Merge branch 'jacobvosmaer/omnibus-gitlab-gitlab-ci'
This commit is contained in:
commit
3715204d86
|
@ -18,6 +18,11 @@ stable branch (example shown below).
|
|||
|
||||
![documentation version](doc/images/omnibus-documentation-version.png)
|
||||
|
||||
## GitLab CI
|
||||
|
||||
To setup GitLab CI please see the [separate GitLab CI
|
||||
documentation](doc/gitlab-ci/README.md).
|
||||
|
||||
## Installation
|
||||
|
||||
Please follow the steps on the [downloads page][downloads].
|
||||
|
|
|
@ -40,6 +40,7 @@ if system("#{Config.project_root}/support/is_gitlab_ee.sh") || system("#{Config.
|
|||
end
|
||||
dependency "logrotate"
|
||||
dependency "runit"
|
||||
dependency "gitlab-ci"
|
||||
dependency "gitlab-rails"
|
||||
dependency "gitlab-shell"
|
||||
dependency "gitlab-ctl"
|
||||
|
|
|
@ -0,0 +1,77 @@
|
|||
#
|
||||
# Copyright:: Copyright (c) 2014 GitLab B.V.
|
||||
# License:: Apache License, Version 2.0
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
name "gitlab-ci"
|
||||
default_version "96906f2bceb04c7323f8514aa5ad8cb1313e2898" # 5.1.0.rc1
|
||||
|
||||
EE = system("#{Config.project_root}/support/is_gitlab_ee.sh")
|
||||
|
||||
dependency "ruby"
|
||||
dependency "bundler"
|
||||
dependency "rsync"
|
||||
dependency "postgresql"
|
||||
dependency "mysql-client" if EE
|
||||
|
||||
source :git => "https://gitlab.com/gitlab-org/gitlab-ci.git"
|
||||
|
||||
build do
|
||||
env = with_standard_compiler_flags(with_embedded_path)
|
||||
|
||||
bundle_without = %w{development test}
|
||||
bundle_without << "mysql" unless EE
|
||||
bundle "install --without #{bundle_without.join(" ")} --path=#{install_dir}/embedded/service/gem", :env => env
|
||||
|
||||
# Record the current Git revision to be displayed in the app
|
||||
command "git log --pretty=format:'%h' -n 1 > REVISION"
|
||||
|
||||
# In order to precompile the assets, we need to get to a state where rake can
|
||||
# load the Rails environment.
|
||||
command "cp config/application.yml.example config/application.yml"
|
||||
command "cp config/database.yml.postgresql config/database.yml"
|
||||
|
||||
assets_precompile_env = {
|
||||
"RAILS_ENV" => "production",
|
||||
"PATH" => "#{install_dir}/embedded/bin:#{ENV['PATH']}"
|
||||
}
|
||||
bundle "exec rake assets:precompile", :env => assets_precompile_env
|
||||
|
||||
# Tear down now that the assets:precompile is done.
|
||||
command "rm config/application.yml config/database.yml .secret"
|
||||
|
||||
# Remove directories that will be created by `gitlab-ctl reconfigure`
|
||||
command "rm -rf log tmp"
|
||||
|
||||
# Because db/schema.rb is modified by `rake db:migrate` after installation,
|
||||
# keep a copy of schema.rb around in case we need it. (I am looking at you,
|
||||
# mysql-postgresql-converter.)
|
||||
command "cp db/schema.rb db/schema.rb.bundled"
|
||||
|
||||
command "mkdir -p #{install_dir}/embedded/service/gitlab-ci"
|
||||
command "#{install_dir}/embedded/bin/rsync -a --delete --exclude=.git/*** --exclude=.gitignore ./ #{install_dir}/embedded/service/gitlab-ci/"
|
||||
|
||||
# Create a wrapper for the rake tasks of the Rails app
|
||||
erb :dest => "#{install_dir}/bin/gitlab-ci-rake",
|
||||
:source => "bundle_exec_wrapper.erb",
|
||||
:mode => 0755,
|
||||
:vars => {:command => 'rake "$@"', :install_dir => install_dir}
|
||||
|
||||
# Create a wrapper for the rails command, useful for e.g. `rails console`
|
||||
erb :dest => "#{install_dir}/bin/gitlab-ci-rails",
|
||||
:source => "bundle_exec_wrapper.erb",
|
||||
:mode => 0755,
|
||||
:vars => {:command => 'rails "$@"', :install_dir => install_dir}
|
||||
end
|
|
@ -0,0 +1,14 @@
|
|||
#!/bin/sh
|
||||
|
||||
gitlab_ci_rc='<%= install_dir %>/etc/gitlab-ci/gitlab-ci-rc'
|
||||
if ! [ -f ${gitlab_ci_rc} ] ; then
|
||||
echo "$0 error: could not load ${gitlab_ci_rc}" 2>& 1
|
||||
echo "You can generate it with: sudo gitlab-ctl reconfigure" 2>& 1
|
||||
exit 1
|
||||
fi
|
||||
|
||||
. ${gitlab_ci_rc}
|
||||
|
||||
cd <%= install_dir %>/embedded/service/gitlab-ci
|
||||
|
||||
exec <%= install_dir %>/embedded/bin/chpst -e <%= install_dir %>/etc/gitlab-ci/env -u ${gitlab_ci_user} -U ${gitlab_ci_user} <%= install_dir %>/embedded/bin/bundle exec <%= command %>
|
|
@ -0,0 +1,21 @@
|
|||
# GitLab CI
|
||||
|
||||
You can run a [GitLab CI](https://about.gitlab.com/gitlab-ci/) Coordinator
|
||||
service on your GitLab server.
|
||||
|
||||
## Getting started
|
||||
|
||||
GitLab CI expects to run on its own virtual host. In your DNS you would then
|
||||
have two entries pointing to the same machine, e.g. `gitlab.example.com` and
|
||||
`ci.example.com`.
|
||||
|
||||
To enable GitLab CI, just tell omnibus-gitlab what the external URL for the CI
|
||||
server is:
|
||||
|
||||
```
|
||||
# in /etc/gitlab/gitlab.rb
|
||||
ci_external_url 'http://ci.example.com'
|
||||
```
|
||||
|
||||
After you run `sudo gitlab-ctl reconfigure`, your GitLab CI Coordinator should
|
||||
now be reachable at `http://ci.example.com`.
|
|
@ -215,6 +215,7 @@ default['gitlab']['postgresql']['shell'] = "/bin/sh"
|
|||
default['gitlab']['postgresql']['home'] = "/var/opt/gitlab/postgresql"
|
||||
default['gitlab']['postgresql']['user_path'] = "/opt/gitlab/embedded/bin:/opt/gitlab/bin:$PATH"
|
||||
default['gitlab']['postgresql']['sql_user'] = "gitlab"
|
||||
default['gitlab']['postgresql']['sql_ci_user'] = "gitlab_ci"
|
||||
default['gitlab']['postgresql']['port'] = 5432
|
||||
default['gitlab']['postgresql']['listen_address'] = nil
|
||||
default['gitlab']['postgresql']['max_connections'] = 200
|
||||
|
@ -344,3 +345,98 @@ default['gitlab']['logrotate']['post_sleep'] = 3000 # wait 50 minutes after rota
|
|||
# High Availability
|
||||
###
|
||||
default['gitlab']['high-availability']['mountpoint'] = nil
|
||||
|
||||
####
|
||||
# GitLab CI Rails app
|
||||
####
|
||||
default['gitlab']['gitlab-ci']['enable'] = false
|
||||
default['gitlab']['gitlab-ci']['dir'] = "/var/opt/gitlab/gitlab-ci"
|
||||
default['gitlab']['gitlab-ci']['log_directory'] = "/var/log/gitlab/gitlab-ci"
|
||||
default['gitlab']['gitlab-ci']['environment'] = 'production'
|
||||
default['gitlab']['gitlab-ci']['env'] = {
|
||||
'BUNDLE_GEMFILE' => "/opt/gitlab/embedded/service/gitlab-ci/Gemfile",
|
||||
'PATH' => "/opt/gitlab/bin:/opt/gitlab/embedded/bin:/bin:/usr/bin"
|
||||
}
|
||||
default['gitlab']['gitlab-ci']['schedule_builds_minute'] = "0"
|
||||
|
||||
default['gitlab']['gitlab-ci']['username'] = "gitlab-ci"
|
||||
default['gitlab']['gitlab-ci']['uid'] = nil
|
||||
default['gitlab']['gitlab-ci']['gid'] = nil
|
||||
default['gitlab']['gitlab-ci']['shell'] = "/bin/false"
|
||||
|
||||
# application.yml top-level settings
|
||||
default['gitlab']['gitlab-ci']['gitlab_server_urls'] = nil
|
||||
|
||||
# application.yml, gitlab_ci section
|
||||
default['gitlab']['gitlab-ci']['gitlab_ci_host'] = node['fqdn']
|
||||
default['gitlab']['gitlab-ci']['gitlab_ci_port'] = 80
|
||||
default['gitlab']['gitlab-ci']['gitlab_ci_https'] = false
|
||||
default['gitlab']['gitlab-ci']['gitlab_ci_email_from'] = nil
|
||||
default['gitlab']['gitlab-ci']['gitlab_ci_support_email'] = nil
|
||||
default['gitlab']['gitlab-ci']['gitlab_ci_all_broken_builds'] = nil
|
||||
default['gitlab']['gitlab-ci']['gitlab_ci_add_committer'] = nil
|
||||
|
||||
# application.yml, gravatar section
|
||||
default['gitlab']['gitlab-ci']['gravatar_enabled'] = true
|
||||
default['gitlab']['gitlab-ci']['gravatar_plain_url'] = nil
|
||||
default['gitlab']['gitlab-ci']['gravatar_ssl_url'] = nil
|
||||
|
||||
# database.yml settings
|
||||
default['gitlab']['gitlab-ci']['db_adapter'] = "postgresql"
|
||||
default['gitlab']['gitlab-ci']['db_encoding'] = "unicode"
|
||||
default['gitlab']['gitlab-ci']['db_database'] = "gitlab_ci_production"
|
||||
default['gitlab']['gitlab-ci']['db_pool'] = 10
|
||||
default['gitlab']['gitlab-ci']['db_username'] = "gitlab_ci"
|
||||
default['gitlab']['gitlab-ci']['db_password'] = nil
|
||||
default['gitlab']['gitlab-ci']['db_host'] = nil
|
||||
default['gitlab']['gitlab-ci']['db_port'] = 5432
|
||||
default['gitlab']['gitlab-ci']['db_socket'] = nil
|
||||
|
||||
# resque.yml settings
|
||||
default['gitlab']['gitlab-ci']['redis_host'] = "127.0.0.1"
|
||||
default['gitlab']['gitlab-ci']['redis_port'] = nil
|
||||
default['gitlab']['gitlab-ci']['redis_socket'] = "/var/opt/gitlab/ci-redis/redis.socket"
|
||||
|
||||
# config/initializers/smtp_settings.rb settings
|
||||
default['gitlab']['gitlab-ci']['smtp_enable'] = false
|
||||
default['gitlab']['gitlab-ci']['smtp_address'] = nil
|
||||
default['gitlab']['gitlab-ci']['smtp_port'] = nil
|
||||
default['gitlab']['gitlab-ci']['smtp_user_name'] = nil
|
||||
default['gitlab']['gitlab-ci']['smtp_password'] = nil
|
||||
default['gitlab']['gitlab-ci']['smtp_domain'] = nil
|
||||
default['gitlab']['gitlab-ci']['smtp_authentication'] = nil
|
||||
default['gitlab']['gitlab-ci']['smtp_enable_starttls_auto'] = nil
|
||||
default['gitlab']['gitlab-ci']['smtp_tls'] = nil
|
||||
default['gitlab']['gitlab-ci']['smtp_openssl_verify_mode'] = nil
|
||||
|
||||
####
|
||||
# CI Unicorn
|
||||
####
|
||||
default['gitlab']['ci-unicorn'] = default['gitlab']['unicorn'].dup
|
||||
default['gitlab']['ci-unicorn']['enable'] = false
|
||||
default['gitlab']['ci-unicorn']['log_directory'] = "/var/log/gitlab/ci-unicorn"
|
||||
default['gitlab']['ci-unicorn']['port'] = 8181
|
||||
default['gitlab']['ci-unicorn']['socket'] = '/var/opt/gitlab/gitlab-ci/sockets/gitlab.socket'
|
||||
default['gitlab']['ci-unicorn']['pidfile'] = '/opt/gitlab/var/ci-unicorn/unicorn.pid'
|
||||
|
||||
####
|
||||
# CI Sidekiq
|
||||
####
|
||||
default['gitlab']['ci-sidekiq'] = default['gitlab']['sidekiq'].dup
|
||||
default['gitlab']['ci-sidekiq']['enable'] = false
|
||||
default['gitlab']['ci-sidekiq']['log_directory'] = "/var/log/gitlab/ci-sidekiq"
|
||||
|
||||
####
|
||||
# CI Redis
|
||||
####
|
||||
default['gitlab']['ci-redis'] = default['gitlab']['redis'].dup
|
||||
default['gitlab']['ci-redis']['enable'] = false
|
||||
default['gitlab']['ci-redis']['dir'] = "/var/opt/gitlab/ci-redis"
|
||||
default['gitlab']['ci-redis']['log_directory'] = "/var/log/gitlab/ci-redis"
|
||||
default['gitlab']['ci-redis']['unixsocket'] = "/var/opt/gitlab/ci-redis/redis.socket"
|
||||
|
||||
####
|
||||
# CI NGINX
|
||||
####
|
||||
default['gitlab']['ci-nginx'] = default['gitlab']['nginx'].dup
|
||||
default['gitlab']['ci-nginx']['enable'] = false
|
||||
|
|
|
@ -0,0 +1,47 @@
|
|||
#
|
||||
# Copyright:: Copyright (c) 2014 GitLab B.V.
|
||||
# License:: Apache License, Version 2.0
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
define :env_dir, :variables => Hash.new, :restarts => [] do
|
||||
env_dir = params[:name]
|
||||
|
||||
directory env_dir do
|
||||
recursive true
|
||||
end
|
||||
|
||||
restarts = params[:restarts]
|
||||
|
||||
params[:variables].each do |key, value|
|
||||
file File.join(env_dir, key) do
|
||||
content value
|
||||
restarts.each do |svc|
|
||||
notifies :restart, svc
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
if File.directory?(env_dir)
|
||||
deleted_env_vars = Dir.entries(env_dir) - params[:variables].keys - %w{. ..}
|
||||
deleted_env_vars.each do |deleted_var|
|
||||
file File.join(env_dir, deleted_var) do
|
||||
action :delete
|
||||
restarts.each do |svc|
|
||||
notifies :restart, svc
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,30 @@
|
|||
#
|
||||
# Copyright:: Copyright (c) 2014 GitLab B.V.
|
||||
# License:: Apache License, Version 2.0
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
define :migrate_database, :command => nil, :action => :run do
|
||||
bash "migrate #{params[:name]} database" do
|
||||
code <<-EOH
|
||||
set -e
|
||||
log_file="/tmp/#{params[:name]}-db-migrate-$(date +%s)-$$/output.log"
|
||||
umask 077
|
||||
mkdir $(dirname ${log_file})
|
||||
#{params[:command]} 2>& 1 | tee ${log_file}
|
||||
exit ${PIPESTATUS[0]}
|
||||
EOH
|
||||
action params[:action]
|
||||
end
|
||||
end
|
|
@ -0,0 +1,74 @@
|
|||
#
|
||||
# Copyright:: Copyright (c) 2014 GitLab B.V.
|
||||
# License:: Apache License, Version 2.0
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
define :redis_service, :socket_group => nil do
|
||||
svc = params[:name]
|
||||
|
||||
redis_dir = node['gitlab'][svc]['dir']
|
||||
redis_log_dir = node['gitlab'][svc]['log_directory']
|
||||
redis_user = node['gitlab']['redis']['username']
|
||||
|
||||
group redis_user do
|
||||
gid node['gitlab']['redis']['gid']
|
||||
system true
|
||||
end
|
||||
|
||||
user redis_user do
|
||||
uid node['gitlab']['redis']['uid']
|
||||
gid redis_user
|
||||
system true
|
||||
shell node['gitlab']['redis']['shell']
|
||||
home node['gitlab']['redis']['home']
|
||||
end
|
||||
|
||||
directory redis_dir do
|
||||
owner redis_user
|
||||
group params[:socket_group]
|
||||
mode "0750"
|
||||
end
|
||||
|
||||
directory redis_log_dir do
|
||||
owner redis_user
|
||||
mode "0700"
|
||||
end
|
||||
|
||||
redis_config = File.join(redis_dir, "redis.conf")
|
||||
|
||||
template redis_config do
|
||||
source "redis.conf.erb"
|
||||
owner node['gitlab']['redis']['username']
|
||||
mode "0644"
|
||||
variables(node['gitlab'][svc].to_hash)
|
||||
notifies :restart, "service[#{svc}]", :immediately if OmnibusHelper.should_notify?(svc)
|
||||
end
|
||||
|
||||
runit_service svc do
|
||||
down node['gitlab'][svc]['ha']
|
||||
template_name 'redis'
|
||||
options({
|
||||
:service => svc,
|
||||
:log_directory => redis_log_dir
|
||||
}.merge(params))
|
||||
log_options node['gitlab']['logging'].to_hash.merge(node['gitlab'][svc].to_hash)
|
||||
end
|
||||
|
||||
if node['gitlab']['bootstrap']['enable']
|
||||
execute "/opt/gitlab/bin/gitlab-ctl start #{svc}" do
|
||||
retries 20
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,48 @@
|
|||
#
|
||||
# Copyright:: Copyright (c) 2014 GitLab B.V.
|
||||
# License:: Apache License, Version 2.0
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
define :sidekiq_service, :rails_app => nil, :user => nil do
|
||||
svc = params[:name]
|
||||
user = params[:user]
|
||||
rails_app = params[:rails_app]
|
||||
|
||||
sidekiq_log_dir = node['gitlab'][svc]['log_directory']
|
||||
|
||||
directory sidekiq_log_dir do
|
||||
owner user
|
||||
mode '0700'
|
||||
recursive true
|
||||
end
|
||||
|
||||
runit_service svc do
|
||||
down node['gitlab'][svc]['ha']
|
||||
template_name 'sidekiq'
|
||||
options({
|
||||
:rails_app => rails_app,
|
||||
:user => user,
|
||||
:shutdown_timeout => node['gitlab'][svc]['shutdown_timeout'],
|
||||
:log_directory => sidekiq_log_dir
|
||||
}.merge(params))
|
||||
log_options node['gitlab']['logging'].to_hash.merge(node['gitlab'][svc].to_hash)
|
||||
end
|
||||
|
||||
if node['gitlab']['bootstrap']['enable']
|
||||
execute "/opt/gitlab/bin/gitlab-ctl start #{svc}" do
|
||||
retries 20
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,104 @@
|
|||
#
|
||||
# Copyright:: Copyright (c) 2014 GitLab B.V.
|
||||
# License:: Apache License, Version 2.0
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
define :unicorn_service, :rails_app => nil, :user => nil do
|
||||
rails_app = params[:rails_app]
|
||||
rails_home = node['gitlab'][rails_app]['dir']
|
||||
svc = params[:name]
|
||||
user = params[:user]
|
||||
|
||||
unicorn_etc_dir = File.join(rails_home, "etc")
|
||||
unicorn_working_dir = File.join(rails_home, "working")
|
||||
|
||||
unicorn_listen_socket = node['gitlab'][svc]['socket']
|
||||
unicorn_pidfile = node['gitlab'][svc]['pidfile']
|
||||
unicorn_log_dir = node['gitlab'][svc]['log_directory']
|
||||
unicorn_socket_dir = File.dirname(unicorn_listen_socket)
|
||||
|
||||
[
|
||||
unicorn_log_dir,
|
||||
File.dirname(unicorn_pidfile)
|
||||
].each do |dir_name|
|
||||
directory dir_name do
|
||||
owner user
|
||||
mode '0700'
|
||||
recursive true
|
||||
end
|
||||
end
|
||||
|
||||
directory unicorn_socket_dir do
|
||||
owner user
|
||||
group node['gitlab']['web-server']['group']
|
||||
mode '0750'
|
||||
recursive true
|
||||
end
|
||||
|
||||
unicorn_listen_tcp = [node['gitlab'][svc]['listen'], node['gitlab'][svc]['port']].join(':')
|
||||
|
||||
unicorn_rb = File.join(unicorn_etc_dir, "unicorn.rb")
|
||||
unicorn_config unicorn_rb do
|
||||
listen(
|
||||
unicorn_listen_tcp => {
|
||||
:tcp_nopush => node['gitlab'][svc]['tcp_nopush']
|
||||
},
|
||||
unicorn_listen_socket => {
|
||||
:backlog => node['gitlab'][svc]['backlog_socket'],
|
||||
}
|
||||
)
|
||||
worker_timeout node['gitlab'][svc]['worker_timeout']
|
||||
working_directory unicorn_working_dir
|
||||
worker_processes node['gitlab'][svc]['worker_processes']
|
||||
preload_app true
|
||||
stderr_path File.join(unicorn_log_dir, "unicorn_stderr.log")
|
||||
stdout_path File.join(unicorn_log_dir, "unicorn_stdout.log")
|
||||
pid unicorn_pidfile
|
||||
before_fork <<-'EOS'
|
||||
old_pid = "#{server.config[:pid]}.oldbin"
|
||||
if old_pid != server.pid
|
||||
begin
|
||||
sig = (worker.nr + 1) >= server.worker_processes ? :QUIT : :TTOU
|
||||
Process.kill(sig, File.read(old_pid).to_i)
|
||||
rescue Errno::ENOENT, Errno::ESRCH
|
||||
end
|
||||
end
|
||||
EOS
|
||||
owner "root"
|
||||
group "root"
|
||||
mode "0644"
|
||||
notifies :restart, "service[#{svc}]" if OmnibusHelper.should_notify?(svc)
|
||||
end
|
||||
|
||||
runit_service svc do
|
||||
down node['gitlab'][svc]['ha']
|
||||
restart_command 2 # Restart Unicorn using SIGUSR2
|
||||
template_name 'unicorn'
|
||||
options({
|
||||
:service => svc,
|
||||
:user => user,
|
||||
:rails_app => rails_app,
|
||||
:unicorn_rb => unicorn_rb,
|
||||
:log_directory => unicorn_log_dir
|
||||
}.merge(params))
|
||||
log_options node['gitlab']['logging'].to_hash.merge(node['gitlab'][svc].to_hash)
|
||||
end
|
||||
|
||||
if node['gitlab']['bootstrap']['enable']
|
||||
execute "/opt/gitlab/bin/gitlab-ctl start #{svc}" do
|
||||
retries 20
|
||||
end
|
||||
end
|
||||
end
|
|
@ -38,11 +38,16 @@ module Gitlab
|
|||
user Mash.new
|
||||
postgresql Mash.new
|
||||
redis Mash.new
|
||||
ci_redis Mash.new
|
||||
gitlab_rails Mash.new
|
||||
gitlab_ci Mash.new
|
||||
gitlab_shell Mash.new
|
||||
unicorn Mash.new
|
||||
ci_unicorn Mash.new
|
||||
sidekiq Mash.new
|
||||
ci_sidekiq Mash.new
|
||||
nginx Mash.new
|
||||
ci_nginx Mash.new
|
||||
logging Mash.new
|
||||
remote_syslog Mash.new
|
||||
logrotate Mash.new
|
||||
|
@ -50,6 +55,7 @@ module Gitlab
|
|||
web_server Mash.new
|
||||
node nil
|
||||
external_url nil
|
||||
ci_external_url nil
|
||||
git_data_dir nil
|
||||
|
||||
class << self
|
||||
|
@ -71,6 +77,7 @@ module Gitlab
|
|||
end
|
||||
|
||||
Gitlab['gitlab_rails']['secret_token'] ||= generate_hex(64)
|
||||
Gitlab['gitlab_ci']['secret_token'] ||= generate_hex(64)
|
||||
|
||||
if File.directory?("/etc/gitlab")
|
||||
File.open("/etc/gitlab/gitlab-secrets.json", "w") do |f|
|
||||
|
@ -78,6 +85,9 @@ module Gitlab
|
|||
Chef::JSONCompat.to_json_pretty({
|
||||
'gitlab_rails' => {
|
||||
'secret_token' => Gitlab['gitlab_rails']['secret_token'],
|
||||
},
|
||||
'gitlab_ci' => {
|
||||
'secret_token' => Gitlab['gitlab_ci']['secret_token'],
|
||||
}
|
||||
})
|
||||
)
|
||||
|
@ -137,7 +147,7 @@ module Gitlab
|
|||
Gitlab['logging']['svlogd_udp'] ||= logging['udp_log_shipping_host']
|
||||
end
|
||||
|
||||
%w{redis nginx sidekiq unicorn postgresql remote-syslog}.each do |runit_sv|
|
||||
%w{redis ci-redis nginx sidekiq ci-sidekiq unicorn ci-unicorn postgresql remote-syslog}.each do |runit_sv|
|
||||
Gitlab[runit_sv.gsub('-', '_')]['svlogd_prefix'] ||= "#{node['hostname']} #{runit_sv}: "
|
||||
end
|
||||
end
|
||||
|
@ -150,6 +160,16 @@ module Gitlab
|
|||
# domain socket.
|
||||
Gitlab['gitlab_rails']['redis_port'] ||= 6379
|
||||
end
|
||||
|
||||
if gitlab_ci['redis_host']
|
||||
Gitlab['gitlab_ci']['redis_port'] ||= 6379
|
||||
end
|
||||
|
||||
if gitlab_rails['redis_host'] &&
|
||||
gitlab_rails.values_at('redis_host', 'redis_port') == gitlab_ci.values_at('redis_host', 'redis_port')
|
||||
Chef::Log.warn "gitlab-rails and gitlab-ci are configured to connect to "\
|
||||
"the same Redis instance. This is not recommended."
|
||||
end
|
||||
end
|
||||
|
||||
def parse_nginx_listen_address
|
||||
|
@ -161,17 +181,62 @@ module Gitlab
|
|||
nginx['listen_addresses'] = [nginx['listen_address']]
|
||||
end
|
||||
|
||||
def parse_ci_external_url
|
||||
return unless ci_external_url
|
||||
# Enable gitlab_ci. This setting will be picked up by parse_gitlab_ci
|
||||
gitlab_ci['enable'] = true if gitlab_ci['enable'].nil?
|
||||
|
||||
uri = URI(ci_external_url.to_s)
|
||||
|
||||
unless uri.host
|
||||
raise "CI external URL must include a FQDN"
|
||||
end
|
||||
Gitlab['gitlab_ci']['gitlab_ci_host'] = uri.host
|
||||
Gitlab['gitlab_ci']['gitlab_ci_email_from'] ||= "gitlab-ci@#{uri.host}"
|
||||
|
||||
case uri.scheme
|
||||
when "http"
|
||||
Gitlab['gitlab_ci']['gitlab_ci_https'] = false
|
||||
when "https"
|
||||
Gitlab['gitlab_ci']['gitlab_ci_https'] = true
|
||||
Gitlab['ci_nginx']['ssl_certificate'] ||= "/etc/gitlab/ssl/#{uri.host}.crt"
|
||||
Gitlab['ci_nginx']['ssl_certificate_key'] ||= "/etc/gitlab/ssl/#{uri.host}.key"
|
||||
else
|
||||
raise "Unsupported external URL scheme: #{uri.scheme}"
|
||||
end
|
||||
|
||||
unless ["", "/"].include?(uri.path)
|
||||
raise "Unsupported CI external URL path: #{uri.path}"
|
||||
end
|
||||
|
||||
Gitlab['gitlab_ci']['gitlab_ci_port'] = uri.port
|
||||
end
|
||||
|
||||
def parse_gitlab_ci
|
||||
return unless gitlab_ci['enable']
|
||||
|
||||
ci_unicorn['enable'] = true if ci_unicorn['enable'].nil?
|
||||
ci_sidekiq['enable'] = true if ci_sidekiq['enable'].nil?
|
||||
ci_redis['enable'] = true if ci_redis['enable'].nil?
|
||||
ci_nginx['enable'] = true if ci_nginx['enable'].nil?
|
||||
end
|
||||
|
||||
def generate_hash
|
||||
results = { "gitlab" => {} }
|
||||
[
|
||||
"bootstrap",
|
||||
"user",
|
||||
"redis",
|
||||
"ci_redis",
|
||||
"gitlab_rails",
|
||||
"gitlab_ci",
|
||||
"gitlab_shell",
|
||||
"unicorn",
|
||||
"ci_unicorn",
|
||||
"sidekiq",
|
||||
"ci_sidekiq",
|
||||
"nginx",
|
||||
"ci_nginx",
|
||||
"logging",
|
||||
"remote_syslog",
|
||||
"logrotate",
|
||||
|
@ -193,6 +258,10 @@ module Gitlab
|
|||
parse_udp_log_shipping
|
||||
parse_redis_settings
|
||||
parse_nginx_listen_address
|
||||
# Parse ci_external_url _before_ gitlab_ci settings so that the user
|
||||
# can turn on gitlab_ci by only specifying ci_external_url
|
||||
parse_ci_external_url
|
||||
parse_gitlab_ci
|
||||
# The last step is to convert underscores to hyphens in top-level keys
|
||||
generate_hash
|
||||
end
|
||||
|
|
|
@ -35,10 +35,6 @@ class PgHelper
|
|||
"| grep -x #{db_name}"])
|
||||
end
|
||||
|
||||
def sql_user_exists?
|
||||
user_exists?(node['gitlab']['postgresql']['sql_user'])
|
||||
end
|
||||
|
||||
def user_exists?(db_user)
|
||||
psql_cmd(["-d 'template1'",
|
||||
"-c 'select usename from pg_user' -A",
|
||||
|
|
|
@ -0,0 +1,21 @@
|
|||
#
|
||||
# Copyright:: Copyright (c) 2012 Opscode, Inc.
|
||||
# Copyright:: Copyright (c) 2014 GitLab B.V.
|
||||
# License:: Apache License, Version 2.0
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
redis_service 'ci-redis' do
|
||||
socket_group node['gitlab']['gitlab-ci']['username']
|
||||
end
|
|
@ -0,0 +1,21 @@
|
|||
#
|
||||
# Copyright:: Copyright (c) 2012 Opscode, Inc.
|
||||
# Copyright:: Copyright (c) 2014 GitLab B.V.
|
||||
# License:: Apache License, Version 2.0
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
runit_service "ci-redis" do
|
||||
action :disable
|
||||
end
|
|
@ -0,0 +1,22 @@
|
|||
#
|
||||
# Copyright:: Copyright (c) 2012 Opscode, Inc.
|
||||
# Copyright:: Copyright (c) 2014 GitLab B.V.
|
||||
# License:: Apache License, Version 2.0
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
sidekiq_service 'ci-sidekiq' do
|
||||
rails_app 'gitlab-ci'
|
||||
user node['gitlab']['gitlab-ci']['username']
|
||||
end
|
|
@ -0,0 +1,21 @@
|
|||
#
|
||||
# Copyright:: Copyright (c) 2012 Opscode, Inc.
|
||||
# Copyright:: Copyright (c) 2014 GitLab B.V.
|
||||
# License:: Apache License, Version 2.0
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
runit_service "ci-sidekiq" do
|
||||
action :disable
|
||||
end
|
|
@ -0,0 +1,22 @@
|
|||
#
|
||||
# Copyright:: Copyright (c) 2012 Opscode, Inc.
|
||||
# Copyright:: Copyright (c) 2014 GitLab B.V.
|
||||
# License:: Apache License, Version 2.0
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
unicorn_service 'ci-unicorn' do
|
||||
rails_app 'gitlab-ci'
|
||||
user node['gitlab']['gitlab-ci']['username']
|
||||
end
|
|
@ -0,0 +1,21 @@
|
|||
#
|
||||
# Copyright:: Copyright (c) 2012 Opscode, Inc.
|
||||
# Copyright:: Copyright (c) 2014 GitLab B.V.
|
||||
# License:: Apache License, Version 2.0
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
runit_service "ci-unicorn" do
|
||||
action :disable
|
||||
end
|
|
@ -0,0 +1,22 @@
|
|||
#
|
||||
# Copyright:: Copyright (c) 2014 GitLab B.V.
|
||||
# License:: Apache License, Version 2.0
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
cron 'gitlab-ci schedule builds' do
|
||||
minute node['gitlab']['gitlab-ci']['schedule_builds_minute']
|
||||
command '/opt/gitlab/bin/gitlab-ci-rake schedule_builds'
|
||||
action node['gitlab']['gitlab-ci']['enable'] ? :create : :delete
|
||||
end
|
|
@ -17,20 +17,23 @@
|
|||
|
||||
root_password = node['gitlab']['gitlab-rails']['root_password']
|
||||
|
||||
execute "initialize database" do
|
||||
execute "initialize gitlab-rails database" do
|
||||
command "/opt/gitlab/bin/gitlab-rake db:schema:load db:seed_fu"
|
||||
environment ({'GITLAB_ROOT_PASSWORD' => root_password }) if root_password
|
||||
action :nothing
|
||||
end
|
||||
|
||||
bash "migrate database" do
|
||||
code <<-EOH
|
||||
set -e
|
||||
log_file="/tmp/gitlab-db-migrate-$(date +%s)-$$/output.log"
|
||||
umask 077
|
||||
mkdir $(dirname ${log_file})
|
||||
/opt/gitlab/bin/gitlab-rake db:migrate 2>& 1 | tee ${log_file}
|
||||
exit ${PIPESTATUS[0]}
|
||||
EOH
|
||||
execute "initialize gitlab-ci database" do
|
||||
command "/opt/gitlab/bin/gitlab-ci-rake setup"
|
||||
action :nothing
|
||||
end
|
||||
|
||||
migrate_database 'gitlab-rails' do
|
||||
command '/opt/gitlab/bin/gitlab-rake db:migrate'
|
||||
action :nothing
|
||||
end
|
||||
|
||||
migrate_database 'gitlab-ci' do
|
||||
command '/opt/gitlab/bin/gitlab-ci-rake db:migrate'
|
||||
action :nothing
|
||||
end
|
||||
|
|
|
@ -49,13 +49,17 @@ include_recipe "gitlab::users"
|
|||
include_recipe "gitlab::web-server"
|
||||
include_recipe "gitlab::gitlab-shell"
|
||||
include_recipe "gitlab::gitlab-rails"
|
||||
include_recipe "gitlab::gitlab-ci" if node['gitlab']['gitlab-ci']['enable']
|
||||
include_recipe "gitlab::selinux"
|
||||
include_recipe "gitlab::cron"
|
||||
|
||||
# Create dummy unicorn and sidekiq services to receive notifications, in case
|
||||
# the corresponding service recipe is not loaded below.
|
||||
[
|
||||
"unicorn",
|
||||
"sidekiq"
|
||||
"ci-unicorn",
|
||||
"sidekiq",
|
||||
"ci-sidekiq"
|
||||
].each do |dummy|
|
||||
service dummy do
|
||||
supports []
|
||||
|
@ -68,9 +72,12 @@ include_recipe "runit"
|
|||
# Configure Services
|
||||
[
|
||||
"redis",
|
||||
"ci-redis",
|
||||
"postgresql", # Postgresql depends on Redis because of `rake db:seed_fu`
|
||||
"unicorn",
|
||||
"ci-unicorn",
|
||||
"sidekiq",
|
||||
"ci-sidekiq",
|
||||
"nginx",
|
||||
"remote-syslog",
|
||||
"logrotate",
|
||||
|
|
|
@ -0,0 +1,197 @@
|
|||
#
|
||||
# Copyright:: Copyright (c) 2012 Opscode, Inc.
|
||||
# Copyright:: Copyright (c) 2014 GitLab B.V.
|
||||
# License:: Apache License, Version 2.0
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
gitlab_ci_source_dir = "/opt/gitlab/embedded/service/gitlab-ci"
|
||||
gitlab_ci_dir = node['gitlab']['gitlab-ci']['dir']
|
||||
gitlab_ci_home_dir = File.join(gitlab_ci_dir, "home")
|
||||
gitlab_ci_etc_dir = File.join(gitlab_ci_dir, "etc")
|
||||
gitlab_ci_static_etc_dir = "/opt/gitlab/etc/gitlab-ci"
|
||||
gitlab_ci_working_dir = File.join(gitlab_ci_dir, "working")
|
||||
gitlab_ci_tmp_dir = File.join(gitlab_ci_dir, "tmp")
|
||||
gitlab_ci_log_dir = node['gitlab']['gitlab-ci']['log_directory']
|
||||
|
||||
gitlab_ci_user = node['gitlab']['gitlab-ci']['username']
|
||||
|
||||
group gitlab_ci_user do
|
||||
gid node['gitlab']['gitlab-ci']['gid']
|
||||
system true
|
||||
end
|
||||
|
||||
user gitlab_ci_user do
|
||||
uid node['gitlab']['gitlab-ci']['uid']
|
||||
gid gitlab_ci_user
|
||||
system true
|
||||
shell node['gitlab']['gitlab-ci']['shell']
|
||||
home gitlab_ci_home_dir
|
||||
end
|
||||
|
||||
[
|
||||
gitlab_ci_etc_dir,
|
||||
gitlab_ci_static_etc_dir,
|
||||
gitlab_ci_home_dir,
|
||||
gitlab_ci_working_dir,
|
||||
gitlab_ci_tmp_dir,
|
||||
gitlab_ci_log_dir
|
||||
].compact.each do |dir_name|
|
||||
directory dir_name do
|
||||
owner gitlab_ci_user
|
||||
mode '0700'
|
||||
recursive true
|
||||
end
|
||||
end
|
||||
|
||||
directory gitlab_ci_dir do
|
||||
owner gitlab_ci_user
|
||||
mode '0755'
|
||||
recursive true
|
||||
end
|
||||
|
||||
template File.join(gitlab_ci_static_etc_dir, "gitlab-ci-rc")
|
||||
|
||||
dependent_services = []
|
||||
dependent_services << "service[ci-unicorn]" if OmnibusHelper.should_notify?("ci-unicorn")
|
||||
dependent_services << "service[ci-sidekiq]" if OmnibusHelper.should_notify?("ci-sidekiq")
|
||||
|
||||
redis_not_listening = OmnibusHelper.not_listening?("redis")
|
||||
postgresql_not_listening = OmnibusHelper.not_listening?("postgresql")
|
||||
|
||||
template_symlink File.join(gitlab_ci_etc_dir, "secret") do
|
||||
link_from File.join(gitlab_ci_source_dir, ".secret")
|
||||
source "secret_token.erb"
|
||||
owner "root"
|
||||
group "root"
|
||||
mode "0644"
|
||||
variables(node['gitlab']['gitlab-ci'].to_hash)
|
||||
restarts dependent_services
|
||||
end
|
||||
|
||||
database_attributes = node['gitlab']['gitlab-ci'].to_hash
|
||||
if node['gitlab']['postgresql']['enable']
|
||||
database_attributes.merge!(
|
||||
:db_adapter => "postgresql",
|
||||
:db_username => node['gitlab']['postgresql']['sql_ci_user'],
|
||||
:db_host => node['gitlab']['postgresql']['listen_address'],
|
||||
:db_port => node['gitlab']['postgresql']['port']
|
||||
)
|
||||
end
|
||||
|
||||
template_symlink File.join(gitlab_ci_etc_dir, "database.yml") do
|
||||
link_from File.join(gitlab_ci_source_dir, "config/database.yml")
|
||||
source "database.yml.erb"
|
||||
owner "root"
|
||||
group "root"
|
||||
mode "0644"
|
||||
variables database_attributes
|
||||
helpers SingleQuoteHelper
|
||||
restarts dependent_services
|
||||
end
|
||||
|
||||
if node['gitlab']['gitlab-ci']['redis_port']
|
||||
redis_url = "redis://#{node['gitlab']['gitlab-ci']['redis_host']}:#{node['gitlab']['gitlab-ci']['redis_port']}"
|
||||
else
|
||||
redis_url = "unix:#{node['gitlab']['gitlab-ci']['redis_socket']}"
|
||||
end
|
||||
|
||||
template_symlink File.join(gitlab_ci_etc_dir, "resque.yml") do
|
||||
link_from File.join(gitlab_ci_source_dir, "config/resque.yml")
|
||||
source "resque.yml.erb"
|
||||
owner "root"
|
||||
group "root"
|
||||
mode "0644"
|
||||
variables(:redis_url => redis_url)
|
||||
restarts dependent_services
|
||||
end
|
||||
|
||||
template_symlink File.join(gitlab_ci_etc_dir, "smtp_settings.rb") do
|
||||
link_from File.join(gitlab_ci_source_dir, "config/initializers/smtp_settings.rb")
|
||||
owner "root"
|
||||
group "root"
|
||||
mode "0644"
|
||||
variables(node['gitlab']['gitlab-ci'].to_hash)
|
||||
restarts dependent_services
|
||||
|
||||
unless node['gitlab']['gitlab-ci']['smtp_enable']
|
||||
action :delete
|
||||
end
|
||||
end
|
||||
|
||||
unicorn_url = "http://#{node['gitlab']['unicorn']['listen']}:#{node['gitlab']['unicorn']['port']}"
|
||||
gitlab_server_urls = node['gitlab']['gitlab-ci']['gitlab_server_urls'] || [unicorn_url]
|
||||
|
||||
template_symlink File.join(gitlab_ci_etc_dir, "application.yml") do
|
||||
link_from File.join(gitlab_ci_source_dir, "config/application.yml")
|
||||
source "application.yml.erb"
|
||||
helpers SingleQuoteHelper
|
||||
owner "root"
|
||||
group "root"
|
||||
mode "0644"
|
||||
variables(
|
||||
node['gitlab']['gitlab-ci'].to_hash.merge(
|
||||
:gitlab_server_urls => gitlab_server_urls
|
||||
)
|
||||
)
|
||||
restarts dependent_services
|
||||
unless redis_not_listening
|
||||
notifies :run, 'execute[clear the gitlab-ci cache]'
|
||||
end
|
||||
end
|
||||
|
||||
env_dir File.join(gitlab_ci_static_etc_dir, 'env') do
|
||||
variables(
|
||||
{
|
||||
'HOME' => gitlab_ci_home_dir,
|
||||
'RAILS_ENV' => node['gitlab']['gitlab-ci']['environment'],
|
||||
}.merge(node['gitlab']['gitlab-ci']['env'])
|
||||
)
|
||||
restarts dependent_services
|
||||
end
|
||||
|
||||
# replace empty directories in the Git repo with symlinks to /var/opt/gitlab
|
||||
{
|
||||
"/opt/gitlab/embedded/service/gitlab-ci/tmp" => gitlab_ci_tmp_dir,
|
||||
"/opt/gitlab/embedded/service/gitlab-ci/log" => gitlab_ci_log_dir
|
||||
}.each do |link_dir, target_dir|
|
||||
link link_dir do
|
||||
to target_dir
|
||||
end
|
||||
end
|
||||
|
||||
# Create tmp/cache to make 'rake cache:clear' work
|
||||
directory File.join(gitlab_ci_tmp_dir, 'cache') do
|
||||
user gitlab_ci_user
|
||||
end
|
||||
|
||||
# Make schema.rb writable for when we run `rake db:migrate`
|
||||
file "/opt/gitlab/embedded/service/gitlab-ci/db/schema.rb" do
|
||||
owner gitlab_ci_user
|
||||
end
|
||||
|
||||
# Only run `rake db:migrate` when the gitlab-ci version has changed
|
||||
remote_file File.join(gitlab_ci_dir, 'VERSION') do
|
||||
source "file:///opt/gitlab/embedded/service/gitlab-ci/VERSION"
|
||||
notifies :run, 'bash[migrate gitlab-ci database]' unless postgresql_not_listening
|
||||
notifies :run, 'execute[clear the gitlab-ci cache]' unless redis_not_listening
|
||||
dependent_services.each do |sv|
|
||||
notifies :restart, sv
|
||||
end
|
||||
end
|
||||
|
||||
execute "clear the gitlab-ci cache" do
|
||||
command "/opt/gitlab/bin/gitlab-ci-rake cache:clear"
|
||||
action :nothing
|
||||
end
|
|
@ -19,7 +19,7 @@
|
|||
gitlab_rails_source_dir = "/opt/gitlab/embedded/service/gitlab-rails"
|
||||
gitlab_rails_dir = node['gitlab']['gitlab-rails']['dir']
|
||||
gitlab_rails_etc_dir = File.join(gitlab_rails_dir, "etc")
|
||||
gitlab_rails_env_dir = "/opt/gitlab/etc/gitlab-rails/env"
|
||||
gitlab_rails_static_etc_dir = "/opt/gitlab/etc/gitlab-rails"
|
||||
gitlab_rails_working_dir = File.join(gitlab_rails_dir, "working")
|
||||
gitlab_rails_tmp_dir = File.join(gitlab_rails_dir, "tmp")
|
||||
gitlab_rails_public_uploads_dir = node['gitlab']['gitlab-rails']['uploads_directory']
|
||||
|
@ -27,6 +27,7 @@ gitlab_rails_log_dir = node['gitlab']['gitlab-rails']['log_directory']
|
|||
|
||||
[
|
||||
gitlab_rails_etc_dir,
|
||||
gitlab_rails_static_etc_dir,
|
||||
gitlab_rails_working_dir,
|
||||
gitlab_rails_tmp_dir,
|
||||
node['gitlab']['gitlab-rails']['backup_path'],
|
||||
|
@ -53,14 +54,7 @@ directory gitlab_rails_public_uploads_dir do
|
|||
recursive true
|
||||
end
|
||||
|
||||
directory gitlab_rails_env_dir do
|
||||
owner 'root' # Do not allow the git user to change its own env variables
|
||||
group node['gitlab']['user']['group']
|
||||
mode '0750'
|
||||
recursive true
|
||||
end
|
||||
|
||||
template "/opt/gitlab/etc/gitlab-rails/gitlab-rails-rc"
|
||||
template File.join(gitlab_rails_static_etc_dir, "gitlab-rails-rc")
|
||||
|
||||
dependent_services = []
|
||||
dependent_services << "service[unicorn]" if OmnibusHelper.should_notify?("unicorn")
|
||||
|
@ -75,6 +69,7 @@ template_symlink File.join(gitlab_rails_etc_dir, "secret") do
|
|||
owner "root"
|
||||
group "root"
|
||||
mode "0644"
|
||||
variables(node['gitlab']['gitlab-rails'].to_hash)
|
||||
restarts dependent_services
|
||||
end
|
||||
|
||||
|
@ -83,7 +78,6 @@ if node['gitlab']['postgresql']['enable']
|
|||
database_attributes.merge!(
|
||||
:db_adapter => "postgresql",
|
||||
:db_username => node['gitlab']['postgresql']['sql_user'],
|
||||
:db_password => node['gitlab']['postgresql']['sql_password'],
|
||||
:db_host => node['gitlab']['postgresql']['listen_address'],
|
||||
:db_port => node['gitlab']['postgresql']['port']
|
||||
)
|
||||
|
@ -173,33 +167,14 @@ directory node['gitlab']['gitlab-rails']['satellites_path'] do
|
|||
recursive true
|
||||
end
|
||||
|
||||
env_vars = {
|
||||
'HOME' => node['gitlab']['user']['home'],
|
||||
'RAILS_ENV' => node['gitlab']['gitlab-rails']['environment'],
|
||||
}.merge(node['gitlab']['gitlab-rails']['env'])
|
||||
|
||||
env_vars.each do |key, value|
|
||||
file File.join(gitlab_rails_env_dir, key) do
|
||||
owner node['gitlab']['user']['username']
|
||||
group node['gitlab']['user']['group']
|
||||
mode "0600"
|
||||
content value
|
||||
dependent_services.each do |svc|
|
||||
notifies :restart, svc
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
if File.directory?(gitlab_rails_env_dir)
|
||||
deleted_env_vars = Dir.entries(gitlab_rails_env_dir) - env_vars.keys - %w{. ..}
|
||||
deleted_env_vars.each do |deleted_var|
|
||||
file File.join(gitlab_rails_env_dir, deleted_var) do
|
||||
action :delete
|
||||
dependent_services.each do |svc|
|
||||
notifies :restart, svc
|
||||
end
|
||||
end
|
||||
end
|
||||
env_dir File.join(gitlab_rails_static_etc_dir, 'env') do
|
||||
variables(
|
||||
{
|
||||
'HOME' => node['gitlab']['user']['home'],
|
||||
'RAILS_ENV' => node['gitlab']['gitlab-rails']['environment'],
|
||||
}.merge(node['gitlab']['gitlab-rails']['env'])
|
||||
)
|
||||
restarts dependent_services
|
||||
end
|
||||
|
||||
# replace empty directories in the Git repo with symlinks to /var/opt/gitlab
|
||||
|
@ -227,7 +202,7 @@ end
|
|||
# Only run `rake db:migrate` when the gitlab-rails version has changed
|
||||
remote_file File.join(gitlab_rails_dir, 'VERSION') do
|
||||
source "file:///opt/gitlab/embedded/service/gitlab-rails/VERSION"
|
||||
notifies :run, 'bash[migrate database]' unless postgresql_not_listening
|
||||
notifies :run, 'bash[migrate gitlab-rails database]' unless postgresql_not_listening
|
||||
notifies :run, 'execute[clear the gitlab-rails cache]' unless redis_not_listening
|
||||
dependent_services.each do |sv|
|
||||
notifies :restart, sv
|
||||
|
|
|
@ -28,8 +28,8 @@ nginx_log_dir = node['gitlab']['nginx']['log_directory']
|
|||
].each do |dir_name|
|
||||
directory dir_name do
|
||||
owner 'root'
|
||||
group node['gitlab']['web-server']['group']
|
||||
mode '0750'
|
||||
group 'root'
|
||||
mode '0700'
|
||||
recursive true
|
||||
end
|
||||
end
|
||||
|
@ -59,6 +59,30 @@ template nginx_vars[:gitlab_http_config] do
|
|||
notifies :restart, 'service[nginx]' if OmnibusHelper.should_notify?("nginx")
|
||||
end
|
||||
|
||||
if node['gitlab']['ci-nginx']['enable']
|
||||
# Include the config file for gitlab-ci in nginx.conf later
|
||||
nginx_vars.merge!(
|
||||
:gitlab_ci_http_config => File.join(nginx_conf_dir, "gitlab-ci-http.conf")
|
||||
)
|
||||
|
||||
ci_nginx_vars = node['gitlab']['ci-nginx']
|
||||
template nginx_vars[:gitlab_ci_http_config] do
|
||||
source "nginx-gitlab-ci-http.conf.erb"
|
||||
owner "root"
|
||||
group "root"
|
||||
mode "0644"
|
||||
variables(ci_nginx_vars.merge(
|
||||
{
|
||||
:fqdn => node['gitlab']['gitlab-ci']['gitlab_ci_host'],
|
||||
:https => node['gitlab']['gitlab-ci']['gitlab_ci_https'],
|
||||
:socket => node['gitlab']['ci-unicorn']['socket'],
|
||||
:port => node['gitlab']['gitlab-ci']['gitlab_ci_port'],
|
||||
}
|
||||
))
|
||||
notifies :restart, 'service[nginx]' if OmnibusHelper.should_notify?("nginx")
|
||||
end
|
||||
end
|
||||
|
||||
template nginx_config do
|
||||
source "nginx.conf.erb"
|
||||
owner "root"
|
||||
|
|
|
@ -148,20 +148,26 @@ pg_helper = PgHelper.new(node)
|
|||
pg_port = node['gitlab']['postgresql']['port']
|
||||
pg_user = node['gitlab']['postgresql']['username']
|
||||
bin_dir = "/opt/gitlab/embedded/bin"
|
||||
db_name = "gitlabhq_production"
|
||||
|
||||
sql_user = node['gitlab']['postgresql']['sql_user']
|
||||
|
||||
execute "create #{sql_user} database user" do
|
||||
command "#{bin_dir}/psql --port #{pg_port} -d template1 -c \"CREATE USER #{sql_user}\""
|
||||
user pg_user
|
||||
not_if { !pg_helper.is_running? || pg_helper.sql_user_exists? }
|
||||
databases = [
|
||||
['gitlab-rails', 'gitlabhq_production', node['gitlab']['postgresql']['sql_user']]
|
||||
]
|
||||
if node['gitlab']['gitlab-ci']['enable']
|
||||
databases << ['gitlab-ci', 'gitlab_ci_production', node['gitlab']['postgresql']['sql_ci_user']]
|
||||
end
|
||||
|
||||
execute "create #{db_name} database" do
|
||||
command "#{bin_dir}/createdb --port #{pg_port} -O #{sql_user} #{db_name}"
|
||||
user pg_user
|
||||
not_if { !pg_helper.is_running? || pg_helper.database_exists?(db_name) }
|
||||
retries 30
|
||||
notifies :run, "execute[initialize database]", :immediately
|
||||
databases.each do |rails_app, db_name, sql_user|
|
||||
execute "create #{sql_user} database user" do
|
||||
command "#{bin_dir}/psql --port #{pg_port} -d template1 -c \"CREATE USER #{sql_user}\""
|
||||
user pg_user
|
||||
not_if { !pg_helper.is_running? || pg_helper.user_exists?(sql_user) }
|
||||
end
|
||||
|
||||
execute "create #{db_name} database" do
|
||||
command "#{bin_dir}/createdb --port #{pg_port} -O #{sql_user} #{db_name}"
|
||||
user pg_user
|
||||
not_if { !pg_helper.is_running? || pg_helper.database_exists?(db_name) }
|
||||
retries 30
|
||||
notifies :run, "execute[initialize #{rails_app} database]", :immediately
|
||||
end
|
||||
end
|
||||
|
|
|
@ -16,54 +16,6 @@
|
|||
# limitations under the License.
|
||||
#
|
||||
|
||||
redis_dir = node['gitlab']['redis']['dir']
|
||||
redis_log_dir = node['gitlab']['redis']['log_directory']
|
||||
redis_user = node['gitlab']['redis']['username']
|
||||
|
||||
group redis_user do
|
||||
gid node['gitlab']['redis']['gid']
|
||||
system true
|
||||
end
|
||||
|
||||
user redis_user do
|
||||
uid node['gitlab']['redis']['uid']
|
||||
gid redis_user
|
||||
system true
|
||||
shell node['gitlab']['redis']['shell']
|
||||
home node['gitlab']['redis']['home']
|
||||
end
|
||||
|
||||
directory redis_dir do
|
||||
owner redis_user
|
||||
group node['gitlab']['user']['group']
|
||||
mode "0750"
|
||||
end
|
||||
|
||||
directory redis_log_dir do
|
||||
owner redis_user
|
||||
mode "0700"
|
||||
end
|
||||
|
||||
redis_config = File.join(redis_dir, "redis.conf")
|
||||
|
||||
template redis_config do
|
||||
source "redis.conf.erb"
|
||||
owner node['gitlab']['redis']['username']
|
||||
mode "0644"
|
||||
variables(node['gitlab']['redis'].to_hash)
|
||||
notifies :restart, 'service[redis]', :immediately if OmnibusHelper.should_notify?("redis")
|
||||
end
|
||||
|
||||
runit_service "redis" do
|
||||
down node['gitlab']['redis']['ha']
|
||||
options({
|
||||
:log_directory => redis_log_dir
|
||||
}.merge(params))
|
||||
log_options node['gitlab']['logging'].to_hash.merge(node['gitlab']['redis'].to_hash)
|
||||
end
|
||||
|
||||
if node['gitlab']['bootstrap']['enable']
|
||||
execute "/opt/gitlab/bin/gitlab-ctl start redis" do
|
||||
retries 20
|
||||
end
|
||||
redis_service 'redis' do
|
||||
socket_group node['gitlab']['user']['group']
|
||||
end
|
||||
|
|
|
@ -16,24 +16,7 @@
|
|||
# limitations under the License.
|
||||
#
|
||||
|
||||
sidekiq_log_dir = node['gitlab']['sidekiq']['log_directory']
|
||||
|
||||
directory sidekiq_log_dir do
|
||||
owner node['gitlab']['user']['username']
|
||||
mode '0700'
|
||||
recursive true
|
||||
end
|
||||
|
||||
runit_service "sidekiq" do
|
||||
down node['gitlab']['sidekiq']['ha']
|
||||
options({
|
||||
:log_directory => sidekiq_log_dir
|
||||
}.merge(params))
|
||||
log_options node['gitlab']['logging'].to_hash.merge(node['gitlab']['sidekiq'].to_hash)
|
||||
end
|
||||
|
||||
if node['gitlab']['bootstrap']['enable']
|
||||
execute "/opt/gitlab/bin/gitlab-ctl start sidekiq" do
|
||||
retries 20
|
||||
end
|
||||
sidekiq_service 'sidekiq' do
|
||||
rails_app 'gitlab-rails'
|
||||
user node['gitlab']['user']['username']
|
||||
end
|
||||
|
|
|
@ -16,79 +16,7 @@
|
|||
# limitations under the License.
|
||||
#
|
||||
|
||||
gitlab_rails_dir = node['gitlab']['gitlab-rails']['dir']
|
||||
gitlab_rails_etc_dir = File.join(gitlab_rails_dir, "etc")
|
||||
gitlab_rails_working_dir = File.join(gitlab_rails_dir, "working")
|
||||
|
||||
unicorn_listen_socket = node['gitlab']['unicorn']['socket']
|
||||
unicorn_pidfile = node['gitlab']['unicorn']['pidfile']
|
||||
unicorn_log_dir = node['gitlab']['unicorn']['log_directory']
|
||||
unicorn_socket_dir = File.dirname(unicorn_listen_socket)
|
||||
|
||||
[
|
||||
unicorn_log_dir,
|
||||
File.dirname(unicorn_pidfile)
|
||||
].each do |dir_name|
|
||||
directory dir_name do
|
||||
owner node['gitlab']['user']['username']
|
||||
mode '0700'
|
||||
recursive true
|
||||
end
|
||||
end
|
||||
|
||||
directory unicorn_socket_dir do
|
||||
owner node['gitlab']['user']['username']
|
||||
group node['gitlab']['web-server']['group']
|
||||
mode '0750'
|
||||
recursive true
|
||||
end
|
||||
|
||||
unicorn_listen_tcp = node['gitlab']['unicorn']['listen']
|
||||
unicorn_listen_tcp << ":#{node['gitlab']['unicorn']['port']}"
|
||||
|
||||
unicorn_config File.join(gitlab_rails_etc_dir, "unicorn.rb") do
|
||||
listen(
|
||||
unicorn_listen_tcp => {
|
||||
:tcp_nopush => node['gitlab']['unicorn']['tcp_nopush']
|
||||
},
|
||||
unicorn_listen_socket => {
|
||||
:backlog => node['gitlab']['unicorn']['backlog_socket'],
|
||||
}
|
||||
)
|
||||
worker_timeout node['gitlab']['unicorn']['worker_timeout']
|
||||
working_directory gitlab_rails_working_dir
|
||||
worker_processes node['gitlab']['unicorn']['worker_processes']
|
||||
preload_app true
|
||||
stderr_path File.join(unicorn_log_dir, "unicorn_stderr.log")
|
||||
stdout_path File.join(unicorn_log_dir, "unicorn_stdout.log")
|
||||
pid unicorn_pidfile
|
||||
before_fork <<-'EOS'
|
||||
old_pid = "#{server.config[:pid]}.oldbin"
|
||||
if old_pid != server.pid
|
||||
begin
|
||||
sig = (worker.nr + 1) >= server.worker_processes ? :QUIT : :TTOU
|
||||
Process.kill(sig, File.read(old_pid).to_i)
|
||||
rescue Errno::ENOENT, Errno::ESRCH
|
||||
end
|
||||
end
|
||||
EOS
|
||||
owner "root"
|
||||
group "root"
|
||||
mode "0644"
|
||||
notifies :restart, 'service[unicorn]' if OmnibusHelper.should_notify?("unicorn")
|
||||
end
|
||||
|
||||
runit_service "unicorn" do
|
||||
down node['gitlab']['unicorn']['ha']
|
||||
restart_command 2 # Restart Unicorn using SIGUSR2
|
||||
options({
|
||||
:log_directory => unicorn_log_dir
|
||||
}.merge(params))
|
||||
log_options node['gitlab']['logging'].to_hash.merge(node['gitlab']['unicorn'].to_hash)
|
||||
end
|
||||
|
||||
if node['gitlab']['bootstrap']['enable']
|
||||
execute "/opt/gitlab/bin/gitlab-ctl start unicorn" do
|
||||
retries 20
|
||||
end
|
||||
unicorn_service 'unicorn' do
|
||||
rails_app 'gitlab-rails'
|
||||
user node['gitlab']['user']['username']
|
||||
end
|
||||
|
|
|
@ -0,0 +1,42 @@
|
|||
defaults: &defaults
|
||||
gitlab_server_urls:
|
||||
<%= @gitlab_server_urls.to_json %>
|
||||
|
||||
## Gitlab CI settings
|
||||
gitlab_ci:
|
||||
## Web server settings
|
||||
host: <%= @gitlab_ci_host %>
|
||||
port: <%= @gitlab_ci_port %>
|
||||
https: <%= @gitlab_ci_https %>
|
||||
|
||||
## Email settings
|
||||
# Email address used in the "From" field in mails sent by GitLab-CI
|
||||
email_from: <%= @gitlab_ci_email_from %>
|
||||
|
||||
# Email address of your support contact (default: same as email_from)
|
||||
support_email: <%= @gitlab_ci_support_email %>
|
||||
|
||||
# Default project notifications settings:
|
||||
#
|
||||
# Send emails only on broken builds (default: true)
|
||||
all_broken_builds: <%= @gitlab_ci_all_broken_builds %>
|
||||
#
|
||||
# Add committer to recipients list (default: false)
|
||||
add_committer: <%= @gitlab_ci_add_committer %>
|
||||
|
||||
gravatar:
|
||||
enabled: <%= @gravatar_enabled %>
|
||||
plain_url: <%= single_quote(@gravatar_plain_url) %>
|
||||
ssl_url: <%= single_quote(@gravatar_ssl_url) %>
|
||||
|
||||
|
||||
development:
|
||||
<<: *defaults
|
||||
|
||||
test:
|
||||
<<: *defaults
|
||||
gitlab_server_urls:
|
||||
- 'http://demo.gitlab.com/'
|
||||
|
||||
production:
|
||||
<<: *defaults
|
|
@ -0,0 +1 @@
|
|||
gitlab_ci_user='<%= node['gitlab']['gitlab-ci']['username'] %>'
|
|
@ -0,0 +1,87 @@
|
|||
# This file is managed by gitlab-ctl. Manual changes will be
|
||||
# erased! To change the contents below, edit /etc/gitlab/gitlab.rb
|
||||
# and run `sudo gitlab-ctl reconfigure`.
|
||||
|
||||
## GitLab CI
|
||||
## Maintainer: @randx
|
||||
|
||||
upstream gitlab_ci {
|
||||
server unix:<%= @socket %>;
|
||||
}
|
||||
|
||||
<% if @https && @redirect_http_to_https %>
|
||||
server {
|
||||
<% @listen_addresses.each do |listen_address| %>
|
||||
listen <%= listen_address %>:<%= @redirect_http_to_https_port %>;
|
||||
<% end %>
|
||||
server_name <%= @fqdn %>;
|
||||
server_tokens off;
|
||||
return 301 https://<%= @fqdn %>:<%= @port %>$request_uri;
|
||||
access_log <%= @log_directory %>/gitlab_access.log;
|
||||
error_log <%= @log_directory %>/gitlab_error.log;
|
||||
}
|
||||
<% end %>
|
||||
|
||||
server {
|
||||
<% @listen_addresses.each do |listen_address| %>
|
||||
listen <%= listen_address %>:<%= @port %>;
|
||||
<% end %>
|
||||
server_name <%= @fqdn %>;
|
||||
server_tokens off; # don't show the version number, a security best practice
|
||||
root /opt/gitlab/embedded/service/gitlab-ci/public;
|
||||
|
||||
<% if @https %>
|
||||
ssl on;
|
||||
ssl_certificate <%= @ssl_certificate %>;
|
||||
ssl_certificate_key <%= @ssl_certificate_key %>;
|
||||
ssl_ciphers '<%= @ssl_ciphers %>';
|
||||
ssl_prefer_server_ciphers <%= @ssl_prefer_server_ciphers %>;
|
||||
ssl_protocols <%= @ssl_protocols %>;
|
||||
ssl_session_cache <%= @ssl_session_cache %>;
|
||||
ssl_session_timeout <%= @ssl_session_timeout %>;
|
||||
add_header Strict-Transport-Security max-age=63072000;
|
||||
add_header X-Frame-Options SAMEORIGIN;
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
<% end %>
|
||||
|
||||
## Individual nginx logs for this GitLab vhost
|
||||
access_log <%= @log_directory %>/gitlab_ci_access.log;
|
||||
error_log <%= @log_directory %>/gitlab_ci_error.log;
|
||||
|
||||
location / {
|
||||
## Serve static files from defined root folder.
|
||||
## @gitlab is a named location for the upstream fallback, see below.
|
||||
try_files $uri $uri/index.html $uri.html @gitlab_ci;
|
||||
}
|
||||
|
||||
## If a file, which is not found in the root folder is requested,
|
||||
## then the proxy passes the request to the upsteam (gitlab unicorn).
|
||||
location @gitlab_ci {
|
||||
## If you use HTTPS make sure you disable gzip compression
|
||||
## to be safe against BREACH attack.
|
||||
<%= 'gzip off;' if @https %>
|
||||
|
||||
## https://github.com/gitlabhq/gitlabhq/issues/694
|
||||
## Some requests take more than 30 seconds.
|
||||
proxy_read_timeout 300;
|
||||
proxy_connect_timeout 300;
|
||||
proxy_redirect off;
|
||||
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Frame-Options SAMEORIGIN;
|
||||
|
||||
<% if @https %>
|
||||
proxy_set_header X-Forwarded-Ssl on;
|
||||
<% end %>
|
||||
proxy_pass http://gitlab_ci;
|
||||
}
|
||||
|
||||
# adjust this to match the largest build log your runners might submit,
|
||||
# set to 0 to disable limit
|
||||
client_max_body_size <%= @client_max_body_size %>;
|
||||
|
||||
<%= @custom_gitlab_ci_server_config %>
|
||||
}
|
|
@ -29,4 +29,7 @@ http {
|
|||
include /opt/gitlab/embedded/conf/mime.types;
|
||||
|
||||
include <%= @gitlab_http_config %>;
|
||||
<% if @gitlab_ci_http_config %>
|
||||
include <%= @gitlab_ci_http_config %>;
|
||||
<% end %>
|
||||
}
|
||||
|
|
|
@ -41,5 +41,6 @@
|
|||
|
||||
# MAPNAME SYSTEM-USERNAME PG-USERNAME
|
||||
gitlab <%= node['gitlab']['user']['username'] %> <%= node['gitlab']['postgresql']['sql_user'] %>
|
||||
gitlab <%= node['gitlab']['gitlab-ci']['username'] %> <%= node['gitlab']['postgresql']['sql_ci_user'] %>
|
||||
# Default to a 1-1 mapping between system usernames and Postgres usernames
|
||||
gitlab /^(.*)$ \1
|
||||
|
|
|
@ -26,7 +26,7 @@ pidfile /var/run/redis.pid
|
|||
|
||||
# Accept connections on the specified port, default is 6379.
|
||||
# If port 0 is specified Redis will not listen on a TCP socket.
|
||||
port <%= node['gitlab']['redis']['port'] %>
|
||||
port <%= @port %>
|
||||
|
||||
# By default Redis listens for connections from all the network interfaces
|
||||
# available on the server. It is possible to listen to just one or multiple
|
||||
|
@ -42,8 +42,8 @@ bind 127.0.0.1
|
|||
# incoming connections. There is no default, so Redis will not listen
|
||||
# on a unix socket when not specified.
|
||||
#
|
||||
unixsocket <%= node['gitlab']['redis']['unixsocket'] %>
|
||||
unixsocketperm <%= node['gitlab']['redis']['unixsocketperm'] %>
|
||||
unixsocket <%= @unixsocket %>
|
||||
unixsocketperm <%= @unixsocketperm %>
|
||||
|
||||
# Close the connection after a client is idle for N seconds (0 to disable)
|
||||
timeout 0
|
||||
|
@ -159,7 +159,7 @@ dbfilename dump.rdb
|
|||
# The Append Only File will also be created inside this directory.
|
||||
#
|
||||
# Note that you must specify a directory here, not a file name.
|
||||
dir <%= node['gitlab']['redis']['dir'] %>
|
||||
dir <%= @dir %>
|
||||
|
||||
################################# REPLICATION #################################
|
||||
|
||||
|
|
|
@ -1 +1 @@
|
|||
<%= node['gitlab']['gitlab-rails']['secret_token'] %>
|
||||
<%= @secret_token %>
|
||||
|
|
|
@ -2,4 +2,4 @@
|
|||
exec 2>&1
|
||||
<%= render("mount_point_check.erb") %>
|
||||
umask 077
|
||||
exec chpst -P -U <%= node['gitlab']['redis']['username'] %> -u <%= node['gitlab']['redis']['username'] %> /opt/gitlab/embedded/bin/redis-server <%= File.join(node['gitlab']['redis']['dir'], "redis.conf") %>
|
||||
exec chpst -P -U <%= node['gitlab']['redis']['username'] %> -u <%= node['gitlab']['redis']['username'] %> /opt/gitlab/embedded/bin/redis-server <%= File.join(node['gitlab'][@options[:service]]['dir'], "redis.conf") %>
|
||||
|
|
|
@ -1,7 +1,19 @@
|
|||
#!/bin/sh
|
||||
|
||||
cd <%= node['gitlab']['gitlab-rails']['dir'] %>/working
|
||||
cd <%= node['gitlab'][@options[:rails_app]]['dir'] %>/working
|
||||
|
||||
exec 2>&1
|
||||
<%= render("mount_point_check.erb") %>
|
||||
exec chpst -e /opt/gitlab/etc/gitlab-rails/env -P -U <%= node['gitlab']['user']['username'] %> -u <%= node['gitlab']['user']['username'] %> /opt/gitlab/embedded/bin/bundle exec sidekiq -q post_receive -q mailer -q system_hook -q project_web_hook -q gitlab_shell -q common -q default -e <%= node['gitlab']['gitlab-rails']['environment'] %> -r /opt/gitlab/embedded/service/gitlab-rails -t <%= node['gitlab']['sidekiq']['shutdown_timeout'] %>
|
||||
exec chpst -e /opt/gitlab/etc/<%= @options[:rails_app] %>/env -P \
|
||||
-U <%= @options[:user] %> -u <%= @options[:user] %> \
|
||||
/opt/gitlab/embedded/bin/bundle exec sidekiq \
|
||||
-q post_receive \
|
||||
-q mailer \
|
||||
-q system_hook \
|
||||
-q project_web_hook \
|
||||
-q gitlab_shell \
|
||||
-q common \
|
||||
-q default \
|
||||
-e <%= node['gitlab'][@options[:rails_app]]['environment'] %> \
|
||||
-r /opt/gitlab/embedded/service/<%= @options[:rails_app] %> \
|
||||
-t <%= @options[:shutdown_timeout] %>
|
||||
|
|
|
@ -3,14 +3,14 @@
|
|||
# Let runit capture all script error messages
|
||||
exec 2>&1
|
||||
|
||||
readonly current_pidfile=<%= node['gitlab']['unicorn']['pidfile'] %>
|
||||
readonly current_pidfile=<%= node['gitlab'][@options[:service]]['pidfile'] %>
|
||||
readonly oldbin_pidfile=${current_pidfile}.oldbin
|
||||
readonly unicorn_wait_start=1 # time in seconds
|
||||
readonly unicorn_poll_alive=1 # time in seconds
|
||||
|
||||
function main
|
||||
{
|
||||
cd /opt/gitlab/embedded/service/gitlab-rails
|
||||
cd /opt/gitlab/embedded/service/<%= @options[:rails_app] %>
|
||||
find_us_a_unicorn
|
||||
trap_signals
|
||||
wait_for_unicorn_to_exit
|
||||
|
@ -65,7 +65,12 @@ function is_unicorn
|
|||
function start_unicorn_master
|
||||
{
|
||||
<%= render("mount_point_check.erb") %>
|
||||
chpst -e /opt/gitlab/etc/gitlab-rails/env -P -U <%= node['gitlab']['user']['username'] %> -u <%= node['gitlab']['user']['username'] %> /opt/gitlab/embedded/bin/bundle exec unicorn -D -E <%= node['gitlab']['gitlab-rails']['environment'] %> -c <%= File.join(node['gitlab']['gitlab-rails']['dir'], "etc", "unicorn.rb") %> /opt/gitlab/embedded/service/gitlab-rails/config.ru
|
||||
chpst -e /opt/gitlab/etc/<%= @options[:rails_app] %>/env -P -U <%= @options[:user] %> -u <%= @options[:user] %> \
|
||||
/opt/gitlab/embedded/bin/bundle exec unicorn \
|
||||
-D \
|
||||
-E <%= node['gitlab'][@options[:rails_app]]['environment'] %> \
|
||||
-c <%= @options[:unicorn_rb] %> \
|
||||
/opt/gitlab/embedded/service/<%= @options[:rails_app] %>/config.ru
|
||||
}
|
||||
|
||||
function trap_signals
|
||||
|
|
|
@ -12,7 +12,7 @@ function error_exit
|
|||
exit 1
|
||||
}
|
||||
|
||||
for command in gitlab-ctl gitlab-rake gitlab-rails
|
||||
for command in gitlab-ctl gitlab-rake gitlab-rails gitlab-ci-rake gitlab-ci-rails
|
||||
do
|
||||
ln -sf /opt/gitlab/bin/$command /usr/bin || error_exit "Could not symlink $command in /usr/bin"
|
||||
done
|
||||
|
|
Loading…
Reference in New Issue