Commit 0cd14ef6 authored by Kirill Smelkov's avatar Kirill Smelkov

gitlab/gitlab-shell-config.yml: Slapos'ify it

Convert gitlab-shell configuration file to slapos:

    - convert to jinja2,
    - connect gitlab-shell to unicorn & redis unix sockets

NOTE

    - http_settings are left to be default (empty) ones - as that works ok.
    - `auth_file` is still configured to point to wont-be-used sshkeys
      file, as without it gitlab-shell check will fail.
    - support for audit_usernames and git_annex is disabled and
      remains not configurable.

/cc @kazuhiko, @jerome
parent d599096a
...@@ -164,6 +164,13 @@ context-extra = ...@@ -164,6 +164,13 @@ context-extra =
<= etc-template <= etc-template
template= {{ gitlab_shell_config_yml_in }} template= {{ gitlab_shell_config_yml_in }}
rendered= ${gitlab-shell:etc}/config.yml rendered= ${gitlab-shell:etc}/config.yml
context-extra =
import urllib urllib
section gitlab gitlab
section gitlab_shell gitlab-shell
section unicorn unicorn
section service_redis service-redis
raw redis_binprefix {{ redis_binprefix }}
[gitlab.yml] [gitlab.yml]
<= gitlab-etc-template <= gitlab-etc-template
......
...@@ -5,13 +5,15 @@ ...@@ -5,13 +5,15 @@
# (last updated for omnibus-gitlab 8.2.3+ce.0-0-g8eda093) # (last updated for omnibus-gitlab 8.2.3+ce.0-0-g8eda093)
# GitLab user. git by default # GitLab user. git by default
user: <%= @user %> user: {{ backend_info.user }}
# Url to gitlab instance. Used for api calls. Should end with a slash. # Url to gitlab instance. Used for api calls. Should end with a slash.
gitlab_url: "<%= @api_url %>" gitlab_url: "http+unix://{{ urllib.quote_plus(unicorn.socket) }}/"
http_settings: http_settings:
{# we don't need any
<%= @http_settings.to_json if @http_settings %> <%= @http_settings.to_json if @http_settings %>
#}
# user: someone # user: someone
# password: somepass # password: somepass
# ca_file: /etc/ssl/cert.pem # ca_file: /etc/ssl/cert.pem
...@@ -22,36 +24,37 @@ http_settings: ...@@ -22,36 +24,37 @@ http_settings:
# Give the canonicalized absolute pathname, # Give the canonicalized absolute pathname,
# REPOS_PATH MUST NOT CONTAIN ANY SYMLINK!!! # REPOS_PATH MUST NOT CONTAIN ANY SYMLINK!!!
# Check twice that none of the components is a symlink, including "/home". # Check twice that none of the components is a symlink, including "/home".
repos_path: "<%= @repositories_path %>" repos_path: "{{ gitlab.repositories }}"
# File used as authorized_keys for gitlab user # File used as authorized_keys for gitlab user
auth_file: "<%= @authorized_keys %>" # NOTE not used in slapos version (all access via https only)
auth_file: "{{ gitlab.var }}/sshkeys-notused"
# Redis settings used for pushing commit notices to gitlab # Redis settings used for pushing commit notices to gitlab
redis: redis:
bin: /opt/gitlab/embedded/bin/redis-cli bin: {{ redis_binprefix }}/redis-cli
host: <%= @redis_host %> host: {# <%= @redis_host %> #}
port: <%= @redis_port %> port: {# <%= @redis_port %> #}
<% if @redis_socket %> socket: {{ service_redis.unixsocket }}
socket: <%= @redis_socket %> {# we don't use password for redis
<% end %>
<% if @redis_password %> <% if @redis_password %>
pass: <%= @redis_password %> pass: <%= @redis_password %>
<% end %> <% end %>
database: <%= @redis_database %> #}
database: {# <%= @redis_database %> #}
namespace: resque:gitlab namespace: resque:gitlab
# Log file. # Log file.
# Default is gitlab-shell.log in the root directory. # Default is gitlab-shell.log in the root directory.
log_file: "<%= @log_file %>" log_file: "{{ gitlab_shell.log }}/gitlab-shell.log"
# Log level. INFO by default # Log level. INFO by default
log_level: <%= @log_level %> log_level:
# Audit usernames. # Audit usernames.
# Set to true to see real usernames in the logs instead of key ids, which is easier to follow, but # Set to true to see real usernames in the logs instead of key ids, which is easier to follow, but
# incurs an extra API call on every gitlab-shell command. # incurs an extra API call on every gitlab-shell command.
audit_usernames: <%= @audit_usernames %> audit_usernames:
# Enable git-annex support # Enable git-annex support
# git-annex allows managing files with git, without checking the file contents into git # git-annex allows managing files with git, without checking the file contents into git
...@@ -59,4 +62,4 @@ audit_usernames: <%= @audit_usernames %> ...@@ -59,4 +62,4 @@ audit_usernames: <%= @audit_usernames %>
# If enabled, git-annex needs to be installed on the server where gitlab-shell is setup # If enabled, git-annex needs to be installed on the server where gitlab-shell is setup
# For Debian and Ubuntu systems this can be done with: sudo apt-get install git-annex # For Debian and Ubuntu systems this can be done with: sudo apt-get install git-annex
# For CentOS: sudo yum install epel-release && sudo yum install git-annex # For CentOS: sudo yum install epel-release && sudo yum install git-annex
git_annex_enabled: <%= @git_annex_enabled %> git_annex_enabled:
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment