Merge branch 'bundle_mattermost' into 'master'
Bundle mattermost with omnibus-gitlab See merge request !434
This commit is contained in:
commit
7a6f6012b8
|
@ -75,6 +75,7 @@ dependency "gitlab-cookbooks"
|
|||
dependency "gitlab-selinux"
|
||||
dependency "gitlab-scripts"
|
||||
dependency "gitlab-config-template"
|
||||
dependency "mattermost"
|
||||
|
||||
# version manifest file
|
||||
dependency "version-manifest"
|
||||
|
|
|
@ -0,0 +1,32 @@
|
|||
#
|
||||
## Copyright:: Copyright (c) 2015 GitLab B.V.
|
||||
## License:: Apache License, Version 2.0
|
||||
##
|
||||
## Licensed under the Apache License, Version 2.0 (the "License");
|
||||
## you may not use this file except in compliance with the License.
|
||||
## You may obtain a copy of the License at
|
||||
##
|
||||
## http://www.apache.org/licenses/LICENSE-2.0
|
||||
##
|
||||
## Unless required by applicable law or agreed to in writing, software
|
||||
## distributed under the License is distributed on an "AS IS" BASIS,
|
||||
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
## See the License for the specific language governing permissions and
|
||||
## limitations under the License.
|
||||
##
|
||||
#
|
||||
|
||||
name "mattermost"
|
||||
default_version "v0.6.0"
|
||||
|
||||
source url: "https://github.com/mattermost/platform/releases/download/#{version}/mattermost.tar.gz",
|
||||
md5: '9731b432644862d2025c68afabc852f5'
|
||||
|
||||
build do
|
||||
move "bin/platform", "#{install_dir}/embedded/bin/mattermost"
|
||||
|
||||
command "mkdir -p #{install_dir}/embedded/service/mattermost"
|
||||
command "#{install_dir}/embedded/bin/rsync -a --delete ./api/templates #{install_dir}/embedded/service/mattermost/api/"
|
||||
command "#{install_dir}/embedded/bin/rsync -a --delete ./web/static #{install_dir}/embedded/service/mattermost/web/"
|
||||
command "#{install_dir}/embedded/bin/rsync -a --delete ./web/templates #{install_dir}/embedded/service/mattermost/web/"
|
||||
end
|
|
@ -0,0 +1,82 @@
|
|||
# GitLab Mattermost
|
||||
|
||||
You can run a [GitLab Mattermost](http://www.mattermost.org/)
|
||||
service on your GitLab server.
|
||||
|
||||
## Documentation version
|
||||
|
||||
Please make sure you are viewing the documentation for the version of
|
||||
omnibus-gitlab you are using. In most cases this should be the highest numbered
|
||||
stable branch (example shown below).
|
||||
|
||||
![documentation version](doc/images/omnibus-documentation-version.png)
|
||||
|
||||
## Getting started
|
||||
|
||||
GitLab Mattermost expects to run on its own virtual host. In your DNS you would then
|
||||
have two entries pointing to the same machine, e.g. `gitlab.example.com` and
|
||||
`mattermost.example.com`.
|
||||
|
||||
GitLab Mattermost is disabled by default, to enable it just tell omnibus-gitlab what
|
||||
the external URL for Mattermost server is:
|
||||
|
||||
```ruby
|
||||
# in /etc/gitlab/gitlab.rb
|
||||
mattermost_external_url 'http://mattermost.example.com'
|
||||
```
|
||||
|
||||
After you run `sudo gitlab-ctl reconfigure`, your GitLab Mattermost should
|
||||
now be reachable at `http://mattermost.example.com` and authorized to connect to GitLab. Authorising Mattermost with GitLab will allow users to use GitLab as SSO provider.
|
||||
|
||||
Omnibus-gitlab package will attempt to automatically authorise GitLab Mattermost with GitLab if applications are running on the same server.
|
||||
This is because automatic authorisation requires access to GitLab database.
|
||||
If GitLab database is not available you will need to manually authorise GitLab Mattermost for access to GitLab.
|
||||
|
||||
## Running GitLab Mattermost on its own server
|
||||
|
||||
If you want to run GitLab and GitLab Mattermost on two separate servers you
|
||||
can use the following settings on the GitLab Mattermost server to effectively disable
|
||||
the GitLab service bundled into the Omnibus package. The GitLab services will
|
||||
still be set up on your GitLab Mattermost server, but they will not accept user requests or
|
||||
consume system resources.
|
||||
|
||||
```ruby
|
||||
mattermost_external_url 'http://mattermost.example.com'
|
||||
|
||||
# Tell GitLab Mattermost to integrate with gitlab.example.com
|
||||
|
||||
mattermost['oauth'] = {'gitlab' => {'Allow' => true, 'Secret' => "123", 'Id' => "123", "AuthEndpoint" => "http://gitlab.example.com/oauth/authorize", "TokenEndpoint" => "http://gitlab.example.com/oauth/token", "UserApiEndpoint" => "http://gitlab.example.com/api/v3/user" }}
|
||||
|
||||
# Shut down GitLab services on the Mattermost server
|
||||
gitlab_rails['enable'] = false
|
||||
```
|
||||
|
||||
where `Secret` and `Id` are `application secret` and `application id` received when creating new `Application` authorization in GitLab admin section.
|
||||
|
||||
## Manually (re)authorising GitLab Mattermost with GitLab
|
||||
|
||||
### Authorise GitLab Mattermost
|
||||
|
||||
To do this, using browser navigate to the `admin area` of GitLab, `Application` section. Create a new application and for the callback URL use: `http://mattermost.example.com/signup/gitlab/complete` and `http://mattermost.example.com/login/gitlab/complete` (replace http with https if you use https).
|
||||
|
||||
Once the application is created you will receive an `Application ID` and `Secret`. One other information needed is the URL of GitLab instance.
|
||||
|
||||
Now, go to the GitLab server and edit the `/etc/gitlab/gitlab.rb` configuration file.
|
||||
|
||||
In `gitlab.rb` use the values you've received above:
|
||||
|
||||
```
|
||||
mattermost['oauth'] = {'gitlab' => {'Allow' => true, 'Secret' => "123", 'Id' => "123", "AuthEndpoint" => "http://gitlab.example.com/oauth/authorize", "TokenEndpoint" => "http://gitlab.example.com/oauth/token", "UserApiEndpoint" => "http://gitlab.example.com/api/v3/user" }}
|
||||
```
|
||||
Save the changes and then run `sudo gitlab-ctl reconfigure`.
|
||||
|
||||
If there are no errors your GitLab and GitLab Mattermost should be configured correctly.
|
||||
|
||||
### Reauthorise GitLab Mattermost
|
||||
|
||||
To reauthorise GitLab Mattermost you will first need to revoke access of the existing authorisation. This can be done in the Admin area of GitLab under `Applications`. Once that is done follow the steps in the `Authorise GitLab Mattermost` section.
|
||||
|
||||
### GitLab Mattermost configuration
|
||||
|
||||
For a complete list of available options, visit the [gitlab.rb.template](https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-config-template/gitlab.rb.template).
|
||||
We welcome contributions to improve the configuration settings explanations both in the gitlab.rb.template and in the documentation.
|
|
@ -588,3 +588,119 @@ external_url 'GENERATED_EXTERNAL_URL'
|
|||
# ci_nginx['gzip_types'] = [ "text/plain", "text/css", "application/x-javascript", "text/xml", "application/xml", "application/xml+rss", "text/javascript", "application/json" ]
|
||||
# ci_nginx['keepalive_timeout'] = 65
|
||||
# ci_nginx['cache_max_size'] = '5000m'
|
||||
|
||||
|
||||
#####################
|
||||
# GitLab Mattermost #
|
||||
#####################
|
||||
|
||||
# mattermost['enable'] = false
|
||||
# mattermost['username'] = 'mattermost'
|
||||
# mattermost['group'] = 'mattermost'
|
||||
# mattermost['home'] = '/var/opt/gitlab/mattermost'
|
||||
# mattermost['database_name'] = 'mattermost_production'
|
||||
|
||||
# mattermost['log_file_directory'] = '/var/log/gitlab/mattermost'
|
||||
# mattermost['log_console_enable'] = true
|
||||
# mattermost['log_console_level'] = 'INFO'
|
||||
# mattermost['log_file_enable'] = false
|
||||
# mattermost['log_file_level'] = 'INFO'
|
||||
# mattermost['log_file_format'] = nil
|
||||
|
||||
# mattermost['service_site_name'] = "GitLab Mattermost"
|
||||
# mattermost['service_mode'] = 'beta'
|
||||
# mattermost['service_allow_testing'] = false
|
||||
# mattermost['service_use_ssl'] = false
|
||||
# mattermost['service_port'] = "8065"
|
||||
# mattermost['service_version'] = "developer"
|
||||
# mattermost['service_analytics_url'] = nil
|
||||
# mattermost['service_use_local_storage'] = true
|
||||
# mattermost['service_storage_directory'] = "/var/opt/gitlab/mattermost/data"
|
||||
# mattermost['service_allowed_login_attempts'] = 10
|
||||
|
||||
# mattermost['sql_data_source'] = nil
|
||||
# mattermost['sql_data_source_replicas'] = []
|
||||
# mattermost['sql_max_idle_conns'] = 10
|
||||
# mattermost['sql_max_open_conns'] = 10
|
||||
# mattermost['sql_trace'] = false
|
||||
|
||||
# mattermost['oauth'] = {'gitlab' => {'Allow' => true, 'Secret' => "123", 'Id' => "123", "AuthEndpoint" => "aa", "TokenEndpoint" => "bb", "UserApiEndpoint" => "cc" }}
|
||||
# mattermost['aws'] = {'S3AccessKeyId' => '123', 'S3SecretAccessKey' => '123', 'S3Bucket' => 'aa', 'S3Region' => 'bb'}
|
||||
# mattermost['image_thumbnail_width'] = 120
|
||||
# mattermost['image_thumbnail_height'] = 100
|
||||
# mattermost['image_preview_width'] = 1024
|
||||
# mattermost['image_preview_height'] = 0
|
||||
# mattermost['image_profile_width'] = 128
|
||||
# mattermost['image_profile_height'] = 128
|
||||
# mattermost['image_initial_font'] = 'luximbi.ttf'
|
||||
|
||||
# mattermost['email_by_pass_email'] = true
|
||||
# mattermost['email_smtp_username'] = nil
|
||||
# mattermost['email_smtp_password'] = nil
|
||||
# mattermost['email_smtp_server'] = nil
|
||||
# mattermost['email_use_tls'] = false
|
||||
# mattermost['email_feedback_email'] = nil
|
||||
# mattermost['email_feedback_name'] = nil
|
||||
# mattermost['email_apple_push_server'] = nil
|
||||
# mattermost['email_apple_push_cert_public'] = nil
|
||||
# mattermost['email_apple_push_cert_private'] = nil
|
||||
|
||||
# mattermost['ratelimit_use_rate_limiter'] = true
|
||||
# mattermost['ratelimit_per_sec'] = 10
|
||||
# mattermost['ratelimit_memory_store_size'] = 10000
|
||||
# mattermost['ratelimit_vary_by_remote_addr'] = true
|
||||
# mattermost['ratelimit_vary_by_header'] = nil
|
||||
|
||||
# mattermost['privacy_show_email_address'] = true
|
||||
# mattermost['privacy_show_phone_number'] = true
|
||||
# mattermost['privacy_show_skype_id'] = true
|
||||
# mattermost['privacy_show_full_name'] = true
|
||||
|
||||
# mattermost['team_max_users_per_team'] = 150
|
||||
# mattermost['team_allow_public_link'] = true
|
||||
# mattermost['team_allow_valet_default'] = false
|
||||
# mattermost['team_terms_link'] = '/static/help/configure_links.html'
|
||||
# mattermost['team_privacy_link'] = '/static/help/configure_links.html'
|
||||
# mattermost['team_about_link'] = '/static/help/configure_links.html'
|
||||
# mattermost['team_help_link'] = '/static/help/configure_links.html'
|
||||
# mattermost['team_report_problem_link'] = '/static/help/configure_links.html'
|
||||
# mattermost['team_tour_link'] = '/static/help/configure_links.html'
|
||||
# mattermost['team_default_color'] = '#2389D7'
|
||||
|
||||
####################
|
||||
# Mattermost NGINX #
|
||||
####################
|
||||
|
||||
# mattermost_nginx['enable'] = false
|
||||
# mattermost_nginx['client_max_body_size'] = '250m'
|
||||
# mattermost_nginx['redirect_http_to_https'] = false
|
||||
# mattermost_nginx['redirect_http_to_https_port'] = 80
|
||||
# mattermost_nginx['ssl_certificate'] = "/etc/gitlab/ssl/#{node['fqdn']}.crt"
|
||||
# mattermost_nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/#{node['fqdn']}.key"
|
||||
# mattermost_nginx['ssl_ciphers'] = "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256"
|
||||
# mattermost_nginx['ssl_prefer_server_ciphers'] = "on"
|
||||
# mattermost_nginx['ssl_protocols'] = "TLSv1 TLSv1.1 TLSv1.2" # recommended by https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html & https://cipherli.st/
|
||||
# mattermost_nginx['ssl_session_cache'] = "builtin:1000 shared:SSL:10m" # recommended in http://nginx.org/en/docs/http/ngx_http_ssl_module.html
|
||||
# mattermost_nginx['ssl_session_timeout'] = "5m" # default according to http://nginx.org/en/docs/http/ngx_http_ssl_module.html
|
||||
# mattermost_nginx['ssl_dhparam'] = nil # Path to ci_dhparams.pem, eg. /etc/gitlab/ssl/ci_dhparams.pem
|
||||
# mattermost_nginx['listen_addresses'] = ['*']
|
||||
# mattermost_nginx['listen_port'] = nil # override only if you use a reverse proxy: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/nginx.md#setting-the-nginx-listen-port
|
||||
# mattermost_nginx['listen_https'] = nil # override only if your reverse proxy internally communicates over HTTP: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/nginx.md#supporting-proxied-ssl
|
||||
# mattermost_nginx['custom_gitlab_server_config'] = "location ^~ /foo-namespace/bar-project/raw/ {\n deny all;\n}\n"
|
||||
# mattermost_nginx['custom_nginx_config'] = "include /etc/nginx/conf.d/example.conf;"
|
||||
|
||||
## Advanced settings
|
||||
# mattermost_nginx['dir'] = "/var/opt/gitlab/nginx"
|
||||
# mattermost_nginx['log_directory'] = "/var/log/gitlab/nginx"
|
||||
# mattermost_nginx['worker_processes'] = 4
|
||||
# mattermost_nginx['worker_connections'] = 10240
|
||||
# mattermost_nginx['sendfile'] = 'on'
|
||||
# mattermost_nginx['tcp_nopush'] = 'on'
|
||||
# mattermost_nginx['tcp_nodelay'] = 'on'
|
||||
# mattermost_nginx['gzip'] = "on"
|
||||
# mattermost_nginx['gzip_http_version'] = "1.0"
|
||||
# mattermost_nginx['gzip_comp_level'] = "2"
|
||||
# mattermost_nginx['gzip_proxied'] = "any"
|
||||
# mattermost_nginx['gzip_types'] = [ "text/plain", "text/css", "application/x-javascript", "text/xml", "application/xml", "application/xml+rss", "text/javascript", "application/json" ]
|
||||
# mattermost_nginx['keepalive_timeout'] = 65
|
||||
# mattermost_nginx['cache_max_size'] = '5000m'
|
||||
|
|
|
@ -254,6 +254,7 @@ default['gitlab']['postgresql']['home'] = "/var/opt/gitlab/postgresql"
|
|||
default['gitlab']['postgresql']['user_path'] = "#{node['package']['install-dir']}/embedded/bin:#{node['package']['install-dir']}/bin:$PATH"
|
||||
default['gitlab']['postgresql']['sql_user'] = "gitlab"
|
||||
default['gitlab']['postgresql']['sql_ci_user'] = "gitlab_ci"
|
||||
default['gitlab']['postgresql']['sql_mattermost_user'] = "gitlab_mattermost"
|
||||
default['gitlab']['postgresql']['port'] = 5432
|
||||
default['gitlab']['postgresql']['listen_address'] = nil
|
||||
default['gitlab']['postgresql']['max_connections'] = 200
|
||||
|
@ -515,3 +516,88 @@ default['gitlab']['ci-redis']['unixsocket'] = "/var/opt/gitlab/ci-redis/redis.so
|
|||
####
|
||||
default['gitlab']['ci-nginx'] = default['gitlab']['nginx'].dup
|
||||
default['gitlab']['ci-nginx']['enable'] = false
|
||||
|
||||
####
|
||||
# Mattermost
|
||||
####
|
||||
|
||||
default['gitlab']['mattermost']['enable'] = false
|
||||
default['gitlab']['mattermost']['username'] = 'mattermost'
|
||||
default['gitlab']['mattermost']['group'] = 'mattermost'
|
||||
default['gitlab']['mattermost']['home'] = '/var/opt/gitlab/mattermost'
|
||||
default['gitlab']['mattermost']['database_name'] = 'mattermost_production'
|
||||
|
||||
default['gitlab']['mattermost']['log_file_directory'] = '/var/log/gitlab/mattermost'
|
||||
default['gitlab']['mattermost']['log_console_enable'] = true
|
||||
default['gitlab']['mattermost']['log_console_level'] = 'INFO'
|
||||
default['gitlab']['mattermost']['log_file_enable'] = false
|
||||
default['gitlab']['mattermost']['log_file_level'] = 'INFO'
|
||||
default['gitlab']['mattermost']['log_file_format'] = nil
|
||||
|
||||
default['gitlab']['mattermost']['service_site_name'] = "GitLab Mattermost"
|
||||
default['gitlab']['mattermost']['service_mode'] = 'beta'
|
||||
default['gitlab']['mattermost']['service_allow_testing'] = false
|
||||
default['gitlab']['mattermost']['service_use_ssl'] = false
|
||||
default['gitlab']['mattermost']['service_port'] = "8065"
|
||||
default['gitlab']['mattermost']['service_version'] = "developer"
|
||||
default['gitlab']['mattermost']['service_analytics_url'] = nil
|
||||
default['gitlab']['mattermost']['service_use_local_storage'] = true
|
||||
default['gitlab']['mattermost']['service_storage_directory'] = "/var/opt/gitlab/mattermost/data"
|
||||
default['gitlab']['mattermost']['service_allowed_login_attempts'] = 10
|
||||
|
||||
default['gitlab']['mattermost']['sql_data_source'] = nil
|
||||
default['gitlab']['mattermost']['sql_data_source_replicas'] = []
|
||||
default['gitlab']['mattermost']['sql_max_idle_conns'] = 10
|
||||
default['gitlab']['mattermost']['sql_max_open_conns'] = 10
|
||||
default['gitlab']['mattermost']['sql_trace'] = false
|
||||
|
||||
# default['gitlab']['mattermost']['oauth'] = {'gitlab' => {'Allow' => true, 'Secret' => "123", 'Id' => "123", "AuthEndpoint" => "aa", "TokenEndpoint" => "bb", "UserApiEndpoint" => "cc" }}
|
||||
default['gitlab']['mattermost']['oauth'] = {}
|
||||
# default['gitlab']['mattermost']['aws'] = {'S3AccessKeyId' => '123', 'S3SecretAccessKey' => '123', 'S3Bucket' => 'aa', 'S3Region' => 'bb'}
|
||||
default['gitlab']['mattermost']['aws'] = {}
|
||||
default['gitlab']['mattermost']['image_thumbnail_width'] = 120
|
||||
default['gitlab']['mattermost']['image_thumbnail_height'] = 100
|
||||
default['gitlab']['mattermost']['image_preview_width'] = 1024
|
||||
default['gitlab']['mattermost']['image_preview_height'] = 0
|
||||
default['gitlab']['mattermost']['image_profile_width'] = 128
|
||||
default['gitlab']['mattermost']['image_profile_height'] = 128
|
||||
default['gitlab']['mattermost']['image_initial_font'] = 'luximbi.ttf'
|
||||
|
||||
default['gitlab']['mattermost']['email_by_pass_email'] = true
|
||||
default['gitlab']['mattermost']['email_smtp_username'] = nil
|
||||
default['gitlab']['mattermost']['email_smtp_password'] = nil
|
||||
default['gitlab']['mattermost']['email_smtp_server'] = nil
|
||||
default['gitlab']['mattermost']['email_use_tls'] = false
|
||||
default['gitlab']['mattermost']['email_feedback_email'] = nil
|
||||
default['gitlab']['mattermost']['email_feedback_name'] = nil
|
||||
default['gitlab']['mattermost']['email_apple_push_server'] = nil
|
||||
default['gitlab']['mattermost']['email_apple_push_cert_public'] = nil
|
||||
default['gitlab']['mattermost']['email_apple_push_cert_private'] = nil
|
||||
|
||||
default['gitlab']['mattermost']['ratelimit_use_rate_limiter'] = true
|
||||
default['gitlab']['mattermost']['ratelimit_per_sec'] = 10
|
||||
default['gitlab']['mattermost']['ratelimit_memory_store_size'] = 10000
|
||||
default['gitlab']['mattermost']['ratelimit_vary_by_remote_addr'] = true
|
||||
default['gitlab']['mattermost']['ratelimit_vary_by_header'] = nil
|
||||
|
||||
default['gitlab']['mattermost']['privacy_show_email_address'] = true
|
||||
default['gitlab']['mattermost']['privacy_show_phone_number'] = true
|
||||
default['gitlab']['mattermost']['privacy_show_skype_id'] = true
|
||||
default['gitlab']['mattermost']['privacy_show_full_name'] = true
|
||||
|
||||
default['gitlab']['mattermost']['team_max_users_per_team'] = 150
|
||||
default['gitlab']['mattermost']['team_allow_public_link'] = true
|
||||
default['gitlab']['mattermost']['team_allow_valet_default'] = false
|
||||
default['gitlab']['mattermost']['team_terms_link'] = '/static/help/configure_links.html'
|
||||
default['gitlab']['mattermost']['team_privacy_link'] = '/static/help/configure_links.html'
|
||||
default['gitlab']['mattermost']['team_about_link'] = '/static/help/configure_links.html'
|
||||
default['gitlab']['mattermost']['team_help_link'] = '/static/help/configure_links.html'
|
||||
default['gitlab']['mattermost']['team_report_problem_link'] = '/static/help/configure_links.html'
|
||||
default['gitlab']['mattermost']['team_tour_link'] = '/static/help/configure_links.html'
|
||||
default['gitlab']['mattermost']['team_default_color'] = '#2389D7'
|
||||
|
||||
####
|
||||
# Mattermost NGINX
|
||||
####
|
||||
default['gitlab']['mattermost-nginx'] = default['gitlab']['nginx'].dup
|
||||
default['gitlab']['mattermost-nginx']['enable'] = false
|
||||
|
|
|
@ -50,14 +50,17 @@ module Gitlab
|
|||
gitlab_git_http_server Mash.new
|
||||
nginx Mash.new
|
||||
ci_nginx Mash.new
|
||||
mattermost_nginx Mash.new
|
||||
logging Mash.new
|
||||
remote_syslog Mash.new
|
||||
logrotate Mash.new
|
||||
high_availability Mash.new
|
||||
web_server Mash.new
|
||||
mattermost Mash.new
|
||||
node nil
|
||||
external_url nil
|
||||
ci_external_url nil
|
||||
mattermost_external_url nil
|
||||
git_data_dir nil
|
||||
|
||||
class << self
|
||||
|
@ -81,6 +84,11 @@ module Gitlab
|
|||
end
|
||||
Gitlab['gitlab_ci']['db_key_base'] ||= generate_hex(64)
|
||||
|
||||
Gitlab['mattermost']['service_invite_salt'] ||= generate_hex(64)
|
||||
Gitlab['mattermost']['service_public_link_salt'] ||= generate_hex(64)
|
||||
Gitlab['mattermost']['service_reset_salt'] ||= generate_hex(64)
|
||||
Gitlab['mattermost']['sql_at_rest_encrypt_key'] ||= generate_hex(64)
|
||||
|
||||
# Note: Besides the section below, gitlab-secrets.json will also change
|
||||
# in CiHelper in libraries/helper.rb
|
||||
SecretsHelper.write_to_gitlab_secrets
|
||||
|
@ -148,6 +156,7 @@ module Gitlab
|
|||
postgresql
|
||||
remote-syslog
|
||||
gitlab-git-http-server
|
||||
mattermost
|
||||
}.each do |runit_sv|
|
||||
Gitlab[runit_sv.gsub('-', '_')]['svlogd_prefix'] ||= "#{node['hostname']} #{runit_sv}: "
|
||||
end
|
||||
|
@ -200,6 +209,27 @@ module Gitlab
|
|||
end
|
||||
end
|
||||
|
||||
def parse_mattermost_postgresql_settings
|
||||
value_from_gitlab_rb = Gitlab['mattermost']['sql_data_source']
|
||||
|
||||
attributes_values = []
|
||||
[
|
||||
%w{postgresql sql_mattermost_user},
|
||||
%w{postgresql unix_socket_directory},
|
||||
%w{postgresql port},
|
||||
%w{mattermost database_name}
|
||||
].each do |value|
|
||||
attributes_values << (Gitlab[value.first][value.last] || node['gitlab'][value.first][value.last])
|
||||
end
|
||||
|
||||
value_from_attributes = "user=#{attributes_values[0]} host=#{attributes_values[1]} port=#{attributes_values[2]} dbname=#{attributes_values[3]}"
|
||||
Gitlab['mattermost']['sql_data_source'] = value_from_gitlab_rb || value_from_attributes
|
||||
|
||||
if Gitlab['mattermost']['sql_data_source_replicas'].nil? && node['gitlab']['mattermost']['sql_data_source_replicas'].empty?
|
||||
Gitlab['mattermost']['sql_data_source_replicas'] = [Gitlab['mattermost']['sql_data_source']]
|
||||
end
|
||||
end
|
||||
|
||||
def parse_unicorn_listen_address
|
||||
# Make sure gitlab-git-http-server can talk to unicorn
|
||||
listen_address = unicorn['listen'] || node['gitlab']['unicorn']['listen']
|
||||
|
@ -273,6 +303,49 @@ module Gitlab
|
|||
ci_nginx['enable'] = true if ci_nginx['enable'].nil?
|
||||
end
|
||||
|
||||
def parse_mattermost_external_url
|
||||
return unless mattermost_external_url
|
||||
|
||||
mattermost['enable'] = true if mattermost['enable'].nil?
|
||||
|
||||
uri = URI(mattermost_external_url.to_s)
|
||||
|
||||
unless uri.host
|
||||
raise "GitLab Mattermost external URL must must include a schema and FQDN, e.g. http://mattermost.example.com/"
|
||||
end
|
||||
|
||||
Gitlab['mattermost']['host'] = uri.host
|
||||
|
||||
case uri.scheme
|
||||
when "http"
|
||||
Gitlab['mattermost']['service_use_ssl'] = false
|
||||
when "https"
|
||||
Gitlab['mattermost']['service_use_ssl'] = true
|
||||
Gitlab['mattermost_nginx']['ssl_certificate'] ||= "/etc/gitlab/ssl/#{uri.host}.crt"
|
||||
Gitlab['mattermost_nginx']['ssl_certificate_key'] ||= "/etc/gitlab/ssl/#{uri.host}.key"
|
||||
else
|
||||
raise "Unsupported external URL scheme: #{uri.scheme}"
|
||||
end
|
||||
|
||||
unless ["", "/"].include?(uri.path)
|
||||
raise "Unsupported CI external URL path: #{uri.path}"
|
||||
end
|
||||
|
||||
Gitlab['mattermost_nginx']['listen_port'] = uri.port
|
||||
end
|
||||
|
||||
def parse_gitlab_mattermost
|
||||
return unless mattermost['enable']
|
||||
|
||||
mattermost_nginx['enable'] = true if mattermost_nginx['enable'].nil?
