make nginx optional, use ucf for conf files

This commit is contained in:
Praveen Arimbrathodiyil 2016-04-08 17:00:57 +05:30
parent 68078685d6
commit 39a2bfd88a
7 changed files with 204 additions and 37 deletions

9
debian/changelog vendored
View file

@ -1,3 +1,12 @@
gitlab (8.5.8+dfsg-5) UNRELEASED; urgency=medium
* Make nginx optional (Closes: #819260)
* Manage nginx configuration via ucf (Closes: #819262)
* Manage gitlab-debian.conf and gitlab.yml via ucf
* Make postinst more verbose
-- Pirate Praveen <praveen@debian.org> Fri, 08 Apr 2016 01:10:02 +0530
gitlab (8.5.8+dfsg-4) unstable; urgency=medium
* Tighten version requirements for dependencies

View file

@ -4,6 +4,10 @@ gitlab_user=gitlab
gitlab_app_root=/usr/share/gitlab
gitlab_data_dir=/var/lib/gitlab
gitlab_scripts=/usr/lib/gitlab/scripts
gitlab_yml_private=/var/lib/gitlab/gitlab.yml
gitlab_yml=/etc/gitlab/gitlab.yml
gitlab_debian_conf_private=/var/lib/gitlab/gitlab-debian.conf
gitlab_debian_conf=/etc/gitlab/gitlab-debian.conf
gitlab_nginx_log=/var/log/gitlab
gitlab_ssl_path=/etc/gitlab/ssl
gitlab_shell_root=/usr/share/gitlab-shell
@ -13,3 +17,4 @@ gitlab_pid_path=/run/gitlab
nginx_user=www-data
nginx_conf_example=/usr/share/doc/gitlab/nginx.conf.example
nginx_ssl_conf_example_gz=/usr/share/doc/gitlab/nginx.ssl.conf.example.gz
nginx_site_private=/var/lib/gitlab/nginx.conf

1
debian/control vendored
View file

@ -28,6 +28,7 @@ Depends: ${shlibs:Depends}, ${misc:Depends}, ruby | ruby-interpreter,
nginx | httpd,
postfix | exim4 | mail-transport-agent,
openssh-client,
ucf,
gitlab-shell (>= 2.6.10~),
gitlab-workhorse (>= 0.6.2~),
ruby-rails (>= 2:4.2.5.2~),

4
debian/install vendored
View file

@ -1,9 +1,9 @@
debian/conf/gitlab etc/default
debian/conf/unicorn.rb etc/gitlab
debian/conf/database.yml etc/gitlab
debian/conf/gitlab.yml etc/gitlab
debian/conf/gitlab.yml var/lib/gitlab
debian/conf/resque.yml etc/gitlab
debian/conf/gitlab-debian.conf etc/gitlab
debian/conf/gitlab-debian.conf var/lib/gitlab
debian/conf/*.target lib/systemd/system
debian/conf/*.service lib/systemd/system
debian/conf/smtp_settings.rb etc/gitlab/initializers

