GitLab
Git is a distributed version control system for software source code and other files. Using version management makes it possible to track changes made to files. It facilitates collaboration between multiple people on a project because concurrent changes cannot lead to accidental overwriting of files, hence preventing information loss. Changes made by multiple people can be merged using the Git software. Versioning of files is often used in software development, but it is also suitable for working on scientific texts such as graduation and doctoral theses that are often written using the LaTeX document preparation software.
With GitLab, LRZ offers a web-based service for managing Git repositories. In addition to the actual repositories where the files are stored, GitLab provides tools such as wikis and an issue tracker. With "Merge Requests", code reviews can be carried out collaboratively and transparently.
Below you will find an overview of the LRZ GitLab installation. Further information can be found in the GitLab-FAQ.
If not mentioned separately, all information applies to both GitLab instances at the LRZ: the main LRZ GitLab instance (for students and staff) and LRZ GitLab CE (only for staff of the participating institutions).
Table of Contents
News
| 04.04.2024 | LRZ GitLab was upgraded to version 16.10. |
| 14.03.2024 | LRZ GitLab has been upgraded to version 16.9. Now, project invitations via e-mail are possible again (see 7.12.2023). Invited persons still need GitLab usage rights through LDAP, or an account generated with GitInvited. |
| 08.02.2024 | LRZ GitLab was upgraded to version 16.8. We also made small visual adjustments to the GitLab CE instance to differentiate it from the main LRZ GitLab instance. See GitLab FAQ for details. |
| 12.01.2024 | The firewall settings of GitLab CE were adjusted in order to enable collaboration with external project partners worldwide. They of course still need an account, which can be obtained through a LRZ project or a university guest user ID with the necessary access rights. GitInvited can not be used to invite collaborators on LRZ GitLab CE. Additionally an important security update was installed on both GitLab instances. |
| 04.01.2024 | LRZ GitLab was upgraded to version 16.7 and the operating system of the servers was upgraded to the most recent version. |
| 27.12.2023 | We have increased the number of allowed simultaneous ssh connections to LRZ GitLab. The new limit should be high enough to accommodate all connections also during the busy hours. Recently it was observed that some connections were closed during the establishment phase due to a rate limit. |
| 07.12.2023 | LRZ GitLab was upgraded to version 16.6. The LDAP settings were slightly changed so that the field "Anzeigename" instead of the "Full name" field in the user administration of the universities will be used for the "Full name" field in GitLab. This makes it easier for persons who want change their visible name in GitLab for personal reasons. Not all user IDs are synchronised yet so this change will be visible for some users only after a while. The GitLab username and the paths of the personal projects do not change. Due to a change in GitLab 16.6 it is currently not possible to invite members in projects using email addresses. Please use the GitLab usernames for adding members in the projects. We are following the discussion about the problem in this GitLab-Issue. Invitations through GitInvited are not affected by this issue. |
| 03.11.2023 | LRZ GitLab was upgraded to version 16.5. |
| 05.10.2023 | LRZ GitLab was upgraded to version 16.4. |
| 07.09.2023 | LRZ GitLab was upgraded to version 16.3. |
| 31.08.2023 | A new GitLab instance with the open source GitLab Community Edition software (LRZ GitLab CE) is available for employees of the participating institutions. Projects for IT operations and for institutional administration belong on this instance. Research projects and teaching (e.g. course assignments) should remain on the main LRZ GitLab instance as before. The new instance is accessible within the MWN network. See also GitLab-FAQ. |
Terms of service
All members of TUM, LMU and other Munich universities are entitled to use the LRZ GitLab service. This requires a user ID from LRZ or one of the participating universities.
If no automatic activation has been made, individual user IDs can be activated by the responsible master user via our ID Portal. If this is not possible, please contact the LRZ Servicedesk.
Please note that LRZ GitLab can only be used for instructional-use or non-commercial academic research. IT professional use and/or use for institutional administration is not permitted under the educational license. Detailed information on the GitLab site:
You don't need to register as person or entity in the Education Program on the GitLab website. That has already been done by LRZ on behalf of the participating universities.
For further use case, there is a separate GitLab instance with the Community Edition license (https://gitlab-ce.lrz.de). For example, projects for IT operations and for institutional administration belong on this instance. For research projects and teaching (e.g. course assignments) please use main LRZ GitLab instance. See also GitLab-FAQ.
Storage space
Since Git is designed for versioning of text files (source code and other files in text format), Git repositories should remain relatively small (< 1 GB).
For binary formats such as image archives, Microsoft Office files (.doc, .docx, .xls, .xlsx etc.), LibreOffice / OpenOffice files (.odt, .ods etc.) or very dynamic data, GitLab supports the extension Large File Storage (LFS). If you have binary files in your project, please install and activate LFS from the beginning. A later migration of the files under LFS is much more complicated.
The limits in the LRZ GitLab are currently:
- Maximum file size for upload: 10 GB
- Maximum size of the repository including LFS files: 10 GB
The size of the repository can be found at the top of the project page in GitLab (value "X MB Files") . The value "Storage" shows the total size of the project including artifacts which are allowed to exceed the limit. Please note that the values are cached and may therefore not immediately reflect the actual size shortly after changes in the repository are made.
The maximum size of the repository can be increased by the administrators for individual projects if necessary. Proper use of Git LFS is a prerequisite for this. Please contact the LRZ Servicedesk.
Instructions to reduce the size of repositories can be found in the GitLab-FAQ.
Project limit
10 personal projects may be created at most. This limit can be raised in justified cases. Please contact the LRZ Servicedesk. As an alternative, please organize your projects in groups (see below).
Groups
For logically related projects, the use of GitLab groups is recommended. Within a GitLab group, the number of projects is not limited. A group also has the advantage that rights management usually becomes easier and clearer. In addition, the role of a user of a group is inherited to all projects in the group.
Project and group visibility
There are three levels of visibility for projects and groups in LRZ GitLab:
| Visibility | Meaning / Impact |
|---|---|
| Private |
|
| Internal |
|
| Public |
|
In addition, all users who are logged in to the LRZ GitLab have read access: They can see the projects and groups and download the content. Only users who have been invited with GitInvited are excluded from this (due to their status Details about the levels of visibility as well as roles and rights can be found in the following GitLab articles:
Wichtige Sicherheitshinweise
- Over 100,000 people can log into the LRZ GitLab! This includes all persons who belong to the LMU, TUM and also some other Munich universities and scientific institutions.
- With such a large number of authorized persons, it may happen that one or more user IDs are compromised and unauthorized persons (criminals, etc.) use these IDs. These unauthorized persons then also have read access to all projects and groups with the visibility "Internal".
- LRZ GitLab can be accessed from anywhere in the world. There are no geographical or other restrictions.
Conclusion: For your own protection, consider the "Internal" visibility almost like "Public".
Public projects
It is possible to publish projects so that they can be cloned without logging in. The required setting for the project can only be made by the GitLab administrators. Please pass on the project name or path with a corresponding message to the LRZ Servicedesk and use the button "Selfservice" to make an authenticated request.
We recommend grouping all public projects into groups so that they are not dependent on personal GitLab identifiers. If a project is to be publicly visible, the group which the project belongs to must also be made public.
For public projects, the following information is publicly visible (generally accessible):
- On every commit: The name and email address stored in the Git configuration
- The GitLab username as defined in the User Settings in the Account section. For personal projects, the username is visible in the path of the project.
Until January 2020 the GitLab username was initialized at first login with the user's own user ID, which is assigned by their own institution (LMU, TUM, HM, HSWT). We ask all these members of public projects to change their GitLab username (Settings → Account → Change Username), so that the user ID will not become generally visible. Reasons in detail:
- For privacy reasons, the LRZ must treat the user ID as confidential information.
- The user ID can be used in a social engineering attack in order to build confidence in the victim: << Dear customer with the identifier Abcxyz >>
- There are several variants of password attacks. In the "Online Attack" scenario the attacker attempts to gain access using the normal log procedure. However, the attacker must know or guess both the user ID and the associated password.
When the GitLab username is changed, GitLab automatically adjusts the web addresses and repository URLs of the user's personal projects accordingly. For projects that belong to a group, nothing changes because there is no username in those URLs. Further details on changing your own GitLab username can be found in the GitLab documentation.
Continuous Integration / Continuous Delivery (CI/CD)
The CI/CD integration can be activated at the project level (Settings → General → Permissions → Pipelines). However, you can only configure the communication with a CI runner. LRZ does not provide shared CI runners until further notice, which means you will have to set up and operate a CI runner yourself.
See the following GitLab documentation for more details:
- Overview documents of CI Runners and CI/CD
- Installing a CI Runner
- Registering a CI Runner
GitLab Pages
The GitLab Pages feature makes it possible to create and publish static web pages directly from a repository. All LRZ GitLab Pages are served as subdomains under pages.gitlab.lrz.de (main LRZ GitLab instance) and gitlab-ce-pages.lrz.de (LRZ GitLab CE). All LRZ GitLab Pages can be reached using a secure connection (HTTPS).
By default, a new GitLab Page is accessible only to project members who are logged in. However, the content can also be made generally accessible (Settings → General → Pages access control → Everyone). On GitLab CE, this setting means that the content is visible to people who are not logged in (for example, students who do not have an account on the instance) within the MWN network.
A CI runner is required for the Pages functionality (see the CI/CD section above).
The GitLab Pages documentation presents the Pages functionality in detail. There you will find for example a detailed description about how the address of your GitLab Page is formed. (The documentation uses example.io as an example domain which corresponds to pages.gitlab.lrz.de and gitlab-ce-pages.lrz.de on the LRZ GitLab platforms.) Please note that the contents of your Pages site must be placed in the directory public in your repository.
The size of Pages sites is limited to 1 GB. This limit can be raised in justified cases. Please contact the LRZ Servicedesk.