diff --git a/cookbooks/colab/templates/01-apps.yaml.erb b/cookbooks/colab/templates/01-apps.yaml.erb index 99bb68d..7ab2b8a 100644 --- a/cookbooks/colab/templates/01-apps.yaml.erb +++ b/cookbooks/colab/templates/01-apps.yaml.erb @@ -1,4 +1,4 @@ ### Colab proxied apps PROXIED_APPS: gitlab: - upstream: 'http://<%= node['peers']['integration'] %>:8080/gitlab/' + upstream: 'http://<%= node['peers']['integration'] %>:8081/gitlab/' diff --git a/cookbooks/gitlab/files/unicorn.rb b/cookbooks/gitlab/files/unicorn.rb new file mode 100644 index 0000000..561b726 --- /dev/null +++ b/cookbooks/gitlab/files/unicorn.rb @@ -0,0 +1,123 @@ +# Sample verbose configuration file for Unicorn (not Rack) +# +# This configuration file documents many features of Unicorn +# that may not be needed for some applications. See +# http://unicorn.bogomips.org/examples/unicorn.conf.minimal.rb +# for a much simpler configuration file. +# +# See http://unicorn.bogomips.org/Unicorn/Configurator.html for complete +# documentation. + +# WARNING: See config/application.rb under "Relative url support" for the list of +# other files that need to be changed for relative url support +# +ENV['RAILS_RELATIVE_URL_ROOT'] = "/gitlab" + +# Read about unicorn workers here: +# http://doc.gitlab.com/ee/install/requirements.html#unicorn-workers +# +worker_processes 2 + +# Since Unicorn is never exposed to outside clients, it does not need to +# run on the standard HTTP port (80), there is no reason to start Unicorn +# as root unless it's from system init scripts. +# If running the master process as root and the workers as an unprivileged +# user, do this to switch euid/egid in the workers (also chowns logs): +# user "unprivileged_user", "unprivileged_group" + +# Help ensure your application will always spawn in the symlinked +# "current" directory that Capistrano sets up. +working_directory "/usr/lib/gitlab" # available in 0.94.0+ + +# Listen on both a Unix domain socket and a TCP port. +# If you are load-balancing multiple Unicorn masters, lower the backlog +# setting to e.g. 64 for faster failover. +listen "/usr/lib/gitlab/tmp/sockets/gitlab.socket", :backlog => 1024 +listen "127.0.0.1:8080", :tcp_nopush => true + +# nuke workers after 30 seconds instead of 60 seconds (the default) +# +# NOTICE: git push over http depends on this value. +# If you want be able to push huge amount of data to git repository over http +# you will have to increase this value too. +# +# Example of output if you try to push 1GB repo to GitLab over http. +# -> git push http://gitlab.... master +# +# error: RPC failed; result=18, HTTP code = 200 +# fatal: The remote end hung up unexpectedly +# fatal: The remote end hung up unexpectedly +# +# For more information see http://stackoverflow.com/a/21682112/752049 +# +timeout 60 + +# feel free to point this anywhere accessible on the filesystem +pid "/usr/lib/gitlab/tmp/pids/unicorn.pid" + +# By default, the Unicorn logger will write to stderr. +# Additionally, some applications/frameworks log to stderr or stdout, +# so prevent them from going to /dev/null when daemonized here: +stderr_path "/usr/lib/gitlab/log/unicorn.stderr.log" +stdout_path "/usr/lib/gitlab/log/unicorn.stdout.log" + +# combine Ruby 2.0.0dev or REE with "preload_app true" for memory savings +# http://rubyenterpriseedition.com/faq.html#adapt_apps_for_cow +preload_app true +GC.respond_to?(:copy_on_write_friendly=) and + GC.copy_on_write_friendly = true + +# Enable this flag to have unicorn test client connections by writing the +# beginning of the HTTP headers before calling the application. This +# prevents calling the application for connections that have disconnected +# while queued. This is only guaranteed to detect clients on the same +# host unicorn runs on, and unlikely to detect disconnects even on a +# fast LAN. +check_client_connection false + +before_fork do |server, worker| + # the following is highly recomended for Rails + "preload_app true" + # as there's no need for the master process to hold a connection + defined?