Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
slapos
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Léo-Paul Géneau
slapos
Commits
a1bfe616
Commit
a1bfe616
authored
Jan 09, 2024
by
Alain Takoudjou
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
software/gitlab: upgrade to version 12.10.14
parent
39477860
Changes
14
Hide whitespace changes
Inline
Side-by-side
Showing
14 changed files
with
182 additions
and
108 deletions
+182
-108
software/gitlab/buildout.hash.cfg
software/gitlab/buildout.hash.cfg
+11
-11
software/gitlab/gitlab-unicorn-startup.in
software/gitlab/gitlab-unicorn-startup.in
+6
-6
software/gitlab/gowork.cfg
software/gitlab/gowork.cfg
+2
-2
software/gitlab/instance-gitlab-export.cfg.in
software/gitlab/instance-gitlab-export.cfg.in
+2
-0
software/gitlab/instance-gitlab.cfg.in
software/gitlab/instance-gitlab.cfg.in
+14
-4
software/gitlab/instance.cfg.in
software/gitlab/instance.cfg.in
+2
-2
software/gitlab/macrolib.cfg.in
software/gitlab/macrolib.cfg.in
+0
-1
software/gitlab/software.cfg
software/gitlab/software.cfg
+62
-49
software/gitlab/template/gitaly-config.toml.in
software/gitlab/template/gitaly-config.toml.in
+48
-4
software/gitlab/template/gitlab-shell-config.yml.in
software/gitlab/template/gitlab-shell-config.yml.in
+2
-2
software/gitlab/template/gitlab.yml.in
software/gitlab/template/gitlab.yml.in
+11
-1
software/gitlab/template/nginx-gitlab-http.conf.in
software/gitlab/template/nginx-gitlab-http.conf.in
+3
-4
software/gitlab/template/template-gitlab-resiliency-restore.sh.in
.../gitlab/template/template-gitlab-resiliency-restore.sh.in
+7
-0
software/gitlab/template/unicorn.rb.in
software/gitlab/template/unicorn.rb.in
+12
-22
No files found.
software/gitlab/buildout.hash.cfg
View file @
a1bfe616
...
...
@@ -14,7 +14,7 @@
# not need these here).
[instance.cfg]
filename = instance.cfg.in
md5sum =
7fa9436be9a31bf4ee172951df2d9df
4
md5sum =
ea1d4fb7b2330ae9d94df07f74b934b
4
[watcher]
_update_hash_filename_ = watcher.in
...
...
@@ -38,35 +38,35 @@ md5sum = c2e23c0f7baa1633df0436ca4e728424
[gitlab-shell-config.yml.in]
_update_hash_filename_ = template/gitlab-shell-config.yml.in
md5sum =
52d18b521b8cd16352fc88b1e1d79d53
md5sum =
69e8ed76b06233d11932a5c0ef16f03b
[gitlab-unicorn-startup.in]
_update_hash_filename_ = gitlab-unicorn-startup.in
md5sum =
b0c3d465a8aaad9d2274934dcf208645
md5sum =
705825e6d8c6b37699f1321805d09de3
[gitlab.yml.in]
_update_hash_filename_ = template/gitlab.yml.in
md5sum =
f4cc0bc898b8d59010d61473e2adc53b
md5sum =
673c393e6728a8d82e6b9a44886785a8
[gitaly-config.toml.in]
_update_hash_filename_ = template/gitaly-config.toml.in
md5sum =
0f1ec4077dab586cc003ae13f689eda2
md5sum =
58e3d5bbda32583d00cd8f44ec0525b0
[instance-gitlab.cfg.in]
_update_hash_filename_ = instance-gitlab.cfg.in
md5sum =
0445e54ee7ce1f65ec79801e128c80d4
md5sum =
8e5b0ddb1b79679b4162f302aa438b62
[instance-gitlab-export.cfg.in]
_update_hash_filename_ = instance-gitlab-export.cfg.in
md5sum =
9ed8220bb3ad71ff7e8638354127412c
md5sum =
b8dea5ca4c6f9fc1ca54eb0265e1fdee
[macrolib.cfg.in]
_update_hash_filename_ = macrolib.cfg.in
md5sum =
a56a44e96f65f5ed20211bb6a54279f4
md5sum =
70612697434bf4fbe838fdf4fd867ed8
[nginx-gitlab-http.conf.in]
_update_hash_filename_ = template/nginx-gitlab-http.conf.in
md5sum =
cd7471a8c5d6f6bc848c62ce62dca966
md5sum =
4980c1571a4dd7753aaa60d065270849
[nginx.conf.in]
_update_hash_filename_ = template/nginx.conf.in
...
...
@@ -86,8 +86,8 @@ md5sum = 4e1ced687a86e4cfff2dde91237e3942
[template-gitlab-resiliency-restore.sh.in]
_update_hash_filename_ = template/template-gitlab-resiliency-restore.sh.in
md5sum =
16b9f52f00d55feab7e31a88029ad351
md5sum =
87f16b4f4a2370acada46b2751ef3366
[unicorn.rb.in]
_update_hash_filename_ = template/unicorn.rb.in
md5sum =
67728235a2c4c9425c80f0c85674988
5
md5sum =
b4758129a8d0c47b2c3adb10fefb827
5
software/gitlab/gitlab-unicorn-startup.in
View file @
a1bfe616
...
...
@@ -39,15 +39,10 @@ echo "I: PostgreSQL ready." 1>&2
psql -c 'CREATE EXTENSION IF NOT EXISTS pg_trgm;' || die "pg_trgm setup failed"
if echo "$pgtables" | grep -q '^Did not find any relations' ; then
$RAKE
db:schema:load db:seed_fu
|| die "initial db setup failed"
$RAKE
gitlab:setup RAILS_ENV=production force=yes
|| die "initial db setup failed"
fi
# re-build ssh keys
# (we do not use them - just for cleannes)
force=yes $RAKE gitlab:shell:setup || die "gitlab:shell:setup failed"
# 2. what to do when instance is upgraded
# see
# https://gitlab.com/gitlab-org/gitlab-ce/blob/master/lib/support/deploy/deploy.sh
...
...
@@ -64,10 +59,15 @@ $RAKE db:migrate >$migrate_log 2>&1 || die "db:migrate failed"
# logs of actual migration run.
test -s $migrate_log || rm $migrate_log
touch {{ var_dir }}/gitlab_db_ok
# clear cache
$RAKE cache:clear || die "cache:clear failed"
# re-build ssh keys
# (we do not use them - just for cleannes)
# run before migration to avoir error on missing tables in db
force=yes $RAKE gitlab:shell:setup || die "gitlab:shell:setup failed"
# 3. finally exec to unicorn
...
...
software/gitlab/gowork.cfg
View file @
a1bfe616
...
...
@@ -25,10 +25,10 @@ revision = v0.8.0-12-g816c908556
<= go-git-package
go.importpath = lab.nexedi.com/kirr/git-backup
repository = https://lab.nexedi.com/kirr/git-backup.git
revision =
3f6c4deec8834bdcd2c28c7c5eeacd8211e759b5
revision =
da754af24da351291c99caa421a103db09e7a4c4
[go_lab.nexedi.com_kirr_go123]
<= go-git-package
go.importpath = lab.nexedi.com/kirr/go123
repository = https://lab.nexedi.com/kirr/go123.git
revision =
56bf8f815a
revision =
95433de34f
software/gitlab/instance-gitlab-export.cfg.in
View file @
a1bfe616
...
...
@@ -50,6 +50,8 @@ input = inline: gitlab-shell-work*
var/repositories/**
srv/postgresql/**
srv/postgresql
srv/backup/logrotate
srv/backup/logrotate/**
etc/service/postgres-start
srv/redis/**
srv/unicorn/unicorn.socket
...
...
software/gitlab/instance-gitlab.cfg.in
View file @
a1bfe616
...
...
@@ -53,7 +53,7 @@ offline = true
{#- There are dangerous keys like recipe, etc #}
{#- XXX: Some other approach would be useful #}
{%- set DROP_KEY_LIST = ['recipe', '__buildout_signature__', 'computer', 'partition', 'url', 'key', 'cert'] %}
{%- for key, value in instance_parameter_dict.ite
rite
ms() -%}
{%- for key, value in instance_parameter_dict.items() -%}
{%- if key not in DROP_KEY_LIST %}
{{ key }} = {{ value }}
{%- endif -%}
...
...
@@ -198,7 +198,7 @@ context =
raw autogenerated # This file was autogenerated. (DO NOT EDIT - changes will be lost)
section instance_parameter instance-parameter
section backend_info backend-info
import urlparse urlparse
import urlparse url
lib.
parse
raw git {{ git }}
${:context-extra}
context-extra =
...
...
@@ -336,6 +336,7 @@ context =
raw psql_bin {{ postgresql_location }}/bin/psql
section pgsql service-postgresql
raw log_dir ${gitlab:log}
raw var_dir ${directory:var}
section unicorn_rb unicorn.rb
section gitlab_work gitlab-work
...
...
@@ -427,6 +428,8 @@ tune-command =
software = {{ gitlab_shell_repository_location }}
tune-command =
if [ -d "bin" ]; then rm -rf bin; fi &&
ln -sf ${:software}/bin bin &&
ln -sf ${gitlab-shell-config.yml:output} config.yml &&
true
...
...
@@ -531,6 +534,7 @@ config-command = ${service-redis:promise-wrapper}
<= logrotate-entry-base
log = ${redis:log}/*.log
name = redis
copytruncate = true
########################
...
...
@@ -557,6 +561,7 @@ command-line = {{ gitlab_workhorse }}
-documentRoot ${gitlab-work:location}/public
-secretPath ${gitlab-workhorse:secret}
-logFile ${gitlab-workhorse:log}
-repoPath ${gitlab-repo-dir:repositories}
# NOTE for profiling
# -pprofListenAddr ...
...
...
@@ -645,21 +650,25 @@ command-line = ${:rake} gitlab:gitlab_shell:check
<= logrotate-entry-base
log = ${unicorn:log}/*.log
name = unicorn
copytruncate = true
[logrotate-entry-gitlab]
<= logrotate-entry-base
log = ${gitlab:log}/*.log
name = gitlab
copytruncate = true
[logrotate-entry-gitlab-shell]
<= logrotate-entry-base
log = ${gitlab-shell:log}/*.log
name = gitlab-shell
copytruncate = true
[logrotate-entry-gitlab-workhorse]
<= logrotate-entry-base
log = ${gitlab-workhorse-dir:log}//*.log
name = gitlab-shell
copytruncate = true
#######################################
# sidekiq background jobs manager #
...
...
@@ -709,6 +718,7 @@ command-line = ${:rake} gitlab:sidekiq:check
<= logrotate-entry-base
log = ${sidekiq:log}/*.log
name = sidekiq
copytruncate = true
######################
...
...
@@ -781,6 +791,7 @@ promise = check_url_available
<= logrotate-entry-base
log = ${nginx:log}/*.log
name = nginx
post = kill -USR1 $(cat ${directory:run}/nginx.pid)
# base entry for clients who registers to cron
[cron-entry]
...
...
@@ -826,8 +837,7 @@ command =
${:rake} gitlab:assets:clean &&
${:rake} gettext:compile RAILS_ENV=production &&
cd ${gitlab-work:location} &&
PATH={{ node_bin_location }}:$PATH {{ yarn_location }}/bin/yarn add ajv@^4.11.2 &&
PATH={{ node_bin_location }}:$PATH {{ yarn_location }}/bin/yarn install --production --pure-lockfile &&
PATH={{ node_bin_location }}:{{ yarn_location }}/bin:$PATH yarn install --prefer-offline --production --pure-lockfile &&
${:rake} gitlab:assets:compile NODE_ENV=production NODE_OPTIONS="--max_old_space_size=4096" &&
true
...
...
software/gitlab/instance.cfg.in
View file @
a1bfe616
...
...
@@ -72,7 +72,7 @@ context =
raw bzip2_location ${bzip2:location}
raw bundler_4gitlab ${bundler-4gitlab:bundle}
raw bundler_1_17_3_dir ${bundler-4gitlab:bundle1.17.3}
raw coreutils_location ${coreutils:location}
raw coreutils_location ${coreutils
-9.1
:location}
raw curl_bin ${curl:location}/bin/curl
raw dcron_bin ${dcron-output:crond}
raw git ${git:location}/bin/git
...
...
@@ -88,7 +88,7 @@ context =
raw logrotate_bin ${logrotate:location}/usr/sbin/logrotate
raw nginx_bin ${nginx-output:nginx}
raw nginx_mime_types ${nginx-output:mime}
raw node_bin_location ${nodejs
-8.12.0
:location}/bin/
raw node_bin_location ${nodejs:location}/bin/
raw openssl_bin ${openssl-output:openssl}
raw postgresql_location ${postgresql10:location}
raw redis_binprefix ${redis28:location}/bin
...
...
software/gitlab/macrolib.cfg.in
View file @
a1bfe616
...
...
@@ -7,7 +7,6 @@
NOTE macros can return only strings - that's why '' is used for false #}
{% macro cfg_bool(name) %}{{ 'true' if (cfg(name).lower() in ('true', 'yes')) else '' }}{% endmacro %}
{# deduce whether to use https from external url
( here - becasue we cannot use jinja2 logic in instance-gitlab.cfg.in to
process instance parameters ) #}
...
...
software/gitlab/software.cfg
View file @
a1bfe616
...
...
@@ -30,8 +30,7 @@ extends =
../../component/logrotate/buildout.cfg
parts =
ruby2.3
golang1.12
golang1.13
git
postgresql10
redis28
...
...
@@ -43,11 +42,9 @@ parts =
gowork
gitlab-workhorse
gitaly-build
python-4gitlab
gitlab-shell/vendor
gitlab/vendor/bundle
gitlab_npm
github-markup-patch
gitlab-backup
# for instance
...
...
@@ -68,23 +65,53 @@ parts =
revision = 571d6514f7290e8faa9439c4b86aa2f6c87df261
[nodejs]
<= nodejs-
8.12.0
<= nodejs-
12.18.3
[yarn]
<= yarn-1.3.2
[python]
part = python2.7
<= yarn-1.16.0
# Gitlab backup (git-backup) is failing (segfault) with recent git version > 2.30.9
# We will use git 2.30.9 version for production upgrade
# TODO: fix the issue with git and use latest version
[git]
url = https://mirrors.edge.kernel.org/pub/software/scm/git/git-2.30.9.tar.xz
md5sum = c1d42936036cc44a448738329c821569
############################
# Software compilation #
############################
# python with eggs, that will be used in gitlab
# gitlab-markup call the command `python3 /path/to/commands/rest2html` which
# require docutils
# https://gitlab.com/gitlab-org/gitlab-markup/-/blob/master/lib/github/markups.rb
[docutils-download]
recipe = slapos.recipe.build:download
shared = true
url = https://files.pythonhosted.org/packages/2f/e0/3d435b34abd2d62e8206171892f174b180cd37b09d57b924ca5c2ef2219d/${:filename}
filename = docutils-0.16.tar.gz
md5sum = 44952782107930ddfcd37ae48eee0857
[python-4gitlab]
recipe = zc.recipe.egg
interpreter = python2
eggs =
docutils
recipe = slapos.recipe.build
docutils = ${docutils-download:target}
init =
# add the python executable in the options dict so that
# buildout signature changes if python executable changes
import os, sys
options['bin'] = python = os.path.join(location, 'bin')
install =
import os, sys
python = self.buildout['python3']['executable']
call([python, '-m', 'venv', '--clear', location])
pip = os.path.join(location, 'bin', 'pip')
call([pip, 'install', '--no-index', options['docutils']])
call([pip, 'uninstall', '-y', 'pip', 'setuptools'])
# selftest
python = os.path.join(location, 'bin', 'python')
call([python, '-c', 'import docutils'])
# Need ruby 2.6.5
# rubygemsrecipe with fixed url and this way pinned rubygems version
[rubygemsrecipe]
recipe = rubygemsrecipe
...
...
@@ -95,7 +122,7 @@ url = https://rubygems.org/rubygems/rubygems-3.1.2.zip
# - run gitlab services / jobs (via `bundle exec ...`)
[bundler-4gitlab]
<= rubygemsrecipe
ruby-location = ${ruby2.
3
:location}
ruby-location = ${ruby2.
6
:location}
ruby-executable = ${:ruby-location}/bin/ruby
gems =
bundler==1.17.3
...
...
@@ -103,7 +130,7 @@ gems =
# bin installed here
bundle = ${buildout:bin-directory}/bundle
# Gitaly need bundler 1.17.3 which is not the default version at the end
bundle1.17.3 = ${buildout:parts-directory}/${:_buildout_section_name_}/lib/ruby/gems/
1.8/
gems/bundler-1.17.3/exe/
bundle1.17.3 = ${buildout:parts-directory}/${:_buildout_section_name_}/lib/ruby/gems/gems/bundler-1.17.3/exe/
# install together with dependencies of gitlab, which we cannot specify using
# --with-... gem option
...
...
@@ -122,7 +149,7 @@ bundle1.17.3 = ${buildout:parts-directory}/${:_buildout_section_name_}/lib/ruby/
# (python-4gitlab puts interpreter into ${buildout:bin-directory})
environment =
PATH = ${yarn:location}/bin:${:ruby-location}/bin:${cmake:location}/bin:${pkgconfig:location}/bin:${nodejs:location}/bin:${postgresql10:location}/bin:${redis28:location}/bin:${git:location}/bin:${buildout:bin-directory}:%(PATH)s
PATH = ${
python-4gitlab:bin}:${
yarn:location}/bin:${:ruby-location}/bin:${cmake:location}/bin:${pkgconfig:location}/bin:${nodejs:location}/bin:${postgresql10:location}/bin:${redis28:location}/bin:${git:location}/bin:${buildout:bin-directory}:%(PATH)s
# gitlab, gitlab-shell & gitlab-workhorse checked out as git repositories
...
...
@@ -134,44 +161,25 @@ git-executable = ${git:location}/bin/git
[gitlab-repository]
<= git-repository
repository = https://lab.nexedi.com/nexedi/gitlab-ce.git
# 9.5.10 + NXD patches:
revision = v9.5.10-13-g2b98fc27fd2
revision = v12.10.14-8-gd7e78e9013
location = ${buildout:parts-directory}/gitlab
[gitlab-shell-repository]
<= git-repository
#repository = https://lab.nexedi.com/nexedi/gitlab-shell.git
repository = https://gitlab.com/gitlab-org/gitlab-shell.git
# gitlab 9.5.10 wants gitlab-shell 5.6.1
revision = v5.6.1-10-g1e587d3b7f
revision = v12.2.0
location = ${buildout:parts-directory}/gitlab-shell
[gitaly-repository]
<= git-repository
repository = https://gitlab.com/gitlab-org/gitaly.git
# for version v0.35.0 (gitlab 9.5.10)
revision = v0.35.0-0-gf99a57b19a
revision = v12.10.14
location = ${buildout:parts-directory}/gitaly
[gitlab-workhorse-repository]
<= git-repository
repository = https://lab.nexedi.com/nexedi/gitlab-workhorse.git
revision = v3.0.0-8-g74793ad3cc
# Patch github markup to not call "python2 -S /path/to/rest2html" but only "python2 /path/to/rest2html"
# NOTE github-markup invokes it as `python2`, that's why we are naming it this way
# https://github.com/github/markup/blob/5393ae93/lib/github/markups.rb#L36
[github-markup-patch]
recipe = plone.recipe.command
command =
files=$(ls ${gitlab-repository:location}/vendor/bundle/ruby/*/gems/git*-markup-*/lib/github/markups.rb) || true
if [ ! -z "$files" ]; then
for file in $files; do
sed -i 's#python2 -S#python2#' $file
done
fi
update-command = ${:command}
stop-on-error = True
revision = v8.30.3-19-g919c9b532c
# build needed-by-gitlab gems via bundler
[gitlab/vendor/bundle]
...
...
@@ -184,12 +192,13 @@ configure-command = cd ${:path} &&
${:bundle} config --local build.pg --with-pg-config=${postgresql10:location}/bin/pg_config &&
${:bundle} config --local build.re2 --with-re2-dir=${re2:location} &&
${:bundle} config --local build.nokogiri --with-zlib-dir=${zlib:location} --with-cflags=-I${xz-utils:location}/include --with-ldflags="-L${xz-utils:location}/lib -Wl,-rpath=${xz-utils:location}/lib"
${:bundle} config set without 'development test mysql aws kerberos'
${:bundle} config set deployment 'true'
make-binary =
make-targets= cd ${:path} &&
${:bundle} install --deployment --without development test mysql aws kerberos ed25519
make-targets= cd ${:path} && ${:bundle} install
environment =
PKG_CONFIG_PATH=${openssl-1.0:location}/lib/pkgconfig:${re2:location}/lib/pkgconfig:${xz-utils:location}/lib/pkgconfig
PKG_CONFIG_PATH=${openssl-1.0:location}/lib/pkgconfig:${re2:location}/lib/pkgconfig:${
icu:location}/lib/pkgconfig:${
xz-utils:location}/lib/pkgconfig
PATH=${pkgconfig:location}/bin:%(PATH)s
CFLAGS=-I${xz-utils:location}/include
...
...
@@ -225,7 +234,7 @@ make-targets= cd ${go_github.com_libgit2_git2go:location}
&& make install
environment =
PKG_CONFIG_PATH=${openssl-1.0:location}/lib/pkgconfig:${zlib:location}/lib/pkgconfig
PATH=${cmake:location}/bin:${pkgconfig:location}/bin:${git:location}/bin:${golang1.1
2
:location}/bin:${buildout:bin-directory}:%(PATH)s
PATH=${cmake:location}/bin:${pkgconfig:location}/bin:${git:location}/bin:${golang1.1
3
:location}/bin:${buildout:bin-directory}:%(PATH)s
GOPATH=${gowork:directory}
[gowork.goinstall]
...
...
@@ -233,7 +242,7 @@ git2go = ${go_github.com_libgit2_git2go_prepare:path}/vendor/libgit2/install
command = bash -c ". ${gowork:env.sh} && CGO_CFLAGS=-I${:git2go}/include CGO_LDFLAGS='-L${:git2go}/lib -lgit2' go install ${gowork:buildflags} -v $(echo -n '${gowork:install}' |tr '\n' ' ')"
[gowork]
golang = ${golang1.1
2
:location}
golang = ${golang1.1
3
:location}
# gitlab.com/gitlab-org/gitlab-workhorse
# gitlab.com/gitlab-org/gitlab-workhorse/cmd/gitlab-zip-cat
# gitlab.com/gitlab-org/gitlab-workhorse/cmd/gitlab-zip-metadata
...
...
@@ -248,11 +257,10 @@ buildflags = --tags "static"
[gitlab-workhorse]
recipe = slapos.recipe.cmmi
path = ${gitlab-workhorse-repository:location}
md5sum = 2988c944d58c4a08880498c4981cc7b7
configure-command = :
make-binary =
make-targets =
. ${gowork:env.sh}
&& make install PREFIX=${gowork:directory}
. ${gowork:env.sh} && make test
&& make install PREFIX=${gowork:directory}
[gitlab-backup]
recipe = plone.recipe.command
...
...
@@ -272,10 +280,12 @@ make-targets =
. ${gowork:env.sh} &&
unset GOBIN &&
make
post-install =
# solve the problem error="not executable: ruby/git-hooks/pre-receive"
chmod 755 ${:path}/ruby/git-hooks/gitlab-shell-hook
environment =
PKG_CONFIG_PATH=${openssl-1.0:location}/lib/pkgconfig:${icu:location}/lib/pkgconfig
PATH=${pkgconfig:location}/bin:${ruby2.3:location}/bin:%(PATH)s
PATH=${pkgconfig:location}/bin:${ruby2.6:location}/bin:%(PATH)s
[xnice-repository]
# to get kirr's misc repo containing xnice script for executing processes
...
...
@@ -296,8 +306,11 @@ bundle = ${bundler-4gitlab:bundle}
configure-command = true
make-binary =
make-targets= cd ${:path} &&
# Compile go binary
. ${gowork:env.sh} && make build &&
${:bundle} install --deployment --without development test
environment =
PATH=${ruby2.6:location}/bin:%(PATH)s
###############################
# Trampoline for instance #
...
...
@@ -400,7 +413,7 @@ url = https://lab.nexedi.com/alain.takoudjou/labdemo.backup/repository/archive.t
md5sum = d40e5e211dc9a4e5ada9c0250377c639
[versions]
docutils = 0.16
cns.recipe.symlink = 0.2.3
docutils = 0.12
plone.recipe.command = 1.1
z3c.recipe.scripts = 1.0.1
software/gitlab/template/gitaly-config.toml.in
View file @
a1bfe616
...
...
@@ -14,10 +14,24 @@ bin_dir = "{{ gitaly.location }}"
# # Optional: export metrics via Prometheus
# prometheus_listen_addr = "localhost:9236"
# # Optional: configure where the Gitaly creates the sockets for internal connections. If unset, Gitaly will create a randomly
# # named temp directory each time it boots.
# # Non Gitaly clients should never connect to these sockets.
internal_socket_dir = "{{ gitaly.internal_socket }}"
# # Optional: authenticate Gitaly requests using a shared secret
# [auth]
# token = 'abc123secret'
# transitioning = false # Set `transitioning` to true to temporarily allow unauthenticated while rolling out authentication.
# [tls]
# certificate_path = '/home/git/cert.cert'
# key_path = '/home/git/key.pem'
# # Git settings
[git]
bin_path = "{{ git }}"
# catfile_cache_size = 100
[[storage]]
name = "default"
...
...
