omnibus.md 1.54 KB
Newer Older
1
# What you should know about Omnibus packages
2

3 4
Most users install GitLab using our Omnibus packages. As a developer it can be
good to know how the Omnibus packages differ from what you have on your laptop
5 6 7 8
when you are coding.

## Files are owned by root by default

9 10 11 12
All the files in the Rails tree (`app/`, `config/` etc.) are owned by `root` in
Omnibus installations. This makes the installation simpler and it provides
extra security. The Omnibus reconfigure script contains commands that give
write access to the `git` user only where needed.
13

14
For example, the `git` user is allowed to write in the `log/` directory, in
15 16 17 18
`public/uploads`, and they are allowed to rewrite the `db/schema.rb` file.

In other cases, the reconfigure script tricks GitLab into not trying to write a
file. For instance, GitLab will generate a `.secret` file if it cannot find one
19
and write it to the Rails root. In the Omnibus packages, reconfigure writes the
20 21 22 23
`.secret` file first, so that GitLab never tries to write it.

## Code, data and logs are in separate directories

24
The Omnibus design separates code (read-only, under `/opt/gitlab`) from data
25 26 27 28 29 30
(read/write, under `/var/opt/gitlab`) and logs (read/write, under
`/var/log/gitlab`). To make this happen the reconfigure script sets custom
paths where it can in GitLab config files, and where there are no path
settings, it uses symlinks.

For example, `config/gitlab.yml` is treated as data so that file is a symlink.
31
The same goes for `public/uploads`. The `log/` directory is replaced by Omnibus
32
with a symlink to `/var/log/gitlab/gitlab-rails`.