rubyconfigurationgitlabgitlab-omnibusruby-hash

How are equal hashes from multiple gitlab.rb files merged?


In a GitLab configuration file (gitlab.rc) an additional config file can be referenced:

from_file "/home/admin/external_gitlab.rb"

The documentation states the following:

Any configuration that is set in /etc/gitlab/gitlab.rb after from_file is included, takes precedence over the configuration from the included file.

Does this imply that a hash with equal names (e.g. gitlab_rails['env']) is overwritten? Or are only the keys overwritten?

Use case

I'd like to make an additional proxy_gitlab.rb, which is referenced from the gitlab.rb with some proxy settings:

gitlab_rails['env'] = {
    "http_proxy" => "http://USERNAME:PASSWORD@example.com:8080",
    "https_proxy" => "http://USERNAME:PASSWORD@example.com:8080"
#    "no_proxy" => ".yourdomain.com"  # Wildcard syntax if you need your internal domain to bypass proxy
}

However, if a gitlab_rails['env'] is defined in the main gitlab.rb, these settings will not be in the final config if the hash from the main gitlab.rb overwrites the hash from the proxy_gitlab.rb. If however the two hashes are combined this solution would work.


Solution

  • The hashes are not merged: the latest loaded hash takes precedence.

    I've tried the following:

    gitlab.rb:

    gitlab_rails['ldap_servers'] = {
      'main' => {
        'label' => 'LDAP',
        'host' =>  'ldap.mydomain.com',
        'port' => 636,
        'uid' => 'sAMAccountName',
        'encryption' => 'simple_tls',
        'base' => 'dc=example,dc=com',
      }
    }
    
    from_file '/etc/gitlab/gitlab-secret.rb'
    

    gitlab-secret.rb:

    gitlab_rails['ldap_servers'] = {
      'main' => {
        'password' => 'secret',
      }
    }
    

    When checking the config with gitlab-ctl show-config, the following result was shown:

    gitlab_rails['ldap_servers'] = {
      'main' => {
        'password' => 'secret',
      }
    }
    

    Note: what I've attempted to do is to separate the config and the secret. This can be done for the LDAP as described in the documentation.