@@ -30,11 +44,21 @@ path = "{{ gitlab.repositories }}"
# path = "/mnt/other_storage/repositories"
#
# # You can optionally configure Gitaly to output JSON-formatted log messages to stdout
# [logging]
# You can optionally configure Gitaly to output JSON-formatted log messages to stdout
[logging]
# The directory where Gitaly stores extra log files
dir = "{{ gitaly.log }}"
# format = "json"
# format = "json"
# # Additionally exceptions can be reported to Sentry
# sentry_dsn = "https://<key>:<secret>@sentry.io/<project>
# # Optional: Set log level to only log entries with that severity or above
# # One of, in order: debug, info, warn, errror, fatal, panic
# # Defaults to "info"
level = "warn"
#
# # Additionally exceptions from the Go server can be reported to Sentry
# sentry_dsn = "https://<key>:<secret>@sentry.io/<project>"
# # Exceptions from gitaly-ruby can also be reported to Sentry
# ruby_sentry_dsn = "https://<key>:<secret>@sentry.io/<project>"
# # You can optionally configure Gitaly to record histogram latencies on GRPC method calls
...
...
@@ -45,7 +69,27 @@ path = "{{ gitlab.repositories }}"
# The directory where gitaly-ruby is installed
dir = "{{ gitaly.location }}/ruby"
# # Gitaly-ruby resident set size (RSS) that triggers a memory restart (bytes)
# max_rss = 200000000
#
# # Grace period before a gitaly-ruby process is forcibly terminated after exceeding max_rss (seconds)
# graceful_restart_timeout = "10m"
#
# # Time that gitaly-ruby memory must remain high before a restart (seconds)
# restart_delay = "5m"
#
# # Number of gitaly-ruby worker processes
# num_workers = 2
#
# # Search path for system gitconfig file (e.g. /etc, /opt/gitlab/embedded/etc)
# # NOTE: This only affects RPCs that use Rugged.
# rugged_git_config_search_path = "/etc"
[gitlab-shell]
# The directory where gitlab-shell is installed
dir = "{{ gitlab_shell_work.location }}"
# # You can adjust the concurrency of each RPC endpoint
# [[concurrency]]
# rpc = "/gitaly.RepositoryService/GarbageCollect"
# max_per_repo = 1
software/gitlab/template/gitlab-shell-config.yml.in
View file @
a1bfe616
...
...
@@ -8,7 +8,7 @@
user: {{ backend_info.user }}
# Url to gitlab instance. Used for api calls. Should end with a slash.
gitlab_url: "http+unix://{{ urllib.quote_plus(unicorn.socket) }}/"
gitlab_url: "http+unix://{{ urllib.
parse.
quote_plus(unicorn.socket) }}/"
http_settings:
{# we don't need any
...
...
@@ -24,7 +24,7 @@ http_settings:
# Give the canonicalized absolute pathname,
# REPOS_PATH MUST NOT CONTAIN ANY SYMLINK!!!
# Check twice that none of the components is a symlink, including "/home".
#
repos_path: "{{ gitlab.repositories }}"
repos_path: "{{ gitlab.repositories }}"
# File used as authorized_keys for gitlab user
# NOTE not used in slapos version (all access via https only)
...
...
software/gitlab/template/gitlab.yml.in
View file @
a1bfe616
...
...
@@ -171,6 +171,16 @@ production: &base
storage_path: <%= @lfs_storage_path %>
#}
## Uploads
uploads:
# The location where uploads objects are stored (default: public/).
storage_path: "{{ gitlab.var }}"
# The location where uploads objects are stored (default: public/).
# storage_path: public/
# base_dir: uploads/-/system
object_store:
enabled: false
remote_directory: uploads # Bucket name
{# we do not support container registry
## Container Registry
...
...
@@ -516,7 +526,7 @@ production: &base
# https://lab.nexedi.com/nexedi/slapos.core/commit/347d33d6
# for now we have a lot of old slapos.core deployed...
{% if cfg('icp_license') != '' -%}
ICP: {{ urllib.
unquote_plus( str(cfg('icp_license')) ).decode('utf-8'
) }}
ICP: {{ urllib.
parse.unquote_plus( str(cfg('icp_license'))
) }}
{# ICP: '{{ cfg("icp_license") }}' #}
{% endif %}
...
...
software/gitlab/template/nginx-gitlab-http.conf.in
View file @
a1bfe616
...
...
@@ -74,7 +74,6 @@ server {
{% if cfg_https %}
## Strong SSL Security
## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html & https://cipherli.st/
ssl on;
ssl_certificate {{ nginx.cert_file }};
ssl_certificate_key {{ nginx.key_file }};
{# we don't need - most root CA will be included by default
...
...
@@ -113,7 +112,7 @@ server {
## HSTS Config
## https://www.nginx.com/blog/http-strict-transport-security-hsts-and-nginx/
{% if
cfg("nginx_hsts_max_age"
) > 0 -%}
{% if
int(cfg("nginx_hsts_max_age")
) > 0 -%}
{% if '{{ cfg("nginx_hsts_include_subdomains") }}' == 'true' -%}
add_header Strict-Transport-Security "max-age={{ cfg('nginx_hsts_max_age') }}; includeSubDomains"
{% else -%}
...
...
@@ -124,7 +123,7 @@ server {
## Individual nginx logs for this GitLab vhost
access_log {{ nginx.log }}/gitlab_access.log gitlab_access;
error_log {{ nginx.log }}/gitlab_error.log;
# Set CORS header
add_header 'Access-Control-Allow-Origin' {{ cfg('nginx_header_allow_origin') }};
add_header 'Access-Control-Allow-Credentials' true;
...
...
@@ -151,7 +150,7 @@ server {
{# we do not support relative URL - path is always "/" #}
{% set path = "/" %}
#if ($http_host = "") {
# set $http_host_with_default "<%= default_host %>";
#}
...
...
software/gitlab/template/template-gitlab-resiliency-restore.sh.in
View file @
a1bfe616
...
...
@@ -29,6 +29,7 @@ gitlab_work="{{ gitlab_work_location }}"
promise_check="{{ promise_lab_location }}"
unicorn_script="{{ unicorn_script }}"
sidekiq_script="{{ sidekiq_script }}"
var_location="{{ run_directory }}/.."
# export GIT_EXEC_PATH=$git_location/libexec/git-core/
...
...
@@ -61,6 +62,12 @@ if [ -f "$postgres_pid_file" ]; then
rm $postgres_pid_file
fi
# cleanup /var/backup and old repositories folders,
# restoration will created them at every run
echo "Cleanup gitlab backup and old repositories folders..."
rm -rf $var_location/backup/*
rm -rf $var_location/repositories*
echo "Starting Postgres..."
$postgres_executable &
postgres_pid=$!
...
...
software/gitlab/template/unicorn.rb.in
View file @
a1bfe616
...
...
@@ -20,8 +20,6 @@ timeout {{ cfg('unicorn_worker_timeout') }}
# combine Ruby 2.0.0dev or REE with "preload_app true" for memory savings
# http://rubyenterpriseedition.com/faq.html#adapt_apps_for_cow
preload_app true
GC.respond_to?(:copy_on_write_friendly=) and
GC.copy_on_write_friendly = true
# Enable this flag to have unicorn test client connections by writing the
...
...
@@ -32,6 +30,13 @@ GC.respond_to?(:copy_on_write_friendly=) and
# fast LAN.
check_client_connection false
require_relative '{{ gitlab_work.location }}/lib/gitlab/cluster/lifecycle_events'
before_exec do |server|
# Signal application hooks that we're about to restart
Gitlab::Cluster::LifecycleEvents.do_before_master_restart
end
# How many worker processes
worker_processes {{ cfg('unicorn_worker_processes') }}
...
...
@@ -41,11 +46,8 @@ worker_processes {{ cfg('unicorn_worker_processes') }}
# What to do before we fork a worker
before_fork do |server, worker|
# XXX why gitlab does not enable this?
# # the following is highly recomended for Rails + "preload_app true"
# # as there's no need for the master process to hold a connection
# defined?(ActiveRecord::Base) and
# ActiveRecord::Base.connection.disconnect!
# Signal application hooks that we're about to fork
Gitlab::Cluster::LifecycleEvents.do_before_fork
# The following is only recommended for memory/DB-constrained
# installations. It is not needed if your system can house
...
...
@@ -75,25 +77,13 @@ end
# What to do after we fork a worker
after_fork do |server, worker|
# Signal application hooks of worker start
Gitlab::Cluster::LifecycleEvents.do_worker_start
# per-process listener ports for debugging/admin/migrations
# addr = "127.0.0.1:#{9293 + worker.nr}"
# server.listen(addr, :tries => -1, :delay => 5, :tcp_nopush => true)
# XXX why gitlab does not enable this?
# # the following is *required* for Rails + "preload_app true",
# defined?(ActiveRecord::Base) and
# ActiveRecord::Base.establish_connection
# reset prometheus client, this will cause any opened metrics files to be closed
#defined?(::Prometheus::Client.reinitialize_on_pid_change) &&
# Prometheus::Client.reinitialize_on_pid_change
# if preload_app is true, then you may also want to check and
# restart any other shared sockets/descriptors such as Memcached,
# and Redis. TokyoCabinet file handles are safe to reuse
# between any number of forked children (assuming your kernel
# correctly implements pread()/pwrite() system calls)
end
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment