diff --git a/files/gitlab/database.yml b/files/gitlab/database.yml deleted file mode 100644 index 0a8e2f21e9..0000000000 --- a/files/gitlab/database.yml +++ /dev/null @@ -1,10 +0,0 @@ -production: - adapter: mysql2 - encoding: utf8 - reconnect: false - database: gitlabhq_production - pool: 5 - username: gitlab - password: "$database_password" - # host: localhost - # # socket: /tmp/mysql.sock diff --git a/files/gitlab/gitlab-worker.service b/files/gitlab/gitlab-worker.service deleted file mode 100644 index 40c7c89308..0000000000 --- a/files/gitlab/gitlab-worker.service +++ /dev/null @@ -1,13 +0,0 @@ -[Unit] -Description=Gitlab Resque Worker -Requires=redis.service -After=redis.service -Wants=postfix.service mysqld.service - -[Service] -Type=forking -User=gitlab -WorkingDirectory=/home/gitlab/gitlab -ExecStart=/bin/sh -c "RAILS_ENV=production bundle exec rake sidekiq:start" -ExecStopPost=/bin/sh -c "RAILS_ENV=production bundle exec rake sidekiq:stop" -PIDFile=/home/gitlab/gitlab/tmp/pids/sidekiq.pid diff --git a/files/gitlab/gitlab.service b/files/gitlab/gitlab.service deleted file mode 100644 index d22a834f0f..0000000000 --- a/files/gitlab/gitlab.service +++ /dev/null @@ -1,15 +0,0 @@ -[Unit] -Description=Gitlab Unicorn -Requires=redis.service mysqld.service -After=redis.service mysqld.service -Wants=postfix.service mysqld.service gitlab-worker.service - -[Service] -Type=simple -User=gitlab -WorkingDirectory=/home/gitlab/gitlab -ExecStart=/bin/sh -c "bundle exec unicorn_rails -c /home/gitlab/gitlab/config/unicorn.rb -E production" -PIDFile=/home/gitlab/gitlab/tmp/pids/unicorn.pid - -[Install] -WantedBy=multi-user.target diff --git a/files/gitlab/gitlab.yml b/files/gitlab/gitlab.yml deleted file mode 100644 index 5e42c50467..0000000000 --- a/files/gitlab/gitlab.yml +++ /dev/null @@ -1,133 +0,0 @@ -# # # # # # # # # # # # # # # # # # -# Gitlab application config file # -# # # # # # # # # # # # # # # # # # -# -# How to use: -# 1. copy file as gitlab.yml -# 2. Replace gitlab -> host with your domain -# 3. Replace gitolite -> ssh_host with your domain -# 4. Replace gitlab -> email_from - -# -# 1. GitLab app settings -# ========================== - -## GitLab settings -gitlab: - ## Web server settings - host: gitlab-dev.cloud.fedoraproject.org - port: 80 - https: false - # Uncomment and customize to run in non-root path - # Note that ENV['RAILS_RELATIVE_URL_ROOT'] in config/unicorn.rb may need to be changed - # relative_url_root: /gitlab - - # Uncomment and customize if you can't use the default user to run GitLab (default: 'gitlab') - # user: user123 - - ## Email settings - # Email address used in the "From" field in mails sent by GitLab - email_from: gitlab@localhost - - # Email address of your support contact (default: same as email_from) - support_email: support@localhost - - ## Project settings - default_projects_limit: 20 - signup_enabled: true # default: false - Account passwords are not sent via the email if signup is enabled. - -## Gravatar -gravatar: - enabled: true # Use user avatar images from Gravatar.com (default: true) - # plain_url: "http://..." # default: http://www.gravatar.com/avatar/%{hash}?s=%{size}&d=mm - # ssl_url: "https://..." # default: https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=mm - - - -# -# 2. Auth settings -# ========================== - -## LDAP settings -ldap: - enabled: false - host: '_your_ldap_server' - base: '_the_base_where_you_search_for_users' - port: 636 - uid: 'sAMAccountName' - method: 'ssl' # "ssl" or "plain" - bind_dn: '_the_full_dn_of_the_user_you_will_bind_with' - password: '_the_password_of_the_bind_user' - -## Omniauth settings -omniauth: - # Enable ability for users - # Allow logging in via Twitter, Google, etc. using Omniauth providers - enabled: false - - # CAUTION! - # This allows users to login without having a user account first (default: false) - # User accounts will be created automatically when authentication was successful. - allow_single_sign_on: false - # Locks down those users until they have been cleared by the admin (default: true) - block_auto_created_users: true - - ## Auth providers - # Uncomment the lines and fill in the data of the auth provider you want to use - # If your favorite auth provider is not listed you can user others: - # see https://github.com/gitlabhq/gitlabhq/wiki/Using-Custom-Omniauth-Providers - # The 'app_id' and 'app_secret' parameters are always passed as the first two - # arguments, followed by optional 'args' which can be either a hash or an array. - providers: - # - { name: 'google_oauth2', app_id: 'YOUR APP ID', - # app_secret: 'YOUR APP SECRET', - # args: { access_type: 'offline', approval_prompt: '' } } - # - { name: 'twitter', app_id: 'YOUR APP ID', - # app_secret: 'YOUR APP SECRET'} - # - { name: 'github', app_id: 'YOUR APP ID', - # app_secret: 'YOUR APP SECRET' } - - - -# -# 3. Advanced settings -# ========================== - -# GitLab Satellites -satellites: - # Relative paths are relative to Rails.root (default: tmp/repo_satellites/) - path: /home/gitlab/gitlab-satellites/ - -## Backup settings -backup: - path: "tmp/backups" # Relative paths are relative to Rails.root (default: tmp/backups/) - # keep_time: 604800 # default: 0 (forever) (in seconds) - -## Gitolite settings -gitolite: - admin_uri: git@localhost:gitolite-admin - - # REPOS_PATH MUST NOT BE A SYMLINK!!! - repos_path: /home/git/repositories/ - hooks_path: /home/git/.gitolite/hooks/ - admin_key: gitlab - upload_pack: true - receive_pack: true - ssh_user: git - ssh_host: localhost - # ssh_port: 22 - # config_file: gitolite.conf - - # Uncomment and customize if you can't use the default group to own the repositories and run Gitolite (default: same as the 'ssh_user' above) - # owner_group: group123 - -## Git settings -# CAUTION! -# Use the default values unless you really know what you are doing -git: - bin_path: /usr/bin/git - # Max size of git object like commit, in bytes - # This value can be increased if you have a very large commits - max_size: 5242880 # 5.megabytes - # Git timeout to read commit, in seconds - timeout: 10 diff --git a/files/gitlab/iptables b/files/gitlab/iptables deleted file mode 100644 index 878b981078..0000000000 --- a/files/gitlab/iptables +++ /dev/null @@ -1,14 +0,0 @@ -*filter -:INPUT ACCEPT [0:0] -:FORWARD ACCEPT [0:0] -:OUTPUT ACCEPT [0:0] --A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT --A INPUT -p icmp -j ACCEPT --A INPUT -i lo -j ACCEPT --A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT --A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT - --A INPUT -j REJECT --reject-with icmp-host-prohibited --A FORWARD -j REJECT --reject-with icmp-host-prohibited -COMMIT - diff --git a/files/gitlab/unicorn.rb b/files/gitlab/unicorn.rb deleted file mode 100644 index 0c916ceff2..0000000000 --- a/files/gitlab/unicorn.rb +++ /dev/null @@ -1,68 +0,0 @@ -# uncomment and customize to run in non-root path -# note that config/gitlab.yml web path should also be changed -# ENV['RAILS_RELATIVE_URL_ROOT'] = "/gitlab" - -app_dir = "/home/gitlab/gitlab/" -worker_processes 2 -working_directory app_dir - -# Load app into the master before forking workers for super-fast -# worker spawn times -preload_app true - -# nuke workers after 30 seconds (60 is the default) -timeout 30 - -# listen on a Unix domain socket and/or a TCP port, - -listen 3000 # listen to port 8080 on all TCP interfaces -#listen "127.0.0.1:8080" # listen to port 8080 on the loopback interface -listen "#{app_dir}/tmp/sockets/gitlab.socket" - -pid "#{app_dir}/tmp/pids/unicorn.pid" -stderr_path "#{app_dir}/log/unicorn.stderr.log" -stdout_path "#{app_dir}/log/unicorn.stdout.log" - -# http://www.rubyenterpriseedition.com/faq.html#adapt_apps_for_cow -if GC.respond_to?(:copy_on_write_friendly=) - GC.copy_on_write_friendly = true -end - - -before_fork do |server, worker| - # the following is highly recomended for Rails + "preload_app true" - # as there's no need for the master process to hold a connection - defined?(ActiveRecord::Base) and ActiveRecord::Base.connection.disconnect! - - ## - # When sent a USR2, Unicorn will suffix its pidfile with .oldbin and - # immediately start loading up a new version of itself (loaded with a new - # version of our app). When this new Unicorn is completely loaded - # it will begin spawning workers. The first worker spawned will check to - # see if an .oldbin pidfile exists. If so, this means we've just booted up - # a new Unicorn and need to tell the old one that it can now die. To do so - # we send it a QUIT. - # - # Using this method we get 0 downtime deploys. - - old_pid = "#{server.config[:pid]}.oldbin" - - if File.exists?(old_pid) && server.pid != old_pid - begin - sig = (worker.nr + 1) >= server.worker_processes ? :QUIT : :TTOU - Process.kill(sig, File.read(old_pid).to_i) - rescue Errno::ENOENT, Errno::ESRCH - # someone else did our job for us - end - end -end - -after_fork do |server, worker| - # Unicorn master loads the app then forks off workers - because of the way - # Unix forking works, we need to make sure we aren't using any of the parent's - # sockets, e.g. db connection - - defined?(ActiveRecord::Base) and ActiveRecord::Base.establish_connection - # Redis and Memcached would go here but their connections are established - # on demand, so the master never opens a socket -end diff --git a/files/gitlab/vhost.conf b/files/gitlab/vhost.conf deleted file mode 100644 index ff3b2b08a7..0000000000 --- a/files/gitlab/vhost.conf +++ /dev/null @@ -1,15 +0,0 @@ - - ServerName gitlab-dev.cloud.fedoraproject.org - - # Uncomment if you want redirect from HTTP to HTTPS - #RewriteEngine on - #RewriteCond %{SERVER_PORT} ^80$ - #RewriteRule ^(.*)$ https://%{SERVER_NAME}$1 [L,R] - - ProxyPass / http://127.0.0.1:3000/ - ProxyPassReverse / http://127.0.0.1:3000/ - ProxyPreserveHost On - - #CustomLog logs/httpd/gitlab-access.log combined - #ErrorLog logs/httpd/gitlab-error.log - diff --git a/inventory/host_vars/gitlab-dev.cloud.fedoraproject.org b/inventory/host_vars/gitlab-dev.cloud.fedoraproject.org deleted file mode 100644 index a0e78d37c9..0000000000 --- a/inventory/host_vars/gitlab-dev.cloud.fedoraproject.org +++ /dev/null @@ -1,10 +0,0 @@ ---- -instance_type: m1.small -image: ami-00000016 -keypair: fedora-admin -security_group: webserver -zone: fedoracloud -hostbase: gitlab-dev- -public_ip: 209.132.184.158 -root_auth_users: skvidal codeblock -description: GitLab development/testing instance diff --git a/playbooks/hosts/gitlab-dev.cloud.fedoraproject.org.yml b/playbooks/hosts/gitlab-dev.cloud.fedoraproject.org.yml deleted file mode 100644 index bdd4cb73f5..0000000000 --- a/playbooks/hosts/gitlab-dev.cloud.fedoraproject.org.yml +++ /dev/null @@ -1,315 +0,0 @@ -- name: check/create instance - hosts: gitlab-dev.cloud.fedoraproject.org - user: root - gather_facts: False - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - ${private}/vars.yml - - tasks: - - include: $tasks/persistent_cloud.yml - -- name: provision instance - hosts: gitlab-dev.cloud.fedoraproject.org - user: root - gather_facts: True - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - ${private}/vars.yml - - ${vars}/${ansible_distribution}.yml - - ${private}/files/gitlab/vars.yml - - tasks: - - include: $tasks/cloud_setup_basic.yml - - handlers: - - include: $handlers/restart_services.yml - -- hosts: gitlab-dev.cloud.fedoraproject.org - user: root - tasks: - - name: Install necessary packages - yum: state=present name=$item - with_items: - - httpd - - ruby - - rubygems - - ruby-devel - - git - - python-pygments - - perl-Data-Dumper - - postfix - - redis - - libicu-devel - - libxslt-devel - - libxml2-devel - - mysql-server - - mysql-devel - - MySQL-python - - gcc - - gcc-c++ - - make - - glibc-devel - - - name: Start services and make them start on boot - shell: systemctl enable $item.service && systemctl start $item.service - with_items: - - mysqld - - redis - - httpd - - - name: Create user 'git' - user: state=present name=git system=yes shell=/bin/sh comment="Git Version Control" - - - name: Create user 'gitlab' - user: state=present name=gitlab groups=git comment="GitLab" generate_ssh_key=yes - notify: - - Add local ssh key to known_hosts - - handlers: - - name: Add local ssh key to