Download as
Browse Code »

Commit 0f3476b366edc54fa1a6e0efb7ee22370d18a91a

Authored by Jacob Vosmaer
1 parent da5a1635
Exists in master and in 17 other branches 6-6-stable, 6-6-stable-ee, 6-7-stable, 6-7-stable-ee, 6-8-stable, 6-8-stable-ee, 6-9-stable, 6-9-stable-ee, 7-0-stable, 7-0-stable-ee, 7-0-stable-spb, 7-1-stable, 7-1-stable-ee, 7-2-stable, 7-2-stable-ee, branch_test, nginx_ssl_tweaks

Replace chef.server with gitlab

Showing 1 changed file with 101 additions and 104 deletions   Show diff stats
files/gitlab-cookbooks/gitlab/attributes/default.rb
  Diff comments   View file @0f3476b
@@ -18,140 +18,137 @@ @@ -18,140 +18,137 @@
18 ### 18 ###
19 # High level options 19 # High level options
20 ### 20 ###
21 -default['chef_server']['api_version'] = "11.0.2"  
22 -default['chef_server']['flavor'] = "osc" # Open Source Chef  
23 -  
24 -default['chef_server']['notification_email'] = "info@example.com"  
25 -default['chef_server']['bootstrap']['enable'] = true 21 +default['gitlab']['notification_email'] = "info@example.com"
  22 +default['gitlab']['bootstrap']['enable'] = true
26 23
27 #### 24 ####
28 # The Chef User that services run as 25 # The Chef User that services run as
29 #### 26 ####
30 # The username for the chef services user 27 # The username for the chef services user
31 -default['chef_server']['user']['username'] = "chef_server" 28 +default['gitlab']['user']['username'] = "gitlab"
32 # The shell for the chef services user 29 # The shell for the chef services user
33 -default['chef_server']['user']['shell'] = "/bin/sh" 30 +default['gitlab']['user']['shell'] = "/bin/sh"
34 # The home directory for the chef services user 31 # The home directory for the chef services user
35 -default['chef_server']['user']['home'] = "/opt/chef-server/embedded" 32 +default['gitlab']['user']['home'] = "/opt/gitlab/embedded"
36 33
37 #### 34 ####
38 # Chef Server WebUI 35 # Chef Server WebUI
39 #### 36 ####
40 -default['chef_server']['chef-server-webui']['enable'] = true  
41 -default['chef_server']['chef-server-webui']['ha'] = false  
42 -default['chef_server']['chef-server-webui']['dir'] = "/var/opt/chef-server/chef-server-webui"  
43 -default['chef_server']['chef-server-webui']['log_directory'] = "/var/log/chef-server/chef-server-webui"  
44 -default['chef_server']['chef-server-webui']['environment'] = 'chefserver'  
45 -default['chef_server']['chef-server-webui']['listen'] = '127.0.0.1'  
46 -default['chef_server']['chef-server-webui']['vip'] = '127.0.0.1'  
47 -default['chef_server']['chef-server-webui']['port'] = 9462  
48 -default['chef_server']['chef-server-webui']['backlog'] = 1024  
49 -default['chef_server']['chef-server-webui']['tcp_nodelay'] = true  
50 -default['chef_server']['chef-server-webui']['worker_timeout'] = 3600  
51 -default['chef_server']['chef-server-webui']['umask'] = "0022"  
52 -default['chef_server']['chef-server-webui']['worker_processes'] = 2  
53 -default['chef_server']['chef-server-webui']['session_key'] = "_sandbox_session"  
54 -default['chef_server']['chef-server-webui']['cookie_domain'] = "all"  
55 -default['chef_server']['chef-server-webui']['cookie_secret'] = "47b3b8d95dea455baf32155e95d1e64e"  
56 -default['chef_server']['chef-server-webui']['web_ui_client_name'] = "chef-webui"  
57 -default['chef_server']['chef-server-webui']['web_ui_admin_user_name'] = "admin"  
58 -default['chef_server']['chef-server-webui']['web_ui_admin_default_password'] = "p@ssw0rd1" 37 +default['gitlab']['gitlab-webui']['enable'] = true
  38 +default['gitlab']['gitlab-webui']['ha'] = false
  39 +default['gitlab']['gitlab-webui']['dir'] = "/var/opt/gitlab/gitlab-webui"
  40 +default['gitlab']['gitlab-webui']['log_directory'] = "/var/log/gitlab/gitlab-webui"
  41 +default['gitlab']['gitlab-webui']['environment'] = 'chefserver'
  42 +default['gitlab']['gitlab-webui']['listen'] = '127.0.0.1'
  43 +default['gitlab']['gitlab-webui']['vip'] = '127.0.0.1'
  44 +default['gitlab']['gitlab-webui']['port'] = 9462
  45 +default['gitlab']['gitlab-webui']['backlog'] = 1024
  46 +default['gitlab']['gitlab-webui']['tcp_nodelay'] = true
  47 +default['gitlab']['gitlab-webui']['worker_timeout'] = 3600
  48 +default['gitlab']['gitlab-webui']['umask'] = "0022"
  49 +default['gitlab']['gitlab-webui']['worker_processes'] = 2
  50 +default['gitlab']['gitlab-webui']['session_key'] = "_sandbox_session"
  51 +default['gitlab']['gitlab-webui']['cookie_domain'] = "all"
  52 +default['gitlab']['gitlab-webui']['cookie_secret'] = "47b3b8d95dea455baf32155e95d1e64e"
  53 +default['gitlab']['gitlab-webui']['web_ui_client_name'] = "chef-webui"
  54 +default['gitlab']['gitlab-webui']['web_ui_admin_user_name'] = "admin"
  55 +default['gitlab']['gitlab-webui']['web_ui_admin_default_password'] = "p@ssw0rd1"
59 56
60 ### 57 ###
61 # Load Balancer 58 # Load Balancer
62 ### 59 ###
63 -default['chef_server']['lb']['enable'] = true  
64 -default['chef_server']['lb']['vip'] = "127.0.0.1"  
65 -default['chef_server']['lb']['api_fqdn'] = node['fqdn']  
66 -default['chef_server']['lb']['web_ui_fqdn'] = node['fqdn']  
67 -default['chef_server']['lb']['cache_cookbook_files'] = false  
68 -default['chef_server']['lb']['debug'] = false  
69 -default['chef_server']['lb']['upstream']['erchef'] = [ "127.0.0.1" ]  
70 -default['chef_server']['lb']['upstream']['chef-server-webui'] = [ "127.0.0.1" ]  
71 -default['chef_server']['lb']['upstream']['bookshelf'] = [ "127.0.0.1" ] 60 +default['gitlab']['lb']['enable'] = true
  61 +default['gitlab']['lb']['vip'] = "127.0.0.1"
  62 +default['gitlab']['lb']['api_fqdn'] = node['fqdn']
  63 +default['gitlab']['lb']['web_ui_fqdn'] = node['fqdn']
  64 +default['gitlab']['lb']['cache_cookbook_files'] = false
  65 +default['gitlab']['lb']['debug'] = false
  66 +default['gitlab']['lb']['upstream']['erchef'] = [ "127.0.0.1" ]
  67 +default['gitlab']['lb']['upstream']['gitlab-webui'] = [ "127.0.0.1" ]
  68 +default['gitlab']['lb']['upstream']['bookshelf'] = [ "127.0.0.1" ]
72 69
73 #### 70 ####
74 # Nginx 71 # Nginx
75 #### 72 ####
76 -default['chef_server']['nginx']['enable'] = true  
77 -default['chef_server']['nginx']['ha'] = false  
78 -default['chef_server']['nginx']['dir'] = "/var/opt/chef-server/nginx"  
79 -default['chef_server']['nginx']['log_directory'] = "/var/log/chef-server/nginx"  
80 -default['chef_server']['nginx']['ssl_port'] = 443  
81 -default['chef_server']['nginx']['enable_non_ssl'] = false  
82 -default['chef_server']['nginx']['non_ssl_port'] = 80  
83 -default['chef_server']['nginx']['server_name'] = node['fqdn']  
84 -default['chef_server']['nginx']['url'] = "https://#{node['fqdn']}" 73 +default['gitlab']['nginx']['enable'] = true
  74 +default['gitlab']['nginx']['ha'] = false
  75 +default['gitlab']['nginx']['dir'] = "/var/opt/gitlab/nginx"
  76 +default['gitlab']['nginx']['log_directory'] = "/var/log/gitlab/nginx"
  77 +default['gitlab']['nginx']['ssl_port'] = 443
  78 +default['gitlab']['nginx']['enable_non_ssl'] = false
