From 5e227fdb36fb8d44a4aae6e762b9f928f8f8dc74 Mon Sep 17 00:00:00 2001 From: iv <isabelle.vallet@nexedi.com> Date: Thu, 11 Aug 2016 08:35:24 -0700 Subject: [PATCH] gitlab: Sync upstream configs from omnibus-gitlab 8.8.7+ce.1-0-g5116476 Like f6f97d72 - pristine copy from omnibus-gitlab 8.8.7+ce.1-0-g5116476 Changes are: - gitlab.yml.erb Add gitlab_default_projects_features_container_registry variable to be used by docker containers - nginx.conf.erb Docker related password storage https://gitlab.com/gitlab-org/omnibus-gitlab/issues/1218 (commit f74472d4) - rack_attack.rb.erb Disable Rack Attack throttling if admin disables it in config file - smtp_settings.rb.erb If authentication is not enabled for smtp, don't place it in the config. The following files stay the same: - database.yml.erb - gitconfig.erb - gitlab-shell-config.yml.erb - nginx-gitlab-http.conf.erb - resque.yml.erb - unicorn.rb.erb --- software/gitlab/template/gitlab.yml.erb | 11 +++++++++++ software/gitlab/template/nginx.conf.erb | 4 ++++ software/gitlab/template/rack_attack.rb.erb | 3 ++- software/gitlab/template/smtp_settings.rb.erb | 9 ++++----- 4 files changed, 21 insertions(+), 6 deletions(-) diff --git a/software/gitlab/template/gitlab.yml.erb b/software/gitlab/template/gitlab.yml.erb index 2525d9730..a3f9f42a9 100644 --- a/software/gitlab/template/gitlab.yml.erb +++ b/software/gitlab/template/gitlab.yml.erb @@ -73,6 +73,7 @@ production: &base wiki: <%= @gitlab_default_projects_features_wiki %> snippets: <%= @gitlab_default_projects_features_snippets %> builds: <%= @gitlab_default_projects_features_builds %> + container_registry: <%= @gitlab_default_projects_features_container_registry %> ## Webhook settings # Number of seconds to wait for HTTP response after sending webhook HTTP POST request (default: 10) @@ -124,6 +125,16 @@ production: &base # The location where LFS objects are stored (default: shared/lfs-objects). storage_path: <%= @lfs_storage_path %> + ## Container Registry + registry: + enabled: <%= @registry_enabled %> + host: <%= @registry_host %> + port: <%= @registry_port %> + api_url: <%= @registry_api_url %> # internal address to the registry, will be used by GitLab to directly communicate with API + path: <%= @registry_path %> + key: <%= @registry_key_path %> + issuer: <%= @registry_issuer %> + ## GitLab Pages (EE only) pages: enabled: <%= @pages_enabled %> diff --git a/software/gitlab/template/nginx.conf.erb b/software/gitlab/template/nginx.conf.erb index eb7771a94..4b3b16faf 100644 --- a/software/gitlab/template/nginx.conf.erb +++ b/software/gitlab/template/nginx.conf.erb @@ -51,5 +51,9 @@ http { include <%= @gitlab_mattermost_http_config %>; <% end %> + <% if @gitlab_registry_http_config %> + include <%= @gitlab_registry_http_config %>; + <% end %> + <%= @custom_nginx_config %> } diff --git a/software/gitlab/template/rack_attack.rb.erb b/software/gitlab/template/rack_attack.rb.erb index 2402c0cc2..3207067ae 100644 --- a/software/gitlab/template/rack_attack.rb.erb +++ b/software/gitlab/template/rack_attack.rb.erb @@ -20,8 +20,9 @@ paths_to_be_protected = [ # Create one big regular expression that matches strings starting with any of # the paths_to_be_protected. paths_regex = Regexp.union(paths_to_be_protected.map { |path| /\A#{Regexp.escape(path)}/ }) +rack_attack_enabled = Gitlab.config.rack_attack.git_basic_auth['enabled'] -unless Rails.env.test? +unless Rails.env.test? || !rack_attack_enabled Rack::Attack.throttle('protected paths', limit: <%= @rate_limit_requests_per_period %>, period: <%= @rate_limit_period %>.seconds) do |req| if req.post? && req.path =~ paths_regex req.ip diff --git a/software/gitlab/template/smtp_settings.rb.erb b/software/gitlab/template/smtp_settings.rb.erb index 591bff983..cc35db473 100644 --- a/software/gitlab/template/smtp_settings.rb.erb +++ b/software/gitlab/template/smtp_settings.rb.erb @@ -2,16 +2,15 @@ # erased! To change the contents below, edit /etc/gitlab/gitlab.rb # and run `sudo gitlab-ctl reconfigure`. -<% rails_app = @app == 'gitlab' ? 'Gitlab' : 'GitlabCi' %> -<% container = @app == 'gitlab' ? 'gitlab-rails' : 'gitlab-ci' %> - if Rails.env.production? - <%= rails_app %>::Application.config.action_mailer.delivery_method = :smtp + Gitlab::Application.config.action_mailer.delivery_method = :smtp ActionMailer::Base.smtp_settings = { + <% unless @smtp_authentication.nil? %> authentication: <%= @smtp_authentication.to_s.to_sym.inspect %>, + <% end %> <% %w{ address port user_name password domain enable_starttls_auto tls ssl openssl_verify_mode ca_path ca_file }.each do |key| %> - <% value = node['gitlab'][container]["smtp_#{key}"] %> + <% value = node['gitlab']['gitlab-rails']["smtp_#{key}"] %> <%= "#{key}: #{value.inspect}," unless value.nil? %> <% end %> } -- 2.30.9