1_settings.rb 18.2 KB
Newer Older
1 2
require 'gitlab' # Load lib/gitlab.rb as soon as possible

3
class Settings < Settingslogic
4
  source ENV.fetch('GITLAB_CONFIG') { "#{Rails.root}/config/gitlab.yml" }
5
  namespace Rails.env
6 7

  class << self
8 9
    def gitlab_on_standard_port?
      on_standard_port?(gitlab)
10
    end
11

12 13
    def host_without_www(url)
      host(url).sub('www.', '')
14
    end
15

Valery Sizov's avatar
Valery Sizov committed
16
    def build_gitlab_ci_url
17
      if on_standard_port?(gitlab)
Valery Sizov's avatar
Valery Sizov committed
18 19 20 21 22 23 24 25 26 27 28
        custom_port = nil
      else
        custom_port = ":#{gitlab.port}"
      end
      [ gitlab.protocol,
        "://",
        gitlab.host,
        custom_port,
        gitlab.relative_url_root
      ].join('')
    end
29

30 31 32 33
    def build_pages_url
      base_url(pages).join('')
    end

34
    def build_gitlab_shell_ssh_path_prefix
35 36
      user_host = "#{gitlab_shell.ssh_user}@#{gitlab_shell.ssh_host}"

37
      if gitlab_shell.ssh_port != 22
38
        "ssh://#{user_host}:#{gitlab_shell.ssh_port}/"
39
      else
40
        if gitlab_shell.ssh_host.include? ':'
41
          "[#{user_host}]:"
42
        else
43
          "#{user_host}:"
44
        end
45 46 47
      end
    end

48
    def build_base_gitlab_url
49
      base_url(gitlab).join('')
50 51
    end

52
    def build_gitlab_url
53
      (base_url(gitlab) + [gitlab.relative_url_root]).join('')
54
    end
55

56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79
    def kerberos_protocol
      kerberos.https ? "https" : "http"
    end

    def kerberos_port
      kerberos.use_dedicated_port ? kerberos.port : gitlab.port
    end

    # Curl expects username/password for authentication. However when using GSS-Negotiate not credentials should be needed.
    # By inserting in the Kerberos dedicated URL ":@", we give to curl an empty username and password and GSS auth goes ahead
    # Known bug reported in http://sourceforge.net/p/curl/bugs/440/ and http://curl.haxx.se/docs/knownbugs.html
    def build_gitlab_kerberos_url
      [ kerberos_protocol,
        "://:@",
        gitlab.host,
        ":#{kerberos_port}",
        gitlab.relative_url_root
      ].join('')
    end

    def alternative_gitlab_kerberos_url?
      kerberos.enabled && (build_gitlab_kerberos_url != build_gitlab_url)
    end

80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101
    # check that values in `current` (string or integer) is a contant in `modul`.
    def verify_constant_array(modul, current, default)
      values = default || []
      if !current.nil?
        values = []
        current.each do |constant|
          values.push(verify_constant(modul, constant, nil))
        end
        values.delete_if { |value| value.nil? }
      end
      values
    end

    # check that `current` (string or integer) is a contant in `modul`.
    def verify_constant(modul, current, default)
      constant = modul.constants.find{ |name| modul.const_get(name) == current }
      value = constant.nil? ? default : modul.const_get(constant)
      if current.is_a? String
        value = modul.const_get(current.upcase) rescue default
      end
      value
    end
102 103 104

    private

105 106 107
    def base_url(config)
      custom_port = on_standard_port?(config) ? nil : ":#{config.port}"
      [ config.protocol,
108
        "://",
109
        config.host,
110 111 112
        custom_port
      ]
    end
113 114 115 116

    def on_standard_port?(config)
      config.port.to_i == (config.https ? 443 : 80)
    end
117

118 119 120 121 122 123 124 125 126 127
    # Extract the host part of the given +url+.
    def host(url)
      url = url.downcase
      url = "http://#{url}" unless url.start_with?('http')

      # Get rid of the path so that we don't even have to encode it
      url_without_path = url.sub(%r{(https?://[^\/]+)/?.*}, '\1')

      URI.parse(url_without_path).host
    end
128 129
  end
end
130 131 132

# Default settings
Settings['ldap'] ||= Settingslogic.new({})
133
Settings.ldap['enabled'] = false if Settings.ldap['enabled'].nil?
134
Settings.ldap['sync_time'] = 3600 if Settings.ldap['sync_time'].nil?
135
Settings.ldap['schedule_sync_daily'] = 1 if Settings.ldap['schedule_sync_daily'].nil?
136 137
Settings.ldap['schedule_sync_hour'] = 1 if Settings.ldap['schedule_sync_hour'].nil?
Settings.ldap['schedule_sync_minute'] = 30  if Settings.ldap['schedule_sync_minute'].nil?
138

139 140 141
# backwards compatibility, we only have one host
if Settings.ldap['enabled'] || Rails.env.test?
  if Settings.ldap['host'].present?
142 143
    # We detected old LDAP configuration syntax. Update the config to make it
    # look like it was entered with the new syntax.
144
    server = Settings.ldap.except('sync_time')
145
    Settings.ldap['servers'] = {
146
      'main' => server
147
    }
148 149
  end

150
  Settings.ldap['servers'].each do |key, server|
151
    server = Settingslogic.new(server)
152
    server['label'] ||= 'LDAP'
153
    server['timeout'] ||= 10.seconds
154
    server['block_auto_created_users'] = false if server['block_auto_created_users'].nil?
155 156
    server['allow_username_or_email_login'] = false if server['allow_username_or_email_login'].nil?
    server['active_directory'] = true if server['active_directory'].nil?
157
    server['attributes'] = {} if server['attributes'].nil?
158
    server['provider_name'] ||= "ldap#{key}".downcase
159
    server['provider_class'] = OmniAuth::Utils.camelize(server['provider_name'])
160
    Settings.ldap['servers'][key] = server
161 162
  end
end
163

Valery Sizov's avatar
Valery Sizov committed
164

165
Settings['omniauth'] ||= Settingslogic.new({})
166
Settings.omniauth['enabled']      = false if Settings.omniauth['enabled'].nil?
167
Settings.omniauth['auto_sign_in_with_provider'] = false if Settings.omniauth['auto_sign_in_with_provider'].nil?
168 169 170
Settings.omniauth['allow_single_sign_on'] = false if Settings.omniauth['allow_single_sign_on'].nil?
Settings.omniauth['block_auto_created_users'] = true if Settings.omniauth['block_auto_created_users'].nil?
Settings.omniauth['auto_link_ldap_user'] = false if Settings.omniauth['auto_link_ldap_user'].nil?
171
Settings.omniauth['auto_link_saml_user'] = false if Settings.omniauth['auto_link_saml_user'].nil?
172

173
Settings.omniauth['providers']  ||= []
tduehr's avatar
tduehr committed
174 175 176 177
Settings.omniauth['cas3'] ||= Settingslogic.new({})
Settings.omniauth.cas3['session_duration'] ||= 8.hours
Settings.omniauth['session_tickets'] ||= Settingslogic.new({})
Settings.omniauth.session_tickets['cas3'] = 'ticket'
178

179
# Fill out omniauth-gitlab settings. It is needed for easy set up GHE or GH by just specifying url.
180 181

github_default_url = "https://github.com"
182
github_settings = Settings.omniauth['providers'].find { |provider| provider["name"] == "github"}
183

Valery Sizov's avatar
Valery Sizov committed
184
if github_settings
185 186 187 188 189 190 191
  # For compatibility with old config files (before 7.8)
  # where people dont have url in github settings
  if github_settings['url'].blank?
    github_settings['url'] = github_default_url
  end

  if github_settings["url"].include?(github_default_url)
192
    github_settings["args"]["client_options"] = OmniAuth::Strategies::GitHub.default_options[:client_options]
Valery Sizov's avatar
Valery Sizov committed
193 194 195 196 197 198 199
  else
    github_settings["args"]["client_options"] = {
      "site" =>          File.join(github_settings["url"], "api/v3"),
      "authorize_url" => File.join(github_settings["url"], "login/oauth/authorize"),
      "token_url" =>     File.join(github_settings["url"], "login/oauth/access_token")
    }
  end
200 201
end

202 203
Settings['shared'] ||= Settingslogic.new({})
Settings.shared['path'] = File.expand_path(Settings.shared['path'] || "shared", Rails.root)
204

205 206
Settings['issues_tracker']  ||= {}

207 208 209
#
# GitLab
#
210
Settings['gitlab'] ||= Settingslogic.new({})
211
Settings.gitlab['default_projects_limit'] ||= 10
212
Settings.gitlab['default_branch_protection'] ||= 2
213
Settings.gitlab['default_can_create_group'] = true if Settings.gitlab['default_can_create_group'].nil?
214
Settings.gitlab['default_theme'] = Gitlab::Themes::APPLICATION_DEFAULT if Settings.gitlab['default_theme'].nil?
215
Settings.gitlab['host']       ||= ENV['GITLAB_HOST'] || 'localhost'
216
Settings.gitlab['ssh_host']   ||= Settings.gitlab.host
217
Settings.gitlab['https']        = false if Settings.gitlab['https'].nil?
218
Settings.gitlab['port']       ||= Settings.gitlab.https ? 443 : 80
219
Settings.gitlab['relative_url_root'] ||= ENV['RAILS_RELATIVE_URL_ROOT'] || ''
220
Settings.gitlab['protocol']   ||= Settings.gitlab.https ? "https" : "http"
221
Settings.gitlab['email_enabled'] ||= true if Settings.gitlab['email_enabled'].nil?
222 223 224
Settings.gitlab['email_from'] ||= ENV['GITLAB_EMAIL_FROM'] || "gitlab@#{Settings.gitlab.host}"
Settings.gitlab['email_display_name'] ||= ENV['GITLAB_EMAIL_DISPLAY_NAME'] || 'GitLab'
Settings.gitlab['email_reply_to'] ||= ENV['GITLAB_EMAIL_REPLY_TO'] || "noreply@#{Settings.gitlab.host}"
225
Settings.gitlab['base_url']   ||= Settings.send(:build_base_gitlab_url)
226
Settings.gitlab['url']        ||= Settings.send(:build_gitlab_url)
227
Settings.gitlab['user']       ||= 'git'
228 229 230 231 232
Settings.gitlab['user_home']  ||= begin
  Etc.getpwnam(Settings.gitlab['user']).dir
rescue ArgumentError # no user configured
  '/home/' + Settings.gitlab['user']
end
233
Settings.gitlab['time_zone']  ||= nil
Dmitriy Zaporozhets's avatar
Dmitriy Zaporozhets committed
234
Settings.gitlab['signup_enabled'] ||= true if Settings.gitlab['signup_enabled'].nil?
235
Settings.gitlab['signin_enabled'] ||= true if Settings.gitlab['signin_enabled'].nil?
236
Settings.gitlab['twitter_sharing_enabled'] ||= true if Settings.gitlab['twitter_sharing_enabled'].nil?
237
Settings.gitlab['restricted_visibility_levels'] = Settings.send(:verify_constant_array, Gitlab::VisibilityLevel, Settings.gitlab['restricted_visibility_levels'], [])
238
Settings.gitlab['username_changing_enabled'] = true if Settings.gitlab['username_changing_enabled'].nil?
239
Settings.gitlab['issue_closing_pattern'] = '((?:[Cc]los(?:e[sd]?|ing)|[Ff]ix(?:e[sd]|ing)?|[Rr]esolv(?:e[sd]?|ing)) +(?:(?:issues? +)?%{issue_ref}(?:(?:, *| +and +)?)|([A-Z][A-Z0-9_]+-\d+))+)' if Settings.gitlab['issue_closing_pattern'].nil?
240
Settings.gitlab['default_projects_features'] ||= {}
241
Settings.gitlab['webhook_timeout'] ||= 10
242
Settings.gitlab['max_attachment_size'] ||= 10
243
Settings.gitlab['session_expire_delay'] ||= 10080
244 245 246
Settings.gitlab.default_projects_features['issues']         = true if Settings.gitlab.default_projects_features['issues'].nil?
Settings.gitlab.default_projects_features['merge_requests'] = true if Settings.gitlab.default_projects_features['merge_requests'].nil?
Settings.gitlab.default_projects_features['wiki']           = true if Settings.gitlab.default_projects_features['wiki'].nil?
247
Settings.gitlab.default_projects_features['snippets']       = false if Settings.gitlab.default_projects_features['snippets'].nil?
248
Settings.gitlab.default_projects_features['builds']         = true if Settings.gitlab.default_projects_features['builds'].nil?
249
Settings.gitlab.default_projects_features['visibility_level']    = Settings.send(:verify_constant, Gitlab::VisibilityLevel, Settings.gitlab.default_projects_features['visibility_level'], Gitlab::VisibilityLevel::PRIVATE)
250
Settings.gitlab['repository_downloads_path'] = File.join(Settings.shared['path'], 'cache/archive') if Settings.gitlab['repository_downloads_path'].nil?
251
Settings.gitlab['restricted_signup_domains'] ||= []
Jared Szechy's avatar
Jared Szechy committed
252
Settings.gitlab['import_sources'] ||= ['github','bitbucket','gitlab','gitorious','google_code','fogbugz','git']
253

Valery Sizov's avatar
Valery Sizov committed
254

255 256 257 258 259
#
# Elasticseacrh
#
Settings['elasticsearch'] ||= Settingslogic.new({})
Settings.elasticsearch['enabled'] = false if Settings.elasticsearch['enabled'].nil?
Valery Sizov's avatar
Valery Sizov committed
260 261
Settings.elasticsearch['host'] ||=  ENV['ELASTIC_HOST'] || "localhost"
Settings.elasticsearch['port'] ||= ENV['ELASTIC_PORT'] || 9200
262

Valery Sizov's avatar
Valery Sizov committed
263 264 265 266
#
# CI
#
Settings['gitlab_ci'] ||= Settingslogic.new({})
267 268 269 270 271
Settings.gitlab_ci['shared_runners_enabled'] = true if Settings.gitlab_ci['shared_runners_enabled'].nil?
Settings.gitlab_ci['all_broken_builds']     = true if Settings.gitlab_ci['all_broken_builds'].nil?
Settings.gitlab_ci['add_pusher']            = false if Settings.gitlab_ci['add_pusher'].nil?
Settings.gitlab_ci['url']                   ||= Settings.send(:build_gitlab_ci_url)
Settings.gitlab_ci['builds_path']           = File.expand_path(Settings.gitlab_ci['builds_path'] || "builds/", Rails.root)
Valery Sizov's avatar
Valery Sizov committed
272

Douwe Maan's avatar
Douwe Maan committed
273 274 275
#
# Reply by email
#
276
Settings['incoming_email'] ||= Settingslogic.new({})
277
Settings.incoming_email['enabled'] = false if Settings.incoming_email['enabled'].nil?
278

Kamil Trzcinski's avatar
Kamil Trzcinski committed
279 280 281 282 283 284 285 286
#
# Build Artifacts
#
Settings['artifacts'] ||= Settingslogic.new({})
Settings.artifacts['enabled']      = true if Settings.artifacts['enabled'].nil?
Settings.artifacts['path']         = File.expand_path(Settings.artifacts['path'] || File.join(Settings.shared['path'], "artifacts"), Rails.root)
Settings.artifacts['max_size']    ||= 100 # in megabytes

287
#
Kamil Trzcinski's avatar
Kamil Trzcinski committed
288
# Pages
289
#
Kamil Trzcinski's avatar
Kamil Trzcinski committed
290 291
Settings['pages'] ||= Settingslogic.new({})
Settings.pages['enabled']         = false if Settings.pages['enabled'].nil?
292
Settings.pages['path']            = File.expand_path(Settings.pages['path'] || File.join(Settings.shared['path'], "pages"), Rails.root)
293
Settings.pages['host']            ||= "example.com"
294 295 296 297
Settings.pages['https']           = false if Settings.pages['https'].nil?
Settings.pages['port']            ||= Settings.pages.https ? 443 : 80
Settings.pages['protocol']        ||= Settings.pages.https ? "https" : "http"
Settings.pages['url']             ||= Settings.send(:build_pages_url)
298 299
Settings.pages['external_http']   ||= false if Settings.pages['external_http'].nil?
Settings.pages['external_https']  ||= false if Settings.pages['external_https'].nil?
Kamil Trzcinski's avatar
Kamil Trzcinski committed
300

Marin Jankovski's avatar
Marin Jankovski committed
301 302 303 304
#
# Git LFS
#
Settings['lfs'] ||= Settingslogic.new({})
Marin Jankovski's avatar
Marin Jankovski committed
305
Settings.lfs['enabled']      = true if Settings.lfs['enabled'].nil?
Marin Jankovski's avatar
Marin Jankovski committed
306 307
Settings.lfs['storage_path'] = File.expand_path(Settings.lfs['storage_path'] || File.join(Settings.shared['path'], "lfs-objects"), Rails.root)

308 309 310
#
# Gravatar
#
311
Settings['gravatar'] ||= Settingslogic.new({})
312
Settings.gravatar['enabled']      = true if Settings.gravatar['enabled'].nil?
313 314
Settings.gravatar['plain_url']  ||= 'http://www.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon'
Settings.gravatar['ssl_url']    ||= 'https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon'
315
Settings.gravatar['host']         = Settings.host_without_www(Settings.gravatar['plain_url'])
316

317 318 319 320 321 322
#
# Cron Jobs
#
Settings['cron_jobs'] ||= Settingslogic.new({})
Settings.cron_jobs['stuck_ci_builds_worker'] ||= Settingslogic.new({})
Settings.cron_jobs['stuck_ci_builds_worker']['cron'] ||= '0 0 * * *'
323
Settings.cron_jobs['stuck_ci_builds_worker']['job_class'] = 'StuckCiBuildsWorker'
324 325
Settings.cron_jobs['historical_data_worker'] ||= Settingslogic.new({})
Settings.cron_jobs['historical_data_worker']['cron'] ||= '0 12 * * *'
326
Settings.cron_jobs['historical_data_worker']['job_class'] = 'HistoricalDataWorker'
327 328
Settings.cron_jobs['update_all_mirrors_worker'] ||= Settingslogic.new({})
Settings.cron_jobs['update_all_mirrors_worker']['cron'] ||= '0 * * * *'
329
Settings.cron_jobs['update_all_mirrors_worker']['job_class'] = 'UpdateAllMirrorsWorker'
330 331
Settings.cron_jobs['ldap_sync_worker'] ||= Settingslogic.new({})
Settings.cron_jobs['ldap_sync_worker']['cron'] ||= '30 1 * * *'
332
Settings.cron_jobs['ldap_sync_worker']['job_class'] = 'LdapSyncWorker'
333 334 335
Settings.cron_jobs['geo_bulk_notify_worker'] ||= Settingslogic.new({})
Settings.cron_jobs['geo_bulk_notify_worker']['cron'] ||= '*/10 * * * * *'
Settings.cron_jobs['geo_bulk_notify_worker']['job_class'] ||= 'GeoBulkNotifyWorker'
336

337 338 339 340
#
# GitLab Shell
#
Settings['gitlab_shell'] ||= Settingslogic.new({})
341
Settings.gitlab_shell['path']         ||= Settings.gitlab['user_home'] + '/gitlab-shell/'
342
Settings.gitlab_shell['hooks_path']   ||= Settings.gitlab['user_home'] + '/gitlab-shell/hooks/'
343
Settings.gitlab_shell['secret_file'] ||= Rails.root.join('.gitlab_shell_secret')
344 345
Settings.gitlab_shell['receive_pack']   = true if Settings.gitlab_shell['receive_pack'].nil?
Settings.gitlab_shell['upload_pack']    = true if Settings.gitlab_shell['upload_pack'].nil?
346
Settings.gitlab_shell['repos_path']   ||= Settings.gitlab['user_home'] + '/repositories/'
347
Settings.gitlab_shell['ssh_host']     ||= Settings.gitlab.ssh_host
348 349 350 351
Settings.gitlab_shell['ssh_port']     ||= 22
Settings.gitlab_shell['ssh_user']     ||= Settings.gitlab.user
Settings.gitlab_shell['owner_group']  ||= Settings.gitlab.user
Settings.gitlab_shell['ssh_path_prefix'] ||= Settings.send(:build_gitlab_shell_ssh_path_prefix)
352
Settings.gitlab_shell['git_annex_enabled'] ||= false
353

354 355 356
#
# Backup
#
357
Settings['backup'] ||= Settingslogic.new({})
358
Settings.backup['keep_time']  ||= 0
359
Settings.backup['pg_schema']    = nil
360
Settings.backup['path']         = File.expand_path(Settings.backup['path'] || "tmp/backups/", Rails.root)
361
Settings.backup['archive_permissions']          ||= 0600
362
Settings.backup['upload'] ||= Settingslogic.new({ 'remote_directory' => nil, 'connection' => nil })
363 364 365 366
# Convert upload connection settings to use symbol keys, to make Fog happy
if Settings.backup['upload']['connection']
  Settings.backup['upload']['connection'] = Hash[Settings.backup['upload']['connection'].map { |k, v| [k.to_sym, v] }]
end
367
Settings.backup['upload']['multipart_chunk_size'] ||= 104857600
368
Settings.backup['upload']['encryption'] ||= nil
369

370 371 372
#
# Git
#
373
Settings['git'] ||= Settingslogic.new({})
374
Settings.git['max_size']  ||= 20971520 # 20.megabytes
375
Settings.git['bin_path']  ||= '/usr/bin/git'
376
Settings.git['timeout']   ||= 10
377

378 379 380
# Important: keep the satellites.path setting until GitLab 9.0 at
# least. This setting is fed to 'rm -rf' in
# db/migrate/20151023144219_remove_satellites.rb
381
Settings['satellites'] ||= Settingslogic.new({})
Riyad Preukschas's avatar
Riyad Preukschas committed
382
Settings.satellites['path'] = File.expand_path(Settings.satellites['path'] || "tmp/repo_satellites/", Rails.root)
383 384


385 386 387 388 389 390 391
#
# Kerberos
#
Settings['kerberos'] ||= Settingslogic.new({})
Settings.kerberos['enabled'] = false if Settings.kerberos['enabled'].nil?
Settings.kerberos['keytab'] = nil if Settings.kerberos['keytab'].blank? #nil means use default keytab
Settings.kerberos['service_principal_name'] = nil if Settings.kerberos['service_principal_name'].blank? #nil means any SPN in keytab
392
Settings.kerberos['use_dedicated_port'] = false if Settings.kerberos['use_dedicated_port'].nil?
393 394 395
Settings.kerberos['https'] = Settings.gitlab.https if Settings.kerberos['https'].nil?
Settings.kerberos['port'] ||= Settings.kerberos.https ? 8443 : 8088

396 397 398 399
#
# Extra customization
#
Settings['extra'] ||= Settingslogic.new({})
400

401 402 403 404 405
#
# Rack::Attack settings
#
Settings['rack_attack'] ||= Settingslogic.new({})
Settings.rack_attack['git_basic_auth'] ||= Settingslogic.new({})
406
Settings.rack_attack.git_basic_auth['enabled'] = true if Settings.rack_attack.git_basic_auth['enabled'].nil?
407
Settings.rack_attack.git_basic_auth['ip_whitelist'] ||= %w{127.0.0.1}
408 409 410 411
Settings.rack_attack.git_basic_auth['maxretry'] ||= 10
Settings.rack_attack.git_basic_auth['findtime'] ||= 1.minute
Settings.rack_attack.git_basic_auth['bantime'] ||= 1.hour

412 413 414 415 416
#
# Testing settings
#
if Rails.env.test?
  Settings.gitlab['default_projects_limit']   = 42
417
  Settings.gitlab['default_can_create_group'] = true
418 419
  Settings.gitlab['default_can_create_team']  = false
end
420 421

# Force a refresh of application settings at startup
422 423 424 425 426 427 428
begin
  ApplicationSetting.expire
  Ci::ApplicationSetting.expire
rescue
  # Gracefully handle when Redis is not available. For example,
  # omnibus may fail here during assets:precompile.
end