Replace chef.server with gitlab

Jacob Vosmaer
1 parent da5a1635
Showing 1 changed file with 101 additions and 104 deletions Show diff stats
files/gitlab-cookbooks/gitlab/attributes/default.rb
@@ -18,140 +18,137 @@
 ###
 # High level options
 ###
-default['chef_server']['api_version'] = "11.0.2"
-default['chef_server']['flavor'] = "osc" # Open Source Chef
-
-default['chef_server']['notification_email'] = "info@example.com"
-default['chef_server']['bootstrap']['enable'] = true
+default['gitlab']['notification_email'] = "info@example.com"
+default['gitlab']['bootstrap']['enable'] = true
  
 ####
 # The Chef User that services run as
 ####
 # The username for the chef services user
-default['chef_server']['user']['username'] = "chef_server"
+default['gitlab']['user']['username'] = "gitlab"
 # The shell for the chef services user
-default['chef_server']['user']['shell'] = "/bin/sh"
+default['gitlab']['user']['shell'] = "/bin/sh"
 # The home directory for the chef services user
-default['chef_server']['user']['home'] = "/opt/chef-server/embedded"
+default['gitlab']['user']['home'] = "/opt/gitlab/embedded"
  
 ####
 # Chef Server WebUI
 ####
-default['chef_server']['chef-server-webui']['enable'] = true
-default['chef_server']['chef-server-webui']['ha'] = false
-default['chef_server']['chef-server-webui']['dir'] = "/var/opt/chef-server/chef-server-webui"
-default['chef_server']['chef-server-webui']['log_directory'] = "/var/log/chef-server/chef-server-webui"
-default['chef_server']['chef-server-webui']['environment'] = 'chefserver'
-default['chef_server']['chef-server-webui']['listen'] = '127.0.0.1'
-default['chef_server']['chef-server-webui']['vip'] = '127.0.0.1'
-default['chef_server']['chef-server-webui']['port'] = 9462
-default['chef_server']['chef-server-webui']['backlog'] = 1024
-default['chef_server']['chef-server-webui']['tcp_nodelay'] = true
-default['chef_server']['chef-server-webui']['worker_timeout'] = 3600
-default['chef_server']['chef-server-webui']['umask'] = "0022"
-default['chef_server']['chef-server-webui']['worker_processes'] = 2
-default['chef_server']['chef-server-webui']['session_key'] = "_sandbox_session"
-default['chef_server']['chef-server-webui']['cookie_domain'] = "all"
-default['chef_server']['chef-server-webui']['cookie_secret'] = "47b3b8d95dea455baf32155e95d1e64e"
-default['chef_server']['chef-server-webui']['web_ui_client_name'] = "chef-webui"
-default['chef_server']['chef-server-webui']['web_ui_admin_user_name'] = "admin"
-default['chef_server']['chef-server-webui']['web_ui_admin_default_password'] = "p@ssw0rd1"
+default['gitlab']['gitlab-webui']['enable'] = true
+default['gitlab']['gitlab-webui']['ha'] = false
+default['gitlab']['gitlab-webui']['dir'] = "/var/opt/gitlab/gitlab-webui"
+default['gitlab']['gitlab-webui']['log_directory'] = "/var/log/gitlab/gitlab-webui"
+default['gitlab']['gitlab-webui']['environment'] = 'chefserver'
+default['gitlab']['gitlab-webui']['listen'] = '127.0.0.1'
+default['gitlab']['gitlab-webui']['vip'] = '127.0.0.1'
+default['gitlab']['gitlab-webui']['port'] = 9462
+default['gitlab']['gitlab-webui']['backlog'] = 1024
+default['gitlab']['gitlab-webui']['tcp_nodelay'] = true
+default['gitlab']['gitlab-webui']['worker_timeout'] = 3600
+default['gitlab']['gitlab-webui']['umask'] = "0022"
+default['gitlab']['gitlab-webui']['worker_processes'] = 2
+default['gitlab']['gitlab-webui']['session_key'] = "_sandbox_session"
+default['gitlab']['gitlab-webui']['cookie_domain'] = "all"
+default['gitlab']['gitlab-webui']['cookie_secret'] = "47b3b8d95dea455baf32155e95d1e64e"
+default['gitlab']['gitlab-webui']['web_ui_client_name'] = "chef-webui"
+default['gitlab']['gitlab-webui']['web_ui_admin_user_name'] = "admin"
+default['gitlab']['gitlab-webui']['web_ui_admin_default_password'] = "p@ssw0rd1"
  
 ###
 # Load Balancer
 ###
-default['chef_server']['lb']['enable'] = true
-default['chef_server']['lb']['vip'] = "127.0.0.1"
-default['chef_server']['lb']['api_fqdn'] = node['fqdn']
-default['chef_server']['lb']['web_ui_fqdn'] = node['fqdn']
-default['chef_server']['lb']['cache_cookbook_files'] = false
-default['chef_server']['lb']['debug'] = false
-default['chef_server']['lb']['upstream']['erchef'] = [ "127.0.0.1" ]
-default['chef_server']['lb']['upstream']['chef-server-webui'] = [ "127.0.0.1" ]
-default['chef_server']['lb']['upstream']['bookshelf'] = [ "127.0.0.1" ]
+default['gitlab']['lb']['enable'] = true
+default['gitlab']['lb']['vip'] = "127.0.0.1"
+default['gitlab']['lb']['api_fqdn'] = node['fqdn']
+default['gitlab']['lb']['web_ui_fqdn'] = node['fqdn']
+default['gitlab']['lb']['cache_cookbook_files'] = false
+default['gitlab']['lb']['debug'] = false
+default['gitlab']['lb']['upstream']['erchef'] = [ "127.0.0.1" ]
+default['gitlab']['lb']['upstream']['gitlab-webui'] = [ "127.0.0.1" ]
+default['gitlab']['lb']['upstream']['bookshelf'] = [ "127.0.0.1" ]
  
 ####
 # Nginx
 ####
-default['chef_server']['nginx']['enable'] = true
-default['chef_server']['nginx']['ha'] = false
-default['chef_server']['nginx']['dir'] = "/var/opt/chef-server/nginx"
-default['chef_server']['nginx']['log_directory'] = "/var/log/chef-server/nginx"
-default['chef_server']['nginx']['ssl_port'] = 443
-default['chef_server']['nginx']['enable_non_ssl'] = false
-default['chef_server']['nginx']['non_ssl_port'] = 80
-default['chef_server']['nginx']['server_name'] = node['fqdn']
-default['chef_server']['nginx']['url'] = "https://#{node['fqdn']}"
+default['gitlab']['nginx']['enable'] = true
+default['gitlab']['nginx']['ha'] = false
+default['gitlab']['nginx']['dir'] = "/var/opt/gitlab/nginx"
+default['gitlab']['nginx']['log_directory'] = "/var/log/gitlab/nginx"
+default['gitlab']['nginx']['ssl_port'] = 443
+default['gitlab']['nginx']['enable_non_ssl'] = false
+default['gitlab']['nginx']['non_ssl_port'] = 80
+default['gitlab']['nginx']['server_name'] = node['fqdn']
+default['gitlab']['nginx']['url'] = "https://#{node['fqdn']}"
 # These options provide the current best security with TSLv1
-#default['chef_server']['nginx']['ssl_protocols'] = "-ALL +TLSv1"
-#default['chef_server']['nginx']['ssl_ciphers'] = "RC4:!MD5"
+#default['gitlab']['nginx']['ssl_protocols'] = "-ALL +TLSv1"
+#default['gitlab']['nginx']['ssl_ciphers'] = "RC4:!MD5"
 # This might be necessary for auditors that want no MEDIUM security ciphers and don't understand BEAST attacks
-#default['chef_server']['nginx']['ssl_protocols'] = "-ALL +SSLv3 +TLSv1"
-#default['chef_server']['nginx']['ssl_ciphers'] = "HIGH:!MEDIUM:!LOW:!ADH:!kEDH:!aNULL:!eNULL:!EXP:!SSLv2:!SEED:!CAMELLIA:!PSK"
+#default['gitlab']['nginx']['ssl_protocols'] = "-ALL +SSLv3 +TLSv1"
+#default['gitlab']['nginx']['ssl_ciphers'] = "HIGH:!MEDIUM:!LOW:!ADH:!kEDH:!aNULL:!eNULL:!EXP:!SSLv2:!SEED:!CAMELLIA:!PSK"
 # The following favors performance and compatibility, addresses BEAST, and should pass a PCI audit
-default['chef_server']['nginx']['ssl_protocols'] = "SSLv3 TLSv1"
-default['chef_server']['nginx']['ssl_ciphers'] = "RC4-SHA:RC4-MD5:RC4:RSA:HIGH:MEDIUM:!LOW:!kEDH:!aNULL:!ADH:!eNULL:!EXP:!SSLv2:!SEED:!CAMELLIA:!PSK"
-default['chef_server']['nginx']['ssl_certificate'] = nil
-default['chef_server']['nginx']['ssl_certificate_key'] = nil
-default['chef_server']['nginx']['ssl_country_name'] = "US"
-default['chef_server']['nginx']['ssl_state_name'] = "WA"
-default['chef_server']['nginx']['ssl_locality_name'] = "Seattle"
-default['chef_server']['nginx']['ssl_company_name'] = "YouCorp"
-default['chef_server']['nginx']['ssl_organizational_unit_name'] = "Operations"
-default['chef_server']['nginx']['ssl_email_address'] = "you@example.com"
-default['chef_server']['nginx']['worker_processes'] = node['cpu']['total'].to_i
-default['chef_server']['nginx']['worker_connections'] = 10240
-default['chef_server']['nginx']['sendfile'] = 'on'
-default['chef_server']['nginx']['tcp_nopush'] = 'on'
-default['chef_server']['nginx']['tcp_nodelay'] = 'on'
-default['chef_server']['nginx']['gzip'] = "on"
-default['chef_server']['nginx']['gzip_http_version'] = "1.0"
-default['chef_server']['nginx']['gzip_comp_level'] = "2"
-default['chef_server']['nginx']['gzip_proxied'] = "any"
-default['chef_server']['nginx']['gzip_types'] = [ "text/plain", "text/css", "application/x-javascript", "text/xml", "application/xml", "application/xml+rss", "text/javascript", "application/json" ]
-default['chef_server']['nginx']['keepalive_timeout'] = 65
-default['chef_server']['nginx']['client_max_body_size'] = '250m'
-default['chef_server']['nginx']['cache_max_size'] = '5000m'
+default['gitlab']['nginx']['ssl_protocols'] = "SSLv3 TLSv1"
+default['gitlab']['nginx']['ssl_ciphers'] = "RC4-SHA:RC4-MD5:RC4:RSA:HIGH:MEDIUM:!LOW:!kEDH:!aNULL:!ADH:!eNULL:!EXP:!SSLv2:!SEED:!CAMELLIA:!PSK"
+default['gitlab']['nginx']['ssl_certificate'] = nil
+default['gitlab']['nginx']['ssl_certificate_key'] = nil
+default['gitlab']['nginx']['ssl_country_name'] = "US"
+default['gitlab']['nginx']['ssl_state_name'] = "WA"
+default['gitlab']['nginx']['ssl_locality_name'] = "Seattle"
+default['gitlab']['nginx']['ssl_company_name'] = "YouCorp"
+default['gitlab']['nginx']['ssl_organizational_unit_name'] = "Operations"
+default['gitlab']['nginx']['ssl_email_address'] = "you@example.com"
+default['gitlab']['nginx']['worker_processes'] = node['cpu']['total'].to_i
+default['gitlab']['nginx']['worker_connections'] = 10240
+default['gitlab']['nginx']['sendfile'] = 'on'
+default['gitlab']['nginx']['tcp_nopush'] = 'on'
+default['gitlab']['nginx']['tcp_nodelay'] = 'on'
+default['gitlab']['nginx']['gzip'] = "on"
+default['gitlab']['nginx']['gzip_http_version'] = "1.0"
+default['gitlab']['nginx']['gzip_comp_level'] = "2"
+default['gitlab']['nginx']['gzip_proxied'] = "any"
+default['gitlab']['nginx']['gzip_types'] = [ "text/plain", "text/css", "application/x-javascript", "text/xml", "application/xml", "application/xml+rss", "text/javascript", "application/json" ]
+default['gitlab']['nginx']['keepalive_timeout'] = 65
+default['gitlab']['nginx']['client_max_body_size'] = '250m'
+default['gitlab']['nginx']['cache_max_size'] = '5000m'
  
 ###
 # PostgreSQL
 ###
-default['chef_server']['postgresql']['enable'] = true
-default['chef_server']['postgresql']['ha'] = false
-default['chef_server']['postgresql']['dir'] = "/var/opt/chef-server/postgresql"
-default['chef_server']['postgresql']['data_dir'] = "/var/opt/chef-server/postgresql/data"
-default['chef_server']['postgresql']['log_directory'] = "/var/log/chef-server/postgresql"
-default['chef_server']['postgresql']['svlogd_size'] = 1000000
-default['chef_server']['postgresql']['svlogd_num'] = 10
-default['chef_server']['postgresql']['username'] = "opscode-pgsql"
-default['chef_server']['postgresql']['shell'] = "/bin/sh"
-default['chef_server']['postgresql']['home'] = "/var/opt/chef-server/postgresql"
-default['chef_server']['postgresql']['user_path'] = "/opt/chef-server/embedded/bin:/opt/chef-server/bin:$PATH"
-default['chef_server']['postgresql']['sql_user'] = "opscode_chef"
-default['chef_server']['postgresql']['sql_password'] = "snakepliskin"
-default['chef_server']['postgresql']['sql_ro_user'] = "opscode_chef_ro"
-default['chef_server']['postgresql']['sql_ro_password'] = "shmunzeltazzen"
-default['chef_server']['postgresql']['vip'] = "127.0.0.1"
-default['chef_server']['postgresql']['port'] = 5432
-default['chef_server']['postgresql']['listen_address'] = 'localhost'
-default['chef_server']['postgresql']['max_connections'] = 200
-default['chef_server']['postgresql']['md5_auth_cidr_addresses'] = [ ]
-default['chef_server']['postgresql']['trust_auth_cidr_addresses'] = [ '127.0.0.1/32', '::1/128' ]
