Commit 52fdc09d authored by Kirill Smelkov's avatar Kirill Smelkov

gitlab: Upagrade to 8.4 + Unicorn startup fix

This brings slapos gitlab port up to date with current stable gitlab
version 8.4, and teaches Unicorn startup script to wait a bit for
PostgreSQL to start and be ready, before unicorn startup proceeds.

/cc @kazuhiko
/somewhat-reviewed-by @jerome
/reviewed-on !44
parents 225ed6b6 62a39e1a
...@@ -6,7 +6,7 @@ ...@@ -6,7 +6,7 @@
# #
# TODO better autogenerate from ^^^ (?) # TODO better autogenerate from ^^^ (?)
# #
# (last updated for omnibus-gitlab 8.2.3+ce.0-0-g8eda093) # (last updated for omnibus-gitlab 8.4.2+ce.0-3-g68d5ee8)
[gitlab-parameters] [gitlab-parameters]
configuration.external_url = http://lab.example.com configuration.external_url = http://lab.example.com
...@@ -45,8 +45,6 @@ configuration.default_projects_features.issues = true ...@@ -45,8 +45,6 @@ configuration.default_projects_features.issues = true
configuration.default_projects_features.merge_requests = true configuration.default_projects_features.merge_requests = true
configuration.default_projects_features.wiki = true configuration.default_projects_features.wiki = true
configuration.default_projects_features.snippets = true configuration.default_projects_features.snippets = true
# NOTE can be public|private|internal
configuration.default_projects_features.visibility_level= public
#configuration.default_projects_features.builds = false #configuration.default_projects_features.builds = false
configuration.webhook_timeout = 10 configuration.webhook_timeout = 10
...@@ -72,12 +70,12 @@ configuration.unicorn_worker_processes = 2 ...@@ -72,12 +70,12 @@ configuration.unicorn_worker_processes = 2
# unicorn advanced # unicorn advanced
configuration.unicorn_backlog_socket = 1024 configuration.unicorn_backlog_socket = 1024
configuration.unicorn_worker_memory_limit_min = 200*(1024**2) configuration.unicorn_worker_memory_limit_min = 300*(1024**2)
configuration.unicorn_worker_memory_limit_max = 250*(1024**2) configuration.unicorn_worker_memory_limit_max = 350*(1024**2)
# nginx # nginx
configuration.nginx_client_max_body_size = 250m configuration.nginx_client_max_body_size = 0
# NOTE: we don't really need old ciphers - usually we talk directly to frontend only # NOTE: we don't really need old ciphers - usually we talk directly to frontend only
configuration.nginx_ssl_ciphers = ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4 configuration.nginx_ssl_ciphers = ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
......
...@@ -15,11 +15,21 @@ die() { ...@@ -15,11 +15,21 @@ die() {
# https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/recipes/postgresql.rb # https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/recipes/postgresql.rb
# initial db setup # initial db setup
pgtables="$({{ psql_bin }} \ # ( first quering PG several times waiting a bit till postgresql is started and ready )
tpgwait=5
while true; do
pgtables="$({{ psql_bin }} \
-h {{ pgsql['pgdata-directory'] }} \ -h {{ pgsql['pgdata-directory'] }} \
-U {{ pgsql.superuser }} \ -U {{ pgsql.superuser }} \
-d {{ pgsql.dbname }} \ -d {{ pgsql.dbname }} \
-c '\d')" || die "pg query problem" -c '\d')" && break
tpgwait=$(( $tpgwait - 1 ))
test $tpgwait = 0 && die "pg query problem"
echo "I: PostgreSQL is not ready (yet ?); will retry $tpgwait times..." 1>&2
sleep 1
done
echo "I: PostgreSQL ready." 1>&2
if echo "$pgtables" | grep -q '^No relations found' ; then if echo "$pgtables" | grep -q '^No relations found' ; then
$RAKE db:schema:load db:seed_fu || die "initial db setup failed" $RAKE db:schema:load db:seed_fu || die "initial db setup failed"
......
