update assets

jubilee2 · jubilee2 · commit 7818e66ac48f · 2019-05-06T22:51:55.000-05:00
diff --git a/assets/gitlab.rb b/assets/gitlab.rb
@@ -2,19 +2,32 @@
 ## Prevent Postgres from trying to allocate 25% of total memory
 postgresql['shared_buffers'] = '1MB'
 
+# Disable Prometheus node_exporter inside Docker.
+node_exporter['enable'] = false
+
 # Manage accounts with docker
 manage_accounts['enable'] = false
 
 # Get hostname from shell
 host = `hostname`.strip
 external_url "http://#{host}"
 
+# Explicitly disable init detection since we are running on a container
+package['detect_init'] = false
+
 # Load custom config from environment variable: GITLAB_OMNIBUS_CONFIG
-eval ENV["GITLAB_OMNIBUS_CONFIG"].to_s
+# Disabling the cop since rubocop considers using eval to be security risk but
+# we don't have an easy way out, atleast yet.
+eval ENV["GITLAB_OMNIBUS_CONFIG"].to_s # rubocop:disable Security/Eval
 
 # Load configuration stored in /etc/gitlab/gitlab.rb
 from_file("/etc/gitlab/gitlab.rb")
 
 ###! Minimum worker_processes is 2 at this moment
-###! See https://gitlab.com/gitlab-org/gitlab-ce/issues/18771
+###! See https://docs.gitlab.com/omnibus/settings/rpi.html
+# Reduce the number of running workers to the minimum in order to reduce memory usage
 unicorn['worker_processes'] = 2
+sidekiq['concurrency'] = 9
+
+# Turn off monitoring to reduce idle cpu and disk usage
+prometheus_monitoring['enable'] = false
diff --git a/assets/setup b/assets/setup
@@ -3,12 +3,8 @@
 set -xe
 
 source /RELEASE
-DISTRIB_CODENAME=jessie
 
 # Download & Install GitLab
-# echo "deb https://packages.gitlab.com/gitlab/${PACKAGECLOUD_REPO}/raspbian/ ${DISTRIB_CODENAME} main" > /etc/apt/sources.list.d/gitlab_${RELEASE_PACKAGE}.list
-# wget -q -O - https://packages.gitlab.com/gpg.key | apt-key add -
-# apt-get update
 curl -s https://packages.gitlab.com/install/repositories/gitlab/raspberry-pi2/script.deb.sh | bash
 apt-get install -yq --no-install-recommends ${RELEASE_PACKAGE}=${RELEASE_VERSION}
 rm -rf /var/lib/apt/lists/*
@@ -19,7 +15,6 @@ mkfifo /opt/gitlab/sv/sshd/supervise/ok /opt/gitlab/sv/sshd/log/supervise/ok
 printf "#!/bin/sh\nexec 2>&1\numask 077\nexec /usr/sbin/sshd -D -f /assets/sshd_config -e" > /opt/gitlab/sv/sshd/run
 printf "#!/bin/sh\nexec svlogd -tt /var/log/gitlab/sshd" > /opt/gitlab/sv/sshd/log/run
 chmod a+x /opt/gitlab/sv/sshd/run /opt/gitlab/sv/sshd/log/run
-mkdir -p /var/run/sshd
 
 # Remove current gitlab.rb file
 rm -f /etc/gitlab/gitlab.rb
@@ -29,6 +24,9 @@ sed -i "s/external_url 'GENERATED_EXTERNAL_URL'/# external_url 'GENERATED_EXTERN
 sed -i "s/\/etc\/gitlab\/gitlab.rb/\/assets\/gitlab.rb/" /opt/gitlab/embedded/cookbooks/gitlab/recipes/show_config.rb
 sed -i "s/\/etc\/gitlab\/gitlab.rb/\/assets\/gitlab.rb/" /opt/gitlab/embedded/cookbooks/gitlab/recipes/config.rb
 
+# Set install type to docker
+echo 'gitlab-docker' > /opt/gitlab/embedded/service/gitlab-rails/INSTALLATION_TYPE
+
 # Create groups
 groupadd -g 998 git
 groupadd -g 999 gitlab-www
diff --git a/assets/sshd_config b/assets/sshd_config
@@ -12,10 +12,15 @@ PrintMotd no
 PrintLastLog no
 PubkeyAuthentication yes
 AuthorizedKeysFile %h/.ssh/authorized_keys /gitlab-data/ssh/authorized_keys
+AuthorizedKeysCommand /opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell-authorized-keys-check git %u %k
+AuthorizedKeysCommandUser git
 
 # Fix: User username not allowed because account is locked
 # With "UsePAM yes" the "!" is seen as a password disabled account and not fully locked so ssh public key login works
 UsePAM yes
 
 # Disabling use DNS in ssh since it tends to slow connecting
 UseDNS no
+
+# Enable the use of Git protcol v2
+AcceptEnv GIT_PROTOCOL
diff --git a/assets/update-permissions b/assets/update-permissions
@@ -17,12 +17,24 @@ chown_if_exists()
 	fi
 }
 
