gitlab
/
omnibus-gitlab
mirror of https://gitlab.com/gitlab-org/omnibus-gitlab.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'remove-gitlab-ci' into 'master' 

Remove all of GitLab CI for GitLab 9.0

Closes #792

See merge request !1324
This commit is contained in:
Marin Jankovski 2017-02-23 15:40:44 +00:00
parent 5511b24618 d4f3f5d57b
commit ad126ba202
33 changed files with 12 additions and 674 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
README.md
View File

@ -160,10 +160,6 @@ See [doc/common_installation_problems/README.md](doc/common_installation_problem
See [doc/common_installation_problems/README.md](doc/common_installation_problems/README.md#gitlab-is-unreachable-in-my-browser).
##### GitLab CI shows GitLab login page
See [doc/common_installation_problems/README.md](doc/common_installation_problems/README.md#gitlab-ci-shows-gitlab-login-page).
##### Emails are not being delivered
See [doc/common_installation_problems/README.md](doc/common_installation_problems/README.md#emails-are-not-being-delivered).

4
config/projects/gitlab.rb
View File

@ -23,13 +23,13 @@ ee = system("#{Omnibus::Config.project_root}/support/is_gitlab_ee.sh")
if ee
name 'gitlab-ee'
description 'GitLab Enterprise Edition and GitLab CI '\
description 'GitLab Enterprise Edition '\
'(including NGINX, Postgres, Redis)'
replace 'gitlab-ce'
conflict 'gitlab-ce'
else
name 'gitlab-ce'
description 'GitLab Community Edition and GitLab CI '\
description 'GitLab Community Edition '\
'(including NGINX, Postgres, Redis)'
replace 'gitlab-ee'
conflict 'gitlab-ee'

2
config/templates/package-scripts/postrm.erb
View File

@ -18,7 +18,7 @@ else
fi
cleanup_symlinks() {
binaries="gitlab-ctl gitlab-rake gitlab-rails gitlab-ci-rake gitlab-ci-rails gitlab-psql"
binaries="gitlab-ctl gitlab-rake gitlab-rails gitlab-psql"
for binary in $binaries; do
rm -f $PREFIX/bin/$binary
done

2
doc/README.md
View File

@ -6,7 +6,6 @@ Omnibus is a way to package different services and tools required to run GitLab,
- [Package downloads page](https://about.gitlab.com/downloads/)
- [Installation Requirements](https://docs.gitlab.com/ce/install/requirements.html)
- [GitLab CI](gitlab-ci/README.md) Set up the GitLab CI coordinator that ships with Omnibus GitLab package.
- [GitLab Mattermost](gitlab-mattermost/README.md) Set up the Mattermost messaging app that ships with Omnibus GitLab package.
- [GitLab Prometheus](https://docs.gitlab.com/ce/administration/monitoring/performance/prometheus.html) Set up the Prometheus
monitoring included in the Omnibus GitLab package.
@ -66,7 +65,6 @@ Omnibus is a way to package different services and tools required to run GitLab,
- [Hash Sum mismatch when installing packages](common_installation_problems/README.md#hash-sum-mismatch-when-installing-packages)
- [Apt error: 'The requested URL returned error: 403'](common_installation_problems/README.md#apt-error-the-requested-url-returned-error-403).
- [GitLab is unreachable in my browser](common_installation_problems/README.md#gitlab-is-unreachable-in-my-browser).
- [GitLab CI shows GitLab login page](common_installation_problems/README.md#gitlab-ci-shows-gitlab-login-page).
- [Emails are not being delivered](common_installation_problems/README.md#emails-are-not-being-delivered).
- [Reconfigure freezes at ruby_block[supervise_redis_sleep] action run](common_installation_problems/README.md#reconfigure-freezes-at-ruby_blocksupervise_redis_sleep-action-run).
- [TCP ports for GitLab services are already taken](common_installation_problems/README.md#tcp-ports-for-gitlab-services-are-already-taken).

12
doc/common_installation_problems/README.md
View File

@ -33,10 +33,6 @@ Try [specifying](#configuring-the-external-url-for-gitlab) an `external_url` in
`/etc/gitlab/gitlab.rb`. Also check your firewall settings; port 80 (HTTP) or
443 (HTTPS) might be closed on your GitLab server.
### GitLab CI shows GitLab login page
This section is deprecated for GitLab 8.0 and later versions.
### Emails are not being delivered
To test email delivery you can create a new GitLab account for an email that is
@ -367,7 +363,7 @@ If you are installing GitLab in an isolated network with custom certificate auth
Faraday::SSLError (SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed)
```
when GitLab tries to connect with the internal services like gitlab-shell or GitLab CI.
when GitLab tries to connect with the internal services like gitlab-shell.
#### Install custom certificate authorities:
@ -405,12 +401,6 @@ and run `sudo gitlab-ctl reconfigure`.
If you are using self-signed certificate do not forget to set `self_signed_cert: true` for gitlab-shell, see [gitlab.rb.template][] for more details.
### Error executing action create on resource cron[gitlab-ci schedule builds]
1. Double check if you have cron package installed: For Debian like systems `sudo apt-get install cron` or RHEL-like systems `sudo yum install cronie`
1. Check if user `gitlab-ci` is in `/etc/cron.deny` and if yes remove it. You can add the `gitlab-ci` user to `/etc/cron.allow``.
