Commit 6fd7b987 by Kirill Smelkov

gitlab: Import gitlab-ce & gitlab-shell configs from omnibus-gitlab

Pristine import of template configuration files from omnibus GitLab
package. All files were imported as-is in their ERB form and filenames
from omnibus-gitlab 8.2.3+ce.0-0-g8eda093 from here:

    https://gitlab.com/gitlab-org/omnibus-gitlab/tree/8eda093/files/gitlab-cookbooks/gitlab/templates/default

We will convert the templates to jinja2 and adjust them to slapos
version in the following patches.

Scheme for synchronizing with future upstream changes is envisioned as this:

    - checkout latest commit which updated pristine erb files
    - copy updated files from omnibus-gitlab, and commit the updates
    - checkout slapos master
    - merge commit that updated erb

That should reasonably work with not too-many conflicts and even those
should be not hard to resolve (with `git mergetool` e.g. in kdiff3)

/cc @kazuhiko, @jerome
1 parent 2ddc5b0c
# This file is managed by gitlab-ctl. Manual changes will be
# erased! To change the contents below, edit /etc/gitlab/gitlab.rb
# and run `sudo gitlab-ctl reconfigure`.
production:
adapter: <%= @db_adapter %>
encoding: <%= @db_encoding %>
collation: <%= @db_collation %>
database: <%= @db_database %>
pool: <%= @db_pool %>
username: <%= single_quote(@db_username) %>
password: <%= single_quote(@db_password) %>
host: <%= single_quote(@db_host) %>
port: <%= @db_port %>
socket: <%= single_quote(@db_socket) %>
sslmode: <%= single_quote(@db_sslmode) %>
sslrootcert: <%= single_quote(@db_sslrootcert) %>
# This file is used by Rack-based servers to start the application.
if defined?(Unicorn)
require 'unicorn'
if ENV['RAILS_ENV'] == 'production' || ENV['RAILS_ENV'] == 'staging'
# Unicorn self-process killer
require 'unicorn/worker_killer'
# Max memory size (RSS) per worker
use Unicorn::WorkerKiller::Oom, (<%= @worker_memory_limit_min %>), (<%= @worker_memory_limit_max %>)
end
end
require ::File.expand_path('../config/environment', __FILE__)
map ENV['RAILS_RELATIVE_URL_ROOT'] || "/" do
run Gitlab::Application
end
# This file is managed by gitlab-ctl. Manual changes will be
# erased! To change the contents below, edit /etc/gitlab/gitlab.rb
# and run `sudo gitlab-ctl reconfigure`.
# GitLab user. git by default
user: <%= @user %>
# Url to gitlab instance. Used for api calls. Should end with a slash.
gitlab_url: "<%= @api_url %>"
http_settings:
<%= @http_settings.to_json if @http_settings %>
# user: someone
# password: somepass
# ca_file: /etc/ssl/cert.pem
# ca_path: /etc/pki/tls/certs
# self_signed_cert: false
# Repositories path
# Give the canonicalized absolute pathname,
# REPOS_PATH MUST NOT CONTAIN ANY SYMLINK!!!
# Check twice that none of the components is a symlink, including "/home".
repos_path: "<%= @repositories_path %>"
# File used as authorized_keys for gitlab user
auth_file: "<%= @authorized_keys %>"
# Redis settings used for pushing commit notices to gitlab
redis:
bin: /opt/gitlab/embedded/bin/redis-cli
host: <%= @redis_host %>
port: <%= @redis_port %>
<% if @redis_socket %>
socket: <%= @redis_socket %>
<% end %>
<% if @redis_password %>
pass: <%= @redis_password %>
<% end %>
database: <%= @redis_database %>
namespace: resque:gitlab
# Log file.
# Default is gitlab-shell.log in the root directory.
log_file: "<%= @log_file %>"
# Log level. INFO by default
log_level: <%= @log_level %>
# Audit usernames.
# Set to true to see real usernames in the logs instead of key ids, which is easier to follow, but
# incurs an extra API call on every gitlab-shell command.
audit_usernames: <%= @audit_usernames %>
# Enable git-annex support
# git-annex allows managing files with git, without checking the file contents into git
# See https://git-annex.branchable.com/ for documentation
# If enabled, git-annex needs to be installed on the server where gitlab-shell is setup
# For Debian and Ubuntu systems this can be done with: sudo apt-get install git-annex
# For CentOS: sudo yum install epel-release && sudo yum install git-annex
git_annex_enabled: <%= @git_annex_enabled %>
# This file is managed by gitlab-ctl. Manual changes will be
# erased! To change the contents below, edit /etc/gitlab/gitlab.rb
# and run `sudo gitlab-ctl reconfigure`.
# 1. Rename this file to rack_attack.rb
# 2. Review the paths_to_be_protected and add any other path you need protecting
#
paths_to_be_protected = [
"#{Rails.application.config.relative_url_root}/users/password",
"#{Rails.application.config.relative_url_root}/users/sign_in",
"#{Rails.application.config.relative_url_root}/api/#{API::API.version}/session.json",
"#{Rails.application.config.relative_url_root}/api/#{API::API.version}/session",
"#{Rails.application.config.relative_url_root}/users",
"#{Rails.application.config.relative_url_root}/users/confirmation",
"#{Rails.application.config.relative_url_root}/unsubscribes/"
]
# Create one big regular expression that matches strings starting with any of
# the paths_to_be_protected.
paths_regex = Regexp.union(paths_to_be_protected.map { |path| /\A#{Regexp.escape(path)}/ })
unless Rails.env.test?
Rack::Attack.throttle('protected paths', limit: <%= @rate_limit_requests_per_period %>, period: <%= @rate_limit_period %>.seconds) do |req|
if req.post? && req.path =~ paths_regex
req.ip
end
end
end
production: <%= @redis_url %>
# This file is managed by gitlab-ctl. Manual changes will be
# erased! To change the contents below, edit /etc/gitlab/gitlab.rb
# and run `sudo gitlab-ctl reconfigure`.
<% rails_app = @app == 'gitlab' ? 'Gitlab' : 'GitlabCi' %>
<% container = @app == 'gitlab' ? 'gitlab-rails' : 'gitlab-ci' %>
if Rails.env.production?
<%= rails_app %>::Application.config.action_mailer.delivery_method = :smtp
ActionMailer::Base.smtp_settings = {
authentication: <%= @smtp_authentication.to_s.to_sym.inspect %>,
<% %w{ address port user_name password domain enable_starttls_auto tls openssl_verify_mode ca_path ca_file }.each do |key| %>
<% value = node['gitlab'][container]["smtp_#{key}"] %>
<%= "#{key}: #{value.inspect}," unless value.nil? %>
<% end %>
}
end
# This file is managed by gitlab-ctl. Manual changes will be
# erased! To change the contents below, edit /etc/gitlab/gitlab.rb
# and run `sudo gitlab-ctl reconfigure`.
# What ports/sockets to listen on, and what options for them.
<%- @listen.each do |port, options| %>
listen "<%= port %>", <%= options %>
<%- end %>
<%- if @working_directory %>
working_directory '<%= @working_directory %>'
<%- end %>
# What the timeout for killing busy workers is, in seconds
timeout <%= @worker_timeout %>
# Whether the app should be pre-loaded
preload_app <%= @preload_app %>
# How many worker processes
worker_processes <%= @worker_processes %>
<%- if @before_fork %>
# What to do before we fork a worker
before_fork do |server, worker|
<%= @before_fork %>
end
<%- end %>
<%- if @after_fork %>
# What to do after we fork a worker
after_fork do |server, worker|
<%= @after_fork %>
end
<%- end %>
<%- if @pid %>
# Where to drop a pidfile
pid '<%= @pid %>'
<%- end %>
<%- if @stderr_path %>
# Where stderr gets logged
stderr_path '<%= @stderr_path %>'
<%- end %>
<%- if @stdout_path %>
# Where stdout gets logged
stdout_path '<%= @stdout_path %>'
<%- end %>
Styling with Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!