diff --git a/config/roles/integration_server.rb b/config/roles/integration_server.rb
index 6113a4c..f263121 100644
--- a/config/roles/integration_server.rb
+++ b/config/roles/integration_server.rb
@@ -4,10 +4,11 @@ description "Server that runs COLAB (user authentication, visual integration and
# TODO colab and mailman-api should be able to run in separate hosts at some
# point in the future
run_list *[
+ 'recipe[basics::nginx]',
'recipe[mailman-api]',
'recipe[mailman]',
'recipe[mailman::webui]',
'recipe[colab]',
- 'recipe[basics::nginx]',
'recipe[colab::nginx]',
+ 'recipe[gitlab]',
]
diff --git a/cookbooks/colab/recipes/default.rb b/cookbooks/colab/recipes/default.rb
index 4c92388..a83cc40 100644
--- a/cookbooks/colab/recipes/default.rb
+++ b/cookbooks/colab/recipes/default.rb
@@ -34,6 +34,13 @@ template '/etc/colab/settings.d/00-database.yaml' do
notifies :restart, 'service[colab]'
end
+template '/etc/colab/settings.d/01-apps.yaml' do
+ owner 'root'
+ group 'colab'
+ mode 0640
+ notifies :restart, 'service[colab]'
+end
+
cookbook_file '/usr/lib/colab/lib/python2.7/site-packages/colab/static/img/logo.svg' do
owner 'root'
group 'root'
diff --git a/cookbooks/colab/templates/01-apps.yaml.erb b/cookbooks/colab/templates/01-apps.yaml.erb
new file mode 100644
index 0000000..99bb68d
--- /dev/null
+++ b/cookbooks/colab/templates/01-apps.yaml.erb
@@ -0,0 +1,4 @@
+### Colab proxied apps
+PROXIED_APPS:
+ gitlab:
+ upstream: 'http://<%= node['peers']['integration'] %>:8080/gitlab/'
diff --git a/cookbooks/gitlab/files/gitlab_path.rb b/cookbooks/gitlab/files/gitlab_path.rb
new file mode 100644
index 0000000..3477b4e
--- /dev/null
+++ b/cookbooks/gitlab/files/gitlab_path.rb
@@ -0,0 +1,3 @@
+Gitlab::Application.configure do
+ config.relative_url_root = "/gitlab"
+end
diff --git a/cookbooks/gitlab/recipes/default.rb b/cookbooks/gitlab/recipes/default.rb
new file mode 100644
index 0000000..ffd1e55
--- /dev/null
+++ b/cookbooks/gitlab/recipes/default.rb
@@ -0,0 +1,75 @@
+if node['platform'] == 'centos'
+ cookbook_file '/etc/yum.repos.d/gitlab.repo' do
+ owner 'root'
+ mode 0644
+ end
+end
+
+package 'redis'
+service 'redis' do
+ action [:enable, :start]
+end
+
+package 'gitlab'
+
+template '/etc/gitlab/database.yml' do
+ owner 'root'
+ group 'root'
+ mode 0644
+
+ notifies :run, 'execute[gitlab:setup]'
+end
+
+execute 'gitlab:setup' do
+ user 'git'
+ cwd '/usr/lib/gitlab'
+ command 'yes yes | bundle exec rake db:setup RAILS_ENV=production'
+
+ action :nothing
+ notifies :restart, 'service[gitlab]'
+end
+
+# gitlab-shell configuration
+template '/etc/gitlab-shell/config.yml' do
+ source 'gitlab-shell.yml.erb'
+
+ owner 'root'
+ group 'root'
+ mode 0644
+
+ notifies :restart, 'service[gitlab]'
+end
+
+####################################################
+# Run under /gitlab
+####################################################
+
+template '/etc/gitlab/gitlab.yml' do
+ owner 'root'
+ group 'root'
+ mode 0644
+ notifies :restart, 'service[gitlab]'
+end
+cookbook_file '/usr/lib/gitlab/config/initializers/gitlab_path.rb' do
+ owner 'root'
+ group 'root'
+ mode 0644
+ notifies :restart, 'service[gitlab]'
+end
+template '/etc/gitlab/unicorn.rb' do
+ owner 'root'
+ group 'root'
+ mode 0644
+ notifies :restart, 'service[gitlab]'
+end
+
+####################################################
+# Run under /gitlab (END)
+####################################################
+
+# TODO: Remote-User authentication
+
+service 'gitlab' do
+ action :enable
+ supports :restart => true
+end
diff --git a/cookbooks/gitlab/templates/database.yml.erb b/cookbooks/gitlab/templates/database.yml.erb
new file mode 100644
index 0000000..5e3eadf
--- /dev/null
+++ b/cookbooks/gitlab/templates/database.yml.erb
@@ -0,0 +1,7 @@
+# MANAGED WITH CHEF. DO NOT MAKE MANUAL CHANGES
+production:
+ adapter: postgresql
+ encoding: unicode
+ database: gitlab
+ host: <%= node['peers']['database'] %>
+ user: gitlab
diff --git a/cookbooks/gitlab/templates/gitlab-shell.yml.erb b/cookbooks/gitlab/templates/gitlab-shell.yml.erb
new file mode 100644
index 0000000..b697019
--- /dev/null
+++ b/cookbooks/gitlab/templates/gitlab-shell.yml.erb
@@ -0,0 +1,25 @@
+user: git
+gitlab_url: "http://localhost:8080/gitlab"
+
+http_settings:
+# user: someone
+# password: somepass
+# ca_file: /etc/ssl/cert.pem
+# ca_path: /etc/pki/tls/certs
+ self_signed_cert: false
+
+repos_path: "/var/lib/gitlab/repositories/"
+auth_file: "/var/lib/gitlab-shell/.ssh/authorized_keys"
+
+redis:
+ bin: /usr/bin/redis-cli
+ host: <%= node['peers']['database'] %>
+ port: 6379
+ # pass: redispass # Allows you to specify the password for Redis
+ #database: 0
+ #socket: /var/run/redis/redis.sock # Comment out this line if you want to use TCP
+ #namespace: resque:gitlab
+
+log_file: "/var/log/gitlab-shell/gitlab-shell.log"
+log_level: INFO
+audit_usernames: false
diff --git a/cookbooks/gitlab/templates/gitlab.yml.erb b/cookbooks/gitlab/templates/gitlab.yml.erb
new file mode 100644
index 0000000..79b305d
--- /dev/null
+++ b/cookbooks/gitlab/templates/gitlab.yml.erb
@@ -0,0 +1,52 @@
+production: &base
+ gitlab:
+ host: localhost
+ relative_url_root: /gitlab
+ port: 80 # Set to 443 if using HTTPS
+ https: false # Set to true if using HTTPS
+ email_from: example@example.com
+ default_projects_limit: 10
+ default_projects_features:
+ issues: true
+ merge_requests: true
+ wiki: true
+ snippets: false
+ visibility_level: "private" # can be "private" | "internal" | "public"
+ gravatar:
+ enabled: true
+ plain_url: "http://cdn.libravatar.org/avatar/%{hash}?s=%{size}&d=identicon"
+ ssl_url: "https://seccdn.libravatar.org/avatar/%{hash}?s=%{size}&d=identicon"
+ omniauth:
+ # Allow login via Twitter, Google, etc. using OmniAuth providers
+ enabled: false
+ allow_single_sign_on: false
+ block_auto_created_users: true
+ providers:
+ # - { name: 'google_oauth2', app_id: 'YOUR APP ID',
+ # app_secret: 'YOUR APP SECRET',
+ # args: { access_type: 'offline', approval_prompt: '' } }
+ satellites:
+ path: /var/lib/gitlab/satellites
+ timeout: 30
+ backup:
+ path: /var/lib/gitlab/backups
+ gitlab_shell:
+ path: /usr/lib/gitlab-shell
+ repos_path: /var/lib/gitlab/repositories/
+ hooks_path: /usr/lib/gitlab-shell/hooks/
+ # Git over HTTP
+ upload_pack: true
+ receive_pack: true
+ git:
+ bin_path: /usr/bin/git
+ max_size: 20971520 # 20.megabytes
+ timeout: 10
+ extra:
+ ## Piwik analytics.
+ # piwik_url: '_your_piwik_url'
+ # piwik_site_id: '_your_piwik_site_id'
+
+ ## Text under sign-in page (Markdown enabled)
+ # sign_in_text: |
+ # 
+ # [Learn more about CompanyName](http://www.companydomain.com/)
diff --git a/cookbooks/gitlab/templates/unicorn.rb.erb b/cookbooks/gitlab/templates/unicorn.rb.erb
new file mode 100644
index 0000000..e965481
--- /dev/null
+++ b/cookbooks/gitlab/templates/unicorn.rb.erb
@@ -0,0 +1,124 @@
+# Sample verbose configuration file for Unicorn (not Rack)
+#
+# This configuration file documents many features of Unicorn
+# that may not be needed for some applications. See
+# http://unicorn.bogomips.org/examples/unicorn.conf.minimal.rb
+# for a much simpler configuration file.
+#
+# See http://unicorn.bogomips.org/Unicorn/Configurator.html for complete
+# documentation.
+
+# WARNING: See config/application.rb under "Relative url support" for the list of
+# other files that need to be changed for relative url support
+#
+ENV['RAILS_RELATIVE_URL_ROOT'] = "/gitlab"
+
+# Read about unicorn workers here:
+# http://doc.gitlab.com/ee/install/requirements.html#unicorn-workers
+#
+worker_processes 2
+
+# Since Unicorn is never exposed to outside clients, it does not need to
+# run on the standard HTTP port (80), there is no reason to start Unicorn
+# as root unless it's from system init scripts.
+# If running the master process as root and the workers as an unprivileged
+# user, do this to switch euid/egid in the workers (also chowns logs):
+# user "unprivileged_user", "unprivileged_group"
+
+# Help ensure your application will always spawn in the symlinked
+# "current" directory that Capistrano sets up.
+working_directory "/usr/lib/gitlab" # available in 0.94.0+
+
+# Listen on both a Unix domain socket and a TCP port.
+# If you are load-balancing multiple Unicorn masters, lower the backlog
+# setting to e.g. 64 for faster failover.
+listen "/usr/lib/gitlab/tmp/sockets/gitlab.socket", :backlog => 1024
+listen "127.0.0.1:8080", :tcp_nopush => true
+listen "<%= node['peers']['integration'] %>:8080", :tcp_nopush => true
+
+# nuke workers after 30 seconds instead of 60 seconds (the default)
+#
+# NOTICE: git push over http depends on this value.
+# If you want be able to push huge amount of data to git repository over http
+# you will have to increase this value too.
+#
+# Example of output if you try to push 1GB repo to GitLab over http.
+# -> git push http://gitlab.... master
+#
+# error: RPC failed; result=18, HTTP code = 200
+# fatal: The remote end hung up unexpectedly
+# fatal: The remote end hung up unexpectedly
+#
+# For more information see http://stackoverflow.com/a/21682112/752049
+#
+timeout 60
+
+# feel free to point this anywhere accessible on the filesystem
+pid "/usr/lib/gitlab/tmp/pids/unicorn.pid"
+
+# By default, the Unicorn logger will write to stderr.
+# Additionally, some applications/frameworks log to stderr or stdout,
+# so prevent them from going to /dev/null when daemonized here:
+stderr_path "/usr/lib/gitlab/log/unicorn.stderr.log"
+stdout_path "/usr/lib/gitlab/log/unicorn.stdout.log"
+
+# combine Ruby 2.0.0dev or REE with "preload_app true" for memory savings
+# http://rubyenterpriseedition.com/faq.html#adapt_apps_for_cow
+preload_app true
+GC.respond_to?(:copy_on_write_friendly=) and
+ GC.copy_on_write_friendly = true
+
+# Enable this flag to have unicorn test client connections by writing the
+# beginning of the HTTP headers before calling the application. This
+# prevents calling the application for connections that have disconnected
+# while queued. This is only guaranteed to detect clients on the same
+# host unicorn runs on, and unlikely to detect disconnects even on a
+# fast LAN.
+check_client_connection false
+
+before_fork do |server, worker|
+ # the following is highly recomended for Rails + "preload_app true"
+ # as there's no need for the master process to hold a connection
+ defined?(ActiveRecord::Base) and
+ ActiveRecord::Base.connection.disconnect!
+
+ # The following is only recommended for memory/DB-constrained
+ # installations. It is not needed if your system can house
+ # twice as many worker_processes as you have configured.
+ #
+ # This allows a new master process to incrementally
+ # phase out the old master process with SIGTTOU to avoid a
+ # thundering herd (especially in the "preload_app false" case)
+ # when doing a transparent upgrade. The last worker spawned
+ # will then kill off the old master process with a SIGQUIT.
+ old_pid = "#{server.config[:pid]}.oldbin"
+ if old_pid != server.pid
+ begin
+ sig = (worker.nr + 1) >= server.worker_processes ? :QUIT : :TTOU
+ Process.kill(sig, File.read(old_pid).to_i)
+ rescue Errno::ENOENT, Errno::ESRCH
+ end
+ end
+ #
+ # Throttle the master from forking too quickly by sleeping. Due
+ # to the implementation of standard Unix signal handlers, this
+ # helps (but does not completely) prevent identical, repeated signals
+ # from being lost when the receiving process is busy.
+ # sleep 1
+end
+
+after_fork do |server, worker|
+ # per-process listener ports for debugging/admin/migrations
+ # addr = "127.0.0.1:#{9293 + worker.nr}"
+ # server.listen(addr, :tries => -1, :delay => 5, :tcp_nopush => true)
+
+ # the following is *required* for Rails + "preload_app true",
+ defined?(ActiveRecord::Base) and
+ ActiveRecord::Base.establish_connection
+
+ # if preload_app is true, then you may also want to check and
+ # restart any other shared sockets/descriptors such as Memcached,
+ # and Redis. TokyoCabinet file handles are safe to reuse
+ # between any number of forked children (assuming your kernel
+ # correctly implements pread()/pwrite() system calls)
+end
diff --git a/cookbooks/postgresql/recipes/default.rb b/cookbooks/postgresql/recipes/default.rb
index fd682e8..5b1cec5 100644
--- a/cookbooks/postgresql/recipes/default.rb
+++ b/cookbooks/postgresql/recipes/default.rb
@@ -1,3 +1,4 @@
+# FIXME on Debian it's postgresql
package 'postgresql-server'
execute 'postgresql-setup initdb || true'
diff --git a/test/colab_test.sh b/test/colab_test.sh
index b733312..576339c 100644
--- a/test/colab_test.sh
+++ b/test/colab_test.sh
@@ -25,4 +25,8 @@ test_nginx_virtualhost() {
assertEquals "Home - Colab" "$title"
}
+test_reverse_proxy_gitlab() {
+ assertTrue 'Reverse proxy for gitlab' "curl --header 'Host: softwarepublico.dev' http://$integration/gitlab/public/projects | grep -i ''"
+}
+
. shunit2
diff --git a/test/gitlab_test.sh b/test/gitlab_test.sh
new file mode 100644
index 0000000..8f47f91
--- /dev/null
+++ b/test/gitlab_test.sh
@@ -0,0 +1,15 @@
+. $(dirname $0)/test_helper.sh
+
+test_database_connectivity() {
+ assertTrue 'gitlab database connectivity' 'run_on integration psql -h database -U gitlab < /dev/null'
+}
+
+test_gitlab_running() {
+ assertTrue 'gitlab running' 'run_on integration pgrep -fa unicorn.*gitlab'
+}
+
+test_gitlab_responds() {
+ assertTrue 'gitlab responds on HTTP' 'run_on integration curl http://localhost:8080/gitlab/public/projects'
+}
+
+. shunit2
--
libgit2 0.21.2