Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

First attempt at adding a gitlab-dev instance

Browse source
This commit is contained in:
Ricky Elrod 2013-03-15 17:00:44 +00:00
parent f4190c2b68
commit 1f0f6d1537
9 changed files with 365 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

10
files/gitlab/database.yml Normal file
View file

@ -0,0 +1,10 @@
production:
adapter: mysql2
encoding: utf8
reconnect: false
database: gitlabhq_production
pool: 5
username: gitlab
password: "$database_password"
# host: localhost
# # socket: /tmp/mysql.sock

13
files/gitlab/gitlab-worker.service Normal file
View file

@ -0,0 +1,13 @@
[Unit]
Description=Gitlab Resque Worker
Requires=redis.service
After=redis.service
Wants=postfix.service mysqld.service
[Service]
Type=forking
User=gitlab
WorkingDirectory=/home/gitlab/gitlab
ExecStart=/bin/sh -c "RAILS_ENV=production bundle exec rake sidekiq:start"
ExecStopPost=/bin/sh -c "RAILS_ENV=production bundle exec rake sidekiq:stop"
PIDFile=/home/gitlab/gitlab/tmp/pids/sidekiq.pid

15
files/gitlab/gitlab.service Normal file
View file

@ -0,0 +1,15 @@
[Unit]
Description=Gitlab Unicorn
Requires=redis.service mysqld.service
After=redis.service mysqld.service
Wants=postfix.service mysqld.service gitlab-worker.service
[Service]
Type=simple
User=gitlab
WorkingDirectory=/home/gitlab/gitlab
ExecStart=/bin/sh -c "bundle exec unicorn_rails -c /home/gitlab/gitlab/config/unicorn.rb -E production"
PIDFile=/home/gitlab/gitlab/tmp/pids/unicorn.pid
[Install]
WantedBy=multi-user.target

14
files/gitlab/iptables Normal file
View file

@ -0,0 +1,14 @@
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

68
files/gitlab/unicorn.rb Normal file
View file

@ -0,0 +1,68 @@
# uncomment and customize to run in non-root path
# note that config/gitlab.yml web path should also be changed
# ENV['RAILS_RELATIVE_URL_ROOT'] = "/gitlab"
app_dir = "/home/gitlab/gitlab/"
worker_processes 2
working_directory app_dir
# Load app into the master before forking workers for super-fast
# worker spawn times
preload_app true
# nuke workers after 30 seconds (60 is the default)
timeout 30
# listen on a Unix domain socket and/or a TCP port,
listen 3000 # listen to port 8080 on all TCP interfaces
#listen "127.0.0.1:8080" # listen to port 8080 on the loopback interface
listen "#{app_dir}/tmp/sockets/gitlab.socket"
pid "#{app_dir}/tmp/pids/unicorn.pid"
stderr_path "#{app_dir}/log/unicorn.stderr.log"
stdout_path "#{app_dir}/log/unicorn.stdout.log"
# http://www.rubyenterpriseedition.com/faq.html#adapt_apps_for_cow
if GC.respond_to?(:copy_on_write_friendly=)
GC.copy_on_write_friendly = true
end
before_fork do |server, worker|
# the following is highly recomended for Rails + "preload_app true"
# as there's no need for the master process to hold a connection
defined?(ActiveRecord::Base) and ActiveRecord::Base.connection.disconnect!
##
# When sent a USR2, Unicorn will suffix its pidfile with .oldbin and
# immediately start loading up a new version of itself (loaded with a new
# version of our app). When this new Unicorn is completely loaded
# it will begin spawning workers. The first worker spawned will check to
# see if an .oldbin pidfile exists. If so, this means we've just booted up
# a new Unicorn and need to tell the old one that it can now die. To do so
# we send it a QUIT.
#
# Using this method we get 0 downtime deploys.
old_pid = "#{server.config[:pid]}.oldbin"
if File.exists?(old_pid) && server.pid != old_pid
begin
sig = (worker.nr + 1) >= server.worker_processes ? :QUIT : :TTOU
Process.kill(sig, File.read(old_pid).to_i)
rescue Errno::ENOENT, Errno::ESRCH
# someone else did our job for us
end
end
end
after_fork do |server, worker|
# Unicorn master loads the app then forks off workers - because of the way
# Unix forking works, we need to make sure we aren't using any of the parent's
# sockets, e.g. db connection
defined?(ActiveRecord::Base) and ActiveRecord::Base.establish_connection
# Redis and Memcached would go here but their connections are established
# on demand, so the master never opens a socket
end

15
files/gitlab/vhost.conf Normal file
View file

@ -0,0 +1,15 @@
<VirtualHost *:80>
ServerName gitlab-dev.cloud.fedoraproject.org
# Uncomment if you want redirect from HTTP to HTTPS
#RewriteEngine on
#RewriteCond %{SERVER_PORT} ^80$
#RewriteRule ^(.*)$ https://%{SERVER_NAME}$1 [L,R]
ProxyPass / http://127.0.0.1:3000/
ProxyPassReverse / http://127.0.0.1:3000/
ProxyPreserveHost On
#CustomLog logs/httpd/gitlab-access.log combined
#ErrorLog logs/httpd/gitlab-error.log
</VirtualHost>

10
inventory/host_vars/gitlab-dev.cloud.fedoraproject.org Normal file
View file

@ -0,0 +1,10 @@
---
instance_type: m1.small
image: ami-00000016
keypair: admin
security_group: webserver
zone: fedoracloud
hostbase: gitlab-dev-
public_ip: 209.132.184.158
root_auth_users: skvidal codeblock
description: GitLab development/testing instance

1
inventory/inventory
View file

@ -329,6 +329,7 @@ virthost-comm01.qa.fedoraproject.org
209.132.184.142
# lists-dev.cloud.fedoraproject.org on openstack
209.132.184.145
gitlab-dev.cloud.fedoraproject.org
[jenkins-slaves]
209.132.184.165

219
playbooks/hosts/gitlab-dev.cloud.fedoraproject.org.yml Normal file
View file

@ -0,0 +1,219 @@
- name: check/create instance
hosts: gitlab-dev.cloud.fedoraproject.org
user: root
gather_facts: False
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
tasks:
- include: $tasks/persistent_cloud.yml
- name: provision instance
hosts: gitlab-dev.cloud.fedoraproject.org
user: root
gather_facts: True
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- ${vars}/${ansible_distribution}.yml
- ${private}/gitlab/vars.yml
tasks:
- include: $tasks/cloud_setup_basic.yml
handlers:
- include: $handlers/restart_services.yml
- hosts: gitlab-dev.cloud.fedoraproject.org
user: root
tasks:
- name: Install necessary packages
yum: state=present name=$item
with_items:
- httpd
- ruby
- rubygems
- ruby-devel
- git
- python-pygments
- perl-Data-Dumper
- postfix
- redis
- libicu-devel
- libxslt-devel
- libxml2-devel
- mysql-server
- mysql-devel
- MySQL-python
- gcc
- gcc-c++
- glibc-devel
- name: Start services and make them start on boot
shell: systemctl enable $item.service && systemctl start $item.service
with_items:
- mysqld
- redis
- httpd
- name: Create user 'git'
user: state=present name=git system=yes shell=/bin/sh comment="Git Version Control"
- name: Create user 'gitlab'
user: state=present name=gitlab groups=git comment="GitLab" generate_ssh_key=yes
notify:
- Add local ssh key to known_hosts
handlers:
- name: Add local ssh key to known_hosts
shell: ssh-keyscan localhost >> /home/gitlab/.ssh/known_hosts
- hosts: gitlab-dev.cloud.fedoraproject.org
user: root
sudo: yes
sudo_user: git
tasks:
- name: Clone the gitlab fork of gitolite
git: repo=https://github.com/gitlabhq/gitolite.git dest=/home/git/gitolite version=gl-v320
- name: ensure /home/git/bin exists
file: state=directory path=/home/git/bin
# Its not ideal to solve this using handlers, but we dont want that append script to trigger twice and its not possible to check if it has run without doing anything crazy.
notify:
- Setup gitolite PATH
- Setup gitolite symlink
handlers:
- name: Setup gitolite PATH
command: sh -c 'printf "%b\n%b\n" "PATH=\$PATH:/home/git/bin" "export PATH" >> /home/git/.profile'
- name: Setup gitolite symlink
command: sh -c 'gitolite/install -ln /home/git/bin' chdir=/home/git
- hosts: gitlab-dev.cloud.fedoraproject.org
user: root
tasks:
- name: Copy the 'gitlab' user SSH key to the 'git' user home directory
command: cp /home/gitlab/.ssh/id_rsa.pub /home/git/gitlab.pub creates=/home/git/gitlab.pub
- name: Set permissions on the copied SSH key
file: path=/home/git/gitlab.pub mode=0444
- hosts: gitlab-dev.cloud.fedoraproject.org
user: root
sudo: yes
sudo_user: git
tasks:
- name: Run gitolite setup (creates gitolite-admin repo)
command: sh -c "PATH=/home/git/bin:$PATH; gitolite setup -pk /home/git/gitlab.pub" creates=/home/git/repositories/gitolite-admin.git
- hosts: gitlab-dev.cloud.fedoraproject.org
user: root
tasks:
- name: Ensure Gitolite config dir is owned by git:git and has mode 750
file: state=directory path=/home/git/.gitolite mode=750 owner=git group=git recurse=yes
- name: Fix directory permissions for repositories (1)
command: chmod -R ug+rwX,o-rwx /home/git/repositories/
- name: Fix directory permissions for repositories (2)
file: state=directory path=/home/git/repositories owner=git group=git recurse=yes
- name: Fix directory permissions for repositories (3)
shell: find /home/git/repositories -type d -print0 | sudo xargs -0 chmod g+s
- name: Fix directory permissions for /home/git
shell: chmod 750 /home/git
- name: Create a MySQL db
mysql_db: state=present name=gitlabhq_production collation=utf8_unicode_ci encoding=utf8
- name: Add a MySQL 'gitlab' user
mysql_user: state=present name=gitlab host=localhost password=$database_password
- name: Grant permissions to the new MySQL 'gitlab' user
mysql_user: state=present name=gitlab priv=gitlabhq_production.*:SELECT,INSERT,UPDATE,DELETE,CREATE,DROP,INDEX,ALTER
- name: Install some extra necessary gems
command: gem install $item
with_items:
- charlock_holmes
- bundler
- hosts: gitlab-dev.cloud.fedoraproject.org
user: root
sudo: yes
sudo_user: gitlab
tasks:
- name: Clone GitLab 4.2 stable
git: repo=https://github.com/gitlabhq/gitlabhq.git dest=/home/gitlab/gitlab version=4-2-stable
# TODO: Make this a template in case we want to tweak.
- name: Copy example config file into place
command: cp /home/gitlab/gitlab/config/gitlab.yml.example /home/gitlab/gitlab/config/gitlab.yml creates=/home/gitlab/gitlab/config/gitlab.yml
- name: Create Unicorn config
template: src=$files/gitlab/unicorn.rb dest=/home/gitlab/gitlab/config/unicorn.rb
- name: Create database config
template: src=$files/gitlab/database.yml dest=/home/gitlab/gitlab/config/database.yml
- name: Run bundler
command: /usr/local/bin/bundle install --deployment --without development test postgres chdir=/home/gitlab/gitlab
- name: Set git username
command: chdir=/home/gitlab git config --global user.name "GitLab"
- name: Set git email
command: chdir=/home/gitlab git config --global user.email "gitlab@localhost" # Should use same user.email as in config/gitlab.yml is it really needed?
- name: run rake gitlab:setup
shell: chdir=/home/gitlab/gitlab yes yes | /usr/local/bin/bundle exec rake gitlab:setup RAILS_ENV=production
- hosts: gitlab-dev.cloud.fedoraproject.org
user: root
tasks:
- name: Copy post-receive hook
command: cp /home/gitlab/gitlab/lib/hooks/post-receive /home/git/.gitolite/hooks/common/post-receive creates=/home/git/.gitolite/hooks/common/post-receive
- name: Set permissions on post-receive hook
file: state=file path=/home/git/.gitolite/hooks/common/post-receive owner=git group=git
- name: Put gitlab and gitlab-worker systemd files in place
template: src=$files/gitlab/$item.service dest=/lib/systemd/system/$item.service
with_items:
- gitlab
- gitlab-worker
- name: Symlink systemd files into /etc
command: creates=/etc/systemd/system/$item.service ln -s /usr/lib/systemd/system/$item.service /etc/systemd/system/
with_items:
- gitlab
- gitlab-worker
- name: Tell systemd to find the new files
command: systemctl --system daemon-reload
- name: Start gitlab at boot
command: systemctl enable gitlab
- name: Start gitlab now
command: systemctl start gitlab.service
- name: Configure Apache
template: src=$files/gitlab/vhost.conf dest=/etc/httpd/conf.d/gitlab.conf
- name: Allow Apache to proxy to Unicorn (SELinux)
command: setsebool -P httpd_can_network_connect 1
- name: Restart Apache
command: service httpd restart
- name: Fix iptables
template: src=$files/gitlab/iptables dest=/etc/sysconfig/iptables
- name: Restart iptables
command: service iptables restart