Merge branch '7-2-stable' of gitlab.com:gitlab-org/omnibus-gitlab into 7-2-stable-ee

Jacob Vosmaer
2 parents f0c0fbfd f13da919
Showing 2 changed files with 34 additions and 2 deletions Show diff stats
README.md
files/gitlab-cookbooks/gitlab/templates/default/rack_attack.rb.erb
@@ -214,6 +214,30 @@ git_data_dir &quot;/mnt/nas/git-data&quot;
 Run `sudo gitlab-ctl reconfigure` for the change to take effect.
+If you already have existing Git repositories in `/var/opt/gitlab/git-data` you
+can move them to the new location as follows:
+
+```shell
+# Prevent users from writing to the repositories while you move them.
+sudo gitlab-ctl stop
+
+# Only move 'repositories'; 'gitlab-satellites' will be recreated
+# automatically. Note there is _no_ slash behind 'repositories', but there _is_ a
+# slash behind 'git-data'.
+sudo rsync -av /var/opt/gitlab/git-data/repositories /mnt/nas/git-data/
+
+# Fix permissions if necessary
+sudo gitlab-ctl reconfigure
+
+# Double-check directory layout in /mnt/nas/git-data. Expected output:
+# gitlab-satellites  repositories
+sudo ls /mnt/nas/git-data/
+
+# Done! Start GitLab and verify that you can browse through the repositories in
+# the web interface.
+sudo gitlab-ctl start
+```
+
 ### Changing the name of the Git user / group
 By default, omnibus-gitlab uses the user name `git` for Git gitlab-shell login,
@@ -12,11 +12,19 @@ paths_to_be_protected = [
   "#{Rails.application.config.relative_url_root}/api/#{API::API.version}/session.json",
   "#{Rails.application.config.relative_url_root}/api/#{API::API.version}/session",
   "#{Rails.application.config.relative_url_root}/users",
-  "#{Rails.application.config.relative_url_root}/users/confirmation"
+  "#{Rails.application.config.relative_url_root}/users/confirmation",
+  "#{Rails.application.config.relative_url_root}/unsubscribes/"
+
 ]
+# Create one big regular expression that matches strings starting with any of
+# the paths_to_be_protected.
+paths_regex = Regexp.union(paths_to_be_protected.map { |path| /\A#{Regexp.escape(path)}/ })
+
 unless Rails.env.test?
   Rack::Attack.throttle('protected paths', limit: <%= @rate_limit_requests_per_period %>, period: <%= @rate_limit_period %>.seconds) do |req|
-    req.ip if paths_to_be_protected.include?(req.path) && req.post?
+    if req.post? && req.path =~ paths_regex
+      req.ip
+    end
   end
 end
	@@ -214,6 +214,30 @@ git_data_dir "/mnt/nas/git-data"		@@ -214,6 +214,30 @@ git_data_dir "/mnt/nas/git-data"
214		214
215	Run `sudo gitlab-ctl reconfigure` for the change to take effect.	215	Run `sudo gitlab-ctl reconfigure` for the change to take effect.
216		216
		217	+If you already have existing Git repositories in `/var/opt/gitlab/git-data` you
		218	+can move them to the new location as follows:
		219	+
		220	+```shell
		221	+# Prevent users from writing to the repositories while you move them.
		222	+sudo gitlab-ctl stop
		223	+
		224	+# Only move 'repositories'; 'gitlab-satellites' will be recreated
		225	+# automatically. Note there is _no_ slash behind 'repositories', but there _is_ a
		226	+# slash behind 'git-data'.
		227	+sudo rsync -av /var/opt/gitlab/git-data/repositories /mnt/nas/git-data/
		228	+
		229	+# Fix permissions if necessary
		230	+sudo gitlab-ctl reconfigure
		231	+
		232	+# Double-check directory layout in /mnt/nas/git-data. Expected output:
		233	+# gitlab-satellites repositories
		234	+sudo ls /mnt/nas/git-data/
		235	+
		236	+# Done! Start GitLab and verify that you can browse through the repositories in
		237	+# the web interface.
		238	+sudo gitlab-ctl start
		239	+```
		240	+
217	### Changing the name of the Git user / group	241	### Changing the name of the Git user / group
218		242
219	By default, omnibus-gitlab uses the user name `git` for Git gitlab-shell login,	243	By default, omnibus-gitlab uses the user name `git` for Git gitlab-shell login,