archive-gh-me/docker-gitlab
1
0
Fork 0
mirror of https://github.com/sameersbn/docker-gitlab.git synced 2026-01-18 13:58:25 +00:00
Code Issues Projects Releases Wiki Activity
docker-gitlab/assets/runtime/functions

1043 lines
47 KiB
Bash
Raw Blame History

#!/bin/bash
set -e
source ${GITLAB_RUNTIME_DIR}/env-defaults
SYSCONF_TEMPLATES_DIR="${GITLAB_RUNTIME_DIR}/config"
USERCONF_TEMPLATES_DIR="${GITLAB_DATA_DIR}/config"
## Execute a command as GITLAB_USER
exec_as_git() {
sudo -HEu ${GITLAB_USER} "$@"
}
## Copies configuration template to the destination as the specified USER
### Looks up for overrides in ${USERCONF_TEMPLATES_DIR} before using the defaults from ${SYSCONF_TEMPLATES_DIR}
# $1: copy-as user
# $2: source file
# $3: destination location
install_template() {
USR=${1}
SRC=${2}
DEST=${3}
if [[ -f ${USERCONF_TEMPLATES_DIR}/${SRC} ]]; then
sudo -HEu ${USR} cp ${USERCONF_TEMPLATES_DIR}/${SRC} ${DEST}
elif [[ -f ${SYSCONF_TEMPLATES_DIR}/${SRC} ]]; then
sudo -HEu ${USR} cp ${SYSCONF_TEMPLATES_DIR}/${SRC} ${DEST}
fi
}
gitlab_finalize_database_parameters() {
# is a mysql or postgresql database linked?
# requires that the mysql or postgresql containers have exposed
# port 3306 and 5432 respectively.
if [[ -n ${MYSQL_PORT_3306_TCP_ADDR} ]]; then
DB_TYPE=${DB_TYPE:-mysql}
DB_HOST=${DB_HOST:-${MYSQL_PORT_3306_TCP_ADDR}}
DB_PORT=${DB_PORT:-${MYSQL_PORT_3306_TCP_PORT}}
# support for linked sameersbn/mysql image
DB_USER=${DB_USER:-${MYSQL_ENV_DB_USER}}
DB_PASS=${DB_PASS:-${MYSQL_ENV_DB_PASS}}
DB_NAME=${DB_NAME:-${MYSQL_ENV_DB_NAME}}
# support for linked orchardup/mysql and enturylink/mysql image
# also supports official mysql image
DB_USER=${DB_USER:-${MYSQL_ENV_MYSQL_USER}}
DB_PASS=${DB_PASS:-${MYSQL_ENV_MYSQL_PASSWORD}}
DB_NAME=${DB_NAME:-${MYSQL_ENV_MYSQL_DATABASE}}
elif [[ -n ${POSTGRESQL_PORT_5432_TCP_ADDR} ]]; then
DB_TYPE=${DB_TYPE:-postgres}
DB_HOST=${DB_HOST:-${POSTGRESQL_PORT_5432_TCP_ADDR}}
DB_PORT=${DB_PORT:-${POSTGRESQL_PORT_5432_TCP_PORT}}
# support for linked official postgres image
DB_USER=${DB_USER:-${POSTGRESQL_ENV_POSTGRES_USER}}
DB_PASS=${DB_PASS:-${POSTGRESQL_ENV_POSTGRES_PASSWORD}}
DB_NAME=${DB_NAME:-${DB_USER}}
# support for linked sameersbn/postgresql image
DB_USER=${DB_USER:-${POSTGRESQL_ENV_DB_USER}}
DB_PASS=${DB_PASS:-${POSTGRESQL_ENV_DB_PASS}}
DB_NAME=${DB_NAME:-${POSTGRESQL_ENV_DB_NAME}}
# support for linked orchardup/postgresql image
DB_USER=${DB_USER:-${POSTGRESQL_ENV_POSTGRESQL_USER}}
DB_PASS=${DB_PASS:-${POSTGRESQL_ENV_POSTGRESQL_PASS}}
DB_NAME=${DB_NAME:-${POSTGRESQL_ENV_POSTGRESQL_DB}}
# support for linked paintedfox/postgresql image
DB_USER=${DB_USER:-${POSTGRESQL_ENV_USER}}
DB_PASS=${DB_PASS:-${POSTGRESQL_ENV_PASS}}
DB_NAME=${DB_NAME:-${POSTGRESQL_ENV_DB}}
fi
if [[ -z ${DB_HOST} ]]; then
echo
echo "ERROR: "
echo " Please configure the database connection."
echo " Refer http://git.io/wkYhyA for more information."
echo " Cannot continue without a database. Aborting..."
echo
return 1
fi
# set default port number if not specified
DB_TYPE=${DB_TYPE:-postgres}
case ${DB_TYPE} in
mysql) DB_PORT=${DB_PORT:-3306} ;;
postgres) DB_PORT=${DB_PORT:-5432} ;;
*)
echo
echo "ERROR: "
echo " Please specify the database type in use via the DB_TYPE configuration option."
echo " Accepted values are \"postgres\" or \"mysql\". Aborting..."
echo
return 1
;;
esac
# set default user and database
DB_USER=${DB_USER:-root}
DB_NAME=${DB_NAME:-gitlabhq_production}
}
gitlab_check_database_connection() {
case ${DB_TYPE} in
mysql)
prog="mysqladmin -h ${DB_HOST} -P ${DB_PORT} -u ${DB_USER} ${DB_PASS:+-p$DB_PASS} status"
;;
postgres)
prog=$(find /usr/lib/postgresql/ -name pg_isready)
prog="${prog} -h ${DB_HOST} -p ${DB_PORT} -U ${DB_USER} -d ${DB_NAME} -t 1"
;;
esac
timeout=60
while ! ${prog} >/dev/null 2>&1
do
timeout=$(expr $timeout - 1)
if [[ $timeout -eq 0 ]]; then
echo
echo "Could not connect to database server. Aborting..."
return 1
fi
echo -n "."
sleep 1
done
echo
}
gitlab_configure_database() {
echo -n "Configuring gitlab::database"
gitlab_finalize_database_parameters
gitlab_check_database_connection
exec_as_git sed -i 's/{{DB_HOST}}/'"${DB_HOST}"'/' ${GITLAB_INSTALL_DIR}/config/database.yml
exec_as_git sed -i 's/{{DB_PORT}}/'"${DB_PORT}"'/' ${GITLAB_INSTALL_DIR}/config/database.yml
exec_as_git sed -i 's/{{DB_NAME}}/'"${DB_NAME}"'/' ${GITLAB_INSTALL_DIR}/config/database.yml
exec_as_git sed -i 's/{{DB_USER}}/'"${DB_USER}"'/' ${GITLAB_INSTALL_DIR}/config/database.yml
exec_as_git sed -i 's/{{DB_PASS}}/'"${DB_PASS}"'/' ${GITLAB_INSTALL_DIR}/config/database.yml
exec_as_git sed -i 's/{{DB_POOL}}/'"${DB_POOL}"'/' ${GITLAB_INSTALL_DIR}/config/database.yml
case ${DB_TYPE} in
postgres)
exec_as_git sed -i 's/{{DB_ADAPTER}}/postgresql/' ${GITLAB_INSTALL_DIR}/config/database.yml
exec_as_git sed -i 's/{{DB_ENCODING}}/unicode/' ${GITLAB_INSTALL_DIR}/config/database.yml
exec_as_git sed -i '/reconnect: /d' ${GITLAB_INSTALL_DIR}/config/database.yml
exec_as_git sed -i '/collation: /d' ${GITLAB_INSTALL_DIR}/config/database.yml
;;
mysql)
exec_as_git sed -i 's/{{DB_ADAPTER}}/mysql2/' ${GITLAB_INSTALL_DIR}/config/database.yml
exec_as_git sed -i 's/{{DB_ENCODING}}/utf8/' ${GITLAB_INSTALL_DIR}/config/database.yml
;;
esac
}
gitlab_finalize_redis_parameters() {
# is a redis container linked?
if [[ -n ${REDISIO_PORT_6379_TCP_ADDR} ]]; then
REDIS_HOST=${REDIS_HOST:-${REDISIO_PORT_6379_TCP_ADDR}}
REDIS_PORT=${REDIS_PORT:-${REDISIO_PORT_6379_TCP_PORT}}
fi
# set default redis port if not specified
REDIS_PORT=${REDIS_PORT:-6379}
if [[ -z ${REDIS_HOST} ]]; then
echo
echo "ERROR: "
echo " Please configure the redis connection."
echo " Refer http://git.io/PMnRSw for more information."
echo " Cannot continue without a redis connection. Aborting..."
echo
return 1
fi
}
gitlab_check_redis_connection() {
timeout=60
while ! redis-cli -h ${REDIS_HOST} -p ${REDIS_PORT} ping >/dev/null 2>&1
do
timeout=$(expr $timeout - 1)
if [[ $timeout -eq 0 ]]; then
echo ""
echo "Could not connect to redis server. Aborting..."
return 1
fi
echo -n "."
sleep 1
done
echo
}
gitlab_configure_redis() {
echo -n "Configuring gitlab::redis"
gitlab_finalize_redis_parameters
gitlab_check_redis_connection
exec_as_git sed -i 's/{{REDIS_HOST}}/'"${REDIS_HOST}"'/g' ${GITLAB_INSTALL_DIR}/config/resque.yml
exec_as_git sed -i 's/{{REDIS_PORT}}/'"${REDIS_PORT}"'/g' ${GITLAB_INSTALL_DIR}/config/resque.yml
}
gitlab_configure_unicorn() {
echo "Configuring gitlab::unicorn..."
if [[ -n ${GITLAB_RELATIVE_URL_ROOT} ]]; then
exec_as_git sed -i 's,{{GITLAB_RELATIVE_URL_ROOT}},'"${GITLAB_RELATIVE_URL_ROOT}"',' ${GITLAB_INSTALL_DIR}/config/unicorn.rb
else
exec_as_git sed -i '/{{GITLAB_RELATIVE_URL_ROOT}}/d' ${GITLAB_INSTALL_DIR}/config/unicorn.rb
fi
# configure workers
exec_as_git sed -i 's,{{GITLAB_INSTALL_DIR}},'"${GITLAB_INSTALL_DIR}"',g' ${GITLAB_INSTALL_DIR}/config/unicorn.rb
exec_as_git sed -i 's/{{UNICORN_WORKERS}}/'"${UNICORN_WORKERS}"'/' ${GITLAB_INSTALL_DIR}/config/unicorn.rb
# configure timeout
exec_as_git sed -i 's/{{UNICORN_TIMEOUT}}/'"${UNICORN_TIMEOUT}"'/' ${GITLAB_INSTALL_DIR}/config/unicorn.rb
}
gitlab_configure_timezone() {
echo "Configuring gitlab::timezone..."
GITLAB_TIMEZONE="$(echo "${GITLAB_TIMEZONE}" | sed 's/[\/&]/\\&/g')"
exec_as_git sed -i 's|{{GITLAB_TIMEZONE}}|'"${GITLAB_TIMEZONE}"'|' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
}
gitlab_configure_mail_delivery() {
if [[ ${SMTP_ENABLED} == true ]]; then
echo "Configuring gitlab::smtp_settings..."
if [[ -n ${SMTP_USER} ]]; then
exec_as_git sed -i 's/{{SMTP_USER}}/'"${SMTP_USER}"'/' ${GITLAB_INSTALL_DIR}/config/initializers/smtp_settings.rb
if [[ -n ${SMTP_PASS} ]]; then
exec_as_git sed -i 's/{{SMTP_PASS}}/'"${SMTP_PASS}"'/' ${GITLAB_INSTALL_DIR}/config/initializers/smtp_settings.rb
else
exec_as_git sed -i '/{{SMTP_PASS}}/d' ${GITLAB_INSTALL_DIR}/config/initializers/smtp_settings.rb
fi
else
exec_as_git sed -i '/{{SMTP_USER}}/d' ${GITLAB_INSTALL_DIR}/config/initializers/smtp_settings.rb
exec_as_git sed -i '/{{SMTP_PASS}}/d' ${GITLAB_INSTALL_DIR}/config/initializers/smtp_settings.rb
fi
exec_as_git sed -i 's/{{SMTP_HOST}}/'"${SMTP_HOST}"'/' ${GITLAB_INSTALL_DIR}/config/initializers/smtp_settings.rb
exec_as_git sed -i 's/{{SMTP_PORT}}/'"${SMTP_PORT}"'/' ${GITLAB_INSTALL_DIR}/config/initializers/smtp_settings.rb
exec_as_git sed -i 's/{{SMTP_DOMAIN}}/'"${SMTP_DOMAIN}"'/' ${GITLAB_INSTALL_DIR}/config/initializers/smtp_settings.rb
exec_as_git sed -i 's/{{SMTP_STARTTLS}}/'"${SMTP_STARTTLS}"'/' ${GITLAB_INSTALL_DIR}/config/initializers/smtp_settings.rb
exec_as_git sed -i 's/{{SMTP_TLS}}/'"${SMTP_TLS}"'/' ${GITLAB_INSTALL_DIR}/config/initializers/smtp_settings.rb
exec_as_git sed -i 's/{{SMTP_OPENSSL_VERIFY_MODE}}/'"${SMTP_OPENSSL_VERIFY_MODE}"'/' ${GITLAB_INSTALL_DIR}/config/initializers/smtp_settings.rb
case ${SMTP_AUTHENTICATION} in
"") exec_as_git sed -i '/{{SMTP_AUTHENTICATION}}/d' ${GITLAB_INSTALL_DIR}/config/initializers/smtp_settings.rb ;;
*) exec_as_git sed -i 's/{{SMTP_AUTHENTICATION}}/'"${SMTP_AUTHENTICATION}"'/' ${GITLAB_INSTALL_DIR}/config/initializers/smtp_settings.rb ;;
esac
if [[ ${SMTP_CA_ENABLED} == true ]]; then
if [[ -d ${SMTP_CA_PATH} ]]; then
exec_as_git sed -i 's,{{SMTP_CA_PATH}},'"${SMTP_CA_PATH}"',' ${GITLAB_INSTALL_DIR}/config/initializers/smtp_settings.rb
fi
if [[ -f ${SMTP_CA_FILE} ]]; then
exec_as_git sed -i 's,{{SMTP_CA_FILE}},'"${SMTP_CA_FILE}"',' ${GITLAB_INSTALL_DIR}/config/initializers/smtp_settings.rb
fi
else
exec_as_git sed -i '/{{SMTP_CA_PATH}}/d' ${GITLAB_INSTALL_DIR}/config/initializers/smtp_settings.rb
exec_as_git sed -i '/{{SMTP_CA_FILE}}/d' ${GITLAB_INSTALL_DIR}/config/initializers/smtp_settings.rb
fi
fi
exec_as_git sed -i 's/{{GITLAB_EMAIL_ENABLED}}/'"${GITLAB_EMAIL_ENABLED}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
exec_as_git sed -i 's/{{GITLAB_EMAIL}}/'"${GITLAB_EMAIL}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
exec_as_git sed -i 's/{{GITLAB_EMAIL_DISPLAY_NAME}}/'"${GITLAB_EMAIL_DISPLAY_NAME}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
exec_as_git sed -i 's/{{GITLAB_EMAIL_REPLY_TO}}/'"${GITLAB_EMAIL_REPLY_TO}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
}
gitlab_configure_mailroom() {
if [[ ${IMAP_ENABLED} == true ]]; then
echo "Configuring gitlab::incoming_email..."
