-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathcreate.sh
167 lines (139 loc) · 6.04 KB
/
create.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
#!/bin/bash
set -e
## todo filesystem initialization can be moved to entrypoint.sh.
## this function is recommended to run in root mode.
## But, if this des is in git user HOME, non-root can be ok.
mkdir_for_git ()
{
all_dirs=$@
for d in "$@"
do
# if the dirctory exists, just skip it.
if [[ -f "$d" ]]; then
rm $d
fi
if ! [[ -d "$d" ]]; then
mkdir -p $d;
chown -R ${GITLAB_USER}: $d;
fi
done
}
## ths des dir must be in GITLAB_USER HOME dir.
ln_f ()
{
src=$1;
des=$2;
mkdir_for_git $src
sudo -u ${GITLAB_USER} -H ln -sf $src $des;
}
ln_file ()
{
src=$1;
des=$2;
touch $src;
chown -R ${GITLAB_USER}: $src;
sudo -u ${GITLAB_USER} -H ln -sf $src $des;
}
## link gitlab-workhorse to /usr/local/bin
# gitlab-zip-cat is used when using CI/CD to generate archive.zip file.
ln -s ${GITLAB_WORKHORSE_DIR}/gitlab-* /usr/local/bin/
## link ~/.ssh dir
rm -rf ${GITLAB_HOME}/.ssh
ln_f ${GITLAB_DATA_DIR}/.ssh ${GITLAB_HOME}/.ssh
# configure user env.
sudo -u ${GITLAB_USER} -H git config --global core.autocrlf input
sudo -u ${GITLAB_USER} -H git config --global gc.auto 0
sudo -u ${GITLAB_USER} -H git config --global repack.writeBitmaps true
sudo -u ${GITLAB_USER} -H git config --global receive.advertisePushOptions true
# mkdir_for_git ${GITLAB_DIR} ${GITALY_DIR} ${GITLAB_PAGES_DIR} ${GITLAB_SHELL_DIR} ${GITLAB_WORKHORSE_DIR}
# @important: please make sure all upstream images data has owner ${GITLAB_USER}.
mkdir_for_git ${GITLAB_CONFIG_DIR} ${GITLAB_DATA_DIR} ${GITLAB_PAGES_DIR} ${GITLAB_CACHE_DIR} ${GITLAB_LOG_DIR}
## init gitlab tmp dir.
# the dir ${GITLAB_DIR}/tmp already exists.
# https://docs.gitlab.com/ce/install/installation.html#configure-it
echo "linking gitlab config."
rm -rf ${GITLAB_DIR}/tmp
ln_f ${GITLAB_DATA_DIR}/tmp ${GITLAB_DIR}/tmp
# todo: Restrict Gitaly socket access
# sudo chmod 0700 /home/git/gitlab/tmp/sockets/private
# sudo chown git /home/git/gitlab/tmp/sockets/private
## init gitlab log dir.
rm -rf ${GITLAB_DIR}/log
ln_f ${GITLAB_LOG_DIR}/gitlab ${GITLAB_DIR}/log
ln_file ${GITLAB_LOG_DIR}/gitlab/gitlab-shell.log ${GITLAB_SHELL_DIR}/gitlab-shell.log
# ln gitlab-shell logs (@see home/git/gitlab/lib/support/logrotate/gitlab)
## init public/upload dir.
rm -rf ${GITLAB_DIR}/public/uploads
ln_f ${GITLAB_DATA_DIR}/public/uploads ${GITLAB_DIR}/public/uploads
chmod 0700 ${GITLAB_DATA_DIR}/public/uploads
# Change the permissions of the directory where CI job traces are stored
rm -rf ${GITLAB_DIR}/builds/
ln_f ${GITLAB_DATA_DIR}/builds/ ${GITLAB_DIR}/builds
## shared dir
# ls shared -> artifacts cahce lfs-objects pages registry
rm -rf ${GITLAB_DIR}/shared/artifacts ${GITLAB_DIR}/shared/lfs-objects ${GITLAB_DIR}/shared/pages ${GITLAB_DIR}/shared/registry
ln_f ${GITLAB_DATA_DIR}/shared/artifacts ${GITLAB_DIR}/shared/artifacts
ln_f ${GITLAB_DATA_DIR}/shared/lfs-objects ${GITLAB_DIR}/shared/lfs-objects
ln_f ${GITLAB_DATA_DIR}/shared/registry ${GITLAB_DIR}/shared/registry
# we keep shared/pages as volume for gitlab-pages.
ln_f ${GITLAB_PAGES_DATA_DIR} ${GITLAB_DIR}/shared/pages
## init .secret
rm -rf ${GITLAB_DIR}/.secret
mkdir -p ${GITLAB_DATA_DIR}/.secret
ln_file ${GITLAB_DATA_DIR}/.secret ${GITLAB_DIR}/.secret
# remove gitlab shell and workhorse secrets
rm -f ${GITLAB_DIR}/.gitlab_shell_secret ${GITLAB_DIR}/.gitlab_workhorse_secret
## repository dir
rm -rf ${GIT_REPOSITORIES_DIR}
ln_f ${GITLAB_DATA_DIR}/repositories ${GIT_REPOSITORIES_DIR}
# todo Configure GitLab DB Settings
# todo in Configure: sudo -u git -H chmod 0600 config/secrets.yml
## config sshd.
sed -i \
-e "s|^[#]*UsePAM yes|UsePAM no|" \
-e "s|^[#]*UsePrivilegeSeparation yes|UsePrivilegeSeparation no|" \
-e "s|^[#]*PasswordAuthentication yes|PasswordAuthentication no|" \
-e "s|^[#]*LogLevel INFO|LogLevel VERBOSE|" \
-e "s|^[#]*X11Forwarding yes|X11Forwarding no|" \
/etc/ssh/sshd_config
echo "UseDNS no" >> /etc/ssh/sshd_config
# in some system, those lines are commented.
sed -i "s|^[#]*HostKey /etc/ssh/|HostKey ${GITLAB_DATA_DIR}/ssh/|g" /etc/ssh/sshd_config
# ssh_host file will be created at container runing.
rm -rf /etc/ssh/ssh_host_*_key /etc/ssh/ssh_host_*_key.pub
## copy config files
# copy gitlab config files
ln_file ${GITLAB_CONFIG_DIR}/gitlab.yml ${GITLAB_DIR}/config/gitlab.yml
ln_file ${GITLAB_CONFIG_DIR}/database.yml ${GITLAB_DIR}/config/database.yml
ln_file ${GITLAB_CONFIG_DIR}/redis.cable.yml ${GITLAB_DIR}/config/cable.yml
ln_file ${GITLAB_CONFIG_DIR}/redis.cache.yml ${GITLAB_DIR}/config/redis.cache.yml
ln_file ${GITLAB_CONFIG_DIR}/redis.queues.yml ${GITLAB_DIR}/config/redis.queues.yml
ln_file ${GITLAB_CONFIG_DIR}/redis.shared_state.yml ${GITLAB_DIR}/config/redis.shared_state.yml
ln_file ${GITLAB_CONFIG_DIR}/redis.trace_chunks.yml ${GITLAB_DIR}/config/redis.trace_chunks.yml
ln_file ${GITLAB_CONFIG_DIR}/resque.yml ${GITLAB_DIR}/config/resque.yml
ln_file ${GITLAB_CONFIG_DIR}/secrets.yml ${GITLAB_DIR}/config/secrets.yml
ln_file ${GITLAB_CONFIG_DIR}/puma.rb ${GITLAB_DIR}/config/puma.rb
#copy gitlab-shell config files
ln_file ${GITLAB_CONFIG_DIR}/gitlab-shell.config.yml ${GITLAB_SHELL_DIR}/config.yml
# copy gitaly config files
ln_file ${GITLAB_CONFIG_DIR}/gitaly.config.toml ${GITALY_DIR}/config.toml
ln_file ${GITLAB_CONFIG_DIR}/gitaly.config.praefect.toml ${GITALY_DIR}/config.praefect.toml
# gitlab pages secret.
ln_file ${GITLAB_CONFIG_DIR}/pages_secret.txt ${GITLAB_DIR}/.gitlab_pages_secret
## Patch for gitaly to set bundle path
bundle_conf=${GITALY_DIR}/ruby/.bundle/config
if [ ! -f ${bundle_conf} ]
then
mkdir -p ${GITALY_DIR}/ruby/.bundle
cat > ${bundle_conf} <<EOF
---
BUNDLE_DEPLOYMENT: "true"
BUNDLE_PATH: "vendor/bundle"
EOF
fi
## Install Init Script
# cp ${GITLAB_DIR}/lib/support/init.d/gitlab /etc/init.d/gitlab
## Set up Logrotate
# fix "unknown group 'syslog'" error preventing logrotate from functioning (from: https://github.com/sameersbn/docker-gitlab/blob/master/assets/build/install.sh)
# sed -i "s|^su root syslog$|su root root|" /etc/logrotate.conf
# cp ${GITLAB_DIR}/lib/support/logrotate/gitlab /etc/logrotate.d/gitlab