gitlab.rb
5.37 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
#
# Copyright:: Copyright (c) 2012 Opscode, Inc.
# Copyright:: Copyright (c) 2014 GitLab.com
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# The Gitlab module in this file is used to parse /etc/gitlab/gitlab.rb.
#
# Warning to the reader:
# Because the Ruby DSL in /etc/gitlab/gitlab.rb does not accept hyphens in
# section names, this module translates names like 'gitlab_rails' to the
# correct 'gitlab-rails' in the `generate_hash` method. This module is the only
# place in the cookbook where we write 'gitlab_rails'.
require 'mixlib/config'
require 'chef/mash'
require 'chef/json_compat'
require 'chef/mixin/deep_merge'
require 'securerandom'
require 'uri'
module Gitlab
extend(Mixlib::Config)
bootstrap Mash.new
user Mash.new
postgresql Mash.new
redis Mash.new
gitlab_rails Mash.new
gitlab_shell Mash.new
unicorn Mash.new
sidekiq Mash.new
nginx Mash.new
logging Mash.new
remote_syslog Mash.new
node nil
external_url nil
git_data_dir nil
class << self
# guards against creating secrets on non-bootstrap node
def generate_hex(chars)
SecureRandom.hex(chars)
end
def generate_secrets(node_name)
existing_secrets ||= Hash.new
if File.exists?("/etc/gitlab/gitlab-secrets.json")
existing_secrets = Chef::JSONCompat.from_json(File.read("/etc/gitlab/gitlab-secrets.json"))
end
existing_secrets.each do |k, v|
v.each do |pk, p|
Gitlab[k][pk] = p
end
end
Gitlab['gitlab_rails']['secret_token'] ||= generate_hex(64)
if File.directory?("/etc/gitlab")
File.open("/etc/gitlab/gitlab-secrets.json", "w") do |f|
f.puts(
Chef::JSONCompat.to_json_pretty({
'gitlab_rails' => {
'secret_token' => Gitlab['gitlab_rails']['secret_token'],
}
})
)
system("chmod 0600 /etc/gitlab/gitlab-secrets.json")
end
end
end
def parse_external_url
return unless external_url
uri = URI(external_url.to_s)
unless uri.host
raise "External URL must include a FQDN"
end
Gitlab['user']['git_user_email'] ||= "gitlab@#{uri.host}"
Gitlab['gitlab_rails']['gitlab_host'] = uri.host
Gitlab['gitlab_rails']['gitlab_email_from'] ||= "gitlab@#{uri.host}"
case uri.scheme
when "http"
Gitlab['gitlab_rails']['gitlab_https'] = false
when "https"
Gitlab['gitlab_rails']['gitlab_https'] = true
Gitlab['nginx']['ssl_certificate'] ||= "/etc/gitlab/ssl/#{uri.host}.crt"
Gitlab['nginx']['ssl_certificate_key'] ||= "/etc/gitlab/ssl/#{uri.host}.key"
else
raise "Unsupported external URL scheme: #{uri.scheme}"
end
unless ["", "/"].include?(uri.path)
raise "Unsupported external URL path: #{uri.path}"
end
Gitlab['gitlab_rails']['gitlab_port'] = uri.port
end
def parse_git_data_dir
return unless git_data_dir
Gitlab['gitlab_shell']['git_data_directory'] ||= git_data_dir
Gitlab['gitlab_rails']['gitlab_shell_repos_path'] ||= File.join(git_data_dir, "repositories")
Gitlab['gitlab_rails']['satellites_path'] ||= File.join(git_data_dir, "gitlab-satellites")
end
def parse_udp_log_shipping
return unless logging['udp_log_shipping_host']
Gitlab['remote_syslog']['enable'] ||= true
Gitlab['remote_syslog']['destination_host'] ||= logging['udp_log_shipping_host']
if logging['udp_log_shipping_port']
Gitlab['remote_syslog']['destination_port'] ||= logging['udp_log_shipping_port']
Gitlab['logging']['svlogd_udp'] ||= "#{logging['udp_log_shipping_host']}:#{logging['udp_log_shipping_port']}"
else
Gitlab['logging']['svlogd_udp'] ||= logging['udp_log_shipping_host']
end
%w{redis nginx sidekiq unicorn postgresql remote-syslog}.each do |runit_sv|
Gitlab[runit_sv.gsub('-', '_')]['svlogd_prefix'] ||= "#{node['hostname']} #{runit_sv}: "
end
end
def parse_redis_settings
# No need to check redis['host'] because that setting is not configurable.
if redis['port']
Gitlab['gitlab_rails']['redis_port'] ||= redis['port']
end
end
def generate_hash
results = { "gitlab" => {} }
[
"bootstrap",
"user",
"redis",
"gitlab_rails",
"gitlab_shell",
"unicorn",
"sidekiq",
"nginx",
"logging",
"remote_syslog",
"postgresql"
].each do |key|
rkey = key.gsub('_', '-')
results['gitlab'][rkey] = Gitlab[key]
end
results
end
def generate_config(node_name)
generate_secrets(node_name)
parse_external_url
parse_git_data_dir
parse_udp_log_shipping
parse_redis_settings
# The last step is to convert underscores to hyphens in top-level keys
generate_hash
end
end
end