2017-01-14 04:06:08 +00:00 · 2017-01-14 04:06:08 +00:00 · 11de915b45
parent 33b65ad3a4 7c0b01da94
commit 11de915b45
7 changed files with 51 additions and 4 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -6,6 +6,7 @@ omnibus-gitlab repository.
 8.16.0

 - Update git to 2.10.2 27cde301
+- Allow users to specify an initial shared runner registration token

 8.15.0

--- a/doc/settings/database.md
+++ b/doc/settings/database.md
@ -187,6 +187,14 @@ If you want to specify a password for the default `root` user, specify the
 gitlab_rails['initial_root_password'] = 'nonstandardpassword'
 ```

+If you want to specify the initial registration token for shared GitLab Runners,
+specify the `initial_shared_runners_registration_token` setting in `/etc/gitlab/gitlab.rb`
+before running the `gitlab:setup` command:
+
+```ruby
+gitlab_rails['initial_shared_runners_registration_token'] = 'token'
+```
+
 ## Disabling automatic database migration

 If you have multiple GitLab servers sharing a database, you will want to limit the
--- a/files/gitlab-config-template/gitlab.rb.template
+++ b/files/gitlab-config-template/gitlab.rb.template
@ -305,10 +305,11 @@ external_url 'GENERATED_EXTERNAL_URL'
 # gitlab_rails['rate_limit_requests_per_period'] = 10
 # gitlab_rails['rate_limit_period'] = 60

-#### Change the initial default admin password.
-####! **Only applicable on initial setup, changing this setting after database
+#### Change the initial default admin password and shared runner registraion tokens.
+####! **Only applicable on initial setup, changing these settings after database
 ####!   is created and seeded won't yield any change.**
 # gitlab_rails['initial_root_password'] = "password"
+# gitlab_rails['initial_shared_runners_registration_token'] = "token"

 #### Enable or disable automatic database migrations
 # gitlab_rails['auto_migrate'] = true
--- a/files/gitlab-cookbooks/gitlab/attributes/default.rb
+++ b/files/gitlab-cookbooks/gitlab/attributes/default.rb
@ -274,6 +274,7 @@ default['gitlab']['gitlab-rails']['trusted_certs_dir'] = "/etc/gitlab/trusted-ce
 default['gitlab']['gitlab-rails']['webhook_timeout'] = nil

 default['gitlab']['gitlab-rails']['initial_root_password'] = nil
+default['gitlab']['gitlab-rails']['initial_shared_runners_registration_token'] = nil
 default['gitlab']['gitlab-rails']['trusted_proxies'] = nil

 ####
--- a/files/gitlab-cookbooks/gitlab/recipes/database_migrations.rb
+++ b/files/gitlab-cookbooks/gitlab/recipes/database_migrations.rb
@ -19,6 +19,7 @@ require 'digest'
 omnibus_helper = OmnibusHelper.new(node)

 initial_root_password = node['gitlab']['gitlab-rails']['initial_root_password']
+initial_runner_token  = node['gitlab']['gitlab-rails']['initial_shared_runners_registration_token']

 dependent_services = []
 dependent_services << "service[unicorn]" if omnibus_helper.should_notify?("unicorn")
@ -40,6 +41,10 @@ end
 upgrade_status_dir = ::File.join(node['gitlab']['gitlab-rails']['dir'], "upgrade-status")
 db_migrate_status_file = ::File.join(upgrade_status_dir, "db-migrate-#{connection_digest}-#{revision}")

+env_variables = {}
+env_variables['GITLAB_ROOT_PASSWORD'] = initial_root_password if initial_root_password
+env_variables['GITLAB_SHARED_RUNNERS_REGISTRATION_TOKEN'] = initial_runner_token if initial_runner_token
+
 # TODO: Refactor this into a resource
 # Currently blocked due to a bug in Chef 12.6.0
 # https://github.com/chef/chef/issues/4537
@ -53,7 +58,7 @@ bash "migrate gitlab-rails database" do
    echo $STATUS > #{db_migrate_status_file}
    exit $STATUS
  EOH
-  environment ({'GITLAB_ROOT_PASSWORD' => initial_root_password }) if initial_root_password
+  environment env_variables unless env_variables.empty?
  notifies :run, 'execute[enable pg_trgm extension]', :before unless omnibus_helper.not_listening?("postgresql") || !node['gitlab']['postgresql']['enable']
  notifies :run, "execute[clear the gitlab-rails cache]", :immediately unless omnibus_helper.not_listening?("redis")
  dependent_services.each do |svc|
--- a/spec/chef/recipes/database_migrations_spec.rb
+++ b/spec/chef/recipes/database_migrations_spec.rb
@ -16,6 +16,10 @@ describe 'gitlab::database-migrations' do
  context 'when migration should run' do
    let(:bash_block) { chef_run.bash('migrate gitlab-rails database') }

+    it 'runs the migrations' do
+      expect(chef_run).to run_bash('migrate gitlab-rails database')
+    end
+
    context 'places the log file' do

      it 'in a default location' do
@ -30,6 +34,33 @@ describe 'gitlab::database-migrations' do
      end
    end

+    context 'with auto_migrate off' do
+      before { stub_gitlab_rb(gitlab_rails: { auto_migrate: false }) }
+
+      it 'skips running the migrations' do
+        expect(chef_run).to_not run_bash('migrate gitlab-rails database')
+      end
+    end
+
+    it 'runs with the initial_root_password in the environment' do
+      stub_gitlab_rb(gitlab_rails: { initial_root_password: '123456789' })
+      expect(chef_run).to run_bash('migrate gitlab-rails database').with(
+        environment: { 'GITLAB_ROOT_PASSWORD' => '123456789' }
+      )
+    end
+
+    it 'runs with the initial_root_password and initial_shared_runners_registration_token in the environment' do
+      stub_gitlab_rb(
+        gitlab_rails: { initial_root_password: '123456789', initial_shared_runners_registration_token: '987654321' }
+      )
+      expect(chef_run).to run_bash('migrate gitlab-rails database').with(
+        environment: {
+          'GITLAB_ROOT_PASSWORD' => '123456789',
+          'GITLAB_SHARED_RUNNERS_REGISTRATION_TOKEN' => '987654321'
+        }
+      )
+    end
+
    it 'triggers the gitlab:db:configure task' do
      migrate = %Q(/opt/gitlab/bin/gitlab-rake gitlab:db:configure 2>& 1 | tee ${log_file})
      expect(bash_block.code).to match(/#{migrate}/)
--- a/spec/chef_helper.rb
+++ b/spec/chef_helper.rb
@ -44,7 +44,7 @@ RSpec.configure do |config|
  config.before do
    stub_command('id -Z').and_return(false)
    stub_command("grep 'CS:123456:respawn:/opt/gitlab/embedded/bin/runsvdir-start' /etc/inittab").and_return('')
-    stub_command(%r{\(test -f /var/opt/gitlab/gitlab-rails/upgrade-status/db-migrate-\h+-\) && \(cat /var/opt/gitlab/gitlab-rails/upgrade-status/db-migrate-\h+- | grep -Fx 0\)}).and_return('')
+    stub_command(%r{\(test -f /var/opt/gitlab/gitlab-rails/upgrade-status/db-migrate-\h+-\) && \(cat /var/opt/gitlab/gitlab-rails/upgrade-status/db-migrate-\h+- | grep -Fx 0\)}).and_return(false)
    stub_command("getenforce | grep Disabled").and_return(true)
    stub_command("semodule -l | grep '^#gitlab-7.2.0-ssh-keygen\\s'").and_return(true)
    stub_command(%r{set \-x \&\& \[ \-d "[^"]\" \]}).and_return(false)