-default['chef_server']['postgresql']['shmmax'] = kernel['machine'] =~ /x86_64/ ? 17179869184 : 4294967295
-default['chef_server']['postgresql']['shmall'] = kernel['machine'] =~ /x86_64/ ? 4194304 : 1048575
+default['gitlab']['postgresql']['enable'] = true
+default['gitlab']['postgresql']['ha'] = false
+default['gitlab']['postgresql']['dir'] = "/var/opt/gitlab/postgresql"
+default['gitlab']['postgresql']['data_dir'] = "/var/opt/gitlab/postgresql/data"
+default['gitlab']['postgresql']['log_directory'] = "/var/log/gitlab/postgresql"
+default['gitlab']['postgresql']['svlogd_size'] = 1000000
+default['gitlab']['postgresql']['svlogd_num'] = 10
+default['gitlab']['postgresql']['username'] = "opscode-pgsql"
+default['gitlab']['postgresql']['shell'] = "/bin/sh"
+default['gitlab']['postgresql']['home'] = "/var/opt/gitlab/postgresql"
+default['gitlab']['postgresql']['user_path'] = "/opt/gitlab/embedded/bin:/opt/gitlab/bin:$PATH"
+default['gitlab']['postgresql']['sql_user'] = "opscode_chef"
+default['gitlab']['postgresql']['sql_password'] = "snakepliskin"
+default['gitlab']['postgresql']['sql_ro_user'] = "opscode_chef_ro"
+default['gitlab']['postgresql']['sql_ro_password'] = "shmunzeltazzen"
+default['gitlab']['postgresql']['vip'] = "127.0.0.1"
+default['gitlab']['postgresql']['port'] = 5432
+default['gitlab']['postgresql']['listen_address'] = 'localhost'
+default['gitlab']['postgresql']['max_connections'] = 200
+default['gitlab']['postgresql']['md5_auth_cidr_addresses'] = [ ]
+default['gitlab']['postgresql']['trust_auth_cidr_addresses'] = [ '127.0.0.1/32', '::1/128' ]
+default['gitlab']['postgresql']['shmmax'] = kernel['machine'] =~ /x86_64/ ? 17179869184 : 4294967295
+default['gitlab']['postgresql']['shmall'] = kernel['machine'] =~ /x86_64/ ? 4194304 : 1048575
  
 # Resolves CHEF-3889
-if (node['memory']['total'].to_i / 4) > ((node['chef_server']['postgresql']['shmmax'].to_i / 1024) - 2097152)
+if (node['memory']['total'].to_i / 4) > ((node['gitlab']['postgresql']['shmmax'].to_i / 1024) - 2097152)
   # guard against setting shared_buffers > shmmax on hosts with installed RAM > 64GB
   # use 2GB less than shmmax as the default for these large memory machines
-  default['chef_server']['postgresql']['shared_buffers'] = "14336MB"
+  default['gitlab']['postgresql']['shared_buffers'] = "14336MB"
 else
-  default['chef_server']['postgresql']['shared_buffers'] = "#{(node['memory']['total'].to_i / 4) / (1024)}MB"
+  default['gitlab']['postgresql']['shared_buffers'] = "#{(node['memory']['total'].to_i / 4) / (1024)}MB"
 end
  
-default['chef_server']['postgresql']['work_mem'] = "8MB"
-default['chef_server']['postgresql']['effective_cache_size'] = "#{(node['memory']['total'].to_i / 2) / (1024)}MB"
-default['chef_server']['postgresql']['checkpoint_segments'] = 10
-default['chef_server']['postgresql']['checkpoint_timeout'] = "5min"
-default['chef_server']['postgresql']['checkpoint_completion_target'] = 0.9
-default['chef_server']['postgresql']['checkpoint_warning'] = "30s"
+default['gitlab']['postgresql']['work_mem'] = "8MB"
+default['gitlab']['postgresql']['effective_cache_size'] = "#{(node['memory']['total'].to_i / 2) / (1024)}MB"
+default['gitlab']['postgresql']['checkpoint_segments'] = 10
+default['gitlab']['postgresql']['checkpoint_timeout'] = "5min"
+default['gitlab']['postgresql']['checkpoint_completion_target'] = 0.9
+default['gitlab']['postgresql']['checkpoint_warning'] = "30s"
...	...	@@ -18,140 +18,137 @@
18	18	###
19	19	# High level options
20	20	###
21		-default['chef_server']['api_version'] = "11.0.2"
22		-default['chef_server']['flavor'] = "osc" # Open Source Chef
23		-
24		-default['chef_server']['notification_email'] = "info@example.com"
25		-default['chef_server']['bootstrap']['enable'] = true
	21	+default['gitlab']['notification_email'] = "info@example.com"
	22	+default['gitlab']['bootstrap']['enable'] = true
26	23