  79 +default['gitlab']['nginx']['non_ssl_port'] = 80
  80 +default['gitlab']['nginx']['server_name'] = node['fqdn']
  81 +default['gitlab']['nginx']['url'] = "https://#{node['fqdn']}"
85 # These options provide the current best security with TSLv1 82 # These options provide the current best security with TSLv1
86 -#default['chef_server']['nginx']['ssl_protocols'] = "-ALL +TLSv1"  
87 -#default['chef_server']['nginx']['ssl_ciphers'] = "RC4:!MD5" 83 +#default['gitlab']['nginx']['ssl_protocols'] = "-ALL +TLSv1"
  84 +#default['gitlab']['nginx']['ssl_ciphers'] = "RC4:!MD5"
88 # This might be necessary for auditors that want no MEDIUM security ciphers and don't understand BEAST attacks 85 # This might be necessary for auditors that want no MEDIUM security ciphers and don't understand BEAST attacks
89 -#default['chef_server']['nginx']['ssl_protocols'] = "-ALL +SSLv3 +TLSv1"  
90 -#default['chef_server']['nginx']['ssl_ciphers'] = "HIGH:!MEDIUM:!LOW:!ADH:!kEDH:!aNULL:!eNULL:!EXP:!SSLv2:!SEED:!CAMELLIA:!PSK" 86 +#default['gitlab']['nginx']['ssl_protocols'] = "-ALL +SSLv3 +TLSv1"
  87 +#default['gitlab']['nginx']['ssl_ciphers'] = "HIGH:!MEDIUM:!LOW:!ADH:!kEDH:!aNULL:!eNULL:!EXP:!SSLv2:!SEED:!CAMELLIA:!PSK"
91 # The following favors performance and compatibility, addresses BEAST, and should pass a PCI audit 88 # The following favors performance and compatibility, addresses BEAST, and should pass a PCI audit
92 -default['chef_server']['nginx']['ssl_protocols'] = "SSLv3 TLSv1"  
93 -default['chef_server']['nginx']['ssl_ciphers'] = "RC4-SHA:RC4-MD5:RC4:RSA:HIGH:MEDIUM:!LOW:!kEDH:!aNULL:!ADH:!eNULL:!EXP:!SSLv2:!SEED:!CAMELLIA:!PSK"  
94 -default['chef_server']['nginx']['ssl_certificate'] = nil  
95 -default['chef_server']['nginx']['ssl_certificate_key'] = nil  
96 -default['chef_server']['nginx']['ssl_country_name'] = "US"  
97 -default['chef_server']['nginx']['ssl_state_name'] = "WA"  
98 -default['chef_server']['nginx']['ssl_locality_name'] = "Seattle"  
99 -default['chef_server']['nginx']['ssl_company_name'] = "YouCorp"  
100 -default['chef_server']['nginx']['ssl_organizational_unit_name'] = "Operations"  
101 -default['chef_server']['nginx']['ssl_email_address'] = "you@example.com"  
102 -default['chef_server']['nginx']['worker_processes'] = node['cpu']['total'].to_i  
103 -default['chef_server']['nginx']['worker_connections'] = 10240  
104 -default['chef_server']['nginx']['sendfile'] = 'on'  
105 -default['chef_server']['nginx']['tcp_nopush'] = 'on'  
106 -default['chef_server']['nginx']['tcp_nodelay'] = 'on'  
107 -default['chef_server']['nginx']['gzip'] = "on"  
108 -default['chef_server']['nginx']['gzip_http_version'] = "1.0"  
109 -default['chef_server']['nginx']['gzip_comp_level'] = "2"  
110 -default['chef_server']['nginx']['gzip_proxied'] = "any"  
111 -default['chef_server']['nginx']['gzip_types'] = [ "text/plain", "text/css", "application/x-javascript", "text/xml", "application/xml", "application/xml+rss", "text/javascript", "application/json" ]  
112 -default['chef_server']['nginx']['keepalive_timeout'] = 65  
113 -default['chef_server']['nginx']['client_max_body_size'] = '250m'  
114 -default['chef_server']['nginx']['cache_max_size'] = '5000m' 89 +default['gitlab']['nginx']['ssl_protocols'] = "SSLv3 TLSv1"
  90 +default['gitlab']['nginx']['ssl_ciphers'] = "RC4-SHA:RC4-MD5:RC4:RSA:HIGH:MEDIUM:!LOW:!kEDH:!aNULL:!ADH:!eNULL:!EXP:!SSLv2:!SEED:!CAMELLIA:!PSK"
  91 +default['gitlab']['nginx']['ssl_certificate'] = nil
