gitlab: Sync upstream configs from omnibus-gitlab 8.8.7+ce.1-0-g5116476

Like f6f97d72 - pristine copy from omnibus-gitlab 8.8.7+ce.1-0-g5116476

Changes are:

    - gitlab.yml.erb
      Add gitlab_default_projects_features_container_registry variable to be used by docker containers

    - nginx.conf.erb
      Docker related password storage
      https://gitlab.com/gitlab-org/omnibus-gitlab/issues/1218 (commit f74472d4)

    - rack_attack.rb.erb
      Disable Rack Attack throttling if admin disables it in config file

    - smtp_settings.rb.erb
      If authentication is not enabled for smtp, don't place it in the config.

The following files stay the same:

    - database.yml.erb
    - gitconfig.erb
    - gitlab-shell-config.yml.erb
    - nginx-gitlab-http.conf.erb
    - resque.yml.erb
    - unicorn.rb.erb

software/gitlab/template/gitlab.yml.erb

@@ -73,6 +73,7 @@ production: &base
       wiki: <%= @gitlab_default_projects_features_wiki %>
       snippets: <%= @gitlab_default_projects_features_snippets %>
       builds: <%= @gitlab_default_projects_features_builds %>
+      container_registry: <%= @gitlab_default_projects_features_container_registry %>
 
     ## Webhook settings
     # Number of seconds to wait for HTTP response after sending webhook HTTP POST request (default: 10)
@@ -124,6 +125,16 @@ production: &base
     # The location where LFS objects are stored (default: shared/lfs-objects).
     storage_path: <%= @lfs_storage_path %>
 
+  ## Container Registry
+  registry:
+    enabled: <%= @registry_enabled %>
+    host: <%= @registry_host %>
+    port: <%= @registry_port %>
+    api_url: <%= @registry_api_url %> # internal address to the registry, will be used by GitLab to directly communicate with API
+    path: <%= @registry_path %>
+    key: <%= @registry_key_path %>
+    issuer: <%= @registry_issuer %>
+
   ## GitLab Pages (EE only)
   pages:
     enabled: <%= @pages_enabled %>

software/gitlab/template/nginx.conf.erb

@@ -51,5 +51,9 @@ http {
   include <%= @gitlab_mattermost_http_config %>;
   <% end %>
 
+  <% if @gitlab_registry_http_config %>
+  include <%= @gitlab_registry_http_config %>;
+  <% end %>
+
   <%= @custom_nginx_config %>
 }

software/gitlab/template/rack_attack.rb.erb

@@ -20,8 +20,9 @@ paths_to_be_protected = [
 # Create one big regular expression that matches strings starting with any of
 # the paths_to_be_protected.
 paths_regex = Regexp.union(paths_to_be_protected.map { |path| /\A#{Regexp.escape(path)}/ })
+rack_attack_enabled = Gitlab.config.rack_attack.git_basic_auth['enabled']
 
-unless Rails.env.test?
+unless Rails.env.test? || !rack_attack_enabled
   Rack::Attack.throttle('protected paths', limit: <%= @rate_limit_requests_per_period %>, period: <%= @rate_limit_period %>.seconds) do |req|
     if req.post? && req.path =~ paths_regex
       req.ip

software/gitlab/template/smtp_settings.rb.erb

@@ -2,16 +2,15 @@
 # erased! To change the contents below, edit /etc/gitlab/gitlab.rb
 # and run `sudo gitlab-ctl reconfigure`.
 
-<% rails_app = @app == 'gitlab' ? 'Gitlab' : 'GitlabCi' %>
-<% container = @app == 'gitlab' ? 'gitlab-rails' : 'gitlab-ci' %>
-
 if Rails.env.production?
-  <%= rails_app %>::Application.config.action_mailer.delivery_method = :smtp
+  Gitlab::Application.config.action_mailer.delivery_method = :smtp
 
   ActionMailer::Base.smtp_settings = {
+    <% unless @smtp_authentication.nil? %>
     authentication: <%= @smtp_authentication.to_s.to_sym.inspect %>,
+    <% end %>
 <% %w{ address port user_name password domain enable_starttls_auto tls ssl openssl_verify_mode ca_path ca_file }.each do |key| %>
-  <% value = node['gitlab'][container]["smtp_#{key}"] %>
+  <% value = node['gitlab']['gitlab-rails']["smtp_#{key}"] %>
     <%= "#{key}: #{value.inspect}," unless value.nil? %>
 <% end %>
   }