Commit 923fd761 authored by DJ Mountney's avatar DJ Mountney

Allow configuration of the authorized_keys file location used by gitlab-shell

Also added an alternative search location for authorized_keys to our docker sshd_config We wil make use of this in the OpenShift template in order to get around root_squash issues with the git user's home directory.
parent 07d58533
......@@ -11,6 +11,7 @@ omnibus-gitlab repository.
- Create logrotate folders and configs even when the service is disabled (Gennady Trafimenkov) eae7c9
- Added nginx options to enable 2-way SSL client authentication (Oliver Hernandez) c51085
- Upgrade Nginx to 1.10.1 67a0bd0
- Allow configuration of the authorized_keys file location used by gitlab-shell
- Upgrade omnibus to 5.4.0 7bac2
- Add configuration that allows disabling of db migrations (Jason Plum) a50d09
- Initial support for Redis Sentinel 267ace
......
......@@ -11,6 +11,7 @@ AllowUsers git
PrintMotd no
PrintLastLog no
PubkeyAuthentication yes
AuthorizedKeysFile %h/.ssh/authorized_keys /gitlab-data/authorized_keys
# Fix: User username not allowed because account is locked
# With "UsePAM yes" the "!" is seen as a password disabled account and not fully locked so ssh public key login works
......
......@@ -456,6 +456,9 @@ external_url 'GENERATED_EXTERNAL_URL'
# For CentOS: sudo yum install epel-release && sudo yum install git-annex
# gitlab_shell['git_annex_enabled'] = false
# gitlab_shell['auth_file'] = "/var/opt/gitlab/.ssh/authorized_keys"
#####################
# GitLab PostgreSQL #
#####################
......
......@@ -311,6 +311,7 @@ default['gitlab']['gitlab-rails']['repositories_storages'] = {
}
default['gitlab']['gitlab-shell']['http_settings'] = nil
default['gitlab']['gitlab-shell']['git_annex_enabled'] = nil
default['gitlab']['gitlab-shell']['auth_file'] = nil
###
......
......@@ -187,6 +187,7 @@ module Gitlab
def generate_config(node_name)
generate_secrets(node_name)
GitlabWorkhorse.parse_variables
GitlabShell.parse_variables
GitlabRails.parse_variables
Logging.parse_variables
Redis.parse_variables
......
......@@ -26,7 +26,6 @@ module GitlabRails
end
def parse_directories
parse_git_data_dirs
parse_shared_dir
parse_artifacts_dir
parse_lfs_objects_dir
......@@ -68,29 +67,6 @@ module GitlabRails
Gitlab['gitlab_rails']['gitlab_port'] = uri.port
end
def parse_git_data_dirs
git_data_dirs = Gitlab['git_data_dirs']
git_data_dir = Gitlab['git_data_dir']
return unless git_data_dirs.any? || git_data_dir
Gitlab['gitlab_shell']['git_data_directories'] ||=
if git_data_dirs.any?
git_data_dirs
else
{ 'default' => git_data_dir }
end
Gitlab['gitlab_rails']['repositories_storages'] ||=
Hash[Gitlab['gitlab_shell']['git_data_directories'].map do |name, path|
[name, File.join(path, 'repositories')]
end]
# Important: keep the satellites.path setting until GitLab 9.0 at
# least. This setting is fed to 'rm -rf' in
# db/migrate/20151023144219_remove_satellites.rb
Gitlab['gitlab_rails']['satellites_path'] ||= File.join(Gitlab['gitlab_shell']['git_data_directories']['default'], "gitlab-satellites")
end
def parse_shared_dir
Gitlab['gitlab_rails']['shared_path'] ||= Gitlab['node']['gitlab']['gitlab-rails']['shared_path']
end
......
#
# Copyright:: Copyright (c) 2016 GitLab Inc.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
module GitlabShell
class << self
def parse_variables
parse_git_data_dirs
parse_auth_file
end
def parse_git_data_dirs
git_data_dirs = Gitlab['git_data_dirs']
git_data_dir = Gitlab['git_data_dir']
return unless git_data_dirs.any? || git_data_dir
Gitlab['gitlab_shell']['git_data_directories'] ||=
if git_data_dirs.any?
git_data_dirs
else
{ 'default' => git_data_dir }
end
Gitlab['gitlab_rails']['repositories_storages'] ||=
Hash[Gitlab['gitlab_shell']['git_data_directories'].map do |name, path|
[name, File.join(path, 'repositories')]
end]
# Important: keep the satellites.path setting until GitLab 9.0 at
# least. This setting is fed to 'rm -rf' in
# db/migrate/20151023144219_remove_satellites.rb
Gitlab['gitlab_rails']['satellites_path'] ||= File.join(Gitlab['gitlab_shell']['git_data_directories']['default'], "gitlab-satellites")
end
def parse_auth_file
Gitlab['user']['home'] ||= Gitlab['node']['gitlab']['user']['home']
Gitlab['gitlab_shell']['auth_file'] ||= File.join(Gitlab['user']['home'], '.ssh', 'authorized_keys')
end
end
end
......@@ -24,7 +24,7 @@ gitlab_shell_var_dir = "/var/opt/gitlab/gitlab-shell"
git_data_directories = node['gitlab']['gitlab-shell']['git_data_directories']
repositories_storages = node['gitlab']['gitlab-rails']['repositories_storages']
ssh_dir = File.join(node['gitlab']['user']['home'], ".ssh")
authorized_keys = File.join(ssh_dir, "authorized_keys")
authorized_keys = node['gitlab']['gitlab-shell']['auth_file']
log_directory = node['gitlab']['gitlab-shell']['log_directory']
hooks_directory = node['gitlab']['gitlab-rails']['gitlab_shell_hooks_path']
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment