GitLab Git Large File Storage (LFS) Administration

Tier: Free, Premium, Ultimate Offering: Self-managed

This page contains information about configuring Git LFS in self-managed GitLab instances. For user documentation about Git LFS, see Git Large File Storage.

Prerequisites:

Enable or disable LFS

LFS is enabled by default. To disable it:

Linux package (Omnibus)
  1. Edit /etc/gitlab/gitlab.rb:

    # Change to true to enable lfs - enabled by default if not defined
    gitlab_rails['lfs_enabled'] = false
    
  2. Save the file and reconfigure GitLab:

    sudo gitlab-ctl reconfigure
    
Helm chart (Kubernetes)
  1. Export the Helm values:

    helm get values gitlab > gitlab_values.yaml
    
  2. Edit gitlab_values.yaml:

    global:
      appConfig:
        lfs:
          enabled: false
    
  3. Save the file and apply the new values:

    helm upgrade -f gitlab_values.yaml gitlab gitlab/gitlab
    
Docker
  1. Edit docker-compose.yml:

    version: "3.6"
    services:
      gitlab:
        environment:
          GITLAB_OMNIBUS_CONFIG: |
            gitlab_rails['lfs_enabled'] = false
    
  2. Save the file and restart GitLab:

    docker compose up -d
    
Self-compiled (source)
  1. Edit /home/git/gitlab/config/gitlab.yml:

    production: &base
      lfs:
        enabled: false
    
  2. Save the file and restart GitLab:

    # For systems running systemd
    sudo systemctl restart gitlab.target
    
    # For systems running SysV init
    sudo service gitlab restart
    

Change local storage path

Git LFS objects can be large in size. By default, they are stored on the server GitLab is installed on.

note
For Docker installations, you can change the path where your data is mounted. For the Helm chart, use object storage.

To change the default local storage path location:

Linux package (Omnibus)
  1. Edit /etc/gitlab/gitlab.rb:

    # /var/opt/gitlab/gitlab-rails/shared/lfs-objects by default.
    gitlab_rails['lfs_storage_path'] = "/mnt/storage/lfs-objects"
    
  2. Save the file and reconfigure GitLab:

    sudo gitlab-ctl reconfigure
    
Self-compiled (source)
  1. Edit /home/git/gitlab/config/gitlab.yml:

    # /home/git/gitlab/shared/lfs-objects by default.
    production: &base
      lfs:
        storage_path: /mnt/storage/lfs-objects
    
  2. Save the file and restart GitLab:

    # For systems running systemd
    sudo systemctl restart gitlab.target
    
    # For systems running SysV init
    sudo service gitlab restart
    

Storing LFS objects in remote object storage

You can store LFS objects in remote object storage. This allows you to reduce reads and writes to the local disk, and free up disk space significantly.

You should use the consolidated object storage settings.

Migrating to object storage

You can migrate the LFS objects from local storage to object storage. The processing is done in the background and requires no downtime.

  1. Configure the object storage.
  2. Migrate the LFS objects:

    Linux package (Omnibus)
    sudo gitlab-rake gitlab:lfs:migrate
    
    Docker
    sudo docker exec -t <container name> gitlab-rake gitlab:lfs:migrate
    
    Self-compiled (source)
    sudo -u git -H bundle exec rake gitlab:lfs:migrate RAILS_ENV=production
    
  3. Optional. Track the progress and verify that all job LFS objects migrated successfully using the PostgreSQL console.
    1. Open a PostgreSQL console:

      Linux package (Omnibus)
      sudo gitlab-psql
      
      Docker
      sudo docker exec -it <container_name> /bin/bash
      gitlab-psql
      
      Self-compiled (source)
      sudo -u git -H psql -d gitlabhq_production
      
    2. Verify that all LFS files migrated to object storage with the following SQL query. The number of objectstg should be the same as total:

      gitlabhq_production=# SELECT count(*) AS total, sum(case when file_store = '1' then 1 else 0 end) AS filesystem, sum(case when file_store = '2' then 1 else 0 end) AS objectstg FROM lfs_objects;
      
      total | filesystem | objectstg
      ------+------------+-----------
       2409 |          0 |      2409
      
  4. Verify that there are no files on disk in the lfs-objects directory:

    Linux package (Omnibus)
    sudo find /var/opt/gitlab/gitlab-rails/shared/lfs-objects -type f | grep -v tmp | wc -l
    
    Docker

    Assuming you mounted /var/opt/gitlab to /srv/gitlab:

    sudo find /srv/gitlab/gitlab-rails/shared/lfs-objects -type f | grep -v tmp | wc -l
    
    Self-compiled (source)
    sudo find /home/git/gitlab/shared/lfs-objects -type f | grep -v tmp | wc -l
    

Migrating back to local storage

note
For the Helm chart, you should use object storage.

To migrate back to local storage:

Linux package (Omnibus)
  1. Migrate the LFS objects:

    sudo gitlab-rake gitlab:lfs:migrate_to_local
    
  2. Edit /etc/gitlab/gitlab.rb and disable object storage for LFS objects:

    gitlab_rails['object_store']['objects']['lfs']['enabled'] = false
    
  3. Save the file and reconfigure GitLab:

    sudo gitlab-ctl reconfigure
    
Docker
  1. Migrate the LFS objects:

    sudo docker exec -t <container name> gitlab-rake gitlab:lfs:migrate_to_local
    
  2. Edit docker-compose.yml and disable object storage for LFS objects:

    version: "3.6"
    services:
      gitlab:
        environment:
          GITLAB_OMNIBUS_CONFIG: |
            gitlab_rails['object_store']['objects']['lfs']['enabled'] = false
    
  3. Save the file and restart GitLab:

    docker compose up -d
    
Self-compiled (source)
  1. Migrate the LFS objects:

    sudo -u git -H bundle exec rake gitlab:lfs:migrate_to_local RAILS_ENV=production
    
  2. Edit /home/git/gitlab/config/gitlab.yml and disable object storage for LFS objects:

    production: &base
      object_store:
        objects:
          lfs:
            enabled: false
    
  3. Save the file and restart GitLab:

    # For systems running systemd
    sudo systemctl restart gitlab.target
    
    # For systems running SysV init
    sudo service gitlab restart
    

Pure SSH transfer protocol

History

git-lfs 3.0.0 released support for using SSH as the transfer protocol instead of HTTP. SSH is handled transparently by the git-lfs command line tool.

When pure SSH protocol support is enabled and git is configured to use SSH, all LFS operations happen over SSH. For example, when the Git remote is git@gitlab.com:gitlab-org/gitlab.git. You can’t configure git and git-lfs to use different protocols. From version 3.0, git-lfs attempts to use the pure SSH protocol initially and, if support is not enabled or available, it falls back to using HTTP.

Prerequisites:

  • The git-lfs version must be v3.5.1 or higher.

To switch Git LFS to use pure SSH protocol:

Linux package (Omnibus)
  1. Edit /etc/gitlab/gitlab.rb:

    gitlab_shell['lfs_pure_ssh_protocol'] = true
    
  2. Save the file and reconfigure GitLab:

    sudo gitlab-ctl reconfigure
    
Helm chart (Kubernetes)
  1. Export the Helm values:

    helm get values gitlab > gitlab_values.yaml
    
  2. Edit gitlab_values.yaml:

    gitlab:
      gitlab-shell:
        config:
          lfs:
            pureSSHProtocol: true
    
  3. Save the file and apply the new values:

    helm upgrade -f gitlab_values.yaml gitlab gitlab/gitlab
    
Docker
  1. Edit docker-compose.yml:

    services:
      gitlab:
        environment:
          GITLAB_OMNIBUS_CONFIG: |
            gitlab_shell['lfs_pure_ssh_protocol'] = true
    
  2. Save the file and restart GitLab and its services:

    docker compose up -d
    
Self-compiled (source)
  1. Edit /home/git/gitlab-shell/config.yml:

    lfs:
       pure_ssh_protocol: true
    
  2. Save the file and restart GitLab Shell:

    # For systems running systemd
    sudo systemctl restart gitlab-shell.target
    
    # For systems running SysV init
    sudo service gitlab-shell restart
    

Storage statistics

You can see the total storage used for LFS objects for groups and projects in:

Troubleshooting

Missing LFS objects

An error about a missing LFS object may occur in either of these situations:

  • When migrating LFS objects from disk to object storage, with error messages like:

    ERROR -- : Failed to transfer LFS object
    006622269c61b41bf14a22bbe0e43be3acf86a4a446afb4250c3794ea47541a7
    with error: No such file or directory @ rb_sysopen -
    /var/opt/gitlab/gitlab-rails/shared/lfs-objects/00/66/22269c61b41bf14a22bbe0e43be3acf86a4a446afb4250c3794ea47541a7
    

    (Line breaks have been added for legibility.)

  • When running the integrity check for LFS objects with the VERBOSE=1 parameter.

The database can have records for LFS objects which are not on disk. The database entry may prevent a new copy of the object from being pushed. To delete these references:

  1. Start a rails console.
  2. Query the object that’s reported as missing in the rails console, to return a file path:

    lfs_object = LfsObject.find_by(oid: '006622269c61b41bf14a22bbe0e43be3acf86a4a446afb4250c3794ea47541a7')
    lfs_object.file.path
    
  3. Check on disk or object storage if it exists:

    ls -al /var/opt/gitlab/gitlab-rails/shared/lfs-objects/00/66/22269c61b41bf14a22bbe0e43be3acf86a4a446afb4250c3794ea47541a7
    
  4. If the file is not present, remove the database records with the Rails console:

    # First delete the parent records and then destroy the record itself
    lfs_object.lfs_objects_projects.destroy_all
    lfs_object.destroy
    

LFS commands fail on TLS v1.3 server

If you configure GitLab to disable TLS v1.2 and only enable TLS v1.3 connections, LFS operations require a Git LFS client version 2.11.0 or later. If you use a Git LFS client earlier than version 2.11.0, GitLab displays an error:

batch response: Post https://username:***@gitlab.example.com/tool/releases.git/info/lfs/objects/batch: remote error: tls: protocol version not supported
error: failed to fetch some objects from 'https://username:[MASKED]@gitlab.example.com/tool/releases.git/info/lfs'

When using GitLab CI over a TLS v1.3 configured GitLab server, you must upgrade to GitLab Runner 13.2.0 or later to receive an updated Git LFS client version with the included GitLab Runner Helper image.

To check an installed Git LFS client’s version, run this command:

git lfs version

Connection refused errors

If you push or mirror LFS objects and receive errors like the following:

  • dial tcp <IP>:443: connect: connection refused
  • Connection refused - connect(2) for \"<target-or-proxy-IP>\" port 443

a firewall or proxy rule may be terminating the connection.

If connection checks with standard Unix tools or manual Git pushes are successful, the rule may be related to the size of the request.

Error viewing a PDF file

When LFS has been configured with object storage and proxy_download set to false, you may see an error when previewing a PDF file from the Web browser:

An error occurred while loading the file. Please try again later.

This occurs due to Cross-Origin Resource Sharing (CORS) restrictions: the browser attempts to load the PDF from object storage, but the object storage provider rejects the request because the GitLab domain differs from the object storage domain.

To fix this issue, configure your object storage provider’s CORS settings to allow the GitLab domain. See the following documentation for more details:

  1. AWS S3
  2. Google Cloud Storage
  3. Azure Storage.

Known limitations

  • Only compatible with the Git LFS client versions 1.1.0 and later, or 1.0.2.
  • The storage statistics count each LFS object for every project linking to it.