27	24	####
28	25	# The Chef User that services run as
29	26	####
30	27	# The username for the chef services user
31		-default['chef_server']['user']['username'] = "chef_server"
	28	+default['gitlab']['user']['username'] = "gitlab"
32	29	# The shell for the chef services user
33		-default['chef_server']['user']['shell'] = "/bin/sh"
	30	+default['gitlab']['user']['shell'] = "/bin/sh"
34	31	# The home directory for the chef services user
35		-default['chef_server']['user']['home'] = "/opt/chef-server/embedded"
	32	+default['gitlab']['user']['home'] = "/opt/gitlab/embedded"
36	33
37	34	####
38	35	# Chef Server WebUI
39	36	####
40		-default['chef_server']['chef-server-webui']['enable'] = true
41		-default['chef_server']['chef-server-webui']['ha'] = false
42		-default['chef_server']['chef-server-webui']['dir'] = "/var/opt/chef-server/chef-server-webui"
43		-default['chef_server']['chef-server-webui']['log_directory'] = "/var/log/chef-server/chef-server-webui"
44		-default['chef_server']['chef-server-webui']['environment'] = 'chefserver'
45		-default['chef_server']['chef-server-webui']['listen'] = '127.0.0.1'
46		-default['chef_server']['chef-server-webui']['vip'] = '127.0.0.1'
47		-default['chef_server']['chef-server-webui']['port'] = 9462
48		-default['chef_server']['chef-server-webui']['backlog'] = 1024
49		-default['chef_server']['chef-server-webui']['tcp_nodelay'] = true
50		-default['chef_server']['chef-server-webui']['worker_timeout'] = 3600
51		-default['chef_server']['chef-server-webui']['umask'] = "0022"
52		-default['chef_server']['chef-server-webui']['worker_processes'] = 2
53		-default['chef_server']['chef-server-webui']['session_key'] = "_sandbox_session"
54		-default['chef_server']['chef-server-webui']['cookie_domain'] = "all"
55		-default['chef_server']['chef-server-webui']['cookie_secret'] = "47b3b8d95dea455baf32155e95d1e64e"
56		-default['chef_server']['chef-server-webui']['web_ui_client_name'] = "chef-webui"
57		-default['chef_server']['chef-server-webui']['web_ui_admin_user_name'] = "admin"
58		-default['chef_server']['chef-server-webui']['web_ui_admin_default_password'] = "p@ssw0rd1"
	37	+default['gitlab']['gitlab-webui']['enable'] = true
	38	+default['gitlab']['gitlab-webui']['ha'] = false
	39	+default['gitlab']['gitlab-webui']['dir'] = "/var/opt/gitlab/gitlab-webui"
	40	+default['gitlab']['gitlab-webui']['log_directory'] = "/var/log/gitlab/gitlab-webui"
	41	+default['gitlab']['gitlab-webui']['environment'] = 'chefserver'
	42	+default['gitlab']['gitlab-webui']['listen'] = '127.0.0.1'
	43	+default['gitlab']['gitlab-webui']['vip'] = '127.0.0.1'
	44	+default['gitlab']['gitlab-webui']['port'] = 9462
	45	+default['gitlab']['gitlab-webui']['backlog'] = 1024
	46	+default['gitlab']['gitlab-webui']['tcp_nodelay'] = true
	47	+default['gitlab']['gitlab-webui']['worker_timeout'] = 3600
	48	+default['gitlab']['gitlab-webui']['umask'] = "0022"
	49	+default['gitlab']['gitlab-webui']['worker_processes'] = 2
	50	+default['gitlab']['gitlab-webui']['session_key'] = "_sandbox_session"
	51	+default['gitlab']['gitlab-webui']['cookie_domain'] = "all"
	52	+default['gitlab']['gitlab-webui']['cookie_secret'] = "47b3b8d95dea455baf32155e95d1e64e"
	53	+default['gitlab']['gitlab-webui']['web_ui_client_name'] = "chef-webui"
	54	+default['gitlab']['gitlab-webui']['web_ui_admin_user_name'] = "admin"
	55	+default['gitlab']['gitlab-webui']['web_ui_admin_default_password'] = "p@ssw0rd1"
59	56
60	57	###
61	58	# Load Balancer
62	59	###
63		-default['chef_server']['lb']['enable'] = true
64		-default['chef_server']['lb']['vip'] = "127.0.0.1"
65		-default['chef_server']['lb']['api_fqdn'] = node['fqdn']
66		-default['chef_server']['lb']['web_ui_fqdn'] = node['fqdn']
67		-default['chef_server']['lb']['cache_cookbook_files'] = false
68		-default['chef_server']['lb']['debug'] = false
69		-default['chef_server']['lb']['upstream']['erchef'] = [ "127.0.0.1" ]
70		-default['chef_server']['lb']['upstream']['chef-server-webui'] = [ "127.0.0.1" ]
71		-default['chef_server']['lb']['upstream']['bookshelf'] = [ "127.0.0.1" ]
	60	+default['gitlab']['lb']['enable'] = true
	61	+default['gitlab']['lb']['vip'] = "127.0.0.1"
	62	+default['gitlab']['lb']['api_fqdn'] = node['fqdn']
	63	+default['gitlab']['lb']['web_ui_fqdn'] = node['fqdn']
	64	+default['gitlab']['lb']['cache_cookbook_files'] = false
	65	+default['gitlab']['lb']['debug'] = false
	66	+default['gitlab']['lb']['upstream']['erchef'] = [ "127.0.0.1" ]
	67	+default['gitlab']['lb']['upstream']['gitlab-webui'] = [ "127.0.0.1" ]
	68	+default['gitlab']['lb']['upstream']['bookshelf'] = [ "127.0.0.1" ]
72	69
73	70	####
74	71	# Nginx
75	72	####
76		-default['chef_server']['nginx']['enable'] = true
77		-default['chef_server']['nginx']['ha'] = false
78		-default['chef_server']['nginx']['dir'] = "/var/opt/chef-server/nginx"
79		-default['chef_server']['nginx']['log_directory'] = "/var/log/chef-server/nginx"
80		-default['chef_server']['nginx']['ssl_port'] = 443
81		-default['chef_server']['nginx']['enable_non_ssl'] = false
82		-default['chef_server']['nginx']['non_ssl_port'] = 80
83		-default['chef_server']['nginx']['server_name'] = node['fqdn']
84		-default['chef_server']['nginx']['url'] = "https://#{node['fqdn']}"
	73	+default['gitlab']['nginx']['enable'] = true
	74	+default['gitlab']['nginx']['ha'] = false
	75	+default['gitlab']['nginx']['dir'] = "/var/opt/gitlab/nginx"
	76	+default['gitlab']['nginx']['log_directory'] = "/var/log/gitlab/nginx"
	77	+default['gitlab']['nginx']['ssl_port'] = 443
	78	+default['gitlab']['nginx']['enable_non_ssl'] = false
	79	+default['gitlab']['nginx']['non_ssl_port'] = 80
	80	+default['gitlab']['nginx']['server_name'] = node['fqdn']
	81	+default['gitlab']['nginx']['url'] = "https://#{node['fqdn']}"
85	82	# These options provide the current best security with TSLv1
86		-#default['chef_server']['nginx']['ssl_protocols'] = "-ALL +TLSv1"
87		-#default['chef_server']['nginx']['ssl_ciphers'] = "RC4:!MD5"
	83	+#default['gitlab']['nginx']['ssl_protocols'] = "-ALL +TLSv1"
	84	+#default['gitlab']['nginx']['ssl_ciphers'] = "RC4:!MD5"
88	85	# This might be necessary for auditors that want no MEDIUM security ciphers and don't understand BEAST attacks
89		-#default['chef_server']['nginx']['ssl_protocols'] = "-ALL +SSLv3 +TLSv1"
90		-#default['chef_server']['nginx']['ssl_ciphers'] = "HIGH:!MEDIUM:!LOW:!ADH:!kEDH:!aNULL:!eNULL:!EXP:!SSLv2:!SEED:!CAMELLIA:!PSK"
	86	+#default['gitlab']['nginx']['ssl_protocols'] = "-ALL +SSLv3 +TLSv1"
	87	+#default['gitlab']['nginx']['ssl_ciphers'] = "HIGH:!MEDIUM:!LOW:!ADH:!kEDH:!aNULL:!eNULL:!EXP:!SSLv2:!SEED:!CAMELLIA:!PSK"
91	88	# The following favors performance and compatibility, addresses BEAST, and should pass a PCI audit
92		-default['chef_server']['nginx']['ssl_protocols'] = "SSLv3 TLSv1"
93		-default['chef_server']['nginx']['ssl_ciphers'] = "RC4-SHA:RC4-MD5:RC4:RSA:HIGH:MEDIUM:!LOW:!kEDH:!aNULL:!ADH:!eNULL:!EXP:!SSLv2:!SEED:!CAMELLIA:!PSK"
94		-default['chef_server']['nginx']['ssl_certificate'] = nil
95		-default['chef_server']['nginx']['ssl_certificate_key'] = nil
96		-default['chef_server']['nginx']['ssl_country_name'] = "US"
97		-default['chef_server']['nginx']['ssl_state_name'] = "WA"
98		-default['chef_server']['nginx']['ssl_locality_name'] = "Seattle"
99		-default['chef_server']['nginx']['ssl_company_name'] = "YouCorp"
100		-default['chef_server']['nginx']['ssl_organizational_unit_name'] = "Operations"
101		-default['chef_server']['nginx']['ssl_email_address'] = "you@example.com"
102		-default['chef_server']['nginx']['worker_processes'] = node['cpu']['total'].to_i
103		-default['chef_server']['nginx']['worker_connections'] = 10240
104		-default['chef_server']['nginx']['sendfile'] = 'on'
105		-default['chef_server']['nginx']['tcp_nopush'] = 'on'
106		-default['chef_server']['nginx']['tcp_nodelay'] = 'on'
107		-default['chef_server']['nginx']['gzip'] = "on"
108		-default['chef_server']['nginx']['gzip_http_version'] = "1.0"
109		-default['chef_server']['nginx']['gzip_comp_level'] = "2"
110		-default['chef_server']['nginx']['gzip_proxied'] = "any"
111		-default['chef_server']['nginx']['gzip_types'] = [ "text/plain", "text/css", "application/x-javascript", "text/xml", "application/xml", "application/xml+rss", "text/javascript", "application/json" ]
112		-default['chef_server']['nginx']['keepalive_timeout'] = 65
113		-default['chef_server']['nginx']['client_max_body_size'] = '250m'
114		-default['chef_server']['nginx']['cache_max_size'] = '5000m'
	89	+default['gitlab']['nginx']['ssl_protocols'] = "SSLv3 TLSv1"
	90	+default['gitlab']['nginx']['ssl_ciphers'] = "RC4-SHA:RC4-MD5:RC4:RSA:HIGH:MEDIUM:!LOW:!kEDH:!aNULL:!ADH:!eNULL:!EXP:!SSLv2:!SEED:!CAMELLIA:!PSK"
	91	+default['gitlab']['nginx']['ssl_certificate'] = nil
	92	+default['gitlab']['nginx']['ssl_certificate_key'] = nil
	93	+default['gitlab']['nginx']['ssl_country_name'] = "US"
	94	+default['gitlab']['nginx']['ssl_state_name'] = "WA"
	95	+default['gitlab']['nginx']['ssl_locality_name'] = "Seattle"
	96	+default['gitlab']['nginx']['ssl_company_name'] = "YouCorp"
	97	+default['gitlab']['nginx']['ssl_organizational_unit_name'] = "Operations"
	98	+default['gitlab']['nginx']['ssl_email_address'] = "you@example.com"
	99	+default['gitlab']['nginx']['worker_processes'] = node['cpu']['total'].to_i
	100	+default['gitlab']['nginx']['worker_connections'] = 10240
	101	+default['gitlab']['nginx']['sendfile'] = 'on'
	102	+default['gitlab']['nginx']['tcp_nopush'] = 'on'
	103	+default['gitlab']['nginx']['tcp_nodelay'] = 'on'
	104	+default['gitlab']['nginx']['gzip'] = "on"
	105	+default['gitlab']['nginx']['gzip_http_version'] = "1.0"
	106	+default['gitlab']['nginx']['gzip_comp_level'] = "2"
	107	+default['gitlab']['nginx']['gzip_proxied'] = "any"
	108	+default['gitlab']['nginx']['gzip_types'] = [ "text/plain", "text/css", "application/x-javascript", "text/xml", "application/xml", "application/xml+rss", "text/javascript", "application/json" ]
	109	+default['gitlab']['nginx']['keepalive_timeout'] = 65
	110	+default['gitlab']['nginx']['client_max_body_size'] = '250m'
	111	+default['gitlab']['nginx']['cache_max_size'] = '5000m'
115	112
116	113	###
117	114	# PostgreSQL
118	115	###
119		-default['chef_server']['postgresql']['enable'] = true
120		-default['chef_server']['postgresql']['ha'] = false
121		-default['chef_server']['postgresql']['dir'] = "/var/opt/chef-server/postgresql"
122		-default['chef_server']['postgresql']['data_dir'] = "/var/opt/chef-server/postgresql/data"
123		-default['chef_server']['postgresql']['log_directory'] = "/var/log/chef-server/postgresql"
124		-default['chef_server']['postgresql']['svlogd_size'] = 1000000
125		-default['chef_server']['postgresql']['svlogd_num'] = 10
126		-default['chef_server']['postgresql']['username'] = "opscode-pgsql"
127		-default['chef_server']['postgresql']['shell'] = "/bin/sh"
128		-default['chef_server']['postgresql']['home'] = "/var/opt/chef-server/postgresql"
129		-default['chef_server']['postgresql']['user_path'] = "/opt/chef-server/embedded/bin:/opt/chef-server/bin:$PATH"
130		-default['chef_server']['postgresql']['sql_user'] = "opscode_chef"
131		-default['chef_server']['postgresql']['sql_password'] = "snakepliskin"
132		-default['chef_server']['postgresql']['sql_ro_user'] = "opscode_chef_ro"
133		-default['chef_server']['postgresql']['sql_ro_password'] = "shmunzeltazzen"
134		-default['chef_server']['postgresql']['vip'] = "127.0.0.1"
135		-default['chef_server']['postgresql']['port'] = 5432
136		-default['chef_server']['postgresql']['listen_address'] = 'localhost'
137		-default['chef_server']['postgresql']['max_connections'] = 200
138		-default['chef_server']['postgresql']['md5_auth_cidr_addresses'] = [ ]
139		-default['chef_server']['postgresql']['trust_auth_cidr_addresses'] = [ '127.0.0.1/32', '::1/128' ]
140		-default['chef_server']['postgresql']['shmmax'] = kernel['machine'] =~ /x86_64/ ? 17179869184 : 4294967295
141		-default['chef_server']['postgresql']['shmall'] = kernel['machine'] =~ /x86_64/ ? 4194304 : 1048575
	116	+default['gitlab']['postgresql']['enable'] = true
	117	+default['gitlab']['postgresql']['ha'] = false
	118	+default['gitlab']['postgresql']['dir'] = "/var/opt/gitlab/postgresql"
	119	+default['gitlab']['postgresql']['data_dir'] = "/var/opt/gitlab/postgresql/data"
	120	+default['gitlab']['postgresql']['log_directory'] = "/var/log/gitlab/postgresql"
	121	+default['gitlab']['postgresql']['svlogd_size'] = 1000000
	122	+default['gitlab']['postgresql']['svlogd_num'] = 10
	123	+default['gitlab']['postgresql']['username'] = "opscode-pgsql"
	124	+default['gitlab']['postgresql']['shell'] = "/bin/sh"
	125	+default['gitlab']['postgresql']['home'] = "/var/opt/gitlab/postgresql"
	126	+default['gitlab']['postgresql']['user_path'] = "/opt/gitlab/embedded/bin:/opt/gitlab/bin:$PATH"
	127	+default['gitlab']['postgresql']['sql_user'] = "opscode_chef"
	128	+default['gitlab']['postgresql']['sql_password'] = "snakepliskin"
	129	+default['gitlab']['postgresql']['sql_ro_user'] = "opscode_chef_ro"
	130	+default['gitlab']['postgresql']['sql_ro_password'] = "shmunzeltazzen"
	131	+default['gitlab']['postgresql']['vip'] = "127.0.0.1"
	132	+default['gitlab']['postgresql']['port'] = 5432
	133	+default['gitlab']['postgresql']['listen_address'] = 'localhost'
	134	+default['gitlab']['postgresql']['max_connections'] = 200
	135	+default['gitlab']['postgresql']['md5_auth_cidr_addresses'] = [ ]
	136	+default['gitlab']['postgresql']['trust_auth_cidr_addresses'] = [ '127.0.0.1/32', '::1/128' ]
	137	+default['gitlab']['postgresql']['shmmax'] = kernel['machine'] =~ /x86_64/ ? 17179869184 : 4294967295
	138	+default['gitlab']['postgresql']['shmall'] = kernel['machine'] =~ /x86_64/ ? 4194304 : 1048575
142	139
143	140	# Resolves CHEF-3889
144		-if (node['memory']['total'].to_i / 4) > ((node['chef_server']['postgresql']['shmmax'].to_i / 1024) - 2097152)
	141	+if (node['memory']['total'].to_i / 4) > ((node['gitlab']['postgresql']['shmmax'].to_i / 1024) - 2097152)
145	142	# guard against setting shared_buffers > shmmax on hosts with installed RAM > 64GB
146	143	# use 2GB less than shmmax as the default for these large memory machines
147		- default['chef_server']['postgresql']['shared_buffers'] = "14336MB"
	144	+ default['gitlab']['postgresql']['shared_buffers'] = "14336MB"
148	145	else
149		- default['chef_server']['postgresql']['shared_buffers'] = "#{(node['memory']['total'].to_i / 4) / (1024)}MB"
	146	+ default['gitlab']['postgresql']['shared_buffers'] = "#{(node['memory']['total'].to_i / 4) / (1024)}MB"
150	147	end
151	148
152		-default['chef_server']['postgresql']['work_mem'] = "8MB"
153		-default['chef_server']['postgresql']['effective_cache_size'] = "#{(node['memory']['total'].to_i / 2) / (1024)}MB"
154		-default['chef_server']['postgresql']['checkpoint_segments'] = 10
155		-default['chef_server']['postgresql']['checkpoint_timeout'] = "5min"
156		-default['chef_server']['postgresql']['checkpoint_completion_target'] = 0.9
157		-default['chef_server']['postgresql']['checkpoint_warning'] = "30s"
	149	+default['gitlab']['postgresql']['work_mem'] = "8MB"
	150	+default['gitlab']['postgresql']['effective_cache_size'] = "#{(node['memory']['total'].to_i / 2) / (1024)}MB"
	151	+default['gitlab']['postgresql']['checkpoint_segments'] = 10
	152	+default['gitlab']['postgresql']['checkpoint_timeout'] = "5min"
	153	+default['gitlab']['postgresql']['checkpoint_completion_target'] = 0.9
	154	+default['gitlab']['postgresql']['checkpoint_warning'] = "30s"
...	...