|
||||
|
||||
unless gitlab_rails["enable"] || node['gitlab']['gitlab-rails']['enable']
|
||||
redis["enable"] = false
|
||||
unicorn["enable"] = false
|
||||
sidekiq["enable"] = false
|
||||
end
|
||||
end
|
||||
|
||||
def generate_hash
|
||||
results = { "gitlab" => {} }
|
||||
[
|
||||
|
@ -291,14 +364,17 @@ module Gitlab
|
|||
"gitlab_git_http_server",
|
||||
"nginx",
|
||||
"ci_nginx",
|
||||
"mattermost_nginx",
|
||||
"logging",
|
||||
"remote_syslog",
|
||||
"logrotate",
|
||||
"high_availability",
|
||||
"postgresql",
|
||||
"web_server",
|
||||
"mattermost",
|
||||
"external_url",
|
||||
"ci_external_url"
|
||||
"ci_external_url",
|
||||
"mattermost_external_url"
|
||||
].each do |key|
|
||||
rkey = key.gsub('_', '-')
|
||||
results['gitlab'][rkey] = Gitlab[key]
|
||||
|
@ -314,6 +390,7 @@ module Gitlab
|
|||
parse_udp_log_shipping
|
||||
parse_redis_settings
|
||||
parse_postgresql_settings
|
||||
parse_mattermost_postgresql_settings
|
||||
# Parse ci_external_url _before_ gitlab_ci settings so that the user
|
||||
# can turn on gitlab_ci by only specifying ci_external_url
|
||||
parse_ci_external_url
|
||||
|
@ -321,6 +398,8 @@ module Gitlab
|
|||
parse_nginx_listen_address
|
||||
parse_nginx_listen_ports
|
||||
parse_gitlab_ci
|
||||
parse_mattermost_external_url
|
||||
parse_gitlab_mattermost
|
||||
# The last step is to convert underscores to hyphens in top-level keys
|
||||
generate_hash
|
||||
end
|
||||
|
|
|
@ -106,15 +106,55 @@ class OmnibusHelper
|
|||
|
||||
end
|
||||
|
||||
module AuthorizeHelper
|
||||
|
||||
def query_gitlab_rails(uri, name)
|
||||
warn("Connecting to GitLab to generate new app_id and app_secret for #{name}.")
|
||||
runner_cmd = create_or_find_authorization(uri, name)
|
||||
cmd = execute_rails_runner(runner_cmd)
|
||||
do_shell_out(cmd)
|
||||
end
|
||||
|
||||
def create_or_find_authorization(uri, name)
|
||||
args = %Q(redirect_uri: "#{uri}", name: "#{name}")
|
||||
|
||||
app = %Q(app = Doorkeeper::Application.where(#{args}).first_or_create;)
|
||||
|
||||
output = %Q(puts app.uid.concat(" ").concat(app.secret);)
|
||||
|
||||
%W(
|
||||
#{app}
|
||||
#{output}
|
||||
).join
|
||||
end
|
||||
|
||||
def execute_rails_runner(cmd)
|
||||
%W(
|
||||
/opt/gitlab/bin/gitlab-rails
|
||||
runner
|
||||
-e production
|
||||
'#{cmd}'
|
||||
).join(" ")
|
||||
end
|
||||
|
||||
def warn(msg)
|
||||
Chef::Log.warn(msg)
|
||||
end
|
||||
|
||||
def info(msg)
|
||||
Chef::Log.info(msg)
|
||||
end
|
||||
end
|
||||
|
||||
class CiHelper
|
||||
extend ShellOutHelper
|
||||
extend AuthorizeHelper
|
||||
|
||||
def self.authorize_with_gitlab(gitlab_external_url)
|
||||
warn("Connecting to GitLab to generate new app_id and app_secret.")
|
||||
redirect_uri = "#{Gitlab['ci_external_url']}/user_sessions/callback"
|
||||
app_name = "GitLab CI"
|
||||
|
||||
runner_cmd = create_or_find_authorization
|
||||
cmd = execute_rails_runner(runner_cmd)
|
||||
o = do_shell_out(cmd)
|
||||
o = query_gitlab_rails(redirect_uri, app_name)
|
||||
|
||||
app_id, app_secret = nil
|
||||
if o.exitstatus == 0
|
||||
|
@ -133,38 +173,46 @@ class CiHelper
|
|||
|
||||
{ 'url' => gitlab_external_url, 'app_id' => app_id, 'app_secret' => app_secret }
|
||||
end
|
||||
end
|
||||
|
||||
def self.create_or_find_authorization
|
||||
ci_external_url = Gitlab['ci_external_url']
|
||||
args = %Q(redirect_uri: "#{ci_external_url}/user_sessions/callback", name: "GitLab CI")
|
||||
class MattermostHelper
|
||||
extend ShellOutHelper
|
||||
extend AuthorizeHelper
|
||||
|
||||
app = %Q(app = Doorkeeper::Application.where(#{args}).first_or_create;)
|
||||
def self.authorize_with_gitlab(gitlab_external_url)
|
||||
redirect_uri = "#{Gitlab['mattermost_external_url']}/signup/gitlab/complete\r\n#{Gitlab['mattermost_external_url']}/login/gitlab/complete"
|
||||
app_name = "GitLab Mattermost"
|
||||
|
||||
output = %Q(puts app.uid.concat(" ").concat(app.secret);)
|
||||
o = query_gitlab_rails(redirect_uri, app_name)
|
||||
|
||||
%W(
|
||||
#{app}
|
||||
#{output}
|
||||
).join
|
||||
app_id, app_secret = nil
|
||||
if o.exitstatus == 0
|
||||
app_id, app_secret = o.stdout.chomp.split(" ")
|
||||
gitlab_url = gitlab_external_url.chomp("/")
|
||||
|
||||
Gitlab['mattermost']['oauth'] = {} unless Gitlab['mattermost']['oauth']
|
||||
Gitlab['mattermost']['oauth']['gitlab'] = { 'Allow' => true,
|
||||
'Secret' => app_secret,
|
||||
'Id' => app_id,
|
||||
'AuthEndpoint' => "#{gitlab_url}/oauth/authorize",
|
||||
'TokenEndpoint' => "#{gitlab_url}/oauth/token",
|
||||
'UserApiEndpoint' => "#{gitlab_url}/api/v3/user"
|
||||
}
|
||||
|
||||
SecretsHelper.write_to_gitlab_secrets
|
||||
info("Updated the gitlab-secrets.json file.")
|
||||
else
|
||||
warn("Something went wrong while trying to update gitlab-secrets.json. Check the file permissions and try reconfiguring again.")
|
||||
end
|
||||
|
||||
{ 'Allow' => true,
|
||||
'Secret' => app_secret,
|
||||
'Id' => app_id,
|
||||
'AuthEndpoint' => "#{gitlab_url}/oauth/authorize",
|
||||
'TokenEndpoint' => "#{gitlab_url}/oauth/token",
|
||||
'UserApiEndpoint' => "#{gitlab_url}/api/v3/user"
|
||||
}
|
||||
end
|
||||
|
||||
def self.execute_rails_runner(cmd)
|
||||
%W(
|
||||
/opt/gitlab/bin/gitlab-rails
|
||||
runner
|
||||
-e production
|
||||
'#{cmd}'
|
||||
).join(" ")
|
||||
end
|
||||
|
||||
def self.warn(msg)
|
||||
Chef::Log.warn(msg)
|
||||
end
|
||||
|
||||
def self.info(msg)
|
||||
Chef::Log.info(msg)
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
class SecretsHelper
|
||||
|
@ -196,6 +244,12 @@ class SecretsHelper
|
|||
'secret_token' => Gitlab['gitlab_ci']['secret_token'],
|
||||
'secret_key_base' => Gitlab['gitlab_ci']['secret_key_base'],
|
||||
'db_key_base' => Gitlab['gitlab_ci']['db_key_base'],
|
||||
},
|
||||
'mattermost' => {
|
||||
'service_invite_salt' => Gitlab['mattermost']['service_invite_salt'],
|
||||
'service_public_link_salt' => Gitlab['mattermost']['service_public_link_salt'],
|
||||
'service_reset_salt' => Gitlab['mattermost']['service_reset_salt'],
|
||||
'sql_at_rest_encrypt_key' => Gitlab['mattermost']['sql_at_rest_encrypt_key']
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -210,6 +264,15 @@ class SecretsHelper
|
|||
secret_tokens['gitlab_ci'].merge!(ci_auth)
|
||||
end
|
||||
|
||||
if Gitlab['mattermost']['oauth'] && Gitlab['mattermost']['oauth']['gitlab']
|
||||
gitlab_oauth = { 'oauth' =>
|
||||
{
|
||||
'gitlab' => Gitlab['mattermost']['oauth']['gitlab']
|
||||
}
|
||||
}
|
||||
secret_tokens['mattermost'].merge!(gitlab_oauth)
|
||||
end
|
||||
|
||||
if File.directory?("/etc/gitlab")
|
||||
File.open("/etc/gitlab/gitlab-secrets.json", "w") do |f|
|
||||
f.puts(
|
||||
|
|
|
@ -107,6 +107,7 @@ include_recipe "runit"
|
|||
"remote-syslog",
|
||||
"logrotate",
|
||||
"bootstrap",
|
||||
"mattermost"
|
||||
].each do |service|
|
||||
if node["gitlab"][service]["enable"]
|
||||
include_recipe "gitlab::#{service}"
|
||||
|
|
|
@ -0,0 +1,113 @@
|
|||
#
|
||||
# Copyright:: Copyright (c) 2012 Opscode, Inc.
|
||||
# Copyright:: Copyright (c) 2015 GitLab B.V.
|
||||
# License:: Apache License, Version 2.0
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
gitlab = node['gitlab']
|
||||
|
||||
mattermost_user = gitlab['mattermost']['username']
|
||||
mattermost_group = gitlab['mattermost']['group']
|
||||
mattermost_home = gitlab['mattermost']['home']
|
||||
mattermost_log_dir = gitlab['mattermost']['log_file_directory']
|
||||
mattermost_storage_directory = gitlab['mattermost']['service_storage_directory']
|
||||
postgresql_socket_dir = gitlab['postgresql']['unix_socket_directory']
|
||||
pg_port = gitlab['postgresql']['port']
|
||||
pg_user = gitlab['postgresql']['username']
|
||||
|
||||
###
|
||||
# Create group and user that will be running mattermost
|
||||
###
|
||||
group mattermost_group do
|
||||
system true
|
||||
end
|
||||
|
||||
user mattermost_user do
|
||||
shell '/bin/sh'
|
||||
home mattermost_home
|
||||
gid mattermost_group
|
||||
system true
|
||||
end
|
||||
|
||||
###
|
||||
# Create required directories
|
||||
###
|
||||
|
||||
[
|
||||
mattermost_home,
|
||||
mattermost_log_dir,
|
||||
mattermost_storage_directory
|
||||
].compact.each do |dir|
|
||||
directory dir do
|
||||
owner mattermost_user
|
||||
recursive true
|
||||
end
|
||||
end
|
||||
|
||||
###
|
||||
# Create the database users, create the database we need, and grant them
|
||||
# privileges.
|
||||
###
|
||||
|
||||
pg_helper = PgHelper.new(node)
|
||||
bin_dir = "/opt/gitlab/embedded/bin"
|
||||
|
||||
db_name = gitlab['mattermost']['database_name']
|
||||
sql_user = gitlab['postgresql']['sql_mattermost_user']
|
||||
|
||||
execute "create #{sql_user} database user" do
|
||||
command "#{bin_dir}/psql --port #{pg_port} -h #{postgresql_socket_dir} -d template1 -c \"CREATE USER #{sql_user}\""
|
||||
user pg_user
|
||||
not_if { !pg_helper.is_running? || pg_helper.user_exists?(sql_user) }
|
||||
end
|
||||
|
||||
execute "create #{db_name} database" do
|
||||
command "#{bin_dir}/createdb --port #{pg_port} -h #{postgresql_socket_dir} -O #{sql_user} #{db_name}"
|
||||
user pg_user
|
||||
not_if { !pg_helper.is_running? || pg_helper.database_exists?(db_name) }
|
||||
retries 30
|
||||
end
|
||||
|
||||
###
|
||||
# Populate mattermost configuration options
|
||||
###
|
||||
# Try connecting to GitLab only if it is enabled
|
||||
if gitlab['enable']
|
||||
database_ready = pg_helper.is_running? && pg_helper.database_exists?(gitlab['gitlab-rails']['db_database'])
|
||||
gitlab_oauth = if gitlab['mattermost']['oauth']['gitlab']
|
||||
gitlab['mattermost']['oauth']['gitlab']
|
||||
else
|
||||
database_ready ? MattermostHelper.authorize_with_gitlab(Gitlab['external_url']):{}
|
||||
end
|
||||
oauth_attributes = gitlab['mattermost']['oauth'].to_hash.merge('gitlab' => gitlab_oauth)
|
||||
end
|
||||
|
||||
template "#{mattermost_home}/config.json" do
|
||||
source "config.json.erb"
|
||||
owner mattermost_user
|
||||
variables gitlab['mattermost'].to_hash.merge(gitlab['postgresql']).to_hash.merge('oauth' => oauth_attributes)
|
||||
mode "0644"
|
||||
notifies :restart, "service[mattermost]"
|
||||
end
|
||||
|
||||
###
|
||||
# Mattermost control service
|
||||
###
|
||||
|
||||
runit_service "mattermost" do
|
||||
options({
|
||||
:log_directory => mattermost_log_dir
|
||||
}.merge(params))
|
||||
log_options gitlab['logging'].to_hash.merge(gitlab['mattermost'].to_hash)
