Add SSL_CERT_DIR for all embedded Go services
We have Go programs that use Go's own crypto/tls library instead of OpenSSL.
We can tell crypto/tls about /opt/gitlab/embedded/ssl/certs/ by setting
SSL_CERT_DIR=/opt/gitlab/embedded/ssl/certs/.
This addes this value to all of the env nodes for the approriate services
that use Go.
Closes #3701 (closed)
Merge request reports
Activity
assigned to @ibaum
assigned to @WarheadsSE
I am not altering
gitlab-pages, as it has it's own chroot behaviors, and will only observeSSL_CERT_FILE
1 Warning 
You’ve made some changes at the locations which contain user facing configuration.
That’s OK as long as you’re refactoring existing code and not adding any new
configuration. If you are adding new user facing configuration, consider adding
to gitlab.rb.template located in files/gitlab-config-template/gitlab.rb.template .
Otherwise, please consider adding the ~backstage label in that case.Generated by
Edited by 🤖 GitLab Bot 🤖added 5 commits
- 8889fd61 - alertmanager: add configuration attribute for environment
- cb6d3d49 - prometheus: add configuration attribute for environment
- a13ef5ad - redis-exporter: add configuration attribute for environment
- 9f335e65 - node-exporter: add configuration attribute for environment
- 68542f82 - pgbouncer: add configuration attribute for environment
Toggle commit listI've fixed everything here to now behave as expected, and corrected an issue on breaking test for output
runcommands undersv.Final step would be to add in the appropriate tests for these added environment entries. I'm looking into where these need to be added, and found spec/support/env_dir.rb in addition to some specific items in
spec/chef/recipes/*. I did notive, however, that the checking of existing defaults values is fairly limited.@ibaum @balasankarc Would you be able to point anything out, which I might be missing?
I'm looking into where these need to be added, and found spec/support/env_dir.rb in addition to some specific items in
spec/chef/recipes/*Regarding test locations, this sounds about right.
@balasankarc So, should I assume I should only be adding them to the individual recipes specs?
-
@WarheadsSE Sorry for not being clear. IMO, you can add entries corresponding to different services to https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/spec/support/env_dir.rb. Then, in individual recipe specs, add tests like
it_behaves_like "enabled gitlab-workhorse env", "IAM", 'CUSTOMVAR'with both default values and user specified values.
added 44 commits
-
204b5d24...1f6471cd - 32 commits from branch
master - b81142f3 - Add SSL_CERT_DIR for all embedded Go services
- d0b42a5e - gitaly: set SSL_CERT_DIR properly
- 956c4801 - pages: remove 'env', as not used
- 052e3f96 - consul: add configuration attribute for environment, SSL_CERT_DIR
- 712e4c3e - alertmanager: add configuration attribute for environment
- abfe7988 - prometheus: add configuration attribute for environment
- 8c711780 - redis-exporter: add configuration attribute for environment
- 24013a0c - node-exporter: add configuration attribute for environment
- 125ec06a - pgbouncer: add configuration attribute for environment
- c1066d37 - consul: fix env attribute handling
- 99a4e10d - pgbouncer: fix env attriube handling
- bd6ccc18 - gitlab sv-run templates: fix argument order for specs
Toggle commit list-
204b5d24...1f6471cd - 32 commits from branch
mentioned in commit a58b554e
