Gitlab CB v6.4.0

* Bump gitlab-shell to v1.8.0 * Bump gitlab to 6.4.0 * Remove stale nginx config file * Default recipe changes - Update gitlab-shell config to point at /usr/local/bin/redis-cli - Fix permissions on .ssh/authorized_keys - Add rack_attack file - Add precompile assets execute - Add logrotate dependency and configuration
atomic-penguin · Jan 15, 2014 · 7b8e1a2 · 7b8e1a2
1 parent eeea38c
commit 7b8e1a2
Show file tree

Hide file tree

Showing 9 changed files with 179 additions and 79 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,15 @@
+## v6.4.0
+
+  * Bump gitlab-shell to v1.8.0
+  * Bump gitlab to 6.4.0
+  * Remove stale nginx config file
+  * Default recipe changes
+    - Update gitlab-shell config to point at /usr/local/bin/redis-cli
+    - Fix permissions on .ssh/authorized_keys
+    - Add rack_attack file
+    - Add precompile assets execute
+    - Add logrotate dependency and configuration 
+
 ## v6.1.21
 
   * Add node['database']['userhost'] attribute, fixes #57

diff --git a/README.md b/README.md
@@ -43,19 +43,20 @@ in accordance with the [Filesystem Hierarchy Standard (FHS) version 2.3](http://
   - Thanks to Fletcher Nichol for his awesome ruby\_build cookbook.
     This ruby\_build LWRP is used to build Ruby 1.9.3 for gitlab.
 
-* [redisio](http://ckbk.it/redisio)
+* [redisio](http://community.opscode.com/cookbooks/redisio)
   - Thanks to Brian Bianco for this Redis cookbook.
 
 * Opscode, Inc cookbooks
-  - [git](http://ckbk.it/git)
-  - [build-essential](http://ckbk.it/build-essential)
-  - [sudo](http://ckbk.it/sudo)
-  - [nginx](http://ckbk.it/nginx)
-  - [openssh](http://ckbk.it/openssh)
-  - [perl](http://ckbk.it/perl)
-  - [xml](http://ckbk.it/xml)
-  - [zlib](http://ckbk.it/zlib)
-  - [database](http://ckbk.it/database)
+  - [git](http://community.opscode.com/cookbooks/git)
+  - [build-essential](http://community.opscode.com/cookbooks/build-essential)
+  - [sudo](http://community.opscode.com/cookbooks/sudo)
+  - [nginx](http://community.opscode.com/cookbooks/nginx)
+  - [logrotate](http://community.opscode.com/cookbooks/logrotate)
+  - [openssh](http://community.opscode.com/cookbooks/openssh)
+  - [perl](http://community.opscode.com/cookbooks/perl)
+  - [xml](http://community.opscode.com/cookbooks/xml)
+  - [zlib](http://community.opscode.com/cookbooks/zlib)
+  - [database](http://community.opscode.com/cookbooks/database)
 
 
 Attributes
@@ -102,7 +103,7 @@ Attributes
 
 * `gitlab['certificate_databag_id']`
   - Encrypted databag name containing certificate file, CA bundle, and key. Default nil
-  - See [certificate cookbook](http://ckbk.it/certificate) for further information.
+  - See [certificate cookbook](http://community.opscode.com/cookbooks/certificate) for further information.
 
 * `gitlab['backup_path']`
   - Path in file system where backups are stored. Default `gitlab['app_home'] + backups/`

diff --git a/attributes/default.rb b/attributes/default.rb
@@ -30,12 +30,12 @@
 
 # Set github URL for gitlab
 default['gitlab']['git_url'] = 'git://github.com/gitlabhq/gitlabhq.git'
-default['gitlab']['git_branch'] = '6-1-stable'
+default['gitlab']['git_branch'] = '6-4-stable'
 
 # gitlab-shell attributes
 default['gitlab']['shell']['home'] = node['gitlab']['home'] + '/gitlab-shell'
 default['gitlab']['shell']['git_url'] = 'git://github.com/gitlabhq/gitlab-shell.git'
-default['gitlab']['shell']['git_branch'] = 'v1.7.1'
+default['gitlab']['shell']['git_branch'] = 'v1.8.0'
 
 # Database setup
 default['gitlab']['database']['type'] = 'mysql'
@@ -47,11 +47,14 @@
 default['gitlab']['database']['username'] = 'gitlab'
 default['gitlab']['database']['userhost'] = 'localhost'
 
+# Ruby setup
+include_attribute 'ruby_build'
+default['ruby_build']['upgrade'] = 'sync'
 default['gitlab']['install_ruby'] = '1.9.3-p484'
 default['gitlab']['install_ruby_path'] = node['gitlab']['home']
 default['gitlab']['cookbook_dependencies'] = %w[
   build-essential zlib readline ncurses git openssh
-  redisio::install redisio::enable xml ruby_build
+  logrotate redisio::install redisio::enable xml ruby_build
 ]
 
 # Required packages for Gitlab

diff --git a/files/default/rack_attack.rb b/files/default/rack_attack.rb
@@ -0,0 +1,17 @@
+# 1. Rename this file to rack_attack.rb
+# 2. Review the paths_to_be_protected and add any other path you need protecting
+#
+
+paths_to_be_protected = [
+  "#{Rails.application.config.relative_url_root}/users/password",
+  "#{Rails.application.config.relative_url_root}/users/sign_in",
+  "#{Rails.application.config.relative_url_root}/api/#{API::API.version}/session.json",
+  "#{Rails.application.config.relative_url_root}/api/#{API::API.version}/session",
+  "#{Rails.application.config.relative_url_root}/users"
+]
+
+unless Rails.env.test?
+  Rack::Attack.throttle('protected paths', limit: 10, period: 60.seconds) do |req|
+    req.ip if paths_to_be_protected.include?(req.path) && req.post?
+  end
+end
diff --git a/files/default/rhel.nginx.default.conf b/files/default/rhel.nginx.default.conf
diff --git a/metadata.rb b/metadata.rb
@@ -4,10 +4,10 @@
 description      'Installs/Configures gitlab'
 long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
 name             'gitlab'
-version          '6.1.21'
+version          '6.4.0'
 
 %w[ build-essential zlib readline ncurses git openssh redisio xml
-    ruby_build certificate database mysql
+    ruby_build certificate database logrotate mysql nginx
     postgresql apt ].each do |cb_depend|
   depends cb_depend
 end

diff --git a/recipes/default.rb b/recipes/default.rb
@@ -45,11 +45,6 @@
   package pkg
 end
 
-# symlink redis-cli into /usr/bin (needed for gitlab hooks to work)
-link '/usr/bin/redis-cli' do
-  to '/usr/local/bin/redis-cli'
-end
-
 # Add a git user for Gitlab
 user node['gitlab']['user'] do
   comment 'Gitlab User'
@@ -72,6 +67,13 @@
   mode '0700'
 end
 
+file "#{node['gitlab']['home']}/.ssh/authorized_keys" do
+  owner node['gitlab']['user']
+  group node['gitlab']['group']
+  mode '0600'
+end
+
+# Drop off git config
 template "#{node['gitlab']['home']}/.gitconfig" do
   source 'gitconfig.erb'
   owner node['gitlab']['user']
@@ -185,6 +187,13 @@
   )
 end
 
+# Copy file rack_attack.rb
+cookbook_file "#{node['gitlab']['app_home']}/config/initializers/rack_attack.rb" do
+  owner node['gitlab']['user']
+  group node['gitlab']['group']
+  mode '0644'
+end
+
 # create log, tmp, pids and sockets directory
 %w{ log tmp tmp/pids tmp/sockets public/uploads }.each do |dir|
   directory File.join(node['gitlab']['app_home'], dir) do
@@ -196,6 +205,25 @@
   end
 end
 
+# Precompile assets
+execute 'gitlab-bundle-precompile-assets' do
+  command 'bundle exec rake assets:precompile RAILS_ENV=production'
+  cwd node['gitlab']['app_home']
+  user node['gitlab']['user']
+  group node['gitlab']['group']
+  environment('LANG' => 'en_US.UTF-8', 'LC_ALL' => 'en_US.UTF-8')
+  only_if { Dir["#{node['gitlab']['app_home']}/public/assets/*"].empty? }
+end
+
+# logrotate gitlab-shell and gitlab
+logrotate_app 'gitlab' do
+  frequency 'weekly'
+  path ["#{node['gitlab']['app_home']}/log/*.log",
+        "#{node['gitlab']['shell']['home']}/gitlab-shell.log"]
+  rotate 52
+  options %w[compress delaycompress notifempty copytruncate]
+end
+
 # create gitlab-satellites directory
 directory File.join(node['gitlab']['home'], 'gitlab-satellites') do
   user node['gitlab']['user']
@@ -296,17 +324,20 @@
   )
 end
 
+# Install nginx
 include_recipe 'nginx'
 
+# Enable gitlab site
 nginx_site 'gitlab' do
   enable true
 end
 
+# Disable default site
 nginx_site 'default' do
   enable false
 end
 
-# Enable and start unicorn_rails and nginx service
+# Enable and start unicorn and sidekiq service
 service 'gitlab' do
   action [:enable, :start]
 end