mirror of
https://github.com/sameersbn/docker-gitlab.git
synced 2026-01-18 13:58:25 +00:00
a23217f163
When the ssl keys and certificates are not found, we assume that the application is running behind a load balancer with SSL support enabled.
561 lines
23 KiB
Bash
Executable File
561 lines
23 KiB
Bash
Executable File
#!/bin/bash
|
|
set -e
|
|
|
|
GITLAB_HOST=${GITLAB_HOST:-localhost}
|
|
GITLAB_PORT=${GITLAB_PORT:-}
|
|
GITLAB_SSH_PORT=${GITLAB_SSH_PORT:-$GITLAB_SHELL_SSH_PORT} # for backwards compatibility
|
|
GITLAB_SSH_PORT=${GITLAB_SSH_PORT:-22}
|
|
GITLAB_HTTPS=${GITLAB_HTTPS:-false}
|
|
GITLAB_HTTPS_ONLY=${GITLAB_HTTPS_ONLY:-true}
|
|
GITLAB_EMAIL=${GITLAB_EMAIL:-gitlab@localhost}
|
|
GITLAB_SUPPORT=${GITLAB_SUPPORT:-support@localhost}
|
|
GITLAB_SIGNUP=${GITLAB_SIGNUP:-false}
|
|
GITLAB_SIGNIN=${GITLAB_SIGNIN:-true}
|
|
GITLAB_PROJECTS_LIMIT=${GITLAB_PROJECTS_LIMIT:-100}
|
|
GITLAB_PROJECTS_VISIBILITY=${GITLAB_PROJECTS_VISIBILITY:-private}
|
|
GITLAB_RELATIVE_URL_ROOT=${GITLAB_RELATIVE_URL_ROOT:-}
|
|
|
|
SSL_SELF_SIGNED=${SSL_SELF_SIGNED:-false}
|
|
SSL_CERTIFICATE_PATH=${SSL_CERTIFICATE_PATH:-/home/git/data/certs/gitlab.crt}
|
|
SSL_KEY_PATH=${SSL_KEY_PATH:-/home/git/data/certs/gitlab.key}
|
|
SSL_DHPARAM_PATH=${SSL_DHPARAM_PATH:-/home/git/data/certs/dhparam.pem}
|
|
|
|
CA_CERTIFICATES_PATH=${CA_CERTIFICATES_PATH:-/home/git/data/certs/ca.crt}
|
|
|
|
GITLAB_BACKUPS=${GITLAB_BACKUPS:-disable}
|
|
GITLAB_BACKUP_EXPIRY=${GITLAB_BACKUP_EXPIRY:-}
|
|
|
|
NGINX_MAX_UPLOAD_SIZE=${NGINX_MAX_UPLOAD_SIZE:-20m}
|
|
|
|
REDIS_HOST=${REDIS_HOST:-}
|
|
REDIS_PORT=${REDIS_PORT:-}
|
|
|
|
UNICORN_WORKERS=${UNICORN_WORKERS:-2}
|
|
UNICORN_TIMEOUT=${UNICORN_TIMEOUT:-60}
|
|
SIDEKIQ_CONCURRENCY=${SIDEKIQ_CONCURRENCY:-5}
|
|
|
|
DB_TYPE=${DB_TYPE:-}
|
|
DB_HOST=${DB_HOST:-}
|
|
DB_PORT=${DB_PORT:-}
|
|
DB_NAME=${DB_NAME:-gitlabhq_production}
|
|
DB_USER=${DB_USER:-root}
|
|
DB_PASS=${DB_PASS:-}
|
|
DB_INIT=${DB_INIT:-}
|
|
DB_POOL=${DB_POOL:-10}
|
|
|
|
SMTP_DOMAIN=${SMTP_DOMAIN:-www.gmail.com}
|
|
SMTP_HOST=${SMTP_HOST:-smtp.gmail.com}
|
|
SMTP_PORT=${SMTP_PORT:-587}
|
|
SMTP_USER=${SMTP_USER:-}
|
|
SMTP_PASS=${SMTP_PASS:-}
|
|
SMTP_STARTTLS=${SMTP_STARTTLS:-true}
|
|
[ -n "${SMTP_USER}" ] && \
|
|
SMTP_AUTHENTICATION=${SMTP_AUTHENTICATION:-login}
|
|
|
|
LDAP_ENABLED=${LDAP_ENABLED:-false}
|
|
LDAP_HOST=${LDAP_HOST:-}
|
|
LDAP_PORT=${LDAP_PORT:-636}
|
|
LDAP_UID=${LDAP_UID:-sAMAccountName}
|
|
LDAP_METHOD=${LDAP_METHOD:-ssl}
|
|
LDAP_BIND_DN=${LDAP_BIND_DN:-}
|
|
LDAP_PASS=${LDAP_PASS:-}
|
|
LDAP_ALLOW_USERNAME_OR_EMAIL_LOGIN=${LDAP_ALLOW_USERNAME_OR_EMAIL_LOGIN:-}
|
|
LDAP_BASE=${LDAP_BASE:-}
|
|
LDAP_USER_FILTER=${LDAP_USER_FILTER:-}
|
|
|
|
# is a redis container linked?
|
|
if [ -n "${REDISIO_PORT_6379_TCP_ADDR}" ]; then
|
|
REDIS_HOST=${REDIS_HOST:-${REDISIO_PORT_6379_TCP_ADDR}}
|
|
REDIS_PORT=${REDIS_PORT:-${REDISIO_PORT_6379_TCP_PORT}}
|
|
fi
|
|
|
|
# fallback to using internal redis server
|
|
REDIS_HOST=${REDIS_HOST:-localhost}
|
|
REDIS_PORT=${REDIS_PORT:-6379}
|
|
|
|
# is a mysql or postgresql database linked?
|
|
# requires that the mysql or postgresql containers have exposed
|
|
# port 3306 and 5432 respectively.
|
|
if [ -n "${MYSQL_PORT_3306_TCP_ADDR}" ]; then
|
|
DB_TYPE=mysql
|
|
DB_HOST=${DB_HOST:-${MYSQL_PORT_3306_TCP_ADDR}}
|
|
DB_PORT=${DB_PORT:-${MYSQL_PORT_3306_TCP_PORT}}
|
|
elif [ -n "${POSTGRESQL_PORT_5432_TCP_ADDR}" ]; then
|
|
DB_TYPE=postgres
|
|
DB_HOST=${DB_HOST:-${POSTGRESQL_PORT_5432_TCP_ADDR}}
|
|
DB_PORT=${DB_PORT:-${POSTGRESQL_PORT_5432_TCP_PORT}}
|
|
fi
|
|
|
|
# fallback to using the internal mysql server
|
|
DB_TYPE=${DB_TYPE:-mysql}
|
|
DB_HOST=${DB_HOST:-localhost}
|
|
|
|
# use default port number if it is still not set
|
|
case "${DB_TYPE}" in
|
|
mysql) DB_PORT=${DB_PORT:-3306} ;;
|
|
postgres) DB_PORT=${DB_PORT:-5432} ;;
|
|
*) echo "Unsupported database adapter. Available adapters are mysql and postgres." && exit 1 ;;
|
|
esac
|
|
|
|
case "${GITLAB_HTTPS}" in
|
|
true)
|
|
GITLAB_URL="https://${GITLAB_HOST}${GITLAB_PORT:+:$GITLAB_PORT}${GITLAB_RELATIVE_URL_ROOT}/"
|
|
GITLAB_PORT=${GITLAB_PORT:-443}
|
|
;;
|
|
*)
|
|
GITLAB_URL="http://${GITLAB_HOST}${GITLAB_PORT:+:$GITLAB_PORT}${GITLAB_RELATIVE_URL_ROOT}/"
|
|
GITLAB_PORT=${GITLAB_PORT:-80}
|
|
;;
|
|
esac
|
|
|
|
case "${GITLAB_BACKUPS}" in
|
|
daily|monthly) GITLAB_BACKUP_EXPIRY=${GITLAB_BACKUP_EXPIRY:-604800} ;;
|
|
disable|*) GITLAB_BACKUP_EXPIRY=${GITLAB_BACKUP_EXPIRY:-0} ;;
|
|
esac
|
|
|
|
case "${LDAP_UID}" in
|
|
userPrincipalName) LDAP_ALLOW_USERNAME_OR_EMAIL_LOGIN=${LDAP_ALLOW_USERNAME_OR_EMAIL_LOGIN:-false} ;;
|
|
*) LDAP_ALLOW_USERNAME_OR_EMAIL_LOGIN=${LDAP_ALLOW_USERNAME_OR_EMAIL_LOGIN:-true}
|
|
esac
|
|
|
|
# generate a password for root.
|
|
ROOT_PASSWORD=$(pwgen -c -n -1 12)
|
|
echo "root:$ROOT_PASSWORD" | chpasswd
|
|
echo User: root Password: $ROOT_PASSWORD
|
|
|
|
if [ ! -e /home/git/data/ssh/ssh_host_rsa_key ]; then
|
|
# create ssh host keys and move them to the data store.
|
|
dpkg-reconfigure openssh-server
|
|
mkdir -p /home/git/data/ssh/
|
|
mv /etc/ssh/ssh_host_*_key /etc/ssh/ssh_host_*_key.pub /home/git/data/ssh/
|
|
fi
|
|
# configure sshd to pick up the host keys from /home/git/data/ssh/
|
|
sed -i 's,HostKey /etc/ssh/,HostKey /home/git/data/ssh/,g' -i /etc/ssh/sshd_config
|
|
|
|
# start supervisord
|
|
/usr/bin/supervisord -c /etc/supervisor/supervisord.conf
|
|
|
|
echo "Starting openssh server..."
|
|
supervisorctl start sshd >/dev/null
|
|
|
|
# copy configuration templates
|
|
case "${GITLAB_HTTPS}" in
|
|
true)
|
|
if [ -f "${SSL_CERTIFICATE_PATH}" -a -f "${SSL_KEY_PATH}" -a -f "${SSL_DHPARAM_PATH}" ]; then
|
|
case "${GITLAB_HTTPS_ONLY}" in
|
|
true) cp /app/setup/config/nginx/gitlab.https.strict /etc/nginx/sites-available/gitlab ;;
|
|
*) cp /app/setup/config/nginx/gitlab.https.permissive /etc/nginx/sites-available/gitlab ;;
|
|
esac
|
|
else
|
|
echo "SSL keys and certificates were not found."
|
|
echo "Assuming that the container is running behind a HTTPS enabled load balancer."
|
|
cp /app/setup/config/nginx/gitlab /etc/nginx/sites-available/gitlab
|
|
fi
|
|
;;
|
|
*) cp /app/setup/config/nginx/gitlab /etc/nginx/sites-available/gitlab ;;
|
|
esac
|
|
|
|
sudo -u git -H cp -a /app/setup/config/gitlab-shell/config.yml /home/git/gitlab-shell/config.yml
|
|
sudo -u git -H cp /app/setup/config/gitlabhq/gitlab.yml /home/git/gitlab/config/gitlab.yml
|
|
sudo -u git -H cp /app/setup/config/gitlabhq/resque.yml /home/git/gitlab/config/resque.yml
|
|
sudo -u git -H cp /app/setup/config/gitlabhq/database.yml /home/git/gitlab/config/database.yml
|
|
sudo -u git -H cp /app/setup/config/gitlabhq/sidekiq.yml /home/git/gitlab/config/sidekiq.yml
|
|
sudo -u git -H cp /app/setup/config/gitlabhq/unicorn.rb /home/git/gitlab/config/unicorn.rb
|
|
sudo -u git -H cp /app/setup/config/gitlabhq/rack_attack.rb /home/git/gitlab/config/initializers/rack_attack.rb
|
|
sudo -u git -H cp /app/setup/config/gitlabhq/smtp_settings.rb /home/git/gitlab/config/initializers/smtp_settings.rb
|
|
|
|
# override default configuration templates with user templates
|
|
if [ -d /home/git/data/config ]; then
|
|
chown -R git:git /home/git/data/config
|
|
cd /home/git/data/config
|
|
case "${GITLAB_HTTPS}" in
|
|
true)
|
|
case "${GITLAB_HTTPS_ONLY}" in
|
|
true) [ -f nginx/gitlab.https.strict ] && cp nginx/gitlab.https.strict /etc/nginx/sites-available/gitlab ;;
|
|
*) [ -f nginx/gitlab.https.permissive ] && cp nginx/gitlab.https.permissive /etc/nginx/sites-available/gitlab ;;
|
|
esac
|
|
;;
|
|
*) [ -f nginx/gitlab ] && cp nginx/gitlab /etc/nginx/sites-available/gitlab ;;
|
|
esac
|
|
|
|
[ -f gitlab-shell/config.yml ] && sudo -u git -H cp gitlab-shell/config.yml /home/git/gitlab-shell/config.yml
|
|
[ -f gitlabhq/gitlab.yml ] && sudo -u git -H cp gitlabhq/gitlab.yml /home/git/gitlab/config/gitlab.yml
|
|
[ -f gitlabhq/resque.yml ] && sudo -u git -H cp gitlabhq/resque.yml /home/git/gitlab/config/resque.yml
|
|
[ -f gitlabhq/database.yml ] && sudo -u git -H cp gitlabhq/database.yml /home/git/gitlab/config/database.yml
|
|
[ -f gitlabhq/sidekiq.yml ] && sudo -u git -H cp gitlabhq/sidekiq.yml /home/git/gitlab/config/sidekiq.yml
|
|
[ -f gitlabhq/unicorn.rb ] && sudo -u git -H cp gitlabhq/unicorn.rb /home/git/gitlab/config/unicorn.rb
|
|
[ -f gitlabhq/rack_attack.rb ] && sudo -u git -H cp gitlabhq/rack_attack.rb /home/git/gitlab/config/initializers/rack_attack.rb
|
|
[ -f gitlabhq/smtp_settings.rb ] && sudo -u git -H cp gitlabhq/smtp_settings.rb /home/git/gitlab/config/initializers/smtp_settings.rb
|
|
fi
|
|
|
|
sed 's/{{YOUR_SERVER_FQDN}}/'"${GITLAB_HOST}"'/g' -i /etc/nginx/sites-available/gitlab
|
|
sed 's/{{GITLAB_PORT}}/'"${GITLAB_PORT}"'/' -i /etc/nginx/sites-available/gitlab
|
|
sed 's,{{SSL_CERTIFICATE_PATH}},'"${SSL_CERTIFICATE_PATH}"',' -i /etc/nginx/sites-available/gitlab
|
|
sed 's,{{SSL_KEY_PATH}},'"${SSL_KEY_PATH}"',' -i /etc/nginx/sites-available/gitlab
|
|
sed 's,{{SSL_DHPARAM_PATH}},'"${SSL_DHPARAM_PATH}"',' -i /etc/nginx/sites-available/gitlab
|
|
sed 's/{{NGINX_MAX_UPLOAD_SIZE}}/'"${NGINX_MAX_UPLOAD_SIZE}"'/g' -i /etc/nginx/sites-available/gitlab
|
|
|
|
# configure relative_url_root
|
|
sed 's,{{GITLAB_RELATIVE_URL_ROOT}},'${GITLAB_RELATIVE_URL_ROOT}',g' -i /etc/nginx/sites-available/gitlab
|
|
|
|
echo "Starting nginx..."
|
|
supervisorctl start nginx >/dev/null
|
|
|
|
echo "Updating CA certificates..."
|
|
[ -f "${SSL_CERTIFICATE_PATH}" ] && cp "${SSL_CERTIFICATE_PATH}" /usr/local/share/ca-certificates/gitlab.crt
|
|
[ -f "${CA_CERTIFICATES_PATH}" ] && cp "${CA_CERTIFICATES_PATH}" /usr/local/share/ca-certificates/ca.crt
|
|
update-ca-certificates --fresh >/dev/null 2>&1
|
|
|
|
# start mysql server if ${DB_HOST} is localhost
|
|
if [ "${DB_HOST}" == "localhost" ]; then
|
|
if [ "${DB_TYPE}" == "postgres" ]; then
|
|
echo "DB_TYPE 'postgres' is not supported internally. Please provide DB_HOST."
|
|
exit 1
|
|
fi
|
|
|
|
# fix permissions and ownership of /var/lib/mysql
|
|
chown -R mysql:mysql /var/lib/mysql
|
|
chmod 700 /var/lib/mysql
|
|
|
|
# initialize MySQL data directory
|
|
if [ ! -d /var/lib/mysql/mysql ]; then
|
|
mysql_install_db --user=mysql
|
|
fi
|
|
|
|
echo "Starting mysql server..."
|
|
supervisorctl start mysqld >/dev/null
|
|
|
|
# wait for mysql server to start (max 120 seconds)
|
|
timeout=120
|
|
while ! mysqladmin -uroot ${DB_PASS:+-p$DB_PASS} status >/dev/null 2>&1
|
|
do
|
|
timeout=$(expr $timeout - 1)
|
|
if [ $timeout -eq 0 ]; then
|
|
echo "Failed to start mysql server"
|
|
exit 1
|
|
fi
|
|
sleep 1
|
|
done
|
|
|
|
if ! echo "USE ${DB_NAME}" | mysql -uroot ${DB_PASS:+-p$DB_PASS} >/dev/null 2>&1; then
|
|
DB_INIT="yes"
|
|
echo "CREATE DATABASE IF NOT EXISTS \`${DB_NAME}\` DEFAULT CHARACTER SET \`utf8\` COLLATE \`utf8_unicode_ci\`;" | mysql -uroot ${DB_PASS:+-p$DB_PASS}
|
|
echo "GRANT SELECT, LOCK TABLES, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER ON \`${DB_NAME}\`.* TO 'root'@'localhost';" | mysql -uroot ${DB_PASS:+-p$DB_PASS}
|
|
fi
|
|
fi
|
|
|
|
if [ "${REDIS_HOST}" == "localhost" ]; then
|
|
echo "Starting redis server..."
|
|
supervisorctl start redis-server >/dev/null
|
|
fi
|
|
|
|
# configure git for the 'git' user
|
|
sudo -u git -H git config --global user.name "GitLab"
|
|
sudo -u git -H git config --global user.email "${GITLAB_EMAIL}"
|
|
sudo -u git -H git config --global core.autocrlf input
|
|
|
|
# configure server url
|
|
sudo -u git -H sed 's/{{GITLAB_HOST}}/'"${GITLAB_HOST}"'/' -i /home/git/gitlab/config/gitlab.yml
|
|
sudo -u git -H sed 's/{{GITLAB_PORT}}/'"${GITLAB_PORT}"'/' -i /home/git/gitlab/config/gitlab.yml
|
|
sudo -u git -H sed 's/{{GITLAB_HTTPS}}/'"${GITLAB_HTTPS}"'/' -i /home/git/gitlab/config/gitlab.yml
|
|
sudo -u git -H sed 's/{{GITLAB_EMAIL}}/'"${GITLAB_EMAIL}"'/' -i /home/git/gitlab/config/gitlab.yml
|
|
sudo -u git -H sed 's/{{GITLAB_SUPPORT}}/'"${GITLAB_SUPPORT}"'/' -i /home/git/gitlab/config/gitlab.yml
|
|
sudo -u git -H sed 's/{{GITLAB_BACKUP_EXPIRY}}/'"${GITLAB_BACKUP_EXPIRY}"'/' -i /home/git/gitlab/config/gitlab.yml
|
|
|
|
sudo -u git -H sed 's/{{GITLAB_SSH_PORT}}/'"${GITLAB_SSH_PORT}"'/' -i /home/git/gitlab/config/gitlab.yml
|
|
|
|
if [ "${GITLAB_HTTPS}" == "true" -a "${GITLAB_HTTPS_ONLY}" == "false" ]; then
|
|
# hack: allow login over plain http when ssl is enabled. required to work with load balancers.
|
|
sudo -u git -H sed 's/secure: Gitlab.config.gitlab.https/secure: false/' -i /home/git/gitlab/config/initializers/session_store.rb
|
|
fi
|
|
|
|
# configure gitlab signup configuration
|
|
sudo -u git -H sed 's/{{GITLAB_SIGNUP}}/'"${GITLAB_SIGNUP}"'/' -i /home/git/gitlab/config/gitlab.yml
|
|
sudo -u git -H sed 's/{{GITLAB_SIGNIN}}/'"${GITLAB_SIGNIN}"'/' -i /home/git/gitlab/config/gitlab.yml
|
|
|
|
# configure gitlab default_projects_limit
|
|
sudo -u git -H sed 's/{{GITLAB_PROJECTS_LIMIT}}/'"${GITLAB_PROJECTS_LIMIT}"'/' -i /home/git/gitlab/config/gitlab.yml
|
|
|
|
# configure gitlab default visibility_level
|
|
sudo -u git -H sed 's/{{GITLAB_PROJECTS_VISIBILITY}}/'"${GITLAB_PROJECTS_VISIBILITY}"'/' -i /home/git/gitlab/config/gitlab.yml
|
|
|
|
# configure database
|
|
if [ "${DB_TYPE}" == "postgres" ]; then
|
|
sudo -u git -H sed 's/{{DB_ADAPTER}}/postgresql/' -i /home/git/gitlab/config/database.yml
|
|
sudo -u git -H sed 's/{{DB_ENCODING}}/unicode/' -i /home/git/gitlab/config/database.yml
|
|
sudo -u git -H sed 's/reconnect: false/#reconnect: false/' -i /home/git/gitlab/config/database.yml
|
|
elif [ "${DB_TYPE}" == "mysql" ]; then
|
|
sudo -u git -H sed 's/{{DB_ADAPTER}}/mysql2/' -i /home/git/gitlab/config/database.yml
|
|
sudo -u git -H sed 's/{{DB_ENCODING}}/utf8/' -i /home/git/gitlab/config/database.yml
|
|
sudo -u git -H sed 's/#reconnect: false/reconnect: false/' -i /home/git/gitlab/config/database.yml
|
|
else
|
|
echo "Invalid database type: '$DB_TYPE'. Supported choices: [mysql, postgres]."
|
|
fi
|
|
|
|
sudo -u git -H sed 's/{{DB_HOST}}/'"${DB_HOST}"'/' -i /home/git/gitlab/config/database.yml
|
|
sudo -u git -H sed 's/{{DB_PORT}}/'"${DB_PORT}"'/' -i /home/git/gitlab/config/database.yml
|
|
sudo -u git -H sed 's/{{DB_NAME}}/'"${DB_NAME}"'/' -i /home/git/gitlab/config/database.yml
|
|
sudo -u git -H sed 's/{{DB_USER}}/'"${DB_USER}"'/' -i /home/git/gitlab/config/database.yml
|
|
sudo -u git -H sed 's/{{DB_PASS}}/'"${DB_PASS}"'/' -i /home/git/gitlab/config/database.yml
|
|
sudo -u git -H sed 's/{{DB_POOL}}/'"${DB_POOL}"'/' -i /home/git/gitlab/config/database.yml
|
|
|
|
# configure sidekiq
|
|
sudo -u git -H sed 's/{{SIDEKIQ_CONCURRENCY}}/'"${SIDEKIQ_CONCURRENCY}"'/' -i /home/git/gitlab/config/sidekiq.yml
|
|
|
|
# configure redis
|
|
sudo -u git -H sed 's/{{REDIS_HOST}}/'"${REDIS_HOST}"'/g' -i /home/git/gitlab/config/resque.yml
|
|
sudo -u git -H sed 's/{{REDIS_PORT}}/'"${REDIS_PORT}"'/g' -i /home/git/gitlab/config/resque.yml
|
|
|
|
# configure gitlab-shell
|
|
sudo -u git -H sed 's,{{GITLAB_URL}},'"${GITLAB_URL}"',' -i /home/git/gitlab-shell/config.yml
|
|
sudo -u git -H sed 's/{{SSL_SELF_SIGNED}}/'"${SSL_SELF_SIGNED}"'/' -i /home/git/gitlab-shell/config.yml
|
|
sudo -u git -H sed 's/{{REDIS_HOST}}/'"${REDIS_HOST}"'/' -i /home/git/gitlab-shell/config.yml
|
|
sudo -u git -H sed 's/{{REDIS_PORT}}/'"${REDIS_PORT}"'/' -i /home/git/gitlab-shell/config.yml
|
|
|
|
# hack: make git over ssh work when the default http/https ports are not used.
|
|
case "${GITLAB_HTTPS}" in
|
|
true)
|
|
case "${GITLAB_HTTPS_ONLY}" in
|
|
true)
|
|
case "${SSL_SELF_SIGNED}" in
|
|
true)
|
|
# we are using self signed certificates, talk to gitlab over https on localhost
|
|
# this will make sure the api access works when the default https port is not used.
|
|
sudo -u git -H sed 's,#{config.gitlab_url}/api/v3/internal,https://localhost'${GITLAB_RELATIVE_URL_ROOT}'/api/v3/internal,' -i /home/git/gitlab-shell/lib/gitlab_net.rb
|
|
;;
|
|
*)
|
|
# signed https certificates are in use, talk to gitlab using the default gitlab_url.
|
|
# hence we are not editing anything here, just using the default.
|
|
# ps. when using signed ssl certificates, you **MUST** use the default https port.
|
|
;;
|
|
esac
|
|
;;
|
|
*)
|
|
# we are not using https only mode, talk to gitlab over plain http on localhost
|
|
# using http when available will keep things fast.
|
|
sudo -u git -H sed 's,#{config.gitlab_url}/api/v3/internal,http://localhost'${GITLAB_RELATIVE_URL_ROOT}'/api/v3/internal,' -i /home/git/gitlab-shell/lib/gitlab_net.rb
|
|
;;
|
|
esac
|
|
;;
|
|
*)
|
|
# ssl is not being used, talk to gitlab over plain http
|
|
sudo -u git -H sed 's,#{config.gitlab_url}/api/v3/internal,http://localhost'${GITLAB_RELATIVE_URL_ROOT}'/api/v3/internal,' -i /home/git/gitlab-shell/lib/gitlab_net.rb
|
|
;;
|
|
esac
|
|
|
|
# configure unicorn workers
|
|
sudo -u git -H sed 's/{{UNICORN_WORKERS}}/'"${UNICORN_WORKERS}"'/' -i /home/git/gitlab/config/unicorn.rb
|
|
|
|
# configure unicorn timeout
|
|
sudo -u git -H sed 's/{{UNICORN_TIMEOUT}}/'"${UNICORN_TIMEOUT}"'/' -i /home/git/gitlab/config/unicorn.rb
|
|
|
|
# configure mail delivery
|
|
sudo -u git -H sed 's/{{SMTP_HOST}}/'"${SMTP_HOST}"'/' -i /home/git/gitlab/config/initializers/smtp_settings.rb
|
|
sudo -u git -H sed 's/{{SMTP_PORT}}/'"${SMTP_PORT}"'/' -i /home/git/gitlab/config/initializers/smtp_settings.rb
|
|
|
|
case "${SMTP_USER}" in
|
|
"") sudo -u git -H sed '/{{SMTP_USER}}/d' -i /home/git/gitlab/config/initializers/smtp_settings.rb ;;
|
|
*) sudo -u git -H sed 's/{{SMTP_USER}}/'"${SMTP_USER}"'/' -i /home/git/gitlab/config/initializers/smtp_settings.rb ;;
|
|
esac
|
|
|
|
case "${SMTP_PASS}" in
|
|
"") sudo -u git -H sed '/{{SMTP_PASS}}/d' -i /home/git/gitlab/config/initializers/smtp_settings.rb ;;
|
|
*) sudo -u git -H sed 's/{{SMTP_PASS}}/'"${SMTP_PASS}"'/' -i /home/git/gitlab/config/initializers/smtp_settings.rb ;;
|
|
esac
|
|
|
|
sudo -u git -H sed 's/{{SMTP_DOMAIN}}/'"${SMTP_DOMAIN}"'/' -i /home/git/gitlab/config/initializers/smtp_settings.rb
|
|
sudo -u git -H sed 's/{{SMTP_STARTTLS}}/'"${SMTP_STARTTLS}"'/' -i /home/git/gitlab/config/initializers/smtp_settings.rb
|
|
|
|
case "${SMTP_AUTHENTICATION}" in
|
|
"") sudo -u git -H sed '/{{SMTP_AUTHENTICATION}}/d' -i /home/git/gitlab/config/initializers/smtp_settings.rb ;;
|
|
*) sudo -u git -H sed 's/{{SMTP_AUTHENTICATION}}/'"${SMTP_AUTHENTICATION}"'/' -i /home/git/gitlab/config/initializers/smtp_settings.rb ;;
|
|
esac
|
|
|
|
# apply LDAP configuration
|
|
sudo -u git -H sed 's/{{LDAP_ENABLED}}/'"${LDAP_ENABLED}"'/' -i /home/git/gitlab/config/gitlab.yml
|
|
sudo -u git -H sed 's/{{LDAP_HOST}}/'"${LDAP_HOST}"'/' -i /home/git/gitlab/config/gitlab.yml
|
|
sudo -u git -H sed 's/{{LDAP_PORT}}/'"${LDAP_PORT}"'/' -i /home/git/gitlab/config/gitlab.yml
|
|
sudo -u git -H sed 's/{{LDAP_UID}}/'"${LDAP_UID}"'/' -i /home/git/gitlab/config/gitlab.yml
|
|
sudo -u git -H sed 's/{{LDAP_METHOD}}/'"${LDAP_METHOD}"'/' -i /home/git/gitlab/config/gitlab.yml
|
|
sudo -u git -H sed 's/{{LDAP_BIND_DN}}/'"${LDAP_BIND_DN}"'/' -i /home/git/gitlab/config/gitlab.yml
|
|
sudo -u git -H sed 's/{{LDAP_PASS}}/'"${LDAP_PASS}"'/' -i /home/git/gitlab/config/gitlab.yml
|
|
sudo -u git -H sed 's/{{LDAP_ALLOW_USERNAME_OR_EMAIL_LOGIN}}/'"${LDAP_ALLOW_USERNAME_OR_EMAIL_LOGIN}"'/' -i /home/git/gitlab/config/gitlab.yml
|
|
sudo -u git -H sed 's/{{LDAP_BASE}}/'"${LDAP_BASE}"'/' -i /home/git/gitlab/config/gitlab.yml
|
|
sudo -u git -H sed 's/{{LDAP_USER_FILTER}}/'"${LDAP_USER_FILTER}"'/' -i /home/git/gitlab/config/gitlab.yml
|
|
|
|
# configure relative_url_root
|
|
if [ ${GITLAB_RELATIVE_URL_ROOT} ]; then
|
|
sudo -u git -H sed 's,# config.relative_url_root = "/gitlab",config.relative_url_root = "'${GITLAB_RELATIVE_URL_ROOT}'",' -i /home/git/gitlab/config/application.rb
|
|
sudo -u git -H sed 's,# relative_url_root: {{GITLAB_RELATIVE_URL_ROOT}},relative_url_root: '${GITLAB_RELATIVE_URL_ROOT}',' -i /home/git/gitlab/config/gitlab.yml
|
|
sudo -u git -H sed "s,# ENV\['RAILS_RELATIVE_URL_ROOT'\] = \"{{GITLAB_RELATIVE_URL_ROOT}}\",ENV\['RAILS_RELATIVE_URL_ROOT'\] = \"${GITLAB_RELATIVE_URL_ROOT}\"," -i /home/git/gitlab/config/unicorn.rb
|
|
fi
|
|
|
|
# take ownership of /home/git/data
|
|
chown git:git /home/git/data
|
|
|
|
# set executable flags on /home/git/data (needed if mounted from a data-only
|
|
# container using --volumes-from)
|
|
chmod +x /home/git/data
|
|
|
|
# create the repositories directory and make sure it has the right permissions
|
|
sudo -u git -H mkdir -p /home/git/data/repositories/
|
|
sudo chmod ug-s /home/git/data/repositories/
|
|
find /home/git/data/repositories/ -type d -print0 | sudo xargs -0 chmod ug+rwX,g+s,o-rwx
|
|
chown git:git /home/git/data/repositories
|
|
|
|
# create the satellites directory and make sure it has the right permissions
|
|
sudo -u git -H mkdir -p /home/git/data/gitlab-satellites/
|
|
find /home/git/data/gitlab-satellites/ -type d -print0 | sudo xargs -0 chmod u+rwx,g+rx-sw,o-rwx
|
|
chown git:git /home/git/data/gitlab-satellites
|
|
|
|
# create the tmp directory for the cache
|
|
sudo -u git -H mkdir -p /home/git/data/tmp/
|
|
chmod -R u+rwX /home/git/data/tmp/
|
|
|
|
# create the tmp/cache directory
|
|
sudo -u git -H mkdir -p /home/git/data/tmp/cache/
|
|
chown git:git /home/git/data/tmp/cache/
|
|
|
|
# create the public/assets directory
|
|
sudo -u git -H mkdir -p /home/git/data/tmp/public/assets/
|
|
chown git:git /home/git/data/tmp/public/assets/
|
|
|
|
# remove old cache directory (remove this line after a few releases)
|
|
rm -rf /home/git/data/cache
|
|
|
|
# create the backups directory
|
|
sudo -u git -H mkdir -p /home/git/data/backups/
|
|
chown git:git /home/git/data/backups/
|
|
|
|
# create the uploads directory
|
|
sudo -u git -H mkdir -p /home/git/data/uploads/
|
|
chmod -R u+rwX /home/git/data/uploads/
|
|
chown git:git /home/git/data/uploads/
|
|
|
|
# create the .ssh directory
|
|
sudo -u git -H mkdir -p /home/git/data/.ssh/
|
|
touch /home/git/data/.ssh/authorized_keys
|
|
chmod 700 /home/git/data/.ssh
|
|
chmod 600 /home/git/data/.ssh/authorized_keys
|
|
chown -R git:git /home/git/data/.ssh
|
|
|
|
cd /home/git/gitlab/
|
|
|
|
appStart () {
|
|
echo "Starting gitlab server..."
|
|
# reset the database if the --db-init switch was given.
|
|
if [ "$DB_INIT" == "yes" ]; then
|
|
echo "Initializing database..."
|
|
sudo -u git -H force=yes bundle exec rake gitlab:setup RAILS_ENV=production
|
|
fi
|
|
|
|
# compile the assets only if it does not exist or if the gitlab version has changed.
|
|
CACHE_VERSION=
|
|
GITLAB_VERSION=$(cat VERSION)
|
|
if [ -f tmp/cache/VERSION ]; then
|
|
CACHE_VERSION=$(cat tmp/cache/VERSION)
|
|
fi
|
|
if [ "${GITLAB_VERSION}" != "${CACHE_VERSION}" ]; then
|
|
echo "Compiling assets. Please be patient, this could take a while..."
|
|
sudo -u git -H bundle exec rake assets:clean RAILS_ENV=production
|
|
sudo -u git -H bundle exec rake assets:precompile RAILS_ENV=production 2>/dev/null
|
|
sudo -u git -H touch tmp/cache/VERSION
|
|
sudo -u git -H echo "${GITLAB_VERSION}" > tmp/cache/VERSION
|
|
fi
|
|
|
|
# start the gitlab application
|
|
# sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production
|
|
/etc/init.d/gitlab start
|
|
|
|
# create satellite directories
|
|
sudo -u git -H bundle exec rake gitlab:satellites:create RAILS_ENV=production
|
|
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production
|
|
|
|
# setup cron job for automatic backups
|
|
case "${GITLAB_BACKUPS}" in
|
|
daily)
|
|
sudo -u git -H cat > /tmp/cron.git <<EOF
|
|
00 04 * * * cd /home/git/gitlab && PATH=/usr/local/bin:/usr/bin:/bin bundle exec rake gitlab:backup:create RAILS_ENV=production
|
|
EOF
|
|
;;
|
|
monthly)
|
|
sudo -u git -H cat > /tmp/cron.git <<EOF
|
|
00 04 01 * * cd /home/git/gitlab && PATH=/usr/local/bin:/usr/bin:/bin bundle exec rake gitlab:backup:create RAILS_ENV=production
|
|
EOF
|
|
;;
|
|
esac
|
|
crontab -u git /tmp/cron.git && rm -rf /tmp/cron.git
|
|
|
|
# watch the access logs
|
|
tail -F /var/log/nginx/gitlab_access.log
|
|
}
|
|
|
|
appRake () {
|
|
if [ -z ${1} ]; then
|
|
echo "Please specify the rake task to execute. See https://github.com/gitlabhq/gitlabhq/tree/master/doc/raketasks"
|
|
return 1
|
|
fi
|
|
|
|
echo "Running gitlab rake task..."
|
|
|
|
if [ "$1" == "gitlab:backup:restore" ]; then
|
|
# user needs to select the backup to restore
|
|
nBackups=$(ls tmp/backups/*_gitlab_backup.tar | wc -l)
|
|
if [ $nBackups -eq 0 ]; then
|
|
echo "No backup present. Cannot continue restore process.".
|
|
return 1
|
|
fi
|
|
|
|
for b in `ls tmp/backups/ | sort -r`
|
|
do
|
|
echo " ├ $b"
|
|
done
|
|
read -p "Select a backup to restore: " file
|
|
|
|
if [ ! -f "tmp/backups/${file}" ]; then
|
|
echo "Specified backup does not exist. Aborting..."
|
|
return 1
|
|
fi
|
|
timestamp=$(echo $file | cut -d'_' -f1)
|
|
sudo -u git -H bundle exec rake gitlab:backup:restore BACKUP=$timestamp RAILS_ENV=production
|
|
else
|
|
sudo -u git -H bundle exec rake $@ RAILS_ENV=production
|
|
fi
|
|
}
|
|
|
|
appHelp () {
|
|
echo "Available options:"
|
|
echo " app:start - Starts the gitlab server (default)"
|
|
echo " app:rake <task> - Execute a rake task."
|
|
echo " app:help - Displays the help"
|
|
echo " [command] - Execute the specified linux command eg. bash."
|
|
}
|
|
|
|
case "$1" in
|
|
app:start)
|
|
appStart
|
|
;;
|
|
app:rake)
|
|
shift 1
|
|
appRake $@
|
|
;;
|
|
app:help)
|
|
appHelp
|
|
;;
|
|
*)
|
|
if [ -x $1 ]; then
|
|
$1
|
|
else
|
|
prog=$(which $1)
|
|
if [ -n "${prog}" ] ; then
|
|
shift 1
|
|
$prog $@
|
|
else
|
|
appHelp
|
|
fi
|
|
fi
|
|
;;
|
|
esac
|
|
|
|
exit 0
|