|
||||
end
|
|
@ -0,0 +1,20 @@
|
|||
#
|
||||
# Copyright:: Copyright (c) 2015 GitLab B.V.
|
||||
# License:: Apache License, Version 2.0
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
runit_service "mattermost" do
|
||||
action :disable
|
||||
end
|
|
@ -42,6 +42,7 @@ nginx_config = File.join(nginx_conf_dir, "nginx.conf")
|
|||
|
||||
gitlab_rails_http_conf = File.join(nginx_conf_dir, "gitlab-http.conf")
|
||||
gitlab_ci_http_conf = File.join(nginx_conf_dir, "gitlab-ci-http.conf")
|
||||
gitlab_mattermost_http_conf = File.join(nginx_conf_dir, "gitlab-mattermost-http.conf")
|
||||
|
||||
# If the service is enabled, check if we are using internal nginx
|
||||
gitlab_rails_enabled = if node['gitlab']['gitlab-rails']['enable']
|
||||
|
@ -56,6 +57,12 @@ gitlab_ci_enabled = if node['gitlab']['gitlab-ci']['enable']
|
|||
false
|
||||
end
|
||||
|
||||
gitlab_mattermost_enabled = if node['gitlab']['mattermost']['enable']
|
||||
node['gitlab']['mattermost-nginx']['enable']
|
||||
else
|
||||
false
|
||||
end
|
||||
|
||||
# Include the config file for gitlab-rails in nginx.conf later
|
||||
nginx_vars = node['gitlab']['nginx'].to_hash.merge({
|
||||
:gitlab_http_config => gitlab_rails_enabled ? gitlab_rails_http_conf : nil
|
||||
|
@ -65,6 +72,11 @@ nginx_vars = node['gitlab']['nginx'].to_hash.merge({
|
|||
nginx_vars = nginx_vars.merge!(
|
||||
:gitlab_ci_http_config => gitlab_ci_enabled ? gitlab_ci_http_conf : nil
|
||||
)
|
||||
# Include the config file for gitlab mattermost in nginx.conf later
|
||||
nginx_vars = nginx_vars.to_hash.merge!({
|
||||
:gitlab_mattermost_http_config => gitlab_mattermost_enabled ? gitlab_mattermost_http_conf : nil
|
||||
})
|
||||
|
||||
if nginx_vars['listen_https'].nil?
|
||||
nginx_vars['https'] = node['gitlab']['gitlab-rails']['gitlab_https']
|
||||
else
|
||||
|
@ -109,6 +121,29 @@ template gitlab_ci_http_conf do
|
|||
action gitlab_ci_enabled ? :create : :delete
|
||||
end
|
||||
|
||||
mattermost_nginx_vars = node['gitlab']['mattermost-nginx'].to_hash
|
||||
|
||||
if mattermost_nginx_vars['listen_https'].nil?
|
||||
mattermost_nginx_vars['https'] = node['gitlab']['mattermost']['service_use_ssl']
|
||||
else
|
||||
mattermost_nginx_vars['https'] = mattermost_nginx_vars['listen_https']
|
||||
end
|
||||
|
||||
template gitlab_mattermost_http_conf do
|
||||
source "nginx-gitlab-mattermost-http.conf.erb"
|
||||
owner "root"
|
||||
group "root"
|
||||
mode "0644"
|
||||
variables(mattermost_nginx_vars.merge(
|
||||
{
|
||||
:fqdn => node['gitlab']['mattermost']['host'],
|
||||
:service_port => node['gitlab']['mattermost']['service_port']
|
||||
}
|
||||
))
|
||||
notifies :restart, 'service[nginx]' if OmnibusHelper.should_notify?("nginx")
|
||||
action gitlab_mattermost_enabled ? :create : :delete
|
||||
end
|
||||
|
||||
template nginx_config do
|
||||
source "nginx.conf.erb"
|
||||
owner "root"
|
||||
|
|
|
@ -0,0 +1,82 @@
|
|||
{
|
||||
"LogSettings": {
|
||||
"ConsoleEnable": <%= @log_console_enable %>,
|
||||
"ConsoleLevel": "<%= @log_console_level %>",
|
||||
"FileEnable": <%= @log_file_enable %>,
|
||||
"FileLevel": "<%= @log_file_level %>",
|
||||
"FileFormat": "<%= @log_file_format %>",
|
||||
"FileLocation": "<%= @log_file_directory %>/mattermost.log"
|
||||
},
|
||||
"ServiceSettings": {
|
||||
"SiteName": "<%= @service_site_name %>",
|
||||
"Mode" : "<%= @service_mode %>",
|
||||
"AllowTesting" : <%= @service_allow_testing %>,
|
||||
"UseSSL": <%= @service_use_ssl %>,
|
||||
"Port": "<%= @service_port %>",
|
||||
"Version": "<%= @service_version %>",
|
||||
"InviteSalt": "<%= @service_invite_salt %>",
|
||||
"PublicLinkSalt": "<%= @service_public_link_salt %>",
|
||||
"ResetSalt": "<%= @service_reset_salt %>",
|
||||
"AnalyticsUrl": "<%= @service_analytics_url %>",
|
||||
"UseLocalStorage": <%= @service_use_local_storage %>,
|
||||
"StorageDirectory": "<%= @service_storage_directory %>",
|
||||
"AllowedLoginAttempts": <%= @service_allowed_login_attempts %>
|
||||
},
|
||||
"SSOSettings": <%= @oauth.to_json %>,
|
||||
"SqlSettings": {
|
||||
"DriverName": "postgres",
|
||||
"DataSource": "<%= @sql_data_source %>",
|
||||
"DataSourceReplicas": [<%= @sql_data_source_replicas.map{ |dsr| "\"#{dsr}\"" }.join(',') %>],
|
||||
"MaxIdleConns": <%= @sql_max_idle_conns %>,
|
||||
"MaxOpenConns": <%= @sql_max_open_conns %>,
|
||||
"Trace": <%= @sql_trace %>,
|
||||
"AtRestEncryptKey": "<%= @sql_at_rest_encrypt_key %>"
|
||||
},
|
||||
"AWSSettings": <%= @aws.to_json %>,
|
||||
"ImageSettings": {
|
||||
"ThumbnailWidth": <%= @image_thumbnail_width %>,
|
||||
"ThumbnailHeight": <%= @image_thumbnail_height %>,
|
||||
"PreviewWidth": <%= @image_preview_width %>,
|
||||
"PreviewHeight": <%= @image_preview_height %>,
|
||||
"ProfileWidth": <%= @image_profile_width %>,
|
||||
"ProfileHeight": <%= @image_profile_height %>,
|
||||
"InitialFont": "<%= @image_initial_font %>"
|
||||
},
|
||||
"EmailSettings": {
|
||||
"ByPassEmail" : <%= @email_by_pass_email %>,
|
||||
"SMTPUsername": "<%= @email_smtp_username %>",
|
||||
"SMTPPassword": "<%= @email_smtp_password %>",
|
||||
"SMTPServer": "<%= @email_smtp_server %>",
|
||||
"UseTLS": <%= @email_use_tls %>,
|
||||
"FeedbackEmail": "<%= @email_feedback_email %>",
|
||||
"FeedbackName": "<%= @email_feedback_name %>",
|
||||
"ApplePushServer": "<%= @email_apple_push_server %>",
|
||||
"ApplePushCertPublic": "<%= @email_apple_push_cert_public %>",
|
||||
"ApplePushCertPrivate": "<%= @email_apple_push_cert_private %>"
|
||||
},
|
||||
"RateLimitSettings": {
|
||||
"UseRateLimiter": <%= @ratelimit_use_rate_limiter %>,
|
||||
"PerSec": <%= @ratelimit_per_sec %>,
|
||||
"MemoryStoreSize": <%= @ratelimit_memory_store_size %>,
|
||||
"VaryByRemoteAddr": <%= @ratelimit_vary_by_remote_addr %>,
|
||||
"VaryByHeader": "<%= @ratelimit_vary_by_header %>"
|
||||
},
|
||||
"PrivacySettings": {
|
||||
"ShowEmailAddress": <%= @privacy_show_email_address %>,
|
||||
"ShowPhoneNumber": <%= @privacy_show_phone_number %>,
|
||||
"ShowSkypeId": <%= @privacy_show_skype_id %>,
|
||||
"ShowFullName": <%= @privacy_show_full_name %>
|
||||
},
|
||||
"TeamSettings": {
|
||||
"MaxUsersPerTeam": <%= @team_max_users_per_team %>,
|
||||
"AllowPublicLink": <%= @team_allow_public_link %>,
|
||||
"AllowValetDefault": <%= @team_allow_valet_default %>,
|
||||
"TermsLink": "<%= @team_terms_link %>",
|
||||
"PrivacyLink": "<%= @team_privacy_link %>",
|
||||
"AboutLink": "<%= @team_about_link %>",
|
||||
"HelpLink": "<%= @team_help_link %>",
|
||||
"ReportProblemLink": "<%= @team_report_problem_link %>",
|
||||
"TourLink": "<%= @team_tour_link %>",
|
||||
"DefaultThemeColor": "<%= @team_default_color %>"