(ActiveRecord::Base) and + ActiveRecord::Base.connection.disconnect! + + # The following is only recommended for memory/DB-constrained + # installations. It is not needed if your system can house + # twice as many worker_processes as you have configured. + # + # This allows a new master process to incrementally + # phase out the old master process with SIGTTOU to avoid a + # thundering herd (especially in the "preload_app false" case) + # when doing a transparent upgrade. The last worker spawned + # will then kill off the old master process with a SIGQUIT. + old_pid = "#{server.config[:pid]}.oldbin" + if old_pid != server.pid + begin + sig = (worker.nr + 1) >= server.worker_processes ? :QUIT : :TTOU + Process.kill(sig, File.read(old_pid).to_i) + rescue Errno::ENOENT, Errno::ESRCH + end + end + # + # Throttle the master from forking too quickly by sleeping. Due + # to the implementation of standard Unix signal handlers, this + # helps (but does not completely) prevent identical, repeated signals + # from being lost when the receiving process is busy. + # sleep 1 +end + +after_fork do |server, worker| + # per-process listener ports for debugging/admin/migrations + # addr = "127.0.0.1:#{9293 + worker.nr}" + # server.listen(addr, :tries => -1, :delay => 5, :tcp_nopush => true) + + # the following is *required* for Rails + "preload_app true", + defined?(ActiveRecord::Base) and + ActiveRecord::Base.establish_connection + + # if preload_app is true, then you may also want to check and + # restart any other shared sockets/descriptors such as Memcached, + # and Redis. TokyoCabinet file handles are safe to reuse + # between any number of forked children (assuming your kernel + # correctly implements pread()/pwrite() system calls) +end diff --git a/cookbooks/gitlab/recipes/default.rb b/cookbooks/gitlab/recipes/default.rb index ffd1e55..ec7b4b0 100644 --- a/cookbooks/gitlab/recipes/default.rb +++ b/cookbooks/gitlab/recipes/default.rb @@ -56,7 +56,7 @@ cookbook_file '/usr/lib/gitlab/config/initializers/gitlab_path.rb' do mode 0644 notifies :restart, 'service[gitlab]' end -template '/etc/gitlab/unicorn.rb' do +cookbook_file '/etc/gitlab/unicorn.rb' do owner 'root' group 'root' mode 0644 @@ -67,6 +67,13 @@ end # Run under /gitlab (END) #################################################### +# serve static files with nginx +template '/etc/nginx/conf.d/gitlab.conf' do + source 'nginx.conf.erb' + mode 0644 + notifies :reload, 'service[nginx]' +end + # TODO: Remote-User authentication service 'gitlab' do diff --git a/cookbooks/gitlab/templates/nginx.conf.erb b/cookbooks/gitlab/templates/nginx.conf.erb new file mode 100644 index 0000000..900ed0d --- /dev/null +++ b/cookbooks/gitlab/templates/nginx.conf.erb @@ -0,0 +1,33 @@ +upstream gitlab { + server 127.0.0.1:8080 fail_timeout=10s; +} + +server { + listen *:8081; + + server_name <%= node['config']['external_hostname'] %>; + + access_log /var/log/nginx/gitlab.access.log; + error_log /var/log/nginx/gitlab.error.log; + + location /gitlab/assets/ { + alias /usr/lib/gitlab/public/assets/; + } + + location /gitlab/uploads/ { + alias /usr/lib/gitlab/public/uploads/; + } + + location / { + + proxy_pass http://gitlab; + proxy_read_timeout 90; + proxy_connect_timeout 90; + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } +} + +# vim: ft=nginx diff --git a/cookbooks/gitlab/templates/unicorn.rb.erb b/cookbooks/gitlab/templates/unicorn.rb.erb deleted file mode 100644 index e965481..0000000 --- a/cookbooks/gitlab/templates/unicorn.rb.erb +++ /dev/null @@ -1,124 +0,0 @@ -# Sample verbose configuration file for Unicorn (not Rack) -# -# This configuration file documents many features of Unicorn -# that may not be needed for some applications. See -# http://unicorn.bogomips.org/examples/unicorn.conf.minimal.rb -# for a much simpler configuration file. -# -# See http://unicorn.bogomips.org/Unicorn/Configurator.html for complete -# documentation. - -# WARNING: See config/application.rb under "Relative url support" for the list of -# other files that need to be changed for relative url support -# -ENV['RAILS_RELATIVE_URL_ROOT'] = "/gitlab" - -# Read about unicorn workers here: -# http://doc.gitlab.com/ee/install/requirements.html#unicorn-workers -# -worker_processes 2 - -# Since Unicorn is never exposed to outside clients, it does not need to -# run on the standard HTTP port (80), there is no reason to start Unicorn -# as root unless it's from system init scripts. -# If running the master process as root and the workers as an unprivileged -# user, do this to switch euid/egid in the workers (also chowns logs): -# user "unprivileged_user", "unprivileged_group" - -# Help ensure your application will always spawn in the symlinked -# "current" directory that Capistrano sets up. -working_directory "/usr/lib/gitlab" # available in 0.94.0+ - -# Listen on both a Unix domain socket and a TCP port. -# If you are load-balancing multiple Unicorn masters, lower the backlog -# setting to e.g. 64 for faster failover. -listen "/usr/lib/gitlab/tmp/sockets/gitlab.socket", :backlog => 1024 -listen "127.0.0.1:8080", :tcp_nopush => true -listen "<%= node['peers']['integration'] %>:8080", :tcp_nopush => true - -# nuke workers after 30 seconds instead of 60 seconds (the default) -# -# NOTICE: git push over http depends on this value. -# If you want be able to push huge amount of data to git repository over http -# you will have to increase this value too. -# -# Example of output if you try to push 1GB repo to GitLab over http. -# -> git push http://gitlab.... master -# -# error: RPC failed; result=18, HTTP code = 200 -# fatal: The remote end hung up unexpectedly -# fatal: The remote end hung up unexpectedly -# -# For more information see http://stackoverflow.com/a/21682112/752049 -# -timeout 60 - -# feel free to point this anywhere accessible on the filesystem -pid "/usr/lib/gitlab/tmp/pids/unicorn.pid" - -# By default, the Unicorn logger will write to stderr. -# Additionally, some applications/frameworks log to stderr or stdout, -# so prevent them from going to /dev/null when daemonized here: -stderr_path "/usr/lib/gitlab/log/unicorn.stderr.log" -stdout_path "/usr/lib/gitlab/log/unicorn.stdout.log" - -# combine Ruby 2.0.0dev or REE with "preload_app true" for memory savings -# http://rubyenterpriseedition.com/faq.html#adapt_apps_for_cow -preload_app true -GC.respond_to?(:copy_on_write_friendly=) and - GC.copy_on_write_friendly = true - -# Enable this flag to have unicorn test client connections by writing the -# beginning of the HTTP headers before calling the application. This -# prevents calling the application for connections that have disconnected -# while queued. This is only guaranteed to detect clients on the same -# host unicorn runs on, and unlikely to detect disconnects even on a -# fast LAN. -check_client_connection false - -before_fork do |server, worker| - # the following is highly recomended for Rails + "preload_app true" - # as there's no need for the master process to hold a connection - defined?(ActiveRecord::Base) and - ActiveRecord::Base.connection.disconnect! - - # The following is only recommended for memory/DB-constrained - # installations. It is not needed if your system can house - # twice as many worker_processes as you have configured. - # - # This allows a new master process to incrementally - # phase out the old master process with SIGTTOU to avoid a - # thundering herd (especially in the "preload_app false" case) - # when doing a transparent upgrade. The last worker spawned - # will then kill off the old master process with a SIGQUIT. - old_pid = "#{server.config[:pid]}.oldbin" - if old_pid != server.pid - begin - sig = (worker.nr + 1) >= server.worker_processes ? :QUIT : :TTOU - Process.kill(sig, File.read(old_pid).to_i) - rescue Errno::ENOENT, Errno::ESRCH - end - end - # - # Throttle the master from forking too quickly by sleeping. Due - # to the implementation of standard Unix signal handlers, this - # helps (but does not completely) prevent identical, repeated signals - # from being lost when the receiving process is busy. - # sleep 1 -end - -after_fork do |server, worker| - # per-process listener ports for debugging/admin/migrations - # addr = "127.0.0.1:#{9293 + worker.nr}" - # server.listen(addr, :tries => -1, :delay => 5, :tcp_nopush => true) - - # the following is *required* for Rails + "preload_app true", - defined?(ActiveRecord::Base) and - ActiveRecord::Base.establish_connection - - # if preload_app is true, then you may also want to check and - # restart any other shared sockets/descriptors such as Memcached, - # and Redis. TokyoCabinet file handles are safe to reuse - # between any number of forked children (assuming your kernel - # correctly implements pread()/pwrite() system calls) -end diff --git a/test/gitlab_test.sh b/test/gitlab_test.sh index 8f47f91..9ae5e3f 100644 --- a/test/gitlab_test.sh +++ b/test/gitlab_test.sh @@ -12,4 +12,9 @@ test_gitlab_responds() { assertTrue 'gitlab responds on HTTP' 'run_on integration curl http://localhost:8080/gitlab/public/projects' } +test_static_content_served_correctly() { + file=$(run_on integration ls -1 '/usr/lib/gitlab/public/assets/*.css' | head -1 | xargs basename) + assertTrue 'gitlab static content served by nginx' "run_on integration curl --head http://localhost:8081/gitlab/assets/$file | grep 'Content-Type: text/css'" +} + . shunit2 -- libgit2 0.21.2