regular Expression Matches
			Compound Expressions
		Common Predefined Variables Used in Rules
		Example Rules with CI_PIPELINE_SOURCE
		Branch Pipelines vs. Merge Request Pipelines
		Working with Workflows
		Interactions Between Workflows and Rules
		File-Based Rule Conditions
		Considerations When Using File-Based Conditions
		Example of Rules Using File-Based Conditions
		Overriding Variables Within a Rule
	Dealing with Failures
		Preparing an Example to Test Job Failures
		Ignoring a Job Failure
		Conditionally Ignoring a Job Failure
		Ignoring Job Failure Based on Exit Codes
		Running a Job Based on Another Job’s Failure
		Enabling a Job to Always Run After Another Job’s Failure
		Rerunning a Job That Failed Based on External Events
	Manually Running Jobs
		Pausing a Job in Order to Stop a Pipeline’s Execution
		Pausing a Job Without Blocking a Pipeline’s Execution
		Impacts of Manually Running a Paused Job That Eventually Fails
		Impacts of Canceling a Paused Job
	Summary
Chapter 6: You Build It, You Keep It
	Creating and Preserving Artifacts
		Denoting Generated Objects As Artifacts
		Creating and Accessing Artifacts
		Accessing Artifacts in Jobs of Follow-On Stages
		Downloading Artifacts from GitLab
		Renaming the Artifacts Zip File
		Accessing Artifacts from a Merge Request
		Additional Artifacts Options
	Working with Caches
		Distinction in the Pipeline Handling of Artifacts and Caches
		A Maven Example
		Build Job Updates for Maven
		Pipeline Updates to Cache Maven Objects
		Accessing the Cache in the Unit Test
		Impact on Cache When Rerunning the Pipeline
		Creating Multiple Caches in a Pipeline
		Marking a Cache As Read-Only
		Clearing Caches
	Summary
Chapter 7: Let’s Get Organized
	Introducing Groups
		Viewing Group-Specific Projects
		Viewing Group Activity
		Viewing Members of a Group
		Adding Members to a Group
		Project Impacts When Adding a Group Member
		Promoting a Group Member to Higher Project Role
		Differences Between Group and Project Change Role Lists
	Working with Subgroups
		Creating a Subgroup
		Viewing the Subgroup Page
		Adding Additional Members to a Subgroup
		Developer-Specific Views of Groups and Subgroups
		Maintainer-Specific Views of Groups and Subgroups
		Determining Roles Allowed to Create Projects Within a Group
		Determining Roles Allowed to Create Subgroups Within a Group
	Navigating Permissions via Roles
		Additional Roles of Guest and Reporter
		Overview of Permissions
		Comparing GitLab’s Permission Model with Other Models
		Inviting GitLab Groups As Members of Other Groups and Projects
		Importing Project Members from Another Project
		Special Roles for Self-Managed Sites
	Managing Group- and Project-Specific Resources
		Managing Group- and Project-Specific Runners
		Managing Group- and Project-Specific Packages and Registries
	Creating Personal Projects
		Creating a Personal Project
		Viewing Personal Projects from the Project Summary Page
		Special Caveats of Personal Projects
	Reorganizing Projects and Groups
		Renaming a Project
		Changing a Project’s URL Path Name
		Impacts of Changing a Project’s Path
		Archiving a Project
		Deleting a Project
		Transferring a Project to Another Group
		Renaming a Group
		Changing a Group’s URL
		Deleting a Group
		Transferring a Group to Another Group
	Exporting and Importing Projects
		Exporting a Project
		Importing a Project
		Dealing with Import Failures
	Summary
Chapter 8: I Have an Issue with That
	Managing Issues
		Viewing Project-Specific Issues
		Creating an Issue
		Viewing Issue Details
		Editing an Issue
		Reacting to an Issue
		Viewing Issue Activity
		Filtering Issues
		Editing Multiple Issues at Once
	Labeling Issues and MRs
		Viewing Labels in Issues List
		Filtering Issues by Label
		Editing Labels
		Prioritizing Labels
		Creating a New Label
		Promoting Labels to a Group
	Creating MRs from Issues
		Creating a Merge Request from an Issue
		Viewing a Merge Request Generated from an Issue
		Viewing Labels in Merge Requests List
		Impact on Issue When Merging an Associated MR
	Linking Issues
		Special Considerations About Linking Issues in GitLab
		Linking One Issue to Another
		Viewing Linked Items
		Deleting a Link
		Special Link Types with Paid Subscriptions
	Summary
Chapter 9: The Best Laid Plans
	Establishing Milestones
		Creating Milestones
		Viewing Milestone Details
		Associating Issues with Milestones
		Viewing Milestones from the Issue List
		Removing an Issue from a Milestone
		Viewing the Project’s Milestone Summary
		Promoting Milestones to the Group Level
		Viewing Milestone Associations with MRs
		Viewing Milestones from the Top-Level Dashboard
		Filtering Issues by Milestones
		Special Considerations of Milestones
	Defining Tasks
		Creating Tasks
		Editing a Task
		Completing a Task
		Viewing Tasks in the Issue List
		Associating Tasks to Milestones
		Filtering Tasks from an Issue List
		Converting Document List Items to Tasks
	Planning with Boards
		Exploring an Existing Issue Board
		Creating Additional Column Lists
		Editing an Issue Board
		Moving Items Between Columns on an Issue Board
		Impact of Closing an Issue from the Board
		Moving Issues Within a Column
		Creating and Editing a Group-Level Issue Board
		Creating a New Project Issue Board
		Working with Multiple Issue Boards
		Additional Features with Paid Subscriptions
	Integrating with Jira
		Setting Up a Jira Cloud Account
		Installing the GitLab for Jira Cloud App
		Configuring the GitLab for Jira Cloud App
		Authorizing the App to Connect to Your GitLab Account
		Linking the App to Your GitLab Namespace
		Creating the Jira API Key
		Configuring a GitLab Project for Jira Integration
		Verifying the Project Is Integrated with Jira
		Viewing Integrated Issues from GitLab
		Viewing Integrated Issues from Jira
		Impact of Issue Changes Made from Jira
		Impact of Issue Changes Made from GitLab
		Viewing GitLab Job Information from Jira
		Additional Jira Integration Features with Paid Subscriptions
	Summary
Chapter 10: It’s Nice to Share
	Managing Docker Images
		Considerations When Creating Our Own Docker Images
		Accessing the Project Container Registry
		Process for Creating and Storing a Docker Image
			Exploring the Dockerfile
			Pipeline Configuration for Creating, Storing, and Using a Docker Image
			Overview of the docker-build Job
			Overview of the Build Job
		Pipeline Results of Creating, Storing, and Using a Docker Image
		Viewing Container Registry Changes
		Merge Request Results of Creating and Storing a Docker Image
		The Problem of Unneeded Images
		Setting an Image Cleanup Policy
	Sharing Docker Images
		First Attempt Accessing an Image from Another Project
		Investigating Why Access Was Denied
		Enabling a Project to Access Another’s Container Registry
		Accessing Container Registry Images Outside of GitLab
		Creating Personal Access Tokens
		Accessing Images Using Personal Access Tokens
		Using DOCKER_AUTH_CONFIG to Access a Project’s Container Registry
		Determining the DOCKER_AUTH_CONFIG Authentication String
		Setting DOCKER_AUTH_CONFIG As a Group CI/CD Variable
		Security Concerns with DOCKER_AUTH_CONFIG
		Creating Project Deploy Tokens
		Creating Group Deploy Tokens
		A Brief Mention of Project and Group Access Tokens
	Working with the Package Registry
		Accessing the Project Package Registry
		A Maven Example of Creating and Storing a Jar File
			Changes to pom.xml
			Changes to settings.xml
			Extracting Credentials with maven-env.sh Script
			Changes to the Build Script
			Changes to the Unit Test Script
			Changes to the Deploy Script
		Pipeline Results of Creating and Storing a Jar File
		Viewing Package Registry Changes
		Viewing Package Details in the Registry
		Effects of Multiple Pipeline Runs on the Package Registry
		Automating Cleanup of the Package Registry
	Summary
Chapter 11: There’s an API for That
	Introducing the GitLab REST API
		Differences Between GitLab UI and REST API URLs
		Differences Between GitLab UI and REST API Responses
		REST API Basics
		GitLab REST API Resources
		Restricting Resources with URL Endpoints
		Restricting Results with URL Parameters
		Requesting Additional Information with URL Endpoints
		URL Endpoint Patterns
		Paginating Responses
		Retrieving Additional Pages
		Standalone Resource Examples
	RESTing with Curl
		Setting Up Authentication to Make API Requests
		A Simple REST API Query with Curl
		Using jq to Manipulate JSON Responses
		Using jq to Pretty-Print REST API Responses
		Using jq to Extract Information from REST API Responses
		Using Programming Languages to Manipulate REST API Responses
		Using Curl to Manipulate Resources
		Creating a Resource with the REST API
		Deleting a Resource with the REST API
		Modifying Resources with the REST API
	Exploring GraphQL
		Making GraphQL Requests with Curl
		Reading GraphQL Queries from a File
		A Query to Retrieve Issues Associated with a Project
		A Query to Retrieve One Issue Associated with a Project
		A Query to Return a Sorted List of Issues Associated with a Project
		Creating an Object with GraphQL
		Updating an Object with GraphQL
		Deleting an Object with GraphQL
	Interacting with GraphiQL
		The GraphQL Explorer
		Getting Help Making GraphQL Requests
			Starting a Project Query
			Setting the fullPath Option
			Requesting Successful and Failed Jobs for the Project
			Restricting the Number of Jobs Returned
			Selecting Job Fields to Be Returned by the Query
			Requesting Paging Information
			Running the Completed Query
		Pagination with GraphQL
		Using GraphQL Introspection
	Deciphering the GraphQL Reference
		Main Sections of the GraphQL Reference
		The Query Type Section
		The Scaler Types Section
		The Object Types Section
		The Enumeration Types Section
		The Connections Section
			Pagination Arguments
			Connection Fields
			Connection Types
		The Mutation Type Section
		The Input Types Section
		The Abstract Types Section
			Union Abstract Types
			Interface Abstract Types
	Summary
Chapter 12: Well, Isn’t That Special
	Generating Web Pages
		Exploring Project Templates for GitLab Pages
		Creating a Project from a Template
		Overview of Files Generated by the Template
			Contents of the Generated index.html File
			Contents of the Generated style.css File
			Contents of the Generated .gitlab-ci.yml File
		Running the GitLab Pages Pipeline
		Accessing the Generated Web Page
		Exploring the “Other Examples” Page
		Previewing Example Websites Generated by GitLab Pages
		Enabling Access to the Generate GitLab Page
		Creating GitLab Pages Without Templates
		Caveat to Using GitLab Pages
		Using Alternative URLs for GitLab Pages
	Handling Binary Files
		The Problem of Storing Versioned Binary Files in Git
		The Git LFS Feature
		Prerequisites to Git LFS
		Marking Files to Be Managed by Git LFS
		Migrating Existing Files to Use Git LFS
		Cases When Git LFS Should Not Be Used
	Summary
Chapter 13: I Can Do This on My Own
	Deciding on a Plan of Implementation
		On-Premises vs. Cloud Considerations
		Administrative Considerations
		Architecture Considerations
		High-Availability Considerations
		Disaster Recovery Considerations
		Cost Considerations
		GitLab Support Considerations
		Alternative Service Considerations
	Instantiating the AWS Account
		Creating an AWS Account
		Creating an Admin User Group with IAM
		Creating an Admin User for Yourself
		Setting Up Multifactor Authentication
	Preparing the VPC Network
		Determining the AWS Region for the GitLab POC
		Creating a Private VPC
		Setting the Number of Availability Zones
		Setting Up Public and Private Subnets
		Setting Up the NAT Gateway
		Reviewing How the VPC Will Be Created
		Reviewing the Components of the VPC
	Creating the SSH Key Pair
		Creating SSH Key Pairs in AWS
	Establishing the Domain Name
		Registering a Domain Through AWS
	Generating the TLS Certificate
		Requesting a TLS Certificate Through AWS
		Associating Your Domain with the Certificate
		Validating Domain Ownership
		Waiting for the Certificate to Be Approved
	Preparing the IAM Role
		Creating an IAM Policy
			Entering a JSON Policy with the Policy Editor
			Setting the Policy Name and Description
		Creating the IAM Role
			Defining the Trusted Entity for the Role
			Setting the Role Permissions
			Setting the Role Name and Description
	Building the ELB
		Creating a Classic Load Balancer
		Setting the ELB Name and Scheme
		Setting the ELB Network Mappings
		Creating the ELB Security Group
			Setting the Security Group Name, Description, and VPC
			Setting Up the Security Group Inbound Rules
			Associating the New Security Group to the ELB
		Setting Up ELB Listeners
		Associating the TLS Certificate with the ELB
		Setting Up the ELB Health Check
		Setting ELB Special Attributes
		Spinning Up the ELB
	Connecting Your Domain
		Creating a Hosted Zone Record
			Setting the Routing Policy
			Configuring Records for Simple Routing Policy
			Creating an “A” Record for Routing DNS Traffic to Our Domain
			Specifying the ELB Endpoint
			Disabling the ELB Target Health Option
		Verifying Domain Connectivity to the ELB
	Summary
Chapter 14: Things That Lurk in the Background
	Raising the RDS
		Creating the RDS Security Group
		Accessing RDS
		Creating the DB Subnet Group
		Creating the PostgreSQL Database with RDS
			Selecting How to Create the Database
			Selecting the Type of Database to Be Created
			Determining the Database Version to Use
			Selecting the Database Template
			Determining Whether to Use a Multi-AZ or Single DB Instance
			Setting the Database Identifier and Credentials
			Selecting the Instance Type for Database Server Instances
			Configuring Database Storage
			Configuring Connectivity Options
			Setting the DB Subnet Group and Disabling Public Access
			Setting Security Options
			Setting Database Authentication Option
			Overview of Monitoring Options
			Setting the Database Name and DB Parameter Group
			Overview of Backup Options
			Configuring Maintenance Options
		Reviewing Database Costs
		Stopping the Database Temporarily
	Setting Up the ElastiCache
		Creating the Redis Security Group
		Accessing ElastiCache
		Creating the Redis Subnet Group
		Creating the Redis Cluster
			Selecting How to Create the Redis Cluster
			Disabling Cluster Node
			Setting the Redis Name, Description, and Location
			Configuring Various Cluster Settings
			Configuring Redis Connectivity and Subnets
			Selecting Location of Primary and Replica Servers
			Configuring Security Options
			Configuring Backup and Maintenance Options
		Starting the Redis Service
	Preparing the Bastion Hosts
		Launching the Bastion Servers
			Setting the Server Name and OS
			Setting the Instance Type and SSH Key Pair
			Configuring Network Settings
			Creating the Security Group
			Configuring Bastion Storage and Launching the Instance
		Testing Connectivity to the Bastion Server
		Creating the Second Bastion Server
		Viewing the Bastion Instances
		Configuring SSH Forwarding
			Using PuTTY for SSH Forwarding
			Importing Your OpenSSH Key into Putty
			Generating the Putty Private Key
			Creating the Putty Session Configuration
			Enabling SSH Forwarding for the Putty Session Configuration
			Setting the Host IP in Putty
			Testing Connectivity to the Bastion Host with Putty
			Adding the Putty SSH Key to the Pageant Service
			How SSH Forwarding Enables Accessing Private Servers from the Bastion Server
			Setting Up Pageant to Run When Your Computer Starts Up
	Summary
Chapter 15: The Proof Is in the Cloud
	Spinning Up a Standalone GitLab Service
		Introduction to AMIs
		Searching for the Official GitLab AMI
		Creating a GitLab Instance from an Image
		Accessing the GitLab Instance via SSH
		Adding PostgreSQL Extensions
		Disabling Let’s Encrypt
		Setting the External URL
		Disabling the Internal PostgreSQL Database
		Configuring the External PostgreSQL Database
		Disabling the Internal Redis Database
		Configuring the External Redis Database
		Applying Configuration Changes
		Checking the Status of GitLab Services
		Investigating Nginx Service Failure
		Connecting the GitLab Server to the ELB
		More Investigation into nginx Server Failure
		Configuring the nginx Reverse Proxy
		Investigating ELB Out of Service Failure
		Learning Through Debugging
		Logging In to Your GitLab Standalone Service
	Splitting Off the Gitaly Service
		The Reason for Splitting Off the Gitaly Service
		Locating the Generated GitLab Secrets File
		Creating the Gitaly Security Group
		Spinning Up the Gitaly Server
		Installing the GitLab Package on the Gitaly Server
		Copying the GitLab Secrets File to the Gitaly Server
		Configuring the Standalone Gitaly Service
		Configuring Gitaly Storage
		Spinning Up the Standalone Gitaly Service
		Running the Gitaly Check Command
		Checking Gitaly Connectivity from the GitLab Server
		Configuring GitLab to Use the New Standalone Gitaly Service
		Verifying GitLab Is Using the New Gitaly Service
		Disabling the Internal Gitaly Service
		Changing Storage Allocations Through the Administrative UI
			Viewing Gitaly Server Status
			Locating Repository Storage Settings
			Changing Storage Weights for New Repositories
			A Note About Gitaly Storage Weights
	Configuring Server-Side SSH
		A Description of SSH Server Host Keys
		The Need for Consistent Host Keys Across Multiple GitLab Servers
		Bad Approaches to Man-in-the-Middle Messages
		The SSH-Approved Approach Using Host Certificates
		GitLab’s Approach Using Static Host Keys
		Enabling Fast Lookup of Authorized SSH Keys
	Enabling S3 Object Storage
		A Possible Storage Approach Using NFS
		Another Approach Using S3 Object Storage
		Creating the KMS Encryption Key
			Specifying Who Can View and Make Changes to the KMS Key
			Specifying Who Can Use the KMS Key
			Reviewing and Creating the KMS Key
		Creating the S3 Buckets
			Setting General Configuration Options
			Configuring Object Ownership Settings
			Disabling Bucket Versioning
			Setting Encryption Options
			Creating the Object Store Buckets
		Setting the Server IAM Role to Allow Access to the S3 Object Store
		Verifying the IAM Role Is Attached to the Standalone GitLab Server
		Configuring GitLab to Use the S3 Object Storage
	Scaling the GitLab Service
		Creating Our Own GitLab Server AMI
		Testing the ELB Health Check
		Determining the Readiness Check Access Token
		Resetting the ELB Health Check to Use Readiness Check with Access Token
		Creating the Launch Template
			Accessing the Launch Template Service
			Setting the Launch AMI
			Setting the Instance Type and Key Pair
			Configuring the Network Settings
			Configuring the Storage Settings
			Setting the IAM Instance Profile
			Creating and Verifying the Launch Template
		Creating the Auto-Scaling Group
			Specifying the ASG Name and Launch Template
			Selecting the Instance Launch Options
			Connecting the ASG to the ELB
			Setting the ASG Health Check Options
			Setting Minimum, Maximum, and Desired Capacity Requirements
			Setting Scaling Policies
			Disabling Instance Scale-In Protection
			Adding Notification Options
			Reviewing ASG Settings and Creating the ASG
		Viewing EC2 List of Instances Created by the ASG
		Viewing ELB List of Instances Created by the ASG
		Testing SSH Connectivity to the Newly Spun-Up Servers
		Checking GitLab Service via the UI
		Stopping the Standalone GitLab Server
		Tagging the ASG Instances
		Reviewing the Behind-the-Scenes Scaling Rules
	Summary
Chapter 16: Working the Never-Ending Queue
	Managing Shared Runners
		The Do-Nothing Approach
		Managing a Farm of GitLab Runners
		Managing Auto-Scaling GitLab Runners
	Setting Up Auto-Scaling Shared Runners in AWS
		Preliminary AWS Setup
			Creating the Security Group for Spun-Up Runners
			Creating IAM Policies for the Runner Manager
			Updating the S3 Policy
			Creating the IAM Role for the Runner Manager
			Setting Up the S3 Cache Bucket
			Creating an SSH Key Pair Specific to Runners
		Creating the Runner Manager Server
			Installing the GitLab Runner Software on the Runner Manager
			Installing Docker Engine on the Runner Manager
			Installing the docker-manager Package on the Runner Manager
		Spinning Up a Test Runner with docker-machine
			Creating and Running a Test Script for docker-machine
			Debugging Failures of the Test Script
			Verifying the Test Runner Server Is Running
			Terminating the Test Runner Server with docker-machine
			Logging In to the Runner Server via SSH
		Creating an Instance Runner Entry from the Administrative GUI
			Registering the Runner Manager
			Setting GitLab Runner Tags
			Preventing the Runner Manager from Taking Jobs
			Retrieving the Runner Authentication Token
			Reviewing the Instance Runner Entry from the Administrative UI
		Creating the register-me Script on the Runner Manager
		Results of Running the register-me Script
		Creating the config.toml File
			An Overview of the config.toml File
			The Global Options Section
			The Runners Section
			Subsections of the Runners Section
			The runners.docker Subsection
			The runners.cache Subsection
			The runners.machine Subsection
			The runners.machine.autoscaling Subsections
			Other Configuration Options
		Applying the New Gitlab-Runner Configuration
		Checking the Gitlab-Runner Status
		Viewing Spun-Up Runner EC2 Instances
		Peeking Inside the Spun-Up Runner
		Viewing Runner Instance List from the Administrative UI
		Testing Running Jobs with Our Shared Runner Service
			Creating a Test Project
			Viewing Runner Details from the Administrative UI
			Showing Status of docker-machine After a Job Run
		Verifying the S3 Object Cache
			Checking Out the S3 Cache Bucket
			Viewing Cache Details in the Deploy Log
			Checking Out the S3 Artifacts Bucket
		Checking Docker State in the Spun-Up Runner Server
	Summary
Chapter 17: But Wait, There’s More
	Establishing Email Connectivity
		Setting Up SMTP with Amazon’s Simple Email Service
			Creating an Identity with SES
			Verifying Your Domain Identity
			Reviewing the SES Dashboard
			Creating SMTP Credentials
		Configuring SMTP Settings in GitLab
		Testing GitLab Email Settings Programmatically
		Changing the Admin User Email Address
		Setting Up Email Routing with AWS
			Creating a Hosted Zone for Receiving Emails
			Setting the Routing Policy
			Defining a Simple Record for Incoming Emails
		Configuring SES to Handle Email Requests
			Creating an Email Rule Set
			Defining the Rule Settings
			Adding a Recipient Condition
			Adding an Action to Forward to the SNS Service
			Creating the SNS Topic
			Creating an SNS Subscription
		Activating the SES Rule
		Alternatives to Using SNS with SES
	Enabling Secondary Services
		Overview of Secondary Services
		Enabling the External Diffs Service
		Enabling the ci_secure_files Service
		Enabling the Container Registry Service
			Updating the GitLab Configuration File for the Registry Service
			Updating the ELB Security Group
			Updating the ELB Listener Settings
			Verifying Container Registry Is Enabled
		Enabling the GitLab Pages Service
			Defining the Pages Domain
			Creating the TLS Certificate for the Pages Domain
			Creating the ELB for the Pages Service
			Creating the DNS Record for the Pages Service
			Updating the GitLab Configuration for the Pages Service
			Verifying Pages Service Is Running
			Creating a New AMI with Services Enabled
		Scaling Considerations for the Pages Service
	Summary
Chapter 18: It’s an Admin’s Life
	Dealing with Users
		Managing Users via the Administrative UI
		Adding a New User
		Resetting a User’s Password
		Configuring Site-Wide Settings for Users
		Configuring Sign-Up Restrictions
		Setting Sign-In Restrictions
		Integrating with External Authentication Services
		Integrating with LDAP/Active Directory Authentication Service
		Additional LDAP Options Available for Licensed Sites
		Impact of Authentication Service on License Costs
		Blocking Users
		Banning Users
		Deactivating Users
		Status of GitLab Users When Removed or Disabled from Authentication Service
		Deleting Users
		Importance of Establishing User Management Policies
	Updating GitLab’s Configuration
		Restarting the Standalone GitLab Server
		Adding the Standalone GitLab Server to the ELB
		Optionally Spinning Down Existing ASG Servers
		Updating the GitLab Configuration File and Creating a New AMI
		Updating the Launch Template with the New AMI
		Spinning Up New ASG Servers
		Detaching and Shutting Down the GitLab Standalone Server
		Using the Instance Refresh Feature to Replace ASG Servers
	Upgrading to a New Release
		Overview of the Release Upgrade Process
		The Need for Doing a GitLab Service Shutdown
		Broadcasting System-Wide Messages
		Pausing Shared Runners Under Your Control
		Special Maintenance Mode for Licensed Sites
		Spinning Down ASG Servers
		Spinning Up the Standalone GitLab Server
		Creating Backups of the Standalone Servers
		Backing Up the RDS Database
		Upgrading Gitaly Server to New Release
			Syncing with Latest apt Package Versions
			Upgrading Non-GitLab Packages
			Removing the Hold on the GitLab Package
			Impact of Potential Upgrade Stops
			Upgrading to a Specific Version of the GitLab Package
			Rebooting the Gitaly Server
			Checking the Gitaly Service
		Upgrading the Standalone GitLab Server
		Upgrading the GitLab Runner Manager
		Completing the Release Upgrade Process
	Summary
Chapter 19: Lights, Camera, Action!