exec_as_git sed -i 's/{{GITLAB_INCOMING_EMAIL_ADDRESS}}/'"${GITLAB_INCOMING_EMAIL_ADDRESS}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
if [[ -n ${IMAP_USER} ]]; then
exec_as_git sed -i 's/{{IMAP_USER}}/'"${IMAP_USER}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
if [[ -n ${IMAP_PASS} ]]; then
exec_as_git sed -i 's/{{IMAP_PASS}}/'"${IMAP_PASS}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
else
exec_as_git sed -i '/{{IMAP_PASS}}/d' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
fi
else
exec_as_git sed -i '/{{IMAP_USER}}/d' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
exec_as_git sed -i '/{{IMAP_PASS}}/d' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
fi
exec_as_git sed -i 's/{{IMAP_HOST}}/'"${IMAP_HOST}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
exec_as_git sed -i 's/{{IMAP_PORT}}/'"${IMAP_PORT}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
exec_as_git sed -i 's/{{IMAP_SSL}}/'"${IMAP_SSL}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
exec_as_git sed -i 's/{{IMAP_STARTTLS}}/'"${IMAP_STARTTLS}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
exec_as_git sed -i 's/{{IMAP_MAILBOX}}/'"${IMAP_MAILBOX}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
else
exec_as_git sed -i '/{{IMAP_USER}}/d' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
exec_as_git sed -i '/{{IMAP_PASS}}/d' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
exec_as_git sed -i '/{{IMAP_HOST}}/d' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
exec_as_git sed -i '/{{IMAP_PORT}}/d' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
exec_as_git sed -i '/{{IMAP_SSL}}/d' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
exec_as_git sed -i '/{{IMAP_STARTTLS}}/d' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
exec_as_git sed -i '/{{IMAP_MAILBOX}}/d' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
fi
exec_as_git sed -i 's/{{GITLAB_INCOMING_EMAIL_ENABLED}}/'"${GITLAB_INCOMING_EMAIL_ENABLED}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
# enable/disable startup of mailroom
echo "mail_room_enabled=${GITLAB_INCOMING_EMAIL_ENABLED}" >> /etc/default/gitlab
sed -i 's/{{GITLAB_INCOMING_EMAIL_ENABLED}}/'"${GITLAB_INCOMING_EMAIL_ENABLED}"'/' /etc/supervisor/conf.d/mail_room.conf
}
gitlab_configure_ldap() {
echo "Configuring gitlab::ldap..."
exec_as_git sed -i 's/{{LDAP_ENABLED}}/'"${LDAP_ENABLED}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
exec_as_git sed -i 's/{{LDAP_HOST}}/'"${LDAP_HOST}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
exec_as_git sed -i 's/{{LDAP_PORT}}/'"${LDAP_PORT}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
exec_as_git sed -i 's/{{LDAP_UID}}/'"${LDAP_UID}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
exec_as_git sed -i 's/{{LDAP_METHOD}}/'"${LDAP_METHOD}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
exec_as_git sed -i 's/{{LDAP_BIND_DN}}/'"${LDAP_BIND_DN}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
exec_as_git sed -i 's/{{LDAP_PASS}}/'"${LDAP_PASS}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
exec_as_git sed -i 's/{{LDAP_ACTIVE_DIRECTORY}}/'"${LDAP_ACTIVE_DIRECTORY}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
exec_as_git sed -i 's/{{LDAP_ALLOW_USERNAME_OR_EMAIL_LOGIN}}/'"${LDAP_ALLOW_USERNAME_OR_EMAIL_LOGIN}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
exec_as_git sed -i 's/{{LDAP_BLOCK_AUTO_CREATED_USERS}}/'"${LDAP_BLOCK_AUTO_CREATED_USERS}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
exec_as_git sed -i 's/{{LDAP_BASE}}/'"${LDAP_BASE}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
exec_as_git sed -i 's/{{LDAP_USER_FILTER}}/'"${LDAP_USER_FILTER}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
exec_as_git sed -i 's/{{LDAP_LABEL}}/'"${LDAP_LABEL}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
}
gitlab_configure_oauth_google() {
if [[ -n ${OAUTH_GOOGLE_API_KEY} && -n ${OAUTH_GOOGLE_APP_SECRET} ]]; then
echo "Configuring gitlab::oauth::google..."
OAUTH_ENABLED=${OAUTH_ENABLED:-true}
exec_as_git sed -i 's/{{OAUTH_GOOGLE_API_KEY}}/'"${OAUTH_GOOGLE_API_KEY}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
exec_as_git sed -i 's/{{OAUTH_GOOGLE_APP_SECRET}}/'"${OAUTH_GOOGLE_APP_SECRET}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
exec_as_git sed -i 's/{{OAUTH_GOOGLE_RESTRICT_DOMAIN}}/'"${OAUTH_GOOGLE_RESTRICT_DOMAIN}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
exec_as_git sed -i 's/{{OAUTH_GOOGLE_APPROVAL_PROMPT}}//' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
else
exec_as_git sed -i "/name: 'google_oauth2'/,/{{OAUTH_GOOGLE_RESTRICT_DOMAIN}}/d" ${GITLAB_INSTALL_DIR}/config/gitlab.yml
fi
}
gitlab_configure_oauth_facebook() {
if [[ -n ${OAUTH_FACEBOOK_API_KEY} && -n ${OAUTH_FACEBOOK_APP_SECRET} ]]; then
echo "Configuring gitlab::oauth::facebook..."
OAUTH_ENABLED=${OAUTH_ENABLED:-true}
exec_as_git sed -i 's/{{OAUTH_FACEBOOK_API_KEY}}/'"${OAUTH_FACEBOOK_API_KEY}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
exec_as_git sed -i 's/{{OAUTH_FACEBOOK_APP_SECRET}}/'"${OAUTH_FACEBOOK_APP_SECRET}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
else
exec_as_git sed -i "/name: 'facebook'/,/{{OAUTH_FACEBOOK_APP_SECRET}}/d" ${GITLAB_INSTALL_DIR}/config/gitlab.yml
fi
}
gitlab_configure_oauth_twitter() {
if [[ -n ${OAUTH_TWITTER_API_KEY} && -n ${OAUTH_TWITTER_APP_SECRET} ]]; then
echo "Configuring gitlab::oauth::twitter..."
OAUTH_ENABLED=${OAUTH_ENABLED:-true}
exec_as_git sed -i 's/{{OAUTH_TWITTER_API_KEY}}/'"${OAUTH_TWITTER_API_KEY}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
exec_as_git sed -i 's/{{OAUTH_TWITTER_APP_SECRET}}/'"${OAUTH_TWITTER_APP_SECRET}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
else
exec_as_git sed -i "/name: 'twitter'/,/{{OAUTH_TWITTER_APP_SECRET}}/d" ${GITLAB_INSTALL_DIR}/config/gitlab.yml
fi
}
gitlab_configure_oauth_github() {
if [[ -n ${OAUTH_GITHUB_API_KEY} && -n ${OAUTH_GITHUB_APP_SECRET} ]]; then
echo "Configuring gitlab::oauth::github..."
OAUTH_ENABLED=${OAUTH_ENABLED:-true}
exec_as_git sed -i 's/{{OAUTH_GITHUB_API_KEY}}/'"${OAUTH_GITHUB_API_KEY}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
exec_as_git sed -i 's/{{OAUTH_GITHUB_APP_SECRET}}/'"${OAUTH_GITHUB_APP_SECRET}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
exec_as_git sed -i 's/{{OAUTH_GITHUB_SCOPE}}/user:email/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
else
exec_as_git sed -i "/name: 'github'/,/{{OAUTH_GITHUB_SCOPE}}/d" ${GITLAB_INSTALL_DIR}/config/gitlab.yml
fi
}
gitlab_configure_oauth_gitlab() {
if [[ -n ${OAUTH_GITLAB_API_KEY} && -n ${OAUTH_GITLAB_APP_SECRET} ]]; then
echo "Configuring gitlab::oauth::gitlab..."
OAUTH_ENABLED=${OAUTH_ENABLED:-true}
exec_as_git sed -i 's/{{OAUTH_GITLAB_API_KEY}}/'"${OAUTH_GITLAB_API_KEY}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
exec_as_git sed -i 's/{{OAUTH_GITLAB_APP_SECRET}}/'"${OAUTH_GITLAB_APP_SECRET}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
exec_as_git sed -i 's/{{OAUTH_GITLAB_SCOPE}}/api/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
else
exec_as_git sed -i "/name: 'gitlab'/,/{{OAUTH_GITLAB_SCOPE}}/d" ${GITLAB_INSTALL_DIR}/config/gitlab.yml
fi
}
gitlab_configure_oauth_bitbucket() {
if [[ -n ${OAUTH_BITBUCKET_API_KEY} && -n ${OAUTH_BITBUCKET_APP_SECRET} ]]; then
echo "Configuring gitlab::oauth::bitbucket..."
OAUTH_ENABLED=${OAUTH_ENABLED:-true}
exec_as_git sed -i 's/{{OAUTH_BITBUCKET_API_KEY}}/'"${OAUTH_BITBUCKET_API_KEY}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
exec_as_git sed -i 's/{{OAUTH_BITBUCKET_APP_SECRET}}/'"${OAUTH_BITBUCKET_APP_SECRET}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
else
exec_as_git sed -i "/name: 'bitbucket'/,/{{OAUTH_BITBUCKET_APP_SECRET}}/d" ${GITLAB_INSTALL_DIR}/config/gitlab.yml
fi
}
gitlab_configure_oauth_saml() {
if [[ -n ${OAUTH_SAML_ASSERTION_CONSUMER_SERVICE_URL} && \
-n ${OAUTH_SAML_IDP_CERT_FINGERPRINT} && \
-n ${OAUTH_SAML_IDP_SSO_TARGET_URL} && \
-n ${OAUTH_SAML_ISSUER} && \
-n ${OAUTH_SAML_NAME_IDENTIFIER_FORMAT} ]]; then
echo "Configuring gitlab::oauth::saml..."
OAUTH_ENABLED=${OAUTH_ENABLED:-true}
exec_as_git sed -i 's/{{OAUTH_SAML_LABEL}}/'"${OAUTH_SAML_LABEL}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
exec_as_git sed -i 's,{{OAUTH_SAML_ASSERTION_CONSUMER_SERVICE_URL}},'"${OAUTH_SAML_ASSERTION_CONSUMER_SERVICE_URL}"',' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
exec_as_git sed -i 's/{{OAUTH_SAML_IDP_CERT_FINGERPRINT}}/'"${OAUTH_SAML_IDP_CERT_FINGERPRINT}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
exec_as_git sed -i 's,{{OAUTH_SAML_IDP_SSO_TARGET_URL}},'"${OAUTH_SAML_IDP_SSO_TARGET_URL}"',' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
exec_as_git sed -i 's,{{OAUTH_SAML_ISSUER}},'"${OAUTH_SAML_ISSUER}"',' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
exec_as_git sed -i 's/{{OAUTH_SAML_NAME_IDENTIFIER_FORMAT}}/'"${OAUTH_SAML_NAME_IDENTIFIER_FORMAT}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
else
exec_as_git sed -i "/name: 'saml'/,/{{OAUTH_SAML_NAME_IDENTIFIER_FORMAT}}/d" ${GITLAB_INSTALL_DIR}/config/gitlab.yml
fi
}
gitlab_configure_oauth_crowd() {
if [[ -n ${OAUTH_CROWD_SERVER_URL} && \
-n ${OAUTH_CROWD_APP_NAME} && \
-n ${OAUTH_CROWD_APP_PASSWORD} ]]; then
echo "Configuring gitlab::oauth::crowd..."
OAUTH_ENABLED=${OAUTH_ENABLED:-true}
exec_as_git sed -i 's,{{OAUTH_CROWD_SERVER_URL}},'"${OAUTH_CROWD_SERVER_URL}"',' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
exec_as_git sed -i 's/{{OAUTH_CROWD_APP_NAME}}/'"${OAUTH_CROWD_APP_NAME}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
exec_as_git sed -i 's/{{OAUTH_CROWD_APP_PASSWORD}}/'"${OAUTH_CROWD_APP_PASSWORD}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
else
exec_as_git sed -i "/name: 'crowd'/,/{{OAUTH_CROWD_APP_PASSWORD}}/d" ${GITLAB_INSTALL_DIR}/config/gitlab.yml
fi
}
gitlab_configure_oauth() {
echo "Configuring gitlab::oauth..."
gitlab_configure_oauth_google
gitlab_configure_oauth_facebook
gitlab_configure_oauth_twitter
gitlab_configure_oauth_github
gitlab_configure_oauth_gitlab
gitlab_configure_oauth_bitbucket
gitlab_configure_oauth_saml
gitlab_configure_oauth_crowd
OAUTH_ENABLED=${OAUTH_ENABLED:-false}
exec_as_git sed -i 's/{{OAUTH_ENABLED}}/'"${OAUTH_ENABLED}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
exec_as_git sed -i 's/{{OAUTH_ALLOW_SSO}}/'"${OAUTH_ALLOW_SSO}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
exec_as_git sed -i 's/{{OAUTH_BLOCK_AUTO_CREATED_USERS}}/'"${OAUTH_BLOCK_AUTO_CREATED_USERS}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
exec_as_git sed -i 's/{{OAUTH_AUTO_LINK_LDAP_USER}}/'"${OAUTH_AUTO_LINK_LDAP_USER}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
case ${OAUTH_AUTO_SIGN_IN_WITH_PROVIDER} in
google_oauth2|facebook|twitter|github|gitlab|bitbucket|saml|crowd)
exec_as_git sed -i 's/{{OAUTH_AUTO_SIGN_IN_WITH_PROVIDER}}/'"${OAUTH_AUTO_SIGN_IN_WITH_PROVIDER}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
;;
*)
exec_as_git sed -i '/{{OAUTH_AUTO_SIGN_IN_WITH_PROVIDER}}/d' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
;;
esac
}
gitlab_configure_secrets() {
echo "Configuring gitlab::secrets..."
if [[ -z $GITLAB_SECRETS_DB_KEY_BASE ]]; then
echo "ERROR: "
echo " Please configure the GITLAB_SECRETS_DB_KEY_BASE parameter."
echo " Cannot continue. Aborting..."
return 1
fi
exec_as_git sed -i 's/{{GITLAB_SECRETS_DB_KEY_BASE}}/'"${GITLAB_SECRETS_DB_KEY_BASE}"'/' ${GITLAB_INSTALL_DIR}/config/secrets.yml
}
gitlab_configure_sidekiq() {
echo "Configuring gitlab::sidekiq..."
# configure sidekiq concurrency
sed -i 's/{{SIDEKIQ_CONCURRENCY}}/'"${SIDEKIQ_CONCURRENCY}"'/' /etc/supervisor/conf.d/sidekiq.conf
# configure sidekiq shutdown timeout
sed -i 's/{{SIDEKIQ_SHUTDOWN_TIMEOUT}}/'"${SIDEKIQ_SHUTDOWN_TIMEOUT}"'/' /etc/supervisor/conf.d/sidekiq.conf
# enable SidekiqMemoryKiller
## The MemoryKiller is enabled by gitlab if the `SIDEKIQ_MEMORY_KILLER_MAX_RSS` is
## defined in the programs environment and has a non-zero value.
##
## Simply exporting the variable makes it available in the programs environment and
## therefore should enable the MemoryKiller.
##
## Every other MemoryKiller option specified in the docker env will automatically
## be exported, so why bother
export SIDEKIQ_MEMORY_KILLER_MAX_RSS
}
gitlab_configure_backups_cron() {
case ${GITLAB_BACKUPS} in
daily|weekly|monthly)
echo "Configuring gitlab::backups::cron..."
read hour min <<< ${GITLAB_BACKUP_TIME//[:]/ }
day_of_month=*
month=*
day_of_week=*
case ${GITLAB_BACKUPS} in
daily) ;;
weekly) day_of_week=0 ;;
monthly) day_of_month=01 ;;
esac
exec_as_git cat >> /tmp/cron.${GITLAB_USER} <<EOF
# Automatic Backups ($GITLAB_BACKUPS)
$min $hour $day_of_month $month $day_of_week /bin/bash -l -c 'cd ${GITLAB_INSTALL_DIR} && bundle exec rake gitlab:backup:create RAILS_ENV=${RAILS_ENV}'
EOF
crontab -u ${GITLAB_USER} /tmp/cron.${GITLAB_USER}
rm -rf /tmp/cron.${GITLAB_USER}
;;
esac
}
gitlab_configure_backups_aws() {
case ${AWS_BACKUPS} in
true)
echo "Configuring gitlab::backups::aws..."
if [[ -z ${AWS_BACKUP_REGION} || -z ${AWS_BACKUP_ACCESS_KEY_ID} || -z ${AWS_BACKUP_SECRET_ACCESS_KEY} || -z ${AWS_BACKUP_BUCKET} ]]; then
printf "\nMissing AWS options. Aborting...\n"
return 1
fi
exec_as_git sed -i 's/{{AWS_BACKUP_REGION}}/'"${AWS_BACKUP_REGION}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
exec_as_git sed -i 's/{{AWS_BACKUP_ACCESS_KEY_ID}}/'"${AWS_BACKUP_ACCESS_KEY_ID}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
exec_as_git sed -i 's,{{AWS_BACKUP_SECRET_ACCESS_KEY}},'"${AWS_BACKUP_SECRET_ACCESS_KEY}"',' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
exec_as_git sed -i 's/{{AWS_BACKUP_BUCKET}}/'"${AWS_BACKUP_BUCKET}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
;;
*)
exec_as_git sed -i '/upload:/,/remote_directory:/d' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
;;
esac
}
gitlab_configure_backups() {
echo "Configuring gitlab::backups..."
exec_as_git sed -i 's,{{GITLAB_BACKUP_DIR}},'"${GITLAB_BACKUP_DIR}"',g' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
exec_as_git sed -i 's/{{GITLAB_BACKUP_EXPIRY}}/'"${GITLAB_BACKUP_EXPIRY}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
exec_as_git sed -i 's/{{GITLAB_BACKUP_ARCHIVE_PERMISSIONS}}/'"${GITLAB_BACKUP_ARCHIVE_PERMISSIONS}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
gitlab_configure_backups_cron
gitlab_configure_backups_aws
}
gitlab_configure_gravatar() {
exec_as_git sed -i 's/{{GITLAB_GRAVATAR_ENABLED}}/'"${GITLAB_GRAVATAR_ENABLED}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
if [[ -n ${GITLAB_GRAVATAR_HTTP_URL} ]]; then
echo "Configuring gitlab::gravatar::http..."
GITLAB_GRAVATAR_HTTP_URL=$(echo "${GITLAB_GRAVATAR_HTTP_URL}" | sed 's/&/\\&/')
exec_as_git sed -i 's,{{GITLAB_GRAVATAR_HTTP_URL}},'"${GITLAB_GRAVATAR_HTTP_URL}"',g' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
else
exec_as_git sed -i '/{{GITLAB_GRAVATAR_HTTP_URL}}/d' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
fi
if [[ -n ${GITLAB_GRAVATAR_HTTPS_URL} ]]; then
echo "Configuring gitlab::gravatar::https..."
GITLAB_GRAVATAR_HTTPS_URL=$(echo "${GITLAB_GRAVATAR_HTTPS_URL}" | sed 's/&/\\&/')
exec_as_git sed -i 's,{{GITLAB_GRAVATAR_HTTPS_URL}},'"${GITLAB_GRAVATAR_HTTPS_URL}"',g' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
else
exec_as_git sed -i '/{{GITLAB_GRAVATAR_HTTPS_URL}}/d' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
fi
}
gitlab_configure_analytics_google() {
if [[ -n ${GOOGLE_ANALYTICS_ID} ]]; then
echo "Configuring gitlab::analytics:google..."
exec_as_git sed -i 's/{{GOOGLE_ANALYTICS_ID}}/'"${GOOGLE_ANALYTICS_ID}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
else
exec_as_git sed -i '/{{GOOGLE_ANALYTICS_ID}}/d' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
fi
}
gitlab_configure_analytics_piwik() {
if [[ -n ${PIWIK_URL} && -n ${PIWIK_SITE_ID} ]]; then
echo "Configuring gitlab::analytics:piwik..."
exec_as_git sed -i 's,{{PIWIK_URL}},'"${PIWIK_URL}"',' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
exec_as_git sed -i 's/{{PIWIK_SITE_ID}}/'"${PIWIK_SITE_ID}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
else
exec_as_git sed -i '/{{PIWIK_URL}}/d' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
exec_as_git sed -i '/{{PIWIK_SITE_ID}}/d' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
fi
}
gitlab_configure_analytics() {
gitlab_configure_analytics_google
gitlab_configure_analytics_piwik
}
gitlab_configure_ci() {
echo "Configuring gitlab::ci..."
exec_as_git sed -i 's/{{GITLAB_NOTIFY_ON_BROKEN_BUILDS}}/'"${GITLAB_NOTIFY_ON_BROKEN_BUILDS}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
exec_as_git sed -i 's/{{GITLAB_NOTIFY_PUSHER}}/'"${GITLAB_NOTIFY_PUSHER}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
exec_as_git sed -i 's,{{GITLAB_BUILDS_DIR}},'"${GITLAB_BUILDS_DIR}"',g' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
}
gitlab_configure_lfs() {
echo "Configuring gitlab::lfs..."
exec_as_git sed -i 's/{{GITLAB_LFS_ENABLED}}/'"${GITLAB_LFS_ENABLED}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
exec_as_git sed -i 's,{{GITLAB_LFS_OBJECTS_DIR}},'"${GITLAB_LFS_OBJECTS_DIR}"',g' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
}
gitlab_configure_project_features() {
echo "Configuring gitlab::project_features..."
exec_as_git sed -i 's/{{GITLAB_PROJECTS_ISSUES}}/'"${GITLAB_PROJECTS_ISSUES}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
exec_as_git sed -i 's/{{GITLAB_PROJECTS_MERGE_REQUESTS}}/'"${GITLAB_PROJECTS_MERGE_REQUESTS}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
exec_as_git sed -i 's/{{GITLAB_PROJECTS_WIKI}}/'"${GITLAB_PROJECTS_WIKI}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
exec_as_git sed -i 's/{{GITLAB_PROJECTS_SNIPPETS}}/'"${GITLAB_PROJECTS_SNIPPETS}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
exec_as_git sed -i 's/{{GITLAB_PROJECTS_BUILDS}}/'"${GITLAB_PROJECTS_BUILDS}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
exec_as_git sed -i 's/{{GITLAB_WEBHOOK_TIMEOUT}}/'"${GITLAB_WEBHOOK_TIMEOUT}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
}
nginx_configure_gitlab_ssl() {
if [[ ${GITLAB_HTTPS} == true && -f ${SSL_CERTIFICATE_PATH} && -f ${SSL_KEY_PATH} && -f ${SSL_DHPARAM_PATH} ]]; then
echo "Configuring nginx::gitlab::ssl..."
sed -i 's,{{SSL_CERTIFICATE_PATH}},'"${SSL_CERTIFICATE_PATH}"',' /etc/nginx/sites-enabled/gitlab
sed -i 's,{{SSL_KEY_PATH}},'"${SSL_KEY_PATH}"',' /etc/nginx/sites-enabled/gitlab
sed -i 's,{{SSL_DHPARAM_PATH}},'"${SSL_DHPARAM_PATH}"',' /etc/nginx/sites-enabled/gitlab
sed -i 's/{{SSL_VERIFY_CLIENT}}/'"${SSL_VERIFY_CLIENT}"'/' /etc/nginx/sites-enabled/gitlab
if [[ -f ${CA_CERTIFICATES_PATH} ]]; then
sed -i 's,{{CA_CERTIFICATES_PATH}},'"${CA_CERTIFICATES_PATH}"',' /etc/nginx/sites-enabled/gitlab
else
sed -i '/{{CA_CERTIFICATES_PATH}}/d' /etc/nginx/sites-enabled/gitlab
fi
if [[ ${GITLAB_HTTPS_HSTS_ENABLED} == true ]]; then
sed -i 's/{{GITLAB_HTTPS_HSTS_MAXAGE}}/'"${GITLAB_HTTPS_HSTS_MAXAGE}"'/' /etc/nginx/sites-enabled/gitlab
else
sed -i '/{{GITLAB_HTTPS_HSTS_MAXAGE}}/d' /etc/nginx/sites-enabled/gitlab
fi
fi
}
nginx_configure_gitlab_relative_url() {
if [[ -n ${GITLAB_RELATIVE_URL_ROOT} ]]; then
echo "Configuring nginx::gitlab::relative_url..."
sed -i 's,{{GITLAB_RELATIVE_URL_ROOT}},'"${GITLAB_RELATIVE_URL_ROOT}"',g' /etc/nginx/sites-enabled/gitlab
sed -i 's,{{GITLAB_RELATIVE_URL_ROOT__with_trailing_slash}},'"${GITLAB_RELATIVE_URL_ROOT}/"',g' /etc/nginx/sites-enabled/gitlab
sed -i 's,# alias '"${GITLAB_INSTALL_DIR}"'/public,alias '"${GITLAB_INSTALL_DIR}"'/public,' /etc/nginx/sites-enabled/gitlab
exec_as_git sed -i 's,# config.relative_url_root = "/gitlab",config.relative_url_root = "'${GITLAB_RELATIVE_URL_ROOT}'",' ${GITLAB_INSTALL_DIR}/config/application.rb
exec_as_git sed -i 's,# relative_url_root: {{GITLAB_RELATIVE_URL_ROOT}},relative_url_root: '${GITLAB_RELATIVE_URL_ROOT}',' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
else
sed -i 's,{{GITLAB_RELATIVE_URL_ROOT}},/,' /etc/nginx/sites-enabled/gitlab
sed -i 's,{{GITLAB_RELATIVE_URL_ROOT__with_trailing_slash}},/,g' /etc/nginx/sites-enabled/gitlab
fi
}
nginx_configure_gitlab_ipv6() {
if [[ ! -f /proc/net/if_inet6 ]]; then
# disable ipv6 support
sed -i -e '/listen \[::\]:80/ s/^#*/#/' /etc/nginx/sites-enabled/gitlab
sed -i -e '/listen \[::\]:443/ s/^#*/#/' /etc/nginx/sites-enabled/gitlab
fi
}
nginx_configure_gitlab() {
echo "Configuring nginx::gitlab..."
sed -i 's,{{GITLAB_INSTALL_DIR}},'"${GITLAB_INSTALL_DIR}"',g' /etc/nginx/sites-enabled/gitlab
sed -i 's,{{GITLAB_LOG_DIR}},'"${GITLAB_LOG_DIR}"',g' /etc/nginx/sites-enabled/gitlab
sed -i 's/{{YOUR_SERVER_FQDN}}/'"${GITLAB_HOST}"'/' /etc/nginx/sites-enabled/gitlab
sed -i 's/{{GITLAB_PORT}}/'"${GITLAB_PORT}"'/' /etc/nginx/sites-enabled/gitlab
sed -i 's/{{NGINX_PROXY_BUFFERING}}/'"${NGINX_PROXY_BUFFERING}"'/g' /etc/nginx/sites-enabled/gitlab
sed -i 's/{{NGINX_ACCEL_BUFFERING}}/'"${NGINX_ACCEL_BUFFERING}"'/g' /etc/nginx/sites-enabled/gitlab
sed -i 's/{{NGINX_MAX_UPLOAD_SIZE}}/'"${NGINX_MAX_UPLOAD_SIZE}"'/' /etc/nginx/sites-enabled/gitlab
sed -i 's/{{NGINX_X_FORWARDED_PROTO}}/'"${NGINX_X_FORWARDED_PROTO}"'/g' /etc/nginx/sites-enabled/gitlab
nginx_configure_gitlab_ssl
nginx_configure_gitlab_relative_url
nginx_configure_gitlab_ipv6
}
nginx_configure_gitlab_ci() {
if [[ -n $GITLAB_CI_HOST ]]; then
echo "Configuring nginx::gitlab_ci..."
sed -i 's,{{GITLAB_LOG_DIR}},'"${GITLAB_LOG_DIR}"',g' /etc/nginx/sites-enabled/gitlab_ci
sed -i 's/{{GITLAB_HOST}}/'"${GITLAB_HOST}"'/g' /etc/nginx/sites-enabled/gitlab_ci
sed -i 's/{{GITLAB_CI_HOST}}/'"${GITLAB_CI_HOST}"'/' /etc/nginx/sites-enabled/gitlab_ci
DNS_RESOLVERS=$(cat /etc/resolv.conf | grep '^\s*nameserver' | awk '{print $2}' ORS=' ')
sed -i 's/{{DNS_RESOLVERS}}/'"${DNS_RESOLVERS}"'/' /etc/nginx/sites-enabled/gitlab_ci
fi
}
# _|_|_| _| _| _|
# _| _| _| _| _|_|_| _| _|_|_|
# _|_|_| _| _| _| _| _| _| _|
# _| _| _| _| _| _| _| _|
# _| _|_|_| _|_|_| _| _| _|_|_|
map_uidgid() {
USERMAP_ORIG_UID=$(id -u ${GITLAB_USER})
USERMAP_ORIG_GID=$(id -g ${GITLAB_USER})
USERMAP_GID=${USERMAP_GID:-${USERMAP_UID:-$USERMAP_ORIG_GID}}
USERMAP_UID=${USERMAP_UID:-$USERMAP_ORIG_UID}
if [[ ${USERMAP_UID} != ${USERMAP_ORIG_UID} ]] || [[ ${USERMAP_GID} != ${USERMAP_ORIG_GID} ]]; then
echo "Mapping UID and GID for ${GITLAB_USER}:${GITLAB_USER} to $USERMAP_UID:$USERMAP_GID"
groupmod -g ${USERMAP_GID} ${GITLAB_USER}
sed -i -e "s/:${USERMAP_ORIG_UID}:${USERMAP_GID}:/:${USERMAP_UID}:${USERMAP_GID}:/" /etc/passwd
find ${GITLAB_HOME} -path ${GITLAB_DATA_DIR}/\* -prune -o -print0 | xargs -0 chown -h ${GITLAB_USER}:${GITLAB_USER}
fi
}
update_ca_certificates() {
if [[ -f ${SSL_CERTIFICATE_PATH} || -f ${CA_CERTIFICATES_PATH} ]]; then
echo "Updating CA certificates..."
[[ -f ${SSL_CERTIFICATE_PATH} ]] && cp "${SSL_CERTIFICATE_PATH}" /usr/local/share/ca-certificates/gitlab.crt
[[ -f ${CA_CERTIFICATES_PATH} ]] && cp "${CA_CERTIFICATES_PATH}" /usr/local/share/ca-certificates/ca.crt
update-ca-certificates --fresh >/dev/null
fi
}
initialize_logdir() {
echo "Initializing logdir..."
mkdir -p ${GITLAB_LOG_DIR}/supervisor
chmod -R 0755 ${GITLAB_LOG_DIR}/supervisor
chown -R root:root ${GITLAB_LOG_DIR}/supervisor
mkdir -p ${GITLAB_LOG_DIR}/nginx
chmod -R 0755 ${GITLAB_LOG_DIR}/nginx
chown -R ${GITLAB_USER}:${GITLAB_USER} ${GITLAB_LOG_DIR}/nginx
mkdir -p ${GITLAB_LOG_DIR}/gitlab
chmod -R 0755 ${GITLAB_LOG_DIR}/gitlab
chown -R ${GITLAB_USER}:${GITLAB_USER} ${GITLAB_LOG_DIR}/gitlab
mkdir -p ${GITLAB_LOG_DIR}/gitlab-shell
chmod -R 0755 ${GITLAB_LOG_DIR}/gitlab-shell
chown -R ${GITLAB_USER}:${GITLAB_USER} ${GITLAB_LOG_DIR}/gitlab-shell
}
initialize_datadir() {
echo "Initializing datadir..."
chmod 755 ${GITLAB_DATA_DIR}
chown ${GITLAB_USER}:${GITLAB_USER} ${GITLAB_DATA_DIR}
# create the ssh directory for server keys
mkdir -p ${GITLAB_DATA_DIR}/ssh
chown -R root:root ${GITLAB_DATA_DIR}/ssh
# create the repositories directory and make sure it has the right permissions
mkdir -p ${GITLAB_REPOS_DIR}
chown ${GITLAB_USER}:${GITLAB_USER} ${GITLAB_REPOS_DIR}
chmod ug+rwX,o-rwx ${GITLAB_REPOS_DIR}
exec_as_git chmod g+s ${GITLAB_REPOS_DIR}
# create build traces directory
mkdir -p ${GITLAB_BUILDS_DIR}
chmod u+rwX ${GITLAB_BUILDS_DIR}
chown ${GITLAB_USER}:${GITLAB_USER} ${GITLAB_BUILDS_DIR}
# gitlab:backup:create does not respect the builds_path configuration, so we
# symlink ${GITLAB_INSTALL_DIR}/builds -> ${GITLAB_BUILDS_DIR}
rm -rf ${GITLAB_INSTALL_DIR}/builds
ln -sf ${GITLAB_BUILDS_DIR} ${GITLAB_INSTALL_DIR}/builds
# create shared directory
mkdir -p ${GITLAB_SHARED_DIR}/artifacts/tmp/{cache,uploads}
chmod u+rwX ${GITLAB_SHARED_DIR}
chown ${GITLAB_USER}:${GITLAB_USER} ${GITLAB_SHARED_DIR}
# symlink ${GITLAB_INSTALL_DIR}/shared -> ${GITLAB_DATA_DIR}/shared
rm -rf ${GITLAB_INSTALL_DIR}/shared
ln -sf ${GITLAB_SHARED_DIR} ${GITLAB_INSTALL_DIR}/shared
# create lfs-objects directory
mkdir -p ${GITLAB_LFS_OBJECTS_DIR}
chmod u+rwX ${GITLAB_LFS_OBJECTS_DIR}
chown ${GITLAB_USER}:${GITLAB_USER} ${GITLAB_LFS_OBJECTS_DIR}
# create the backups directory
mkdir -p ${GITLAB_BACKUP_DIR}
chown ${GITLAB_USER}:${GITLAB_USER} ${GITLAB_BACKUP_DIR}
# create the uploads directory
mkdir -p ${GITLAB_DATA_DIR}/uploads
chmod 0750 ${GITLAB_DATA_DIR}/uploads
chown ${GITLAB_USER}:${GITLAB_USER} ${GITLAB_DATA_DIR}/uploads
# create the .ssh directory
mkdir -p ${GITLAB_DATA_DIR}/.ssh
touch ${GITLAB_DATA_DIR}/.ssh/authorized_keys
chmod 700 ${GITLAB_DATA_DIR}/.ssh
chmod 600 ${GITLAB_DATA_DIR}/.ssh/authorized_keys
chown -R ${GITLAB_USER}:${GITLAB_USER} ${GITLAB_DATA_DIR}/.ssh
# if relative_url is used the assets are compiled at runtime and placed in the
# data volume for persistence. We set up symbolic links here to achieve this.
if [[ -n ${GITLAB_RELATIVE_URL_ROOT} ]]; then
# symlink ${GITLAB_INSTALL_DIR}/tmp/cache -> ${GITLAB_DATA_DIR}/tmp/cache
rm -rf ${GITLAB_INSTALL_DIR}/tmp/cache
exec_as_git ln -s ${GITLAB_DATA_DIR}/tmp/cache ${GITLAB_INSTALL_DIR}/tmp/cache
# symlink ${GITLAB_INSTALL_DIR}/public/assets -> ${GITLAB_DATA_DIR}/tmp/public/assets
rm -rf ${GITLAB_INSTALL_DIR}/public/assets
exec_as_git ln -s ${GITLAB_DATA_DIR}/tmp/public/assets ${GITLAB_INSTALL_DIR}/public/assets
fi
}
sanitize_datadir() {
echo "Sanitizing datadir. Please be patient..."
chmod -R ug+rwX,o-rwx ${GITLAB_REPOS_DIR}/
chmod -R ug-s ${GITLAB_REPOS_DIR}/
find ${GITLAB_REPOS_DIR}/ -type d -print0 | xargs -0 chmod g+s
chown -R ${GITLAB_USER}:${GITLAB_USER} ${GITLAB_REPOS_DIR}
chmod -R u+rwX ${GITLAB_BUILDS_DIR}
chown -R ${GITLAB_USER}:${GITLAB_USER} ${GITLAB_BUILDS_DIR}
chmod -R u+rwX ${GITLAB_SHARED_DIR}
chown -R ${GITLAB_USER}:${GITLAB_USER} ${GITLAB_SHARED_DIR}
chmod -R u+rwX ${GITLAB_LFS_OBJECTS_DIR}
chown -R ${GITLAB_USER}:${GITLAB_USER} ${GITLAB_LFS_OBJECTS_DIR}
find ${GITLAB_DATA_DIR}/uploads -type f -exec chmod 0644 {} \;
find ${GITLAB_DATA_DIR}/uploads -type d -not -path ${GITLAB_DATA_DIR}/uploads -exec chmod 0755 {} \;
chmod 0750 ${GITLAB_DATA_DIR}/uploads/
chown ${GITLAB_USER}:${GITLAB_USER} ${GITLAB_DATA_DIR}/uploads/
echo "Creating gitlab-shell hooks..."
exec_as_git ${GITLAB_SHELL_INSTALL_DIR}/bin/create-hooks
}
generate_ssh_key() {
echo -n "${1^^} "
ssh-keygen -qt ${1} -N '' -f ${2}
}
generate_ssh_host_keys() {
sed -i 's,HostKey /etc/ssh/,HostKey '"${GITLAB_DATA_DIR}"'/ssh/,g' /etc/ssh/sshd_config
if [[ ! -e ${GITLAB_DATA_DIR}/ssh/ssh_host_rsa_key ]]; then
echo -n "Generating OpenSSH host keys... "
generate_ssh_key rsa1 ${GITLAB_DATA_DIR}/ssh/ssh_host_key
generate_ssh_key rsa ${GITLAB_DATA_DIR}/ssh/ssh_host_rsa_key
generate_ssh_key dsa ${GITLAB_DATA_DIR}/ssh/ssh_host_dsa_key
generate_ssh_key ecdsa ${GITLAB_DATA_DIR}/ssh/ssh_host_ecdsa_key
generate_ssh_key ed25519 ${GITLAB_DATA_DIR}/ssh/ssh_host_ed25519_key
echo
fi
# ensure existing host keys have the right permissions
chmod 0600 ${GITLAB_DATA_DIR}/ssh/*_key
chmod 0644 ${GITLAB_DATA_DIR}/ssh/*.pub
}
initialize_system() {
map_uidgid
initialize_logdir
initialize_datadir
update_ca_certificates
generate_ssh_host_keys
install_configuration_templates
rm -rf /var/run/supervisor.sock
}
install_configuration_templates() {
echo "Installing configuration templates..."
install_template ${GITLAB_USER} gitlabhq/gitlab.yml ${GITLAB_INSTALL_DIR}/config/gitlab.yml
install_template ${GITLAB_USER} gitlabhq/database.yml ${GITLAB_INSTALL_DIR}/config/database.yml
install_template ${GITLAB_USER} gitlabhq/unicorn.rb ${GITLAB_INSTALL_DIR}/config/unicorn.rb
install_template ${GITLAB_USER} gitlabhq/resque.yml ${GITLAB_INSTALL_DIR}/config/resque.yml
install_template ${GITLAB_USER} gitlabhq/secrets.yml ${GITLAB_INSTALL_DIR}/config/secrets.yml
install_template ${GITLAB_USER} gitlabhq/rack_attack.rb ${GITLAB_INSTALL_DIR}/config/initializers/rack_attack.rb
install_template ${GITLAB_USER} gitlab-shell/config.yml ${GITLAB_SHELL_INSTALL_DIR}/config.yml
if [[ ${SMTP_ENABLED} == true ]]; then
install_template ${GITLAB_USER} gitlabhq/smtp_settings.rb ${GITLAB_INSTALL_DIR}/config/initializers/smtp_settings.rb
fi
# custom user specified robots.txt
if [[ -f ${GITLAB_ROBOTS_PATH} ]]; then
exec_as_git cp ${GITLAB_ROBOTS_PATH} ${GITLAB_INSTALL_DIR}/public/robots.txt
fi
## /etc/nginx/sites-enabled/gitlab
if [[ ${GITLAB_HTTPS} == true ]]; then
if [[ -f ${SSL_CERTIFICATE_PATH} && -f ${SSL_KEY_PATH} && -f ${SSL_DHPARAM_PATH} ]]; then
install_template root nginx/gitlab-ssl /etc/nginx/sites-enabled/gitlab
else
echo "SSL keys and certificates were not found."
echo "Assuming that the container is running behind a HTTPS enabled load balancer."
install_template root nginx/gitlab /etc/nginx/sites-enabled/gitlab
fi
else
install_template root nginx/gitlab /etc/nginx/sites-enabled/gitlab
fi
if [[ -n $GITLAB_CI_HOST ]]; then
install_template root nginx/gitlab_ci /etc/nginx/sites-enabled/gitlab_ci
fi
}
configure_gitlab() {
echo "Configuring gitlab..."
exec_as_git sed -i 's,{{GITLAB_INSTALL_DIR}},'"${GITLAB_INSTALL_DIR}"',g' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
exec_as_git sed -i 's,{{GITLAB_SHELL_INSTALL_DIR}},'"${GITLAB_SHELL_INSTALL_DIR}"',g' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
exec_as_git sed -i 's,{{GITLAB_DATA_DIR}},'"${GITLAB_DATA_DIR}"',g' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
exec_as_git sed -i 's,{{GITLAB_REPOS_DIR}},'"${GITLAB_REPOS_DIR}"',g' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
exec_as_git sed -i 's,{{GITLAB_SHARED_DIR}},'"${GITLAB_SHARED_DIR}"',g' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
exec_as_git sed -i 's/{{GITLAB_HOST}}/'"${GITLAB_HOST}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
exec_as_git sed -i 's/{{GITLAB_PORT}}/'"${GITLAB_PORT}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
exec_as_git sed -i 's/{{GITLAB_HTTPS}}/'"${GITLAB_HTTPS}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
exec_as_git sed -i 's/{{GITLAB_MAX_SIZE}}/'"${GITLAB_MAX_SIZE}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
exec_as_git sed -i 's/{{GITLAB_SSH_HOST}}/'"${GITLAB_SSH_HOST}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
exec_as_git sed -i 's/{{GITLAB_SSH_PORT}}/'"${GITLAB_SSH_PORT}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
exec_as_git sed -i 's/{{GITLAB_USERNAME_CHANGE}}/'"${GITLAB_USERNAME_CHANGE}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
exec_as_git sed -i 's/{{GITLAB_CREATE_GROUP}}/'"${GITLAB_CREATE_GROUP}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
exec_as_git sed -i 's/{{GITLAB_TIMEOUT}}/'"${GITLAB_TIMEOUT}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
gitlab_configure_database
gitlab_configure_redis
gitlab_configure_secrets
gitlab_configure_sidekiq
gitlab_configure_unicorn
gitlab_configure_timezone
gitlab_configure_ci
gitlab_configure_lfs
gitlab_configure_project_features
gitlab_configure_mail_delivery
gitlab_configure_mailroom
gitlab_configure_oauth
gitlab_configure_ldap
gitlab_configure_gravatar
gitlab_configure_analytics
gitlab_configure_backups
}
configure_gitlab_shell() {
echo "Configuring gitlab-shell..."
exec_as_git sed -i 's,{{GITLAB_RELATIVE_URL_ROOT}},'"${GITLAB_RELATIVE_URL_ROOT}"',' ${GITLAB_SHELL_INSTALL_DIR}/config.yml
exec_as_git sed -i 's,{{GITLAB_HOME}},'"${GITLAB_HOME}"',g' ${GITLAB_SHELL_INSTALL_DIR}/config.yml
exec_as_git sed -i 's,{{GITLAB_LOG_DIR}},'"${GITLAB_LOG_DIR}"',g' ${GITLAB_SHELL_INSTALL_DIR}/config.yml
exec_as_git sed -i 's,{{GITLAB_DATA_DIR}},'"${GITLAB_DATA_DIR}"',g' ${GITLAB_SHELL_INSTALL_DIR}/config.yml
exec_as_git sed -i 's,{{GITLAB_BACKUP_DIR}},'"${GITLAB_BACKUP_DIR}"',g' ${GITLAB_SHELL_INSTALL_DIR}/config.yml
exec_as_git sed -i 's,{{GITLAB_REPOS_DIR}},'"${GITLAB_REPOS_DIR}"',g' ${GITLAB_SHELL_INSTALL_DIR}/config.yml
exec_as_git sed -i 's,{{GITLAB_SHELL_INSTALL_DIR}},'"${GITLAB_SHELL_INSTALL_DIR}"',g' ${GITLAB_SHELL_INSTALL_DIR}/config.yml
exec_as_git sed -i 's/{{SSL_SELF_SIGNED}}/'"${SSL_SELF_SIGNED}"'/' ${GITLAB_SHELL_INSTALL_DIR}/config.yml
exec_as_git sed -i 's/{{REDIS_HOST}}/'"${REDIS_HOST}"'/' ${GITLAB_SHELL_INSTALL_DIR}/config.yml
exec_as_git sed -i 's/{{REDIS_PORT}}/'"${REDIS_PORT}"'/' ${GITLAB_SHELL_INSTALL_DIR}/config.yml
}
configure_nginx() {
echo "Configuring nginx..."
sed -i 's/worker_processes .*/worker_processes '"${NGINX_WORKERS}"';/' /etc/nginx/nginx.conf
nginx_configure_gitlab
nginx_configure_gitlab_ci
}
migrate_database() {
# run the `gitlab:setup` rake task if required
case ${DB_TYPE} in
mysql)
QUERY="SELECT count(*) FROM information_schema.tables WHERE table_schema = '${DB_NAME}';"
COUNT=$(mysql -h ${DB_HOST} -P ${DB_PORT} -u ${DB_USER} ${DB_PASS:+-p$DB_PASS} -ss -e "${QUERY}")
;;
postgres)
QUERY="SELECT count(*) FROM information_schema.tables WHERE table_schema = 'public';"
COUNT=$(PGPASSWORD="${DB_PASS}" psql -h ${DB_HOST} -p ${DB_PORT} -U ${DB_USER} -d ${DB_NAME} -Atw -c "${QUERY}")
;;
esac
if [[ -z ${COUNT} || ${COUNT} -eq 0 ]]; then
echo "Setting up GitLab for firstrun. Please be patient, this could take a while..."
exec_as_git force=yes bundle exec rake gitlab:setup ${GITLAB_ROOT_PASSWORD:+GITLAB_ROOT_PASSWORD=$GITLAB_ROOT_PASSWORD} >/dev/null
fi
# migrate database and compile the assets if the gitlab version or relative_url has changed.
CACHE_VERSION=
[[ -f ${GITLAB_DATA_DIR}/tmp/VERSION ]] && CACHE_VERSION=$(cat ${GITLAB_DATA_DIR}/tmp/VERSION)
[[ -f ${GITLAB_DATA_DIR}/tmp/GITLAB_RELATIVE_URL_ROOT ]] && CACHE_GITLAB_RELATIVE_URL_ROOT=$(cat ${GITLAB_DATA_DIR}/tmp/GITLAB_RELATIVE_URL_ROOT)
if [[ ${GITLAB_VERSION} != ${CACHE_VERSION} || ${GITLAB_RELATIVE_URL_ROOT} != ${CACHE_GITLAB_RELATIVE_URL_ROOT} ]]; then
echo "Migrating database..."
exec_as_git bundle exec rake db:migrate >/dev/null
# recreate the tmp directory
rm -rf ${GITLAB_DATA_DIR}/tmp
exec_as_git mkdir -p ${GITLAB_DATA_DIR}/tmp/
# assets need to be recompiled when GITLAB_RELATIVE_URL_ROOT is used
if [[ -n ${GITLAB_RELATIVE_URL_ROOT} ]]; then
# create the tmp/cache and tmp/public/assets directory
exec_as_git mkdir -p ${GITLAB_DATA_DIR}/tmp/cache/
exec_as_git mkdir -p ${GITLAB_DATA_DIR}/tmp/public/assets/
echo "GITLAB_RELATIVE_URL_ROOT in use, recompiling assets, this could take a while..."
exec_as_git bundle exec rake assets:clean assets:precompile cache:clear >/dev/null 2>&1
else
# clear the cache
exec_as_git bundle exec rake cache:clear >/dev/null 2>&1
fi
# update VERSION information
exec_as_git echo "${GITLAB_VERSION}" > ${GITLAB_DATA_DIR}/tmp/VERSION
exec_as_git echo "${GITLAB_RELATIVE_URL_ROOT}" > ${GITLAB_DATA_DIR}/tmp/GITLAB_RELATIVE_URL_ROOT
fi
}
execute_raketask() {
if [[ -z ${1} ]]; then
echo "Please specify the rake task to execute. See https://github.com/gitlabhq/gitlabhq/tree/master/doc/raketasks"
return 1
fi
if [[ ${1} == gitlab:backup:restore ]]; then
interactive=true
for arg in $@
do
if [[ $arg == BACKUP=* ]]; then
interactive=false
break
fi
done
# user needs to select the backup to restore
if [[ $interactive == true ]]; then
nBackups=$(ls ${GITLAB_BACKUP_DIR}/*_gitlab_backup.tar | wc -l)
if [[ $nBackups -eq 0 ]]; then
echo "No backup present. Cannot continue restore process.".
return 1
fi
echo
for b in $(ls ${GITLAB_BACKUP_DIR} | grep gitlab_backup | sort -r)
do
echo "$b"
done
echo
read -p "Select a backup to restore: " file
if [[ ! -f ${GITLAB_BACKUP_DIR}/${file} ]]; then
echo "Specified backup does not exist. Aborting..."
return 1
fi
BACKUP=$(echo $file | cut -d'_' -f1)
fi
elif [[ ${1} == gitlab:import:repos ]]; then
# sanitize the datadir to avoid permission issues
sanitize_datadir
fi
echo "Running raketask ${1}..."
exec_as_git bundle exec rake $@ ${BACKUP:+BACKUP=$BACKUP}
}
Reference in New Issue View Git Blame Copy Permalink