73
debian/postinst vendored
View file

@ -33,8 +33,11 @@ case "$1" in
# Read and export debian specific configuration
# Only exported variables will be passed on to gitlab app
gitlab_debian_conf=/etc/gitlab/gitlab-debian.conf
export $(cat ${gitlab_debian_conf})
gitlab_debian_conf_private=/var/lib/gitlab/gitlab-debian.conf
export $(cat ${gitlab_debian_conf_private})
# If /etc/gitlab/gitlab-debian.conf is already present, use it
test -f ${gitlab_debian_conf} && export $(cat ${gitlab_debian_conf})
# Create gitlab user
. /usr/lib/gitlab/scripts/adduser.sh
@ -45,6 +48,7 @@ case "$1" in
gitlab_uploads_path=${gitlab_data_dir}/public/uploads
# Create directories and change ownership
echo "Creating runtime directories for gitlab..."
for i in ${gitlab_repo_path} ${gitlab_cache_path} ${gitlab_uploads_path}\
${gitlab_pid_path} ${gitlab_log_dir} ${gitlab_shell_log} ${gitlab_builds_log}; do
mkdir -p $i
@ -56,6 +60,7 @@ case "$1" in
chown ${gitlab_user}:${nginx_user} -R ${gitlab_uploads_path}/.. ${gitlab_pid_path}
# Customize permissions
echo "Updating file permissions..."
chmod -R ug+rwX,o-rwx ${gitlab_repo_path}/
chmod -R ug-s ${gitlab_repo_path}/
find ${gitlab_repo_path}/ -type d -print0 | xargs -0 chmod g+s
@ -72,19 +77,34 @@ case "$1" in
# Obtain hostname from debconf db
db_get gitlab/fqdn
if [ "${RET}" != "" ]; then
if ! grep GITLAB_HOST ${gitlab_debian_conf}; then
if ! grep GITLAB_HOST ${gitlab_debian_conf_private}; then
echo "Configuring hostname and email..."
export GITLAB_HOST=${RET} # We need this to configure nginx below
echo GITLAB_HOST=${RET} >> ${gitlab_debian_conf}
echo GITLAB_EMAIL_FROM="no-reply@${RET}" >> ${gitlab_debian_conf}
echo GITLAB_EMAIL_DISPLAY_NAME="Gitlab" >> ${gitlab_debian_conf}
echo GITLAB_EMAIL_REPLY_TO="no-reply@${RET}" >> ${gitlab_debian_conf}
cat <<EOF >> ${gitlab_debian_conf_private}
GITLAB_HOST=${RET}
GITLAB_EMAIL_FROM="no-reply@${RET}"
GITLAB_EMAIL_DISPLAY_NAME="Gitlab"
GITLAB_EMAIL_REPLY_TO="no-reply@${RET}"
EOF
fi
# Check if ssl option is selected
db_get gitlab/ssl
gl_proto="http"
if [ "${RET}" = "true" ]; then
if ! grep GITLAB_HTTPS ${gitlab_debian_conf}; then
echo GITLAB_HTTPS=${RET} >> ${gitlab_debian_conf}
echo "Configuring nginx with HTTPS..."
if ! grep GITLAB_HTTPS ${gitlab_debian_conf_private}; then
echo GITLAB_HTTPS=${RET} >> ${gitlab_debian_conf_private}
# Workaround for #813770
gl_proto="https"
echo "Configuring gitlab with HTTPS..."
sed -i "s/#port: 80/port: 443/" ${gitlab_yml_private}
sed -i "s/https: false/https: true/" ${gitlab_yml_private}
echo "Updating gitlab_url in gitlab-shell configuration..."
sed -i \
"s/gitlab_url: http*:\/\/.*/gitlab_url: ${gl_proto}:\/\/${GITLAB_HOST}/"\
${gitlab_shell_root}/config.yml
fi
mkdir -p /etc/gitlab/ssl
if [ -f "${nginx_ssl_conf_example_gz}" ]; then
@ -97,6 +117,7 @@ case "$1" in
# Check if letsencrypt option is selected
db_get gitlab/letsencrypt
if [ "${RET}" = "true" ]; then
echo "Configuring letsencrypt..."
# Check if certificate is already present
if [ -e /etc/letsencrypt/live/${GITLAB_HOST}/fullchain.pem ]; then
echo "Let's encrypt certificate already present."
@ -105,29 +126,47 @@ case "$1" in
/etc/gitlab/ssl/gitlab.crt
ln -sf /etc/letsencrypt/live/${GITLAB_HOST}/privkey.pem \
/etc/gitlab/ssl/gitlab.key
# Port 80 and 443 should be available for letsencrypt
if command -v nginx > /dev/null; then
echo "Stopping nginx for letsencrypt..."
invoke-rc.d nginx stop
letsencrypt -d ${GITLAB_HOST} certonly
fi
letsencrypt -d ${GITLAB_HOST} certonly || {
echo "letsencrypt auto configuration failed..."
echo "Stop your webserver and try running letsencrypt manually..."
echo "letsencrypt -d ${GITLAB_HOST} certonly"
}
fi
fi
fi
echo "Registering ${gitlab_yml} via ucf"
ucf --debconf-ok --three-way ${gitlab_yml_private} ${gitlab_yml}
ucfr gitlab ${gitlab_yml}
# Manage gitlab-debian.conf via ucf
echo "Registering ${gitlab_debian_conf} via ucf"
ucf --debconf-ok --three-way ${gitlab_debian_conf_private} ${gitlab_debian_conf}
ucfr gitlab ${gitlab_debian_conf}
if test -f ${nginx_conf_example}; then
nginx_site="/etc/nginx/sites-available/${GITLAB_HOST}"
if test -f ${nginx_site}; then
echo "${nginx_site} is already present, skipping nginx configuration"
else
sed -e "s/YOUR_SERVER_FQDN/${GITLAB_HOST}/"\
${nginx_conf_example} >/etc/nginx/sites-available/${GITLAB_HOST}
ln -fs /etc/nginx/sites-available/${GITLAB_HOST} /etc/nginx/sites-enabled/
${nginx_conf_example} >${nginx_site_private}
ucf --debconf-ok --three-way ${nginx_site_private} ${nginx_site}
ucfr gitlab ${nginx_site}
ln -fs ${nginx_site} /etc/nginx/sites-enabled/
rm -f ${nginx_conf_example_tmp}
fi
else
echo "nginx example configuration file not found"
exit 1
fi
# Reload nginx
if command -v nginx > /dev/null; then
echo "Reloading nginx configuration..."
invoke-rc.d nginx reload
fi
else
echo "Failed to retrieve fully qualified domain name"
exit 1
@ -156,7 +195,7 @@ case "$1" in
echo "Verifying we have all required libraries..."
su ${gitlab_user} -s /bin/sh -c 'bundle install --local'
echo "Running final rake tasks..."
echo "Running final rake tasks and tweaks..."
. /usr/lib/gitlab/scripts/rake-tasks.sh

126
debian/postrm vendored Normal file
View file

@ -0,0 +1,126 @@
#! /bin/sh
# postrm.skeleton
# Skeleton maintainer script showing all the possible cases.
# Written by Charles Briscoe-Smith, March-June 1998. Public Domain.
# Abort if any command returns an error value
set -e
# This script is called twice during the removal of the package; once
# after the removal of the package's files from the system, and as
# the final step in the removal of this package, after the package's
# conffiles have been removed.
# Ensure the menu system is updated
# Read and export debian specific configuration
# Only exported variables will be passed on to gitlab app
echo "Reading gitlab-debian.conf..."
gitlab_debian_conf=/etc/gitlab/gitlab-debian.conf
test -f ${gitlab_debian_conf} && export $(cat ${gitlab_debian_conf})
nginx_site="/etc/nginx/sites-available/${GITLAB_HOST}"
test -f ${nginx_site} && echo "Found nginx site configuration at ${nginx_site}..."
case "$1" in
remove)
# This package is being removed, but its configuration has not yet
# been purged.
:
# Remove diversion
# ldconfig is NOT needed during removal of a library, only during
# installation
;;
purge)
# This package has previously been removed and is now having
# its configuration purged from the system.
:
# we mimic dpkg as closely as possible, so we remove configuration
# files with dpkg backup extensions too:
### Some of the following is from Tore Anderson:
for ext in '~' '%' .bak .ucf-new .ucf-old .ucf-dist; do
rm -f ${nginx_site}$ext
rm -f ${gitlab_debian_conf}$ext
rm -f ${gitlab_yml}$ext
done
# remove the configuration file itself
test -f ${nginx_site} && rm -f ${nginx_site}
test -f ${gitlab_debian_conf} && rm -f ${gitlab_debian_conf}
test -f ${gitlab_yml} && rm -f ${gitlab_yml}
# and finally clear it out from the ucf database
if which ucf >/dev/null; then
test -n "${nginx_site}" && ucf --purge ${nginx_site}
test -n "${gitlab_debian_conf}" && ucf --purge ${gitlab_debian_conf}
test -n "${gitlab_yml}" && ucf --purge ${gitlab_yml}
fi
if which ucfr >/dev/null; then
test -n "${nginx_site}" && ucfr --purge gitlab ${nginx_site}
test -n "${gitlab_debian_conf}" && ucfr --purge gitlab ${gitlab_debian_conf}
test -n "${gitlab_yml}" && ucfr --purge gitlab ${gitlab_yml}
fi
;;
disappear)
if test "$2" != overwriter; then
echo "$0: undocumented call to \`postrm $*'" 1>&2
exit 0
fi
# This package has been completely overwritten by package $3
# (version $4). All our files are already gone from the system.
# This is a special case: neither "prerm remove" nor "postrm remove"
# have been called, because dpkg didn't know that this package would
# disappear until this stage.
:
;;
upgrade)
# About to upgrade FROM THIS VERSION to version $2 of this package.
# "prerm upgrade" has been called for this version, and "preinst
# upgrade" has been called for the new version. Last chance to
# clean up.
:
;;
failed-upgrade)
# About to upgrade from version $2 of this package TO THIS VERSION.
# "prerm upgrade" has been called for the old version, and "preinst
# upgrade" has been called for this version. This is only used if
# the previous version's "postrm upgrade" couldn't handle it and
# returned non-zero. (Fix old postrm bugs here.)
:
;;
abort-install)
# Back out of an attempt to install this package. Undo the effects of
# "preinst install...". There are two sub-cases.
:
if test "${2+set}" = set; then
# When the install was attempted, version $2's configuration
# files were still on the system. Undo the effects of "preinst
# install $2".
:
else
# We were being installed from scratch. Undo the effects of
# "preinst install".
:
fi ;;
abort-upgrade)
# Back out of an attempt to upgrade this package from version $2
# TO THIS VERSION. Undo the effects of "preinst upgrade $2".
:
;;
*) echo "$0: didn't understand being called with \`$1'" 1>&2
exit 0;;
esac
#DEBHELPER#
exit 0

13
debian/rake-tasks.sh vendored
View file

@ -51,19 +51,6 @@ else
invoke-rc.d gitlab start
fi
# Workaround for #813770
if [ "${GITLAB_HTTPS}" = "true" ]; then
gl_proto="https"
sed -i "s/#port: 80/port: 443/" ${gitlab_app_root}/config/gitlab.yml
sed -i "s/https: false/https: true/" ${gitlab_app_root}/config/gitlab.yml
else
gl_proto="http"
fi
sed -i \
"s/gitlab_url: http*:\/\/.*/gitlab_url: ${gl_proto}:\/\/${GITLAB_HOST}/"\
${gitlab_shell_root}/config.yml
# Check gitlab is configured correctly
su ${gitlab_user} -s /bin/sh -c 'bundle exec rake gitlab:check RAILS_ENV=production'