1. Check if you have PAM enabled and if gitlab-ci user is allowed to access crontab. If yes, try changing your `/etc/security/access.conf` to allow the user access to the resource, for example `+:gitlab-ci:ALL`.
### error: proxyRoundTripper: XXX failed with: "net/http: timeout awaiting response headers"
Starting with version 8.3, gitlab-workorse is the default router for any requests

36
doc/gitlab-ci/README.md
View File

@ -1,41 +1,5 @@
# GitLab CI
You can run a [GitLab CI](https://about.gitlab.com/gitlab-ci/) Coordinator
service on your GitLab server.
## Documentation version
Make sure you view this guide from the tag (version) of GitLab you would like
to install. In most cases this should be the highest numbered production tag
(without rc in it). You can select the tag in the version dropdown in the top
left corner of GitLab (below the menu bar).
If the highest number stable branch is unclear please check the
[GitLab Blog](https://about.gitlab.com/blog/) for installation guide links by
version.
## Getting started
Starting with GitLab 8.0, GitLab CI is integrated into GitLab.
To see how to configure your project with GitLab CI, see the [GitLab CI quickstart documentation](https://docs.gitlab.com/ce/ci/quick_start/README.html).
## Running GitLab CI on its own server
This section is deprecated for GitLab 8.0 and later versions.
See [getting started](#getting-started).
## Manually (re)authorising GitLab CI with GitLab
This section is deprecated for GitLab 8.0 and later versions.
See [getting started](#getting-started).
### Authorise GitLab CI
This section is deprecated for GitLab 8.0 and later versions.
See [getting started](#getting-started).
### Reauthorise GitLab CI
This section is deprecated for GitLab 8.0 and later versions.
See [getting started](#getting-started).

4
doc/settings/configuration.md
View File

@ -1,6 +1,6 @@
# Configuration options
GitLab and GitLab CI are configured by setting their relevant options in
GitLab is configured by setting the relevant options in
`/etc/gitlab/gitlab.rb`. See [package defaults](../package-information/defaults.md)
for a list of default settings and visit the
[gitlab.rb.template](https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-config-template/gitlab.rb.template)
@ -306,7 +306,7 @@ redis['username'] = "redis-gitlab"
redis['shell'] = "/bin/false"
redis['home'] = "/var/opt/redis-gitlab"
# And so on for users/groups for GitLab CI GitLab Mattermost
# And so on for users/groups for GitLab Mattermost
```
## Disable storage directories management

6
doc/settings/environment-variables.md
View File

@ -11,10 +11,4 @@ example:
gitlab_rails['env'] = {"http_proxy" => "my_proxy", "https_proxy" => "my_proxy"}
```
For GitLab CI, use `gitlab_ci['env']`:
```ruby
gitlab_ci['env'] = {"my_var" => "my value"}
```
Run `sudo gitlab-ctl reconfigure` for the change to take effect.

3
docker/assets/setup
View File

@ -33,7 +33,7 @@ groupadd -g 998 git
groupadd -g 999 gitlab-www
groupadd -g 997 gitlab-redis
groupadd -g 996 gitlab-psql
# groupadd -g 995 gitlab-ci
groupadd -g 994 mattermost
groupadd -g 993 registry
groupadd -g 992 gitlab-prometheus
@ -43,7 +43,6 @@ useradd -m -u 998 -g git -m -s /bin/sh -d /var/opt/gitlab git
useradd -m -u 999 -g gitlab-www -m -s /bin/false -d /var/opt/gitlab/nginx gitlab-www
useradd -m -u 997 -g gitlab-redis -m -s /bin/false -d /var/opt/gitlab/redis gitlab-redis
useradd -m -u 996 -g gitlab-psql -m -s /bin/sh -d /var/opt/gitlab/postgresql gitlab-psql
# useradd -m -u 995 -g gitlab-ci -m -s /bin/sh -d /var/opt/gitlab/gitlab-ci gitlab-ci
useradd -m -u 994 -g mattermost -m -s /bin/sh -d /var/opt/gitlab/mattermost mattermost
useradd -m -u 993 -g registry -m -s /bin/sh -d /var/opt/gitlab/registry registry
useradd -m -u 992 -g gitlab-prometheus -m -s /bin/sh -d /var/opt/gitlab/prometheus gitlab-prometheus

5
files/gitlab-config-template/gitlab.rb.template
View File

@ -572,7 +572,6 @@ external_url 'GENERATED_EXTERNAL_URL'
# postgresql['home'] = "/var/opt/gitlab/postgresql"
# postgresql['user_path'] = "/opt/gitlab/embedded/bin:/opt/gitlab/bin:$PATH"
# postgresql['sql_user'] = "gitlab"
# postgresql['sql_ci_user'] = "gitlab_ci"
# postgresql['max_connections'] = 200
# postgresql['md5_auth_cidr_addresses'] = []
# postgresql['trust_auth_cidr_addresses'] = []
@ -927,15 +926,13 @@ external_url 'GENERATED_EXTERNAL_URL'
################################################################################
## GitLab CI
##! Docs: https://docs.gitlab.com/omnibus/gitlab-ci/README.html
##! Docs: https://docs.gitlab.com/ce/ci/quick_start/README.html
################################################################################
# gitlab_ci['gitlab_ci_all_broken_builds'] = true
# gitlab_ci['gitlab_ci_add_pusher'] = true
# gitlab_ci['builds_directory'] = '/var/opt/gitlab/gitlab-ci/builds'
### DEPRECATED: ci_external_url 'http://ci.example.com'
################################################################################
## GitLab Mattermost
##! Docs: https://docs.gitlab.com/omnibus/gitlab-mattermost

105
files/gitlab-cookbooks/gitlab/attributes/default.rb
View File

@ -350,7 +350,6 @@ default['gitlab']['postgresql']['home'] = "/var/opt/gitlab/postgresql"
# defaults to /opt/gitlab/embedded/bin:/opt/gitlab/bin/$PATH. The install-dir path is set at build time
default['gitlab']['postgresql']['user_path'] = "#{node['package']['install-dir']}/embedded/bin:#{node['package']['install-dir']}/bin:$PATH"
default['gitlab']['postgresql']['sql_user'] = "gitlab"
default['gitlab']['postgresql']['sql_ci_user'] = "gitlab_ci"
default['gitlab']['postgresql']['sql_mattermost_user'] = "gitlab_mattermost"