+chmod_if_exists()
+{
+	# the last argument of chown is the file or path
+	path="${@:${#@}}"
+	if [ -e "$path" ]; then
+		chmod $@
+	else
+		echo "skipping, path does not exist: $path"
+	fi
+}
+
 # Fix GitLab permissions
 if id -u git; then
 	# Fix data storage
 	chown_if_exists -R git:git /var/opt/gitlab/.ssh
 	chown_if_exists -R git:git /var/opt/gitlab/.gitconfig
 	chown_if_exists -R git:git /var/opt/gitlab/git-data
+	chmod_if_exists 2770 /var/opt/gitlab/git-data/repositories
 	chown_if_exists -R git:git /var/opt/gitlab/gitlab-ci/builds
 	chown_if_exists -R git:git /var/opt/gitlab/gitlab-rails
 	chown_if_exists -R git:git /var/opt/gitlab/gitlab-shell
@@ -31,7 +43,7 @@ if id -u git; then
 	fi
 
 	# Fix log storage
-	chown_if_exists git /var/opt/gitlab/gitlab-workhorse
+	chown_if_exists git /var/log/gitlab/gitlab-workhorse
 	chown_if_exists git /var/log/gitlab/gitlab-rails
 	chown_if_exists git /var/log/gitlab/gitlab-shell
 	chown_if_exists git /var/log/gitlab/sidekiq
@@ -59,6 +71,8 @@ fi
 if id -u gitlab-prometheus; then
 	chown_if_exists -R gitlab-prometheus:gitlab-prometheus /var/opt/gitlab/prometheus
 	chown_if_exists gitlab-prometheus /var/log/gitlab/prometheus
+	chown_if_exists -R gitlab-prometheus:gitlab-prometheus /var/opt/gitlab/alertmanager
+	chown_if_exists gitlab-prometheus /var/log/gitlab/alertmanager
 fi
 
 # Fix redis storage and logs
@@ -74,3 +88,8 @@ fi
 if id -u registry; then
     chown_if_exists -R registry:git /var/opt/gitlab/gitlab-rails/shared/registry
 fi
+
+# Fix mattermost storage
+if id -u mattermost; then
+    chown_if_exists -R mattermost /var/opt/gitlab/mattermost
+fi
diff --git a/assets/wrapper b/assets/wrapper
@@ -17,6 +17,33 @@ function failed_pg_upgrade() {
     exit 1
 }
 
+function clean_stale_pids() {
+    # cleanup known pid/socket files
+    for x in /opt/gitlab/sv /run $(ls -d /tmp/gitaly-ruby* 2>/dev/null) ; do
+        # find
+        #  - any (s)ocket or regular (f)ile
+        #  - by the name of "*.pid" or "socket.?"
+        #  - and delete them
+        find $x \
+            \( \
+              -type f \
+              -o -type s \
+            \) \(\
+              -name pid \
+              -o -name "*.pid" \
+              -o -name "socket.?" \
+            \) \
+            -delete ;
+    done
+}
+
+function detect_unclean_start() {
+    set +e
+    echo "Cleaning stale PIDs & sockets"
+    clean_stale_pids
+    set -e
+}
+
 trap "sigterm_handler; exit" TERM
 
 source /RELEASE
@@ -44,6 +71,9 @@ echo "  docker restart gitlab"
 echo
 sleep 3s
 
+# Run unclean start detection & cleanup
+detect_unclean_start
+
 # Copy gitlab.rb for the first time
 if [[ ! -e /etc/gitlab/gitlab.rb ]]; then
 	echo "Installing gitlab.rb config..."
@@ -73,20 +103,14 @@ echo "Preparing services..."
 rm -f /opt/gitlab/service/*
 ln -s /opt/gitlab/sv/sshd /opt/gitlab/service
 ln -sf /opt/gitlab/embedded/bin/sv /opt/gitlab/init/sshd
+mkdir -p /var/run/sshd
 mkdir -p /var/log/gitlab/sshd
+mkdir -p /var/log/gitlab/reconfigure
 
 # Start service manager
 echo "Starting services..."
 GITLAB_OMNIBUS_CONFIG= /opt/gitlab/embedded/bin/runsvdir-start &
 
-# Configure gitlab package
-# WARNING:
-# the preinst script has the database backup
-# It will not be executed, because all services are not yet started
-# They will be started when `reconfigure` is executed
-echo "Configuring GitLab package..."
-/var/lib/dpkg/info/${RELEASE_PACKAGE}.preinst upgrade
-
 echo "Configuring GitLab..."
 gitlab-ctl reconfigure
 
@@ -97,7 +121,7 @@ if [ "${GITLAB_SKIP_PG_UPGRADE}" != true ]; then
 fi
 
 if [ -n "${GITLAB_POST_RECONFIGURE_SCRIPT+x}" ]; then
-  echo "Runnning Post Reconfigure Script..."
+  echo "Running Post Reconfigure Script..."
   eval "${GITLAB_POST_RECONFIGURE_SCRIPT}"
 fi
 
