Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

nuke gitlab-dev

Browse source
This commit is contained in:
Ricky Elrod 2013-07-02 17:52:10 +00:00
parent fed9e14bb8
commit 35aad50c70
9 changed files with 0 additions and 593 deletions
Download patch file Download diff file Expand all files Collapse all files

10
files/gitlab/database.yml
View file

@ -1,10 +0,0 @@
production:
adapter: mysql2
encoding: utf8
reconnect: false
database: gitlabhq_production
pool: 5
username: gitlab
password: "$database_password"
# host: localhost
# # socket: /tmp/mysql.sock

13
files/gitlab/gitlab-worker.service
View file

@ -1,13 +0,0 @@
[Unit]
Description=Gitlab Resque Worker
Requires=redis.service
After=redis.service
Wants=postfix.service mysqld.service
[Service]
Type=forking
User=gitlab
WorkingDirectory=/home/gitlab/gitlab
ExecStart=/bin/sh -c "RAILS_ENV=production bundle exec rake sidekiq:start"
ExecStopPost=/bin/sh -c "RAILS_ENV=production bundle exec rake sidekiq:stop"
PIDFile=/home/gitlab/gitlab/tmp/pids/sidekiq.pid

15
files/gitlab/gitlab.service
View file

@ -1,15 +0,0 @@
[Unit]
Description=Gitlab Unicorn
Requires=redis.service mysqld.service
After=redis.service mysqld.service
Wants=postfix.service mysqld.service gitlab-worker.service
[Service]
Type=simple
User=gitlab
WorkingDirectory=/home/gitlab/gitlab
ExecStart=/bin/sh -c "bundle exec unicorn_rails -c /home/gitlab/gitlab/config/unicorn.rb -E production"
PIDFile=/home/gitlab/gitlab/tmp/pids/unicorn.pid
[Install]
WantedBy=multi-user.target

133
files/gitlab/gitlab.yml
View file

@ -1,133 +0,0 @@
# # # # # # # # # # # # # # # # # #
# Gitlab application config file #
# # # # # # # # # # # # # # # # # #
#
# How to use:
# 1. copy file as gitlab.yml
# 2. Replace gitlab -> host with your domain
# 3. Replace gitolite -> ssh_host with your domain
# 4. Replace gitlab -> email_from
#
# 1. GitLab app settings
# ==========================
## GitLab settings
gitlab:
## Web server settings
host: gitlab-dev.cloud.fedoraproject.org
port: 80
https: false
# Uncomment and customize to run in non-root path
# Note that ENV['RAILS_RELATIVE_URL_ROOT'] in config/unicorn.rb may need to be changed
# relative_url_root: /gitlab
# Uncomment and customize if you can't use the default user to run GitLab (default: 'gitlab')
# user: user123
## Email settings
# Email address used in the "From" field in mails sent by GitLab
email_from: gitlab@localhost
# Email address of your support contact (default: same as email_from)
support_email: support@localhost
## Project settings
default_projects_limit: 20
signup_enabled: true # default: false - Account passwords are not sent via the email if signup is enabled.
## Gravatar
gravatar:
enabled: true # Use user avatar images from Gravatar.com (default: true)
# plain_url: "http://..." # default: http://www.gravatar.com/avatar/%{hash}?s=%{size}&d=mm
# ssl_url: "https://..." # default: https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=mm
#
# 2. Auth settings
# ==========================
## LDAP settings
ldap:
enabled: false
host: '_your_ldap_server'
base: '_the_base_where_you_search_for_users'
port: 636
uid: 'sAMAccountName'
method: 'ssl' # "ssl" or "plain"
bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
password: '_the_password_of_the_bind_user'
## Omniauth settings
omniauth:
# Enable ability for users
# Allow logging in via Twitter, Google, etc. using Omniauth providers
enabled: false
# CAUTION!
# This allows users to login without having a user account first (default: false)
# User accounts will be created automatically when authentication was successful.
allow_single_sign_on: false
# Locks down those users until they have been cleared by the admin (default: true)
block_auto_created_users: true
## Auth providers
# Uncomment the lines and fill in the data of the auth provider you want to use
# If your favorite auth provider is not listed you can user others:
# see https://github.com/gitlabhq/gitlabhq/wiki/Using-Custom-Omniauth-Providers
# The 'app_id' and 'app_secret' parameters are always passed as the first two
# arguments, followed by optional 'args' which can be either a hash or an array.
providers:
# - { name: 'google_oauth2', app_id: 'YOUR APP ID',
# app_secret: 'YOUR APP SECRET',
# args: { access_type: 'offline', approval_prompt: '' } }
# - { name: 'twitter', app_id: 'YOUR APP ID',
# app_secret: 'YOUR APP SECRET'}
# - { name: 'github', app_id: 'YOUR APP ID',
# app_secret: 'YOUR APP SECRET' }
#
# 3. Advanced settings
# ==========================
# GitLab Satellites
satellites:
# Relative paths are relative to Rails.root (default: tmp/repo_satellites/)
path: /home/gitlab/gitlab-satellites/
## Backup settings
backup:
path: "tmp/backups" # Relative paths are relative to Rails.root (default: tmp/backups/)
# keep_time: 604800 # default: 0 (forever) (in seconds)
## Gitolite settings
gitolite:
admin_uri: git@localhost:gitolite-admin
# REPOS_PATH MUST NOT BE A SYMLINK!!!
repos_path: /home/git/repositories/
hooks_path: /home/git/.gitolite/hooks/
admin_key: gitlab
upload_pack: true
receive_pack: true
ssh_user: git
ssh_host: localhost
# ssh_port: 22
# config_file: gitolite.conf
# Uncomment and customize if you can't use the default group to own the repositories and run Gitolite (default: same as the 'ssh_user' above)
# owner_group: group123
## Git settings
# CAUTION!
# Use the default values unless you really know what you are doing
git:
bin_path: /usr/bin/git
# Max size of git object like commit, in bytes
# This value can be increased if you have a very large commits
max_size: 5242880 # 5.megabytes
# Git timeout to read commit, in seconds
timeout: 10

14
files/gitlab/iptables
View file

@ -1,14 +0,0 @@
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

68
files/gitlab/unicorn.rb
View file

@ -1,68 +0,0 @@
# uncomment and customize to run in non-root path
# note that config/gitlab.yml web path should also be changed
# ENV['RAILS_RELATIVE_URL_ROOT'] = "/gitlab"
app_dir = "/home/gitlab/gitlab/"
worker_processes 2
working_directory app_dir
# Load app into the master before forking workers for super-fast
# worker spawn times
preload_app true
# nuke workers after 30 seconds (60 is the default)
timeout 30
# listen on a Unix domain socket and/or a TCP port,
listen 3000 # listen to port 8080 on all TCP interfaces
#listen "127.0.0.1:8080" # listen to port 8080 on the loopback interface
listen "#{app_dir}/tmp/sockets/gitlab.socket"
pid "#{app_dir}/tmp/pids/unicorn.pid"
stderr_path "#{app_dir}/log/unicorn.stderr.log"
stdout_path "#{app_dir}/log/unicorn.stdout.log"
# http://www.rubyenterpriseedition.com/faq.html#adapt_apps_for_cow
if GC.respond_to?(:copy_on_write_friendly=)
GC.copy_on_write_friendly = true
end
before_fork do |server, worker|
# the following is highly recomended for Rails + "preload_app true"
# as there's no need for the master process to hold a connection
defined?(ActiveRecord::Base) and ActiveRecord::Base.connection.disconnect!
##
# When sent a USR2, Unicorn will suffix its pidfile with .oldbin and
# immediately start loading up a new version of itself (loaded with a new
# version of our app). When this new Unicorn is completely loaded
# it will begin spawning workers. The first worker spawned will check to
# see if an .oldbin pidfile exists. If so, this means we've just booted up
# a new Unicorn and need to tell the old one that it can now die. To do so
# we send it a QUIT.
#
# Using this method we get 0 downtime deploys.
old_pid = "#{server.config[:pid]}.oldbin"
if File.exists?(old_pid) && server.pid != old_pid
begin
sig = (worker.nr + 1) >= server.worker_processes ? :QUIT : :TTOU
Process.kill(sig, File.read(old_pid).to_i)
rescue Errno::ENOENT, Errno::ESRCH
# someone else did our job for us
end
end
end
after_fork do |server, worker|
# Unicorn master loads the app then forks off workers - because of the way
# Unix forking works, we need to make sure we aren't using any of the parent's
# sockets, e.g. db connection
defined?(ActiveRecord::Base) and ActiveRecord::Base.establish_connection
# Redis and Memcached would go here but their connections are established
# on demand, so the master never opens a socket
end

15
files/gitlab/vhost.conf
View file

@ -1,15 +0,0 @@
<VirtualHost *:80>
ServerName gitlab-dev.cloud.fedoraproject.org
# Uncomment if you want redirect from HTTP to HTTPS
#RewriteEngine on
#RewriteCond %{SERVER_PORT} ^80$
#RewriteRule ^(.*)$ https://%{SERVER_NAME}$1 [L,R]
ProxyPass / http://127.0.0.1:3000/
ProxyPassReverse / http://127.0.0.1:3000/
ProxyPreserveHost On
#CustomLog logs/httpd/gitlab-access.log combined
#ErrorLog logs/httpd/gitlab-error.log
</VirtualHost>

10
inventory/host_vars/gitlab-dev.cloud.fedoraproject.org
View file

@ -1,10 +0,0 @@
---
instance_type: m1.small
image: ami-00000016
keypair: fedora-admin
security_group: webserver
zone: fedoracloud
hostbase: gitlab-dev-
public_ip: 209.132.184.158
root_auth_users: skvidal codeblock
description: GitLab development/testing instance

315
playbooks/hosts/gitlab-dev.cloud.fedoraproject.org.yml
View file

@ -1,315 +0,0 @@
- name: check/create instance
hosts: gitlab-dev.cloud.fedoraproject.org
user: root
gather_facts: False
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
tasks:
- include: $tasks/persistent_cloud.yml
- name: provision instance
hosts: gitlab-dev.cloud.fedoraproject.org
user: root
gather_facts: True
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- ${vars}/${ansible_distribution}.yml
- ${private}/files/gitlab/vars.yml
tasks:
- include: $tasks/cloud_setup_basic.yml
handlers:
- include: $handlers/restart_services.yml
- hosts: gitlab-dev.cloud.fedoraproject.org
user: root
tasks:
- name: Install necessary packages
yum: state=present name=$item
with_items:
- httpd
- ruby
- rubygems
- ruby-devel
- git
- python-pygments
- perl-Data-Dumper
- postfix
- redis
- libicu-devel
- libxslt-devel
- libxml2-devel
- mysql-server
- mysql-devel
- MySQL-python
- gcc
- gcc-c++
- make
- glibc-devel
- name: Start services and make them start on boot
shell: systemctl enable $item.service && systemctl start $item.service
with_items:
- mysqld
- redis
- httpd
- name: Create user 'git'
user: state=present name=git system=yes shell=/bin/sh comment="Git Version Control"
- name: Create user 'gitlab'
user: state=present name=gitlab groups=git comment="GitLab" generate_ssh_key=yes
notify:
- Add local ssh key to known_hosts
handlers:
- name: Add local ssh key to known_hosts
shell: ssh-keyscan localhost >> /home/gitlab/.ssh/known_hosts
- hosts: gitlab-dev.cloud.fedoraproject.org
user: root
sudo: yes
sudo_user: git
tasks:
- name: Clone the gitlab fork of gitolite
git: repo=https://github.com/gitlabhq/gitolite.git dest=/home/git/gitolite version=gl-v320
- name: ensure /home/git/bin exists
file: state=directory path=/home/git/bin
# Its not ideal to solve this using handlers, but we dont want that append script to trigger twice and its not possible to check if it has run without doing anything crazy.
notify:
- Setup gitolite PATH
- Setup gitolite symlink
handlers:
- name: Setup gitolite PATH
command: sh -c 'printf "%b\n%b\n" "PATH=\$PATH:/home/git/bin" "export PATH" >> /home/git/.profile'
- name: Setup gitolite symlink
command: sh -c 'gitolite/install -ln /home/git/bin' chdir=/home/git
- hosts: gitlab-dev.cloud.fedoraproject.org
user: root
tasks:
- name: Copy the 'gitlab' user SSH key to the 'git' user home directory
command: cp /home/gitlab/.ssh/id_rsa.pub /home/git/gitlab.pub creates=/home/git/gitlab.pub
- name: Set permissions on the copied SSH key
file: path=/home/git/gitlab.pub mode=0444
- hosts: gitlab-dev.cloud.fedoraproject.org
user: root
sudo: yes
sudo_user: git
tasks:
- name: Run gitolite setup (creates gitolite-admin repo)
command: sh -c "PATH=/home/git/bin:$PATH; gitolite setup -pk /home/git/gitlab.pub" creates=/home/git/repositories/gitolite-admin.git
- hosts: gitlab-dev.cloud.fedoraproject.org
user: root
tasks:
- name: Ensure Gitolite config dir is owned by git:git and has mode 750
file: state=directory path=/home/git/.gitolite mode=750 owner=git group=git recurse=yes
- name: Fix directory permissions for repositories (1)
command: chmod -R ug+rwX,o-rwx /home/git/repositories/
- name: Fix directory permissions for repositories (2)
file: state=directory path=/home/git/repositories owner=git group=git recurse=yes
- name: Fix directory permissions for repositories (3)
shell: find /home/git/repositories -type d -print0 | sudo xargs -0 chmod g+s
- name: Fix directory permissions for /home/git
shell: chmod 750 /home/git
- name: Create a MySQL db
mysql_db: state=present name=gitlabhq_production collation=utf8_unicode_ci encoding=utf8
- name: Add a MySQL 'gitlab' user
mysql_user: state=present name=gitlab host=localhost password=$database_password
- name: Grant permissions to the new MySQL 'gitlab' user
mysql_user: state=present name=gitlab priv=gitlabhq_production.*:SELECT,INSERT,UPDATE,DELETE,CREATE,DROP,INDEX,ALTER
- name: Install some extra necessary gems
command: gem install $item
with_items:
- charlock_holmes
- bundler
- hosts: gitlab-dev.cloud.fedoraproject.org
user: root
sudo: yes
sudo_user: gitlab
vars_files:
- /srv/web/infra/ansible/vars/global.yml
tasks:
- name: Clone GitLab 4.2 stable
git: repo=https://github.com/gitlabhq/gitlabhq.git dest=/home/gitlab/gitlab version=4-2-stable
- name: Create GitLab config
template: src=$files/gitlab/gitlab.yml dest=/home/gitlab/gitlab/config/gitlab.yml
- name: Create Unicorn config
template: src=$files/gitlab/unicorn.rb dest=/home/gitlab/gitlab/config/unicorn.rb
- name: Create database config
template: src=$files/gitlab/database.yml dest=/home/gitlab/gitlab/config/database.yml
- name: Run bundler
command: /usr/local/bin/bundle install --deployment --without development test postgres chdir=/home/gitlab/gitlab
- name: Set git username
command: chdir=/home/gitlab git config --global user.name "GitLab"
- name: Set git email
command: chdir=/home/gitlab git config --global user.email "gitlab@localhost" # Should use same user.email as in config/gitlab.yml is it really needed?
# TODO: If we don't use mysql, change this path.
- name: Run rake gitlab:setup
shell: creates=/home/gitlab/ran_migrations chdir=/home/gitlab/gitlab yes yes | /usr/local/bin/bundle exec rake gitlab:setup RAILS_ENV=production; touch /home/gitlab/ran_migrations
- hosts: gitlab-dev.cloud.fedoraproject.org
user: root
vars_files:
- /srv/web/infra/ansible/vars/global.yml
tasks:
- name: Copy post-receive hook
command: cp /home/gitlab/gitlab/lib/hooks/post-receive /home/git/.gitolite/hooks/common/post-receive creates=/home/git/.gitolite/hooks/common/post-receive
- name: Set permissions on post-receive hook
file: state=file path=/home/git/.gitolite/hooks/common/post-receive owner=git group=git
- name: Put gitlab and gitlab-worker systemd files in place
template: src=$files/gitlab/$item.service dest=/lib/systemd/system/$item.service
with_items:
- gitlab
- gitlab-worker
- name: Symlink systemd files into /etc
command: creates=/etc/systemd/system/$item.service ln -s /usr/lib/systemd/system/$item.service /etc/systemd/system/
with_items:
- gitlab
- gitlab-worker
- name: Tell systemd to find the new files
command: systemctl --system daemon-reload
- name: Start gitlab at boot
command: systemctl enable gitlab
- name: Start gitlab now
command: systemctl start gitlab.service
- name: Configure Apache
template: src=$files/gitlab/vhost.conf dest=/etc/httpd/conf.d/gitlab.conf
- name: Allow Apache to proxy to Unicorn (SELinux)
command: setsebool -P httpd_can_network_connect 1
- name: Restart Apache
command: service httpd restart
- name: Fix iptables
template: src=$files/gitlab/iptables dest=/etc/sysconfig/iptables
- name: Restart iptables
command: service iptables restart
- name: Phabricator
user: root
hosts: gitlab-dev.cloud.fedoraproject.org
vars_files:
- /srv/web/infra/ansible/vars/global.yml
tasks:
- name: Install dependencies
yum: state=present name=$item
with_items:
- git
- subversion
- mercurial
- httpd
- php
- php-process
- php-mysql
- php-gd
- php-mbstring
- php-apc
- mysql-server
- python-pygments
# TODO: Make permanent.
- name: Set SELinux to permissive
selinux: policy=targeted state=permissive
- name: Set PHABRICATOR_ENV. Forever.
shell: creates=/etc/profile.d/phabricator.sh echo 'export PHABRICATOR_ENV=custom/myconfig' > /etc/profile.d/phabricator.sh
- name: Source the new profile
shell: source /etc/profile.d/phabricator.sh
- name: Configure Apache
template: src=$files/phabricator/phabricator-vhost.conf dest=/etc/httpd/conf.d/phabricator.conf
- name: Graceful Apache
command: service httpd graceful
- name: Clone facebook/libphutil
git: repo=git://github.com/facebook/libphutil dest=/srv/www/facebook/libphutil
- name: Clone facebook/arcanist
git: repo=git://github.com/facebook/arcanist dest=/srv/www/facebook/arcanist
- name: Clone facebook/phabricator
git: repo=git://github.com/facebook/phabricator dest=/srv/www/facebook/phabricator
- name: Create a conf/custom directory.
file: state=directory path=/srv/www/facebook/phabricator/conf/custom
- name: Place a starting-point custom config in /srv/www/facebook/phabricator/conf/custom/myconfig.conf.php
template: src=$files/phabricator/phabricator.conf.php dest=/srv/www/facebook/phabricator/conf/custom/myconfig.conf.php
- name: Create the databases and bring them up to date
action: command chdir=/srv/www/facebook/phabricator ./bin/storage upgrade --force
- name: Start PHD daemons
action: command chdir=/srv/www/facebook/phabricator ./bin/phd start
- name: Set up Trac 1.0.1
user: root
hosts: gitlab-dev.cloud.fedoraproject.org
vars_files:
- /srv/web/infra/ansible/vars/global.yml
tasks:
- name: Install dependencies
yum: state=present name=$item
with_items:
- git
- subversion
- httpd
- python-setuptools
- python-genshi
- python-pip
- mod_wsgi
- name: Grab latest Trac via pip.
pip: name=trac
- name: Directory structure
file: state=directory path=/srv/www/trac
- name: Trac WSGI File
template: src=$files/trac/trac.wsgi dest=/srv/www/trac/trac.wsgi
- name: Apache config
template: src=$files/trac/trac-vhost.conf dest=/etc/httpd/conf.d/trac.conf
- name: Apache restart
command: service httpd restart