X Proper gitlab_shell_secret setup

30324887 · Kirill Smelkov · 2d17ae03 · 30324887 · 30324887 · 30324887
Commit 30324887 authored Nov 06, 2015 by Kirill Smelkov
3 changed files
--- a/software/gitlab/instance-gitlab.cfg.in
+++ b/software/gitlab/instance-gitlab.cfg.in
@@ -114,11 +114,16 @@ backup  = ${directory:srv}/backup
 # gitlab-shell: etc/ log/
-[gitlab-shell]
+[gitlab-shell-dir]
 recipe  = slapos.cookbook:mkdirectory
 etc     = ${directory:etc}/gitlab-shell
 log     = ${directory:log}/gitlab-shell
+[gitlab-shell]
+etc     = ${gitlab-shell-dir:etc}
+log     = ${gitlab-shell-dir:log}
+secret  = ${:etc}/gitlab_shell_secret
@@ -155,6 +160,7 @@ context-extra =
 template= {{ gitlab_yml_in }}
 context-extra =
    section gitlab                      gitlab
+    section gitlab_shell                gitlab-shell
    section gitlab_backend              gitlab-backend
    section gitlab_shell_root_shadow    gitlab-shell-root-shadow
@@ -283,19 +289,19 @@ update-command =
    {{ git }} fetch software  &&
    {{ git }} reset --hard `cd ${:software} && {{ git }} rev-parse HEAD`  &&
-    ${:relink-command}
+    ${:tune-command}
+# NOTE there is no need to link/create .gitlab_shell_secret - we set path to it
+# in gitlab & gitlab-shell configs, and gitlab creates it on its first start
 [gitlab-root-shadow]
 <= root-shadow
 software = {{ gitlab_repository_location }}
-relink-command =
+tune-command =
 # secret* tmp/ log/
-    rm -f .secret .gitlab_shell_secret  &&
+    rm -f .secret &&
    rm -rf log tmp                      &&
    ln -sf ${gitlab:etc}/secret .secret  &&
-    touch ${gitlab-shell:etc}/gitlab_shell_secret   &&
-    ln -sf ${gitlab-shell:etc}/gitlab_shell_secret .gitlab_shell_secret  &&
    ln -sf ${gitlab:log} log             &&
    ln -sf ${gitlab:tmp} tmp             &&
 # config/
@@ -320,9 +326,8 @@ relink-command =
 <= root-shadow
 software = {{ gitlab_shell_repository_location }}
-relink-command =
+tune-command =
    ln -sf ${gitlab-shell-config.yml:rendered}   config.yml  &&
-    ln -sf ${gitlab-shell:etc}/gitlab_shell_secret .gitlab_shell_secret  &&
    true

--- a/software/gitlab/template/gitlab-shell-config.yml.in
+++ b/software/gitlab/template/gitlab-shell-config.yml.in
@@ -31,6 +31,11 @@ repos_path: "{{ gitlab.repositories }}"
 # NOTE not used in slapos version (all access via http only)
 auth_file: "TODO"
+# File that contains the secret key for verifying access to GitLab.
+# Default is .gitlab_shell_secret in the root directory.
+secret_file: "{{ gitlab_shell.secret }}"
 # Redis settings used for pushing commit notices to gitlab
 redis:
  bin: {{ redis_bin }}/redis-cli

--- a/software/gitlab/template/gitlab.yml.in
+++ b/software/gitlab/template/gitlab.yml.in
@@ -106,6 +106,7 @@ production: &base
    repos_path: {{ gitlab.repositories }}
    hooks_path: {{ gitlab_shell_root_shadow.location }}/hooks/
+    secret_file: {{ gitlab_shell.secret }}
    # Git over HTTP is enabled
    upload_pack:    true