Merge branch 'configure_gitlab_shell' into 'master'

Configure Gitlab Shell

Merge branch 'configure_gitlab_shell' into 'master'
Configure Gitlab Shell
Jacob Vosmaer
2 parents 1d969cd9 1ece0386
Showing 4 changed files with 92 additions and 0 deletions Show diff stats
files/gitlab-cookbooks/gitlab/attributes/default.rb
files/gitlab-cookbooks/gitlab/recipes/default.rb
files/gitlab-cookbooks/gitlab/recipes/gitlab-shell.rb
files/gitlab-cookbooks/gitlab/templates/default/gitlab-shell-config.yml.erb
@@ -22,11 +22,17 @@ default[&#39;gitlab&#39;][&#39;bootstrap&#39;][&#39;enable&#39;] = true
 ####
 # The username for the chef services user
 default['gitlab']['user']['username'] = "git"
+default['gitlab']['user']['group'] = "git"
 # The shell for the chef services user
 default['gitlab']['user']['shell'] = "/bin/sh"
 # The home directory for the chef services user
 default['gitlab']['user']['home'] = "/var/opt/gitlab"
  
+default['gitlab']['gitlab-core']['repositories_path'] = "/var/opt/gitlab/repositories"
+default['gitlab']['gitlab-core']['internal_api_url'] = "http://localhost:8080"
+
+default['gitlab']['gitlab-shell']['log_directory'] = "/var/log/gitlab/gitlab-shell/"
+
  
 ###
 # PostgreSQL
@@ -45,6 +45,7 @@ directory &quot;/var/opt/gitlab&quot; do
 end
  
 include_recipe "gitlab::users"
+include_recipe "gitlab::gitlab-shell"
  
 # Install our runit instance
 include_recipe "runit"
@@ -0,0 +1,44 @@
+git_user = node['gitlab']['user']['username']
+git_group = node['gitlab']['user']['group']
+gitlab_shell_dir = "/opt/gitlab/embedded/service/gitlab-shell"
+repositories_path = node['gitlab']['gitlab-core']['repositories_path']
+ssh_dir = File.join(node['gitlab']['user']['home'], ".ssh")
+log_directory = node['gitlab']['gitlab-shell']['log_directory']
+
+# Create directories because the git_user does not own its home directory
+directory repositories_path do
+  owner git_user
+  group git_group
+end
+
+directory ssh_dir do
+  owner git_user
+  group git_group
+  mode "0700"
+end
+
+directory log_directory do
+  owner git_user
+end
+
+template File.join(gitlab_shell_dir, "config.yml") do
+  source "gitlab-shell-config.yml.erb"
+  owner git_user
+  group git_group
+  variables(
+    :user => git_user,
+    :api_url => node['gitlab']['gitlab-core']['internal_api_url'],
+    :repositories_path => repositories_path,
+    :authorized_keys => File.join(ssh_dir, "authorized_keys"),
+    :redis_port => node['gitlab']['redis']['port'],
+    :log_file => File.join(log_directory, "gitlab-shell.log")
+  )
+  notifies :run, "execute[bin/install]"
+end
+
+execute "bin/install" do
+  cwd gitlab_shell_dir
+  user git_user
+  group git_group
+  action :nothing
+end
@@ -0,0 +1,41 @@
+# GitLab user. git by default
+user: <%= @user %>
+
+# Url to gitlab instance. Used for api calls. Should end with a slash.
+gitlab_url: "<%= @api_url %>"
+
+http_settings:
+#  user: someone
+#  password: somepass
+#  ca_file: /etc/ssl/cert.pem
+#  ca_path: /etc/pki/tls/certs
+  self_signed_cert: false
+
+# Repositories path
+# Give the canonicalized absolute pathname,
+# REPOS_PATH MUST NOT CONTAIN ANY SYMLINK!!!
+# Check twice that none of the components is a symlink, including "/home".
+repos_path: "<%= @repositories_path %>"
+
+# File used as authorized_keys for gitlab user
+auth_file: "<%= @authorized_keys %>"
+
+# Redis settings used for pushing commit notices to gitlab
+redis:
+  bin: /opt/gitlab/embedded/bin/redis-cli
+  host: 127.0.0.1
+  port: <%= @redis_port %>
+  # socket: /tmp/redis.socket # Only define this if you want to use sockets
+  namespace: resque:gitlab
+
+# Log file.
+# Default is gitlab-shell.log in the root directory.
+log_file: "<%= @log_file %>"
+
+# Log level. INFO by default
+log_level: INFO
+
+# Audit usernames.
+# Set to true to see real usernames in the logs instead of key ids, which is easier to follow, but
+# incurs an extra API call on every gitlab-shell command.
+audit_usernames: false
...	...	@@ -22,11 +22,17 @@ default['gitlab']['bootstrap']['enable'] = true
22	22	####
23	23	# The username for the chef services user
24	24	default['gitlab']['user']['username'] = "git"
	25	+default['gitlab']['user']['group'] = "git"
25	26	# The shell for the chef services user
26	27	default['gitlab']['user']['shell'] = "/bin/sh"
27	28	# The home directory for the chef services user
28	29	default['gitlab']['user']['home'] = "/var/opt/gitlab"
29	30
	31	+default['gitlab']['gitlab-core']['repositories_path'] = "/var/opt/gitlab/repositories"
	32	+default['gitlab']['gitlab-core']['internal_api_url'] = "http://localhost:8080"
	33	+
	34	+default['gitlab']['gitlab-shell']['log_directory'] = "/var/log/gitlab/gitlab-shell/"
	35	+
30	36
31	37	###
32	38	# PostgreSQL
...	...
...	...	@@ -45,6 +45,7 @@ directory "/var/opt/gitlab" do
45	45	end
46	46
47	47	include_recipe "gitlab::users"
	48	+include_recipe "gitlab::gitlab-shell"
48	49
49	50	# Install our runit instance
50	51	include_recipe "runit"
...	...
...	...	@@ -0,0 +1,44 @@
	1	+git_user = node['gitlab']['user']['username']
	2	+git_group = node['gitlab']['user']['group']
	3	+gitlab_shell_dir = "/opt/gitlab/embedded/service/gitlab-shell"
	4	+repositories_path = node['gitlab']['gitlab-core']['repositories_path']
	5	+ssh_dir = File.join(node['gitlab']['user']['home'], ".ssh")
	6	+log_directory = node['gitlab']['gitlab-shell']['log_directory']
	7	+
	8	+# Create directories because the git_user does not own its home directory
	9	+directory repositories_path do
	10	+ owner git_user
	11	+ group git_group
	12	+end
	13	+
	14	+directory ssh_dir do
	15	+ owner git_user
	16	+ group git_group
	17	+ mode "0700"
	18	+end
	19	+
	20	+directory log_directory do
	21	+ owner git_user
	22	+end
	23	+
	24	+template File.join(gitlab_shell_dir, "config.yml") do
	25	+ source "gitlab-shell-config.yml.erb"
	26	+ owner git_user
	27	+ group git_group
	28	+ variables(
	29	+ :user => git_user,
	30	+ :api_url => node['gitlab']['gitlab-core']['internal_api_url'],
	31	+ :repositories_path => repositories_path,
	32	+ :authorized_keys => File.join(ssh_dir, "authorized_keys"),
	33	+ :redis_port => node['gitlab']['redis']['port'],
	34	+ :log_file => File.join(log_directory, "gitlab-shell.log")
	35	+ )
	36	+ notifies :run, "execute[bin/install]"
	37	+end
	38	+
	39	+execute "bin/install" do
	40	+ cwd gitlab_shell_dir
	41	+ user git_user
	42	+ group git_group
	43	+ action :nothing
	44	+end
...	...
...	...	@@ -0,0 +1,41 @@
	1	+# GitLab user. git by default
	2	+user: <%= @user %>
	3	+
	4	+# Url to gitlab instance. Used for api calls. Should end with a slash.
	5	+gitlab_url: "<%= @api_url %>"
	6	+
	7	+http_settings:
	8	+# user: someone
	9	+# password: somepass
	10	+# ca_file: /etc/ssl/cert.pem
	11	+# ca_path: /etc/pki/tls/certs
	12	+ self_signed_cert: false
	13	+
	14	+# Repositories path
	15	+# Give the canonicalized absolute pathname,
	16	+# REPOS_PATH MUST NOT CONTAIN ANY SYMLINK!!!
	17	+# Check twice that none of the components is a symlink, including "/home".
	18	+repos_path: "<%= @repositories_path %>"
	19	+
	20	+# File used as authorized_keys for gitlab user
	21	+auth_file: "<%= @authorized_keys %>"
	22	+
	23	+# Redis settings used for pushing commit notices to gitlab
	24	+redis:
	25	+ bin: /opt/gitlab/embedded/bin/redis-cli
	26	+ host: 127.0.0.1
	27	+ port: <%= @redis_port %>
	28	+ # socket: /tmp/redis.socket # Only define this if you want to use sockets
	29	+ namespace: resque:gitlab
	30	+
	31	+# Log file.
	32	+# Default is gitlab-shell.log in the root directory.
	33	+log_file: "<%= @log_file %>"
	34	+
	35	+# Log level. INFO by default
	36	+log_level: INFO
	37	+
	38	+# Audit usernames.
	39	+# Set to true to see real usernames in the logs instead of key ids, which is easier to follow, but
	40	+# incurs an extra API call on every gitlab-shell command.
	41	+audit_usernames: false
...	...