|
||||
}
|
||||
}
|
|
@ -0,0 +1,70 @@
|
|||
# This file is managed by gitlab-ctl. Manual changes will be
|
||||
# erased! To change the contents below, edit /etc/gitlab/gitlab.rb
|
||||
# and run `sudo gitlab-ctl reconfigure`.
|
||||
|
||||
## GitLab Mattermost
|
||||
|
||||
upstream gitlab_mattermost {
|
||||
server 127.0.0.1:<%= @service_port %>;
|
||||
}
|
||||
|
||||
<% if @https && @redirect_http_to_https %>
|
||||
server {
|
||||
<% @listen_addresses.each do |listen_address| %>
|
||||
listen <%= listen_address %>:<%= @redirect_http_to_https_port %>;
|
||||
<% end %>
|
||||
server_name <%= @fqdn %>;
|
||||
server_tokens off;
|
||||
return 301 https://<%= @fqdn %>:<%= @port %>$request_uri;
|
||||
access_log <%= @log_directory %>/gitlab_mattermost_access.log;
|
||||
error_log <%= @log_directory %>/gitlab_mattermost_access.log;
|
||||
}
|
||||
<% end %>
|
||||
|
||||
server {
|
||||
<% @listen_addresses.each do |listen_address| %>
|
||||
listen <%= listen_address %>:<%= @listen_port %><% if @https %> ssl<% end %>;
|
||||
<% end %>
|
||||
server_name <%= @fqdn %>;
|
||||
server_tokens off; # don't show the version number, a security best practice
|
||||
|
||||
<% if @https %>
|
||||
ssl on;
|
||||
ssl_certificate <%= @ssl_certificate %>;
|
||||
ssl_certificate_key <%= @ssl_certificate_key %>;
|
||||
ssl_ciphers '<%= @ssl_ciphers %>';
|
||||
ssl_prefer_server_ciphers <%= @ssl_prefer_server_ciphers %>;
|
||||
ssl_protocols <%= @ssl_protocols %>;
|
||||
ssl_session_cache <%= @ssl_session_cache %>;
|
||||
ssl_session_timeout <%= @ssl_session_timeout %>;
|
||||
<% if @ssl_dhparam %>
|
||||
ssl_dhparam <%= @ssl_dhparam %>;
|
||||
<% end %>
|
||||
<% end %>
|
||||
|
||||
access_log <%= @log_directory %>/gitlab_mattermost_access.log;
|
||||
error_log <%= @log_directory %>/gitlab_mattermost_error.log;
|
||||
|
||||
location / {
|
||||
## If you use HTTPS make sure you disable gzip compression
|
||||
## to be safe against BREACH attack.
|
||||
<%= 'gzip off;' if @https %>
|
||||
|
||||
proxy_read_timeout 300;
|
||||
proxy_connect_timeout 300;
|
||||
proxy_redirect off;
|
||||
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Frame-Options SAMEORIGIN;
|
||||
|
||||
<% if @https %>
|
||||
proxy_set_header X-Forwarded-Ssl on;
|
||||
<% end %>
|
||||
proxy_pass http://gitlab_mattermost;
|
||||
}
|
||||
|
||||
<%= @custom_gitlab_mattermost_server_config %>
|
||||
}
|
|
@ -36,5 +36,9 @@ http {
|
|||
include <%= @gitlab_ci_http_config %>;
|
||||
<% end %>
|
||||
|
||||
<% if @gitlab_mattermost_http_config %>
|
||||
include <%= @gitlab_mattermost_http_config %>;
|
||||
<% end %>
|
||||
|
||||
<%= @custom_nginx_config %>
|
||||
}
|
||||
|
|
|
@ -42,5 +42,6 @@
|
|||
# MAPNAME SYSTEM-USERNAME PG-USERNAME
|
||||
gitlab <%= node['gitlab']['user']['username'] %> <%= node['gitlab']['postgresql']['sql_user'] %>
|
||||
gitlab <%= node['gitlab']['gitlab-ci']['username'] %> <%= node['gitlab']['postgresql']['sql_ci_user'] %>
|
||||
gitlab <%= node['gitlab']['mattermost']['username'] %> <%= node['gitlab']['postgresql']['sql_mattermost_user'] %>
|
||||
# Default to a 1-1 mapping between system usernames and Postgres usernames
|
||||
gitlab /^(.*)$ \1
|
||||
|
|
|
@ -0,0 +1,6 @@
|
|||
<%= "s#@svlogd_size" if @svlogd_size %>
|
||||
<%= "n#@svlogd_num" if @svlogd_num %>
|
||||
<%= "t#@svlogd_timeout" if @svlogd_timeout %>
|
||||
<%= "!#@svlogd_filter" if @svlogd_filter %>
|
||||
<%= "u#@svlogd_udp" if @svlogd_udp %>
|
||||
<%= "p#@svlogd_prefix" if @svlogd_prefix %>
|
|
@ -0,0 +1,2 @@
|
|||
#!/bin/sh
|
||||
exec svlogd -tt <%= @options[:log_directory] %>
|
|
@ -0,0 +1,4 @@
|
|||
#!/bin/sh
|
||||
exec 2>&1
|
||||
cd /opt/gitlab/embedded/service/mattermost
|
||||
exec chpst -P -U mattermost -u mattermost /opt/gitlab/embedded/bin/mattermost -config /var/opt/gitlab/mattermost/config.json
|
Loading…
Reference in New Issue