gitlab
/
omnibus-gitlab
mirror of https://gitlab.com/gitlab-org/omnibus-gitlab.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'jacobvosmaer/omnibus-gitlab-gitlab-ci'

This commit is contained in:
Marin Jankovski 2014-10-23 14:01:55 +02:00
parent 03b47c0594 dc4b410a5a
commit 3715204d86
40 changed files with 1184 additions and 226 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
README.md
View File

@ -18,6 +18,11 @@ stable branch (example shown below).
![documentation version](doc/images/omnibus-documentation-version.png)
## GitLab CI
To setup GitLab CI please see the [separate GitLab CI
documentation](doc/gitlab-ci/README.md).
## Installation
Please follow the steps on the [downloads page][downloads].

1
config/projects/gitlab.rb
View File

@ -40,6 +40,7 @@ if system("#{Config.project_root}/support/is_gitlab_ee.sh") || system("#{Config.
end
dependency "logrotate"
dependency "runit"
dependency "gitlab-ci"
dependency "gitlab-rails"
dependency "gitlab-shell"
dependency "gitlab-ctl"

77
config/software/gitlab-ci.rb Normal file
View File

@ -0,0 +1,77 @@
#
# Copyright:: Copyright (c) 2014 GitLab B.V.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
name "gitlab-ci"
default_version "96906f2bceb04c7323f8514aa5ad8cb1313e2898" # 5.1.0.rc1
EE = system("#{Config.project_root}/support/is_gitlab_ee.sh")
dependency "ruby"
dependency "bundler"
dependency "rsync"
dependency "postgresql"
dependency "mysql-client" if EE
source :git => "https://gitlab.com/gitlab-org/gitlab-ci.git"
build do
env = with_standard_compiler_flags(with_embedded_path)
bundle_without = %w{development test}
bundle_without << "mysql" unless EE
bundle "install --without #{bundle_without.join(" ")} --path=#{install_dir}/embedded/service/gem", :env => env
# Record the current Git revision to be displayed in the app
command "git log --pretty=format:'%h' -n 1 > REVISION"
# In order to precompile the assets, we need to get to a state where rake can
# load the Rails environment.
command "cp config/application.yml.example config/application.yml"
command "cp config/database.yml.postgresql config/database.yml"
assets_precompile_env = {
"RAILS_ENV" => "production",
"PATH" => "#{install_dir}/embedded/bin:#{ENV['PATH']}"
}
bundle "exec rake assets:precompile", :env => assets_precompile_env
# Tear down now that the assets:precompile is done.
command "rm config/application.yml config/database.yml .secret"
# Remove directories that will be created by `gitlab-ctl reconfigure`
command "rm -rf log tmp"
# Because db/schema.rb is modified by `rake db:migrate` after installation,
# keep a copy of schema.rb around in case we need it. (I am looking at you,
# mysql-postgresql-converter.)
command "cp db/schema.rb db/schema.rb.bundled"
command "mkdir -p #{install_dir}/embedded/service/gitlab-ci"
command "#{install_dir}/embedded/bin/rsync -a --delete --exclude=.git/*** --exclude=.gitignore ./ #{install_dir}/embedded/service/gitlab-ci/"
# Create a wrapper for the rake tasks of the Rails app
erb :dest => "#{install_dir}/bin/gitlab-ci-rake",
:source => "bundle_exec_wrapper.erb",
:mode => 0755,
:vars => {:command => 'rake "$@"', :install_dir => install_dir}
# Create a wrapper for the rails command, useful for e.g. `rails console`
erb :dest => "#{install_dir}/bin/gitlab-ci-rails",
:source => "bundle_exec_wrapper.erb",
:mode => 0755,
:vars => {:command => 'rails "$@"', :install_dir => install_dir}
end

14
config/templates/gitlab-ci/bundle_exec_wrapper.erb Normal file
View File

@ -0,0 +1,14 @@
#!/bin/sh
gitlab_ci_rc='<%= install_dir %>/etc/gitlab-ci/gitlab-ci-rc'
if ! [ -f ${gitlab_ci_rc} ] ; then
echo "$0 error: could not load ${gitlab_ci_rc}" 2>& 1
echo "You can generate it with: sudo gitlab-ctl reconfigure" 2>& 1
exit 1
fi
. ${gitlab_ci_rc}
cd <%= install_dir %>/embedded/service/gitlab-ci
exec <%= install_dir %>/embedded/bin/chpst -e <%= install_dir %>/etc/gitlab-ci/env -u ${gitlab_ci_user} -U ${gitlab_ci_user} <%= install_dir %>/embedded/bin/bundle exec <%= command %>

21
doc/gitlab-ci/README.md Normal file
View File

@ -0,0 +1,21 @@
# GitLab CI
You can run a [GitLab CI](https://about.gitlab.com/gitlab-ci/) Coordinator
service on your GitLab server.
## Getting started
GitLab CI expects to run on its own virtual host. In your DNS you would then
have two entries pointing to the same machine, e.g. `gitlab.example.com` and
`ci.example.com`.
To enable GitLab CI, just tell omnibus-gitlab what the external URL for the CI
server is:
```
# in /etc/gitlab/gitlab.rb
ci_external_url 'http://ci.example.com'
```
After you run `sudo gitlab-ctl reconfigure`, your GitLab CI Coordinator should
now be reachable at `http://ci.example.com`.

96
files/gitlab-cookbooks/gitlab/attributes/default.rb
View File

@ -215,6 +215,7 @@ default['gitlab']['postgresql']['shell'] = "/bin/sh"
default['gitlab']['postgresql']['home'] = "/var/opt/gitlab/postgresql"
default['gitlab']['postgresql']['user_path'] = "/opt/gitlab/embedded/bin:/opt/gitlab/bin:$PATH"
default['gitlab']['postgresql']['sql_user'] = "gitlab"
default['gitlab']['postgresql']['sql_ci_user'] = "gitlab_ci"
default['gitlab']['postgresql']['port'] = 5432
default['gitlab']['postgresql']['listen_address'] = nil
default['gitlab']['postgresql']['max_connections'] = 200
@ -344,3 +345,98 @@ default['gitlab']['logrotate']['post_sleep'] = 3000 # wait 50 minutes after rota
# High Availability
###
default['gitlab']['high-availability']['mountpoint'] = nil
####
# GitLab CI Rails app
####
default['gitlab']['gitlab-ci']['enable'] = false
default['gitlab']['gitlab-ci']['dir'] = "/var/opt/gitlab/gitlab-ci"
default['gitlab']['gitlab-ci']['log_directory'] = "/var/log/gitlab/gitlab-ci"
default['gitlab']['gitlab-ci']['environment'] = 'production'
default['gitlab']['gitlab-ci']['env'] = {
'BUNDLE_GEMFILE' => "/opt/gitlab/embedded/service/gitlab-ci/Gemfile",
'PATH' => "/opt/gitlab/bin:/opt/gitlab/embedded/bin:/bin:/usr/bin"
}
default['gitlab']['gitlab-ci']['schedule_builds_minute'] = "0"
default['gitlab']['gitlab-ci']['username'] = "gitlab-ci"
default['gitlab']['gitlab-ci']['uid'] = nil
default['gitlab']['gitlab-ci']['gid'] = nil
default['gitlab']['gitlab-ci']['shell'] = "/bin/false"
# application.yml top-level settings
default['gitlab']['gitlab-ci']['gitlab_server_urls'] = nil
# application.yml, gitlab_ci section
default['gitlab']['gitlab-ci']['gitlab_ci_host'] = node['fqdn']
default['gitlab']['gitlab-ci']['gitlab_ci_port'] = 80
default['gitlab']['gitlab-ci']['gitlab_ci_https'] = false
default['gitlab']['gitlab-ci']['gitlab_ci_email_from'] = nil
default['gitlab']['gitlab-ci']['gitlab_ci_support_email'] = nil
default['gitlab']['gitlab-ci']['gitlab_ci_all_broken_builds'] = nil
default['gitlab']['gitlab-ci']['gitlab_ci_add_committer'] = nil
# application.yml, gravatar section
default['gitlab']['gitlab-ci']['gravatar_enabled'] = true
default['gitlab']['gitlab-ci']['gravatar_plain_url'] = nil
default['gitlab']['gitlab-ci']['gravatar_ssl_url'] = nil
# database.yml settings
default['gitlab']['gitlab-ci']['db_adapter'] = "postgresql"
default['gitlab']['gitlab-ci']['db_encoding'] = "unicode"
default['gitlab']['gitlab-ci']['db_database'] = "gitlab_ci_production"
default['gitlab']['gitlab-ci']['db_pool'] = 10
default['gitlab']['gitlab-ci']['db_username'] = "gitlab_ci"
default['gitlab']['gitlab-ci']['db_password'] = nil
default['gitlab']['gitlab-ci']['db_host'] = nil
default['gitlab']['gitlab-ci']['db_port'] = 5432
default['gitlab']['gitlab-ci']['db_socket'] = nil
# resque.yml settings
default['gitlab']['gitlab-ci']['redis_host'] = "127.0.0.1"
default['gitlab']['gitlab-ci']['redis_port'] = nil
default['gitlab']['gitlab-ci']['redis_socket'] = "/var/opt/gitlab/ci-redis/redis.socket"
# config/initializers/smtp_settings.rb settings
default['gitlab']['gitlab-ci']['smtp_enable'] = false
default['gitlab']['gitlab-ci']['smtp_address'] = nil
default['gitlab']['gitlab-ci']['smtp_port'] = nil
default['gitlab']['gitlab-ci']['smtp_user_name'] = nil
default['gitlab']['gitlab-ci']['smtp_password'] = nil
default['gitlab']['gitlab-ci']['smtp_domain'] = nil
default['gitlab']['gitlab-ci']['smtp_authentication'] = nil
default['gitlab']['gitlab-ci']['smtp_enable_starttls_auto'] = nil
default['gitlab']['gitlab-ci']['smtp_tls'] = nil
default['gitlab']['gitlab-ci']['smtp_openssl_verify_mode'] = nil
####
# CI Unicorn
####
default['gitlab']['ci-unicorn'] = default['gitlab']['unicorn'].dup
default['gitlab']['ci-unicorn']['enable'] = false
default['gitlab']['ci-unicorn']['log_directory'] = "/var/log/gitlab/ci-unicorn"
default['gitlab']['ci-unicorn']['port'] = 8181
default['gitlab']['ci-unicorn']['socket'] = '/var/opt/gitlab/gitlab-ci/sockets/gitlab.socket'
default['gitlab']['ci-unicorn']['pidfile'] = '/opt/gitlab/var/ci-unicorn/unicorn.pid'
####
# CI Sidekiq
####
default['gitlab']['ci-sidekiq'] = default['gitlab']['sidekiq'].dup
default['gitlab']['ci-sidekiq']['enable'] = false
default['gitlab']['ci-sidekiq']['log_directory'] = "/var/log/gitlab/ci-sidekiq"
####
# CI Redis
####
default['gitlab']['ci-redis'] = default['gitlab']['redis'].dup
default['gitlab']['ci-redis']['enable'] = false
default['gitlab']['ci-redis']['dir'] = "/var/opt/gitlab/ci-redis"
default['gitlab']['ci-redis']['log_directory'] = "/var/log/gitlab/ci-redis"
default['gitlab']['ci-redis']['unixsocket'] = "/var/opt/gitlab/ci-redis/redis.socket"
####
# CI NGINX
####
default['gitlab']['ci-nginx'] = default['gitlab']['nginx'].dup
default['gitlab']['ci-nginx']['enable'] = false

47
files/gitlab-cookbooks/gitlab/definitions/env_dir.rb Normal file
View File

@ -0,0 +1,47 @@
#
# Copyright:: Copyright (c) 2014 GitLab B.V.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
define :env_dir, :variables => Hash.new, :restarts => [] do
env_dir = params[:name]
directory env_dir do
recursive true
end
restarts = params[:restarts]
params[:variables].each do |key, value|
file File.join(env_dir, key) do
content value
restarts.each do |svc|
notifies :restart, svc
end
end
end
if File.directory?(env_dir)
deleted_env_vars = Dir.entries(env_dir) - params[:variables].keys - %w{. ..}
deleted_env_vars.each do |deleted_var|
file File.join(env_dir, deleted_var) do
action :delete
restarts.each do |svc|
notifies :restart, svc
end
end
end
end
end

30
files/gitlab-cookbooks/gitlab/definitions/migrate_database.rb Normal file
View File

@ -0,0 +1,30 @@
#
# Copyright:: Copyright (c) 2014 GitLab B.V.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
define :migrate_database, :command => nil, :action => :run do
bash "migrate #{params[:name]} database" do
code <<-EOH
set -e
log_file="/tmp/#{params[:name]}-db-migrate-$(date +%s)-$$/output.log"
umask 077
mkdir $(dirname ${log_file})
#{params[:command]} 2>& 1 | tee ${log_file}
exit ${PIPESTATUS[0]}
EOH
action params[:action]
end
end

74
files/gitlab-cookbooks/gitlab/definitions/redis_service.rb Normal file
View File

@ -0,0 +1,74 @@
#
# Copyright:: Copyright (c) 2014 GitLab B.V.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
define :redis_service, :socket_group => nil do
svc = params[:name]
redis_dir = node['gitlab'][svc]['dir']
redis_log_dir = node['gitlab'][svc]['log_directory']
redis_user = node['gitlab']['redis']['username']
group redis_user do
gid node['gitlab']['redis']['gid']
system true
end
user redis_user do
uid node['gitlab']['redis']['uid']
gid redis_user
system true
shell node['gitlab']['redis']['shell']
home node['gitlab']['redis']['home']
end
directory redis_dir do
owner redis_user
group params[:socket_group]
mode "0750"
end
directory redis_log_dir do
owner redis_user
mode "0700"
end
redis_config = File.join(redis_dir, "redis.conf")
template redis_config do
source "redis.conf.erb"
owner node['gitlab']['redis']['username']
mode "0644"
variables(node['gitlab'][svc].to_hash)
notifies :restart, "service[#{svc}]", :immediately if OmnibusHelper.should_notify?(svc)
end
runit_service svc do
down node['gitlab'][svc]['ha']
template_name 'redis'
options({
:service => svc,
:log_directory => redis_log_dir
}.merge(params))
log_options node['gitlab']['logging'].to_hash.merge(node['gitlab'][svc].to_hash)
end
if node['gitlab']['bootstrap']['enable']
execute "/opt/gitlab/bin/gitlab-ctl start #{svc}" do
retries 20
end
end
end

48
files/gitlab-cookbooks/gitlab/definitions/sidekiq_service.rb Normal file
View File

@ -0,0 +1,48 @@
#
# Copyright:: Copyright (c) 2014 GitLab B.V.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
define :sidekiq_service, :rails_app => nil, :user => nil do
svc = params[:name]
user = params[:user]
rails_app = params[:rails_app]
sidekiq_log_dir = node['gitlab'][svc]['log_directory']
directory sidekiq_log_dir do
owner user
mode '0700'
recursive true
end
runit_service svc do
down node['gitlab'][svc]['ha']
template_name 'sidekiq'
options({
:rails_app => rails_app,
:user => user,
:shutdown_timeout => node['gitlab'][svc]['shutdown_timeout'],
:log_directory => sidekiq_log_dir
}.merge(params))
log_options node['gitlab']['logging'].to_hash.merge(node['gitlab'][svc].to_hash)
end
if node['gitlab']['bootstrap']['enable']
execute "/opt/gitlab/bin/gitlab-ctl start #{svc}" do
retries 20
end
end
end

104
files/gitlab-cookbooks/gitlab/definitions/unicorn_service.rb Normal file
View File

@ -0,0 +1,104 @@
#
# Copyright:: Copyright (c) 2014 GitLab B.V.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
define :unicorn_service, :rails_app => nil, :user => nil do
rails_app = params[:rails_app]
rails_home = node['gitlab'][rails_app]['dir']
svc = params[:name]
user = params[:user]
unicorn_etc_dir = File.join(rails_home, "etc")
unicorn_working_dir = File.join(rails_home, "working")
unicorn_listen_socket = node['gitlab'][svc]['socket']
unicorn_pidfile = node['gitlab'][svc]['pidfile']
unicorn_log_dir = node['gitlab'][svc]['log_directory']
unicorn_socket_dir = File.dirname(unicorn_listen_socket)
[
unicorn_log_dir,
File.dirname(unicorn_pidfile)
].each do |dir_name|
directory dir_name do
owner user
mode '0700'
recursive true
end
end
directory unicorn_socket_dir do
owner user
group node['gitlab']['web-server']['group']
mode '0750'
recursive true
end
unicorn_listen_tcp = [node['gitlab'][svc]['listen'], node['gitlab'][svc]['port']].join(':')
unicorn_rb = File.join(unicorn_etc_dir, "unicorn.rb")
unicorn_config unicorn_rb do
listen(
unicorn_listen_tcp => {
:tcp_nopush => node['gitlab'][svc]['tcp_nopush']
},
unicorn_listen_socket => {
:backlog => node['gitlab'][svc]['backlog_socket'],
}
)
worker_timeout node['gitlab'][svc]['worker_timeout']
working_directory unicorn_working_dir
worker_processes node['gitlab'][svc]['worker_processes']
preload_app true
stderr_path File.join(unicorn_log_dir, "unicorn_stderr.log")
stdout_path File.join(unicorn_log_dir, "unicorn_stdout.log")
pid unicorn_pidfile
before_fork <<-'EOS'
old_pid = "#{server.config[:pid]}.oldbin"
if old_pid != server.pid
begin
sig = (worker.nr + 1) >= server.worker_processes ? :QUIT : :TTOU
Process.kill(sig, File.read(old_pid).to_i)
rescue Errno::ENOENT, Errno::ESRCH
end
end
EOS
owner "root"
group "root"
mode "0644"
notifies :restart, "service[#{svc}]" if OmnibusHelper.should_notify?(svc)
end
runit_service svc do
down node['gitlab'][svc]['ha']
restart_command 2 # Restart Unicorn using SIGUSR2
template_name 'unicorn'
options({
:service => svc,
:user => user,
:rails_app => rails_app,
:unicorn_rb => unicorn_rb,
:log_directory => unicorn_log_dir
}.merge(params))
log_options node['gitlab']['logging'].to_hash.merge(node['gitlab'][svc].to_hash)
end
if node['gitlab']['bootstrap']['enable']
execute "/opt/gitlab/bin/gitlab-ctl start #{svc}" do
retries 20
end
end
end

71
files/gitlab-cookbooks/gitlab/libraries/gitlab.rb
View File

@ -38,11 +38,16 @@ module Gitlab
user Mash.new
postgresql Mash.new
redis Mash.new
ci_redis Mash.new
gitlab_rails Mash.new
gitlab_ci Mash.new
gitlab_shell Mash.new
unicorn Mash.new
ci_unicorn Mash.new
sidekiq Mash.new
ci_sidekiq Mash.new
nginx Mash.new
ci_nginx Mash.new
logging Mash.new
remote_syslog Mash.new
logrotate Mash.new
@ -50,6 +55,7 @@ module Gitlab
web_server Mash.new
node nil
external_url nil
ci_external_url nil
git_data_dir nil
class << self
@ -71,6 +77,7 @@ module Gitlab
end
Gitlab['gitlab_rails']['secret_token'] ||= generate_hex(64)
Gitlab['gitlab_ci']['secret_token'] ||= generate_hex(64)
if File.directory?("/etc/gitlab")
File.open("/etc/gitlab/gitlab-secrets.json", "w") do |f|
@ -78,6 +85,9 @@ module Gitlab
Chef::JSONCompat.to_json_pretty({
'gitlab_rails' => {
'secret_token' => Gitlab['gitlab_rails']['secret_token'],
},
'gitlab_ci' => {
'secret_token' => Gitlab['gitlab_ci']['secret_token'],
}
})
)
@ -137,7 +147,7 @@ module Gitlab
Gitlab['logging']['svlogd_udp'] ||= logging['udp_log_shipping_host']
end
%w{redis nginx sidekiq unicorn postgresql remote-syslog}.each do |runit_sv|
%w{redis ci-redis nginx sidekiq ci-sidekiq unicorn ci-unicorn postgresql remote-syslog}.each do |runit_sv|
Gitlab[runit_sv.gsub('-', '_')]['svlogd_prefix'] ||= "#{node['hostname']} #{runit_sv}: "
end
end
@ -150,6 +160,16 @@ module Gitlab
# domain socket.
Gitlab['gitlab_rails']['redis_port'] ||= 6379
end
if gitlab_ci['redis_host']
Gitlab['gitlab_ci']['redis_port'] ||= 6379
end
if gitlab_rails['redis_host'] &&
gitlab_rails.values_at('redis_host', 'redis_port') == gitlab_ci.values_at('redis_host', 'redis_port')
Chef::Log.warn "gitlab-rails and gitlab-ci are configured to connect to "\
"the same Redis instance. This is not recommended."
end
end
def parse_nginx_listen_address
@ -161,17 +181,62 @@ module Gitlab
nginx['listen_addresses'] = [nginx['listen_address']]
end
def parse_ci_external_url
return unless ci_external_url
# Enable gitlab_ci. This setting will be picked up by parse_gitlab_ci
gitlab_ci['enable'] = true if gitlab_ci['enable'].nil?
uri = URI(ci_external_url.to_s)
unless uri.host
raise "CI external URL must include a FQDN"
end
Gitlab['gitlab_ci']['gitlab_ci_host'] = uri.host
Gitlab['gitlab_ci']['gitlab_ci_email_from'] ||= "gitlab-ci@#{uri.host}"
case uri.scheme
when "http"
Gitlab['gitlab_ci']['gitlab_ci_https'] = false
when "https"
Gitlab['gitlab_ci']['gitlab_ci_https'] = true
Gitlab['ci_nginx']['ssl_certificate'] ||= "/etc/gitlab/ssl/#{uri.host}.crt"
Gitlab['ci_nginx']['ssl_certificate_key'] ||= "/etc/gitlab/ssl/#{uri.host}.key"
else
raise "Unsupported external URL scheme: #{uri.scheme}"
end
unless ["", "/"].include?(uri.path)
raise "Unsupported CI external URL path: #{uri.path}"
end
Gitlab['gitlab_ci']['gitlab_ci_port'] = uri.port
end
def parse_gitlab_ci
return unless gitlab_ci['enable']
ci_unicorn['enable'] = true if ci_unicorn['enable'].nil?
ci_sidekiq['enable'] = true if ci_sidekiq['enable'].nil?
ci_redis['enable'] = true if ci_redis['enable'].nil?
ci_nginx['enable'] = true if ci_nginx['enable'].nil?
end
def generate_hash
results = { "gitlab" => {} }
[
"bootstrap",
"user",
"redis",
"ci_redis",
"gitlab_rails",
"gitlab_ci",
"gitlab_shell",
"unicorn",
"ci_unicorn",
"sidekiq",
"ci_sidekiq",
"nginx",
"ci_nginx",
"logging",
"remote_syslog",
"logrotate",
@ -193,6 +258,10 @@ module Gitlab
parse_udp_log_shipping
parse_redis_settings
parse_nginx_listen_address
# Parse ci_external_url _before_ gitlab_ci settings so that the user
# can turn on gitlab_ci by only specifying ci_external_url
parse_ci_external_url
parse_gitlab_ci
# The last step is to convert underscores to hyphens in top-level keys
generate_hash
end

4
files/gitlab-cookbooks/gitlab/libraries/helper.rb
View File

@ -35,10 +35,6 @@ class PgHelper
"| grep -x #{db_name}"])
end
def sql_user_exists?
user_exists?(node['gitlab']['postgresql']['sql_user'])
end
def user_exists?(db_user)
psql_cmd(["-d 'template1'",
"-c 'select usename from pg_user' -A",

21
files/gitlab-cookbooks/gitlab/recipes/ci-redis.rb Normal file
View File

@ -0,0 +1,21 @@
#
# Copyright:: Copyright (c) 2012 Opscode, Inc.
# Copyright:: Copyright (c) 2014 GitLab B.V.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
redis_service 'ci-redis' do
socket_group node['gitlab']['gitlab-ci']['username']
end

21
files/gitlab-cookbooks/gitlab/recipes/ci-redis_disable.rb Normal file
View File

@ -0,0 +1,21 @@
#
# Copyright:: Copyright (c) 2012 Opscode, Inc.
# Copyright:: Copyright (c) 2014 GitLab B.V.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
runit_service "ci-redis" do
action :disable
end

22
files/gitlab-cookbooks/gitlab/recipes/ci-sidekiq.rb Normal file
View File

@ -0,0 +1,22 @@
#
# Copyright:: Copyright (c) 2012 Opscode, Inc.
# Copyright:: Copyright (c) 2014 GitLab B.V.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
sidekiq_service 'ci-sidekiq' do
rails_app 'gitlab-ci'
user node['gitlab']['gitlab-ci']['username']
end

21
files/gitlab-cookbooks/gitlab/recipes/ci-sidekiq_disable.rb Normal file
View File

@ -0,0 +1,21 @@
#
# Copyright:: Copyright (c) 2012 Opscode, Inc.
# Copyright:: Copyright (c) 2014 GitLab B.V.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
runit_service "ci-sidekiq" do
action :disable
end

22
files/gitlab-cookbooks/gitlab/recipes/ci-unicorn.rb Normal file
View File

@ -0,0 +1,22 @@
#
# Copyright:: Copyright (c) 2012 Opscode, Inc.
# Copyright:: Copyright (c) 2014 GitLab B.V.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
unicorn_service 'ci-unicorn' do
rails_app 'gitlab-ci'
user node['gitlab']['gitlab-ci']['username']
end

21
files/gitlab-cookbooks/gitlab/recipes/ci-unicorn_disable.rb Normal file
View File

@ -0,0 +1,21 @@
#
# Copyright:: Copyright (c) 2012 Opscode, Inc.
# Copyright:: Copyright (c) 2014 GitLab B.V.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
runit_service "ci-unicorn" do
action :disable
end

22
files/gitlab-cookbooks/gitlab/recipes/cron.rb Normal file
View File

@ -0,0 +1,22 @@
#
# Copyright:: Copyright (c) 2014 GitLab B.V.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
cron 'gitlab-ci schedule builds' do
minute node['gitlab']['gitlab-ci']['schedule_builds_minute']
command '/opt/gitlab/bin/gitlab-ci-rake schedule_builds'
action node['gitlab']['gitlab-ci']['enable'] ? :create : :delete
end

23
files/gitlab-cookbooks/gitlab/recipes/database_migrations.rb
View File

@ -17,20 +17,23 @@
root_password = node['gitlab']['gitlab-rails']['root_password']
execute "initialize database" do
execute "initialize gitlab-rails database" do
command "/opt/gitlab/bin/gitlab-rake db:schema:load db:seed_fu"
environment ({'GITLAB_ROOT_PASSWORD' => root_password }) if root_password
action :nothing
end
bash "migrate database" do
code <<-EOH
set -e
log_file="/tmp/gitlab-db-migrate-$(date +%s)-$$/output.log"
umask 077
mkdir $(dirname ${log_file})
/opt/gitlab/bin/gitlab-rake db:migrate 2>& 1 | tee ${log_file}
exit ${PIPESTATUS[0]}
EOH
execute "initialize gitlab-ci database" do
command "/opt/gitlab/bin/gitlab-ci-rake setup"
action :nothing
end
migrate_database 'gitlab-rails' do
command '/opt/gitlab/bin/gitlab-rake db:migrate'
action :nothing
end
migrate_database 'gitlab-ci' do
command '/opt/gitlab/bin/gitlab-ci-rake db:migrate'
action :nothing
end

9
files/gitlab-cookbooks/gitlab/recipes/default.rb
View File

@ -49,13 +49,17 @@ include_recipe "gitlab::users"
include_recipe "gitlab::web-server"
include_recipe "gitlab::gitlab-shell"
include_recipe "gitlab::gitlab-rails"
include_recipe "gitlab::gitlab-ci" if node['gitlab']['gitlab-ci']['enable']
include_recipe "gitlab::selinux"
include_recipe "gitlab::cron"
# Create dummy unicorn and sidekiq services to receive notifications, in case
# the corresponding service recipe is not loaded below.
[
"unicorn",
"sidekiq"
"ci-unicorn",
"sidekiq",
"ci-sidekiq"
].each do |dummy|
service dummy do
supports []
@ -68,9 +72,12 @@ include_recipe "runit"
# Configure Services
[
"redis",
"ci-redis",
"postgresql", # Postgresql depends on Redis because of `rake db:seed_fu`
"unicorn",
"ci-unicorn",
"sidekiq",
"ci-sidekiq",
"nginx",
"remote-syslog",
"logrotate",

197
files/gitlab-cookbooks/gitlab/recipes/gitlab-ci.rb Normal file
View File

@ -0,0 +1,197 @@
#
# Copyright:: Copyright (c) 2012 Opscode, Inc.
# Copyright:: Copyright (c) 2014 GitLab B.V.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
gitlab_ci_source_dir = "/opt/gitlab/embedded/service/gitlab-ci"
gitlab_ci_dir = node['gitlab']['gitlab-ci']['dir']
gitlab_ci_home_dir = File.join(gitlab_ci_dir, "home")
gitlab_ci_etc_dir = File.join(gitlab_ci_dir, "etc")
gitlab_ci_static_etc_dir = "/opt/gitlab/etc/gitlab-ci"
gitlab_ci_working_dir = File.join(gitlab_ci_dir, "working")
gitlab_ci_tmp_dir = File.join(gitlab_ci_dir, "tmp")
gitlab_ci_log_dir = node['gitlab']['gitlab-ci']['log_directory']
gitlab_ci_user = node['gitlab']['gitlab-ci']['username']
group gitlab_ci_user do
gid node['gitlab']['gitlab-ci']['gid']
system true
end
user gitlab_ci_user do
uid node['gitlab']['gitlab-ci']['uid']
gid gitlab_ci_user
system true
shell node['gitlab']['gitlab-ci']['shell']
home gitlab_ci_home_dir
end
[
gitlab_ci_etc_dir,
gitlab_ci_static_etc_dir,
gitlab_ci_home_dir,
gitlab_ci_working_dir,
gitlab_ci_tmp_dir,
gitlab_ci_log_dir
].compact.each do |dir_name|
directory dir_name do
owner gitlab_ci_user
mode '0700'
recursive true
end
end
directory gitlab_ci_dir do
owner gitlab_ci_user
mode '0755'
recursive true
end
template File.join(gitlab_ci_static_etc_dir, "gitlab-ci-rc")
dependent_services = []
dependent_services << "service[ci-unicorn]" if OmnibusHelper.should_notify?("ci-unicorn")
dependent_services << "service[ci-sidekiq]" if OmnibusHelper.should_notify?("ci-sidekiq")
redis_not_listening = OmnibusHelper.not_listening?("redis")
postgresql_not_listening = OmnibusHelper.not_listening?("postgresql")
template_symlink File.join(gitlab_ci_etc_dir, "secret") do
link_from File.join(gitlab_ci_source_dir, ".secret")
source "secret_token.erb"
owner "root"
group "root"
mode "0644"
variables(node['gitlab']['gitlab-ci'].to_hash)
restarts dependent_services
end
database_attributes = node['gitlab']['gitlab-ci'].to_hash
if node['gitlab']['postgresql']['enable']
database_attributes.merge!(
:db_adapter => "postgresql",
:db_username => node['gitlab']['postgresql']['sql_ci_user'],
:db_host => node['gitlab']['postgresql']['listen_address'],
:db_port => node['gitlab']['postgresql']['port']
)
end
template_symlink File.join(gitlab_ci_etc_dir, "database.yml") do
link_from File.join(gitlab_ci_source_dir, "config/database.yml")
source "database.yml.erb"
owner "root"
group "root"
mode "0644"
variables database_attributes
helpers SingleQuoteHelper
restarts dependent_services
end
if node['gitlab']['gitlab-ci']['redis_port']
redis_url = "redis://#{node['gitlab']['gitlab-ci']['redis_host']}:#{node['gitlab']['gitlab-ci']['redis_port']}"
else
redis_url = "unix:#{node['gitlab']['gitlab-ci']['redis_socket']}"
end
template_symlink File.join(gitlab_ci_etc_dir, "resque.yml") do
link_from File.join(gitlab_ci_source_dir, "config/resque.yml")
source "resque.yml.erb"
owner "root"
group "root"
mode "0644"
variables(:redis_url => redis_url)
restarts dependent_services
end
template_symlink File.join(gitlab_ci_etc_dir, "smtp_settings.rb") do
link_from File.join(gitlab_ci_source_dir, "config/initializers/smtp_settings.rb")
owner "root"
group "root"
mode "0644"
variables(node['gitlab']['gitlab-ci'].to_hash)
restarts dependent_services
unless node['gitlab']['gitlab-ci']['smtp_enable']
action :delete
end
end
unicorn_url = "http://#{node['gitlab']['unicorn']['listen']}:#{node['gitlab']['unicorn']['port']}"
gitlab_server_urls = node['gitlab']['gitlab-ci']['gitlab_server_urls'] || [unicorn_url]
template_symlink File.join(gitlab_ci_etc_dir, "application.yml") do
link_from File.join(gitlab_ci_source_dir, "config/application.yml")
source "application.yml.erb"
helpers SingleQuoteHelper
owner "root"
group "root"
mode "0644"
variables(
node['gitlab']['gitlab-ci'].to_hash.merge(
:gitlab_server_urls => gitlab_server_urls
)
)
restarts dependent_services
unless redis_not_listening
notifies :run, 'execute[clear the gitlab-ci cache]'
end
end
env_dir File.join(gitlab_ci_static_etc_dir, 'env') do
variables(
{
'HOME' => gitlab_ci_home_dir,
'RAILS_ENV' => node['gitlab']['gitlab-ci']['environment'],
}.merge(node['gitlab']['gitlab-ci']['env'])
)
restarts dependent_services
end
# replace empty directories in the Git repo with symlinks to /var/opt/gitlab
{
"/opt/gitlab/embedded/service/gitlab-ci/tmp" => gitlab_ci_tmp_dir,
"/opt/gitlab/embedded/service/gitlab-ci/log" => gitlab_ci_log_dir
}.each do |link_dir, target_dir|
link link_dir do
to target_dir
end
end
# Create tmp/cache to make 'rake cache:clear' work
directory File.join(gitlab_ci_tmp_dir, 'cache') do
user gitlab_ci_user
end
# Make schema.rb writable for when we run `rake db:migrate`
file "/opt/gitlab/embedded/service/gitlab-ci/db/schema.rb" do
owner gitlab_ci_user
end
# Only run `rake db:migrate` when the gitlab-ci version has changed
remote_file File.join(gitlab_ci_dir, 'VERSION') do
source "file:///opt/gitlab/embedded/service/gitlab-ci/VERSION"
notifies :run, 'bash[migrate gitlab-ci database]' unless postgresql_not_listening
notifies :run, 'execute[clear the gitlab-ci cache]' unless redis_not_listening
dependent_services.each do |sv|
notifies :restart, sv
end
end
execute "clear the gitlab-ci cache" do
command "/opt/gitlab/bin/gitlab-ci-rake cache:clear"
action :nothing
end

51
files/gitlab-cookbooks/gitlab/recipes/gitlab-rails.rb
View File

@ -19,7 +19,7 @@
gitlab_rails_source_dir = "/opt/gitlab/embedded/service/gitlab-rails"
gitlab_rails_dir = node['gitlab']['gitlab-rails']['dir']
gitlab_rails_etc_dir = File.join(gitlab_rails_dir, "etc")
gitlab_rails_env_dir = "/opt/gitlab/etc/gitlab-rails/env"
gitlab_rails_static_etc_dir = "/opt/gitlab/etc/gitlab-rails"
gitlab_rails_working_dir = File.join(gitlab_rails_dir, "working")
gitlab_rails_tmp_dir = File.join(gitlab_rails_dir, "tmp")
gitlab_rails_public_uploads_dir = node['gitlab']['gitlab-rails']['uploads_directory']
@ -27,6 +27,7 @@ gitlab_rails_log_dir = node['gitlab']['gitlab-rails']['log_directory']
[
gitlab_rails_etc_dir,
gitlab_rails_static_etc_dir,
gitlab_rails_working_dir,
gitlab_rails_tmp_dir,
node['gitlab']['gitlab-rails']['backup_path'],
@ -53,14 +54,7 @@ directory gitlab_rails_public_uploads_dir do
recursive true
end
directory gitlab_rails_env_dir do
owner 'root' # Do not allow the git user to change its own env variables
group node['gitlab']['user']['group']
mode '0750'
recursive true
end
template "/opt/gitlab/etc/gitlab-rails/gitlab-rails-rc"
template File.join(gitlab_rails_static_etc_dir, "gitlab-rails-rc")
dependent_services = []
dependent_services << "service[unicorn]" if OmnibusHelper.should_notify?("unicorn")
@ -75,6 +69,7 @@ template_symlink File.join(gitlab_rails_etc_dir, "secret") do
owner "root"
group "root"
mode "0644"
variables(node['gitlab']['gitlab-rails'].to_hash)
restarts dependent_services
end
@ -83,7 +78,6 @@ if node['gitlab']['postgresql']['enable']
database_attributes.merge!(
:db_adapter => "postgresql",
:db_username => node['gitlab']['postgresql']['sql_user'],
:db_password => node['gitlab']['postgresql']['sql_password'],
:db_host => node['gitlab']['postgresql']['listen_address'],
:db_port => node['gitlab']['postgresql']['port']
)
@ -173,33 +167,14 @@ directory node['gitlab']['gitlab-rails']['satellites_path'] do
recursive true
end
env_vars = {
'HOME' => node['gitlab']['user']['home'],
'RAILS_ENV' => node['gitlab']['gitlab-rails']['environment'],
}.merge(node['gitlab']['gitlab-rails']['env'])
env_vars.each do |key, value|
file File.join(gitlab_rails_env_dir, key) do
owner node['gitlab']['user']['username']
group node['gitlab']['user']['group']
mode "0600"
content value
dependent_services.each do |svc|
notifies :restart, svc
end
end
end
if File.directory?(gitlab_rails_env_dir)
deleted_env_vars = Dir.entries(gitlab_rails_env_dir) - env_vars.keys - %w{. ..}
deleted_env_vars.each do |deleted_var|
file File.join(gitlab_rails_env_dir, deleted_var) do
action :delete
dependent_services.each do |svc|
notifies :restart, svc
end
end
end
env_dir File.join(gitlab_rails_static_etc_dir, 'env') do
variables(
{
'HOME' => node['gitlab']['user']['home'],
'RAILS_ENV' => node['gitlab']['gitlab-rails']['environment'],
}.merge(node['gitlab']['gitlab-rails']['env'])
)
restarts dependent_services
end
# replace empty directories in the Git repo with symlinks to /var/opt/gitlab
@ -227,7 +202,7 @@ end
# Only run `rake db:migrate` when the gitlab-rails version has changed
remote_file File.join(gitlab_rails_dir, 'VERSION') do
source "file:///opt/gitlab/embedded/service/gitlab-rails/VERSION"
notifies :run, 'bash[migrate database]' unless postgresql_not_listening
notifies :run, 'bash[migrate gitlab-rails database]' unless postgresql_not_listening
notifies :run, 'execute[clear the gitlab-rails cache]' unless redis_not_listening
dependent_services.each do |sv|
notifies :restart, sv

28
files/gitlab-cookbooks/gitlab/recipes/nginx.rb
View File

@ -28,8 +28,8 @@ nginx_log_dir = node['gitlab']['nginx']['log_directory']
].each do |dir_name|
directory dir_name do
owner 'root'
group node['gitlab']['web-server']['group']
mode '0750'
group 'root'
mode '0700'
recursive true
end
end
@ -59,6 +59,30 @@ template nginx_vars[:gitlab_http_config] do
notifies :restart, 'service[nginx]' if OmnibusHelper.should_notify?("nginx")
end
if node['gitlab']['ci-nginx']['enable']
# Include the config file for gitlab-ci in nginx.conf later
nginx_vars.merge!(
:gitlab_ci_http_config => File.join(nginx_conf_dir, "gitlab-ci-http.conf")
)
ci_nginx_vars = node['gitlab']['ci-nginx']
template nginx_vars[:gitlab_ci_http_config] do
source "nginx-gitlab-ci-http.conf.erb"
owner "root"
group "root"
mode "0644"
variables(ci_nginx_vars.merge(
{
:fqdn => node['gitlab']['gitlab-ci']['gitlab_ci_host'],
:https => node['gitlab']['gitlab-ci']['gitlab_ci_https'],
:socket => node['gitlab']['ci-unicorn']['socket'],
:port => node['gitlab']['gitlab-ci']['gitlab_ci_port'],
}
))
notifies :restart, 'service[nginx]' if OmnibusHelper.should_notify?("nginx")
end
end
template nginx_config do
source "nginx.conf.erb"
owner "root"

32
files/gitlab-cookbooks/gitlab/recipes/postgresql.rb
View File

@ -148,20 +148,26 @@ pg_helper = PgHelper.new(node)
pg_port = node['gitlab']['postgresql']['port']
pg_user = node['gitlab']['postgresql']['username']
bin_dir = "/opt/gitlab/embedded/bin"
db_name = "gitlabhq_production"
sql_user = node['gitlab']['postgresql']['sql_user']
execute "create #{sql_user} database user" do
command "#{bin_dir}/psql --port #{pg_port} -d template1 -c \"CREATE USER #{sql_user}\""
user pg_user
not_if { !pg_helper.is_running? || pg_helper.sql_user_exists? }
databases = [
['gitlab-rails', 'gitlabhq_production', node['gitlab']['postgresql']['sql_user']]
]
if node['gitlab']['gitlab-ci']['enable']
databases << ['gitlab-ci', 'gitlab_ci_production', node['gitlab']['postgresql']['sql_ci_user']]
end
execute "create #{db_name} database" do
command "#{bin_dir}/createdb --port #{pg_port} -O #{sql_user} #{db_name}"
user pg_user
not_if { !pg_helper.is_running? || pg_helper.database_exists?(db_name) }
retries 30
notifies :run, "execute[initialize database]", :immediately
databases.each do |rails_app, db_name, sql_user|
execute "create #{sql_user} database user" do
command "#{bin_dir}/psql --port #{pg_port} -d template1 -c \"CREATE USER #{sql_user}\""
user pg_user
not_if { !pg_helper.is_running? || pg_helper.user_exists?(sql_user) }
end
execute "create #{db_name} database" do
command "#{bin_dir}/createdb --port #{pg_port} -O #{sql_user} #{db_name}"
user pg_user
not_if { !pg_helper.is_running? || pg_helper.database_exists?(db_name) }
retries 30
notifies :run, "execute[initialize #{rails_app} database]", :immediately
end
end

52
files/gitlab-cookbooks/gitlab/recipes/redis.rb
View File

@ -16,54 +16,6 @@
# limitations under the License.
#
redis_dir = node['gitlab']['redis']['dir']
redis_log_dir = node['gitlab']['redis']['log_directory']
redis_user = node['gitlab']['redis']['username']
group redis_user do
gid node['gitlab']['redis']['gid']
system true
end
user redis_user do
uid node['gitlab']['redis']['uid']
gid redis_user
system true
shell node['gitlab']['redis']['shell']
home node['gitlab']['redis']['home']
end
directory redis_dir do
owner redis_user
group node['gitlab']['user']['group']
mode "0750"
end
directory redis_log_dir do
owner redis_user
mode "0700"
end
redis_config = File.join(redis_dir, "redis.conf")
template redis_config do
source "redis.conf.erb"
owner node['gitlab']['redis']['username']
mode "0644"
variables(node['gitlab']['redis'].to_hash)
notifies :restart, 'service[redis]', :immediately if OmnibusHelper.should_notify?("redis")
end
runit_service "redis" do
down node['gitlab']['redis']['ha']
options({
:log_directory => redis_log_dir
}.merge(params))
log_options node['gitlab']['logging'].to_hash.merge(node['gitlab']['redis'].to_hash)
end
if node['gitlab']['bootstrap']['enable']
execute "/opt/gitlab/bin/gitlab-ctl start redis" do
retries 20
end
redis_service 'redis' do
socket_group node['gitlab']['user']['group']
end

23
files/gitlab-cookbooks/gitlab/recipes/sidekiq.rb
View File

@ -16,24 +16,7 @@
# limitations under the License.
#
sidekiq_log_dir = node['gitlab']['sidekiq']['log_directory']
directory sidekiq_log_dir do
owner node['gitlab']['user']['username']
mode '0700'
recursive true
end
runit_service "sidekiq" do
down node['gitlab']['sidekiq']['ha']
options({
:log_directory => sidekiq_log_dir
}.merge(params))
log_options node['gitlab']['logging'].to_hash.merge(node['gitlab']['sidekiq'].to_hash)
end
if node['gitlab']['bootstrap']['enable']
execute "/opt/gitlab/bin/gitlab-ctl start sidekiq" do
retries 20
end
sidekiq_service 'sidekiq' do
rails_app 'gitlab-rails'
user node['gitlab']['user']['username']
end

78
files/gitlab-cookbooks/gitlab/recipes/unicorn.rb
View File

@ -16,79 +16,7 @@
# limitations under the License.
#
gitlab_rails_dir = node['gitlab']['gitlab-rails']['dir']
gitlab_rails_etc_dir = File.join(gitlab_rails_dir, "etc")
gitlab_rails_working_dir = File.join(gitlab_rails_dir, "working")
unicorn_listen_socket = node['gitlab']['unicorn']['socket']
unicorn_pidfile = node['gitlab']['unicorn']['pidfile']
unicorn_log_dir = node['gitlab']['unicorn']['log_directory']
unicorn_socket_dir = File.dirname(unicorn_listen_socket)
[
unicorn_log_dir,
File.dirname(unicorn_pidfile)
].each do |dir_name|
directory dir_name do
owner node['gitlab']['user']['username']
mode '0700'
recursive true
end
end
directory unicorn_socket_dir do
owner node['gitlab']['user']['username']
group node['gitlab']['web-server']['group']
mode '0750'
recursive true
end
unicorn_listen_tcp = node['gitlab']['unicorn']['listen']
unicorn_listen_tcp << ":#{node['gitlab']['unicorn']['port']}"
unicorn_config File.join(gitlab_rails_etc_dir, "unicorn.rb") do
listen(
unicorn_listen_tcp => {
:tcp_nopush => node['gitlab']['unicorn']['tcp_nopush']
},
unicorn_listen_socket => {
:backlog => node['gitlab']['unicorn']['backlog_socket'],
}
)
worker_timeout node['gitlab']['unicorn']['worker_timeout']
working_directory gitlab_rails_working_dir
worker_processes node['gitlab']['unicorn']['worker_processes']
preload_app true
stderr_path File.join(unicorn_log_dir, "unicorn_stderr.log")
stdout_path File.join(unicorn_log_dir, "unicorn_stdout.log")
pid unicorn_pidfile
before_fork <<-'EOS'
old_pid = "#{server.config[:pid]}.oldbin"
if old_pid != server.pid
begin
sig = (worker.nr + 1) >= server.worker_processes ? :QUIT : :TTOU
Process.kill(sig, File.read(old_pid).to_i)
rescue Errno::ENOENT, Errno::ESRCH
end
end
EOS
owner "root"
group "root"
mode "0644"
notifies :restart, 'service[unicorn]' if OmnibusHelper.should_notify?("unicorn")
end
runit_service "unicorn" do
down node['gitlab']['unicorn']['ha']
restart_command 2 # Restart Unicorn using SIGUSR2
options({
:log_directory => unicorn_log_dir
}.merge(params))
log_options node['gitlab']['logging'].to_hash.merge(node['gitlab']['unicorn'].to_hash)
end
if node['gitlab']['bootstrap']['enable']
execute "/opt/gitlab/bin/gitlab-ctl start unicorn" do
retries 20
end
unicorn_service 'unicorn' do
rails_app 'gitlab-rails'
user node['gitlab']['user']['username']
end

42
files/gitlab-cookbooks/gitlab/templates/default/application.yml.erb Normal file
View File

@ -0,0 +1,42 @@
defaults: &defaults
gitlab_server_urls:
<%= @gitlab_server_urls.to_json %>
## Gitlab CI settings
gitlab_ci:
## Web server settings
host: <%= @gitlab_ci_host %>
port: <%= @gitlab_ci_port %>
https: <%= @gitlab_ci_https %>
## Email settings
# Email address used in the "From" field in mails sent by GitLab-CI
email_from: <%= @gitlab_ci_email_from %>
# Email address of your support contact (default: same as email_from)
support_email: <%= @gitlab_ci_support_email %>
# Default project notifications settings:
#
# Send emails only on broken builds (default: true)
all_broken_builds: <%= @gitlab_ci_all_broken_builds %>
#
# Add committer to recipients list (default: false)
add_committer: <%= @gitlab_ci_add_committer %>
gravatar:
enabled: <%= @gravatar_enabled %>
plain_url: <%= single_quote(@gravatar_plain_url) %>
ssl_url: <%= single_quote(@gravatar_ssl_url) %>
development:
<<: *defaults
test:
<<: *defaults
gitlab_server_urls:
- 'http://demo.gitlab.com/'
production:
<<: *defaults

1
files/gitlab-cookbooks/gitlab/templates/default/gitlab-ci-rc.erb Normal file
View File

@ -0,0 +1 @@
gitlab_ci_user='<%= node['gitlab']['gitlab-ci']['username'] %>'

87
files/gitlab-cookbooks/gitlab/templates/default/nginx-gitlab-ci-http.conf.erb Normal file
View File

@ -0,0 +1,87 @@
# This file is managed by gitlab-ctl. Manual changes will be
# erased! To change the contents below, edit /etc/gitlab/gitlab.rb
# and run `sudo gitlab-ctl reconfigure`.
## GitLab CI
## Maintainer: @randx
upstream gitlab_ci {
server unix:<%= @socket %>;
}
<% if @https && @redirect_http_to_https %>
server {
<% @listen_addresses.each do |listen_address| %>
listen <%= listen_address %>:<%= @redirect_http_to_https_port %>;
<% end %>
server_name <%= @fqdn %>;
server_tokens off;
return 301 https://<%= @fqdn %>:<%= @port %>$request_uri;
access_log <%= @log_directory %>/gitlab_access.log;
error_log <%= @log_directory %>/gitlab_error.log;
}
<% end %>
server {
<% @listen_addresses.each do |listen_address| %>
listen <%= listen_address %>:<%= @port %>;
<% end %>
server_name <%= @fqdn %>;
server_tokens off; # don't show the version number, a security best practice
root /opt/gitlab/embedded/service/gitlab-ci/public;
<% if @https %>
ssl on;
ssl_certificate <%= @ssl_certificate %>;
ssl_certificate_key <%= @ssl_certificate_key %>;
ssl_ciphers '<%= @ssl_ciphers %>';
ssl_prefer_server_ciphers <%= @ssl_prefer_server_ciphers %>;
ssl_protocols <%= @ssl_protocols %>;
ssl_session_cache <%= @ssl_session_cache %>;
ssl_session_timeout <%= @ssl_session_timeout %>;
add_header Strict-Transport-Security max-age=63072000;
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
<% end %>
## Individual nginx logs for this GitLab vhost
access_log <%= @log_directory %>/gitlab_ci_access.log;
error_log <%= @log_directory %>/gitlab_ci_error.log;
location / {
## Serve static files from defined root folder.
## @gitlab is a named location for the upstream fallback, see below.
try_files $uri $uri/index.html $uri.html @gitlab_ci;
}
## If a file, which is not found in the root folder is requested,
## then the proxy passes the request to the upsteam (gitlab unicorn).
location @gitlab_ci {
## If you use HTTPS make sure you disable gzip compression
## to be safe against BREACH attack.
<%= 'gzip off;' if @https %>
## https://github.com/gitlabhq/gitlabhq/issues/694
## Some requests take more than 30 seconds.
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_redirect off;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Frame-Options SAMEORIGIN;
<% if @https %>
proxy_set_header X-Forwarded-Ssl on;
<% end %>
proxy_pass http://gitlab_ci;
}
# adjust this to match the largest build log your runners might submit,
# set to 0 to disable limit
client_max_body_size <%= @client_max_body_size %>;
<%= @custom_gitlab_ci_server_config %>
}

3
files/gitlab-cookbooks/gitlab/templates/default/nginx.conf.erb
View File

@ -29,4 +29,7 @@ http {
include /opt/gitlab/embedded/conf/mime.types;
include <%= @gitlab_http_config %>;
<% if @gitlab_ci_http_config %>
include <%= @gitlab_ci_http_config %>;
<% end %>
}

1
files/gitlab-cookbooks/gitlab/templates/default/pg_ident.conf.erb
View File

@ -41,5 +41,6 @@
# MAPNAME SYSTEM-USERNAME PG-USERNAME
gitlab <%= node['gitlab']['user']['username'] %> <%= node['gitlab']['postgresql']['sql_user'] %>
gitlab <%= node['gitlab']['gitlab-ci']['username'] %> <%= node['gitlab']['postgresql']['sql_ci_user'] %>
# Default to a 1-1 mapping between system usernames and Postgres usernames
gitlab /^(.*)$ \1

8
files/gitlab-cookbooks/gitlab/templates/default/redis.conf.erb
View File

@ -26,7 +26,7 @@ pidfile /var/run/redis.pid
# Accept connections on the specified port, default is 6379.
# If port 0 is specified Redis will not listen on a TCP socket.
port <%= node['gitlab']['redis']['port'] %>
port <%= @port %>
# By default Redis listens for connections from all the network interfaces
# available on the server. It is possible to listen to just one or multiple
@ -42,8 +42,8 @@ bind 127.0.0.1
# incoming connections. There is no default, so Redis will not listen
# on a unix socket when not specified.
#
unixsocket <%= node['gitlab']['redis']['unixsocket'] %>
unixsocketperm <%= node['gitlab']['redis']['unixsocketperm'] %>
unixsocket <%= @unixsocket %>
unixsocketperm <%= @unixsocketperm %>
# Close the connection after a client is idle for N seconds (0 to disable)
timeout 0
@ -159,7 +159,7 @@ dbfilename dump.rdb
# The Append Only File will also be created inside this directory.
#
# Note that you must specify a directory here, not a file name.
dir <%= node['gitlab']['redis']['dir'] %>
dir <%= @dir %>
################################# REPLICATION #################################

2
files/gitlab-cookbooks/gitlab/templates/default/secret_token.erb
View File

@ -1 +1 @@
<%= node['gitlab']['gitlab-rails']['secret_token'] %>
<%= @secret_token %>

2
files/gitlab-cookbooks/gitlab/templates/default/sv-redis-run.erb
View File

@ -2,4 +2,4 @@
exec 2>&1
<%= render("mount_point_check.erb") %>
umask 077
exec chpst -P -U <%= node['gitlab']['redis']['username'] %> -u <%= node['gitlab']['redis']['username'] %> /opt/gitlab/embedded/bin/redis-server <%= File.join(node['gitlab']['redis']['dir'], "redis.conf") %>
exec chpst -P -U <%= node['gitlab']['redis']['username'] %> -u <%= node['gitlab']['redis']['username'] %> /opt/gitlab/embedded/bin/redis-server <%= File.join(node['gitlab'][@options[:service]]['dir'], "redis.conf") %>

16
files/gitlab-cookbooks/gitlab/templates/default/sv-sidekiq-run.erb
View File

@ -1,7 +1,19 @@
#!/bin/sh
cd <%= node['gitlab']['gitlab-rails']['dir'] %>/working
cd <%= node['gitlab'][@options[:rails_app]]['dir'] %>/working
exec 2>&1
<%= render("mount_point_check.erb") %>
exec chpst -e /opt/gitlab/etc/gitlab-rails/env -P -U <%= node['gitlab']['user']['username'] %> -u <%= node['gitlab']['user']['username'] %> /opt/gitlab/embedded/bin/bundle exec sidekiq -q post_receive -q mailer -q system_hook -q project_web_hook -q gitlab_shell -q common -q default -e <%= node['gitlab']['gitlab-rails']['environment'] %> -r /opt/gitlab/embedded/service/gitlab-rails -t <%= node['gitlab']['sidekiq']['shutdown_timeout'] %>
exec chpst -e /opt/gitlab/etc/<%= @options[:rails_app] %>/env -P \
-U <%= @options[:user] %> -u <%= @options[:user] %> \
/opt/gitlab/embedded/bin/bundle exec sidekiq \
-q post_receive \
-q mailer \
-q system_hook \
-q project_web_hook \
-q gitlab_shell \
-q common \
-q default \
-e <%= node['gitlab'][@options[:rails_app]]['environment'] %> \
-r /opt/gitlab/embedded/service/<%= @options[:rails_app] %> \
-t <%= @options[:shutdown_timeout] %>

11
files/gitlab-cookbooks/gitlab/templates/default/sv-unicorn-run.erb
View File

@ -3,14 +3,14 @@
# Let runit capture all script error messages
exec 2>&1
readonly current_pidfile=<%= node['gitlab']['unicorn']['pidfile'] %>
readonly current_pidfile=<%= node['gitlab'][@options[:service]]['pidfile'] %>
readonly oldbin_pidfile=${current_pidfile}.oldbin
readonly unicorn_wait_start=1 # time in seconds
readonly unicorn_poll_alive=1 # time in seconds
function main
{
cd /opt/gitlab/embedded/service/gitlab-rails
cd /opt/gitlab/embedded/service/<%= @options[:rails_app] %>
find_us_a_unicorn
trap_signals
wait_for_unicorn_to_exit
@ -65,7 +65,12 @@ function is_unicorn
function start_unicorn_master
{
<%= render("mount_point_check.erb") %>
chpst -e /opt/gitlab/etc/gitlab-rails/env -P -U <%= node['gitlab']['user']['username'] %> -u <%= node['gitlab']['user']['username'] %> /opt/gitlab/embedded/bin/bundle exec unicorn -D -E <%= node['gitlab']['gitlab-rails']['environment'] %> -c <%= File.join(node['gitlab']['gitlab-rails']['dir'], "etc", "unicorn.rb") %> /opt/gitlab/embedded/service/gitlab-rails/config.ru
chpst -e /opt/gitlab/etc/<%= @options[:rails_app] %>/env -P -U <%= @options[:user] %> -u <%= @options[:user] %> \
/opt/gitlab/embedded/bin/bundle exec unicorn \
-D \
-E <%= node['gitlab'][@options[:rails_app]]['environment'] %> \
-c <%= @options[:unicorn_rb] %> \
/opt/gitlab/embedded/service/<%= @options[:rails_app] %>/config.ru
}
function trap_signals

2
package-scripts/gitlab/postinst
View File

@ -12,7 +12,7 @@ function error_exit
exit 1
}
for command in gitlab-ctl gitlab-rake gitlab-rails
for command in gitlab-ctl gitlab-rake gitlab-rails gitlab-ci-rake gitlab-ci-rails
do
ln -sf /opt/gitlab/bin/$command /usr/bin || error_exit "Could not symlink $command in /usr/bin"
done