gitlab-rails.rb | searchcode

/files/gitlab-cookbooks/gitlab/recipes/gitlab-rails.rb

https://gitlab.com/jmcgeheeiv/omnibus-gitlab
Ruby | 378 lines | 292 code | 46 blank | 40 comment | 7 complexity | 8f01daa907ae4fe346101cedc194cfa1 MD5 | raw file

#
# Copyright:: Copyright (c) 2012 Opscode, Inc.
# Copyright:: Copyright (c) 2014 GitLab.com
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
account_helper = AccountHelper.new(node)

gitlab_rails_source_dir = "/opt/gitlab/embedded/service/gitlab-rails"
gitlab_shell_source_dir = "/opt/gitlab/embedded/service/gitlab-shell"
gitlab_rails_dir = node['gitlab']['gitlab-rails']['dir']
gitlab_rails_etc_dir = File.join(gitlab_rails_dir, "etc")
gitlab_rails_static_etc_dir = "/opt/gitlab/etc/gitlab-rails"
gitlab_rails_working_dir = File.join(gitlab_rails_dir, "working")
gitlab_rails_tmp_dir = File.join(gitlab_rails_dir, "tmp")
gitlab_rails_public_uploads_dir = node['gitlab']['gitlab-rails']['uploads_directory']
gitlab_rails_log_dir = node['gitlab']['gitlab-rails']['log_directory']
gitlab_ci_dir = node['gitlab']['gitlab-ci']['dir']
gitlab_ci_builds_dir = node['gitlab']['gitlab-ci']['builds_directory']
upgrade_status_dir = File.join(gitlab_rails_dir, "upgrade-status")

ssh_dir = File.join(node['gitlab']['user']['home'], ".ssh")
known_hosts = File.join(ssh_dir, "known_hosts")
gitlab_app = "gitlab"

gitlab_user = account_helper.gitlab_user
gitlab_group = account_helper.gitlab_group

# Explicitly try to create directory holding the logs to make sure
# that the directory is created with correct permissions and not fallback
# on umask of the process
directory File.dirname(gitlab_rails_log_dir) do
  owner gitlab_user
  mode '0755'
  recursive true
end

if node['gitlab']['manage-storage-directories']['enable']
  # We create shared_path with 751 allowing other users to enter into the directories
  # It's needed, because by default the shared_path is used to store pages which are served by gitlab-www:gitlab-www
  directory node['gitlab']['gitlab-rails']['shared_path'] do
    owner gitlab_user
    group account_helper.web_server_group
    mode '0751'
    recursive true
  end

  [
    node['gitlab']['gitlab-rails']['artifacts_path'],
    node['gitlab']['gitlab-rails']['lfs_storage_path'],
    gitlab_rails_public_uploads_dir,
    gitlab_ci_builds_dir
  ].compact.each do |dir_name|
    directory dir_name do
      owner gitlab_user
      mode '0700'
      recursive true
    end
  end

  directory node['gitlab']['gitlab-rails']['pages_path'] do
    owner gitlab_user
    group account_helper.web_server_group
    mode '0750'
    recursive true
  end
end

[
  gitlab_rails_etc_dir,
  gitlab_rails_static_etc_dir,
  gitlab_rails_working_dir,
  gitlab_rails_tmp_dir,
  node['gitlab']['gitlab-rails']['gitlab_repository_downloads_path'],
  upgrade_status_dir,
  gitlab_rails_log_dir
].compact.each do |dir_name|
  directory dir_name do
    owner gitlab_user
    mode '0700'
    recursive true
  end
end

directory node['gitlab']['gitlab-rails']['backup_path'] do
  owner gitlab_user
  mode '0700'
  recursive true
  only_if { node['gitlab']['gitlab-rails']['manage_backup_path'] }
end

directory gitlab_rails_dir do
  owner gitlab_user
  mode '0755'
  recursive true
end

directory gitlab_ci_dir do
  owner gitlab_user
  mode '0755'
  recursive true
end

template File.join(gitlab_rails_static_etc_dir, "gitlab-rails-rc")

dependent_services = []
dependent_services << "service[unicorn]" if OmnibusHelper.should_notify?("unicorn")
dependent_services << "service[sidekiq]" if OmnibusHelper.should_notify?("sidekiq")
dependent_services << "service[mailroom]" if node['gitlab']['mailroom']['enable']

redis_not_listening = OmnibusHelper.not_listening?("redis")
postgresql_not_listening = OmnibusHelper.not_listening?("postgresql")

template_symlink File.join(gitlab_rails_etc_dir, "secret") do
  link_from File.join(gitlab_rails_source_dir, ".secret")
  source "secret_token.erb"
  owner "root"
  group "root"
  mode "0644"
  variables(node['gitlab']['gitlab-rails'].to_hash)
  restarts dependent_services
end

template_symlink File.join(gitlab_rails_etc_dir, "database.yml") do
  link_from File.join(gitlab_rails_source_dir, "config/database.yml")
  source "database.yml.erb"
  owner "root"
  group "root"
  mode "0644"
  variables node['gitlab']['gitlab-rails'].to_hash
  helpers SingleQuoteHelper
  restarts dependent_services
end

if node['gitlab']['gitlab-rails']['redis_port']
  redis_auth = ":#{node['gitlab']['gitlab-rails']['redis_password']}@" if node['gitlab']['gitlab-rails']['redis_password']
  redis_url = "redis://#{redis_auth}#{node['gitlab']['gitlab-rails']['redis_host']}:#{node['gitlab']['gitlab-rails']['redis_port']}"
else
  redis_url = "unix:#{node['gitlab']['gitlab-rails']['redis_socket']}"
end

gitlab_rails = if node['gitlab']['gitlab-ci']['db_key_base']
                 node['gitlab']['gitlab-rails'].to_hash.merge!({ db_key_base: node['gitlab']['gitlab-ci']['db_key_base'] })
               else
                 node['gitlab']['gitlab-rails']
               end

template_symlink File.join(gitlab_rails_etc_dir, "secrets.yml") do
  link_from File.join(gitlab_rails_source_dir, "config/secrets.yml")
  source "secrets.yml.erb"
  owner "root"
  group "root"
  mode "0644"
  variables(gitlab_rails.to_hash)
  helpers SingleQuoteHelper
  restarts dependent_services
end

template_symlink File.join(gitlab_rails_etc_dir, "resque.yml") do
  link_from File.join(gitlab_rails_source_dir, "config/resque.yml")
  source "resque.yml.erb"
  owner "root"
  group "root"
  mode "0644"
  variables(:redis_url => redis_url)
  restarts dependent_services
end

template_symlink File.join(gitlab_rails_etc_dir, "aws.yml") do
  link_from File.join(gitlab_rails_source_dir, "config/aws.yml")
  owner "root"
  group "root"
  mode "0644"
  variables(node['gitlab']['gitlab-rails'].to_hash)
  restarts dependent_services

  unless node['gitlab']['gitlab-rails']['aws_enable']
    action :delete
  end
end

template_symlink File.join(gitlab_rails_etc_dir, "smtp_settings.rb") do
  link_from File.join(gitlab_rails_source_dir, "config/initializers/smtp_settings.rb")
  owner "root"
  group "root"
  mode "0644"
  variables(
    node['gitlab']['gitlab-rails'].to_hash.merge(
      :app => gitlab_app
    )
  )
  restarts dependent_services

  unless node['gitlab']['gitlab-rails']['smtp_enable']
    action :delete
  end
end

template_symlink File.join(gitlab_rails_etc_dir, "relative_url.rb") do
  link_from File.join(gitlab_rails_source_dir, "config/initializers/relative_url.rb")
  owner "root"
  group "root"
  mode "0644"
  variables(node['gitlab']['gitlab-rails'].to_hash)
  notifies :run, 'bash[generate assets]'
  restarts dependent_services

  unless node['gitlab']['gitlab-rails']['gitlab_relative_url']
    action :delete
  end
end

template_symlink File.join(gitlab_rails_etc_dir, "gitlab.yml") do
  link_from File.join(gitlab_rails_source_dir, "config/gitlab.yml")
  source "gitlab.yml.erb"
  helpers SingleQuoteHelper
  owner "root"
  group "root"
  mode "0644"
  variables(
    node['gitlab']['gitlab-rails'].to_hash.merge(
      gitlab_ci_all_broken_builds: node['gitlab']['gitlab-ci']['gitlab_ci_all_broken_builds'],
      gitlab_ci_add_pusher: node['gitlab']['gitlab-ci']['gitlab_ci_add_pusher'],
      builds_directory: gitlab_ci_builds_dir,
      git_annex_enabled: node['gitlab']['gitlab-shell']['git_annex_enabled'],
      pages_external_http: node['gitlab']['gitlab-pages']['external_http'],
      pages_external_https: node['gitlab']['gitlab-pages']['external_https']
    )
  )
  restarts dependent_services
  notifies :run, 'execute[clear the gitlab-rails cache]' unless redis_not_listening
end

template_symlink File.join(gitlab_rails_etc_dir, "rack_attack.rb") do
  link_from File.join(gitlab_rails_source_dir, "config/initializers/rack_attack.rb")
  source "rack_attack.rb.erb"
  owner "root"
  group "root"
  mode "0644"
  variables(node['gitlab']['gitlab-rails'].to_hash)
  restarts dependent_services
end

link File.join(gitlab_rails_source_dir, ".gitlab_shell_secret") do
  to File.join(gitlab_shell_source_dir, ".gitlab_shell_secret")
end

env_dir File.join(gitlab_rails_static_etc_dir, 'env') do
  variables(
    {
      'HOME' => node['gitlab']['user']['home'],
      'RAILS_ENV' => node['gitlab']['gitlab-rails']['environment'],
    }.merge(node['gitlab']['gitlab-rails']['env'])
  )
  restarts dependent_services
end

# replace empty directories in the Git repo with symlinks to /var/opt/gitlab
{
  "/opt/gitlab/embedded/service/gitlab-rails/tmp" => gitlab_rails_tmp_dir,
  "/opt/gitlab/embedded/service/gitlab-rails/public/uploads" => gitlab_rails_public_uploads_dir,
  "/opt/gitlab/embedded/service/gitlab-rails/log" => gitlab_rails_log_dir
}.each do |link_dir, target_dir|
  link link_dir do
    to target_dir
  end
end

legacy_sidekiq_log_file = File.join(gitlab_rails_log_dir, 'sidekiq.log')
link legacy_sidekiq_log_file do
  to File.join(node['gitlab']['sidekiq']['log_directory'], 'current')
  not_if { File.exists?(legacy_sidekiq_log_file) }
end

# Make schema.rb writable for when we run `rake db:migrate`
file "/opt/gitlab/embedded/service/gitlab-rails/db/schema.rb" do
  owner gitlab_user
end

# Link the VERSION file just for easier administration
remote_file File.join(gitlab_rails_dir, 'VERSION') do
  source "file:///opt/gitlab/embedded/service/gitlab-rails/VERSION"
end

# Only run `rake db:migrate` when the gitlab-rails version has changed
# Or migration failed for some reason
remote_file File.join(gitlab_rails_dir, 'REVISION') do
  source "file:///opt/gitlab/embedded/service/gitlab-rails/REVISION"
  notifies :run, 'bash[generate assets]' if node['gitlab']['gitlab-rails']['gitlab_relative_url']
end

# If a version of ruby changes restart unicorn. If not, unicorn will fail to
# reload until restarted
file File.join(gitlab_rails_dir, "RUBY_VERSION") do
  content VersionHelper.version("/opt/gitlab/embedded/bin/ruby --version")
  notifies :restart, "service[unicorn]"
end

# We shipped packages with 'chown -R git' below for quite some time. That chown
# was an unnecessary leftover from the manual installation guide; it is better
# to just leave these files owned by root. If we just remove the 'chown git',
# existing installations will keep 'git' as the owner, so we now explicitly
# change the owner to root:root. Once we feel confident that enough versions
# have been shipped we can maybe get rid of this 'chown' at some point.
execute "chown -R root:root /opt/gitlab/embedded/service/gitlab-rails/public"

execute "clear the gitlab-rails cache" do
  command "/opt/gitlab/bin/gitlab-rake cache:clear"
  action :nothing
end

bash "generate assets" do
  code <<-EOS
    set -e
    /opt/gitlab/bin/gitlab-rake assets:clean assets:precompile
    chown -R #{gitlab_user}:#{gitlab_group} #{gitlab_rails_tmp_dir}/cache
  EOS
  # We have to precompile assets as root because of permissions and ownership of files
  environment ({ 'NO_PRIVILEGE_DROP' => 'true', 'USE_DB' => 'false' })
  dependent_services.each do |sv|
    notifies :restart, sv
  end
  action :nothing
end

bitbucket_keys = node['gitlab']['gitlab-rails']['bitbucket']

unless bitbucket_keys.nil?
  execute 'trust bitbucket.org fingerprint' do
    command "echo '#{bitbucket_keys['known_hosts_key']}' >> #{known_hosts}"
    user gitlab_user
    group gitlab_group
    not_if "grep '#{bitbucket_keys['known_hosts_key']}' #{known_hosts}"
  end

  file File.join(ssh_dir, 'bitbucket_rsa') do
    content "#{bitbucket_keys['private_key']}\n"
    owner gitlab_user
    group gitlab_group
    mode 0600
  end

  ssh_config_file = File.join(ssh_dir, 'config')
  bitbucket_host_config = "Host bitbucket.org\n  IdentityFile ~/.ssh/bitbucket_rsa\n  User #{node['gitlab']['user']['username']}"

  execute 'manage config for bitbucket import key' do
    command "echo '#{bitbucket_host_config}' >> #{ssh_config_file}"
    user gitlab_user
    group gitlab_group
    not_if "grep 'IdentityFile ~/.ssh/bitbucket_rsa' #{ssh_config_file}"
  end

  file File.join(ssh_dir, 'bitbucket_rsa.pub') do
    content "#{bitbucket_keys['public_key']}\n"
    owner gitlab_user
    group gitlab_group
    mode 0644
  end
end

#
# Up to release 8.6 default config.ru was replaced with omnibus-based one.
# After 8.6 this is not necessery. We can remove this file.
#
file File.join(gitlab_rails_dir, 'config.ru') do
  action :delete
end