From 13249a0407d0f53b019b743ea0cb53cd4c81e686 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Beno=C3=AEt=20S=C3=89RIE?= Date: Thu, 18 May 2017 10:11:09 +0200 Subject: [PATCH] gitlab_install9.sh --- gitlab_install9.sh | 119 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 119 insertions(+) create mode 100755 gitlab_install9.sh diff --git a/gitlab_install9.sh b/gitlab_install9.sh new file mode 100755 index 0000000..cd4a8a7 --- /dev/null +++ b/gitlab_install9.sh @@ -0,0 +1,119 @@ +#!/bin/bash +set -euo pipefail +IFS=$'\n\t' + +# bash gitlab_install.sh gitlab-nominstance nominstance.gitlab.example.com admin@example.com PASSWORD +gitlabUser="$1" +gitlabVersion="9-1-stable" +host="$2" +psqlPass="$(apg -m21 -n1)" +GITLAB_ROOT_EMAIL="$3" +GITLAB_ROOT_PASSWORD="$4" + +# TODO: Check args, and creates usage() +# TODO: Splits parts with functions like database(), redis(), gitlabShell(), ... + +cd /tmp +adduser --disabled-login --gecos "GitLab instance $gitlabUser" $gitlabUser +echo "CREATE ROLE \"${gitlabUser}\" WITH ENCRYPTED PASSWORD '$psqlPass' CREATEDB LOGIN;" \ + | sudo -u postgres psql +sudo -u postgres createdb -O $gitlabUser -E UNICODE $gitlabUser + +cat < /etc/redis/${gitlabUser}.conf +daemonize yes +pidfile /var/run/redis/${gitlabUser}.pid +port 0 +unixsocket /var/run/redis/${gitlabUser}.sock +unixsocketperm 770 +timeout 0 +loglevel notice +logfile /var/log/redis/${gitlabUser}.log +databases 16 +save 900 1 +save 300 10 +save 60 10000 +stop-writes-on-bgsave-error yes +rdbcompression yes +rdbchecksum yes +dbfilename ${gitlabUser}.rdb +dir /var/lib/redis +EOT +chmod 644 /etc/redis/${gitlabUser}.conf +systemctl enable redis@${gitlabUser} +systemctl start redis@${gitlabUser} +# TODO: umask is only setted with sudo -i with .profile... +# *BUT* sudo -i set $HOME, and we do not want. +# *AND* sudo -u do not set umask... +# *SO* NO UMASK ATM! +echo "umask 002" >> /home/${gitlabUser}/.profile +echo "umask 002" >> /home/${gitlabUser}/.bashrc +cd /home/${gitlabUser} +sudo -u $gitlabUser git clone https://gitlab.com/gitlab-org/gitlab-ce.git -b $gitlabVersion gitlab +cd gitlab +sudo -u $gitlabUser cp config/gitlab.yml.example config/gitlab.yml +sudo -u $gitlabUser sed -i -e "s@/home/git@/home/${gitlabUser}@g" \ + -e "s@host: localhost@host: ${host}@" \ + -e "s@port: 80@port: 443@" \ + -e "s@https: false@https: true@" \ + -e "s@# user: git@user: ${gitlabUser}@" \ + -e "s@# time_zone: 'UTC'@time_zone: Europe/Paris@" \ + -e "s/email_from: example@example.com/email_from: gitlab@${host}/" \ + -e "s/email_reply_to: noreply@example.com/email_reply_to: gitlab@${host}/" \ + config/gitlab.yml +sudo -u $gitlabUser cp config/secrets.yml.example config/secrets.yml +sudo -u $gitlabUser sed -i "s@# db_key_base:@db_key_base: $(apg -m30 -n1)@" config/secrets.yml +sudo -u $gitlabUser chmod 600 config/secrets.yml +cp config/secrets.yml /root/${gitlabUser}.secrets.yml +sudo -u $gitlabUser cp config/database.yml.postgresql config/database.yml +sudo -u $gitlabUser sed -i -e "s/database: gitlabhq_production/database: ${gitlabUser}/" \ + -e "s/# username: git/username: ${gitlabUser}/" \ + -e "s/# password:/password: ${psqlPass}/" config/database.yml +sudo -u $gitlabUser chmod o-rwx config/database.yml +sudo -u $gitlabUser chmod 750 /home/${gitlabUser} +sudo -u $gitlabUser chmod -R u+rwX,go-w log/ +sudo -u $gitlabUser chmod -R u+rwX {tmp/,tmp/pids/,builds,shared/artifacts/} +sudo -u $gitlabUser chmod -R u+rwX,g+rwX tmp/sockets/ +sudo -u $gitlabUser install -d -m 700 public/uploads/ +sudo -u $gitlabUser cp config/unicorn.rb.example config/unicorn.rb +sudo -u $gitlabUser sed -i \ + -e "s@/home/git@/home/${gitlabUser}@g" \ + -e 's/listen "127.0.0.1:8080", :tcp_nopush => true/#listen "127.0.0.1:8080", :tcp_nopush => true/' \ + config/unicorn.rb +sudo -u $gitlabUser cp config/initializers/rack_attack.rb.example config/initializers/rack_attack.rb +sudo -u $gitlabUser git config --global core.autocrlf input +sudo -u $gitlabUser git config --global gc.auto 0 +sudo -u $gitlabUser git config --global repack.writeBitmaps true +sudo -u $gitlabUser cp config/resque.yml.example config/resque.yml +sudo -u $gitlabUser sed -i "s/redis.sock/${gitlabUser}.sock/" config/resque.yml +sudo -u $gitlabUser bundle install -j$(nproc) --deployment --without development test mysql aws kerberos +sudo -u $gitlabUser bundle exec rake gitlab:shell:install REDIS_URL=unix:/var/run/redis/${gitlabUser}.sock RAILS_ENV=production SKIP_STORAGE_VALIDATION=true +sudo -u $gitlabUser chmod -R ug+rwX,o-rwx /home/${gitlabUser}/repositories/ +sudo -u $gitlabUser chmod -R ug-s /home/${gitlabUser}/repositories/ +sudo -u $gitlabUser chmod g+s /home/${gitlabUser}/repositories/ +sudo -u $gitlabUser bundle exec rake "gitlab:workhorse:install[/home/${gitlabUser}/gitlab-workhorse]" RAILS_ENV=production +sudo -u $gitlabUser bundle exec rake gitlab:setup RAILS_ENV=production GITLAB_ROOT_PASSWORD="$GITLAB_ROOT_PASSWORD" GITLAB_ROOT_EMAIL="$GITLAB_ROOT_EMAIL" +sudo -u $gitlabUser sed -i -e "s/app_user=\"git\"/app_user=\"${gitlabUser}\"/" \ + -e "s/# Provides: .*gitlab/# Provides: ${gitlabUser}/" \ + lib/support/init.d/gitlab +sudo -u $gitlabUser sed -i "s@script_path = \"/etc/init.d/gitlab\"@script_path = \"/etc/init.d/${gitlabUser}\"@g" lib/tasks/gitlab/check.rake +sudo -u $gitlabUser git commit -a -m 'change default user' +install -m 755 /home/${gitlabUser}/gitlab/lib/support/init.d/gitlab /etc/init.d/${gitlabUser} +systemctl enable ${gitlabUser} +install -m 644 /home/${gitlabUser}/gitlab/lib/support/logrotate/gitlab /etc/logrotate.d/${gitlabUser} +sed -i "s@/home/git@/home/${gitlabUser}@g" /etc/logrotate.d/${gitlabUser} +adduser www-data $gitlabUser +chmod -R g+rwX /home/${gitlabUser}/gitlab/tmp/{pids,sockets} +install -m 644 /home/${gitlabUser}/gitlab/lib/support/nginx/gitlab-ssl /etc/nginx/sites-available/${gitlabUser} +sed -i -e "s@/home/git@/home/${gitlabUser}@g" \ + -e "s/YOUR_SERVER_FQDN/${host}/g" \ + -e "s@/var/log/nginx/gitlab@/var/log/nginx/${gitlabUser}@g" \ + -e "s/upstream gitlab-workhorse/upstream ${gitlabUser}-workhorse/" \ + -e "s@http://gitlab-workhorse@http://${gitlabUser}-workhorse@" \ + /etc/nginx/sites-available/${gitlabUser} +ln -s /etc/nginx/sites-available/${gitlabUser} /etc/nginx/sites-enabled/ +echo "Do the SSL part!" +#systemctl nginx restart +sudo -u $gitlabUser yarn install --production --pure-lockfile +sudo -u $gitlabUser bundle exec rake gitlab:assets:compile RAILS_ENV=production NODE_ENV=production +/etc/init.d/${gitlabUser} start +sudo -u $gitlabUser bundle exec rake gitlab:check RAILS_ENV=production