Merge branch 'gitlab-git-http-server' into 'master'
Add gitlab-git-http-server (disabled by default) See merge request !423
This commit is contained in:
commit
009aa7d2e6
|
@ -69,6 +69,7 @@ dependency "nodejs"
|
|||
dependency "gitlab-ci"
|
||||
dependency "gitlab-rails"
|
||||
dependency "gitlab-shell"
|
||||
dependency "gitlab-git-http-server"
|
||||
dependency "gitlab-ctl"
|
||||
dependency "gitlab-cookbooks"
|
||||
dependency "gitlab-selinux"
|
||||
|
|
|
@ -0,0 +1,25 @@
|
|||
#
|
||||
# Copyright:: Copyright (c) 2015 GitLab B.V.
|
||||
# License:: Apache License, Version 2.0
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
name "gitlab-git-http-server"
|
||||
default_version "85e4d75c885617c983ecc664348195e3b06daf6a" # 0.2.0
|
||||
|
||||
source :git => "https://gitlab.com/gitlab-org/gitlab-git-http-server.git"
|
||||
|
||||
build do
|
||||
make "install PREFIX=#{install_dir}/embedded"
|
||||
end
|
|
@ -308,6 +308,20 @@ default['gitlab']['web-server']['home'] = '/var/opt/gitlab/nginx'
|
|||
# When bundled nginx is disabled we need to add the external webserver user to the GitLab webserver group
|
||||
default['gitlab']['web-server']['external_users'] = []
|
||||
|
||||
####
|
||||
# gitlab-git-http-server
|
||||
####
|
||||
|
||||
default['gitlab']['gitlab-git-http-server']['enable'] = false
|
||||
default['gitlab']['gitlab-git-http-server']['ha'] = false
|
||||
default['gitlab']['gitlab-git-http-server']['repo_root'] = "/var/opt/gitlab/git-data/repositories"
|
||||
default['gitlab']['gitlab-git-http-server']['listen_network'] = "unix"
|
||||
default['gitlab']['gitlab-git-http-server']['listen_umask'] = 000
|
||||
default['gitlab']['gitlab-git-http-server']['listen_addr'] = "/var/opt/gitlab/gitlab-git-http-server/socket"
|
||||
default['gitlab']['gitlab-git-http-server']['auth_backend'] = "http://localhost:8080"
|
||||
default['gitlab']['gitlab-git-http-server']['dir'] = "/var/opt/gitlab/gitlab-git-http-server"
|
||||
default['gitlab']['gitlab-git-http-server']['log_dir'] = "/var/log/gitlab/gitlab-git-http-server"
|
||||
|
||||
####
|
||||
# Nginx
|
||||
####
|
||||
|
|
|
@ -47,6 +47,7 @@ module Gitlab
|
|||
ci_unicorn Mash.new
|
||||
sidekiq Mash.new
|
||||
ci_sidekiq Mash.new
|
||||
gitlab_git_http_server Mash.new
|
||||
nginx Mash.new
|
||||
ci_nginx Mash.new
|
||||
logging Mash.new
|
||||
|
@ -188,6 +189,13 @@ module Gitlab
|
|||
end
|
||||
end
|
||||
|
||||
def parse_unicorn_listen_address
|
||||
# Make sure gitlab-git-http-server can talk to unicorn
|
||||
listen_address = unicorn['listen'] || node['gitlab']['unicorn']['listen']
|
||||
listen_port = unicorn['port'] || node['gitlab']['unicorn']['port']
|
||||
gitlab_git_http_server['auth_backend'] ||= "http://#{listen_address}:#{listen_port}"
|
||||
end
|
||||
|
||||
def parse_nginx_listen_address
|
||||
return unless nginx['listen_address']
|
||||
|
||||
|
@ -269,6 +277,7 @@ module Gitlab
|
|||
"ci_unicorn",
|
||||
"sidekiq",
|
||||
"ci_sidekiq",
|
||||
"gitlab_git_http_server",
|
||||
"nginx",
|
||||
"ci_nginx",
|
||||
"logging",
|
||||
|
@ -297,6 +306,7 @@ module Gitlab
|
|||
# Parse ci_external_url _before_ gitlab_ci settings so that the user
|
||||
# can turn on gitlab_ci by only specifying ci_external_url
|
||||
parse_ci_external_url
|
||||
parse_unicorn_listen_address
|
||||
parse_nginx_listen_address
|
||||
parse_nginx_listen_ports
|
||||
parse_gitlab_ci
|
||||
|
|
|
@ -102,6 +102,7 @@ include_recipe "runit"
|
|||
"ci-unicorn",
|
||||
"sidekiq",
|
||||
"ci-sidekiq",
|
||||
"gitlab-git-http-server",
|
||||
"nginx",
|
||||
"remote-syslog",
|
||||
"logrotate",
|
||||
|
|
|
@ -0,0 +1,40 @@
|
|||
#
|
||||
# Copyright:: Copyright (c) 2015 GitLab B.V.
|
||||
# License:: Apache License, Version 2.0
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
working_dir = node['gitlab']['gitlab-git-http-server']['dir']
|
||||
log_dir = node['gitlab']['gitlab-git-http-server']['log_dir']
|
||||
|
||||
directory working_dir do
|
||||
owner node['gitlab']['user']['username']
|
||||
group node['gitlab']['web-server']['username']
|
||||
mode '0750'
|
||||
recursive true
|
||||
end
|
||||
|
||||
directory log_dir do
|
||||
owner node['gitlab']['user']['username']
|
||||
mode '0700'
|
||||
recursive true
|
||||
end
|
||||
|
||||
runit_service 'gitlab-git-http-server' do
|
||||
down node['gitlab']['gitlab-git-http-server']['ha']
|
||||
options({
|
||||
:log_directory => log_dir
|
||||
}.merge(params))
|
||||
log_options node['gitlab']['logging'].to_hash.merge(node['gitlab']['gitlab-git-http-server'].to_hash)
|
||||
end
|
|
@ -0,0 +1,20 @@
|
|||
#
|
||||
# Copyright:: Copyright (c) 2015 GitLab B.V.
|
||||
# License:: Apache License, Version 2.0
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
runit_service "gitlab-git-http-server" do
|
||||
action :disable
|
||||
end
|
|
@ -34,6 +34,12 @@ upstream gitlab {
|
|||
server unix:<%= @socket %> fail_timeout=0;
|
||||
}
|
||||
|
||||
<% if node['gitlab']['gitlab-git-http-server']['enable'] %>
|
||||
upstream gitlab-git-http-server {
|
||||
server unix:<%= node['gitlab']['gitlab-git-http-server']['listen_addr'] %>;
|
||||
}
|
||||
<% end %>
|
||||
|
||||
<% if @https && @redirect_http_to_https %>
|
||||
## Redirects all HTTP traffic to the HTTPS host
|
||||
server {
|
||||
|
@ -137,6 +143,30 @@ server {
|
|||
proxy_pass http://gitlab;
|
||||
}
|
||||
|
||||
<% if node['gitlab']['gitlab-git-http-server']['enable'] %>
|
||||
location ~ [-\/\w\.]+\.git\/ {
|
||||
## If you use HTTPS make sure you disable gzip compression
|
||||
## to be safe against BREACH attack.
|
||||
<%= 'gzip off;' if @https %>
|
||||
|
||||
## https://github.com/gitlabhq/gitlabhq/issues/694
|
||||
## Some requests take more than 30 seconds.
|
||||
proxy_read_timeout 300;
|
||||
proxy_connect_timeout 300;
|
||||
proxy_redirect off;
|
||||
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
<% if @https %>
|
||||
proxy_set_header X-Forwarded-Ssl on;
|
||||
<% end %>
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
||||
proxy_pass http://gitlab-git-http-server;
|
||||
}
|
||||
<% end %>
|
||||
|
||||
## Enable gzip compression as per rails guide:
|
||||
## http://guides.rubyonrails.org/asset_pipeline.html#gzip-compression
|
||||
## WARNING: If you are using relative urls remove the block below
|
||||
|
|
|
@ -0,0 +1,6 @@
|
|||
<%= "s#@svlogd_size" if @svlogd_size %>
|
||||
<%= "n#@svlogd_num" if @svlogd_num %>
|
||||
<%= "t#@svlogd_timeout" if @svlogd_timeout %>
|
||||
<%= "!#@svlogd_filter" if @svlogd_filter %>
|
||||
<%= "u#@svlogd_udp" if @svlogd_udp %>
|
||||
<%= "p#@svlogd_prefix" if @svlogd_prefix %>
|
|
@ -0,0 +1,2 @@
|
|||
#!/bin/sh
|
||||
exec svlogd -tt <%= @options[:log_directory] %>
|
|
@ -0,0 +1,21 @@
|
|||
#!/bin/sh
|
||||
set -e # fail on errors
|
||||
|
||||
# Redirect stderr -> stdout
|
||||
exec 2>&1
|
||||
|
||||
<%= render("mount_point_check.erb") %>
|
||||
|
||||
cd <%= node['gitlab']['gitlab-git-http-server']['dir'] %>
|
||||
|
||||
exec chpst -P \
|
||||
-U <%= node['gitlab']['user']['username'] %> \
|
||||
-u <%= node['gitlab']['user']['username'] %> \
|
||||
/usr/bin/env \
|
||||
PATH=/opt/gitlab/bin:/opt/gitlab/embedded/bin:/usr/local/bin:/usr/bin:/bin \
|
||||
/opt/gitlab/embedded/bin/gitlab-git-http-server \
|
||||
-listenNetwork <%= node['gitlab']['gitlab-git-http-server']['listen_network'] %> \
|
||||
-listenUmask <%= node['gitlab']['gitlab-git-http-server']['listen_umask'] %> \
|
||||
-listenAddr <%= node['gitlab']['gitlab-git-http-server']['listen_addr'] %> \
|
||||
-authBackend <%= node['gitlab']['gitlab-git-http-server']['auth_backend'] %> \
|
||||
<%= node['gitlab']['gitlab-git-http-server']['repo_root'] %>
|
Loading…
Reference in New Issue