default['gitlab']['postgresql']['port'] = 5432
# Postgres allow multi listen_address, comma-separated values.
@ -664,116 +663,14 @@ default['gitlab']['high-availability']['mountpoint'] = nil
####
# GitLab CI Rails app
####
default['gitlab']['gitlab-ci']['enable'] = false
default['gitlab']['gitlab-ci']['dir'] = "/var/opt/gitlab/gitlab-ci"
default['gitlab']['gitlab-ci']['log_directory'] = "/var/log/gitlab/gitlab-ci"
default['gitlab']['gitlab-ci']['builds_directory'] = "/var/opt/gitlab/gitlab-ci/builds"
default['gitlab']['gitlab-ci']['environment'] = 'production'
default['gitlab']['gitlab-ci']['env'] = {
# Path the the GitLab CI Gemfile
# defaults to /opt/gitlab/embedded/service/gitlab-ci/Gemfile. The install-dir path is set at build time
'BUNDLE_GEMFILE' => "#{node['package']['install-dir']}/embedded/service/gitlab-ci/Gemfile",
# Path variable set in the environment for the GitLab CI processes
# defaults to /opt/gitlab/bin:/opt/gitlab/embedded/bin:/bin:/usr/bin. The install-dir path is set at build time
'PATH' => "#{node['package']['install-dir']}/bin:#{node['package']['install-dir']}/embedded/bin:/bin:/usr/bin"
}
default['gitlab']['gitlab-ci']['schedule_builds_minute'] = "0"
default['gitlab']['gitlab-ci']['username'] = "gitlab-ci"
default['gitlab']['gitlab-ci']['uid'] = nil
default['gitlab']['gitlab-ci']['gid'] = nil
default['gitlab']['gitlab-ci']['shell'] = "/bin/false"
# application.yml top-level settings
default['gitlab']['gitlab-ci']['gitlab_server'] = nil
# application.yml, gitlab_ci section
default['gitlab']['gitlab-ci']['gitlab_ci_host'] = nil
default['gitlab']['gitlab-ci']['gitlab_ci_port'] = 80
default['gitlab']['gitlab-ci']['gitlab_ci_https'] = false
default['gitlab']['gitlab-ci']['gitlab_ci_email_from'] = nil
default['gitlab']['gitlab-ci']['gitlab_ci_support_email'] = nil
default['gitlab']['gitlab-ci']['gitlab_ci_all_broken_builds'] = nil
default['gitlab']['gitlab-ci']['gitlab_ci_add_pusher'] = nil
default['gitlab']['gitlab-ci']['gitlab_ci_add_committer'] = nil # Deprecated, will be removed in the next release
# application.yml, gravatar section
default['gitlab']['gitlab-ci']['gravatar_enabled'] = true
default['gitlab']['gitlab-ci']['gravatar_plain_url'] = nil
default['gitlab']['gitlab-ci']['gravatar_ssl_url'] = nil
# application.yml, backup section
default['gitlab']['gitlab-ci']['backup_path'] = "/var/opt/gitlab/ci-backups"
default['gitlab']['gitlab-ci']['backup_keep_time'] = nil
default['gitlab']['gitlab-ci']['backup_upload_connection'] = nil
default['gitlab']['gitlab-ci']['backup_upload_remote_directory'] = nil
default['gitlab']['gitlab-ci']['backup_multipart_chunk_size'] = nil
# database.yml settings
default['gitlab']['gitlab-ci']['db_adapter'] = "postgresql"
default['gitlab']['gitlab-ci']['db_encoding'] = "unicode"
default['gitlab']['gitlab-ci']['db_database'] = "gitlab_ci_production"
default['gitlab']['gitlab-ci']['db_pool'] = 10
default['gitlab']['gitlab-ci']['db_username'] = "gitlab_ci"
default['gitlab']['gitlab-ci']['db_password'] = nil
# Path to postgresql socket directory
default['gitlab']['gitlab-ci']['db_host'] = "/var/opt/gitlab/postgresql"
default['gitlab']['gitlab-ci']['db_port'] = 5432
default['gitlab']['gitlab-ci']['db_socket'] = nil
# resque.yml settings
default['gitlab']['gitlab-ci']['redis_host'] = "127.0.0.1"
default['gitlab']['gitlab-ci']['redis_port'] = nil
default['gitlab']['gitlab-ci']['redis_socket'] = "/var/opt/gitlab/ci-redis/redis.socket"
# config/initializers/smtp_settings.rb settings
default['gitlab']['gitlab-ci']['smtp_enable'] = false
default['gitlab']['gitlab-ci']['smtp_address'] = nil
default['gitlab']['gitlab-ci']['smtp_port'] = nil
default['gitlab']['gitlab-ci']['smtp_user_name'] = nil
default['gitlab']['gitlab-ci']['smtp_password'] = nil
default['gitlab']['gitlab-ci']['smtp_domain'] = nil
default['gitlab']['gitlab-ci']['smtp_authentication'] = nil
default['gitlab']['gitlab-ci']['smtp_enable_starttls_auto'] = nil
default['gitlab']['gitlab-ci']['smtp_tls'] = nil
default['gitlab']['gitlab-ci']['smtp_openssl_verify_mode'] = nil
####
# CI Unicorn
####
default['gitlab']['ci-unicorn'] = default['gitlab']['unicorn'].dup
default['gitlab']['ci-unicorn']['enable'] = false
default['gitlab']['ci-unicorn']['log_directory'] = "/var/log/gitlab/ci-unicorn"
default['gitlab']['ci-unicorn']['port'] = 8181
default['gitlab']['ci-unicorn']['socket'] = '/var/opt/gitlab/gitlab-ci/sockets/gitlab.socket'
# Path to the GitLab CI's Unicorn Process ID file
# defaults to /opt/gitlab/var/ci-unicorn/unicorn.pid. The install-dir path is set at build time
default['gitlab']['ci-unicorn']['pidfile'] = "#{node['package']['install-dir']}/var/ci-unicorn/unicorn.pid"
####
# CI Sidekiq
####
default['gitlab']['ci-sidekiq'] = default['gitlab']['sidekiq'].dup
default['gitlab']['ci-sidekiq']['enable'] = false
default['gitlab']['ci-sidekiq']['log_directory'] = "/var/log/gitlab/ci-sidekiq"
####
# CI Redis
####
default['gitlab']['ci-redis'] = default['gitlab']['redis'].dup
default['gitlab']['ci-redis']['enable'] = false
default['gitlab']['ci-redis']['dir'] = "/var/opt/gitlab/ci-redis"
default['gitlab']['ci-redis']['log_directory'] = "/var/log/gitlab/ci-redis"
default['gitlab']['ci-redis']['unixsocket'] = "/var/opt/gitlab/ci-redis/redis.socket"
####
# CI NGINX
####
default['gitlab']['ci-nginx'] = default['gitlab']['nginx'].dup
default['gitlab']['ci-nginx']['enable'] = false
default['gitlab']['ci-nginx']['resolver'] = "8.8.8.8 8.8.4.4"
####
# Mattermost
####

20
files/gitlab-cookbooks/gitlab/libraries/account_helper.rb
View File

@ -54,22 +54,6 @@ class AccountHelper
node['gitlab']['postgresql']['username']
end
def gitlab_ci_user
node['gitlab']['gitlab-ci']['username']
end
def gitlab_ci_group
node['gitlab']['gitlab-ci']['username']
end
def ci_redis_user
node['gitlab']['ci-redis']['username']
end
def ci_redis_group
node['gitlab']['ci-redis']['username']
end
def mattermost_user
node['gitlab']['mattermost']['username']
end
@ -100,8 +84,6 @@ class AccountHelper
#{web_server_user}
#{redis_user}
#{postgresgl_user}
#{gitlab_ci_user}
#{ci_redis_user}
#{mattermost_user}
#{registry_user}
#{prometheus_user}
@ -114,8 +96,6 @@ class AccountHelper
#{web_server_group}
#{redis_group}
#{postgresgl_group}
#{gitlab_ci_group}
#{ci_redis_group}
#{mattermost_group}
#{registry_group}
#{prometheus_group}

18
files/gitlab-cookbooks/gitlab/libraries/gitlab.rb
View File

@ -31,7 +31,6 @@ require 'chef/mixin/deep_merge'
require 'securerandom'
require 'uri'
require_relative 'gitlab_ci.rb'
require_relative 'gitlab_mattermost.rb'
require_relative 'gitlab_pages.rb'
require_relative 'gitlab_rails.rb'
@ -56,22 +55,18 @@ module Gitlab
user Mash.new
postgresql Mash.new
redis Mash.new
ci_redis Mash.new
gitlab_rails Mash.new
gitlab_ci Mash.new
gitlab_shell Mash.new
unicorn Mash.new
ci_unicorn Mash.new
sidekiq Mash.new
sidekiq_cluster Mash.new
ci_sidekiq Mash.new
gitlab_workhorse Mash.new
gitlab_git_http_server Mash.new # legacy from GitLab 7.14, 8.0, 8.1
pages_nginx Mash.new
registry_nginx Mash.new
mailroom Mash.new
nginx Mash.new
ci_nginx Mash.new
mattermost_nginx Mash.new
logging Mash.new
remote_syslog Mash.new
@ -90,7 +85,6 @@ module Gitlab
node nil
external_url nil
pages_external_url nil
ci_external_url nil
mattermost_external_url nil
registry_external_url nil
git_data_dirs Mash.new
@ -131,8 +125,8 @@ module Gitlab
end
# Transform legacy key names to new key names
Gitlab['gitlab_rails']['db_key_base'] ||= Gitlab['gitlab_ci']['db_key_base']
Gitlab['gitlab_rails']['secret_key_base'] ||= Gitlab['gitlab_ci']['db_key_base']
Gitlab['gitlab_rails']['db_key_base'] ||= Gitlab['gitlab_ci']['db_key_base'] # Changed in 8.11
Gitlab['gitlab_rails']['secret_key_base'] ||= Gitlab['gitlab_ci']['db_key_base'] # Changed in 8.11
Gitlab['gitlab_rails']['otp_key_base'] ||= Gitlab['gitlab_rails']['secret_token']
# Note: If you add another secret to generate here make sure it gets written to disk in SecretsHelper.write_to_gitlab_secrets
@ -155,8 +149,6 @@ module Gitlab
Gitlab['mattermost']['email_password_reset_salt'] ||= generate_hex(16)
Gitlab['mattermost']['sql_at_rest_encrypt_key'] ||= generate_hex(16)
# Note: Besides the section below, gitlab-secrets.json will also change
# in CiHelper in libraries/helper.rb
SecretsHelper.write_to_gitlab_secrets
end
@ -172,19 +164,15 @@ module Gitlab
"manage_storage_directories",
"user",
"redis",
"ci_redis",
"gitlab_rails",
"gitlab_ci",
"gitlab_shell",
"unicorn",
"ci_unicorn",
"sidekiq",
"sidekiq-cluster",
"ci_sidekiq",
"gitlab_workhorse",
"mailroom",
"nginx",
"ci_nginx",
"mattermost_nginx",
"pages_nginx",
"registry_nginx",
@ -196,7 +184,6 @@ module Gitlab
"web_server",
"mattermost",
"external_url",
"ci_external_url",
"mattermost_external_url",
"pages_external_url",
"gitlab_pages",
@ -231,7 +218,6 @@ module Gitlab
Redis.parse_variables
Postgresql.parse_variables
Unicorn.parse_variables
GitlabCi.parse_variables
IncomingEmail.parse_variables
GitlabMattermost.parse_variables
GitlabPages.parse_variables

67
files/gitlab-cookbooks/gitlab/libraries/gitlab_ci.rb
View File

@ -1,67 +0,0 @@
#
# Copyright:: Copyright (c) 2016 GitLab Inc.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
module GitlabCi
class << self
# Standalone GitLab CI is deprected.
# The code below will be removed in the next major release.
def parse_variables
parse_ci_external_url
parse_gitlab_ci
end
def parse_ci_external_url
return unless Gitlab['ci_external_url']
# Disable gitlab_ci. This setting will be picked up by parse_gitlab_ci
Gitlab['gitlab_ci']['enable'] = false
uri = URI(Gitlab['ci_external_url'].to_s)
unless uri.host
raise "GitLab CI external URL must include a schema and FQDN, e.g. http://ci.example.com/"
end
Gitlab['gitlab_ci']['gitlab_ci_host'] = uri.host
Gitlab['gitlab_ci']['gitlab_ci_email_from'] ||= "gitlab-ci@#{uri.host}"
case uri.scheme
when "http"
Gitlab['gitlab_ci']['gitlab_ci_https'] = false
when "https"
Gitlab['gitlab_ci']['gitlab_ci_https'] = true
Gitlab['ci_nginx']['ssl_certificate'] ||= "/etc/gitlab/ssl/#{uri.host}.crt"
Gitlab['ci_nginx']['ssl_certificate_key'] ||= "/etc/gitlab/ssl/#{uri.host}.key"
else
raise "Unsupported external URL scheme: #{uri.scheme}"
end
unless ["", "/"].include?(uri.path)
raise "Unsupported CI external URL path: #{uri.path}"
end
Gitlab['gitlab_ci']['gitlab_ci_port'] = uri.port
end
def parse_gitlab_ci
return unless Gitlab['gitlab_ci']['enable']
Gitlab['ci_unicorn']['enable'] = true if Gitlab['ci_unicorn']['enable'].nil?
Gitlab['ci_sidekiq']['enable'] = true if Gitlab['ci_sidekiq']['enable'].nil?
Gitlab['ci_redis']['enable'] = true if Gitlab['ci_redis']['enable'].nil?
Gitlab['ci_nginx']['enable'] = true if Gitlab['ci_nginx']['enable'].nil?
end
end
end

52
files/gitlab-cookbooks/gitlab/libraries/helper.rb
View File

@ -134,49 +134,6 @@ module AuthorizeHelper
end
end
class CiHelper
extend ShellOutHelper
extend AuthorizeHelper
def self.authorize_with_gitlab(gitlab_external_url)
redirect_uri = "#{Gitlab['ci_external_url']}/user_sessions/callback"
app_name = "GitLab CI"
o = query_gitlab_rails(redirect_uri, app_name)
app_id, app_secret = nil
if o.exitstatus == 0
app_id, app_secret = o.stdout.chomp.split(" ")
Gitlab['gitlab_ci']['gitlab_server'] = { 'url' => gitlab_external_url,
'app_id' => app_id,
'app_secret' => app_secret
}
SecretsHelper.write_to_gitlab_secrets
info("Updated the gitlab-secrets.json file.")
else
warn("Something went wrong while trying to update gitlab-secrets.json. Check the file permissions and try reconfiguring again.")
end
{ 'url' => gitlab_external_url, 'app_id' => app_id, 'app_secret' => app_secret }
end
def self.gitlab_server
return unless Gitlab['gitlab_ci']['gitlab_server']
Gitlab['gitlab_ci']['gitlab_server']
end
def self.gitlab_server_fqdn
if gitlab_server && gitlab_server['url']
uri = URI(gitlab_server['url'].to_s)
uri.host
else
Gitlab['gitlab_rails']['gitlab_host']
end
end
end
class MattermostHelper
extend ShellOutHelper
extend AuthorizeHelper
@ -252,15 +209,6 @@ class SecretsHelper
}
}
if Gitlab['gitlab_ci']['gitlab_server']
warning = [
"Legacy config value gitlab_ci['gitlab_server'] found; value will be REMOVED. For reference, it was:",
Gitlab['gitlab_ci']['gitlab_server'].to_json
]
warn(warning.join("\n\n"))
end
if Gitlab['mattermost']['gitlab_enable']
gitlab_oauth = {
'gitlab_enable' => Gitlab['mattermost']['gitlab_enable'],

3
files/gitlab-cookbooks/gitlab/libraries/logging.rb
View File

@ -37,12 +37,9 @@ module Logging
%w{
redis
ci-redis
nginx
sidekiq
ci-sidekiq
unicorn
ci-unicorn
postgresql
remote-syslog
gitlab-workhorse

1
files/gitlab-cookbooks/gitlab/libraries/nginx.rb
View File

@ -35,7 +35,6 @@ module Nginx
def parse_nginx_listen_ports
[
[%w{nginx listen_port}, %w{gitlab_rails gitlab_port}],
[%w{ci_nginx listen_port}, %w{gitlab_ci gitlab_ci_port}],
[%w{mattermost_nginx listen_port}, %w{mattermost port}],
[%w{pages_nginx listen_port}, %w{gitlab_rails pages_port}],

5
files/gitlab-cookbooks/gitlab/libraries/postgresql.rb
View File

@ -26,16 +26,13 @@ module Postgresql
def parse_postgresql_settings
# If the user wants to run the internal Postgres service using an alternative
# DB username, host or port, then those settings should also be applied to
# gitlab-rails and gitlab-ci.
# gitlab-rails.
[
# %w{gitlab_rails db_username} corresponds to
# Gitlab['gitlab_rails']['db_username'], etc.
[%w{gitlab_rails db_username}, %w{postgresql sql_user}],
[%w{gitlab_rails db_host}, %w{postgresql listen_address}],
[%w{gitlab_rails db_port}, %w{postgresql port}],
[%w{gitlab_ci db_username}, %w{postgresql sql_ci_user}],
[%w{gitlab_ci db_host}, %w{postgresql listen_address}],
[%w{gitlab_ci db_port}, %w{postgresql port}],
].each do |left, right|
if ! Gitlab[left.first][left.last].nil?
# If the user explicitly sets a value for e.g.

21
files/gitlab-cookbooks/gitlab/recipes/ci-redis.rb
View File

@ -1,21 +0,0 @@
#
# Copyright:: Copyright (c) 2012 Opscode, Inc.
# Copyright:: Copyright (c) 2014 GitLab B.V.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
redis_service 'ci-redis' do
socket_group AccountHelper.new(node).gitlab_ci_user
end

21
files/gitlab-cookbooks/gitlab/recipes/ci-redis_disable.rb
View File

@ -1,21 +0,0 @@
#
# Copyright:: Copyright (c) 2012 Opscode, Inc.
# Copyright:: Copyright (c) 2014 GitLab B.V.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
runit_service "ci-redis" do
action :disable
end

22
files/gitlab-cookbooks/gitlab/recipes/ci-sidekiq.rb
View File

@ -1,22 +0,0 @@
#
# Copyright:: Copyright (c) 2012 Opscode, Inc.
# Copyright:: Copyright (c) 2014 GitLab B.V.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
sidekiq_service 'ci-sidekiq' do
rails_app 'gitlab-ci'
user AccountHelper.new(node).gitlab_ci_user
end

21
files/gitlab-cookbooks/gitlab/recipes/ci-sidekiq_disable.rb
View File

@ -1,21 +0,0 @@
#
# Copyright:: Copyright (c) 2012 Opscode, Inc.
# Copyright:: Copyright (c) 2014 GitLab B.V.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
runit_service "ci-sidekiq" do
action :disable
end

22
files/gitlab-cookbooks/gitlab/recipes/ci-unicorn.rb
View File

@ -1,22 +0,0 @@
#
# Copyright:: Copyright (c) 2012 Opscode, Inc.
# Copyright:: Copyright (c) 2014 GitLab B.V.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
unicorn_service 'ci-unicorn' do
rails_app 'gitlab-ci'
user AccountHelper.new(node).gitlab_ci_user
end

21
files/gitlab-cookbooks/gitlab/recipes/ci-unicorn_disable.rb
View File

@ -1,21 +0,0 @@
#
# Copyright:: Copyright (c) 2012 Opscode, Inc.
# Copyright:: Copyright (c) 2014 GitLab B.V.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
runit_service "ci-unicorn" do
action :disable
end

28
files/gitlab-cookbooks/gitlab/recipes/cron.rb
View File

@ -1,28 +0,0 @@
#
# Copyright:: Copyright (c) 2014 GitLab B.V.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Remove all cronjobs for gitlab-ci builds
cron 'gitlab-ci schedule builds' do
user 'root'
action :delete
end
cron 'gitlab-ci schedule builds' do
user AccountHelper.new(node).gitlab_ci_user
action :delete
end

4
files/gitlab-cookbooks/gitlab/recipes/default.rb
View File

@ -69,8 +69,6 @@ if node['gitlab']['gitlab-rails']['enable']
include_recipe "gitlab::gitlab-rails"
end
include_recipe "gitlab::gitlab-ci-proxying"
include_recipe "gitlab::selinux"
# add trusted certs recipe
@ -80,9 +78,7 @@ include_recipe "gitlab::add_trusted_certs"
# the corresponding service recipe is not loaded below.
[
"unicorn",
"ci-unicorn",
"sidekiq",
"ci-sidekiq",
"mailroom"
].each do |dummy|
service "create a temporary #{dummy} service" do

60
files/gitlab-cookbooks/gitlab/recipes/gitlab-ci-proxying.rb
View File

@ -1,60 +0,0 @@
#
# Copyright:: Copyright (c) 2012 Opscode, Inc.
# Copyright:: Copyright (c) 2015 GitLab B.V.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
omnibus_helper = OmnibusHelper.new(node)
ci_nginx_vars = node['gitlab']['ci-nginx'].to_hash
if ci_nginx_vars['listen_https'].nil?
ci_nginx_vars['https'] = node['gitlab']['gitlab-ci']['gitlab_ci_https']
else
ci_nginx_vars['https'] = ci_nginx_vars['listen_https']
end
nginx_conf_dir = File.join(node['gitlab']['nginx']['dir'], "conf")
gitlab_ci_http_config = File.join(nginx_conf_dir, "gitlab-ci-http.conf")
if node["gitlab"]['gitlab-ci']['gitlab_ci_host']
template gitlab_ci_http_config do
source "nginx-gitlab-ci-http.conf.erb"
owner "root"
group "root"
mode "0644"
variables(ci_nginx_vars.merge(
{
:fqdn => node['gitlab']['gitlab-ci']['gitlab_ci_host'],
:port => node['gitlab']['gitlab-ci']['gitlab_ci_port'],
:socket => node['gitlab']['ci-unicorn']['socket'],
:gitlab_fqdn => CiHelper.gitlab_server_fqdn
}
))
notifies :restart, 'service[nginx]' if omnibus_helper.should_notify?("nginx")
end
node.override["gitlab"]['nginx']["gitlab_ci_http_config"] = gitlab_ci_http_config
else
template gitlab_ci_http_config do
source "nginx-gitlab-ci-http.conf.erb"
action :delete
end
node.override["gitlab"]['nginx']["gitlab_ci_http_config"] = nil
end
if node["gitlab"]['gitlab-ci']["enable"]
node.override["gitlab"]['gitlab-ci']["enable"] = false
end

1
files/gitlab-cookbooks/gitlab/recipes/nginx.rb
View File

@ -213,7 +213,6 @@ template nginx_status_conf do
end
nginx_vars['gitlab_access_log_format'] = node['gitlab']['nginx']['log_format']
nginx_vars['gitlab_ci_access_log_format'] = node['gitlab']['ci-nginx']['log_format']
nginx_vars['gitlab_mattermost_access_log_format'] = node['gitlab']['mattermost-nginx']['log_format']
template nginx_config do

1
files/gitlab-cookbooks/gitlab/templates/default/gitlab-ci-rc.erb
View File

@ -1 +0,0 @@
gitlab_ci_user='<%= node['gitlab']['gitlab-ci']['username'] %>'

86
files/gitlab-cookbooks/gitlab/templates/default/nginx-gitlab-ci-http.conf.erb
View File

@ -1,86 +0,0 @@
# This file is managed by gitlab-ctl. Manual changes will be
# erased! To change the contents below, edit /etc/gitlab/gitlab.rb
# and run `sudo gitlab-ctl reconfigure`.
## GitLab CI
<% if @https && @redirect_http_to_https %>
server {
<% @listen_addresses.each do |listen_address| %>
listen <%= listen_address %>:<%= @redirect_http_to_https_port %>;
<% end %>
server_name <%= @fqdn %>;
server_tokens off;
rewrite ^(.*) https://<%= @fqdn %>:<%= @port %>$1 permanent;
access_log <%= @log_directory %>/gitlab_ci_access.log gitlab_ci_access;
error_log <%= @log_directory %>/gitlab_ci_error.log;
}
<% end %>
server {
<% @listen_addresses.each do |listen_address| %>
listen <%= listen_address %>:<%= @listen_port %><% if @https %> ssl<% end %>;
<% end %>
server_name <%= @fqdn %>;
server_tokens off; # don't show the version number, a security best practice
<% if @https %>
ssl on;
ssl_certificate <%= @ssl_certificate %>;
ssl_certificate_key <%= @ssl_certificate_key %>;
<% if @ssl_client_certificate %>
ssl_client_certificate <%= @ssl_client_certificate%>;
<% end %>
<% if @ssl_verify_client %>
ssl_verify_client <%= @ssl_verify_client%>;
ssl_verify_depth <%= @ssl_verify_depth%>;
<% end %>
ssl_ciphers '<%= @ssl_ciphers %>';
ssl_prefer_server_ciphers <%= @ssl_prefer_server_ciphers %>;
ssl_protocols <%= @ssl_protocols %>;
ssl_session_cache <%= @ssl_session_cache %>;
ssl_session_timeout <%= @ssl_session_timeout %>;
<% if @ssl_dhparam %>
ssl_dhparam <%= @ssl_dhparam %>;
<% end %>
<% end %>
## Individual nginx logs for this GitLab CI vhost
access_log <%= @log_directory %>/gitlab_ci_access.log gitlab_ci_access;
error_log <%= @log_directory %>/gitlab_ci_error.log;
# expose API to fix runners
location /api {
proxy_read_timeout <%= @proxy_read_timeout %>;
proxy_connect_timeout <%= @proxy_connect_timeout %>;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
# You need to specify your DNS servers that are able to resolve YOUR_GITLAB_SERVER_FQDN
resolver <%= @resolver %>;
proxy_pass <%= @https ? "https" : "http" %>://<%= @gitlab_fqdn %>/ci$request_uri;
}
# expose build endpoint to allow trigger builds
location ~ ^/projects/\d+/build$ {
proxy_read_timeout <%= @proxy_read_timeout %>;
proxy_connect_timeout <%= @proxy_connect_timeout %>;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
# You need to specify your DNS servers that are able to resolve YOUR_GITLAB_SERVER_FQDN
resolver <%= @resolver %>;
proxy_pass <%= @https ? "https" : "http" %>://<%= @gitlab_fqdn %>/ci$request_uri;
}
# redirect all other CI requests
location / {
return 301 <%= @https ? "https" : "http" %>://<%= @gitlab_fqdn %>/ci$request_uri;
}
# adjust this to match the largest build log your runners might submit,
# set to 0 to disable limit
client_max_body_size <%= @client_max_body_size %>;
<%= @custom_gitlab_ci_server_config %>
}

5
files/gitlab-cookbooks/gitlab/templates/default/nginx.conf.erb
View File

@ -15,7 +15,6 @@ events {
http {
log_format gitlab_access '<%= @gitlab_access_log_format %>';
log_format gitlab_ci_access '<%= @gitlab_ci_access_log_format %>';
log_format gitlab_mattermost_access '<%= @gitlab_mattermost_access_log_format %>';
server_names_hash_bucket_size <%= @server_names_hash_bucket_size %>;
@ -46,10 +45,6 @@ http {
include <%= @gitlab_http_config %>;
<% end %>
<% if @gitlab_ci_http_config %>
include <%= @gitlab_ci_http_config %>;
<% end %>
<% if @gitlab_pages_http_config %>
include <%= @gitlab_pages_http_config %>;
<% end %>

1
files/gitlab-cookbooks/gitlab/templates/default/pg_ident.conf.erb
View File

@ -41,7 +41,6 @@
# MAPNAME SYSTEM-USERNAME PG-USERNAME
gitlab <%= node['gitlab']['user']['username'] %> <%= node['gitlab']['postgresql']['sql_user'] %>
gitlab <%= node['gitlab']['gitlab-ci']['username'] %> <%= node['gitlab']['postgresql']['sql_ci_user'] %>
gitlab <%= node['gitlab']['mattermost']['username'] %> <%= node['gitlab']['postgresql']['sql_mattermost_user'] %>
# Default to a 1-1 mapping between system usernames and Postgres usernames
gitlab /^(.*)$ \1

23
spec/chef/secrets_spec.rb
View File

@ -184,29 +184,6 @@ describe 'secrets' do
end
end
context 'when there is a legacy CI gitlab_server key' do
before do
stub_gitlab_secrets_json(gitlab_ci: { gitlab_server: { url: 'json_ci_gitlab_server' } })
allow_any_instance_of(Object).to receive(:warn)
end
it 'warns that this value is no longer used, and prints the value' do
expect_any_instance_of(Object).to receive(:warn) do |value|
expect(value).to include('gitlab_server')
expect(value).to include('json_ci_gitlab_server')
end
chef_run
end
it 'does not write the value to the new file' do
chef_run
expect(new_secrets).not_to have_key('gitlab_ci')
expect(new_secrets.to_json).not_to include('json_ci_gitlab_server')
end
end
context 'when secrets are ambiguous and cannot be migrated automatically' do
before { stub_gitlab_secrets_json({}) }