...@@ -118,6 +118,10 @@ var = ${directory:var}/gitlab ...@@ -118,6 +118,10 @@ var = ${directory:var}/gitlab
tmp = ${:var}/tmp tmp = ${:var}/tmp
uploads = ${:var}/uploads uploads = ${:var}/uploads
assets = ${:var}/assets assets = ${:var}/assets
shared = ${:var}/shared
artifacts = ${:shared}/artifacts
lfs-objects = ${:shared}/lfs-objects
builds = ${:var}/builds
backup = ${directory:var}/backup backup = ${directory:var}/backup
[gitlab-repo-dir] [gitlab-repo-dir]
...@@ -139,6 +143,10 @@ var = ${gitlab-dir:var} ...@@ -139,6 +143,10 @@ var = ${gitlab-dir:var}
tmp = ${gitlab-dir:tmp} tmp = ${gitlab-dir:tmp}
uploads = ${gitlab-dir:uploads} uploads = ${gitlab-dir:uploads}
assets = ${gitlab-dir:assets} assets = ${gitlab-dir:assets}
shared = ${gitlab-dir:shared}
artifacts = ${gitlab-dir:artifacts}
lfs-objects = ${gitlab-dir:lfs-objects}
builds = ${gitlab-dir:builds}
backup = ${gitlab-dir:backup} backup = ${gitlab-dir:backup}
repositories = ${gitlab-repo-xdir:repositories} repositories = ${gitlab-repo-xdir:repositories}
...@@ -241,7 +249,6 @@ context-extra = ...@@ -241,7 +249,6 @@ context-extra =
section nginx nginx section nginx nginx
section gitlab_work gitlab-work section gitlab_work gitlab-work
section gitlab_workhorse gitlab-workhorse section gitlab_workhorse gitlab-workhorse
section unicorn unicorn
[rack_attack.rb] [rack_attack.rb]
<= gitlab-etc-template <= gitlab-etc-template
...@@ -358,14 +365,16 @@ update-command = ...@@ -358,14 +365,16 @@ update-command =
<= work-base <= work-base
software = {{ gitlab_repository_location }} software = {{ gitlab_repository_location }}
tune-command = tune-command =
# secret* config.ru tmp/ log/ # secret* config.ru tmp/ log/ shared/ builds/
rm -f .secret && rm -f .secret &&
rm -f config.ru && rm -f config.ru &&
rm -rf log tmp && rm -rf log tmp shared builds &&
ln -sf ${secrets:secrets}/gitlab_rails_secret .secret && ln -sf ${secrets:secrets}/gitlab_rails_secret .secret &&
ln -sf ${config.ru:rendered} config.ru && ln -sf ${config.ru:rendered} config.ru &&
ln -sf ${gitlab:log} log && ln -sf ${gitlab:log} log &&
ln -sf ${gitlab:tmp} tmp && ln -sf ${gitlab:tmp} tmp &&
ln -sf ${gitlab:shared} shared &&
ln -sf ${gitlab:builds} builds &&
# config/ # config/
cd config && cd config &&
ln -sf ${unicorn.rb:rendered} unicorn.rb && ln -sf ${unicorn.rb:rendered} unicorn.rb &&
...@@ -515,6 +524,7 @@ command-line = {{ gitlab_workhorse }} ...@@ -515,6 +524,7 @@ command-line = {{ gitlab_workhorse }}
-listenNetwork unix -listenNetwork unix
-listenAddr ${gitlab-workhorse:socket} -listenAddr ${gitlab-workhorse:socket}
-authSocket ${unicorn:socket} -authSocket ${unicorn:socket}
-documentRoot ${gitlab-work:location}/public
# NOTE for profiling # NOTE for profiling
# -pprofListenAddr ... # -pprofListenAddr ...
...@@ -532,10 +542,7 @@ depend = ...@@ -532,10 +542,7 @@ depend =
[promise-gitlab-workhorse] [promise-gitlab-workhorse]
<= promise-byurl <= promise-byurl
# gitlab-workhorse works on repositories. Here we only check it accepts an url = --unix-socket ${gitlab-workhorse:socket} http:/static.css
# serves requests, so request is non-existent URL and expected code is 403
url = --unix-socket ${gitlab-workhorse:socket} http:/non-existent
http_code = 403
# gitlab-workhorse logs to stdout/stderr - logs are handled by slapos not us # gitlab-workhorse logs to stdout/stderr - logs are handled by slapos not us
...@@ -625,7 +632,7 @@ log = ${sidekiq-dir:log} ...@@ -625,7 +632,7 @@ log = ${sidekiq-dir:log}
# NOTE see queue list here: # NOTE see queue list here:
# https://gitlab.com/gitlab-org/gitlab-ce/blob/master/Procfile # https://gitlab.com/gitlab-org/gitlab-ce/blob/master/Procfile
# https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/sv-sidekiq-run.erb # https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/sv-sidekiq-run.erb
# (last updated for ominbus-gitlab 8.2.3+ce.0-0-g8eda093) # (last updated for omnibus-gitlab 8.4.2+ce.0-3-g68d5ee8)
[service-sidekiq] [service-sidekiq]
recipe = slapos.cookbook:wrapper recipe = slapos.cookbook:wrapper
wrapper-path = ${directory:service}/sidekiq wrapper-path = ${directory:service}/sidekiq
...@@ -638,6 +645,7 @@ command-line = ...@@ -638,6 +645,7 @@ command-line =
${gitlab-sidekiq:wrapper-path} ${gitlab-sidekiq:wrapper-path}
# XXX -q runner ? (present in gitlab-ce/Procfile but not in omnibus) # XXX -q runner ? (present in gitlab-ce/Procfile but not in omnibus)
# XXX -q pages -q elasticsearch ? (present in omnibus but not in gitlab-ce -- those features are gitlab-ee only)
# XXX -P ? (pidfile) # XXX -P ? (pidfile)
-e production -e production
-r ${gitlab-work:location} -r ${gitlab-work:location}
...@@ -729,6 +737,8 @@ depend = ...@@ -729,6 +737,8 @@ depend =
[promise-nginx] [promise-nginx]
<= promise-byurl <= promise-byurl
# XXX this depends on gitlab-workhorse being up
# (nginx is configured to proxy all requests to gitlab-workhorse)
url = ${backend-info:url}/static.css url = ${backend-info:url}/static.css
[logrotate-entry-nginx] [logrotate-entry-nginx]
......
...@@ -109,25 +109,25 @@ git-executable = ${git:location}/bin/git ...@@ -109,25 +109,25 @@ git-executable = ${git:location}/bin/git
<= git-repository <= git-repository
#repository = https://gitlab.com/gitlab-org/gitlab-ce.git #repository = https://gitlab.com/gitlab-org/gitlab-ce.git
repository = https://lab.nexedi.com/kirr/gitlab-ce.git repository = https://lab.nexedi.com/kirr/gitlab-ce.git
# 8.2.X + NXD patches: # 8.4.X + NXD patches:
revision = v8.2.3-9-g79c127e6e068a619c53a8c22f1db8c1e28ec87d2 revision = v8.4.4-17-ga5965b5475ebb7ee4bc0d30995590fa82baaf875
location = ${buildout:parts-directory}/gitlab location = ${buildout:parts-directory}/gitlab
[gitlab-shell-repository] [gitlab-shell-repository]
<= git-repository <= git-repository
repository = https://gitlab.com/gitlab-org/gitlab-shell.git repository = https://gitlab.com/gitlab-org/gitlab-shell.git
# gitlab 8.2 wants gitlab-shell 2.6.8 # gitlab 8.4 wants gitlab-shell 2.6.10
# 2.6.8 + NXD patches # 2.6.10
revision = v2.6.8-2-g216d7e15fe06917198891a895f762ba84fdcc4d4 revision = v2.6.10-0-g82b3a4e8f70692ec679d880628fdb0f5844d42b9
location = ${buildout:parts-directory}/gitlab-shell location = ${buildout:parts-directory}/gitlab-shell
[gitlab-workhorse-repository] [gitlab-workhorse-repository]
<= git-repository <= git-repository
#repository = https://gitlab.com/gitlab-org/gitlab-workhorse.git #repository = https://gitlab.com/gitlab-org/gitlab-workhorse.git
repository = https://lab.nexedi.com/kirr/gitlab-workhorse.git repository = https://lab.nexedi.com/kirr/gitlab-workhorse.git
# 0.4.X + NXD patches for blob download speedup # 0.6.X + NXD patches for blob download speedup
# (https://gitlab.com/gitlab-org/gitlab-workhorse/merge_requests/17) # (https://gitlab.com/gitlab-org/gitlab-workhorse/merge_requests/17)
revision = 0.4.1-23-g2beb8c9539433f072e3db540f91f75894ca6b1b0 revision = 0.6.1-2-ga23a5e18486b0de6e3435711dc555c8bfe08fde2
location = ${buildout:parts-directory}/gitlab-workhorse location = ${buildout:parts-directory}/gitlab-workhorse
...@@ -219,35 +219,35 @@ url = ${:_profile_base_location_}/template/${:_buildout_section_name_} ...@@ -219,35 +219,35 @@ url = ${:_profile_base_location_}/template/${:_buildout_section_name_}
[config.ru.in] [config.ru.in]
<= download-template <= download-template
md5sum = bb12852c28079f40a0751f7f3559e2a6 md5sum = 3ed3c439ac1b93f75121dabcea126078
[database.yml.in] [database.yml.in]
<= download-template <= download-template
md5sum = ee656cfd96e1c82df167f68bb5773291 md5sum = b33f4f2f49a5a3e3e6542357c555a3a3
[gitconfig.in] [gitconfig.in]
<= download-template <= download-template
md5sum = f4cb11e8bca379e016b062d0db859b74 md5sum = 75f620ea0751fc8d2dc717cf929d29f3
[gitlab-parameters.cfg] [gitlab-parameters.cfg]
<= download-file <= download-file
md5sum = bc98ec10209bc53f6a49888b1a2b9382 md5sum = 2cfd3bbf9da10627044ca3a9a149fdbb
[gitlab-shell-config.yml.in] [gitlab-shell-config.yml.in]
<= download-template <= download-template
md5sum = ea351e16b47f0008f61211eb2d7685e2 md5sum = f061d529b71241d58affbf7aec5c8af1
[gitlab-unicorn-startup.in] [gitlab-unicorn-startup.in]
<= download-file <= download-file
md5sum = 2716afaa9445c0c429c6b211356ebe8f md5sum = 14c5632182d830c03f7788c85d6f4da1
[gitlab.yml.in] [gitlab.yml.in]
<= download-template <= download-template
md5sum = cc32f5053dd2a2461aa5952a5b925310 md5sum = cd7aaeeb1917fdedb7656943065c0a9c
[instance-gitlab.cfg.in] [instance-gitlab.cfg.in]
<= download-file <= download-file
md5sum = dfd2b14f846eda999fe9d12108d513b4 md5sum = 33309e35eb67ea27f7c7a4a5abd459cc
[macrolib.cfg.in] [macrolib.cfg.in]
<= download-file <= download-file
...@@ -255,27 +255,27 @@ md5sum = a56a44e96f65f5ed20211bb6a54279f4 ...@@ -255,27 +255,27 @@ md5sum = a56a44e96f65f5ed20211bb6a54279f4
[nginx-gitlab-http.conf.in] [nginx-gitlab-http.conf.in]
<= download-template <= download-template
md5sum = 590da2b00cd198c7bc261c3d893bc199 md5sum = 3b494fe8425a12e4a7fd3a9bb17f88f8
[nginx.conf.in] [nginx.conf.in]
<= download-template <= download-template
md5sum = f1a6e2bce3f28a2243fed49d1e1601df md5sum = dc16257d49d1fc1ae6e7d10865898201
[rack_attack.rb.in] [rack_attack.rb.in]
<= download-template <= download-template
md5sum = 16503c029159ea6db7d0fb5ab67093a3 md5sum = fbea569a1ac9ee46e37d0b98b5441169
[resque.yml.in] [resque.yml.in]
<= download-template <= download-template
md5sum = 7d9cba658f9315cd058dfc74db943a66 md5sum = 2cd97d9f5906d06e00774dd2e4e6af0e
[smtp_settings.rb.in] [smtp_settings.rb.in]
<= download-template <= download-template
md5sum = c7c09c241b5fa8163e4995260be52604 md5sum = 75b9e0325737ca5ecbf938443a5d3321
[unicorn.rb.in] [unicorn.rb.in]
<= download-template <= download-template
md5sum = 9bdca16362fe19c727bca38383e57068 md5sum = 1b55105a3de1ef13260ac3faa30d6e85
[versions] [versions]
......
...@@ -2,7 +2,7 @@ ...@@ -2,7 +2,7 @@
# see: # see:
# https://gitlab.com/gitlab-org/gitlab-ce/blob/master/config.ru # https://gitlab.com/gitlab-org/gitlab-ce/blob/master/config.ru
# https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/gitlab-rails-config.ru.erb # https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/gitlab-rails-config.ru.erb
# (last updated for omnibus-gitlab 8.2.3+ce.0-0-g8eda093) # (last updated for omnibus-gitlab 8.4.4+ce.0-0-g1680742)
# This file is used by Rack-based servers to start the application. # This file is used by Rack-based servers to start the application.
......
...@@ -2,7 +2,7 @@ ...@@ -2,7 +2,7 @@
# see: # see:
# https://gitlab.com/gitlab-org/gitlab-ce/blob/master/config/database.yml.postgresql # https://gitlab.com/gitlab-org/gitlab-ce/blob/master/config/database.yml.postgresql
# https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/database.yml.erb # https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/database.yml.erb
# (last updated for 8.2.3+ce.0-0-g8eda093) # (last updated for 8.4.4+ce.0-0-g1680742)
{% from 'macrolib.cfg.in' import cfg with context %} {% from 'macrolib.cfg.in' import cfg with context %}
......
...@@ -3,7 +3,7 @@ ...@@ -3,7 +3,7 @@
# see: # see:
# https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/attributes/default.rb # https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/attributes/default.rb
# https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/gitconfig.erb # https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/gitconfig.erb
# (last updated for omnibus-gitlab 8.2.3+ce.0-0-g8eda093) # (last updated for omnibus-gitlab 8.4.4+ce.0-0-g1680742)
# #
{% from 'macrolib.cfg.in' import cfg with context %} {% from 'macrolib.cfg.in' import cfg with context %}
......
...@@ -2,7 +2,7 @@ ...@@ -2,7 +2,7 @@
# see: # see:
# https://gitlab.com/gitlab-org/gitlab-shell/blob/master/config.yml.example # https://gitlab.com/gitlab-org/gitlab-shell/blob/master/config.yml.example
# https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/gitlab-shell-config.yml.erb # https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/gitlab-shell-config.yml.erb
# (last updated for omnibus-gitlab 8.2.3+ce.0-0-g8eda093) # (last updated for omnibus-gitlab 8.4.4+ce.0-0-g1680742)
# GitLab user. git by default # GitLab user. git by default
user: {{ backend_info.user }} user: {{ backend_info.user }}
......
...@@ -2,7 +2,7 @@ ...@@ -2,7 +2,7 @@
# see: # see:
# https://gitlab.com/gitlab-org/gitlab-ce/blob/master/config/gitlab.yml.example # https://gitlab.com/gitlab-org/gitlab-ce/blob/master/config/gitlab.yml.example
# https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/gitlab.yml.erb # https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/gitlab.yml.erb
# (last updated for omnibus-gitlab 8.2.3+ce.0-0-g8eda093) # (last updated for omnibus-gitlab 8.4.4+ce.0-0-g1680742)
{% from 'macrolib.cfg.in' import cfg, cfg_https, external_url with context %} {% from 'macrolib.cfg.in' import cfg, cfg_https, external_url with context %}
...@@ -50,19 +50,14 @@ production: &base ...@@ -50,19 +50,14 @@ production: &base
default_can_create_group: {{ cfg('default_can_create_group') }} # default: true default_can_create_group: {{ cfg('default_can_create_group') }} # default: true
username_changing_enabled: {{ cfg('username_changing_enabled') }} # default: true - User can change her username/namespace username_changing_enabled: {{ cfg('username_changing_enabled') }} # default: true - User can change her username/namespace
## Default theme ## Default theme
## BASIC = 1 ## 1 - Graphite
## MARS = 2 ## 2 - Charcoal
## MODERN = 3 ## 3 - Green
## GRAY = 4 ## 4 - Gray
## COLOR = 5 ## 5 - Violet
## 6 - Blue
default_theme: {{ cfg('default_theme') }} # default: 2 default_theme: {{ cfg('default_theme') }} # default: 2
{# we do not need to restrict visibility levels
# Restrict setting visibility levels for non-admin users.
# The default is to allow all levels.
restricted_visibility_levels: <%= @gitlab_restricted_visibility_levels unless @gitlab_restricted_visibility_levels.nil? %>
#}
{# for now we are ok with default issue-closing pattern {# for now we are ok with default issue-closing pattern
## Automatic issue closing ## Automatic issue closing
# If a commit message matches this regular expression, all issues referenced from the matched text will be closed. # If a commit message matches this regular expression, all issues referenced from the matched text will be closed.
...@@ -78,7 +73,6 @@ production: &base ...@@ -78,7 +73,6 @@ production: &base
merge_requests: {{ cfg('default_projects_features.merge_requests') }} merge_requests: {{ cfg('default_projects_features.merge_requests') }}
wiki: {{ cfg('default_projects_features.wiki') }} wiki: {{ cfg('default_projects_features.wiki') }}
snippets: {{ cfg('default_projects_features.snippets') }} snippets: {{ cfg('default_projects_features.snippets') }}
visibility_level: '{{ cfg("default_projects_features.visibility_level") }}' # can be "private" | "internal" | "public"
builds: false {# builds not supported yet <%= @gitlab_default_projects_features_builds %> #} builds: false {# builds not supported yet <%= @gitlab_default_projects_features_builds %> #}
## Webhook settings ## Webhook settings
...@@ -139,6 +133,26 @@ production: &base ...@@ -139,6 +133,26 @@ production: &base
storage_path: <%= @lfs_storage_path %> storage_path: <%= @lfs_storage_path %>
#} #}
{# we do not support Pages
## GitLab Pages (EE only)
pages:
enabled: <%= @pages_enabled %>
path: <%= @pages_path %>
host: <%= @pages_host %>
port: <%= @pages_port %>
https: <%= @pages_https %>
#}
{# we do not support Elasticsearch
## Elasticsearch (EE only)
# Enable it if you are going to use elasticsearch instead of
# regular database search
elasticsearch:
enabled: <%= @elasticsearch_enabled %>
host: <%= @elasticsearch_host %>
port: <%= @elasticsearch_port %>
#}
## Gravatar ## Gravatar
## For Libravatar see: http://doc.gitlab.com/ce/customization/libravatar.html ## For Libravatar see: http://doc.gitlab.com/ce/customization/libravatar.html
gravatar: gravatar:
...@@ -149,6 +163,33 @@ production: &base ...@@ -149,6 +163,33 @@ production: &base
#} #}
{# XXX cron jobs are disabled for now - we do not support CI and EE features
## Auxiliary jobs
# Periodically executed jobs, to self-heal GitLab, do external synchronizations, etc.
# Please read here for more information: https://github.com/ondrejbartas/sidekiq-cron#adding-cron-job
cron_jobs:
# Flag stuck CI builds as failed
stuck_ci_builds_worker:
cron: <%= @stuck_ci_builds_worker_cron %>
##
# GitLab EE only jobs:
# Snapshot active users statistics
historical_data_worker:
cron: <%= @historical_data_worker_cron %>
# Update mirrored repositories
update_all_mirrors_worker:
cron: <%= @update_all_mirrors_worker_cron %>
# In addition to refreshing users when they log in,
# periodically refresh LDAP users membership.
# NOTE: This will only take effect if LDAP is enabled
ldap_sync_worker:
cron: <%= @ldap_sync_worker_cron %>
#}
# #
# 2. GitLab CI settings # 2. GitLab CI settings
# ========================== # ==========================
...@@ -272,7 +313,7 @@ production: &base ...@@ -272,7 +313,7 @@ production: &base
<% end %> <% end %>
#} #}
{# default ($RAILS_ROOT/shared/) is just ok {# default ($RAILS_ROOT/shared/) is ok - we symlinked it to proper place
# Shared file storage settings # Shared file storage settings
shared: shared:
path: <%= @shared_path %> path: <%= @shared_path %>
...@@ -330,6 +371,10 @@ production: &base ...@@ -330,6 +371,10 @@ production: &base
ssh_port: <%= @gitlab_shell_ssh_port %> ssh_port: <%= @gitlab_shell_ssh_port %>
#} #}
# git-annex support (EE only)
# If this setting is set to true, the same setting in config.yml of
# gitlab-shell needs to be set to true
git_annex_enabled: <%= @git_annex_enabled %>
## Git settings ## Git settings
# CAUTION! # CAUTION!
......
{{ autogenerated }} {{ autogenerated }}
# see: # see:
# https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/nginx-gitlab-http.conf.erb # https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/nginx-gitlab-http.conf.erb
# (last updated for omnibus-gitlab 8.2.3+ce.0-0-g8eda093) # (last updated for omnibus-gitlab 8.4.4+ce.0-0-g1680742)
{% from 'macrolib.cfg.in' import cfg, cfg_bool, cfg_https, fqdn with context %} {% from 'macrolib.cfg.in' import cfg, cfg_bool, cfg_https, fqdn with context %}
...@@ -33,10 +33,6 @@ ...@@ -33,10 +33,6 @@
## configuration ## ## configuration ##
################################### ###################################
upstream gitlab {
server unix:{{ unicorn.socket }} fail_timeout=0;
}
upstream gitlab-workhorse { upstream gitlab-workhorse {
server unix:{{ gitlab_workhorse.socket }}; server unix:{{ gitlab_workhorse.socket }};
} }
...@@ -109,12 +105,6 @@ server { ...@@ -109,12 +105,6 @@ server {
error_log {{ nginx.log }}/gitlab_error.log; error_log {{ nginx.log }}/gitlab_error.log;
location / { location / {
## Serve static files from defined root folder.
## @gitlab is a named location for the upstream fallback, see below.
try_files $uri /index.html $uri.html @gitlab;
}
location /uploads/ {
## If you use HTTPS make sure you disable gzip compression ## If you use HTTPS make sure you disable gzip compression
## to be safe against BREACH attack. ## to be safe against BREACH attack.
{{ 'gzip off;' if cfg_https else ''}} {{ 'gzip off;' if cfg_https else ''}}
...@@ -125,105 +115,7 @@ server { ...@@ -125,105 +115,7 @@ server {
proxy_connect_timeout {{ cfg('nginx_proxy_connect_timeout') }}; proxy_connect_timeout {{ cfg('nginx_proxy_connect_timeout') }};
proxy_redirect off; proxy_redirect off;
proxy_set_header Host $http_host; proxy_http_version 1.1;
proxy_set_header X-Real-IP $remote_addr;
{% if cfg_https %}
proxy_set_header X-Forwarded-Ssl on;
{% endif %}
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto {{ "https" if cfg_https else "http" }};
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_pass http://gitlab;
}
## If a file, which is not found in the root folder is requested,
## then the proxy passes the request to the upsteam (gitlab unicorn).
location @gitlab {
## If you use HTTPS make sure you disable gzip compression
## to be safe against BREACH attack.
{{ 'gzip off;' if cfg_https else ''}}
## https://github.com/gitlabhq/gitlabhq/issues/694
## Some requests take more than 30 seconds.
proxy_read_timeout {{ cfg('nginx_proxy_read_timeout') }};
proxy_connect_timeout {{ cfg('nginx_proxy_connect_timeout') }};
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
{% if cfg_https %}
proxy_set_header X-Forwarded-Ssl on;
{% endif %}
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto {{ "https" if cfg_https else "http" }};
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_pass http://gitlab;
}
location ~ ^/[\w\.-]+/[\w\.-]+/gitlab-lfs/objects {
client_max_body_size 0;
# 'Error' 418 is a hack to re-use the @gitlab-workhorse block
error_page 418 = @gitlab-workhorse;
return 418;
}
location ~ ^/[\w\.-]+/[\w\.-]+/(info/refs|git-upload-pack|git-receive-pack)$ {
client_max_body_size 0;
# 'Error' 418 is a hack to re-use the @gitlab-workhorse block
error_page 418 = @gitlab-workhorse;
return 418;
}
location ~ ^/[\w\.-]+/[\w\.-]+/repository/archive {
client_max_body_size 0;
# 'Error' 418 is a hack to re-use the @gitlab-workhorse block
error_page 418 = @gitlab-workhorse;
return 418;
}
location ~ ^/api/v3/projects/.*/repository/archive {
client_max_body_size 0;
# 'Error' 418 is a hack to re-use the @gitlab-workhorse block
error_page 418 = @gitlab-workhorse;
return 418;
}
# Build artifacts should be submitted to this location
location ~ ^/[\w\.-]+/[\w\.-]+/builds/download {
client_max_body_size 0;
# 'Error' 418 is a hack to re-use the @gitlab-workhorse block
error_page 418 = @gitlab-workhorse;
return 418;
}
# Build artifacts should be submitted to this location
location ~ /ci/api/v1/builds/[0-9]+/artifacts {
client_max_body_size 0;
# 'Error' 418 is a hack to re-use the @gitlab-workhorse block
error_page 418 = @gitlab-workhorse;
return 418;
}
# access to raw blobs -> @gitlab-workhorse
location ~ ^/[\w\.-]+/[\w\.-]+/raw/ {
client_max_body_size 0;
error_page 418 = @gitlab-workhorse;
return 418;
}
location @gitlab-workhorse {
client_max_body_size 0;
## If you use HTTPS make sure you disable gzip compression
## to be safe against BREACH attack.
{{ 'gzip off;' if cfg_https else ''}}
## https://github.com/gitlabhq/gitlabhq/issues/694
## Some requests take more than 30 seconds.
proxy_read_timeout {{ cfg('nginx_proxy_read_timeout') }};
proxy_connect_timeout {{ cfg('nginx_proxy_connect_timeout') }};
proxy_redirect off;
proxy_set_header Host $http_host; proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
...@@ -236,21 +128,6 @@ server { ...@@ -236,21 +128,6 @@ server {
proxy_pass http://gitlab-workhorse; proxy_pass http://gitlab-workhorse;
} }
## Enable gzip compression as per rails guide:
## http://guides.rubyonrails.org/asset_pipeline.html#gzip-compression
## WARNING: If you are using relative urls remove the block below
## See config/application.rb under "Relative url support" for the list of
## other files that need to be changed for relative url support
location ~ ^/(assets)/ {
root {{ gitlab_work.location }}/public;
gzip_static on; # to serve pre-gzipped version
expires max;
add_header Cache-Control public;
}
error_page 502 /502.html;
{# we don't support custom nginx configs {# we don't support custom nginx configs
<%= @custom_gitlab_server_config %> <%= @custom_gitlab_server_config %>
#} #}
......
...@@ -2,7 +2,7 @@ ...@@ -2,7 +2,7 @@
# see: # see:
# https://gitlab.com/gitlab-org/gitlab-ce/blob/master/lib/support/nginx/gitlab-ssl # https://gitlab.com/gitlab-org/gitlab-ce/blob/master/lib/support/nginx/gitlab-ssl
# https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/nginx.conf.erb # https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/nginx.conf.erb
# (last updated for omnibus-gitlab 8.2.3+ce.0-0-g8eda093) # (last updated for omnibus-gitlab 8.4.4+ce.0-0-g1680742)
{% from 'macrolib.cfg.in' import cfg with context %} {% from 'macrolib.cfg.in' import cfg with context %}
...@@ -43,8 +43,9 @@ http { ...@@ -43,8 +43,9 @@ http {
include {{ nginx_gitlab_http_conf }}; include {{ nginx_gitlab_http_conf }};
{# we don't need: ci, mattermost {# we don't need: ci, pages, mattermost
include <%= @gitlab_ci_http_config %> include <%= @gitlab_ci_http_config %>
include <%= @gitlab_pages_http_config %>;
include <%= @gitlab_mattermost_http_config %> include <%= @gitlab_mattermost_http_config %>
#} #}
} }
...@@ -2,7 +2,7 @@ ...@@ -2,7 +2,7 @@
# see: # see:
# https://gitlab.com/gitlab-org/gitlab-ce/blob/master/config/initializers/rack_attack.rb.example # https://gitlab.com/gitlab-org/gitlab-ce/blob/master/config/initializers/rack_attack.rb.example
# https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/rack_attack.rb.erb # https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/rack_attack.rb.erb
# (last updated for omnibus-gitlab 8.2.3+ce.0-0-g8eda093) # (last updated for omnibus-gitlab 8.4.4+ce.0-0-g1680742)
{% from 'macrolib.cfg.in' import cfg with context %} {% from 'macrolib.cfg.in' import cfg with context %}
......
...@@ -2,6 +2,6 @@ ...@@ -2,6 +2,6 @@
# see: # see:
# https://gitlab.com/gitlab-org/gitlab-ce/blob/master/config/resque.yml.example # https://gitlab.com/gitlab-org/gitlab-ce/blob/master/config/resque.yml.example
# https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/resque.yml.erb # https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/resque.yml.erb
# (last udpdated for omnibus-gitlab 8.2.3+ce.0-0-g8eda093) # (last udpdated for omnibus-gitlab 8.4.4+ce.0-0-g1680742)
production: unix://{{ redis.unixsocket }} production: unix://{{ redis.unixsocket }}
...@@ -2,7 +2,7 @@ ...@@ -2,7 +2,7 @@
# see: # see:
# https://gitlab.com/gitlab-org/gitlab-ce/blob/master/config/initializers/smtp_settings.rb.sample # https://gitlab.com/gitlab-org/gitlab-ce/blob/master/config/initializers/smtp_settings.rb.sample
# https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/smtp_settings.rb.erb # https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/smtp_settings.rb.erb
# (last updated for omnibus-gitlab 8.2.3+ce.0-0-g8eda093) # (last updated for omnibus-gitlab 8.4.4+ce.0-0-g1680742)
{% from 'macrolib.cfg.in' import cfg, cfg_bool with context %} {% from 'macrolib.cfg.in' import cfg, cfg_bool with context %}
......
...@@ -3,7 +3,7 @@ ...@@ -3,7 +3,7 @@
# https://gitlab.com/gitlab-org/gitlab-ce/blob/master/config/unicorn.rb.example # https://gitlab.com/gitlab-org/gitlab-ce/blob/master/config/unicorn.rb.example
# https://gitlab.com/gitlab-org/gitlab-ce/blob/master/config/unicorn.rb.example.development # https://gitlab.com/gitlab-org/gitlab-ce/blob/master/config/unicorn.rb.example.development
# https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/unicorn.rb.erb # https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/unicorn.rb.erb
# (last updated for omnibus-gitlab 8.2.3+ce.0-0-g8eda093) # (last updated for omnibus-gitlab 8.4.4+ce.0-0-g1680742)
{% from 'macrolib.cfg.in' import cfg with context %} {% from 'macrolib.cfg.in' import cfg with context %}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment