archive-gh-me/gitpod
1
0
Fork 0
mirror of https://github.com/gitpod-io/gitpod.git synced 2025-12-08 17:36:30 +00:00
Code Issues Projects Releases Wiki Activity
gitpod/contrib/docker/examples/gitpod-gitlab/gitlab/entrypoint.sh

141 lines
5.7 KiB
Bash
Executable File
Raw Blame History

#!/bin/sh
# Copyright (c) 2020 Gitpod GmbH. All rights reserved.
# Licensed under the MIT License. See License-MIT.txt in the project root for license information.
set -eu
if [ -z "$BASEDOMAIN" ]; then
>&2 echo "Error: You need to set the environment variable BASEDOMAIN."
exit 1
fi
# Fix volume ownerships
[ -d "/var/gitlab/gitaly" ] && chown 1000 /var/gitlab/gitaly
[ -d "/var/gitlab/minio" ] && chown 1000 /var/gitlab/minio
[ -d "/var/gitlab/postgresql" ] && chown 1001 /var/gitlab/postgresql
[ -d "/var/gitlab/redis" ] && chown 1001 /var/gitlab/redis
# Add IP tables rules to access Docker's internal DNS 127.0.0.11 from outside
# based on https://serverfault.com/a/826424
TCP_DNS_ADDR=$(iptables-save | grep DOCKER_OUTPUT | grep tcp | grep -o '127\.0\.0\.11:.*$')
UDP_DNS_ADDR=$(iptables-save | grep DOCKER_OUTPUT | grep udp | grep -o '127\.0\.0\.11:.*$')
iptables -t nat -A PREROUTING -p tcp --dport 53 -j DNAT --to "$TCP_DNS_ADDR"
iptables -t nat -A PREROUTING -p udp --dport 53 -j DNAT --to "$UDP_DNS_ADDR"
# Add this IP to resolv.conf since CoreDNS of k3s uses this file
TMP_FILE=$(mktemp)
sed "/nameserver.*/ a nameserver $(hostname -i | cut -f1 -d' ')" /etc/resolv.conf > "$TMP_FILE"
cp "$TMP_FILE" /etc/resolv.conf
rm "$TMP_FILE"
# prepare GitLab helm installer
GITLAB_HELM_INSTALLER_FILE=/var/lib/rancher/k3s/server/manifests/gitlab-helm-installer.yaml
sed -i "s/\$BASEDOMAIN/$BASEDOMAIN/g" "$GITLAB_HELM_INSTALLER_FILE"
cat << EOF > /insert_oauth_application.sql
INSERT INTO oauth_applications (name, uid, secret, redirect_uri, scopes, created_at, updated_at, owner_id, owner_type)
VALUES (
'Gitpod',
'2ce8bfb95d9a1e0ed305427f35e10a6bdd1eef090b1890c68e5f8370782d05ee',
'a5447d23643f7e71353d9fc3ad1c15464c983c47f6eb2e80dd37de28152de05e',
'https://gitpod.$BASEDOMAIN/auth/gitlab/callback',
'api read_user read_repository',
now(), now(), 1, 'User'
);
EOF
insertoauth () {
echo "Waiting for GitLab DB migrations ..."
# shellcheck disable=SC2143
while [ -z "$(kubectl get pods | grep gitlab-migrations | grep Completed)" ]; do sleep 10; done
echo "Adding OAuth application to DB ..."
SQL=$(cat /insert_oauth_application.sql)
DBPASSWD=$(kubectl get secret gitlab-postgresql-password -o jsonpath='{.data.postgresql-postgres-password}' | base64 --decode)
kubectl exec -it gitlab-postgresql-0 -- bash -c "PGPASSWORD=$DBPASSWD psql -U postgres -d gitlabhq_production -c \"$SQL\""
echo "OAuth application added to DB."
