debian-mirror-gitlab/debian
Praveen Arimbrathodiyil 9d7b2f0778 upload to unstable
2017-05-11 22:29:53 +05:30
..
conf add comment for unique matching 2017-04-19 15:33:00 +05:30
missing-sources add non minified source for latinise.js 2016-01-20 00:11:53 +05:30
patches Revert "Fix CVE-2017-8778" 2017-05-06 23:02:07 +05:30
po add POTFILES.in 2015-10-24 13:03:36 +05:30
source update lintian overrides 2017-02-07 22:40:42 +05:30
tests export DB before bundle in autopkgtest 2017-03-17 22:52:59 +05:30
adduser.sh read gitlab_user from debconf 2017-02-16 16:35:08 +05:30
changelog upload to unstable 2017-05-11 22:29:53 +05:30
compat bump compat to 9 2016-01-20 00:37:16 +05:30
config fix letsencrypt email handling 2017-04-27 11:23:26 +05:30
control use dbconfig-common for database 2017-04-21 12:47:11 +05:30
copyright Repack source to remove fuzzaldrin-plus.js 2017-04-13 18:13:05 +05:30
gitlab-check.sh use -- sh -c for runuser 2017-04-21 15:03:54 +05:30
gitlab.docs update install file and nginx conf files 2017-02-20 17:03:20 +05:30
gitlab.gitlab-mailroom.service remove hard coded gitlab user 2017-02-16 17:35:01 +05:30
gitlab.gitlab-sidekiq.service remove hard coded gitlab user 2017-02-16 17:35:01 +05:30
gitlab.gitlab-unicorn.service remove hard coded gitlab user 2017-02-16 17:35:01 +05:30
gitlab.gitlab-workhorse.service remove hard coded gitlab user 2017-02-16 17:35:01 +05:30
gitlab.init add init script 2015-11-11 16:23:27 +05:30
gitlab.links Revert "Run wrap-and-sort -a" 2017-02-20 17:20:00 +05:30
gitlab.lintian-overrides update lintian overrides 2017-02-07 22:40:42 +05:30
gitlab.service Rewrite terrible upstream .service files: 2016-07-18 04:15:13 +10:00
gitlab.templates ask email for letsencrypt 2017-04-26 20:23:50 +05:30
gitlab.triggers add dpkg trigger to recreate Gemfile.lock 2016-12-08 23:46:56 +05:30
install use dbconfig-common for database 2017-04-21 12:47:11 +05:30
maintscript remove obsolete conffiles (thanks, adequate). 2016-09-20 17:04:11 +10:00
postinst remove hard coded gitlab user in postinst 2017-05-11 22:27:11 +05:30
postrm remove dbconfig-common config in purge 2017-05-11 22:20:51 +05:30
rake-tasks.sh use -- sh -c for runuser 2017-04-21 15:03:54 +05:30
README.Debian update doc with new way of reading variables 2017-04-20 11:53:38 +05:30
ruby-gitlab-ce.git.docs Revert "Run wrap-and-sort -a" 2017-02-20 17:20:00 +05:30
rules create db/schema.rb only in postinst 2016-10-01 15:08:03 +05:30
upstream-file-count-check.sh not ignoring public 2016-04-04 14:51:16 +05:30
watch update changelog and watch for new upstream release 2017-01-15 13:19:06 +05:30

Debian specific changes in gitlab
=================================

1. Redis connection: redis-server package in debian follows upstream default
and listens on tcp port 6379. So gitlab package in debian is configured to use
tcp sockets. gitlab developers recommend using unix sockets. You can change to
using unix sockets by changing the following configuration files.

 /etc/redis/redis.conf and /etc/gitlab/resque.yml

2. wiki backend: debian package uses gollum-rugged_adapter whereas gitlab
upstream still use gollum-grit_adapter. grit is no longer maintained and grit
developers recommend switching to rugged. gollum-lib developers have announced
their intention to switch to rugged_adapter by default and this is in progress.

3. default paths: debian package has changed some default values for paths
which you can see at /etc/gitlab/gitlab-debian.conf

4. database: gitlab package configures postgresql database with peer
authentication.

5. gem versions: some gem dependency requirements are relaxed to work with
their packaged version in debian.

You can find the list of gems required by gitlab and their corresponding
package versions in debian at
http://debian.fosscommunity.in/status/?appname=gitlab&sort=satisfied

6. vendored js files: some embedded javascript files in
vendor/assets/javascripts are replaced by their packaged version.

7. root directory of rails is read only (/usr/share/gitlab); following symbolic
links are added to enable write access to gitlab app

> config -> /etc/gitlab
> Gemfile.lock -> /var/lib/gitlab/Gemfile.lock
> log -> /var/log/gitlab
> builds -> /var/log/gitlab/builds
> tmp -> /run/gitlab
> /run/gitlab/cache -> var/lib/gitlab/cache
> public -> /var/lib/gitlab/public
> shared -> /var/lib/gitlab/shared
> db -> /var/lib/gitlab/db
> /usr/share/gitlab/.secret -> /var/lib/gitlab/.secret

8. ssl certificates: This package tries to use letsencrypt package to obtain
ssl certificates, if it is installed (via Recommends). If letsencrypt is not
required, you can copy ssl certificate and key to /etc/gitlab/ssl as gitlab.crt
and gitlab.key. If letsencrypt option is selected, symbolic links are added for
certificates obtained using letsencrypt to /etc/gitlab/ssl.

9. exim compatibility issue: If you use exim as your mta, then see
https://github.com/gitlabhq/gitlabhq/issues/4866#issuecomment-145784636

Useful diagnostics
==================

Upstream documentation will instruct to run commands like the following:

    $ sudo -u gitlab -H bundle exec rake XXX RAILS_ENV=production

Where XXX is something like "db:migrate", "gitlab:check" or "gitlab:env:info".
In Debian, the rake command has to be called by the gitlab user from app home
directory /usr/share/gitlab and with the environment variables from
/etc/gitlab/gitlab-debian.conf set. So above command could be run like:

    $ runuser -u gitlab -- sh -c 'cd /usr/share/gitlab && . /etc/gitlab/gitlab-debian.conf && export DB RAILS_ENV && rake XXX RAILS_ENV=production'

One useful command to run in this environment is:

    $ rake gitlab:check RAILS_ENV=production

Which will output helpful diagnostics about the state of your system including
how to fix possible problems. Another one is:

    $ rake gitlab:env:info RAILS_ENV=production

To see service status with systemd, you can use:

    $ systemctl status gitlab.service -l
    $ systemctl status gitlab-unicorn.service -l
    $ systemctl status gitlab-sidekiq.service -l
    $ systemctl status gitlab-workhorse.service -l
    $ journalctl -xn

It is advised to attach the output of above commands to bugreports.

Migrating from non-Debian gitlab
================================

 0. Backup everything you don't want to loose like:
      - the postgresql database used by your gitlab instance
      - the repositories/ directory
      - the public/uploads/ directory
      - your .ssh/authorized_keys
 1. Remove the init script for your old gitlab installation, like:
      $ rm /etc/init.d/gitlab
 2. Install Debian gitlab:
      $ apt-get install gitlab
 3. Stop gitlab services:
      $ systemctl stop gitlab.service
 4. Rename your old database to gitlab_production and set the user gitlab as
    its owner and the owner of all its tables, sequences and views
      $ su - postgres
      $ psql
      # drop database gitlab_production;
      # alter database gitlabhq_production rename to gitlab_production;
      # alter database gitlab_production owner to gitlab;
      # \q
      $ for tbl in `psql -qAt -c "select tablename from pg_tables where schemaname = 'public';" gitlab_production` ; do  psql -c "alter table \"$tbl\" owner to gitlab" gitlab_production ; done
      $ for tbl in `psql -qAt -c "select sequence_name from information_schema.sequences where sequence_schema = 'public';" gitlab_production` ; do  psql -c "alter table \"$tbl\" owner to gitlab" gitlab_production ; done
 5. Copy your old repository directory to /var/lib/gitlab/repositories/
 6. Copy your old public/uploads/ directory to /var/lib/gitlab/public/uploads/
 7. Copy your old .ssh/authorized_keys to /var/lib/gitlab/.ssh/authorized_keys
 8. Fix your /var/lib/gitlab/.ssh/authorized_keys to contain the right path to gitlab-shell like:
      $ sed -i 's/^command="[^ ]\+gitlab-shell /command="\/usr\/share\/gitlab-shell\/bin\/gitlab-shell /' /usr/share/gitlab/.ssh/authorized_keys
 9. Fix permission:
      $ chown -R gitlab:gitlab /var/lib/gitlab/repositories/ /var/lib/gitlab/public/uploads/ /var/lib/gitlab/.ssh/authorized_keys
      $ chmod -R ug+rwX,o-rwx /var/lib/gitlab/repositories/
      $ find /var/lib/gitlab/public/uploads -type f -exec chmod 0644 {} \;
      $ find /var/lib/gitlab/public/uploads -type d -not -path /var/lib/gitlab/public/uploads -exec chmod 0700 {} \;
 10. Migrate the database:
      $ runuser -u gitlab -- sh -c 'cd /usr/share/gitlab && . /etc/gitlab/gitlab-debian.conf && export DB RAILS_ENV && rake db:migrate RAILS_ENV=production'
 11. Fix hooks:
      # su gitlab
      $ /usr/share/gitlab-shell/bin/create-hooks
 12. Start gitlab:
       $ systemctl start gitlab.service
 13. Check the installation:
      $ runuser -u gitlab -- sh -c 'cd /usr/share/gitlab && . /etc/gitlab/gitlab-debian.conf && export DB RAILS_ENV && rake gitlab:check RAILS_ENV=production'

Resetting admin password without web interface
==============================================

    $ runuser -u gitlab -- sh -c 'cd /usr/share/gitlab && . /etc/gitlab/gitlab-debian.conf && export DB RAILS_ENV && rails console production'
    irb(main):001:0> user = User.where(admin: true).first
    irb(main):002:0> user.password = 'secret_pass'
    irb(main):003:0> user.password_confirmation = 'secret_pass'
    irb(main):004:0> user.save!