Merge branch 'custom_postgres_socket' into 'master'

Custom postgres socket location

Postgres is compiled by default to use `/tmp` as a socket directory. omnibus-gitlab also uses the postgres default.

If there is an existing Postgresql installation on the system where GitLab is installed and user still wants to use the packaged postgres installation will fail because GitLab will try to connect to the external database.

Few options on how to handle this:

1. Supply a different port for packaged postgresql
1. Supply a `unix_socket_directory` configuration option to postgresql.conf
1. Compile postgres to use a different socket directory, [Postgres docs say](http://www.postgresql.org/docs/9.2/static/runtime-config-connection.html) `The default is normally /tmp, but can be changed at build time`

Considering:

1. Easiest to implement. Downside: if existing postgresql db uses a different port there is a chance this bug can reappear for certain users. Still no real isolation as you would expect with a packaged program.
1. Semi-difficult to implement. Requires changes when calling any postgres proces, namely supplying `-h PATH_TO_SOCKET_DIR` for every request.
1. Unknown difficulty. There seems to be no option to do this without changing the source of postgres. Debian/Ubuntu packaged postgres seem to patch the code according to [this discussion](http://postgresql.nabble.com/Add-socket-dir-to-pg-config-td4944750.html)

Current direction:

I think we should strive towards further isolation of the packaged services so option 2 is proposed here.

Fixes #466

See merge request !387

files/gitlab-cookbooks/gitlab/attributes/default.rb

@@ -149,7 +149,8 @@ default['gitlab']['gitlab-rails']['db_database'] = "gitlabhq_production"
 default['gitlab']['gitlab-rails']['db_pool'] = 10
 default['gitlab']['gitlab-rails']['db_username'] = "gitlab"
 default['gitlab']['gitlab-rails']['db_password'] = nil
-default['gitlab']['gitlab-rails']['db_host'] = nil
+# Path to postgresql socket directory
+default['gitlab']['gitlab-rails']['db_host'] = "/var/opt/gitlab/postgresql"
 default['gitlab']['gitlab-rails']['db_port'] = 5432
 default['gitlab']['gitlab-rails']['db_socket'] = nil
 default['gitlab']['gitlab-rails']['db_sslmode'] = nil
@@ -223,6 +224,7 @@ default['gitlab']['postgresql']['ha'] = false
 default['gitlab']['postgresql']['dir'] = "/var/opt/gitlab/postgresql"
 default['gitlab']['postgresql']['data_dir'] = "/var/opt/gitlab/postgresql/data"
 default['gitlab']['postgresql']['log_directory'] = "/var/log/gitlab/postgresql"
+default['gitlab']['postgresql']['unix_socket_directory'] = "/var/opt/gitlab/postgresql"
 default['gitlab']['postgresql']['username'] = "gitlab-psql"
 default['gitlab']['postgresql']['uid'] = nil
 default['gitlab']['postgresql']['gid'] = nil
@@ -424,7 +426,8 @@ default['gitlab']['gitlab-ci']['db_database'] = "gitlab_ci_production"
 default['gitlab']['gitlab-ci']['db_pool'] = 10
 default['gitlab']['gitlab-ci']['db_username'] = "gitlab_ci"
 default['gitlab']['gitlab-ci']['db_password'] = nil
-default['gitlab']['gitlab-ci']['db_host'] = nil
+# Path to postgresql socket directory
+default['gitlab']['gitlab-ci']['db_host'] = "/var/opt/gitlab/postgresql"
 default['gitlab']['gitlab-ci']['db_port'] = 5432
 default['gitlab']['gitlab-ci']['db_socket'] = nil
 

files/gitlab-cookbooks/gitlab/libraries/helper.rb

@@ -65,6 +65,7 @@ class PgHelper
     cmd = ["/opt/gitlab/embedded/bin/chpst",
            "-u #{pg_user}",
            "/opt/gitlab/embedded/bin/psql",
+           "-h #{pg_host}",
            "--port #{pg_port}",
            cmd_list.join(" ")].join(" ")
     success?(cmd)
@@ -78,6 +79,10 @@ class PgHelper
     node['gitlab']['postgresql']['port']
   end
 
+  def pg_host
+    node['gitlab']['postgresql']['unix_socket_directory']
+  end
+
 end
 
 class OmnibusHelper

files/gitlab-cookbooks/gitlab/recipes/postgresql.rb

@@ -20,6 +20,7 @@ postgresql_dir = node['gitlab']['postgresql']['dir']
 postgresql_data_dir = node['gitlab']['postgresql']['data_dir']
 postgresql_data_dir_symlink = File.join(postgresql_dir, "data")
 postgresql_log_dir = node['gitlab']['postgresql']['log_directory']
+postgresql_socket_dir = node['gitlab']['postgresql']['unix_socket_directory']
 postgresql_user = node['gitlab']['postgresql']['username']
 
 group postgresql_user do
@@ -35,8 +36,13 @@ user postgresql_user do
   home node['gitlab']['postgresql']['home']
 end
 
+directory postgresql_dir do
+  owner node['gitlab']['postgresql']['username']
+  mode "0755"
+  recursive true
+end
+
 [
-  postgresql_dir,
   postgresql_data_dir,
   postgresql_log_dir
 ].each do |dir|
@@ -54,7 +60,7 @@ end
 
 file File.join(node['gitlab']['postgresql']['home'], ".profile") do
   owner node['gitlab']['postgresql']['username']
-  mode "0644"
+  mode "0600"
   content <<-EOH
 PATH=#{node['gitlab']['postgresql']['user_path']}
 EOH
@@ -162,13 +168,13 @@ end
 
 databases.each do |rails_app, db_name, sql_user|
   execute "create #{sql_user} database user" do
-    command "#{bin_dir}/psql --port #{pg_port} -d template1 -c \"CREATE USER #{sql_user}\""
+    command "#{bin_dir}/psql --port #{pg_port} -h #{postgresql_socket_dir} -d template1 -c \"CREATE USER #{sql_user}\""
     user pg_user
     not_if { !pg_helper.is_running? || pg_helper.user_exists?(sql_user) }
   end
 
   execute "create #{db_name} database" do
-    command "#{bin_dir}/createdb --port #{pg_port} -O #{sql_user} #{db_name}"
+    command "#{bin_dir}/createdb --port #{pg_port} -h #{postgresql_socket_dir} -O #{sql_user} #{db_name}"
     user pg_user
     not_if { !pg_helper.is_running? || pg_helper.database_exists?(db_name) }
     retries 30

files/gitlab-cookbooks/gitlab/templates/default/postgresql.conf.erb

@@ -69,7 +69,7 @@ max_connections = <%= node['gitlab']['postgresql']['max_connections'] %>      #
 # Note:  Increasing max_connections costs ~400 bytes of shared memory per
 # connection slot, plus lock space (see max_locks_per_transaction).
 #superuser_reserved_connections = 3 # (change requires restart)
-#unix_socket_directory = ''   # (change requires restart)
+unix_socket_directory = '<%= node['gitlab']['postgresql']['unix_socket_directory'] %>'   # (change requires restart)
 #unix_socket_group = ''     # (change requires restart)
 #unix_socket_permissions = 0777   # begin with 0 to use octal notation
           # (change requires restart)