• 15.11
  • PostgreSQL 13 upgrade
• 15.6
  • PostgreSQL version updates
• 15.0
  • PostgreSQL version updates
  • Automatic restart of PostgreSQL service on version change
  • AES256-GCM-SHA384 SSL cipher no longer allowed by default by NGINX
  • Removing support for Gitaly’s internal socket path
  • PostgreSQL 13.6 support
  • Removed background uploads settings for object storage

GitLab 15 specific changes

15.11

PostgreSQL 13 upgrade

In GitLab 15.11, PostgreSQL will automatically be upgraded to 13.x except for the following cases:

• You are running the database in high availability using Patroni.
• Your database nodes are part of GitLab Geo configuration.
• You have specifically opted out.
• You have postgresql['version'] = 12 in your gitlab.rb

Fault-tolerant and Geo installations support manual upgrades to PostgreSQL 13, see Packaged PostgreSQL deployed in an HA/Geo Cluster.

15.6

PostgreSQL version updates

In GitLab 15.6, the PostgreSQL versions shipped with omnibus-gitlab packages have been upgraded to 12.12 and 13.8. Unless explicitly opted out, this can cause an automatic restart of the PostgreSQL service, and can potentially cause downtime.

15.0

PostgreSQL version updates

In GitLab 15.0, Omnibus GitLab ships with PostgreSQL versions 12.10 for upgrades and 13.6 for fresh installs. Because of underlying structural changes, the running PostgreSQL process must be restarted when it is upgraded before running database migrations. If automatic restart is skipped, you must run the following command before migrations are run:

# If using PostgreSQL
sudo gitlab-ctl restart postgresql

# If using Patroni for Database replication
sudo gitlab-ctl restart patroni

If PostgreSQL is not restarted, you might face errors related to loading libraries.

Automatic restart of PostgreSQL service on version change

Starting with GitLab 15.0, postgresql and geo-postgresql services are automatically restarted when the PostgreSQL version changes. Restarting PostgreSQL services causes downtime due to the temporary unavailability of the database for operations. While this restart is mandatory for proper functioning of the Database services, you might want more control over when the PostgreSQL is restarted. For that purpose, you can choose to skip the automatic restarts as part of gitlab-ctl reconfigure and manually restart the services.

To skip automatic restarts as part of GitLab 15.0 upgrade, perform the following steps before the upgrade:

1. Edit /etc/gitlab/gitlab.rb and add the following line:

   # For PostgreSQL/Patroni
   postgresql['auto_restart_on_version_change'] = false
   
   # For Geo PostgreSQL
   geo_postgresql['auto_restart_on_version_change'] = false
   

2. Reconfigure GitLab:

   sudo gitlab-ctl reconfigure
   

AES256-GCM-SHA384 SSL cipher no longer allowed by default by NGINX

Starting with GitLab 15.0, the AES256-GCM-SHA384 SSL cipher will not be allowed by NGINX by default. If you require this cipher (for example, if you use AWS’s Classic Load Balancer), you can add the cipher back to the allow list by following the steps below:

1. Edit /etc/gitlab/gitlab.rb and add the following line to it:

   nginx['ssl_ciphers'] = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:AES256-GCM-SHA384"
   

2. Run sudo gitlab-ctl reconfigure.

Removing support for Gitaly’s internal socket path

In 14.10, Gitaly introduced a new directory that holds all runtime data Gitaly requires to operate correctly. This new directory replaces the old internal socket directory, and consequentially the usage of gitaly['internal_socket_dir'] was deprecated in favor of gitaly['runtime_dir'].

The old gitaly['internal_socket_dir'] configuration was removed in this release.

PostgreSQL 13.6 support

PostgreSQL 13.6 is being shipped as the default version for fresh installs.

Users can manually upgrade to 13.6 following the upgrade docs.

Removed background uploads settings for object storage

Object storage now preferentially uses direct uploads.

The following keys are no longer supported in gitlab.rb:

• gitlab_rails['artifacts_object_store_direct_upload']
• gitlab_rails['artifacts_object_store_background_upload']
• gitlab_rails['external_diffs_object_store_direct_upload']
• gitlab_rails['external_diffs_object_store_background_upload']
• gitlab_rails['lfs_object_store_direct_upload']
• gitlab_rails['lfs_object_store_background_upload']
• gitlab_rails['uploads_object_store_direct_upload']
• gitlab_rails['uploads_object_store_background_upload']
• gitlab_rails['packages_object_store_direct_upload']
• gitlab_rails['packages_object_store_background_upload']
• gitlab_rails['dependency_proxy_object_store_direct_upload']
• gitlab_rails['dependency_proxy_object_store_background_upload']