Update Release Candidate

6e7b8e62 · Rafael Monnerat · 77adedc0 · abc0873b · 6e7b8e62 · 6e7b8e62
Commit 6e7b8e62 authored Aug 08, 2016 by Rafael Monnerat
50 changed files
--- a/component/git/buildout.cfg
+++ b/component/git/buildout.cfg
@@ -17,8 +17,8 @@ parts =

 [git]
 recipe = slapos.recipe.cmmi
-url = https://www.kernel.org/pub/software/scm/git/git-2.9.0.tar.xz
-md5sum = 118ef1e3108ef0b858cd13b74395a59c
+url = https://www.kernel.org/pub/software/scm/git/git-2.9.2.tar.xz
+md5sum = dc5eb7ff2ca4641c6038f51ae49cad0f
 configure-options =
  --with-curl=${curl:location}
  --with-openssl=${openssl:location}

--- a/component/postgresql/buildout.cfg
+++ b/component/postgresql/buildout.cfg
@@ -27,11 +27,13 @@ configure-options =
  --without-ossp-uuid
  --without-libxml
  --without-libxslt
+# build core PostgreSQL + pg_trgm contrib extension for GitLab
+make-targets = install && make -C contrib/pg_trgm/ install
 environment =
  CPPFLAGS=-I${zlib:location}/include -I${readline:location}/include -I${openssl:location}/include -I${ncurses:location}/lib
  LDFLAGS=-L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib -L${readline:location}/lib -Wl,-rpath=${readline:location}/lib -L${openssl:location}/lib -Wl,-rpath=${openssl:location}/lib -L${ncurses:location}/lib -Wl,-rpath=${ncurses:location}/lib -L${perl:location}/libs-c -Wl,-rpath=${perl:location}/libs-c

 [postgresql92]
 <= postgresql-common
-url = http://ftp.postgresql.org/pub/source/v9.2.16/postgresql-9.2.16.tar.bz2
-md5sum = a6ced0ccd4ce3279acfef9bac16a95ee
+url = http://ftp.postgresql.org/pub/source/v9.2.17/postgresql-9.2.17.tar.bz2
+md5sum = a75d4a82eae1edda04eda2e60656e74c
--- a/software/cloudooo/software.cfg.json
+++ b/software/cloudooo/software.cfg.json
+{
+    "name": "cloudooo",
+    "description": "Clusterised cloudooo",
+    "serialisation": "xml",
+    "software-type": {
+        "default": {
+            "title": "Default",
+            "description": "Cloudooo",
+            "request": "instance-cloudooo-input-schema.json",
+            "response": "instance-cloudooo-output-schema.json",
+            "index": 0
+        }
+    }
+}
--- a/software/erp5testnode/instance-default.cfg
+++ b/software/erp5testnode/instance-default.cfg
 [buildout]

+
 eggs-directory = ${buildout:eggs-directory}
 develop-eggs-directory = ${buildout:develop-eggs-directory}
 offline = true

+extends = ${monitor2-template:rendered}
+
 parts =
-  connection-dict
  testnode
  shell
  shellinabox
  certificate-authority
  ca-shellinabox
  ca-httpd
-
-[connection-dict]
+  monitor-base
+  monitor-publish
+  
+[monitor-publish]
 recipe = slapos.cookbook:publish
 url = http://[$${shellinabox:ipv6}]:$${shellinabox:port}/
 password = $${pwgen:passwd}

--- a/software/erp5testnode/instance-erp5testnode-input-schema.json
+++ b/software/erp5testnode/instance-erp5testnode-input-schema.json
+{
+  "type": "object",
+  "$schema": "http://json-schema.org/draft-04/schema",
+
+  "title": "Input Parameters",
+  "properties": {
+    "test-node-title": {
+      "title": "Test Node Title",
+      "description": "Name for the Test Node which will be used at ERP5.",
+      "type": "string"
+    },
+    "node-quantity": {
+      "title": "Quantity of Parallel runs",
+      "description": "QUantity of Parallel tests will be executed on this Node.",
+      "type": "integer"
+    },
+    "test-suite-master-url": {
+      "title": "Task Distribution URL",
+      "description": "Url for the task distributor master on portal_task_distribution",
+      "type": "string"
+    }
+  }
+}
--- a/software/erp5testnode/instance-output-schema.json
+++ b/software/erp5testnode/instance-output-schema.json
+{
+  "$schema": "http://json-schema.org/draft-04/schema#",
+  "description": "Values returned by Apache Frontend instanciation",
+  "properties": {
+    "password": {
+      "description": "Password to access shellinabox.",
+      "type": "string"
+    },
+    "url": {  
+      "description": "IPv6 URL to access the shell in a box.",
+      "type": "string"
+    }
+  },
+  "type": "object"
+}
--- a/software/erp5testnode/software.cfg
+++ b/software/erp5testnode/software.cfg
@@ -8,6 +8,7 @@ extends =
  ../../component/shellinabox/buildout.cfg
  ../../component/pwgen/buildout.cfg
  ../../component/apache/buildout.cfg
+  ../../stack/monitor/buildout.cfg

 parts =
  slapos-cookbook
@@ -55,9 +56,9 @@ recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/instance-default.cfg
 output = ${buildout:directory}/template-default.cfg
 mode = 0644
-md5sum = 43ca4026ee1aba5d20bb9e1b69d2f114 
+md5sum = 621c84f7adcba394686acbaf44cc1d7d

 [versions]
 PyXML = 0.8.5
-erp5.util = 0.4.44
+erp5.util = 0.4.45
 slapos.recipe.template = 2.7
--- a/software/erp5testnode/software.cfg.json
+++ b/software/erp5testnode/software.cfg.json
+{
+	"name": "ERP5 Test Node",
+	"description": "ERP5 Test Node Runner",
+	"serialisation": "xml",
+	"software-type": {
+		"default": {
+			"title": "Default",
+      "description": "Default setup for ERP5TestNode Instance.",
+			"request": "instance-erp5testnode-input-schema.json",
+			"response": "instance-output-schema.json"
+		}
+	}
+}
--- a/software/gitlab/gitlab-parameters.cfg
+++ b/software/gitlab/gitlab-parameters.cfg
@@ -6,7 +6,7 @@
 #
 # TODO better autogenerate from ^^^ (?)
 #
-# (last updated for omnibus-gitlab 8.5.1+ce.0-1-ge732b39)
+# (last updated for omnibus-gitlab 8.7.9+ce.1-0-gf589ad7)

 [gitlab-parameters]
 configuration.external_url              = http://lab.example.com
@@ -101,3 +101,8 @@ configuration.nginx_gzip_comp_level     = 2
 configuration.nginx_gzip_proxied        = any
 configuration.nginx_gzip_types          = text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript application/json
 configuration.nginx_keepalive_timeout   = 65
+
+# TODO allow configuring trusted proxies
+# configuration.nginx_real_ip_trusted_addresses
+# configuration.nginx_real_ip_header
+# configuration.nginx_real_ip_recursive
--- a/software/gitlab/gitlab-unicorn-startup.in
+++ b/software/gitlab/gitlab-unicorn-startup.in
@@ -9,6 +9,15 @@ die() {
    exit 1
 }

+# run psql on gitlab db
+psql() {
+    {{ psql_bin }}  \
+        -h {{ pgsql['pgdata-directory'] }}  \
+        -U {{ pgsql.superuser }}            \
+        -d {{ pgsql.dbname }}               \
+        "$@"
+}
+
 # 1. what to do when instance is initially setup
 # see
 #   https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/recipes/database_migrations.rb
@@ -18,12 +27,7 @@ die() {
 # ( first quering PG several times waiting a bit till postgresql is started and ready )
 tpgwait=5
 while true; do
-    pgtables="$({{ psql_bin }}   \
-        -h {{ pgsql['pgdata-directory'] }}  \
-        -U {{ pgsql.superuser }}            \
-        -d {{ pgsql.dbname }}               \
-        -c '\d')" && break
-
+    pgtables="$(psql -c '\d')" && break
    tpgwait=$(( $tpgwait - 1 ))
    test $tpgwait = 0 && die "pg query problem"
    echo "I: PostgreSQL is not ready (yet ?); will retry $tpgwait times..." 1>&2
@@ -31,6 +35,9 @@ while true; do
 done
 echo "I: PostgreSQL ready." 1>&2

+# make sure pg_trgm extension is enabled for gitlab db
+psql -c 'CREATE EXTENSION IF NOT EXISTS pg_trgm;'   || die "pg_trgm setup failed"
+
 if echo "$pgtables" | grep -q '^No relations found' ; then
    $RAKE db:schema:load db:seed_fu  || die "initial db setup failed"
 fi

--- a/software/gitlab/instance-gitlab.cfg.in
+++ b/software/gitlab/instance-gitlab.cfg.in
@@ -197,10 +197,6 @@ rendered= ${gitlab:etc}/${:_buildout_section_name_}
 rendered= ${nginx:etc}/${:_buildout_section_name_}


-[config.ru]
-<= gitlab-etc-template
-template = {{ config_ru_in }}
-
 [database.yml]
 <= gitlab-etc-template
 template= {{ database_yml_in }}
@@ -366,12 +362,10 @@ update-command =
 <= work-base
 software = {{ gitlab_repository_location }}
 tune-command =
-# secret* config.ru tmp/ log/ shared/ builds/
+# secret* tmp/ log/ shared/ builds/
    rm -f .secret  &&
-    rm -f config.ru  &&
    rm -rf log tmp shared builds  &&
    ln -sf ${secrets:secrets}/gitlab_rails_secret .secret  &&
-    ln -sf ${config.ru:rendered} config.ru  &&
    ln -sf ${gitlab:log} log  &&
    ln -sf ${gitlab:tmp} tmp  &&
    ln -sf ${gitlab:shared} shared  &&
@@ -633,7 +627,7 @@ log     = ${sidekiq-dir:log}
 # NOTE see queue list here:
 # https://gitlab.com/gitlab-org/gitlab-ce/blob/master/Procfile
 # https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/sv-sidekiq-run.erb
-# (last updated for omnibus-gitlab 8.5.1+ce.0-1-ge732b39)
+# (last updated for omnibus-gitlab 8.7.9+ce.1-0-gf589ad7)
 [service-sidekiq]
 recipe  = slapos.cookbook:wrapper
 wrapper-path    = ${directory:service}/sidekiq

--- a/software/gitlab/instance.cfg.in
+++ b/software/gitlab/instance.cfg.in
@@ -51,7 +51,6 @@ context =
    raw watcher_sigkill             ${watcher-sigkill:rendered}

 # config files
-    raw config_ru_in                ${config.ru.in:target}
    raw database_yml_in             ${database.yml.in:target}
    raw gitconfig_in                ${gitconfig.in:target}
    raw gitlab_parameters_cfg       ${gitlab-parameters.cfg:target}

--- a/software/gitlab/software.cfg
+++ b/software/gitlab/software.cfg
@@ -23,7 +23,7 @@ extends =

 parts =
    ruby2.1
-    golang15
+    golang16
    git
    postgresql92
    redis28
@@ -113,26 +113,26 @@ git-executable = ${git:location}/bin/git
 <= git-repository
 #repository = https://gitlab.com/gitlab-org/gitlab-ce.git
 repository = https://lab.nexedi.com/nexedi/gitlab-ce.git
-# 8.5.X + NXD patches:
-revision = v8.5.3-15-g827d39147af496bcd4696c845e9094a07b5a09d3
+# 8.7.X + NXD patches:
+revision = v8.7.9-10-g7728df66b90483dac467df95948a532783e782c8
 location = ${buildout:parts-directory}/gitlab

 [gitlab-shell-repository]
 <= git-repository
 #repository = https://gitlab.com/gitlab-org/gitlab-shell.git
 repository = https://lab.nexedi.com/nexedi/gitlab-shell.git
-# gitlab 8.5 wants gitlab-shell 2.6.10
-# 2.6.10 + no-hooks.old patch
-revision = v2.6.10-13-gcb8f331c955aa780efe10263d0d45b332f030f42
+# gitlab 8.7 wants gitlab-shell 2.7.2
+# 2.7.2 + NXD patches
+revision = v2.6.10-50-gfbca95be784816349abc5930324659151eca50d1
 location = ${buildout:parts-directory}/gitlab-shell

 [gitlab-workhorse-repository]
 <= git-repository
 #repository = https://gitlab.com/gitlab-org/gitlab-workhorse.git
 repository = https://lab.nexedi.com/nexedi/gitlab-workhorse.git
-# 0.6.4 + NXD patches for blob download speedup
-# (https://gitlab.com/gitlab-org/gitlab-workhorse/merge_requests/17)
-revision = v0.6.4-3-g32ec77c4db3556dc66e8c863326325f8ec970849
+# gitlab 8.7 wants gitlab-workhorse 0.7.1
+# 0.7.1 + NXD patches
+revision = v0.7.1-5-gd23a3247829fc3200e3dc784dcd57b5a0febac48
 location = ${buildout:parts-directory}/gitlab-workhorse


@@ -175,7 +175,7 @@ configure-command = :
 make-targets= ${:_buildout_section_name_}

 environment =
-  PATH=${golang15:location}/bin:%(PATH)s
+  PATH=${golang16:location}/bin:%(PATH)s


 ###############################
@@ -194,7 +194,7 @@ eggs    =
 recipe  = slapos.recipe.template
 url     = ${:_profile_base_location_}/instance.cfg.in
 output  = ${buildout:directory}/instance.cfg
-md5sum  = e5e7ddede71265987bb0c534b009aa45
+md5sum  = ef85f02c4f6070c586d773b859a2f4e2

 [watcher-sigkill]
 recipe  = slapos.recipe.template:jinja2
@@ -222,37 +222,33 @@ destination = ${buildout:directory}/${:_buildout_section_name_}
 url     = ${:_profile_base_location_}/template/${:_buildout_section_name_}


-[config.ru.in]
-<= download-template
-md5sum  = 91737a2067be80f3ae48157e5a0738b4
-
 [database.yml.in]
 <= download-template
-md5sum  = 76d8f20532d63282ecd3617a3937fcf1
+md5sum  = 61d1d04b9347b3168a1ad7676e4681ef

 [gitconfig.in]
 <= download-template
-md5sum  = d8b3611386c4982605edd9a31832ee28
+md5sum  = eb1230fee50067924ba89f4dc6e82fa9

 [gitlab-parameters.cfg]
 <= download-file
-md5sum  = b04b72949f0b9b5da96870ffbf8c1ff4
+md5sum  = 3edd435a984b51b94539ea1d4f1b3994

 [gitlab-shell-config.yml.in]
 <= download-template
-md5sum  = 9c62aa1bf7396f207a528e39973aa135
+md5sum  = 58c09b1e609f903e483a76fe9e57366c

 [gitlab-unicorn-startup.in]
 <= download-file
-md5sum  = 14c5632182d830c03f7788c85d6f4da1
+md5sum  = a9cb347f60aad3465932fd36cd4fe25d

 [gitlab.yml.in]
 <= download-template
-md5sum  = 8f1c52ed223ee2c2d07c6c79bcd2f6c0
+md5sum  = 735a78d0733fd6617d3b5f3d91bfae8c

 [instance-gitlab.cfg.in]
 <= download-file
-md5sum  = d3158d58e7fea9a656a8ef6e238a919b
+md5sum  = ba83f01fd7a313b984766c50d6e48e54

 [macrolib.cfg.in]
 <= download-file
@@ -260,27 +256,27 @@ md5sum  = a56a44e96f65f5ed20211bb6a54279f4

 [nginx-gitlab-http.conf.in]
 <= download-template
-md5sum  = be7ddd26b0b0196fde8d699e50e84b2f
+md5sum  = a11b50d2ff2b1fa842ba4aa20041e2fe

 [nginx.conf.in]
 <= download-template
-md5sum  = 71b4221cd91e0e1e20a72b97991f2665
+md5sum  = 7da68dba86fff79eb93c27aa1aaf1055

 [rack_attack.rb.in]
 <= download-template
-md5sum  = 2cf56b210a906cee80f86cde7112f468
+md5sum  = bc1a7c1e83b7329d97bff6724f2bec3e

 [resque.yml.in]
 <= download-template
-md5sum  = 1fa21655a845602f68a901f23a1da89a
+md5sum  = 7c89a730889e3224548d9abe51a2d719

 [smtp_settings.rb.in]
 <= download-template
-md5sum  = 07b640122b8c4840e853360f2479d0ac
+md5sum  = d66a424516ffacea34303e2f512a7d94

 [unicorn.rb.in]
 <= download-template
-md5sum  = 4f7c14147fd60b4cc9aefe7f64524abe
+md5sum  = 83921db1835d9e81cbbe808631cc40a9


 [versions]

--- a/software/gitlab/template/config.ru.in
+++ b/software/gitlab/template/config.ru.in
-{{ autogenerated }}
-# see:
-# https://gitlab.com/gitlab-org/gitlab-ce/blob/master/config.ru
-# https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/gitlab-rails-config.ru.erb
-# (last updated for omnibus-gitlab 8.5.1+ce.0-1-ge732b39)
-
-# This file is used by Rack-based servers to start the application.
-
-{% from 'macrolib.cfg.in' import cfg  with context %}
-
-if defined?(Unicorn)
-  require 'unicorn'
-
-  if ENV['RAILS_ENV'] == 'production' || ENV['RAILS_ENV'] == 'staging'
-    # Unicorn self-process killer
-    require 'unicorn/worker_killer'
-
-    # Max memory size (RSS) per worker
-    use Unicorn::WorkerKiller::Oom, ({{ cfg('unicorn_worker_memory_limit_min') }}), ({{ cfg('unicorn_worker_memory_limit_max') }})
-  end
-end
-
-require ::File.expand_path('../config/environment',  __FILE__)
-
-map ENV['RAILS_RELATIVE_URL_ROOT'] || "/" do
-  run Gitlab::Application
-end
--- a/software/gitlab/template/database.yml.in
+++ b/software/gitlab/template/database.yml.in
@@ -2,7 +2,7 @@
 # see:
 # https://gitlab.com/gitlab-org/gitlab-ce/blob/master/config/database.yml.postgresql
 # https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/database.yml.erb
-# (last updated for 8.5.1+ce.0-1-ge732b39)
+# (last updated for 8.7.9+ce.1-0-gf589ad7)

 {% from 'macrolib.cfg.in' import cfg  with context %}

@@ -23,5 +23,6 @@ production:
  socket:
  {# not needed for unix socket
  sslmode: <%= single_quote(@db_sslmode) %>
-  sslrootcert: <%= single_quote(@db_sslrootcert) %>
+  sslrootcert: <%= single_quote(@db_sslrootcert) || single_quote(@db_sslca) %>
+  sslca: <%= single_quote(@db_sslca) || single_quote(@db_sslrootcert) %>
  #}
--- a/software/gitlab/template/gitconfig.in
+++ b/software/gitlab/template/gitconfig.in
@@ -3,7 +3,7 @@
 # see:
 # https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/attributes/default.rb
 # https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/gitconfig.erb
-# (last updated for omnibus-gitlab 8.5.1+ce.0-1-ge732b39)
+# (last updated for omnibus-gitlab 8.7.9+ce.1-0-gf589ad7)
 #
 {% from 'macrolib.cfg.in' import cfg  with context %}

@@ -22,3 +22,5 @@
        email = {{ cfg('email_from') }}
 [core]
        autocrlf = input
+[gc]
+        auto = 0
--- a/software/gitlab/template/gitlab-shell-config.yml.in
+++ b/software/gitlab/template/gitlab-shell-config.yml.in
@@ -2,7 +2,7 @@
 # see:
 # https://gitlab.com/gitlab-org/gitlab-shell/blob/master/config.yml.example
 # https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/gitlab-shell-config.yml.erb
-# (last updated for omnibus-gitlab 8.5.1+ce.0-1-ge732b39)
+# (last updated for omnibus-gitlab 8.7.9+ce.1-0-gf589ad7)

 # GitLab user. git by default
 user: {{ backend_info.user }}

--- a/software/gitlab/template/gitlab.yml.in
+++ b/software/gitlab/template/gitlab.yml.in
@@ -2,7 +2,7 @@
 # see:
 # https://gitlab.com/gitlab-org/gitlab-ce/blob/master/config/gitlab.yml.example
 # https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/gitlab.yml.erb
-# (last updated for omnibus-gitlab 8.5.1+ce.0-1-ge732b39)
+# (last updated for omnibus-gitlab 8.7.9+ce.1-0-gf589ad7)

 {% from 'macrolib.cfg.in' import cfg, cfg_https, external_url  with context %}

@@ -32,6 +32,16 @@ production: &base
    relative_url_root: <%= @gitlab_relative_url %>
    #}

+    # Trusted Proxies
+    # Customize if you have GitLab behind a reverse proxy which is running on a different machine.
+    # Add the IP address for your reverse proxy to the list, otherwise users will appear signed in from that address.
+    trusted_proxies:
+    {# TODO support configuring trusted proxies
+<% @trusted_proxies.each do |proxy| %>
+      - <%= proxy %>
+<% end %>
+    #}
+
    # Uncomment and customize if you can't use the default user to run GitLab (default: 'git')
    user: {{ backend_info.user }}

@@ -96,7 +106,7 @@ production: &base
    enabled: <%= @incoming_email_enabled %>

    # The email address including the `%{key}` placeholder that will be replaced to reference the item being replied to.
-    # The `%{key}` placeholder is added after the user part, after a `+` character, before the `@`.
+    # The placeholder can be omitted but if present, it must appear in the "user" part of the address (before the `@`).
    address: <%= single_quote(@incoming_email_address) %>

    # Email account username
@@ -124,7 +134,7 @@ production: &base
  artifacts:
    enabled: <%= @artifacts_enabled %>
    # The location where Build Artifacts are stored (default: shared/artifacts).
-    storage_path: <%= @artifacts_path %>
+    path: <%= @artifacts_path %>
  #}

  {# we do not support LFS
@@ -167,7 +177,7 @@ production: &base
    #}


-  {# XXX cron jobs are disabled for now - we do not support CI and EE features
+  {# XXX cron jobs are disabled for now - we do not support CI and EE features or we are ok with defaults
  ## Auxiliary jobs
  # Periodically executed jobs, to self-heal GitLab, do external synchronizations, etc.
  # Please read here for more information: https://github.com/ondrejbartas/sidekiq-cron#adding-cron-job
@@ -176,6 +186,10 @@ production: &base
    stuck_ci_builds_worker:
      cron: <%= @stuck_ci_builds_worker_cron %>

+    # Remove outdated repository archives
+    repository_archive_cache_worker:
+      cron: <%= @repository_archive_cache_worker_cron %>
+
    ##
    # GitLab EE only jobs:

@@ -187,11 +201,20 @@ production: &base
    update_all_mirrors_worker:
      cron: <%= @update_all_mirrors_worker_cron %>

+    # Update remote mirrors
+    update_all_remote_mirrors_worker:
+      cron: <%= @update_all_remote_mirrors_worker_cron %>
+
    # In addition to refreshing users when they log in,
    # periodically refresh LDAP users membership.
    # NOTE: This will only take effect if LDAP is enabled
    ldap_sync_worker:
      cron: <%= @ldap_sync_worker_cron %>
+
+    # Gitlab Geo nodes notification worker
+    # NOTE: This will only take effect if Geo is enabled
+    geo_bulk_notify_worker:
+      cron: <%= @geo_bulk_notify_worker_cron %>
  #}

  #
@@ -223,6 +246,7 @@ production: &base
    enabled: false
    {# just disabled
    enabled: <%= @ldap_enabled %>
+    sync_time: <%= @ldap_sync_time %>
  <% if @ldap_servers.any? %>
    servers:
    <% @ldap_servers.each do |provider_id, settings| %>
@@ -302,6 +326,12 @@ production: &base
    # (default: false)
    auto_link_saml_user: <%= @omniauth_auto_link_saml_user.to_json %>

+    # Set different Omniauth providers as external so that all users creating accounts
+    # via these providers will not be able to have access to internal projects. You
+    # will need to use the full name of the provider, like `google_oauth2` for Google.
+    # Refer to the examples below for the full names of the supported providers.
+    # (default: [])
+    external_providers: <%= @omniauth_external_providers.to_json %>

    ## Auth providers
    # Uncomment the following lines and fill in the data of the auth provider you want to use

--- a/software/gitlab/template/nginx-gitlab-http.conf.in
+++ b/software/gitlab/template/nginx-gitlab-http.conf.in
 {{ autogenerated }}
 # see:
 # https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/nginx-gitlab-http.conf.erb
-# (last updated for omnibus-gitlab 8.5.1+ce.0-1-ge732b39)
+# (last updated for omnibus-gitlab 8.7.9+ce.1-0-gf589ad7)

 {% from 'macrolib.cfg.in' import cfg, cfg_bool, cfg_https, fqdn  with context %}

@@ -66,7 +66,6 @@ server {

  server_name {{ fqdn }};
  server_tokens off; ## Don't show the nginx version number, a security best practice
-  root {{ gitlab_work.location }}/public;

  ## Increase this if you want to upload large attachments
  ## Or if you want to accept large git objects over http
@@ -100,6 +99,20 @@ server {
  #}
  {% endif %}

+  ## Real IP Module Config
+  ## http://nginx.org/en/docs/http/ngx_http_realip_module.html
+  {# TODO support trusted proxies & realip
+  <% if @real_ip_header %>
+  real_ip_header <%= @real_ip_header %>;
+  <% end %>
+  <% if @real_ip_recursive %>
+  real_ip_recursive <%= @real_ip_recursive %>;
+  <% end %>
+  <% @real_ip_trusted_addresses.each do |trusted_address| %>
+  set_real_ip_from <%= trusted_address %>;
+  <% end %>
+  #}
+
  ## Individual nginx logs for this GitLab vhost
  access_log  {{ nginx.log }}/gitlab_access.log gitlab_access;
  error_log   {{ nginx.log }}/gitlab_error.log;
@@ -135,6 +148,15 @@ server {
    proxy_pass http://gitlab-workhorse;
  }

+  error_page 404 /404.html;
+  error_page 422 /422.html;
+  error_page 500 /500.html;
+  error_page 502 /502.html;
+  location ~ ^/(404|422|500|502)\.html$ {
+    root {{ gitlab_work.location }}/public;
+    internal;
+  }
+
  {# we don't support custom nginx configs
  <%= @custom_gitlab_server_config %>
  #}

--- a/software/gitlab/template/nginx.conf.in
+++ b/software/gitlab/template/nginx.conf.in
@@ -2,7 +2,7 @@
 # see:
 # https://gitlab.com/gitlab-org/gitlab-ce/blob/master/lib/support/nginx/gitlab-ssl
 # https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/nginx.conf.erb
-# (last updated for omnibus-gitlab 8.5.1+ce.0-1-ge732b39)
+# (last updated for omnibus-gitlab 8.7.9+ce.1-0-gf589ad7)

 {% from 'macrolib.cfg.in' import cfg  with context %}

@@ -41,6 +41,13 @@ http {

  include {{ nginx_mime_types }};

+  {# we do not do nginx caching:
+     - gitlab-workhorse serves raw blobs fast
+     - we have caches on frontend nodes
+  proxy_cache_path <%= @proxy_cache_path %>;
+  proxy_cache <%= @proxy_cache %>;
+  #}
+
  include {{ nginx_gitlab_http_conf }};

  {# we don't need: ci, pages, mattermost

--- a/software/gitlab/template/rack_attack.rb.in
+++ b/software/gitlab/template/rack_attack.rb.in
@@ -2,7 +2,7 @@
 # see:
 # https://gitlab.com/gitlab-org/gitlab-ce/blob/master/config/initializers/rack_attack.rb.example
 # https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/rack_attack.rb.erb
-# (last updated for omnibus-gitlab 8.5.1+ce.0-1-ge732b39)
+# (last updated for omnibus-gitlab 8.7.9+ce.1-0-gf589ad7)

 {% from 'macrolib.cfg.in' import cfg  with context %}


--- a/software/gitlab/template/resque.yml.in
+++ b/software/gitlab/template/resque.yml.in
@@ -2,6 +2,6 @@
 # see:
 # https://gitlab.com/gitlab-org/gitlab-ce/blob/master/config/resque.yml.example
 # https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/resque.yml.erb
-# (last udpdated for omnibus-gitlab 8.5.1+ce.0-1-ge732b39)
+# (last udpdated for omnibus-gitlab 8.7.9+ce.1-0-gf589ad7)

 production: unix://{{ redis.unixsocket }}
--- a/software/gitlab/template/smtp_settings.rb.in
+++ b/software/gitlab/template/smtp_settings.rb.in
@@ -2,7 +2,7 @@
 # see:
 # https://gitlab.com/gitlab-org/gitlab-ce/blob/master/config/initializers/smtp_settings.rb.sample
 # https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/smtp_settings.rb.erb
-# (last updated for omnibus-gitlab 8.5.1+ce.0-1-ge732b39)
+# (last updated for omnibus-gitlab 8.7.9+ce.1-0-gf589ad7)

 {% from 'macrolib.cfg.in' import cfg, cfg_bool  with context %}

@@ -18,6 +18,7 @@ if Rails.env.production?
    domain:                 "{{ cfg('smtp_domain') }}",
    authentication:         :{{ cfg('smtp_authentication') }},
    enable_starttls_auto:   {{ cfg('smtp_enable_starttls_auto') }},
+    # ssl:
    openssl_verify_mode:    '{{ cfg("smtp_openssl_verify_mode") }}'
    # ca_path:
    # ca_file:

--- a/software/gitlab/template/unicorn.rb.in
+++ b/software/gitlab/template/unicorn.rb.in
@@ -3,7 +3,7 @@
 # https://gitlab.com/gitlab-org/gitlab-ce/blob/master/config/unicorn.rb.example
 # https://gitlab.com/gitlab-org/gitlab-ce/blob/master/config/unicorn.rb.example.development
 # https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/unicorn.rb.erb
-# (last updated for omnibus-gitlab 8.5.1+ce.0-1-ge732b39)
+# (last updated for omnibus-gitlab 8.7.9+ce.1-0-gf589ad7)

 {% from 'macrolib.cfg.in' import cfg  with context %}

@@ -79,3 +79,9 @@ ENV['RAILS_RELATIVE_URL_ROOT'] = "<%= @relative_url %>"

 <%- end %>
 #}
+
+# Min memory size (RSS) per worker
+ENV['GITLAB_UNICORN_MEMORY_MIN'] = ({{ cfg('unicorn_worker_memory_limit_min') }}).to_s
+
+# Max memory size (RSS) per worker
+ENV['GITLAB_UNICORN_MEMORY_MAX'] = ({{ cfg('unicorn_worker_memory_limit_max') }}).to_s
--- a/software/kvm/common.cfg
+++ b/software/kvm/common.cfg
@@ -155,7 +155,7 @@ recipe = hexagonit.recipe.download
 ignore-existing = true
 url = ${:_profile_base_location_}/instance-kvm-export.cfg.jinja2
 mode = 644
-md5sum = ff281bf8a8905632b32254622db105b7
+md5sum = 4c71fbd0f27616d945df9669c57d302e
 download-only = true
 on-update = true


--- a/software/kvm/instance-kvm-export.cfg.jinja2
+++ b/software/kvm/instance-kvm-export.cfg.jinja2
@@ -23,14 +23,6 @@ parts +=
 {% if monitor -%}
 # monitor parts
  monitor-base
-  cron-entry-logrotate
-  certificate-authority
-  monitor-conf
-  start-monitor
-  ca-httpd
-  monitor-httpd-promise
-  monitor-httpd-promise-conf
-  monitor-status2rss-cron-entry
 {% endif %}

 # Create the exporter executable, which is a simple shell script

--- a/software/kvm/instance-kvm-input-schema.json
+++ b/software/kvm/instance-kvm-input-schema.json
@@ -198,7 +198,8 @@
    "bootstrap-script-url": {
      "title": "VM bootstrap script URL.",
      "description": "If dedicaced disk image is used, this script will be downloaded and run at first boot of the virtual machine. Set md5sum to URL like: http://example.com/file#MD5SUM. Get file in vm at http://10.0.2.100/vm-bootstrap.",
-      "type": "uri"
+      "type": "string",
+      "format": "uri"
    },
    "data-to-vm": {
      "title": "Text content to send to this virtual machine.",

--- a/software/slapos-testing/instance.cfg
+++ b/software/slapos-testing/instance.cfg
@@ -56,6 +56,10 @@ repository = ${slapos.recipe.build-repository:location}
 <= download-source
 repository = ${slapos.recipe.cmmi-repository:location}

+[slapos.toolbox]
+<= download-source
+repository = ${slapos.toolbox-repository:location}
+
 [erp5-util]
 <= download-source
 repository = ${erp5-util-repository:location}
@@ -78,6 +82,7 @@ test-list =
  $${slapos.recipe.template:location}
  $${slapos.recipe.build:location}
  $${slapos.recipe.cmmi:location}
+  $${slapos.toolbox:location}
  $${erp5-util:location}
 prepend-path = ${git:location}/bin:${libxslt:location}/bin:${python2.7:location}/bin
 environment = environment
@@ -86,7 +91,7 @@ environment = environment
 CPPFLAGS = -I${python2.7:location}/include/python2.7 -I${libxml2:location}/include -I${libxslt:location}/include
 LDFLAGS = -L${python2.7:location}/lib -L${libxml2:location}/lib -L${libxslt:location}/lib -L${libxslt:location}/lib -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${python2.7:location}/lib -Wl,-rpath=${libxml2:location}/lib -Wl,-rpath=${libxslt:location}/lib -Wl,-rpath=${zlib:location}/lib
 LD_LIBRARY_PATH = ${python2.7:location}/lib:${libxml2:location}/lib:${libxslt:location}/lib:${libxslt:location}/lib:${zlib:location}/lib
-PYTHONPATH = ${python-setuptools:pythonpath}:${buildout:eggs-directory}
+PYTHONPATH = ${python-setuptools:pythonpath}:${buildout:eggs-directory}:${buildout:develop-eggs-directory}
 LOCAL_IPV4 = $${slap-configuration:ipv4-random}