  92 +default['gitlab']['nginx']['ssl_certificate_key'] = nil
  93 +default['gitlab']['nginx']['ssl_country_name'] = "US"
  94 +default['gitlab']['nginx']['ssl_state_name'] = "WA"
  95 +default['gitlab']['nginx']['ssl_locality_name'] = "Seattle"
  96 +default['gitlab']['nginx']['ssl_company_name'] = "YouCorp"
  97 +default['gitlab']['nginx']['ssl_organizational_unit_name'] = "Operations"
  98 +default['gitlab']['nginx']['ssl_email_address'] = "you@example.com"
  99 +default['gitlab']['nginx']['worker_processes'] = node['cpu']['total'].to_i
  100 +default['gitlab']['nginx']['worker_connections'] = 10240
  101 +default['gitlab']['nginx']['sendfile'] = 'on'
  102 +default['gitlab']['nginx']['tcp_nopush'] = 'on'
  103 +default['gitlab']['nginx']['tcp_nodelay'] = 'on'
  104 +default['gitlab']['nginx']['gzip'] = "on"
  105 +default['gitlab']['nginx']['gzip_http_version'] = "1.0"
  106 +default['gitlab']['nginx']['gzip_comp_level'] = "2"
  107 +default['gitlab']['nginx']['gzip_proxied'] = "any"
  108 +default['gitlab']['nginx']['gzip_types'] = [ "text/plain", "text/css", "application/x-javascript", "text/xml", "application/xml", "application/xml+rss", "text/javascript", "application/json" ]
  109 +default['gitlab']['nginx']['keepalive_timeout'] = 65
  110 +default['gitlab']['nginx']['client_max_body_size'] = '250m'
  111 +default['gitlab']['nginx']['cache_max_size'] = '5000m'
115 112
116 ### 113 ###
117 # PostgreSQL 114 # PostgreSQL
118 ### 115 ###
119 -default['chef_server']['postgresql']['enable'] = true  
120 -default['chef_server']['postgresql']['ha'] = false  
121 -default['chef_server']['postgresql']['dir'] = "/var/opt/chef-server/postgresql"  
122 -default['chef_server']['postgresql']['data_dir'] = "/var/opt/chef-server/postgresql/data"  
123 -default['chef_server']['postgresql']['log_directory'] = "/var/log/chef-server/postgresql"  
124 -default['chef_server']['postgresql']['svlogd_size'] = 1000000  
125 -default['chef_server']['postgresql']['svlogd_num'] = 10  
126 -default['chef_server']['postgresql']['username'] = "opscode-pgsql"  
127 -default['chef_server']['postgresql']['shell'] = "/bin/sh"  
128 -default['chef_server']['postgresql']['home'] = "/var/opt/chef-server/postgresql"  
129 -default['chef_server']['postgresql']['user_path'] = "/opt/chef-server/embedded/bin:/opt/chef-server/bin:$PATH"  
130 -default['chef_server']['postgresql']['sql_user'] = "opscode_chef"  
131 -default['chef_server']['postgresql']['sql_password'] = "snakepliskin"  
132 -default['chef_server']['postgresql']['sql_ro_user'] = "opscode_chef_ro"  
133 -default['chef_server']['postgresql']['sql_ro_password'] = "shmunzeltazzen"  
134 -default['chef_server']['postgresql']['vip'] = "127.0.0.1"  
135 -default['chef_server']['postgresql']['port'] = 5432  
136 -default['chef_server']['postgresql']['listen_address'] = 'localhost'  
137 -default['chef_server']['postgresql']['max_connections'] = 200  
138 -default['chef_server']['postgresql']['md5_auth_cidr_addresses'] = [ ]  
139 -default['chef_server']['postgresql']['trust_auth_cidr_addresses'] = [ '127.0.0.1/32', '::1/128' ]  
140 -default['chef_server']['postgresql']['shmmax'] = kernel['machine'] =~ /x86_64/ ? 17179869184 : 4294967295  
141 -default['chef_server']['postgresql']['shmall'] = kernel['machine'] =~ /x86_64/ ? 4194304 : 1048575 116 +default['gitlab']['postgresql']['enable'] = true
  117 +default['gitlab']['postgresql']['ha'] = false
  118 +default['gitlab']['postgresql']['dir'] = "/var/opt/gitlab/postgresql"
  119 +default['gitlab']['postgresql']['data_dir'] = "/var/opt/gitlab/postgresql/data"
  120 +default['gitlab']['postgresql']['log_directory'] = "/var/log/gitlab/postgresql"
  121 +default['gitlab']['postgresql']['svlogd_size'] = 1000000
  122 +default['gitlab']['postgresql']['svlogd_num'] = 10
  123 +default['gitlab']['postgresql']['username'] = "opscode-pgsql"
  124 +default['gitlab']['postgresql']['shell'] = "/bin/sh"
  125 +default['gitlab']['postgresql']['home'] = "/var/opt/gitlab/postgresql"
  126 +default['gitlab']['postgresql']['user_path'] = "/opt/gitlab/embedded/bin:/opt/gitlab/bin:$PATH"
  127 +default['gitlab']['postgresql']['sql_user'] = "opscode_chef"
  128 +default['gitlab']['postgresql']['sql_password'] = "snakepliskin"
  129 +default['gitlab']['postgresql']['sql_ro_user'] = "opscode_chef_ro"
  130 +default['gitlab']['postgresql']['sql_ro_password'] = "shmunzeltazzen"
  131 +default['gitlab']['postgresql']['vip'] = "127.0.0.1"
  132 +default['gitlab']['postgresql']['port'] = 5432
  133 +default['gitlab']['postgresql']['listen_address'] = 'localhost'
  134 +default['gitlab']['postgresql']['max_connections'] = 200
  135 +default['gitlab']['postgresql']['md5_auth_cidr_addresses'] = [ ]
  136 +default['gitlab']['postgresql']['trust_auth_cidr_addresses'] = [ '127.0.0.1/32', '::1/128' ]
  137 +default['gitlab']['postgresql']['shmmax'] = kernel['machine'] =~ /x86_64/ ? 17179869184 : 4294967295
  138 +default['gitlab']['postgresql']['shmall'] = kernel['machine'] =~ /x86_64/ ? 4194304 : 1048575
142 139
143 # Resolves CHEF-3889 140 # Resolves CHEF-3889
144 -if (node['memory']['total'].to_i / 4) > ((node['chef_server']['postgresql']['shmmax'].to_i / 1024) - 2097152) 141 +if (node['memory']['total'].to_i / 4) > ((node['gitlab']['postgresql']['shmmax'].to_i / 1024) - 2097152)
145 # guard against setting shared_buffers > shmmax on hosts with installed RAM > 64GB 142 # guard against setting shared_buffers > shmmax on hosts with installed RAM > 64GB
146 # use 2GB less than shmmax as the default for these large memory machines 143 # use 2GB less than shmmax as the default for these large memory machines
147 - default['chef_server']['postgresql']['shared_buffers'] = "14336MB" 144 + default['gitlab']['postgresql']['shared_buffers'] = "14336MB"
148 else 145 else
149 - default['chef_server']['postgresql']['shared_buffers'] = "#{(node['memory']['total'].to_i / 4) / (1024)}MB" 146 + default['gitlab']['postgresql']['shared_buffers'] = "#{(node['memory']['total'].to_i / 4) / (1024)}MB"
150 end 147 end
151 148
152 -default['chef_server']['postgresql']['work_mem'] = "8MB"  
153 -default['chef_server']['postgresql']['effective_cache_size'] = "#{(node['memory']['total'].to_i / 2) / (1024)}MB"  
154 -default['chef_server']['postgresql']['checkpoint_segments'] = 10  
155 -default['chef_server']['postgresql']['checkpoint_timeout'] = "5min"  
156 -default['chef_server']['postgresql']['checkpoint_completion_target'] = 0.9  
157 -default['chef_server']['postgresql']['checkpoint_warning'] = "30s" 149 +default['gitlab']['postgresql']['work_mem'] = "8MB"
  150 +default['gitlab']['postgresql']['effective_cache_size'] = "#{(node['memory']['total'].to_i / 2) / (1024)}MB"
  151 +default['gitlab']['postgresql']['checkpoint_segments'] = 10
  152 +default['gitlab']['postgresql']['checkpoint_timeout'] = "5min"
  153 +default['gitlab']['postgresql']['checkpoint_completion_target'] = 0.9
  154 +default['gitlab']['postgresql']['checkpoint_warning'] = "30s"