25 KiB
stage | group | info |
---|---|---|
Verify | Pipeline Insights | To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments |
Jobs artifacts administration (FREE SELF)
This is the administration documentation. To learn how to use job artifacts in your GitLab CI/CD pipeline, see the job artifacts configuration documentation.
An artifact is a list of files and directories attached to a job after it finishes. This feature is enabled by default in all GitLab installations.
Disabling job artifacts
To disable artifacts site-wide:
In Omnibus installations:
-
Edit
/etc/gitlab/gitlab.rb
and add the following line:gitlab_rails['artifacts_enabled'] = false
-
Save the file and reconfigure GitLab for the changes to take effect.
In installations from source:
-
Edit
/home/git/gitlab/config/gitlab.yml
and add or amend the following lines:artifacts: enabled: false
-
Save the file and restart GitLab for the changes to take effect.
Storing job artifacts
GitLab Runner can upload an archive containing the job artifacts to GitLab. By default,
this is done when the job succeeds, but can also be done on failure, or always, with the
artifacts:when
parameter.
Most artifacts are compressed by GitLab Runner before being sent to the coordinator. The exception to this is reports artifacts, which are compressed after uploading.
Using local storage
To change the location where the artifacts are stored locally, follow the steps below.
In Omnibus installations:
The artifacts are stored by default in
/var/opt/gitlab/gitlab-rails/shared/artifacts
.
-
To change the storage path for example to
/mnt/storage/artifacts
, edit/etc/gitlab/gitlab.rb
and add the following line:gitlab_rails['artifacts_path'] = "/mnt/storage/artifacts"
-
Save the file and reconfigure GitLab for the changes to take effect.
In installations from source:
The artifacts are stored by default in
/home/git/gitlab/shared/artifacts
.
-
To change the storage path for example to
/mnt/storage/artifacts
, edit/home/git/gitlab/config/gitlab.yml
and add or amend the following lines:artifacts: enabled: true path: /mnt/storage/artifacts
-
Save the file and restart GitLab for the changes to take effect.
Using object storage
If you don't want to use the local disk where GitLab is installed to store the artifacts, you can use an object storage like AWS S3 instead. This configuration relies on valid AWS credentials to be configured already. Use an object storage option like AWS S3 to store job artifacts.
If you configure GitLab to store artifacts on object storage, you may also want to eliminate local disk usage for job logs. In both cases, job logs are archived and moved to object storage when the job completes.
WARNING: In a multi-server setup you must use one of the options to eliminate local disk usage for job logs, or job logs could be lost.
Read more about using object storage with GitLab.
Object Storage Settings
NOTE: In GitLab 13.2 and later, we recommend using the consolidated object storage settings. This section describes the earlier configuration format.
For source installations the following settings are nested under artifacts:
and then object_store:
. On Omnibus GitLab installs they are prefixed by
artifacts_object_store_
.
Setting | Default | Description |
---|---|---|
enabled |
false |
Enable or disable object storage. |
remote_directory |
The bucket name where Artifacts are stored. Use the name only, do not include the path. | |
direct_upload |
false |
Set to true to enable direct upload of Artifacts without the need of local shared storage. Option may be removed once we decide to support only single storage for all files. |
background_upload |
true |
Set to false to disable automatic upload. Option may be removed once upload is direct to S3. |
proxy_download |
false |
Set to true to enable proxying all files served. Option allows to reduce egress traffic as this allows clients to download directly from remote storage instead of proxying all data. |
connection |
Various connection options described below. |
Connection settings
See the available connection settings for different providers.
In Omnibus installations:
The artifacts are stored by default in
/var/opt/gitlab/gitlab-rails/shared/artifacts
.
-
Edit
/etc/gitlab/gitlab.rb
and add the following lines, substituting the values you want:gitlab_rails['artifacts_enabled'] = true gitlab_rails['artifacts_object_store_enabled'] = true gitlab_rails['artifacts_object_store_remote_directory'] = "artifacts" gitlab_rails['artifacts_object_store_connection'] = { 'provider' => 'AWS', 'region' => 'eu-central-1', 'aws_access_key_id' => 'AWS_ACCESS_KEY_ID', 'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY' }
NOTE: If you're using AWS IAM profiles, omit the AWS access key and secret access key/value pairs. For example:
gitlab_rails['artifacts_object_store_connection'] = { 'provider' => 'AWS', 'region' => 'eu-central-1', 'use_iam_profile' => true }
-
Save the file and reconfigure GitLab for the changes to take effect.
In installations from source:
The artifacts are stored by default in
/home/git/gitlab/shared/artifacts
.
-
Edit
/home/git/gitlab/config/gitlab.yml
and add or amend the following lines:artifacts: enabled: true object_store: enabled: true remote_directory: "artifacts" # The bucket name connection: provider: AWS # Only AWS supported at the moment aws_access_key_id: AWS_ACCESS_KEY_ID aws_secret_access_key: AWS_SECRET_ACCESS_KEY region: eu-central-1
-
Save the file and restart GitLab for the changes to take effect.
OpenStack example
See the available connection settings for OpenStack.
In Omnibus installations:
The uploads are stored by default in
/var/opt/gitlab/gitlab-rails/shared/artifacts
.
-
Edit
/etc/gitlab/gitlab.rb
and add the following lines, substituting the values you want:gitlab_rails['artifacts_enabled'] = true gitlab_rails['artifacts_object_store_enabled'] = true gitlab_rails['artifacts_object_store_remote_directory'] = "artifacts" gitlab_rails['artifacts_object_store_connection'] = { 'provider' => 'OpenStack', 'openstack_username' => 'OS_USERNAME', 'openstack_api_key' => 'OS_PASSWORD', 'openstack_temp_url_key' => 'OS_TEMP_URL_KEY', 'openstack_auth_url' => 'https://auth.cloud.ovh.net', 'openstack_region' => 'GRA', 'openstack_tenant_id' => 'OS_TENANT_ID', }
-
Save the file and reconfigure GitLab for the changes to take effect.
In installations from source:
The uploads are stored by default in
/home/git/gitlab/shared/artifacts
.
-
Edit
/home/git/gitlab/config/gitlab.yml
and add or amend the following lines:uploads: object_store: enabled: true direct_upload: false background_upload: true proxy_download: false remote_directory: "artifacts" connection: provider: OpenStack openstack_username: OS_USERNAME openstack_api_key: OS_PASSWORD openstack_temp_url_key: OS_TEMP_URL_KEY openstack_auth_url: 'https://auth.cloud.ovh.net' openstack_region: GRA openstack_tenant_id: OS_TENANT_ID
-
Save the file and restart GitLab for the changes to take effect.
Migrating to object storage
After configuring the object storage, use the following task to migrate existing job artifacts from the local storage to the remote storage. The processing is done in a background worker and requires no downtime.
In Omnibus installations:
gitlab-rake gitlab:artifacts:migrate
In installations from source:
sudo -u git -H bundle exec rake gitlab:artifacts:migrate RAILS_ENV=production
You can optionally track progress and verify that all job artifacts migrated successfully using the PostgreSQL console:
sudo gitlab-rails dbconsole
for Omnibus GitLab instances.sudo -u git -H psql -d gitlabhq_production
for source-installed instances.
Verify objectstg
below (where store=2
) has count of all job artifacts:
gitlabhq_production=# SELECT count(*) AS total, sum(case when file_store = '1' then 1 else 0 end) AS filesystem, sum(case when file_store = '2' then 1 else 0 end) AS objectstg FROM ci_job_artifacts;
total | filesystem | objectstg
------+------------+-----------
19 | 0 | 19
Verify that there are no files on disk in the artifacts
folder:
sudo find /var/opt/gitlab/gitlab-rails/shared/artifacts -type f | grep -v tmp | wc -l
In some cases, you need to run the orphan artifact file cleanup Rake task to clean up orphaned artifacts.
WARNING:
JUnit test report artifact (junit.xml.gz
) migration
was not supported until GitLab 12.8
by the gitlab:artifacts:migrate
Rake task.
Migrating from object storage to local storage
In Omnibus installations:
To migrate back to local storage:
- Set both
direct_upload
andbackground_upload
tofalse
ingitlab.rb
, under the artifacts object storage settings. - Reconfigure GitLab.
- Run
gitlab-rake gitlab:artifacts:migrate_to_local
. - Disable object_storage for artifacts in
gitlab.rb
:- Set
gitlab_rails['artifacts_object_store_enabled'] = false
. - Comment out all other
artifacts_object_store
settings, including the entireartifacts_object_store_connection
section, including the closing}
.
- Set
- Reconfigure GitLab.
Expiring artifacts
In GitLab 14.6, we improved the performance of removing expired artifacts, introduced with a flag named
ci_destroy_all_expired_service
. Disabled by default.
FLAG:
On self-managed GitLab, by default this feature is not available. To make it available, ask an administrator to
enable the feature flag named ci_destroy_all_expired_service
. The feature is not ready for
production use.
On GitLab.com, this feature is not available.
Removing expired job artifacts on GitLab self-managed instances
In the process of migrating old artifacts for our SaaS customers, we are working to resolve any potential unrecoverable data loss for self-managed customers for artifacts that they may not want deleted yet. Before we can use the more performant way of cleaning up expired artifacts, we need to do some remediation to make sure customers don't lose their data, which is part of our effort in the relevant epic.
Two options are available:
-
If you don't need any artifacts created before 2020-06-23, an Administrator can enable the worker for removing expired CI/CD artifacts:
Feature.enable(:ci_destroy_all_expired_service)
-
If you want to keep any artifacts (including job logs) before 2020-06-23, follow the progress of the migration effort where we work on a resolution to have this flag fully enabled in a future release.
Alternatively, Administrators can also run commands in the Rails console to delete artifacts from completed jobs prior to a specific date.
Usage details
If artifacts:expire_in
is used to set
an expiry for the artifacts, they are marked for deletion right after that date passes.
Otherwise, they expire per the default artifacts expiration setting.
Artifacts are cleaned up by the expire_build_artifacts_worker
cron job which Sidekiq
runs every 7 minutes (*/7 * * * *
).
To change the default schedule on which the artifacts are expired, follow the steps below.
In Omnibus installations:
-
Edit
/etc/gitlab/gitlab.rb
and add the following line (or uncomment it if it already exists and is commented out), substituting your schedule in cron syntax:gitlab_rails['expire_build_artifacts_worker_cron'] = "*/7 * * * *"
-
Save the file and reconfigure GitLab for the changes to take effect.
In installations from source:
-
Edit
/home/git/gitlab/config/gitlab.yml
and add or amend the following lines:expire_build_artifacts_worker: cron: "*/7 * * * *"
-
Save the file and restart GitLab for the changes to take effect.
If the expire
directive is not set explicitly in your pipeline, artifacts expire per the
default artifacts expiration setting, which you can find in the CI/CD Administration settings.
Set the maximum file size of the artifacts
If artifacts are enabled, you can change the maximum file size of the artifacts through the Admin Area settings.
Storage statistics
You can see the total storage used for job artifacts on groups and projects in the administration area, as well as through the groups and projects APIs.
Implementation details
When GitLab receives an artifacts archive, an archive metadata file is also generated by GitLab Workhorse. This metadata file describes all the entries that are located in the artifacts archive itself. The metadata file is in a binary format, with additional Gzip compression.
GitLab doesn't extract the artifacts archive to save space, memory, and disk I/O. It instead inspects the metadata file which contains all the relevant information. This is especially important when there is a lot of artifacts, or an archive is a very large file.
When clicking on a specific file, GitLab Workhorse extracts it from the archive and the download begins. This implementation saves space, memory and disk I/O.
Troubleshooting
Job artifacts using too much disk space
Job artifacts can fill up your disk space quicker than expected. Some possible reasons are:
- Users have configured job artifacts expiration to be longer than necessary.
- The number of jobs run, and hence artifacts generated, is higher than expected.
- Job logs are larger than expected, and have accumulated over time.
In these and other cases, identify the projects most responsible for disk space usage, figure out what types of artifacts are using the most space, and in some cases, manually delete job artifacts to reclaim disk space.
One possible first step is to clean up orphaned artifact files.
List projects and builds with artifacts with a specific expiration (or no expiration)
Using a Rails console, you can find projects that have job artifacts with either:
- No expiration date.
- An expiration date more than 7 days in the future.
Similar to deleting artifacts, use the following example time frames and alter them as needed:
7.days.from_now
10.days.from_now
2.weeks.from_now
3.months.from_now
Each of the following scripts also limits the search to 50 results with .limit(50)
, but this number can also be changed as needed:
# Find builds & projects with artifacts that never expire
builds_with_artifacts_that_never_expire = Ci::Build.with_downloadable_artifacts.where(artifacts_expire_at: nil).limit(50)
builds_with_artifacts_that_never_expire.find_each do |build|
puts "Build with id #{build.id} has artifacts that don't expire and belongs to project #{build.project.full_path}"
end
# Find builds & projects with artifacts that expire after 7 days from today
builds_with_artifacts_that_expire_in_a_week = Ci::Build.with_downloadable_artifacts.where('artifacts_expire_at > ?', 7.days.from_now).limit(50)
builds_with_artifacts_that_expire_in_a_week.find_each do |build|
puts "Build with id #{build.id} has artifacts that expire at #{build.artifacts_expire_at} and belongs to project #{build.project.full_path}"
end
List projects by total size of job artifacts stored
List the top 20 projects, sorted by the total size of job artifacts stored, by
running the following code in the Rails console (sudo gitlab-rails console
):
include ActionView::Helpers::NumberHelper
ProjectStatistics.order(build_artifacts_size: :desc).limit(20).each do |s|
puts "#{number_to_human_size(s.build_artifacts_size)} \t #{s.project.full_path}"
end
You can change the number of projects listed by modifying .limit(20)
to the
number you want.
List largest artifacts in a single project
List the 50 largest job artifacts in a single project by running the following
code in the Rails console (sudo gitlab-rails console
):
include ActionView::Helpers::NumberHelper
project = Project.find_by_full_path('path/to/project')
Ci::JobArtifact.where(project: project).order(size: :desc).limit(50).map { |a| puts "ID: #{a.id} - #{a.file_type}: #{number_to_human_size(a.size)}" }
You can change the number of job artifacts listed by modifying .limit(50)
to
the number you want.
List artifacts in a single project
List the artifacts for a single project, sorted by artifact size. The output includes the:
- ID of the job that created the artifact
- artifact size
- artifact file type
- artifact creation date
- on-disk location of the artifact
p = Project.find_by_id(<project_id>)
arts = Ci::JobArtifact.where(project: p)
list = arts.order(size: :desc).limit(50).each do |art|
puts "Job ID: #{art.job_id} - Size: #{art.size}b - Type: #{art.file_type} - Created: #{art.created_at} - File loc: #{art.file}"
end
To change the number of job artifacts listed, change the number in limit(50)
.
Delete job artifacts from jobs completed before a specific date
WARNING: These commands remove data permanently from both the database and from disk. Before running them, we highly recommend seeking guidance from a Support Engineer, or running them in a test environment with a backup of the instance ready to be restored, just in case.
If you need to manually remove job artifacts associated with multiple jobs while
retaining their job logs, this can be done from the Rails console (sudo gitlab-rails console
):
-
Select jobs to be deleted:
To select all jobs with artifacts for a single project:
project = Project.find_by_full_path('path/to/project') builds_with_artifacts = project.builds.with_downloadable_artifacts
To select all jobs with artifacts across the entire GitLab instance:
builds_with_artifacts = Ci::Build.with_downloadable_artifacts
-
Delete job artifacts older than a specific date:
NOTE: This step also erases artifacts that users have chosen to "keep".
builds_to_clear = builds_with_artifacts.where("finished_at < ?", 1.week.ago) builds_to_clear.find_each do |build| build.artifacts_expire_at = Time.now build.erase_erasable_artifacts! end
1.week.ago
is a RailsActiveSupport::Duration
method which calculates a new date or time in the past. Other valid examples are:7.days.ago
3.months.ago
1.year.ago
erase_erasable_artifacts!
is a synchronous method, and upon execution the artifacts are immediately removed; they are not scheduled by a background queue.
Delete job artifacts and logs from jobs completed before a specific date
WARNING: These commands remove data permanently from both the database and from disk. Before running them, we highly recommend seeking guidance from a Support Engineer, or running them in a test environment with a backup of the instance ready to be restored, just in case.
If you need to manually remove all job artifacts associated with multiple jobs,
including job logs, this can be done from the Rails console (sudo gitlab-rails console
):
-
Select the jobs to be deleted:
To select jobs with artifacts for a single project:
project = Project.find_by_full_path('path/to/project') builds_with_artifacts = project.builds.with_existing_job_artifacts(Ci::JobArtifact.trace)
To select jobs with artifacts across the entire GitLab instance:
builds_with_artifacts = Ci::Build.with_existing_job_artifacts(Ci::JobArtifact.trace)
-
Select the user which is mentioned in the web UI as erasing the job:
admin_user = User.find_by(username: 'username')
-
Erase the job artifacts and logs older than a specific date:
builds_to_clear = builds_with_artifacts.where("finished_at < ?", 1.week.ago) builds_to_clear.find_each do |build| print "Ci::Build ID #{build.id}... " if build.erasable? build.erase(erased_by: admin_user) puts "Erased" else puts "Skipped (Nothing to erase or not erasable)" end end
1.week.ago
is a RailsActiveSupport::Duration
method which calculates a new date or time in the past. Other valid examples are:7.days.ago
3.months.ago
1.year.ago
Error Downloading artifacts from coordinator... not found
When a job attempts to download artifacts from an earlier job, you might receive an error message similar to:
Downloading artifacts from coordinator... not found id=12345678 responseStatus=404 Not Found
This can be caused by a gitlab.rb
file with the following configuration:
gitlab_rails['artifacts_object_store_background_upload'] = false
gitlab_rails['artifacts_object_store_direct_upload'] = true
To prevent this, comment out or remove those lines, or switch to their default values, and
then run sudo gitlab-ctl reconfigure
.
Job artifact upload fails with error 500
If you are using object storage for artifacts and a job artifact fails to upload, review:
-
The job log for an error message similar to:
WARNING: Uploading artifacts as "archive" to coordinator... failed id=12345 responseStatus=500 Internal Server Error status=500 token=abcd1234
-
The workhorse log for an error message similar to:
{"error":"MissingRegion: could not find region configuration","level":"error","msg":"error uploading S3 session","time":"2021-03-16T22:10:55-04:00"}
In both cases, you might need to add region
to the job artifact object storage configuration.
Job artifact upload fails with 500 Internal Server Error (Missing file)
Bucket names that include folder paths are not supported with consolidated object storage.
For example, bucket/path
. If a bucket name has a path in it, you might receive an error similar to:
WARNING: Uploading artifacts as "archive" to coordinator... POST https://gitlab.example.com/api/v4/jobs/job_id/artifacts?artifact_format=zip&artifact_type=archive&expire_in=1+day: 500 Internal Server Error (Missing file)
FATAL: invalid argument
If a job artifact fails to upload with the above error when using consolidated object storage, make sure you are using separate buckets for each data type.