doc/administration/sidekiq/_index.md
{{< details >}}
{{< /details >}}
You can configure an external Sidekiq instance by using the Sidekiq that's bundled in the GitLab package. Sidekiq requires connection to the Redis, PostgreSQL, and Gitaly instances.
By default, GitLab uses UNIX sockets and is not set up to communicate via TCP. To change this:
Configure packaged PostgreSQL server to listen on TCP/IP adding the Sidekiq server IP addresses to postgresql['md5_auth_cidr_addresses']
Edit the /etc/gitlab/gitlab.rb file on your GitLab instance, and add the following:
## Gitaly
gitaly['configuration'] = {
# ...
#
# Make Gitaly accept connections on all network interfaces
listen_addr: '0.0.0.0:8075',
auth: {
## Set up the Gitaly token as a form of authentication because you are accessing Gitaly over the network
## https://docs.gitlab.com/administration/gitaly/configure_gitaly/#about-the-gitaly-token
token: 'abc123secret',
},
}
gitlab_rails['gitaly_token'] = 'abc123secret'
# Password to Authenticate Redis
gitlab_rails['redis_password'] = 'redis-password-goes-here'
Run reconfigure:
sudo gitlab-ctl reconfigure
Restart the PostgreSQL server:
sudo gitlab-ctl restart postgresql
Find your reference architecture and follow the Sidekiq instance setup details.
If you run multiple Sidekiq nodes with a shared file storage, such as NFS, you must specify the UIDs and GIDs to ensure they match between servers. Specifying the UIDs and GIDs prevents permissions issues in the file system. This advice is similar to the advice for Geo setups.
To set up multiple Sidekiq nodes:
Edit /etc/gitlab/gitlab.rb:
user['uid'] = 9000
user['gid'] = 9000
web_server['uid'] = 9001
web_server['gid'] = 9001
registry['uid'] = 9002
registry['gid'] = 9002
Reconfigure GitLab:
sudo gitlab-ctl reconfigure
If you're using the container registry and it's running on a different node than Sidekiq, follow the steps below.
Edit /etc/gitlab/gitlab.rb, and configure the registry URL:
gitlab_rails['registry_api_url'] = "https://registry.example.com"
Reconfigure GitLab:
sudo gitlab-ctl reconfigure
In the instance where container registry is hosted, copy the registry.key
file to the Sidekiq node.
If you want to collect Sidekiq metrics, enable the Sidekiq metrics server.
To make metrics available from localhost:8082/metrics:
To configure the metrics server:
Edit /etc/gitlab/gitlab.rb:
sidekiq['metrics_enabled'] = true
sidekiq['listen_address'] = "localhost"
sidekiq['listen_port'] = 8082
# Optionally log all the metrics server logs to log/sidekiq_exporter.log
sidekiq['exporter_log_enabled'] = true
Reconfigure GitLab:
sudo gitlab-ctl reconfigure
{{< history >}}
{{< /history >}}
To serve metrics via HTTPS instead of HTTP, enable TLS in the exporter settings:
Edit /etc/gitlab/gitlab.rb to add (or find and uncomment) the following lines:
sidekiq['exporter_tls_enabled'] = true
sidekiq['exporter_tls_cert_path'] = "/path/to/certificate.pem"
sidekiq['exporter_tls_key_path'] = "/path/to/private-key.pem"
Save the file and reconfigure GitLab for the changes to take effect.
When TLS is enabled, the same port and address are used as described previously.
The metrics server cannot serve both HTTP and HTTPS at the same time.
If you use health check probes to observe Sidekiq, enable the Sidekiq health check server.
To make health checks available from localhost:8092:
Edit /etc/gitlab/gitlab.rb:
sidekiq['health_checks_enabled'] = true
sidekiq['health_checks_listen_address'] = "localhost"
sidekiq['health_checks_listen_port'] = 8092
Reconfigure GitLab:
sudo gitlab-ctl reconfigure
For more information about health checks, see the Sidekiq health check page.
If you use LDAP for user and group management, you must add the LDAP configuration to your Sidekiq node as well as the LDAP synchronization worker. If the LDAP configuration and LDAP synchronization worker are not applied to your Sidekiq node, users and groups are not automatically synchronized.
For more information about configuring LDAP for GitLab, see:
To enable LDAP with the synchronization worker for Sidekiq:
Edit /etc/gitlab/gitlab.rb:
gitlab_rails['ldap_enabled'] = true
gitlab_rails['prevent_ldap_sign_in'] = false
gitlab_rails['ldap_servers'] = {
'main' => {
'label' => 'LDAP',
'host' => 'ldap.mydomain.com',
'port' => 389,
'uid' => 'sAMAccountName',
'encryption' => 'simple_tls',
'verify_certificates' => true,
'bind_dn' => '_the_full_dn_of_the_user_you_will_bind_with',
'password' => '_the_password_of_the_bind_user',
'tls_options' => {
'ca_file' => '',
'ssl_version' => '',
'ciphers' => '',
'cert' => '',
'key' => ''
},
'timeout' => 10,
'active_directory' => true,
'allow_username_or_email_login' => false,
'block_auto_created_users' => false,
'base' => 'dc=example,dc=com',
'user_filter' => '',
'attributes' => {
'username' => ['uid', 'userid', 'sAMAccountName'],
'email' => ['mail', 'email', 'userPrincipalName'],
'name' => 'cn',
'first_name' => 'givenName',
'last_name' => 'sn'
},
'lowercase_usernames' => false,
# Enterprise Edition only
# https://docs.gitlab.com/administration/auth/ldap/ldap_synchronization/
'group_base' => '',
'admin_group' => '',
'external_groups' => [],
'sync_ssh_keys' => false
}
}
gitlab_rails['ldap_sync_worker_cron'] = "0 */12 * * *"
Reconfigure GitLab:
sudo gitlab-ctl reconfigure
If you use SAML Group Sync, you must configure SAML Groups on all your Sidekiq nodes.