/files/gitlab-cookbooks/gitlab/recipes/gitlab-shell.rb

https://gitlab.com/ruvasik/omnibus-gitlab · Ruby · 121 lines · 86 code · 10 blank · 25 comment · 2 complexity · b64efb1f5eb84207521f8dd0bfec0756 MD5 · raw file 

    

  1. #
    2. 

  2. ## Copyright:: Copyright (c) 2014 GitLab.com
    3. 

  3. ## License:: Apache License, Version 2.0
    4. 

  4. ##
    5. 

  5. ## Licensed under the Apache License, Version 2.0 (the "License");
    6. 

  6. ## you may not use this file except in compliance with the License.
    7. 

  7. ## You may obtain a copy of the License at
    8. 

  8. ##
    9. 

  9. ## http://www.apache.org/licenses/LICENSE-2.0
    10. 

  10. ##
    11. 

  11. ## Unless required by applicable law or agreed to in writing, software
    12. 

  12. ## distributed under the License is distributed on an "AS IS" BASIS,
    13. 

  13. ## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    14. 

  14. ## See the License for the specific language governing permissions and
    15. 

  15. ## limitations under the License.
    16. 

  16. ##
    17. 

  17. #
    18. 

  18. account_helper = AccountHelper.new(node)
    19. 

  19. 

  20. git_user = account_helper.gitlab_user
    21. 

  21. git_group = account_helper.gitlab_group
    22. 

  22. gitlab_shell_dir = "/opt/gitlab/embedded/service/gitlab-shell"
    23. 

  23. gitlab_shell_var_dir = "/var/opt/gitlab/gitlab-shell"
    24. 

  24. git_data_directories = node['gitlab']['gitlab-shell']['git_data_directories']
    25. 

  25. repositories_storages = node['gitlab']['gitlab-rails']['repositories_storages']
    26. 

  26. ssh_dir = File.join(node['gitlab']['user']['home'], ".ssh")
    27. 

  27. authorized_keys = File.join(ssh_dir, "authorized_keys")
    28. 

  28. log_directory = node['gitlab']['gitlab-shell']['log_directory']
    29. 

  29. hooks_directory = node['gitlab']['gitlab-rails']['gitlab_shell_hooks_path']
    30. 

  30. 

  31. if node['gitlab']['manage-storage-directories']['enable']
    32. 

  32.   git_data_directories.each do |_name, git_data_directory|
    33. 

  33.     directory git_data_directory do
    34. 

  34.       owner git_user
    35. 

  35.       mode "0700"
    36. 

  36.       recursive true
    37. 

  37.     end
    38. 

  38.   end
    39. 

  39.   repositories_storages.each do |_name, repositories_storage|
    40. 

  40.     directory repositories_storage do
    41. 

  41.       owner git_user
    42. 

  42.       mode "2770"
    43. 

  43.       recursive true
    44. 

  44.     end
    45. 

  45.   end
    46. 

  46. end
    47. 

  47. 

  48. directory ssh_dir do
    49. 

  49.   owner git_user
    50. 

  50.   group git_group
    51. 

  51.   mode "0700"
    52. 

  52.   recursive true
    53. 

  53. end
    54. 

  54. 

  55. # All repositories under GitLab share one hooks directory under
    56. 

  56. # /opt/gitlab. Git-Annex wants write access to this hook directory, but
    57. 

  57. # this directory is owned by root in the package.
    58. 

  58. directory hooks_directory do
    59. 

  59.   owner git_user
    60. 

  60.   group git_group
    61. 

  61.   mode "0755"
    62. 

  62. end
    63. 

  63. 

  64. # If SELinux is enabled, make sure that OpenSSH thinks the .ssh directory of the
    65. 

  65. # git_user is valid.
    66. 

  66. execute "chcon --recursive --type ssh_home_t #{ssh_dir}" do
    67. 

  67.   only_if "id -Z"
    68. 

  68. end
    69. 

  69. 

  70. [
    71. 

  71.   log_directory,
    72. 

  72.   gitlab_shell_var_dir
    73. 

  73. ].each do |dir|
    74. 

  74.   directory dir do
    75. 

  75.     owner git_user
    76. 

  76.     mode "0700"
    77. 

  77.     recursive true
    78. 

  78.   end
    79. 

  79. end
    80. 

  80. 

  81. # If no internal_api_url is specified, default to the IP/port Unicorn listens on
    82. 

  82. api_url = node['gitlab']['gitlab-rails']['internal_api_url']
    83. 

  83. api_url ||= "http://#{node['gitlab']['unicorn']['listen']}:#{node['gitlab']['unicorn']['port']}#{node['gitlab']['unicorn']['relative_url']}"
    84. 

  84. 

  85. redis_port = node['gitlab']['gitlab-rails']['redis_port']
    86. 

  86. if redis_port
    87. 

  87.   # Leave out redis socket setting because in gitlab-shell, setting a Redis socket
    88. 

  88.   # overrides TCP connection settings.
    89. 

  89.   redis_socket = nil
    90. 

  90. else
    91. 

  91.   redis_socket = node['gitlab']['gitlab-rails']['redis_socket']
    92. 

  92. end
    93. 

  93. 

  94. template_symlink File.join(gitlab_shell_var_dir, "config.yml") do
    95. 

  95.   link_from File.join(gitlab_shell_dir, "config.yml")
    96. 

  96.   source "gitlab-shell-config.yml.erb"
    97. 

  97.   variables(
    98. 

  98.     :user => git_user,
    99. 

  99.     :api_url => api_url,
    100. 

  100.     :authorized_keys => authorized_keys,
    101. 

  101.     :redis_host => node['gitlab']['gitlab-rails']['redis_host'],
    102. 

  102.     :redis_port => redis_port,
    103. 

  103.     :redis_socket => redis_socket,
    104. 

  104.     :redis_password => node['gitlab']['gitlab-rails']['redis_password'],
    105. 

  105.     :redis_database => node['gitlab']['gitlab-rails']['redis_database'],
    106. 

  106.     :log_file => File.join(log_directory, "gitlab-shell.log"),
    107. 

  107.     :log_level => node['gitlab']['gitlab-shell']['log_level'],
    108. 

  108.     :audit_usernames => node['gitlab']['gitlab-shell']['audit_usernames'],
    109. 

  109.     :http_settings => node['gitlab']['gitlab-shell']['http_settings'],
    110. 

  110.     :git_annex_enabled => node['gitlab']['gitlab-shell']['git_annex_enabled']
    111. 

  111.   )
    112. 

  112. end
    113. 

  113. 

  114. template_symlink File.join(gitlab_shell_var_dir, "gitlab_shell_secret") do
    115. 

  115.   link_from File.join(gitlab_shell_dir, ".gitlab_shell_secret")
    116. 

  116.   source "secret_token.erb"
    117. 

  117.   owner "root"
    118. 

  118.   group "root"
    119. 

  119.   mode "0644"
    120. 

  120.   variables(node['gitlab']['gitlab-shell'].to_hash)
    121. 

  121. end
    122.