diff options
| -rw-r--r-- | doc/install/installation.md | 15 | ||||
| -rw-r--r-- | doc/raketasks/backup_restore.md | 2 | ||||
| -rw-r--r-- | doc/update/7.12-to-7.13.md | 15 |
3 files changed, 27 insertions, 5 deletions
diff --git a/doc/install/installation.md b/doc/install/installation.md index ba9c9ba..cdd87ae 100644 --- a/doc/install/installation.md +++ b/doc/install/installation.md @@ -118,7 +118,10 @@ We recommend PostgreSQL but you can also use MySQL sudo -u gitlab_ci -H editor config/application.yml # Development #sudo -u gitlab_ci -H cp config/application.yml.example.development config/application.yml - + + # Copy reference secrets + sudo -u gitlab_ci -H cp config/secrets.yml.example config/secrets.yml + # Edit web server settings sudo -u gitlab_ci -H cp config/unicorn.rb.example config/unicorn.rb sudo -u gitlab_ci -H editor config/unicorn.rb @@ -128,6 +131,9 @@ We recommend PostgreSQL but you can also use MySQL sudo chmod -R u+rwX tmp/sockets/ sudo -u gitlab_ci -H mkdir -p tmp/pids/ sudo chmod -R u+rwX tmp/pids/ + + # Change permission of directory where build traces are stored + sudo chmod -R u+rwX builds/ # Make sure GitLab CI can write to the builds/ directory sudo chmod -R u+rwX builds @@ -157,8 +163,13 @@ We recommend PostgreSQL but you can also use MySQL # Setup schedules sudo -u gitlab_ci -H bundle exec whenever -w RAILS_ENV=production +### Secure secrets.yml + +Secrets file stores encryption keys for sessions and secure variables. +Backup `secrets.yml` someplace safe, but don't store them in the same place as your database backups. +Otherwise your secrets are exposed in case one of your backups is compromised. -## 7. Install Init Script +## 8. Install Init Script Copy the init script (will be /etc/init.d/gitlab_ci): diff --git a/doc/raketasks/backup_restore.md b/doc/raketasks/backup_restore.md index accc8bf..eed12c4 100644 --- a/doc/raketasks/backup_restore.md +++ b/doc/raketasks/backup_restore.md @@ -129,7 +129,7 @@ If you have a cookbook installation there should be a copy of your configuration If you have an installation from source: 1. please backup `config/secrets.yml` file that contains key to encrypt variables in database, but don't store it in the same place as your database backups. -Otherwise your users secrets are exposed in case one of your backups is compromised. +Otherwise your secrets are exposed in case one of your backups is compromised. 1. please consider backing up your `application.yml` file, 1. any SSL keys and certificates, 1. and your [SSH host keys](https://superuser.com/questions/532040/copy-ssh-keys-from-one-server-to-another-server/532079#532079). diff --git a/doc/update/7.12-to-7.13.md b/doc/update/7.12-to-7.13.md index e3600eb..046f684 100644 --- a/doc/update/7.12-to-7.13.md +++ b/doc/update/7.12-to-7.13.md @@ -2,7 +2,7 @@ ## Notice -__GitLab CI 7.13 requires GitLab 7.12 or higher and GitLab Multi Runner 0.4.0 or higher +__GitLab CI 7.13 requires GitLab 7.12 or higher and GitLab Multi Runner 0.5.0 or higher ### 1. Stop CI server @@ -25,7 +25,18 @@ git checkout 7-13-stable ### 4. Make sure GitLab CI can write to the builds/ directory ``` -sudo chmod -R u+rwX builds +sudo chmod -R u+rwX builds +``` + +### 4. Copy secrets + +Secrets file is used to store keys to encrypt sessions and encrypt secure variables. +When you run migrations store it someplace safe, +but don't store them in the same place as your database backups. +Otherwise your secrets are exposed in case one of your backups is compromised. + +``` +sudo -u gitlab_ci -H cp config/secrets.yml.example config/secrets.yml ``` ### 5. Install libs, migrations etc |