}
insertoauth &
installation_completed_hook() {
# shellcheck disable=SC2143
while [ -z "$(kubectl get pods --all-namespaces | grep helm-install-gitlab | grep Completed)" ]; do sleep 10; done
echo "Removing installer manifest ..."
rm -f /var/lib/rancher/k3s/server/manifests/gitlab-helm-intaller.yaml
echo "Backup secrets ..."
mkdir -p /var/gitlab/secrets-backup && cd /var/gitlab/secrets-backup
# shellcheck disable=SC2143
while [ -z "$(kubectl get secrets gitlab-rails-secret | grep Opaque)" ]; do sleep 10; done
[ -f gitlab-rails-secret ] && cp gitlab-rails-secret .gitlab-rails-secret_"$(date -Iseconds)".backup
printf "secrets.yml: %s\n" "$(kubectl get secrets gitlab-rails-secret -o jsonpath="{.data['secrets\.yml']}")" > gitlab-rails-secret
# shellcheck disable=SC2143
while [ -z "$(kubectl get secrets gitlab-postgresql-password | grep Opaque)" ]; do sleep 10; done
[ -f gitlab-postgresql-password ] && cp gitlab-postgresql-password .gitlab-postgresql-password_"$(date -Iseconds)".backup
printf "postgresql-password: %s\n" "$(kubectl get secrets gitlab-postgresql-password -o jsonpath='{.data.postgresql-password}')" > gitlab-postgresql-password
printf "postgresql-postgres-password: %s\n" "$(kubectl get secrets gitlab-postgresql-password -o jsonpath='{.data.postgresql-postgres-password}')" >> gitlab-postgresql-password
# shellcheck disable=SC2143
while [ -z "$(kubectl get secrets gitlab-gitlab-runner-secret | grep Opaque)" ]; do sleep 10; done
[ -f gitlab-gitlab-runner-secret ] && cp gitlab-gitlab-runner-secret .gitlab-gitlab-runner-secret_"$(date -Iseconds)".backup
printf "runner-registration-token: %s\n" "$(kubectl get secrets gitlab-gitlab-runner-secret -o jsonpath='{.data.runner-registration-token}')" > gitlab-gitlab-runner-secret
printf "runner-token: %s\n" "$(kubectl get secrets gitlab-gitlab-runner-secret -o jsonpath='{.data.runner-token}')" >> gitlab-gitlab-runner-secret
# shellcheck disable=SC2143
while [ -z "$(kubectl get secrets gitlab-gitlab-initial-root-password | grep Opaque)" ]; do sleep 10; done
[ -f gitlab-gitlab-initial-root-password ] && cp gitlab-gitlab-initial-root-password .gitlab-gitlab-initial-root-password_"$(date -Iseconds)".backup
printf "password: %s\n" "$(kubectl get secrets gitlab-gitlab-initial-root-password -o jsonpath='{.data.password}')" > gitlab-gitlab-initial-root-password
}
installation_completed_hook &
# add HTTPS certs secret
FULLCHAIN=$(base64 --wrap=0 < /certs/fullchain.pem)
PRIVKEY=$(base64 --wrap=0 < /certs/privkey.pem)
cat << EOF > /var/lib/rancher/k3s/server/manifests/tls-certs.yaml
apiVersion: v1
kind: Secret
metadata:
name: tls-certs
type: tls
data:
cert: $FULLCHAIN
key: $PRIVKEY
EOF
# restore secrets
if [ -d /var/gitlab/secrets-backup ]; then
cd /var/gitlab/secrets-backup
# shellcheck disable=SC2045
for s in $(ls); do
echo "Restoring secret $s ..."
cat << EOF > "/var/lib/rancher/k3s/server/manifests/$s.yaml"
apiVersion: v1
kind: Secret
metadata:
name: $s
labels:
app: shared-secrets
type: Opaque
data:
EOF
sed 's/^/ /' "$s" >> "/var/lib/rancher/k3s/server/manifests/$s.yaml"
done
cd -
fi
# start k3s
/bin/k3s server --disable traefik
Reference in New Issue View Git Blame Copy Permalink