known_hosts - shell: ssh-keyscan localhost >> /home/gitlab/.ssh/known_hosts - -- hosts: gitlab-dev.cloud.fedoraproject.org - user: root - sudo: yes - sudo_user: git - tasks: - - name: Clone the gitlab fork of gitolite - git: repo=https://github.com/gitlabhq/gitolite.git dest=/home/git/gitolite version=gl-v320 - - - name: ensure /home/git/bin exists - file: state=directory path=/home/git/bin - # It’s not ideal to solve this using handlers, but we don’t want that append script to trigger twice – and it’s not possible to check if it has run without doing anything crazy. - notify: - - Setup gitolite PATH - - Setup gitolite symlink - - handlers: - - name: Setup gitolite PATH - command: sh -c 'printf "%b\n%b\n" "PATH=\$PATH:/home/git/bin" "export PATH" >> /home/git/.profile' - - - name: Setup gitolite symlink - command: sh -c 'gitolite/install -ln /home/git/bin' chdir=/home/git - -- hosts: gitlab-dev.cloud.fedoraproject.org - user: root - tasks: - - name: Copy the 'gitlab' user SSH key to the 'git' user home directory - command: cp /home/gitlab/.ssh/id_rsa.pub /home/git/gitlab.pub creates=/home/git/gitlab.pub - - - name: Set permissions on the copied SSH key - file: path=/home/git/gitlab.pub mode=0444 - -- hosts: gitlab-dev.cloud.fedoraproject.org - user: root - sudo: yes - sudo_user: git - tasks: - - name: Run gitolite setup (creates gitolite-admin repo) - command: sh -c "PATH=/home/git/bin:$PATH; gitolite setup -pk /home/git/gitlab.pub" creates=/home/git/repositories/gitolite-admin.git - -- hosts: gitlab-dev.cloud.fedoraproject.org - user: root - tasks: - - name: Ensure Gitolite config dir is owned by git:git and has mode 750 - file: state=directory path=/home/git/.gitolite mode=750 owner=git group=git recurse=yes - - - name: Fix directory permissions for repositories (1) - command: chmod -R ug+rwX,o-rwx /home/git/repositories/ - - - name: Fix directory permissions for repositories (2) - file: state=directory path=/home/git/repositories owner=git group=git recurse=yes - - - name: Fix directory permissions for repositories (3) - shell: find /home/git/repositories -type d -print0 | sudo xargs -0 chmod g+s - - - name: Fix directory permissions for /home/git - shell: chmod 750 /home/git - - - name: Create a MySQL db - mysql_db: state=present name=gitlabhq_production collation=utf8_unicode_ci encoding=utf8 - - - name: Add a MySQL 'gitlab' user - mysql_user: state=present name=gitlab host=localhost password=$database_password - - - name: Grant permissions to the new MySQL 'gitlab' user - mysql_user: state=present name=gitlab priv=gitlabhq_production.*:SELECT,INSERT,UPDATE,DELETE,CREATE,DROP,INDEX,ALTER - - - name: Install some extra necessary gems - command: gem install $item - with_items: - - charlock_holmes - - bundler - -- hosts: gitlab-dev.cloud.fedoraproject.org - user: root - sudo: yes - sudo_user: gitlab - vars_files: - - /srv/web/infra/ansible/vars/global.yml - tasks: - - name: Clone GitLab 4.2 stable - git: repo=https://github.com/gitlabhq/gitlabhq.git dest=/home/gitlab/gitlab version=4-2-stable - - - name: Create GitLab config - template: src=$files/gitlab/gitlab.yml dest=/home/gitlab/gitlab/config/gitlab.yml - - - name: Create Unicorn config - template: src=$files/gitlab/unicorn.rb dest=/home/gitlab/gitlab/config/unicorn.rb - - - name: Create database config - template: src=$files/gitlab/database.yml dest=/home/gitlab/gitlab/config/database.yml - - - name: Run bundler - command: /usr/local/bin/bundle install --deployment --without development test postgres chdir=/home/gitlab/gitlab - - - name: Set git username - command: chdir=/home/gitlab git config --global user.name "GitLab" - - - name: Set git email - command: chdir=/home/gitlab git config --global user.email "gitlab@localhost" # Should use same user.email as in config/gitlab.yml – is it really needed? - - # TODO: If we don't use mysql, change this path. - - name: Run rake gitlab:setup - shell: creates=/home/gitlab/ran_migrations chdir=/home/gitlab/gitlab yes yes | /usr/local/bin/bundle exec rake gitlab:setup RAILS_ENV=production; touch /home/gitlab/ran_migrations - -- hosts: gitlab-dev.cloud.fedoraproject.org - user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - tasks: - - name: Copy post-receive hook - command: cp /home/gitlab/gitlab/lib/hooks/post-receive /home/git/.gitolite/hooks/common/post-receive creates=/home/git/.gitolite/hooks/common/post-receive - - - name: Set permissions on post-receive hook - file: state=file path=/home/git/.gitolite/hooks/common/post-receive owner=git group=git - - - name: Put gitlab and gitlab-worker systemd files in place - template: src=$files/gitlab/$item.service dest=/lib/systemd/system/$item.service - with_items: - - gitlab - - gitlab-worker - - - name: Symlink systemd files into /etc - command: creates=/etc/systemd/system/$item.service ln -s /usr/lib/systemd/system/$item.service /etc/systemd/system/ - with_items: - - gitlab - - gitlab-worker - - - name: Tell systemd to find the new files - command: systemctl --system daemon-reload - - - name: Start gitlab at boot - command: systemctl enable gitlab - - - name: Start gitlab now - command: systemctl start gitlab.service - - - name: Configure Apache - template: src=$files/gitlab/vhost.conf dest=/etc/httpd/conf.d/gitlab.conf - - - name: Allow Apache to proxy to Unicorn (SELinux) - command: setsebool -P httpd_can_network_connect 1 - - - name: Restart Apache - command: service httpd restart - - - name: Fix iptables - template: src=$files/gitlab/iptables dest=/etc/sysconfig/iptables - - - name: Restart iptables - command: service iptables restart - -- name: Phabricator - user: root - hosts: gitlab-dev.cloud.fedoraproject.org - vars_files: - - /srv/web/infra/ansible/vars/global.yml - tasks: - - name: Install dependencies - yum: state=present name=$item - with_items: - - git - - subversion - - mercurial - - httpd - - php - - php-process - - php-mysql - - php-gd - - php-mbstring - - php-apc - - mysql-server - - python-pygments - - # TODO: Make permanent. - - name: Set SELinux to permissive - selinux: policy=targeted state=permissive - - - name: Set PHABRICATOR_ENV. Forever. - shell: creates=/etc/profile.d/phabricator.sh echo 'export PHABRICATOR_ENV=custom/myconfig' > /etc/profile.d/phabricator.sh - - - name: Source the new profile - shell: source /etc/profile.d/phabricator.sh - - - name: Configure Apache - template: src=$files/phabricator/phabricator-vhost.conf dest=/etc/httpd/conf.d/phabricator.conf - - - name: Graceful Apache - command: service httpd graceful - - - name: Clone facebook/libphutil - git: repo=git://github.com/facebook/libphutil dest=/srv/www/facebook/libphutil - - - name: Clone facebook/arcanist - git: repo=git://github.com/facebook/arcanist dest=/srv/www/facebook/arcanist - - - name: Clone facebook/phabricator - git: repo=git://github.com/facebook/phabricator dest=/srv/www/facebook/phabricator - - - name: Create a conf/custom directory. - file: state=directory path=/srv/www/facebook/phabricator/conf/custom - - - name: Place a starting-point custom config in /srv/www/facebook/phabricator/conf/custom/myconfig.conf.php - template: src=$files/phabricator/phabricator.conf.php dest=/srv/www/facebook/phabricator/conf/custom/myconfig.conf.php - - - name: Create the databases and bring them up to date - action: command chdir=/srv/www/facebook/phabricator ./bin/storage upgrade --force - - - name: Start PHD daemons - action: command chdir=/srv/www/facebook/phabricator ./bin/phd start - -- name: Set up Trac 1.0.1 - user: root - hosts: gitlab-dev.cloud.fedoraproject.org - vars_files: - - /srv/web/infra/ansible/vars/global.yml - tasks: - - name: Install dependencies - yum: state=present name=$item - with_items: - - git - - subversion - - httpd - - python-setuptools - - python-genshi - - python-pip - - mod_wsgi - - - name: Grab latest Trac via pip. - pip: name=trac - - - name: Directory structure - file: state=directory path=/srv/www/trac - - - name: Trac WSGI File - template: src=$files/trac/trac.wsgi dest=/srv/www/trac/trac.wsgi - - - name: Apache config - template: src=$files/trac/trac-vhost.conf dest=/etc/httpd/conf.d/trac.conf - - - name: Apache restart - command: service httpd restart