gitlab-org/gitlab-environment-toolkit 3.9.0

on GitLab

[!important]

The GitLab Environment Toolkit is a collection of opinionated Terraform and Ansible scripts to assist with the deployment of a self managed GitLab environment. It's recommended that users review the Before You Start section before use. Users should have a good working knowledge of Infrastructure management, Terraform, Ansible and GitLab administration as well as be aware that ultimately self managed environments are the responsibility of the user. As such, it's strongly recommended that you independently review the Toolkit in full to ensure it meets your requirements, especially around security or data integrity.

If upgrading, it's always recommended to review the release notes in full as well as the relevant documentation and to upgrade the Toolkit first before the environment.

[[TOC]]

New Key Features

RHEL 10 and Debian 13 Support

• Merge Request(s): !1749 !1735
  
• Documentation (https://gitlab.com/gitlab-org/gitlab-environment-toolkit/-/blob/3.9.0/README.md#requirements)
  

Support for RHEL 10 and Debian 13 operating systems has been added!

ARM Docker images

• Merge Request(s): !1728 !1740 !1750
  

ARM Docker images are now available!

Ansible 13 Support

• Merge Request(s): !1742
  
• Documentation (https://gitlab.com/gitlab-org/gitlab-environment-toolkit/-/blob/3.9.0/docs/environment_configure.md#target-node-operating-system-support)
  

Ansible 13 support has been added! Note this version requires Python 3.12+ on the control node and Python 3.9+ on target nodes, see the section in Upgrade Notes for more information.

Further Updates and Improvements

• Improved Zero Downtime Upgrade handling by gracefully draining Rails nodes via NGinx. !1769 !1782 (thanks @niskhakova!)
  
• Added the option to configure the Container Registry Metadata Database in Linux package single node environments. !1732 (thanks @nwestbury!)
  
• Added the ability to set owner and group for Custom Files. !1764 (thanks @rndmh3ro!)
  
• Added option to disable all Name tags on AWS deployments to allow manual handling. !1736 (thanks @shenson!)
  
• Added option to configure EKS Cluster Autoscaler namespace. !1777 !1783 (thanks @jedge1!)
  
• Improved secrets handling for Gitaly nodes. !1734
  
• Improved handling for Charts Toolbox detection in various scenarios. !1751 !1756 !1762 !1779 (thanks @troblot, @nwestbury, @dat.tang.gitlab!)
  
• Added better handling for Cloud Native Pages setups where external SSL termination is configured. !1775 (thanks @niskhakova!)
  
• Updated Prometheus scrape config for PgBouncer in Linux Package installs as this is now configured by default. !1784
  
• Fixed Sidekiq config for Pages. !1753 (thanks @janis!)
  
• Fixed issue where Data Disk setup didn't run for some nodes. !1767 (thanks @shenson!)
  
• Fixed an issue related to EE License handling for GitLab CE installs. !1776
  
• Ensured HAProxy picks up new Let's Encrypt generated certificates after a hostname change. !1768
  
• Added new Static config example for Geo deployments. !1760 (thanks @rndmh3ro!)
  
• Updated dependency versions (cert-manager, kube-prometheus-stack, Consul, Node Exporter, OpenSearch). !1780 (thanks @niskhakova!)
  
• Several improvements and fixes have been made for Geo deployments. !1737 !1739 !1748 !1755 !1757
  
• Various other small updates, improvements, and fixes.
  

Upgrade Notes

Ansible 13

In this release, Ansible 13 support has been added and is now the default. Note that this version contains several changes including Python version requirements (https://docs.ansible.com/ansible/latest/porting_guides/porting_guide_core_2.20.html). This includes a new requirement of Python 3.12+ on the control node and Python 3.9+ on target hosts, which doesn't impact any currently supported host targets but does impact the previously deprecated target of Ubuntu 20.04. See the Target Node Operating System Support documentation for full details.

Additionally, Ansible's CLI output configuration format changed in this release. The Toolkit has been updated to maintain compatibility. Note that the new yaml output indentation parameter was only added in Ansible 13 (2.20), so users on older Ansible versions will see 4-space indentation (Ansible's default) instead of the Toolkit's configured 2 spaces.

Target Node Operating System Support guidance

Expanded guidance has been added to the documentation clarifying the Toolkit's operating system support policy. Support depends on both GitLab's Linux Package (Omnibus) and Ansible compatibility. When Ansible drops OS support (typically due to Python requirements), Toolkit support is affected accordingly.

Several operating systems are now deprecated (Ubuntu 20.04, RHEL 8, Amazon Linux 2) and require older Ansible versions with best-effort support only. Users should plan migrations to currently supported systems. See the Target Node Operating System Support documentation for full details.

Expected Terraform Changes

• AWS
  
  • The gitlab_node_name tag has been added to all EC2 nodes for Ansible Dynamic Inventory usage instead of the Name tag. The Name tag can now be disabled or set separately for custom naming schemes.
    

Feedback

Got any feedback or found an issue? Please feel free to create an issue on our tracker (https://gitlab.com/gitlab-org/gitlab-environment-toolkit/-/issues).