	Planning Your Production Setup
		Considering Monthly Production Costs
			Inflationary Cloud Provider Costs
			License Costs Related to High-Availability and Disaster Recovery Solutions
			Comparing Self-Managed Costs to Using SaaS
			GitLab User Audits
			Other Operational Costs
		Additional Needs of a Production-Level Self-Managed Service
		High-Availability Needs
			GitLab Runner High-Availability Needs
			Gitaly Service High-Availability Needs
		Disaster Recovery Needs
			Issues with Restoring Service from Backups
			Dealing with Regional Failures
			Introducing GitLab Geo
		Release Upgrade Complications
		Reasons for a Staging Service
		Monitoring Needs
	Creating Your Production Setup
		Deciding Where the Primary Service Should Reside
		Considering AWS Direct Connect
		Establishing a Naming Convention for Your GitLab Services
		Preparing Production-Level VPC Environments
		Establishing AWS Component Naming Conventions
		Preparing TLS Certificates
		Defining Service-Specific AWS Key Pairs
		Creating Independent IAM Roles and Policies per Service and Region
		Database Production-Level Requirements
		Bastion Server Considerations
		Creating a Provisioning Server
		Gitaly Cluster Considerations
		GitLab Application Server Considerations
		Preparing for Automated Configuration File Changes
		Instance-Level Shared Runner Considerations
		Planning for the Gitaly Cluster
	Switching to Gitaly Clusters
		The Gitaly Sharding Option
		The Gitaly Cluster Option
			The Concept Behind the Gitaly Cluster
			The Need for a Gitaly Cluster Database
			The Need for Multiple Gitaly Monitoring Servers
			Deciding Which Monitoring Servers Synchronize a Git Repository Change
			Introducing Praefect
			The Praefect Load Balancer
		The Case for Moving to a Licensed Version of GitLab
		Establishing a Gitaly Cluster in AWS
			Gitaly Cluster VPC and Availability Zone Assumptions
			Defining Gitaly Security Groups
			Creating the Praefect Tracking Database
			The Undocumented Chicken-and-Egg Scenario
			Using the Provisioning Server to Configure the Praefect Tracking Database
			The Case for NOT Using PgBouncer
			Creating an Initial Praefect Server and Three Gitaly Servers
			An Overview of the Gitaly Cluster Configuration Process
			Configuring the Initial Praefect Instance
			Testing Connectivity Between the Initial Praefect Server and the Tracking Database
			Creating the Praefect Server AMI and Remaining Praefect Servers
			Prepping the Gitaly Servers
			Configuring the Gitaly Servers
			Creating the Praefect Load Balancer
			Updating the GitLab Configuration to Use the New Cluster
			Testing the GitLab Configuration Changes
			Completing the GitLab ASG and ELB Configuration
		Optionally Migrating Existing Git Repositories to the Gitaly Cluster
		Reviewing the Gitaly Troubleshooting Guide
	Preparing for Disaster
		AWS Disaster Recovery Considerations
		Mirroring Services with GitLab Geo
		High-Level Steps to Setting Up GitLab Geo
		Considerations When Using GitLab Geo to Perform All Replications
		Using RDS and Redis Cross-Region Read Replication
		Using S3 Cross-Region Replication
		Synchronizing Git Repository Changes via the Geo Tracking Database
		Complications with Disaster Recovery When Using AWS Replication
		Establishing a Disaster Recovery Plan
	Automating Upgrades
		The Concept of Zero-Downtime Upgrades
		Order of Upgrading Components
		Tools to Automate the Upgrade Process
		Choosing a Source Control Management Solution for Automating Upgrades
		An Example of Automating GitLab AMI Creation
		Resource Management Tools
			Using the AWS Command Line Interface
			Using the AWS Software Development Kit
			Using AWS CloudFormation
			Using Third-Party Resource Management Tools
			The Short-Term Resource Management Problem
			A Brief Overview of Ansible
		Configuration Management Tools
			Using AWS User Data
			Using Puppet, Chef, or Ansible
			How Configuration Management Tools Install and Configure Software
			A Word About Packer
		Automating Upgrades to the Gitaly Cluster
		Automating Upgrades to Shared Runner Managers
		Orchestrating the Upgrade Process
		Creating a Docker Image to Support the Automation Process
		Testing the Automation Process
	Summary
Index