# # Copyright:: Copyright (c) 2015 GitLab Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # account_helper = AccountHelper.new(node) redis_helper = RedisHelper::GitlabWorkhorse.new(node) workhorse_helper = GitlabWorkhorseHelper.new(node) logfiles_helper = LogfilesHelper.new(node) logging_settings = logfiles_helper.logging_settings('gitlab-workhorse') working_dir = node['gitlab']['gitlab_workhorse']['dir'] gitlab_workhorse_static_etc_dir = "/opt/gitlab/etc/gitlab-workhorse" workhorse_env_dir = node['gitlab']['gitlab_workhorse']['env_directory'] gitlab_workhorse_socket_dir = node['gitlab']['gitlab_workhorse']['sockets_directory'] directory working_dir do owner account_helper.gitlab_user group account_helper.web_server_group mode '0750' recursive true end if workhorse_helper.unix_socket? && !gitlab_workhorse_socket_dir.nil? directory gitlab_workhorse_socket_dir do owner account_helper.gitlab_user group account_helper.web_server_group mode '0750' notifies :restart, "runit_service[gitlab-workhorse]" recursive true end end # Create log_directory directory logging_settings[:log_directory] do owner logging_settings[:log_directory_owner] mode logging_settings[:log_directory_mode] if log_group = logging_settings[:log_directory_group] group log_group end recursive true end directory gitlab_workhorse_static_etc_dir do owner account_helper.gitlab_user mode '0700' recursive true end env_dir workhorse_env_dir do variables node['gitlab']['gitlab_workhorse']['env'] notifies :restart, "runit_service[gitlab-workhorse]" end runit_service 'gitlab-workhorse' do start_down node['gitlab']['gitlab_workhorse']['ha'] options({ log_directory: logging_settings[:log_directory], log_user: logging_settings[:runit_owner], log_group: logging_settings[:runit_group], }.merge(params)) log_options logging_settings[:options] end consul_service node['gitlab']['gitlab_workhorse']['consul_service_name'] do id 'workhorse' action Prometheus.service_discovery_action socket_address node['gitlab']['gitlab_workhorse']['prometheus_listen_addr'] reload_service false unless Services.enabled?('consul') end version_file 'Create version file for Workhorse' do version_file_path File.join(working_dir, 'VERSION') version_check_cmd '/opt/gitlab/embedded/bin/gitlab-workhorse --version' notifies :restart, "runit_service[gitlab-workhorse]" end alt_document_root = node['gitlab']['gitlab_workhorse']['alt_document_root'] shutdown_timeout = node['gitlab']['gitlab_workhorse']['shutdown_timeout'] workhorse_keywatcher = node['gitlab']['gitlab_workhorse']['workhorse_keywatcher'] redis_params = redis_helper.redis_params config_file_path = File.join(working_dir, "config.toml") image_scaler_max_procs = node['gitlab']['gitlab_workhorse']['image_scaler_max_procs'] image_scaler_max_filesize = node['gitlab']['gitlab_workhorse']['image_scaler_max_filesize'] trusted_cidrs_for_propagation = node['gitlab']['gitlab_workhorse']['trusted_cidrs_for_propagation'] trusted_cidrs_for_x_forwarded_for = node['gitlab']['gitlab_workhorse']['trusted_cidrs_for_x_forwarded_for'] extra_config_command = node['gitlab']['gitlab_workhorse']['extra_config_command'] metadata_zip_reader_limit_bytes = node['gitlab']['gitlab_workhorse']['metadata_zip_reader_limit_bytes'] template config_file_path do source "workhorse-config.toml.erb" owner "root" group account_helper.gitlab_group mode "0640" variables( alt_document_root: alt_document_root, workhorse_keywatcher: workhorse_keywatcher, redis_url: redis_params[:url], password: redis_params[:password], sentinels: redis_params[:sentinels], sentinel_master: redis_params[:sentinelMaster], sentinel_password: redis_params[:sentinelPassword], shutdown_timeout: shutdown_timeout, image_scaler_max_procs: image_scaler_max_procs, image_scaler_max_filesize: image_scaler_max_filesize, trusted_cidrs_for_propagation: trusted_cidrs_for_propagation, trusted_cidrs_for_x_forwarded_for: trusted_cidrs_for_x_forwarded_for, object_store_toml: workhorse_helper.object_store_toml, extra_config_command: extra_config_command, metadata_zip_reader_limit_bytes: metadata_zip_reader_limit_bytes ) notifies :restart, "runit_service[gitlab-workhorse]" notifies :run, 'bash[Set proper security context on ssh files for selinux]', :delayed if SELinuxHelper.enabled? sensitive true end