Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
slapos
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Paul Graydon
slapos
Commits
4d5df6f1
Commit
4d5df6f1
authored
Jan 23, 2024
by
Alain Takoudjou
Browse files
Options
Browse Files
Download
Plain Diff
Update Release Candidate
parents
0e951d43
b5b7360d
Changes
25
Hide whitespace changes
Inline
Side-by-side
Showing
25 changed files
with
237 additions
and
166 deletions
+237
-166
component/coreutils/buildout.cfg
component/coreutils/buildout.cfg
+7
-0
component/golang/buildout.cfg
component/golang/buildout.cfg
+4
-5
component/nodejs/buildout.cfg
component/nodejs/buildout.cfg
+0
-8
component/ruby/buildout.cfg
component/ruby/buildout.cfg
+4
-4
software/gitlab/buildout.hash.cfg
software/gitlab/buildout.hash.cfg
+11
-11
software/gitlab/gitlab-unicorn-startup.in
software/gitlab/gitlab-unicorn-startup.in
+6
-6
software/gitlab/gowork.cfg
software/gitlab/gowork.cfg
+2
-2
software/gitlab/instance-gitlab-export.cfg.in
software/gitlab/instance-gitlab-export.cfg.in
+2
-0
software/gitlab/instance-gitlab.cfg.in
software/gitlab/instance-gitlab.cfg.in
+14
-4
software/gitlab/instance.cfg.in
software/gitlab/instance.cfg.in
+2
-2
software/gitlab/macrolib.cfg.in
software/gitlab/macrolib.cfg.in
+0
-1
software/gitlab/software.cfg
software/gitlab/software.cfg
+62
-49
software/gitlab/template/gitaly-config.toml.in
software/gitlab/template/gitaly-config.toml.in
+48
-4
software/gitlab/template/gitlab-shell-config.yml.in
software/gitlab/template/gitlab-shell-config.yml.in
+2
-2
software/gitlab/template/gitlab.yml.in
software/gitlab/template/gitlab.yml.in
+11
-1
software/gitlab/template/nginx-gitlab-http.conf.in
software/gitlab/template/nginx-gitlab-http.conf.in
+3
-4
software/gitlab/template/template-gitlab-resiliency-restore.sh.in
.../gitlab/template/template-gitlab-resiliency-restore.sh.in
+7
-0
software/gitlab/template/unicorn.rb.in
software/gitlab/template/unicorn.rb.in
+12
-22
software/jstestnode/buildout.hash.cfg
software/jstestnode/buildout.hash.cfg
+4
-4
software/jstestnode/instance.cfg.in
software/jstestnode/instance.cfg.in
+6
-6
software/jstestnode/runTestSuite.in
software/jstestnode/runTestSuite.in
+2
-1
software/jstestnode/template-nginx-service.sh.in
software/jstestnode/template-nginx-service.sh.in
+6
-6
software/jstestnode/template-nginx.cfg.in
software/jstestnode/template-nginx.cfg.in
+16
-18
software/jstestnode/test/test.py
software/jstestnode/test/test.py
+5
-5
software/osie-coupler/software.cfg
software/osie-coupler/software.cfg
+1
-1
No files found.
component/coreutils/buildout.cfg
View file @
4d5df6f1
...
@@ -19,6 +19,13 @@ environment =
...
@@ -19,6 +19,13 @@ environment =
PATH=${perl:location}/bin:${xz-utils:location}/bin:%(PATH)s
PATH=${perl:location}/bin:${xz-utils:location}/bin:%(PATH)s
LDFLAGS=-Wl,--as-needed -L${gmp:location}/lib -Wl,-rpath=${gmp:location}/lib
LDFLAGS=-Wl,--as-needed -L${gmp:location}/lib -Wl,-rpath=${gmp:location}/lib
# Latest version of command split in coreutils is not working in gitlab backup
# For more details, see: https://lab.nexedi.com/nexedi/slapos/merge_requests/1503/diffs#note_197515
[coreutils-9.1]
<= coreutils
url = https://ftp.gnu.org/gnu/coreutils/coreutils-9.1.tar.xz
md5sum = 8b1ca4e018a7dce9bb937faec6618671
[coreutils-output]
[coreutils-output]
# Shared binary location to ease migration
# Shared binary location to ease migration
recipe = plone.recipe.command
recipe = plone.recipe.command
...
...
component/golang/buildout.cfg
View file @
4d5df6f1
...
@@ -74,13 +74,12 @@ patches =
...
@@ -74,13 +74,12 @@ patches =
[golang14:platform.machine() == 'aarch64']
[golang14:platform.machine() == 'aarch64']
setarch = setarch arm
setarch = setarch arm
[golang1.13]
[golang1.12]
<= golang-common-pre-1.19
<= golang-common-pre-1.19
url = https://go
lang.org/dl/go1.12.17
.src.tar.gz
url = https://go
.dev/dl/go1.13.15
.src.tar.gz
md5sum =
6b607fc795391dc609ffd79ebf41f08
0
md5sum =
4f4af14d88352a62761a9dcedf863ac
0
# go1.1
2
needs go1.4 to bootstrap
# go1.1
3
needs go1.4 to bootstrap
environment-extra =
environment-extra =
GOROOT_BOOTSTRAP=${golang14:location}
GOROOT_BOOTSTRAP=${golang14:location}
...
...
component/nodejs/buildout.cfg
View file @
4d5df6f1
...
@@ -72,14 +72,6 @@ md5sum = 28bf6a4d98b238403fa58a0805f4a979
...
@@ -72,14 +72,6 @@ md5sum = 28bf6a4d98b238403fa58a0805f4a979
PATH = ${pkgconfig:location}/bin:${python2.7:location}/bin:%(PATH)s
PATH = ${pkgconfig:location}/bin:${python2.7:location}/bin:%(PATH)s
configure-command = ./configure
configure-command = ./configure
[nodejs-8.12.0]
<= nodejs-base
version = v8.12.0
md5sum = 5690333b77964edf81945fc724f6ea85
openssl-location = ${openssl-1.0:location}
PATH = ${pkgconfig:location}/bin:${python2.7:location}/bin:%(PATH)s
configure-command = ./configure
[nodejs-base]
[nodejs-base]
# Server-side Javascript.
# Server-side Javascript.
version =
version =
...
...
component/ruby/buildout.cfg
View file @
4d5df6f1
...
@@ -25,10 +25,10 @@ environment =
...
@@ -25,10 +25,10 @@ environment =
PKG_CONFIG_PATH=${libyaml:location}/lib/
PKG_CONFIG_PATH=${libyaml:location}/lib/
[ruby2.
3
]
[ruby2.
6
]
<= ruby-common
<= ruby-common
url = http://ftp.ruby-lang.org/pub/ruby/2.
3/ruby-2.3.8
.tar.xz
url = http://ftp.ruby-lang.org/pub/ruby/2.
6/ruby-2.6.5
.tar.xz
md5sum =
927e1857f3dd5a1bdec26892dbae2a05
md5sum =
b8a4e2bdbb76485c3d6690e57be67750
[ruby]
[ruby]
<= ruby2.
3
<= ruby2.
6
software/gitlab/buildout.hash.cfg
View file @
4d5df6f1
...
@@ -14,7 +14,7 @@
...
@@ -14,7 +14,7 @@
# not need these here).
# not need these here).
[instance.cfg]
[instance.cfg]
filename = instance.cfg.in
filename = instance.cfg.in
md5sum =
7fa9436be9a31bf4ee172951df2d9df
4
md5sum =
ea1d4fb7b2330ae9d94df07f74b934b
4
[watcher]
[watcher]
_update_hash_filename_ = watcher.in
_update_hash_filename_ = watcher.in
...
@@ -38,35 +38,35 @@ md5sum = c2e23c0f7baa1633df0436ca4e728424
...
@@ -38,35 +38,35 @@ md5sum = c2e23c0f7baa1633df0436ca4e728424
[gitlab-shell-config.yml.in]
[gitlab-shell-config.yml.in]
_update_hash_filename_ = template/gitlab-shell-config.yml.in
_update_hash_filename_ = template/gitlab-shell-config.yml.in
md5sum =
52d18b521b8cd16352fc88b1e1d79d53
md5sum =
69e8ed76b06233d11932a5c0ef16f03b
[gitlab-unicorn-startup.in]
[gitlab-unicorn-startup.in]
_update_hash_filename_ = gitlab-unicorn-startup.in
_update_hash_filename_ = gitlab-unicorn-startup.in
md5sum =
b0c3d465a8aaad9d2274934dcf208645
md5sum =
705825e6d8c6b37699f1321805d09de3
[gitlab.yml.in]
[gitlab.yml.in]
_update_hash_filename_ = template/gitlab.yml.in
_update_hash_filename_ = template/gitlab.yml.in
md5sum =
f4cc0bc898b8d59010d61473e2adc53b
md5sum =
673c393e6728a8d82e6b9a44886785a8
[gitaly-config.toml.in]
[gitaly-config.toml.in]
_update_hash_filename_ = template/gitaly-config.toml.in
_update_hash_filename_ = template/gitaly-config.toml.in
md5sum =
0f1ec4077dab586cc003ae13f689eda2
md5sum =
58e3d5bbda32583d00cd8f44ec0525b0
[instance-gitlab.cfg.in]
[instance-gitlab.cfg.in]
_update_hash_filename_ = instance-gitlab.cfg.in
_update_hash_filename_ = instance-gitlab.cfg.in
md5sum =
0445e54ee7ce1f65ec79801e128c80d4
md5sum =
8e5b0ddb1b79679b4162f302aa438b62
[instance-gitlab-export.cfg.in]
[instance-gitlab-export.cfg.in]
_update_hash_filename_ = instance-gitlab-export.cfg.in
_update_hash_filename_ = instance-gitlab-export.cfg.in
md5sum =
9ed8220bb3ad71ff7e8638354127412c
md5sum =
b8dea5ca4c6f9fc1ca54eb0265e1fdee
[macrolib.cfg.in]
[macrolib.cfg.in]
_update_hash_filename_ = macrolib.cfg.in
_update_hash_filename_ = macrolib.cfg.in
md5sum =
a56a44e96f65f5ed20211bb6a54279f4
md5sum =
70612697434bf4fbe838fdf4fd867ed8
[nginx-gitlab-http.conf.in]
[nginx-gitlab-http.conf.in]
_update_hash_filename_ = template/nginx-gitlab-http.conf.in
_update_hash_filename_ = template/nginx-gitlab-http.conf.in
md5sum =
cd7471a8c5d6f6bc848c62ce62dca966
md5sum =
4980c1571a4dd7753aaa60d065270849
[nginx.conf.in]
[nginx.conf.in]
_update_hash_filename_ = template/nginx.conf.in
_update_hash_filename_ = template/nginx.conf.in
...
@@ -86,8 +86,8 @@ md5sum = 4e1ced687a86e4cfff2dde91237e3942
...
@@ -86,8 +86,8 @@ md5sum = 4e1ced687a86e4cfff2dde91237e3942
[template-gitlab-resiliency-restore.sh.in]
[template-gitlab-resiliency-restore.sh.in]
_update_hash_filename_ = template/template-gitlab-resiliency-restore.sh.in
_update_hash_filename_ = template/template-gitlab-resiliency-restore.sh.in
md5sum =
16b9f52f00d55feab7e31a88029ad351
md5sum =
87f16b4f4a2370acada46b2751ef3366
[unicorn.rb.in]
[unicorn.rb.in]
_update_hash_filename_ = template/unicorn.rb.in
_update_hash_filename_ = template/unicorn.rb.in
md5sum =
67728235a2c4c9425c80f0c85674988
5
md5sum =
b4758129a8d0c47b2c3adb10fefb827
5
software/gitlab/gitlab-unicorn-startup.in
View file @
4d5df6f1
...
@@ -39,15 +39,10 @@ echo "I: PostgreSQL ready." 1>&2
...
@@ -39,15 +39,10 @@ echo "I: PostgreSQL ready." 1>&2
psql -c 'CREATE EXTENSION IF NOT EXISTS pg_trgm;' || die "pg_trgm setup failed"
psql -c 'CREATE EXTENSION IF NOT EXISTS pg_trgm;' || die "pg_trgm setup failed"
if echo "$pgtables" | grep -q '^Did not find any relations' ; then
if echo "$pgtables" | grep -q '^Did not find any relations' ; then
$RAKE
db:schema:load db:seed_fu
|| die "initial db setup failed"
$RAKE
gitlab:setup RAILS_ENV=production force=yes
|| die "initial db setup failed"
fi
fi
# re-build ssh keys
# (we do not use them - just for cleannes)
force=yes $RAKE gitlab:shell:setup || die "gitlab:shell:setup failed"
# 2. what to do when instance is upgraded
# 2. what to do when instance is upgraded
# see
# see
# https://gitlab.com/gitlab-org/gitlab-ce/blob/master/lib/support/deploy/deploy.sh
# https://gitlab.com/gitlab-org/gitlab-ce/blob/master/lib/support/deploy/deploy.sh
...
@@ -64,10 +59,15 @@ $RAKE db:migrate >$migrate_log 2>&1 || die "db:migrate failed"
...
@@ -64,10 +59,15 @@ $RAKE db:migrate >$migrate_log 2>&1 || die "db:migrate failed"
# logs of actual migration run.
# logs of actual migration run.
test -s $migrate_log || rm $migrate_log
test -s $migrate_log || rm $migrate_log
touch {{ var_dir }}/gitlab_db_ok
# clear cache
# clear cache
$RAKE cache:clear || die "cache:clear failed"
$RAKE cache:clear || die "cache:clear failed"
# re-build ssh keys
# (we do not use them - just for cleannes)
# run before migration to avoir error on missing tables in db
force=yes $RAKE gitlab:shell:setup || die "gitlab:shell:setup failed"
# 3. finally exec to unicorn
# 3. finally exec to unicorn
...
...
software/gitlab/gowork.cfg
View file @
4d5df6f1
...
@@ -25,10 +25,10 @@ revision = v0.8.0-12-g816c908556
...
@@ -25,10 +25,10 @@ revision = v0.8.0-12-g816c908556
<= go-git-package
<= go-git-package
go.importpath = lab.nexedi.com/kirr/git-backup
go.importpath = lab.nexedi.com/kirr/git-backup
repository = https://lab.nexedi.com/kirr/git-backup.git
repository = https://lab.nexedi.com/kirr/git-backup.git
revision =
3f6c4deec8834bdcd2c28c7c5eeacd8211e759b5
revision =
da754af24da351291c99caa421a103db09e7a4c4
[go_lab.nexedi.com_kirr_go123]
[go_lab.nexedi.com_kirr_go123]
<= go-git-package
<= go-git-package
go.importpath = lab.nexedi.com/kirr/go123
go.importpath = lab.nexedi.com/kirr/go123
repository = https://lab.nexedi.com/kirr/go123.git
repository = https://lab.nexedi.com/kirr/go123.git
revision =
56bf8f815a
revision =
95433de34f
software/gitlab/instance-gitlab-export.cfg.in
View file @
4d5df6f1
...
@@ -50,6 +50,8 @@ input = inline: gitlab-shell-work*
...
@@ -50,6 +50,8 @@ input = inline: gitlab-shell-work*
var/repositories/**
var/repositories/**
srv/postgresql/**
srv/postgresql/**
srv/postgresql
srv/postgresql
srv/backup/logrotate
srv/backup/logrotate/**
etc/service/postgres-start
etc/service/postgres-start
srv/redis/**
srv/redis/**
srv/unicorn/unicorn.socket
srv/unicorn/unicorn.socket
...
...
software/gitlab/instance-gitlab.cfg.in
View file @
4d5df6f1
...
@@ -53,7 +53,7 @@ offline = true
...
@@ -53,7 +53,7 @@ offline = true
{#- There are dangerous keys like recipe, etc #}
{#- There are dangerous keys like recipe, etc #}
{#- XXX: Some other approach would be useful #}
{#- XXX: Some other approach would be useful #}
{%- set DROP_KEY_LIST = ['recipe', '__buildout_signature__', 'computer', 'partition', 'url', 'key', 'cert'] %}
{%- set DROP_KEY_LIST = ['recipe', '__buildout_signature__', 'computer', 'partition', 'url', 'key', 'cert'] %}
{%- for key, value in instance_parameter_dict.ite
rite
ms() -%}
{%- for key, value in instance_parameter_dict.items() -%}
{%- if key not in DROP_KEY_LIST %}
{%- if key not in DROP_KEY_LIST %}
{{ key }} = {{ value }}
{{ key }} = {{ value }}
{%- endif -%}
{%- endif -%}
...
@@ -198,7 +198,7 @@ context =
...
@@ -198,7 +198,7 @@ context =
raw autogenerated # This file was autogenerated. (DO NOT EDIT - changes will be lost)
raw autogenerated # This file was autogenerated. (DO NOT EDIT - changes will be lost)
section instance_parameter instance-parameter
section instance_parameter instance-parameter
section backend_info backend-info
section backend_info backend-info
import urlparse urlparse
import urlparse url
lib.
parse
raw git {{ git }}
raw git {{ git }}
${:context-extra}
${:context-extra}
context-extra =
context-extra =
...
@@ -336,6 +336,7 @@ context =
...
@@ -336,6 +336,7 @@ context =
raw psql_bin {{ postgresql_location }}/bin/psql
raw psql_bin {{ postgresql_location }}/bin/psql
section pgsql service-postgresql
section pgsql service-postgresql
raw log_dir ${gitlab:log}
raw log_dir ${gitlab:log}
raw var_dir ${directory:var}
section unicorn_rb unicorn.rb
section unicorn_rb unicorn.rb
section gitlab_work gitlab-work
section gitlab_work gitlab-work
...
@@ -427,6 +428,8 @@ tune-command =
...
@@ -427,6 +428,8 @@ tune-command =
software = {{ gitlab_shell_repository_location }}
software = {{ gitlab_shell_repository_location }}
tune-command =
tune-command =
if [ -d "bin" ]; then rm -rf bin; fi &&
ln -sf ${:software}/bin bin &&
ln -sf ${gitlab-shell-config.yml:output} config.yml &&
ln -sf ${gitlab-shell-config.yml:output} config.yml &&
true
true
...
@@ -531,6 +534,7 @@ config-command = ${service-redis:promise-wrapper}
...
@@ -531,6 +534,7 @@ config-command = ${service-redis:promise-wrapper}
<= logrotate-entry-base
<= logrotate-entry-base
log = ${redis:log}/*.log
log = ${redis:log}/*.log
name = redis
name = redis
copytruncate = true
########################
########################
...
@@ -557,6 +561,7 @@ command-line = {{ gitlab_workhorse }}
...
@@ -557,6 +561,7 @@ command-line = {{ gitlab_workhorse }}
-documentRoot ${gitlab-work:location}/public
-documentRoot ${gitlab-work:location}/public
-secretPath ${gitlab-workhorse:secret}
-secretPath ${gitlab-workhorse:secret}
-logFile ${gitlab-workhorse:log}
-logFile ${gitlab-workhorse:log}
-repoPath ${gitlab-repo-dir:repositories}
# NOTE for profiling
# NOTE for profiling
# -pprofListenAddr ...
# -pprofListenAddr ...
...
@@ -645,21 +650,25 @@ command-line = ${:rake} gitlab:gitlab_shell:check
...
@@ -645,21 +650,25 @@ command-line = ${:rake} gitlab:gitlab_shell:check
<= logrotate-entry-base
<= logrotate-entry-base
log = ${unicorn:log}/*.log
log = ${unicorn:log}/*.log
name = unicorn
name = unicorn
copytruncate = true
[logrotate-entry-gitlab]
[logrotate-entry-gitlab]
<= logrotate-entry-base
<= logrotate-entry-base
log = ${gitlab:log}/*.log
log = ${gitlab:log}/*.log
name = gitlab
name = gitlab
copytruncate = true
[logrotate-entry-gitlab-shell]
[logrotate-entry-gitlab-shell]
<= logrotate-entry-base
<= logrotate-entry-base
log = ${gitlab-shell:log}/*.log
log = ${gitlab-shell:log}/*.log
name = gitlab-shell
name = gitlab-shell
copytruncate = true
[logrotate-entry-gitlab-workhorse]
[logrotate-entry-gitlab-workhorse]
<= logrotate-entry-base
<= logrotate-entry-base
log = ${gitlab-workhorse-dir:log}//*.log
log = ${gitlab-workhorse-dir:log}//*.log
name = gitlab-shell
name = gitlab-shell
copytruncate = true
#######################################
#######################################
# sidekiq background jobs manager #
# sidekiq background jobs manager #
...
@@ -709,6 +718,7 @@ command-line = ${:rake} gitlab:sidekiq:check
...
@@ -709,6 +718,7 @@ command-line = ${:rake} gitlab:sidekiq:check
<= logrotate-entry-base
<= logrotate-entry-base
log = ${sidekiq:log}/*.log
log = ${sidekiq:log}/*.log
name = sidekiq
name = sidekiq
copytruncate = true
######################
######################
...
@@ -781,6 +791,7 @@ promise = check_url_available
...
@@ -781,6 +791,7 @@ promise = check_url_available
<= logrotate-entry-base
<= logrotate-entry-base
log = ${nginx:log}/*.log
log = ${nginx:log}/*.log
name = nginx
name = nginx
post = kill -USR1 $(cat ${directory:run}/nginx.pid)
# base entry for clients who registers to cron
# base entry for clients who registers to cron
[cron-entry]
[cron-entry]
...
@@ -826,8 +837,7 @@ command =
...
@@ -826,8 +837,7 @@ command =
${:rake} gitlab:assets:clean &&
${:rake} gitlab:assets:clean &&
${:rake} gettext:compile RAILS_ENV=production &&
${:rake} gettext:compile RAILS_ENV=production &&
cd ${gitlab-work:location} &&
cd ${gitlab-work:location} &&
PATH={{ node_bin_location }}:$PATH {{ yarn_location }}/bin/yarn add ajv@^4.11.2 &&
PATH={{ node_bin_location }}:{{ yarn_location }}/bin:$PATH yarn install --prefer-offline --production --pure-lockfile &&
PATH={{ node_bin_location }}:$PATH {{ yarn_location }}/bin/yarn install --production --pure-lockfile &&
${:rake} gitlab:assets:compile NODE_ENV=production NODE_OPTIONS="--max_old_space_size=4096" &&
${:rake} gitlab:assets:compile NODE_ENV=production NODE_OPTIONS="--max_old_space_size=4096" &&
true
true
...
...
software/gitlab/instance.cfg.in
View file @
4d5df6f1
...
@@ -72,7 +72,7 @@ context =
...
@@ -72,7 +72,7 @@ context =
raw bzip2_location ${bzip2:location}
raw bzip2_location ${bzip2:location}
raw bundler_4gitlab ${bundler-4gitlab:bundle}
raw bundler_4gitlab ${bundler-4gitlab:bundle}
raw bundler_1_17_3_dir ${bundler-4gitlab:bundle1.17.3}
raw bundler_1_17_3_dir ${bundler-4gitlab:bundle1.17.3}
raw coreutils_location ${coreutils:location}
raw coreutils_location ${coreutils
-9.1
:location}
raw curl_bin ${curl:location}/bin/curl
raw curl_bin ${curl:location}/bin/curl
raw dcron_bin ${dcron-output:crond}
raw dcron_bin ${dcron-output:crond}
raw git ${git:location}/bin/git
raw git ${git:location}/bin/git
...
@@ -88,7 +88,7 @@ context =
...
@@ -88,7 +88,7 @@ context =
raw logrotate_bin ${logrotate:location}/usr/sbin/logrotate
raw logrotate_bin ${logrotate:location}/usr/sbin/logrotate
raw nginx_bin ${nginx-output:nginx}
raw nginx_bin ${nginx-output:nginx}
raw nginx_mime_types ${nginx-output:mime}
raw nginx_mime_types ${nginx-output:mime}
raw node_bin_location ${nodejs
-8.12.0
:location}/bin/
raw node_bin_location ${nodejs:location}/bin/
raw openssl_bin ${openssl-output:openssl}
raw openssl_bin ${openssl-output:openssl}
raw postgresql_location ${postgresql10:location}
raw postgresql_location ${postgresql10:location}
raw redis_binprefix ${redis28:location}/bin
raw redis_binprefix ${redis28:location}/bin
...
...
software/gitlab/macrolib.cfg.in
View file @
4d5df6f1
...
@@ -7,7 +7,6 @@
...
@@ -7,7 +7,6 @@
NOTE macros can return only strings - that's why '' is used for false #}
NOTE macros can return only strings - that's why '' is used for false #}
{% macro cfg_bool(name) %}{{ 'true' if (cfg(name).lower() in ('true', 'yes')) else '' }}{% endmacro %}
{% macro cfg_bool(name) %}{{ 'true' if (cfg(name).lower() in ('true', 'yes')) else '' }}{% endmacro %}
{# deduce whether to use https from external url
{# deduce whether to use https from external url
( here - becasue we cannot use jinja2 logic in instance-gitlab.cfg.in to
( here - becasue we cannot use jinja2 logic in instance-gitlab.cfg.in to
process instance parameters ) #}
process instance parameters ) #}
...
...
software/gitlab/software.cfg
View file @
4d5df6f1
...
@@ -30,8 +30,7 @@ extends =
...
@@ -30,8 +30,7 @@ extends =
../../component/logrotate/buildout.cfg
../../component/logrotate/buildout.cfg
parts =
parts =
ruby2.3
golang1.13
golang1.12
git
git
postgresql10
postgresql10
redis28
redis28
...
@@ -43,11 +42,9 @@ parts =
...
@@ -43,11 +42,9 @@ parts =
gowork
gowork
gitlab-workhorse
gitlab-workhorse
gitaly-build
gitaly-build
python-4gitlab
gitlab-shell/vendor
gitlab-shell/vendor
gitlab/vendor/bundle
gitlab/vendor/bundle
gitlab_npm
gitlab_npm
github-markup-patch
gitlab-backup
gitlab-backup
# for instance
# for instance
...
@@ -68,23 +65,53 @@ parts =
...
@@ -68,23 +65,53 @@ parts =
revision = 571d6514f7290e8faa9439c4b86aa2f6c87df261
revision = 571d6514f7290e8faa9439c4b86aa2f6c87df261
[nodejs]
[nodejs]
<= nodejs-
8.12.0
<= nodejs-
12.18.3
[yarn]
[yarn]
<= yarn-1.3.2
<= yarn-1.16.0
[python]
part = python2.7
# Gitlab backup (git-backup) is failing (segfault) with recent git version > 2.30.9
# We will use git 2.30.9 version for production upgrade
# TODO: fix the issue with git and use latest version
[git]
url = https://mirrors.edge.kernel.org/pub/software/scm/git/git-2.30.9.tar.xz
md5sum = c1d42936036cc44a448738329c821569
############################
############################
# Software compilation #
# Software compilation #
############################
############################
# python with eggs, that will be used in gitlab
# python with eggs, that will be used in gitlab
# gitlab-markup call the command `python3 /path/to/commands/rest2html` which
# require docutils
# https://gitlab.com/gitlab-org/gitlab-markup/-/blob/master/lib/github/markups.rb
[docutils-download]
recipe = slapos.recipe.build:download
shared = true
url = https://files.pythonhosted.org/packages/2f/e0/3d435b34abd2d62e8206171892f174b180cd37b09d57b924ca5c2ef2219d/${:filename}
filename = docutils-0.16.tar.gz
md5sum = 44952782107930ddfcd37ae48eee0857
[python-4gitlab]
[python-4gitlab]
recipe = zc.recipe.egg
recipe = slapos.recipe.build
interpreter = python2
docutils = ${docutils-download:target}
eggs =
init =
docutils
# add the python executable in the options dict so that
# buildout signature changes if python executable changes
import os, sys
options['bin'] = python = os.path.join(location, 'bin')
install =
import os, sys
python = self.buildout['python3']['executable']
call([python, '-m', 'venv', '--clear', location])
pip = os.path.join(location, 'bin', 'pip')
call([pip, 'install', '--no-index', options['docutils']])
call([pip, 'uninstall', '-y', 'pip', 'setuptools'])
# selftest
python = os.path.join(location, 'bin', 'python')
call([python, '-c', 'import docutils'])
# Need ruby 2.6.5
# rubygemsrecipe with fixed url and this way pinned rubygems version
# rubygemsrecipe with fixed url and this way pinned rubygems version
[rubygemsrecipe]
[rubygemsrecipe]
recipe = rubygemsrecipe
recipe = rubygemsrecipe
...
@@ -95,7 +122,7 @@ url = https://rubygems.org/rubygems/rubygems-3.1.2.zip
...
@@ -95,7 +122,7 @@ url = https://rubygems.org/rubygems/rubygems-3.1.2.zip
# - run gitlab services / jobs (via `bundle exec ...`)
# - run gitlab services / jobs (via `bundle exec ...`)
[bundler-4gitlab]
[bundler-4gitlab]
<= rubygemsrecipe
<= rubygemsrecipe
ruby-location = ${ruby2.
3
:location}
ruby-location = ${ruby2.
6
:location}
ruby-executable = ${:ruby-location}/bin/ruby
ruby-executable = ${:ruby-location}/bin/ruby
gems =
gems =
bundler==1.17.3
bundler==1.17.3
...
@@ -103,7 +130,7 @@ gems =
...
@@ -103,7 +130,7 @@ gems =
# bin installed here
# bin installed here
bundle = ${buildout:bin-directory}/bundle
bundle = ${buildout:bin-directory}/bundle
# Gitaly need bundler 1.17.3 which is not the default version at the end
# Gitaly need bundler 1.17.3 which is not the default version at the end
bundle1.17.3 = ${buildout:parts-directory}/${:_buildout_section_name_}/lib/ruby/gems/
1.8/
gems/bundler-1.17.3/exe/
bundle1.17.3 = ${buildout:parts-directory}/${:_buildout_section_name_}/lib/ruby/gems/gems/bundler-1.17.3/exe/
# install together with dependencies of gitlab, which we cannot specify using
# install together with dependencies of gitlab, which we cannot specify using
# --with-... gem option
# --with-... gem option
...
@@ -122,7 +149,7 @@ bundle1.17.3 = ${buildout:parts-directory}/${:_buildout_section_name_}/lib/ruby/
...
@@ -122,7 +149,7 @@ bundle1.17.3 = ${buildout:parts-directory}/${:_buildout_section_name_}/lib/ruby/
# (python-4gitlab puts interpreter into ${buildout:bin-directory})
# (python-4gitlab puts interpreter into ${buildout:bin-directory})
environment =
environment =
PATH = ${yarn:location}/bin:${:ruby-location}/bin:${cmake:location}/bin:${pkgconfig:location}/bin:${nodejs:location}/bin:${postgresql10:location}/bin:${redis28:location}/bin:${git:location}/bin:${buildout:bin-directory}:%(PATH)s
PATH = ${
python-4gitlab:bin}:${
yarn:location}/bin:${:ruby-location}/bin:${cmake:location}/bin:${pkgconfig:location}/bin:${nodejs:location}/bin:${postgresql10:location}/bin:${redis28:location}/bin:${git:location}/bin:${buildout:bin-directory}:%(PATH)s
# gitlab, gitlab-shell & gitlab-workhorse checked out as git repositories
# gitlab, gitlab-shell & gitlab-workhorse checked out as git repositories
...
@@ -134,44 +161,25 @@ git-executable = ${git:location}/bin/git
...
@@ -134,44 +161,25 @@ git-executable = ${git:location}/bin/git
[gitlab-repository]
[gitlab-repository]
<= git-repository
<= git-repository
repository = https://lab.nexedi.com/nexedi/gitlab-ce.git
repository = https://lab.nexedi.com/nexedi/gitlab-ce.git
# 9.5.10 + NXD patches:
revision = v12.10.14-8-gd7e78e9013
revision = v9.5.10-13-g2b98fc27fd2
location = ${buildout:parts-directory}/gitlab
location = ${buildout:parts-directory}/gitlab
[gitlab-shell-repository]
[gitlab-shell-repository]
<= git-repository
<= git-repository
#repository = https://lab.nexedi.com/nexedi/gitlab-shell.git
repository = https://gitlab.com/gitlab-org/gitlab-shell.git
repository = https://gitlab.com/gitlab-org/gitlab-shell.git
# gitlab 9.5.10 wants gitlab-shell 5.6.1
revision = v12.2.0
revision = v5.6.1-10-g1e587d3b7f
location = ${buildout:parts-directory}/gitlab-shell
location = ${buildout:parts-directory}/gitlab-shell
[gitaly-repository]
[gitaly-repository]
<= git-repository
<= git-repository
repository = https://gitlab.com/gitlab-org/gitaly.git
repository = https://gitlab.com/gitlab-org/gitaly.git
# for version v0.35.0 (gitlab 9.5.10)
revision = v12.10.14
revision = v0.35.0-0-gf99a57b19a
location = ${buildout:parts-directory}/gitaly
location = ${buildout:parts-directory}/gitaly
[gitlab-workhorse-repository]
[gitlab-workhorse-repository]
<= git-repository
<= git-repository
repository = https://lab.nexedi.com/nexedi/gitlab-workhorse.git
repository = https://lab.nexedi.com/nexedi/gitlab-workhorse.git
revision = v3.0.0-8-g74793ad3cc
revision = v8.30.3-19-g919c9b532c
# Patch github markup to not call "python2 -S /path/to/rest2html" but only "python2 /path/to/rest2html"
# NOTE github-markup invokes it as `python2`, that's why we are naming it this way
# https://github.com/github/markup/blob/5393ae93/lib/github/markups.rb#L36
[github-markup-patch]
recipe = plone.recipe.command
command =
files=$(ls ${gitlab-repository:location}/vendor/bundle/ruby/*/gems/git*-markup-*/lib/github/markups.rb) || true
if [ ! -z "$files" ]; then
for file in $files; do
sed -i 's#python2 -S#python2#' $file
done
fi
update-command = ${:command}
stop-on-error = True
# build needed-by-gitlab gems via bundler
# build needed-by-gitlab gems via bundler
[gitlab/vendor/bundle]
[gitlab/vendor/bundle]
...
@@ -184,12 +192,13 @@ configure-command = cd ${:path} &&
...
@@ -184,12 +192,13 @@ configure-command = cd ${:path} &&
${:bundle} config --local build.pg --with-pg-config=${postgresql10:location}/bin/pg_config &&
${:bundle} config --local build.pg --with-pg-config=${postgresql10:location}/bin/pg_config &&
${:bundle} config --local build.re2 --with-re2-dir=${re2:location} &&
${:bundle} config --local build.re2 --with-re2-dir=${re2:location} &&
${:bundle} config --local build.nokogiri --with-zlib-dir=${zlib:location} --with-cflags=-I${xz-utils:location}/include --with-ldflags="-L${xz-utils:location}/lib -Wl,-rpath=${xz-utils:location}/lib"
${:bundle} config --local build.nokogiri --with-zlib-dir=${zlib:location} --with-cflags=-I${xz-utils:location}/include --with-ldflags="-L${xz-utils:location}/lib -Wl,-rpath=${xz-utils:location}/lib"
${:bundle} config set without 'development test mysql aws kerberos'
${:bundle} config set deployment 'true'
make-binary =
make-binary =
make-targets= cd ${:path} &&
make-targets= cd ${:path} && ${:bundle} install
${:bundle} install --deployment --without development test mysql aws kerberos ed25519
environment =
environment =
PKG_CONFIG_PATH=${openssl-1.0:location}/lib/pkgconfig:${re2:location}/lib/pkgconfig:${xz-utils:location}/lib/pkgconfig
PKG_CONFIG_PATH=${openssl-1.0:location}/lib/pkgconfig:${re2:location}/lib/pkgconfig:${
icu:location}/lib/pkgconfig:${
xz-utils:location}/lib/pkgconfig
PATH=${pkgconfig:location}/bin:%(PATH)s
PATH=${pkgconfig:location}/bin:%(PATH)s
CFLAGS=-I${xz-utils:location}/include
CFLAGS=-I${xz-utils:location}/include
...
@@ -225,7 +234,7 @@ make-targets= cd ${go_github.com_libgit2_git2go:location}
...
@@ -225,7 +234,7 @@ make-targets= cd ${go_github.com_libgit2_git2go:location}
&& make install
&& make install
environment =
environment =
PKG_CONFIG_PATH=${openssl-1.0:location}/lib/pkgconfig:${zlib:location}/lib/pkgconfig
PKG_CONFIG_PATH=${openssl-1.0:location}/lib/pkgconfig:${zlib:location}/lib/pkgconfig
PATH=${cmake:location}/bin:${pkgconfig:location}/bin:${git:location}/bin:${golang1.1
2
:location}/bin:${buildout:bin-directory}:%(PATH)s
PATH=${cmake:location}/bin:${pkgconfig:location}/bin:${git:location}/bin:${golang1.1
3
:location}/bin:${buildout:bin-directory}:%(PATH)s
GOPATH=${gowork:directory}
GOPATH=${gowork:directory}
[gowork.goinstall]
[gowork.goinstall]
...
@@ -233,7 +242,7 @@ git2go = ${go_github.com_libgit2_git2go_prepare:path}/vendor/libgit2/install
...
@@ -233,7 +242,7 @@ git2go = ${go_github.com_libgit2_git2go_prepare:path}/vendor/libgit2/install
command = bash -c ". ${gowork:env.sh} && CGO_CFLAGS=-I${:git2go}/include CGO_LDFLAGS='-L${:git2go}/lib -lgit2' go install ${gowork:buildflags} -v $(echo -n '${gowork:install}' |tr '\n' ' ')"
command = bash -c ". ${gowork:env.sh} && CGO_CFLAGS=-I${:git2go}/include CGO_LDFLAGS='-L${:git2go}/lib -lgit2' go install ${gowork:buildflags} -v $(echo -n '${gowork:install}' |tr '\n' ' ')"
[gowork]
[gowork]
golang = ${golang1.1
2
:location}
golang = ${golang1.1
3
:location}
# gitlab.com/gitlab-org/gitlab-workhorse
# gitlab.com/gitlab-org/gitlab-workhorse
# gitlab.com/gitlab-org/gitlab-workhorse/cmd/gitlab-zip-cat
# gitlab.com/gitlab-org/gitlab-workhorse/cmd/gitlab-zip-cat
# gitlab.com/gitlab-org/gitlab-workhorse/cmd/gitlab-zip-metadata
# gitlab.com/gitlab-org/gitlab-workhorse/cmd/gitlab-zip-metadata
...
@@ -248,11 +257,10 @@ buildflags = --tags "static"
...
@@ -248,11 +257,10 @@ buildflags = --tags "static"
[gitlab-workhorse]
[gitlab-workhorse]
recipe = slapos.recipe.cmmi
recipe = slapos.recipe.cmmi
path = ${gitlab-workhorse-repository:location}
path = ${gitlab-workhorse-repository:location}
md5sum = 2988c944d58c4a08880498c4981cc7b7
configure-command = :
configure-command = :
make-binary =
make-binary =
make-targets =
make-targets =
. ${gowork:env.sh}
&& make install PREFIX=${gowork:directory}
. ${gowork:env.sh} && make test
&& make install PREFIX=${gowork:directory}
[gitlab-backup]
[gitlab-backup]
recipe = plone.recipe.command
recipe = plone.recipe.command
...
@@ -272,10 +280,12 @@ make-targets =
...
@@ -272,10 +280,12 @@ make-targets =
. ${gowork:env.sh} &&
. ${gowork:env.sh} &&
unset GOBIN &&
unset GOBIN &&
make
make
post-install =
# solve the problem error="not executable: ruby/git-hooks/pre-receive"
chmod 755 ${:path}/ruby/git-hooks/gitlab-shell-hook
environment =
environment =
PKG_CONFIG_PATH=${openssl-1.0:location}/lib/pkgconfig:${icu:location}/lib/pkgconfig
PKG_CONFIG_PATH=${openssl-1.0:location}/lib/pkgconfig:${icu:location}/lib/pkgconfig
PATH=${pkgconfig:location}/bin:${ruby2.3:location}/bin:%(PATH)s
PATH=${pkgconfig:location}/bin:${ruby2.6:location}/bin:%(PATH)s
[xnice-repository]
[xnice-repository]
# to get kirr's misc repo containing xnice script for executing processes
# to get kirr's misc repo containing xnice script for executing processes
...
@@ -296,8 +306,11 @@ bundle = ${bundler-4gitlab:bundle}
...
@@ -296,8 +306,11 @@ bundle = ${bundler-4gitlab:bundle}
configure-command = true
configure-command = true
make-binary =
make-binary =
make-targets= cd ${:path} &&
make-targets= cd ${:path} &&
# Compile go binary
. ${gowork:env.sh} && make build &&
${:bundle} install --deployment --without development test
${:bundle} install --deployment --without development test
environment =
PATH=${ruby2.6:location}/bin:%(PATH)s
###############################
###############################
# Trampoline for instance #
# Trampoline for instance #
...
@@ -400,7 +413,7 @@ url = https://lab.nexedi.com/alain.takoudjou/labdemo.backup/repository/archive.t
...
@@ -400,7 +413,7 @@ url = https://lab.nexedi.com/alain.takoudjou/labdemo.backup/repository/archive.t
md5sum = d40e5e211dc9a4e5ada9c0250377c639
md5sum = d40e5e211dc9a4e5ada9c0250377c639
[versions]
[versions]
docutils = 0.16
cns.recipe.symlink = 0.2.3
cns.recipe.symlink = 0.2.3
docutils = 0.12
plone.recipe.command = 1.1
plone.recipe.command = 1.1
z3c.recipe.scripts = 1.0.1
z3c.recipe.scripts = 1.0.1
software/gitlab/template/gitaly-config.toml.in
View file @
4d5df6f1
...
@@ -14,10 +14,24 @@ bin_dir = "{{ gitaly.location }}"
...
@@ -14,10 +14,24 @@ bin_dir = "{{ gitaly.location }}"
# # Optional: export metrics via Prometheus
# # Optional: export metrics via Prometheus
# prometheus_listen_addr = "localhost:9236"
# prometheus_listen_addr = "localhost:9236"
# # Optional: configure where the Gitaly creates the sockets for internal connections. If unset, Gitaly will create a randomly
# # named temp directory each time it boots.
# # Non Gitaly clients should never connect to these sockets.
internal_socket_dir = "{{ gitaly.internal_socket }}"
# # Optional: authenticate Gitaly requests using a shared secret
# [auth]
# token = 'abc123secret'
# transitioning = false # Set `transitioning` to true to temporarily allow unauthenticated while rolling out authentication.
# [tls]
# certificate_path = '/home/git/cert.cert'
# key_path = '/home/git/key.pem'
# # Git settings
# # Git settings
[git]
[git]
bin_path = "{{ git }}"
bin_path = "{{ git }}"
# catfile_cache_size = 100
[[storage]]
[[storage]]
name = "default"
name = "default"
...
@@ -30,11 +44,21 @@ path = "{{ gitlab.repositories }}"
...
@@ -30,11 +44,21 @@ path = "{{ gitlab.repositories }}"
# path = "/mnt/other_storage/repositories"
# path = "/mnt/other_storage/repositories"
#
#
# # You can optionally configure Gitaly to output JSON-formatted log messages to stdout
# You can optionally configure Gitaly to output JSON-formatted log messages to stdout
# [logging]
[logging]
# The directory where Gitaly stores extra log files
dir = "{{ gitaly.log }}"
# format = "json"
# format = "json"
# format = "json"
# # Additionally exceptions can be reported to Sentry
# # Optional: Set log level to only log entries with that severity or above
# sentry_dsn = "https://<key>:<secret>@sentry.io/<project>
# # One of, in order: debug, info, warn, errror, fatal, panic
# # Defaults to "info"
level = "warn"
#
# # Additionally exceptions from the Go server can be reported to Sentry
# sentry_dsn = "https://<key>:<secret>@sentry.io/<project>"
# # Exceptions from gitaly-ruby can also be reported to Sentry
# ruby_sentry_dsn = "https://<key>:<secret>@sentry.io/<project>"
# # You can optionally configure Gitaly to record histogram latencies on GRPC method calls
# # You can optionally configure Gitaly to record histogram latencies on GRPC method calls
...
@@ -45,7 +69,27 @@ path = "{{ gitlab.repositories }}"
...
@@ -45,7 +69,27 @@ path = "{{ gitlab.repositories }}"
# The directory where gitaly-ruby is installed
# The directory where gitaly-ruby is installed
dir = "{{ gitaly.location }}/ruby"
dir = "{{ gitaly.location }}/ruby"
# # Gitaly-ruby resident set size (RSS) that triggers a memory restart (bytes)
# max_rss = 200000000
#
# # Grace period before a gitaly-ruby process is forcibly terminated after exceeding max_rss (seconds)
# graceful_restart_timeout = "10m"
#
# # Time that gitaly-ruby memory must remain high before a restart (seconds)
# restart_delay = "5m"
#
# # Number of gitaly-ruby worker processes
# num_workers = 2
#
# # Search path for system gitconfig file (e.g. /etc, /opt/gitlab/embedded/etc)
# # NOTE: This only affects RPCs that use Rugged.
# rugged_git_config_search_path = "/etc"
[gitlab-shell]
[gitlab-shell]
# The directory where gitlab-shell is installed
# The directory where gitlab-shell is installed
dir = "{{ gitlab_shell_work.location }}"
dir = "{{ gitlab_shell_work.location }}"
# # You can adjust the concurrency of each RPC endpoint
# [[concurrency]]
# rpc = "/gitaly.RepositoryService/GarbageCollect"
# max_per_repo = 1
software/gitlab/template/gitlab-shell-config.yml.in
View file @
4d5df6f1
...
@@ -8,7 +8,7 @@
...
@@ -8,7 +8,7 @@
user: {{ backend_info.user }}
user: {{ backend_info.user }}
# Url to gitlab instance. Used for api calls. Should end with a slash.
# Url to gitlab instance. Used for api calls. Should end with a slash.
gitlab_url: "http+unix://{{ urllib.quote_plus(unicorn.socket) }}/"
gitlab_url: "http+unix://{{ urllib.
parse.
quote_plus(unicorn.socket) }}/"
http_settings:
http_settings:
{# we don't need any
{# we don't need any
...
@@ -24,7 +24,7 @@ http_settings:
...
@@ -24,7 +24,7 @@ http_settings:
# Give the canonicalized absolute pathname,
# Give the canonicalized absolute pathname,
# REPOS_PATH MUST NOT CONTAIN ANY SYMLINK!!!
# REPOS_PATH MUST NOT CONTAIN ANY SYMLINK!!!
# Check twice that none of the components is a symlink, including "/home".
# Check twice that none of the components is a symlink, including "/home".
#
repos_path: "{{ gitlab.repositories }}"
repos_path: "{{ gitlab.repositories }}"
# File used as authorized_keys for gitlab user
# File used as authorized_keys for gitlab user
# NOTE not used in slapos version (all access via https only)
# NOTE not used in slapos version (all access via https only)
...
...
software/gitlab/template/gitlab.yml.in
View file @
4d5df6f1
...
@@ -171,6 +171,16 @@ production: &base
...
@@ -171,6 +171,16 @@ production: &base
storage_path: <%= @lfs_storage_path %>
storage_path: <%= @lfs_storage_path %>
#}
#}
## Uploads
uploads:
# The location where uploads objects are stored (default: public/).
storage_path: "{{ gitlab.var }}"
# The location where uploads objects are stored (default: public/).
# storage_path: public/
# base_dir: uploads/-/system
object_store:
enabled: false
remote_directory: uploads # Bucket name
{# we do not support container registry
{# we do not support container registry
## Container Registry
## Container Registry
...
@@ -516,7 +526,7 @@ production: &base
...
@@ -516,7 +526,7 @@ production: &base
# https://lab.nexedi.com/nexedi/slapos.core/commit/347d33d6
# https://lab.nexedi.com/nexedi/slapos.core/commit/347d33d6
# for now we have a lot of old slapos.core deployed...
# for now we have a lot of old slapos.core deployed...
{% if cfg('icp_license') != '' -%}
{% if cfg('icp_license') != '' -%}
ICP: {{ urllib.
unquote_plus( str(cfg('icp_license')) ).decode('utf-8'
) }}
ICP: {{ urllib.
parse.unquote_plus( str(cfg('icp_license'))
) }}
{# ICP: '{{ cfg("icp_license") }}' #}
{# ICP: '{{ cfg("icp_license") }}' #}
{% endif %}
{% endif %}
...
...
software/gitlab/template/nginx-gitlab-http.conf.in
View file @
4d5df6f1
...
@@ -74,7 +74,6 @@ server {
...
@@ -74,7 +74,6 @@ server {
{% if cfg_https %}
{% if cfg_https %}
## Strong SSL Security
## Strong SSL Security
## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html & https://cipherli.st/
## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html & https://cipherli.st/
ssl on;
ssl_certificate {{ nginx.cert_file }};
ssl_certificate {{ nginx.cert_file }};
ssl_certificate_key {{ nginx.key_file }};
ssl_certificate_key {{ nginx.key_file }};
{# we don't need - most root CA will be included by default
{# we don't need - most root CA will be included by default
...
@@ -113,7 +112,7 @@ server {
...
@@ -113,7 +112,7 @@ server {
## HSTS Config
## HSTS Config
## https://www.nginx.com/blog/http-strict-transport-security-hsts-and-nginx/
## https://www.nginx.com/blog/http-strict-transport-security-hsts-and-nginx/
{% if
cfg("nginx_hsts_max_age"
) > 0 -%}
{% if
int(cfg("nginx_hsts_max_age")
) > 0 -%}
{% if '{{ cfg("nginx_hsts_include_subdomains") }}' == 'true' -%}
{% if '{{ cfg("nginx_hsts_include_subdomains") }}' == 'true' -%}
add_header Strict-Transport-Security "max-age={{ cfg('nginx_hsts_max_age') }}; includeSubDomains"
add_header Strict-Transport-Security "max-age={{ cfg('nginx_hsts_max_age') }}; includeSubDomains"
{% else -%}
{% else -%}
...
@@ -124,7 +123,7 @@ server {
...
@@ -124,7 +123,7 @@ server {
## Individual nginx logs for this GitLab vhost
## Individual nginx logs for this GitLab vhost
access_log {{ nginx.log }}/gitlab_access.log gitlab_access;
access_log {{ nginx.log }}/gitlab_access.log gitlab_access;
error_log {{ nginx.log }}/gitlab_error.log;
error_log {{ nginx.log }}/gitlab_error.log;
# Set CORS header
# Set CORS header
add_header 'Access-Control-Allow-Origin' {{ cfg('nginx_header_allow_origin') }};
add_header 'Access-Control-Allow-Origin' {{ cfg('nginx_header_allow_origin') }};
add_header 'Access-Control-Allow-Credentials' true;
add_header 'Access-Control-Allow-Credentials' true;
...
@@ -151,7 +150,7 @@ server {
...
@@ -151,7 +150,7 @@ server {
{# we do not support relative URL - path is always "/" #}
{# we do not support relative URL - path is always "/" #}
{% set path = "/" %}
{% set path = "/" %}
#if ($http_host = "") {
#if ($http_host = "") {
# set $http_host_with_default "<%= default_host %>";
# set $http_host_with_default "<%= default_host %>";
#}
#}
...
...
software/gitlab/template/template-gitlab-resiliency-restore.sh.in
View file @
4d5df6f1
...
@@ -29,6 +29,7 @@ gitlab_work="{{ gitlab_work_location }}"
...
@@ -29,6 +29,7 @@ gitlab_work="{{ gitlab_work_location }}"
promise_check="{{ promise_lab_location }}"
promise_check="{{ promise_lab_location }}"
unicorn_script="{{ unicorn_script }}"
unicorn_script="{{ unicorn_script }}"
sidekiq_script="{{ sidekiq_script }}"
sidekiq_script="{{ sidekiq_script }}"
var_location="{{ run_directory }}/.."
# export GIT_EXEC_PATH=$git_location/libexec/git-core/
# export GIT_EXEC_PATH=$git_location/libexec/git-core/
...
@@ -61,6 +62,12 @@ if [ -f "$postgres_pid_file" ]; then
...
@@ -61,6 +62,12 @@ if [ -f "$postgres_pid_file" ]; then
rm $postgres_pid_file
rm $postgres_pid_file
fi
fi
# cleanup /var/backup and old repositories folders,
# restoration will created them at every run
echo "Cleanup gitlab backup and old repositories folders..."
rm -rf $var_location/backup/*
rm -rf $var_location/repositories*
echo "Starting Postgres..."
echo "Starting Postgres..."
$postgres_executable &
$postgres_executable &
postgres_pid=$!
postgres_pid=$!
...
...
software/gitlab/template/unicorn.rb.in
View file @
4d5df6f1
...
@@ -20,8 +20,6 @@ timeout {{ cfg('unicorn_worker_timeout') }}
...
@@ -20,8 +20,6 @@ timeout {{ cfg('unicorn_worker_timeout') }}
# combine Ruby 2.0.0dev or REE with "preload_app true" for memory savings
# combine Ruby 2.0.0dev or REE with "preload_app true" for memory savings
# http://rubyenterpriseedition.com/faq.html#adapt_apps_for_cow
# http://rubyenterpriseedition.com/faq.html#adapt_apps_for_cow
preload_app true
preload_app true
GC.respond_to?(:copy_on_write_friendly=) and
GC.copy_on_write_friendly = true
# Enable this flag to have unicorn test client connections by writing the
# Enable this flag to have unicorn test client connections by writing the
...
@@ -32,6 +30,13 @@ GC.respond_to?(:copy_on_write_friendly=) and
...
@@ -32,6 +30,13 @@ GC.respond_to?(:copy_on_write_friendly=) and
# fast LAN.
# fast LAN.
check_client_connection false
check_client_connection false
require_relative '{{ gitlab_work.location }}/lib/gitlab/cluster/lifecycle_events'
before_exec do |server|
# Signal application hooks that we're about to restart
Gitlab::Cluster::LifecycleEvents.do_before_master_restart
end
# How many worker processes
# How many worker processes
worker_processes {{ cfg('unicorn_worker_processes') }}
worker_processes {{ cfg('unicorn_worker_processes') }}
...
@@ -41,11 +46,8 @@ worker_processes {{ cfg('unicorn_worker_processes') }}
...
@@ -41,11 +46,8 @@ worker_processes {{ cfg('unicorn_worker_processes') }}
# What to do before we fork a worker
# What to do before we fork a worker
before_fork do |server, worker|
before_fork do |server, worker|
# XXX why gitlab does not enable this?
# Signal application hooks that we're about to fork
# # the following is highly recomended for Rails + "preload_app true"
Gitlab::Cluster::LifecycleEvents.do_before_fork
# # as there's no need for the master process to hold a connection
# defined?(ActiveRecord::Base) and
# ActiveRecord::Base.connection.disconnect!
# The following is only recommended for memory/DB-constrained
# The following is only recommended for memory/DB-constrained
# installations. It is not needed if your system can house
# installations. It is not needed if your system can house
...
@@ -75,25 +77,13 @@ end
...
@@ -75,25 +77,13 @@ end
# What to do after we fork a worker
# What to do after we fork a worker
after_fork do |server, worker|
after_fork do |server, worker|
# Signal application hooks of worker start
Gitlab::Cluster::LifecycleEvents.do_worker_start
# per-process listener ports for debugging/admin/migrations
# per-process listener ports for debugging/admin/migrations
# addr = "127.0.0.1:#{9293 + worker.nr}"
# addr = "127.0.0.1:#{9293 + worker.nr}"
# server.listen(addr, :tries => -1, :delay => 5, :tcp_nopush => true)
# server.listen(addr, :tries => -1, :delay => 5, :tcp_nopush => true)
# XXX why gitlab does not enable this?
# # the following is *required* for Rails + "preload_app true",
# defined?(ActiveRecord::Base) and
# ActiveRecord::Base.establish_connection
# reset prometheus client, this will cause any opened metrics files to be closed
#defined?(::Prometheus::Client.reinitialize_on_pid_change) &&
# Prometheus::Client.reinitialize_on_pid_change
# if preload_app is true, then you may also want to check and
# restart any other shared sockets/descriptors such as Memcached,
# and Redis. TokyoCabinet file handles are safe to reuse
# between any number of forked children (assuming your kernel
# correctly implements pread()/pwrite() system calls)
end
end
...
...
software/jstestnode/buildout.hash.cfg
View file @
4d5df6f1
...
@@ -15,16 +15,16 @@
...
@@ -15,16 +15,16 @@
[instance]
[instance]
filename = instance.cfg.in
filename = instance.cfg.in
md5sum =
84380fe6c268301a1e1f501e53943f58
md5sum =
ad2797e1b83b6b3221f831950075a057
[template-nginx-service]
[template-nginx-service]
filename = template-nginx-service.sh.in
filename = template-nginx-service.sh.in
md5sum =
458870b70c33a1621b68961ae2372ad5
md5sum =
d718fb950862769e57100986cfabb180
[template-nginx-configuration]
[template-nginx-configuration]
filename = template-nginx.cfg.in
filename = template-nginx.cfg.in
md5sum =
98faa5ad8cfb23a11d97a459078a1d05
md5sum =
f15c5d9b8c2cf39cb6b2070d8d9d3a92
[template-runTestSuite]
[template-runTestSuite]
filename = runTestSuite.in
filename = runTestSuite.in
md5sum =
5db53d622bd68fb07e078ddc4403a240
md5sum =
98b7d79eb6af1c4120e3848e9e6fca61
software/jstestnode/instance.cfg.in
View file @
4d5df6f1
...
@@ -10,7 +10,7 @@ offline = true
...
@@ -10,7 +10,7 @@ offline = true
[publish]
[publish]
recipe = slapos.cookbook:publish.serialised
recipe = slapos.cookbook:publish.serialised
nginx = http://[$${nginx-configuration:ip}]:$${nginx-configuration:port}/
nginx = http
s
://[$${nginx-configuration:ip}]:$${nginx-configuration:port}/
[directory]
[directory]
recipe = slapos.cookbook:mkdirectory
recipe = slapos.cookbook:mkdirectory
...
@@ -97,13 +97,13 @@ virtual-depends =
...
@@ -97,13 +97,13 @@ virtual-depends =
recipe = slapos.recipe.template
recipe = slapos.recipe.template
url = ${template-nginx-configuration:output}
url = ${template-nginx-configuration:output}
output = $${directory:etc}/nginx.cfg
output = $${directory:etc}/nginx.cfg
access
_
log = $${directory:log}/nginx-access.log
access
-
log = $${directory:log}/nginx-access.log
error
_
log = $${directory:log}/nginx-error.log
error
-
log = $${directory:log}/nginx-error.log
ip = $${instance-parameter:ipv6-random}
ip = $${instance-parameter:ipv6-random}
port = 9443
port = 9443
ssl
_key = $${directory:ssl}/nginx.key
ssl
-csr = $${directory:ssl}/nginx.csr
ssl
_csr = $${directory:ssl}/nginx.csr
ssl
-key = $${directory:ssl}/nginx.key
ssl
_
crt = $${directory:ssl}/nginx.crt
ssl
-
crt = $${directory:ssl}/nginx.crt
[nginx-listen-promise]
[nginx-listen-promise]
recipe = slapos.cookbook:check_port_listening
recipe = slapos.cookbook:check_port_listening
...
...
software/jstestnode/runTestSuite.in
View file @
4d5df6f1
...
@@ -22,7 +22,7 @@ os.environ['XORG_LOCK_DIR'] = '$${xvfb-instance:lock-dir}'
...
@@ -22,7 +22,7 @@ os.environ['XORG_LOCK_DIR'] = '$${xvfb-instance:lock-dir}'
os.environ['DISPLAY'] = '$${xvfb-instance:display}'
os.environ['DISPLAY'] = '$${xvfb-instance:display}'
os.environ['FONTCONFIG_FILE'] = '$${fontconfig-conf:output}'
os.environ['FONTCONFIG_FILE'] = '$${fontconfig-conf:output}'
BASE_URL = 'http://[$${nginx-configuration:ip}]:$${nginx-configuration:port}/'
BASE_URL = 'http
s
://[$${nginx-configuration:ip}]:$${nginx-configuration:port}/'
ETC_DIRECTORY = '$${directory:etc}'
ETC_DIRECTORY = '$${directory:etc}'
def main():
def main():
...
@@ -91,6 +91,7 @@ def main():
...
@@ -91,6 +91,7 @@ def main():
if target == 'firefox':
if target == 'firefox':
firefox_capabilities = webdriver.common.desired_capabilities.DesiredCapabilities.FIREFOX
firefox_capabilities = webdriver.common.desired_capabilities.DesiredCapabilities.FIREFOX
firefox_capabilities['marionette'] = True
firefox_capabilities['marionette'] = True
firefox_capabilities['acceptInsecureCerts'] = True
browser = webdriver.Firefox(
browser = webdriver.Firefox(
capabilities=firefox_capabilities,
capabilities=firefox_capabilities,
firefox_binary='${firefox-wrapper:location}',
firefox_binary='${firefox-wrapper:location}',
...
...
software/jstestnode/template-nginx-service.sh.in
View file @
4d5df6f1
...
@@ -2,16 +2,16 @@
...
@@ -2,16 +2,16 @@
# BEWARE: This file is operated by slapos node
# BEWARE: This file is operated by slapos node
# BEWARE: It will be overwritten automatically
# BEWARE: It will be overwritten automatically
if [ ! -e $${nginx-configuration:ssl
_
crt} ]
if [ ! -e $${nginx-configuration:ssl
-
crt} ]
then
then
${openssl-output:openssl} genrsa -out $${nginx-configuration:ssl
_
key} 2048
${openssl-output:openssl} genrsa -out $${nginx-configuration:ssl
-
key} 2048
${openssl-output:openssl} req -new \
${openssl-output:openssl} req -new \
-subj "/C=AA/ST=Denial/L=Nowhere/O=Dis/CN=$${nginx-configuration:ip}" \
-subj "/C=AA/ST=Denial/L=Nowhere/O=Dis/CN=$${nginx-configuration:ip}" \
-key $${nginx-configuration:ssl
_key} -out $${nginx-configuration:ssl_
csr}
-key $${nginx-configuration:ssl
-key} -out $${nginx-configuration:ssl-
csr}
${openssl-output:openssl} x509 -req -days 365 \
${openssl-output:openssl} x509 -req -days 365 \
-in $${nginx-configuration:ssl
_
csr} \
-in $${nginx-configuration:ssl
-
csr} \
-signkey $${nginx-configuration:ssl
_
key} \
-signkey $${nginx-configuration:ssl
-
key} \
-out $${nginx-configuration:ssl
_
crt}
-out $${nginx-configuration:ssl
-
crt}
fi
fi
exec ${nginx-output:nginx} \
exec ${nginx-output:nginx} \
...
...
software/jstestnode/template-nginx.cfg.in
View file @
4d5df6f1
...
@@ -8,14 +8,14 @@ events {
...
@@ -8,14 +8,14 @@ events {
# multi_accept on;
# multi_accept on;
}
}
error_log $${nginx-configuration:error_log};
error_log $${nginx-configuration:error-log};
http {
http {
##
##
# Basic Settings
# Basic Settings
##
##
sendfile on;
sendfile on;
tcp_nopush on;
tcp_nopush on;
tcp_nodelay on;
tcp_nodelay on;
...
@@ -32,14 +32,14 @@ http {
...
@@ -32,14 +32,14 @@ http {
##
##
# Logging Settings
# Logging Settings
##
##
access_log $${nginx-configuration:access
_
log};
access_log $${nginx-configuration:access
-
log};
error_log $${nginx-configuration:error
_
log};
error_log $${nginx-configuration:error
-
log};
##
##
# Gzip Settings
# Gzip Settings
##
##
gzip on;
gzip on;
gzip_disable "msie6";
gzip_disable "msie6";
...
@@ -51,11 +51,9 @@ http {
...
@@ -51,11 +51,9 @@ http {
gzip_types text/html text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript;
gzip_types text/html text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript;
server {
server {
listen [$${nginx-configuration:ip}]:$${nginx-configuration:port};
listen [$${nginx-configuration:ip}]:$${nginx-configuration:port} ssl;
ssl_certificate $${nginx-configuration:ssl-crt};
# ssl on;
ssl_certificate_key $${nginx-configuration:ssl-key};
# ssl_certificate $${nginx-configuration:ssl_crt};
# ssl_certificate_key $${nginx-configuration:ssl_key};
fastcgi_temp_path $${directory:varnginx} 1 2;
fastcgi_temp_path $${directory:varnginx} 1 2;
uwsgi_temp_path $${directory:varnginx} 1 2;
uwsgi_temp_path $${directory:varnginx} 1 2;
...
@@ -74,31 +72,31 @@ server {
...
@@ -74,31 +72,31 @@ server {
return 204;
return 204;
}
}
location /renderjs
location /renderjs
{
{
alias ${renderjs-repository.git:location};
alias ${renderjs-repository.git:location};
autoindex on;
autoindex on;
disable_symlinks on;
disable_symlinks on;
}
}
location /jio
location /jio
{
{
alias ${jio-repository.git:location};
alias ${jio-repository.git:location};
autoindex on;
autoindex on;
disable_symlinks on;
disable_symlinks on;
}
}
location /rsvp
location /rsvp
{
{
alias ${rsvp-repository.git:location};
alias ${rsvp-repository.git:location};
autoindex on;
autoindex on;
disable_symlinks on;
disable_symlinks on;
}
}
location /uritemplate
location /uritemplate
{
{
alias ${uritemplate-repository.git:location};
alias ${uritemplate-repository.git:location};
autoindex on;
autoindex on;
disable_symlinks on;
disable_symlinks on;
}
}
location /
location /
{
{
root $${directory:www};
root $${directory:www};
# autoindex on;
# autoindex on;
disable_symlinks on;
disable_symlinks on;
...
...
software/jstestnode/test/test.py
View file @
4d5df6f1
...
@@ -52,14 +52,14 @@ class TestJSTestNode(InstanceTestCase):
...
@@ -52,14 +52,14 @@ class TestJSTestNode(InstanceTestCase):
self
.
assertEqual
(
self
.
assertEqual
(
{
{
'nginx'
:
'http://[%s]:9443/'
%
(
self
.
computer_partition_ipv6_address
,
)
'nginx'
:
'http
s
://[%s]:9443/'
%
(
self
.
computer_partition_ipv6_address
,
)
},
},
connection_dict
connection_dict
)
)
# jio tests
# jio tests
result
=
requests
.
get
(
result
=
requests
.
get
(
'%sjio/test/tests.html'
%
(
connection_dict
[
'nginx'
],
),
allow_redirects
=
False
)
'%sjio/test/tests.html'
%
(
connection_dict
[
'nginx'
],
),
verify
=
False
,
allow_redirects
=
False
)
self
.
assertEqual
(
self
.
assertEqual
(
[
requests
.
codes
.
ok
,
False
],
[
requests
.
codes
.
ok
,
False
],
[
result
.
status_code
,
result
.
is_redirect
]
[
result
.
status_code
,
result
.
is_redirect
]
...
@@ -67,7 +67,7 @@ class TestJSTestNode(InstanceTestCase):
...
@@ -67,7 +67,7 @@ class TestJSTestNode(InstanceTestCase):
# rjs tests
# rjs tests
result
=
requests
.
get
(
result
=
requests
.
get
(
'%srenderjs/test/'
%
(
connection_dict
[
'nginx'
],
),
allow_redirects
=
False
)
'%srenderjs/test/'
%
(
connection_dict
[
'nginx'
],
),
verify
=
False
,
allow_redirects
=
False
)
self
.
assertEqual
(
self
.
assertEqual
(
[
requests
.
codes
.
ok
,
False
],
[
requests
.
codes
.
ok
,
False
],
[
result
.
status_code
,
result
.
is_redirect
]
[
result
.
status_code
,
result
.
is_redirect
]
...
@@ -75,7 +75,7 @@ class TestJSTestNode(InstanceTestCase):
...
@@ -75,7 +75,7 @@ class TestJSTestNode(InstanceTestCase):
# rsvp tests
# rsvp tests
result
=
requests
.
get
(
result
=
requests
.
get
(
'%srsvp/test/index.html'
%
(
connection_dict
[
'nginx'
],
),
allow_redirects
=
False
)
'%srsvp/test/index.html'
%
(
connection_dict
[
'nginx'
],
),
verify
=
False
,
allow_redirects
=
False
)
self
.
assertEqual
(
self
.
assertEqual
(
[
requests
.
codes
.
ok
,
False
],
[
requests
.
codes
.
ok
,
False
],
[
result
.
status_code
,
result
.
is_redirect
]
[
result
.
status_code
,
result
.
is_redirect
]
...
@@ -83,7 +83,7 @@ class TestJSTestNode(InstanceTestCase):
...
@@ -83,7 +83,7 @@ class TestJSTestNode(InstanceTestCase):
# Default access
# Default access
result
=
requests
.
get
(
result
=
requests
.
get
(
'http
://[%s]:9443'
%
(
self
.
computer_partition_ipv6_address
,
)
,
allow_redirects
=
False
)
'http
s://[%s]:9443'
%
(
self
.
computer_partition_ipv6_address
,
),
verify
=
False
,
allow_redirects
=
False
)
self
.
assertEqual
(
self
.
assertEqual
(
[
requests
.
codes
.
forbidden
,
False
],
[
requests
.
codes
.
forbidden
,
False
],
[
result
.
status_code
,
result
.
is_redirect
]
[
result
.
status_code
,
result
.
is_redirect
]
...
...
software/osie-coupler/software.cfg
View file @
4d5df6f1
...
@@ -44,7 +44,7 @@ environment +=
...
@@ -44,7 +44,7 @@ environment +=
recipe = slapos.recipe.build:gitclone
recipe = slapos.recipe.build:gitclone
git-executable = ${git:location}/bin/git
git-executable = ${git:location}/bin/git
repository = https://lab.nexedi.com/nexedi/osie.git
repository = https://lab.nexedi.com/nexedi/osie.git
revision =
1e91e159d63d81462369c576e03935129aeb7ecb
revision =
a40573897e1ee9de7b3536daa58c6904384c10f9
[compile-coupler]
[compile-coupler]
recipe = slapos.recipe.cmmi
recipe = slapos.recipe.cmmi
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment