Merge branch 'wc/shell-token-restart' into 'master'
Restart Gitaly when updating Gitlab-Shell token See merge request https://gitlab.com/gitlab-org/omnibus-gitlab/-/merge_requests/7297 Merged-by: Balasankar 'Balu' C <balasankar@gitlab.com> Approved-by: Jason Plum <jplum@gitlab.com> Approved-by: Balasankar 'Balu' C <balasankar@gitlab.com> Co-authored-by: Will Chandler <wchandler@gitlab.com>
This commit is contained in:
commit
fbb7aa63e7
|
@ -410,6 +410,10 @@ templatesymlink "Create a gitlab_workhorse_secret and create a symlink to Rails
|
|||
gitlab_workhorse_services.each { |svc| notifies :restart, svc }
|
||||
end
|
||||
|
||||
gitlab_shell_secret_services = dependent_services
|
||||
gitlab_shell_secret_services += ['runit_service[gitaly]'] if omnibus_helper.should_notify?('gitaly')
|
||||
gitlab_shell_secret_services += ['runit_service[gitlab-sshd]'] if Services.enabled?('gitlab_sshd')
|
||||
|
||||
templatesymlink "Create a gitlab_shell_secret and create a symlink to Rails root" do
|
||||
link_from File.join(gitlab_rails_source_dir, ".gitlab_shell_secret")
|
||||
link_to File.join(gitlab_rails_etc_dir, "gitlab_shell_secret")
|
||||
|
@ -419,7 +423,7 @@ templatesymlink "Create a gitlab_shell_secret and create a symlink to Rails root
|
|||
mode "0644"
|
||||
sensitive true
|
||||
variables(secret_token: node['gitlab']['gitlab_shell']['secret_token'])
|
||||
dependent_services.each { |svc| notifies :restart, svc }
|
||||
gitlab_shell_secret_services.each { |svc| notifies :restart, svc }
|
||||
notifies :run, 'bash[Set proper security context on ssh files for selinux]', :delayed if SELinuxHelper.enabled?
|
||||
end
|
||||
|
||||
|
|
|
@ -1141,6 +1141,93 @@ RSpec.describe 'gitlab::gitlab-rails' do
|
|||
end
|
||||
end
|
||||
|
||||
describe 'gitlab_shell_secret' do
|
||||
let(:templatesymlink) { chef_run.templatesymlink('Create a gitlab_shell_secret and create a symlink to Rails root') }
|
||||
|
||||
context 'by default' do
|
||||
cached(:chef_run) do
|
||||
ChefSpec::SoloRunner.new.converge('gitlab::default')
|
||||
end
|
||||
|
||||
it 'creates the template' do
|
||||
expect(chef_run).to create_templatesymlink("Create a gitlab_pages_secret and create a symlink to Rails root").with(
|
||||
owner: 'root',
|
||||
group: 'root',
|
||||
mode: '0644'
|
||||
)
|
||||
end
|
||||
|
||||
it 'template triggers notifications' do
|
||||
expect(templatesymlink).to notify('runit_service[gitaly]').to(:restart).delayed
|
||||
expect(templatesymlink).to notify('runit_service[puma]').to(:restart).delayed
|
||||
expect(templatesymlink).to notify('sidekiq_service[sidekiq]').to(:restart).delayed
|
||||
end
|
||||
end
|
||||
|
||||
context 'with gitlab-sshd enabled' do
|
||||
let(:templatesymlink) { chef_run.templatesymlink('Create a gitlab_shell_secret and create a symlink to Rails root') }
|
||||
|
||||
cached(:chef_run) do
|
||||
RSpec::Mocks.with_temporary_scope do
|
||||
stub_gitlab_rb(
|
||||
gitlab_sshd: { enable: true }
|
||||
)
|
||||
end
|
||||
|
||||
ChefSpec::SoloRunner.new.converge('gitlab::default')
|
||||
end
|
||||
|
||||
it 'creates the template' do
|
||||
expect(chef_run).to create_templatesymlink("Create a gitlab_pages_secret and create a symlink to Rails root").with(
|
||||
owner: 'root',
|
||||
group: 'root',
|
||||
mode: '0644'
|
||||
)
|
||||
end
|
||||
|
||||
it 'template triggers notifications' do
|
||||
expect(templatesymlink).to notify('runit_service[gitlab-sshd]').to(:restart).delayed
|
||||
expect(templatesymlink).to notify('runit_service[gitaly]').to(:restart).delayed
|
||||
expect(templatesymlink).to notify('runit_service[puma]').to(:restart).delayed
|
||||
expect(templatesymlink).to notify('sidekiq_service[sidekiq]').to(:restart).delayed
|
||||
end
|
||||
end
|
||||
|
||||
context 'with specific gitlab_shell_secret' do
|
||||
let(:gitlab_shell_secret_token) { SecureRandom.base64(32) }
|
||||
|
||||
cached(:chef_run) do
|
||||
RSpec::Mocks.with_temporary_scope do
|
||||
stub_gitlab_rb(
|
||||
gitlab_shell: { secret_token: gitlab_shell_secret_token }
|
||||
)
|
||||
end
|
||||
|
||||
ChefSpec::SoloRunner.new.converge('gitlab::default')
|
||||
end
|
||||
|
||||
it 'renders the correct node attribute' do
|
||||
expect(chef_run).to create_templatesymlink("Create a gitlab_shell_secret and create a symlink to Rails root").with_variables(
|
||||
secret_token: gitlab_shell_secret_token
|
||||
)
|
||||
end
|
||||
|
||||
it 'uses the correct owner and permissions' do
|
||||
expect(chef_run).to create_templatesymlink('Create a gitlab_shell_secret and create a symlink to Rails root').with(
|
||||
owner: 'root',
|
||||
group: 'root',
|
||||
mode: '0644'
|
||||
)
|
||||
end
|
||||
|
||||
it 'template triggers notifications' do
|
||||
expect(templatesymlink).to notify('runit_service[gitaly]').to(:restart).delayed
|
||||
expect(templatesymlink).to notify('runit_service[puma]').to(:restart).delayed
|
||||
expect(templatesymlink).to notify('sidekiq_service[sidekiq]').to(:restart).delayed
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
describe 'gitlab_pages_secret' do
|
||||
let(:templatesymlink) { chef_run.templatesymlink('Create a gitlab_pages_secret and create a symlink to Rails root') }
|
||||
|
||||
|
|
Loading…
Reference in New Issue