install.rb 11 KB
Newer Older
ogom's avatar
ogom committed
1 2 3 4 5
#
# Cookbook Name:: gitlab
# Recipe:: install
#

ogom's avatar
ogom committed
6 7
gitlab = node['gitlab']

8 9 10 11 12 13 14 15 16 17 18
### Copy the example GitLab config
template File.join(gitlab['path'], 'config', 'gitlab.yml') do
  source "gitlab.yml.erb"
  user gitlab['user']
  group gitlab['group']
  variables({
    :host => gitlab['host'],
    :port => gitlab['port'],
    :user => gitlab['user'],
    :email_from => gitlab['email_from'],
    :support_email => gitlab['support_email'],
19
    :max_size => gitlab['max_size'],
20 21
    :satellites_path => gitlab['satellites_path'],
    :repos_path => gitlab['repos_path'],
22
    :shell_path => gitlab['shell_path'],
23
    :signup_enabled => gitlab['signup_enabled'],
24
    :signin_enabled => gitlab['signin_enabled'],
Marin Jankovski's avatar
Marin Jankovski committed
25
    :projects_limit => gitlab['projects_limit'],
26 27 28 29
    :user_can_create_group => gitlab['user_can_create_group'],
    :user_can_change_username => gitlab['user_can_change_username'],
    :default_theme => gitlab['default_theme'],
    :standard_signin_enabled => gitlab['standard_signin_enabled'],
30
    :repository_downloads_path => gitlab['repository_downloads_path'],
Marin Jankovski's avatar
Marin Jankovski committed
31 32
    :oauth_enabled => gitlab['oauth_enabled'],
    :oauth_block_auto_created_users => gitlab['oauth_block_auto_created_users'],
33
    :oauth_allow_single_sign_on => gitlab['oauth_allow_single_sign_on'],
Marin Jankovski's avatar
Marin Jankovski committed
34 35
    :oauth_providers => gitlab['oauth_providers'],
    :google_analytics_id => gitlab['extra']['google_analytics_id'],
36 37 38
    :sign_in_text => gitlab['extra']['sign_in_text'],
    :default_projects_features => gitlab['default_projects_features'],
    :gravatar => gitlab['gravatar'],
39 40
    :gravatar_plain_url => gitlab['gravatar_plain_url'],
    :gravatar_ssl_url => gitlab['gravatar_ssl_url'],
41
    :ldap_config => gitlab['ldap'],
42
    :ssh_port => gitlab['ssh_port'],
Bazoud's avatar
Bazoud committed
43
    :backup => gitlab['backup'],
44 45
  })
  notifies :run, "bash[git config]", :immediately
46
  notifies :reload, "service[gitlab]"
47
end
48

49 50 51 52 53 54 55 56
### Make sure GitLab can write to the log/ and tmp/ directories
### Create directories for sockets/pids
### Create public/uploads directory otherwise backup will fail
%w{log tmp tmp/pids tmp/sockets public/uploads}.each do |path|
  directory File.join(gitlab['path'], path) do
    owner gitlab['user']
    group gitlab['group']
    mode 0755
57
    not_if { File.exist?(File.join(gitlab['path'], path)) }
58 59
  end
end
60

61 62 63 64
### Create directory for satellites
directory gitlab['satellites_path'] do
  owner gitlab['user']
  group gitlab['group']
65
  mode 0750
66
  not_if { File.exist?(gitlab['satellites_path']) }
67
end
68

69 70 71 72 73 74
### Unicorn config
template File.join(gitlab['path'], 'config', 'unicorn.rb') do
  source "unicorn.rb.erb"
  user gitlab['user']
  group gitlab['group']
  variables({
75
    :app_root => gitlab['path'],
76 77 78
    :unicorn_workers_number => gitlab['unicorn_workers_number'],
    :unicorn_timeout => gitlab['unicorn_timeout']
  })
79
  notifies :reload, "service[gitlab]"
80
end
81

82 83 84 85 86 87 88 89 90 91 92 93 94 95
### Enable Rack attack
# Creating the file this way for the following reasons
# 1. Chef 11.4.0 must be used to keep support for AWS OpsWorks
# 2. Using file resource is not an option because it is ran at compilation time
# and at that point the file doesn't exist
# 3. Using cookbook_file resource is not an option because we do not want to include the file
# in the cookbook for maintenance reasons. Same for template resource.
# 4. Using remote_file resource is not an option because Chef 11.4.0 connects to remote URI
# see https://github.com/opscode/chef/blob/11.4.4/lib/chef/resource/remote_file.rb#L63
# 5 Using bash and execute resource is not an option because they would run at every chef run
# and supplying a restriction in the form of "not_if" would prevent an update of a file
# if there is any
# Ruby block is compiled at compilation time but only executed during execution time
# allowing us to create a resource.
96

97 98 99 100 101 102 103 104 105
ruby_block "Copy from example rack attack config" do
  block do
    resource = Chef::Resource::File.new("rack_attack.rb", run_context)
    resource.path File.join(gitlab['path'], 'config', 'initializers', 'rack_attack.rb')
    resource.content IO.read(File.join(gitlab['path'], 'config', 'initializers', 'rack_attack.rb.example'))
    resource.owner gitlab['user']
    resource.group gitlab['group']
    resource.mode 0644
    resource.run_action :create
106 107 108
    if resource.updated?
      self.notifies :reload, resources(:service => "gitlab")
    end
109 110
  end
end
111

112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130
### Configure Git global settings for git user, useful when editing via web
bash "git config" do
  code <<-EOS
    git config --global user.name "GitLab"
    git config --global user.email "gitlab@#{gitlab['host']}"
    git config --global core.autocrlf input
  EOS
  user gitlab['user']
  group gitlab['group']
  environment('HOME' => gitlab['home'])
  action :nothing
end

## Configure GitLab DB settings
template File.join(gitlab['path'], "config", "database.yml") do
  source "database.yml.#{gitlab['database_adapter']}.erb"
  user gitlab['user']
  group gitlab['group']
  variables({
131
    :user => gitlab['database_user'],
132
    :password => gitlab['database_password'],
133 134
    :host => node[gitlab['database_adapter']]['server_host'],
    :socket => gitlab['database_adapter'] == "mysql" ? node['mysql']['server']['socket'] : nil
135
  })
136
  notifies :reload, "service[gitlab]"
137 138
end

139 140
### Load db schema
execute "rake db:schema:load" do
141 142
  command <<-EOS
    PATH="/usr/local/bin:$PATH"
143
    bundle exec rake db:schema:load RAILS_ENV=#{gitlab['env']}
144 145 146 147
  EOS
  cwd gitlab['path']
  user gitlab['user']
  group gitlab['group']
148 149
  action :nothing
  subscribes :run, "mysql_database[gitlabhq_database]"
150
  subscribes :run, "postgresql_database[gitlabhq_database]"
151
end
152

153 154 155 156 157 158 159 160 161
### db:migrate
execute "rake db:migrate" do
  command <<-EOS
    PATH="/usr/local/bin:$PATH"
    bundle exec rake db:migrate RAILS_ENV=#{gitlab['env']}
  EOS
  cwd gitlab['path']
  user gitlab['user']
  group gitlab['group']
162
  action :nothing
163
  subscribes :run, "git[clone gitlabhq source]"
164
  subscribes :run, "execute[rake db:schema:load]"
165
end
166

167 168 169 170 171 172 173 174 175
### db:seed_fu
execute "rake db:seed_fu" do
  command <<-EOS
    PATH="/usr/local/bin:$PATH"
    bundle exec rake db:seed_fu RAILS_ENV=#{gitlab['env']}
  EOS
  cwd gitlab['path']
  user gitlab['user']
  group gitlab['group']
176
  action :nothing
177
  subscribes :run, "execute[rake db:schema:load]"
178 179
end

Marin Jankovski's avatar
Marin Jankovski committed
180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201
## Setup Init Script
# Creating the file this way for the following reasons
# 1. Chef 11.4.0 must be used to keep support for AWS OpsWorks
# 2. Using file resource is not an option because it is ran at compilation time
# and at that point the file doesn't exist
# 3. Using cookbook_file resource is not an option because we do not want to include the file
# in the cookbook for maintenance reasons. Same for template resource.
# 4. Using remote_file resource is not an option because Chef 11.4.0 connects to remote URI
# see https://github.com/opscode/chef/blob/11.4.4/lib/chef/resource/remote_file.rb#L63
# 5 Using bash and execute resource is not an option because they would run at every chef run
# and supplying a restriction in the form of "not_if" would prevent an update of a file
# if there is any
# Ruby block is compiled at compilation time but only executed during execution time
# allowing us to create a resource.

ruby_block "Copy from example gitlab init config" do
  block do
    resource = Chef::Resource::File.new("gitlab_init", run_context)
    resource.path "/etc/init.d/gitlab"
    resource.content IO.read(File.join(gitlab['path'], "lib", "support", "init.d", "gitlab"))
    resource.mode 0755
    resource.run_action :create
202
  end
Marin Jankovski's avatar
Marin Jankovski committed
203
end
204

205 206 207 208 209 210 211 212 213
template "/etc/default/gitlab" do
  source "gitlab.default.erb"
  mode 0755
  variables(
    :app_user => node['gitlab']['user'],
    :app_root => node['gitlab']['path']
  )
end

Marin Jankovski's avatar
Marin Jankovski committed
214 215
case gitlab['env']
when 'production'
216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239
  ## Setup logrotate
  # Creating the file this way for the following reasons
  # 1. Chef 11.4.0 must be used to keep support for AWS OpsWorks
  # 2. Using file resource is not an option because it is ran at compilation time
  # and at that point the file doesn't exist
  # 3. Using cookbook_file resource is not an option because we do not want to include the file
  # in the cookbook for maintenance reasons. Same for template resource.
  # 4. Using remote_file resource is not an option because Chef 11.4.0 connects to remote URI
  # see https://github.com/opscode/chef/blob/11.4.4/lib/chef/resource/remote_file.rb#L63
  # 5 Using bash and execute resource is not an option because they would run at every chef run
  # and supplying a restriction in the form of "not_if" would prevent an update of a file
  # if there is any
  # Ruby block is compiled at compilation time but only executed during execution time
  # allowing us to create a resource.

  ruby_block "Copy from example logrotate config" do
    block do
      resource = Chef::Resource::File.new("logrotate", run_context)
      resource.path "/etc/logrotate.d/gitlab"
      resource.content IO.read(File.join(gitlab['path'], "lib", "support", "logrotate", "gitlab"))
      resource.mode 0644
      resource.run_action :create
    end
  end
Marin Jankovski's avatar
Marin Jankovski committed
240

Marin Jankovski's avatar
Marin Jankovski committed
241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256
  # SMTP email settings
  if gitlab['smtp']['enabled']
    smtp = gitlab['smtp']
    template File.join(gitlab['path'], 'config', 'initializers', 'smtp_settings.rb') do
      source "smtp_settings.rb.erb"
      user gitlab['user']
      group gitlab['group']
      variables({
        :address => smtp['address'],
        :port => smtp['port'],
        :username => smtp['username'],
        :password => smtp['password'],
        :domain => smtp['domain'],
        :authentication => smtp['authentication'],
        :enable_starttls_auto => smtp['enable_starttls_auto']
      })
257
      notifies :reload, "service[gitlab]"
Marin Jankovski's avatar
Marin Jankovski committed
258 259 260
    end
  end

Marin Jankovski's avatar
Marin Jankovski committed
261 262 263 264 265 266 267 268 269 270 271 272 273 274
  if gitlab['aws']['enabled']
    template "aws.yml" do
      owner gitlab['user']
      group gitlab['group']
      path "#{gitlab['path']}/config/aws.yml"
      mode 0755
      variables({
        :aws_access_key_id => gitlab['aws']['aws_access_key_id'],
        :aws_secret_access_key => gitlab['aws']['aws_secret_access_key'],
        :bucket => gitlab['aws']['bucket'],
        :region => gitlab['aws']['region'],
        :host => gitlab['aws']['host'],
        :endpoint => gitlab['aws']['endpoint']
      })
275
      notifies :reload, "service[gitlab]"
Marin Jankovski's avatar
Marin Jankovski committed
276 277
    end
  end
278 279 280 281 282 283 284 285 286

  execute "rake assets:clean" do
    command <<-EOS
      PATH="/usr/local/bin:$PATH"
      bundle exec rake assets:clean RAILS_ENV=#{gitlab['env']}
    EOS
    cwd gitlab['path']
    user gitlab['user']
    group gitlab['group']
287 288
    action :nothing
    subscribes :run, "execute[rake db:migrate]", :immediately
289 290 291 292 293 294 295 296 297 298
  end

  execute "rake assets:precompile" do
    command <<-EOS
      PATH="/usr/local/bin:$PATH"
      bundle exec rake assets:precompile RAILS_ENV=#{gitlab['env']}
    EOS
    cwd gitlab['path']
    user gitlab['user']
    group gitlab['group']
299 300
    action :nothing
    subscribes :run, "execute[rake db:migrate]", :immediately
301 302 303 304 305 306 307 308 309 310
  end

  execute "rake cache:clear" do
    command <<-EOS
      PATH="/usr/local/bin:$PATH"
      bundle exec rake cache:clear RAILS_ENV=#{gitlab['env']}
    EOS
    cwd gitlab['path']
    user gitlab['user']
    group gitlab['group']
311 312
    action :nothing
    subscribes :run, "execute[rake db:migrate]", :immediately
313
  end
314 315 316 317
else
  ## For execute javascript test
  include_recipe "phantomjs"
end