Commit 8373d50a authored by Carlo Landmeter's avatar Carlo Landmeter
Browse files

make use of env settings instead of secrets

parent 87bd9425
......@@ -13,18 +13,14 @@ Alpine Linux based docker image and tools for Gitlab.
## Setup
To get Gitlab up and running you need to first generate 3 secrets in the secrets
directory.
To get Gitlab up and running you need to first generate 2 secrets and provide
then as environment variables. Most suitable is via [.env](https://docs.docker.com/compose/env-file/)
file in alongside your docker-compose file. Mandatory variables are:
- PostgreSQL admin (pg_admin)
- PostgreSQL user (pg_user)
- Gitlab root user (root_pass)
Generate secrets used by gitlab and related services
```bash
sudo /contrib/mksecrets.sh
```
- GITLAB_HOSTNAME
- GITLAB_ROOT_PASSWORD
- POSTGRES_PASSWORD
- POSTGRES_USER
After which you need to create and bring up the containers
......@@ -40,14 +36,30 @@ Visit your Gitlab instance at http://dockerhost
## Configuration
The default configuration is very limited. To make changes:
The default configuration is very limited. The custom configuration is stored
in `/etc/gitlab` in the container and will be copied to the config directory
inside `/home/git/gitlab/config`. Any new configuration added will be
automatically copied to the container. Any existing configuration will not
be overwritten.
Location of the configuration on the host depends on the volume settings. the
default locations is:
```bash
cd /srv/docker/compose/gitlab/config
cd /srv/docker/gitlab/config
```
Modify a configuration file and restart the containers.
P.S. every restart the container will copy sample configs to the config
directory overwriting other sample configs if they already exist.
## Additional functions
The entrypoint command has some additional function. To show them run:
```bash```
docker-compose exec gitlab entrypoint.sh help
### Backups
To exclude some items from the backup you can use `$GITLAB_BACKUP_SKIP` see:
https://docs.gitlab.com/ee/raketasks/backup_restore.html
#!/bin/sh
set -eu
SECRETS_DIR=/srv/docker/compose/gitlab/secrets
mkdir -p "$SECRETS_DIR"
for sname in pg_admin pg_user root_pass; do
[ -f "$SECRETS_DIR"/$sname.txt ] && continue
echo "Generating $SECRETS_DIR/$sname.txt"
head /dev/urandom | LC_CTYPE=C tr -dc A-Za-z0-9 | head -c 16 > \
"$SECRETS_DIR"/$sname.txt
done
......@@ -3,47 +3,40 @@ services:
gitlab:
image: alpinelinux/alpine-docker-gitlab
build: gitlab
container_name: gitlab-alpine
hostname: ${GITLAB_HOSTNAME}
restart: always
volumes:
- /srv/docker/compose/gitlab/repositories:/home/git/repositories
- /srv/docker/compose/gitlab/config:/etc/gitlab
- /srv/docker/compose/gitlab/log:/var/log
- /srv/docker/compose/gitlab/builds:/home/git/gitlab/builds
- /srv/docker/compose/gitlab/shared:/home/git/gitlab/shared
- /srv/docker/compose/gitlab/uploads:/home/git/gitlab/public/uploads
- /srv/docker/compose/gitlab/plugins:/home/git/gitlab/plugins
secrets:
- pg_user
- pg_admin
- root_pass
- /srv/docker/gitlab/repositories:/home/git/repositories
- /srv/docker/gitlab/config:/etc/gitlab
- /srv/docker/gitlab/log:/var/log
- /srv/docker/gitlab/builds:/home/git/gitlab/builds
- /srv/docker/gitlab/shared:/home/git/gitlab/shared
- /srv/docker/gitlab/uploads:/home/git/gitlab/public/uploads
- /srv/docker/gitlab/plugins:/home/git/gitlab/plugins
ports:
- "22"
- "80"
- "2222:22"
- "8080:80"
depends_on:
- postgres
- redis
environment:
# https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests/1707
- RUBYOPT=--disable-gems
- POSTGRES_USER
- POSTGRES_PASSWORD
- GITLAB_ROOT_PASSWORD
- GITLAB_BACKUP_SKIP
- GITLAB_USE_PUMA
postgres:
image: postgres:alpine
container_name: gitlab-postgres
image: postgres:11-alpine
restart: always
volumes:
- /srv/docker/compose/gitlab/postgres:/var/lib/postgresql/data
secrets:
- pg_admin
- /srv/docker/gitlab/postgres:/var/lib/postgresql/data
environment:
- POSTGRES_PASSWORD_FILE=/run/secrets/pg_admin
- POSTGRES_USER
- POSTGRES_PASSWORD
redis:
image: redis:alpine
container_name: gitlab-redis
image: redis:5-alpine
restart: always
volumes:
- /srv/docker/compose/gitlab/redis:/data
- /srv/docker/gitlab/redis:/data
entrypoint: redis-server --appendonly yes
secrets:
pg_admin:
file: /srv/docker/compose/gitlab/secrets/pg_admin.txt
pg_user:
file: /srv/docker/compose/gitlab/secrets/pg_user.txt
root_pass:
file: /srv/docker/compose/gitlab/secrets/root_pass.txt
......@@ -2,6 +2,10 @@
set -eu
# https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests/1707
export RUBYOPT="${RUBYOPT:---disable-gems}"
export RAILS_ENV="${RAILS_ENV:-production}"
# base config files found in gitlab/config dir
BASECONF="
gitlab/gitlab.yml.example
......@@ -15,21 +19,12 @@ BASECONF="
"
create_db() {
local pg_user="$(cat /run/secrets/pg_user 2>/dev/null)"
export PGPASSWORD=$(cat /run/secrets/pg_admin 2>/dev/null)
export PGPASSWORD=$POSTGRES_PASSWORD
echo "Connecting to postgres.."
while ! pg_isready -qh postgres; do sleep 1; done
echo "Connection succesful, creating database.."
if psql -lqt -h postgres -U postgres -d template1 | cut -d \| -f 1 | grep -qw gitlabhq_production; then
echo "Database exists already."
else
psql -h postgres -U postgres -d template1 \
-c "CREATE USER gitlab WITH CREATEDB ENCRYPTED PASSWORD '$pg_user';"
psql -h postgres -U postgres -d template1 \
-c "CREATE EXTENSION IF NOT EXISTS pg_trgm;"
psql -h postgres -U postgres -d template1 \
-c "CREATE DATABASE gitlabhq_production OWNER gitlab;"
fi
echo "Connection succesful"
psql -h postgres -U $POSTGRES_USER -d $POSTGRES_USER \
-c "CREATE EXTENSION IF NOT EXISTS pg_trgm;"
}
# install config if not yet exist
......@@ -64,7 +59,7 @@ link_config() {
enable_services() {
local web=unicorn
case ${USE_PUMA:-false} in
case ${GITLAB_USE_PUMA:-false} in
[Yy]|[Tt][Rr][Uu][Ee]|[Yy][Ee][Ss]|1) web=puma;;
esac
rm -rf /run/s6 && mkdir -p /run/s6
......@@ -88,20 +83,19 @@ rebuild_conf() {
echo "Rebuild gitlab-shell configuration files.."
cd /home/git/gitlab
force=yes su-exec git \
bundle exec rake gitlab:shell:setup RAILS_ENV=production
bundle exec rake gitlab:shell:setup
fi
}
postgres_conf() {
local pg_user="$(cat /run/secrets/pg_user 2>/dev/null)"
cat <<- EOF > /etc/gitlab/gitlab/database.yml
production:
adapter: postgresql
encoding: unicode
database: gitlabhq_production
database: $POSTGRES_USER
pool: 10
username: gitlab
password: "$pg_user"
username: $POSTGRES_USER
password: "$POSTGRES_PASSWORD"
host: postgres
EOF
}
......@@ -119,11 +113,9 @@ setup_ssh() {
}
setup_gitlab() {
local root_pass="$(cat /run/secrets/root_pass 2>/dev/null)"
echo "Setting up gitlab..."
cd /home/git/gitlab
su-exec git bundle exec rake gitlab:setup RAILS_ENV=production force=yes \
GITLAB_ROOT_PASSWORD="$root_pass"
su-exec git bundle exec rake gitlab:setup force=yes
}
prepare_dirs() {
......@@ -152,7 +144,7 @@ prepare_dirs() {
verify() {
echo "Verifying gitlab installation..."
cd /home/git/gitlab
su-exec git bundle exec rake gitlab:env:info RAILS_ENV=production
su-exec git bundle exec rake gitlab:env:info
}
setup() {
......@@ -170,11 +162,11 @@ setup() {
upgrade() {
cd /home/git/gitlab
echo "Migrating database.."
su-exec git bundle exec rake db:migrate RAILS_ENV=production
su-exec git bundle exec rake db:migrate
echo "Clearing caches.."
su-exec git bundle exec rake cache:clear RAILS_ENV=production
su-exec git bundle exec rake cache:clear
echo "Checking gitlab install.."
su-exec git bundle exec rake gitlab:check RAILS_ENV=production
su-exec git bundle exec rake gitlab:check
}
upgrade_check() {
......@@ -188,7 +180,7 @@ upgrade_check() {
backup() {
cd /home/git/gitlab
echo "Creating GitLab backup.."
su-exec git bundle exec rake gitlab:backup:create RAILS_ENV=production
su-exec git bundle exec rake gitlab:backup:create SKIP=$GITLAB_BACKUP_SKIP
}
logrotate() {
......@@ -225,11 +217,11 @@ usage() {
verify verify Gitlab installation
logrotate rotate logfiles
shell enter interactive shell
usage this help message
help this help message
EOF
}
case "${1:-usage}" in
case "${1:-help}" in
start) start ;;
setup) setup ;;
upgrade) upgrade ;;
......@@ -237,7 +229,7 @@ case "${1:-usage}" in
verify) verify ;;
logrotate) logrotate ;;
shell) /bin/sh ;;
usage) usage ;;
help) usage ;;
*) echo "Command \"$1\" is unknown."
usage
exit 1 ;;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment