opendev/system-config
Code Issues Proposed changes
system-config/playbooks/roles/gitea/templates/app.ini.j2
Clark Boylan 67662bb735 Run gitea with memcached cache adapter 
By default gitea caches everything in memory using a Go hashmap. There
is suspicion that the now many persistent AI web crawlers cause this
hashmap to grow in ways that eventually cause the Go GC system to pause
the world in noticeable ways when loading pages. Restarting the gitea
services seems to temporarily reset things (as it should with an in
memory map) until we cross some threshold and things become slow again.

The good news is that gitea supports several backends (called adapters)
for the cache. We elect to use memcached because it is relatively
simple and has a FOSS license (unlike redis). The other alternative we
could consider is twoqueue which also caches within memory in the Go
runtime but allows for setting a size limit. I've gone with memcached
because it doesn't rely on Golang GC, but twoqueue is likely simpler if
we want to start there.

Note we also bump the job timeout to 5400 seconds (90 minutes) from 4800
seconds (80 minutes) because a run on ovh-gra1 timed out while running
testinfra test cases (the very end of the job). It is possible that
using memcache is slightly slower than using in process memory caching,
but the goal here isn't to make things faster it is to make things more
consistent over time. As long as memcached performance is within the
same ballpark and doesn't degrade over time this is acceptable.

Change-Id: Ie9ca246a8321fe84d9a1582e35cd4c5459b48bee
2025-02-28 10:49:27 -08:00

146 lines
3.7 KiB
Django/Jinja
Raw Blame History

APP_NAME = OpenDev: Free Software Needs Free Tools
RUN_MODE = prod
RUN_USER = git
; TODO determine if this is appropriate for our existing installation
WORK_PATH = /data/gitea
[server]
APP_DATA_PATH = /data/gitea
SSH_DOMAIN = localhost
PROTOCOL = https
HTTP_PORT = 3000
ROOT_URL = https://opendev.org/
DISABLE_SSH = false
SSH_PORT = 22
DOMAIN = localhost
LFS_START_SERVER = true
LFS_JWT_SECRET = {{ gitea_lfs_jwt_secret }}
OFFLINE_MODE = false
CERT_FILE = /certs/cert.pem
KEY_FILE = /certs/key.pem
REDIRECT_OTHER_PORT = true
PORT_TO_REDIRECT = 3080
[database]
DB_TYPE = mysql
HOST = localhost:3306
NAME = gitea
USER = {{ gitea_db_username }}
PASSWD = {{ gitea_db_password }}
SSL_MODE = disable
LOG_SQL = false
[cache]
ADAPTER = memcache
HOST = 127.0.0.1:11211
[repository]
ROOT = /data/git/repositories
DISABLED_REPO_UNITS = repo.issues,repo.pulls,repo.wiki,repo.projects,repo.actions
DISABLE_STARS = true
DISABLE_MIGRATIONS = true
[git]
; Implemented in 1.16 but broke older git clients. Now expected to work
; but we keep explicit config in place should it need to be toggled back
; to true again.
DISABLE_PARTIAL_CLONE = false
[federation]
ENABLED = false
[packages]
ENABLED = false
[indexer]
ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve
REPO_INDEXER_ENABLED = true
STARTUP_TIMEOUT = 300s
[session]
PROVIDER_CONFIG = /data/gitea/sessions
PROVIDER = file
[picture]
AVATAR_UPLOAD_PATH = /data/gitea/avatars
DISABLE_GRAVATAR = true
[attachment]
PATH = /data/gitea/attachments
[log]
ROOT_PATH = /logs
LEVEL = Info
STACKTRACE_LEVEL = Error
logger.access.MODE = file
{% raw -%}
ACCESS_LOG_TEMPLATE = {{.Ctx.RemoteAddr}} - {{.Identity}} {{.Start.Format "[02/Jan/2006:15:04:05 -0700]" }} "{{.Ctx.Req.Method}} {{.Ctx.Req.URL.RequestURI}} {{.Ctx.Req.Proto}}" {{.ResponseWriter.Status}} {{.ResponseWriter.Size}} "{{.Ctx.Req.Referer}}" "{{.Ctx.Req.UserAgent}}"
{% endraw %}
[security]
INSTALL_LOCK = true
SECRET_KEY = {{ gitea_secret_key }}
INTERNAL_TOKEN = {{ gitea_internal_token }}
PASSWORD_COMPLEXITY = lower,upper,digit
[service]
DISABLE_REGISTRATION = true
SHOW_REGISTRATION_BUTTON = false
REQUIRE_SIGNIN_VIEW = false
REGISTER_EMAIL_CONFIRM = false
ENABLE_NOTIFY_MAIL = false
ALLOW_ONLY_EXTERNAL_REGISTRATION = false
ENABLE_CAPTCHA = false
DEFAULT_KEEP_EMAIL_PRIVATE = false
DEFAULT_ALLOW_CREATE_ORGANIZATION = true
ENABLE_TIMETRACKING = false
DEFAULT_ENABLE_TIMETRACKING = false
NO_REPLY_ADDRESS = noreply.example.org
[mailer]
ENABLED = false
[oauth2]
ENABLED = false
; TODO we don't do oauth2 do we need to set this value?
JWT_SECRET = {{ gitea_oauth2_jwt_secret }}
; TODO we don't do oauth2 do we need to set this value?
JWT_SIGNING_PRIVATE_KEY_FILE = /data/gitea/jwt/private.pem
[openid]
ENABLE_OPENID_SIGNIN = false
ENABLE_OPENID_SIGNUP = false
[markup.pandoc]
ENABLED = true
; List of file extensions that should be rendered by an external command
FILE_EXTENSIONS = .rst
; External command to render all matching extensions
RENDER_COMMAND = /usr/bin/pandoc -f rst
; Input is not a standard input but a file
IS_INPUT_FILE = false
[actions]
ENABLED = false
[lfs]
STORAGE_TYPE = local
PATH = /data/git/lfs
; This is an undocumented gitea cron job that will delete all
; repo archives once daily at midnight. Repo archives are
; tarballs/zips/etc of repository state generate for things like
; tags. This helps ensure we don't run out of disk.
[cron.delete_repo_archives]
ENABLED = true
RUN_AT_START = false
NOTICE_ON_SUCCESS = false
; Note we run this several hours after 0000 (midnight) to avoid conflict
; with default cron jobs run by gitea at that time.
SCHEDULE = 0 0 3 * * *
; We don't need gitea phoning out to check versions. We stay on
; top of new releases using github release notifications over email.
[cron.update_checker]
ENABLED = false
View Git Blame Copy Permalink