2024-09-03 18:36:35 +02:00 · 2021-07-01 17:29:53 +02:00 · 2021-07-01 17:29:53 +02:00 · 867e494162
commit 867e494162
parent 7e578de25f c0c5ce5834
8 changed files with 2982 additions and 134 deletions
--- a/README.md
+++ b/README.md
@ -17,7 +17,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in

 Git-repository manager providing wiki, issue-tracking and CI/CD pipeline features.

-**Shipped version:** 13.12.4~ynh1
+**Shipped version:** 14.0.0~ynh1

 **Demo:** https://gitlab.com/explore

--- a/README_fr.md
+++ b/README_fr.md
@ -13,7 +13,7 @@ Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour

 Gestionnaire de dépôts Git proposant des fonctionnalités de wiki, suivi de bugs et de pipeline CI/CD.

-**Version incluse :** 13.12.4~ynh1
+**Version incluse :** 14.0.0~ynh1

 **Démo :** https://gitlab.com/explore

--- a/conf/gitlab.13.rb
+++ b/conf/gitlab.13.rb
--- a/conf/gitlab.rb
+++ b/conf/gitlab.rb
@ -86,7 +86,7 @@ external_url '__GENERATED_EXTERNAL_URL__'

 ### Request duration
 ###! Tells the rails application how long it has to complete a request
-###! This value needs to be lower than the worker timeout set in unicorn/puma.
+###! This value needs to be lower than the worker timeout set in puma.
 ###! By default, we'll allow 95% of the the worker timeout
 # gitlab_rails['max_request_duration_seconds'] = 57

@ -204,7 +204,7 @@ external_url '__GENERATED_EXTERNAL_URL__'
 ### GraphQL Settings
 ###! Tells the rails application how long it has to complete a GraphQL request.
 ###! We suggest this value to be higher than the database timeout value
-###! and lower than the worker timeout set in unicorn/puma. (default: 30)
+###! and lower than the worker timeout set in puma. (default: 30)
 # gitlab_rails['graphql_timeout'] = 30

 ### Trusted proxies
@ -250,8 +250,6 @@ external_url '__GENERATED_EXTERNAL_URL__'
 ### Monitoring settings
 ###! IP whitelist controlling access to monitoring endpoints
 # gitlab_rails['monitoring_whitelist'] = ['127.0.0.0/8', '::1/128']
-###! Time between sampling of unicorn socket metrics, in seconds
-# gitlab_rails['monitoring_unicorn_sampler_interval'] = 10

 ### Shutdown settings
 ###! Defines an interval to block healthcheck,
@ -667,7 +665,7 @@ EOS
 # gitlab_rails['encrypted_settings_path'] = '/var/opt/gitlab/gitlab-rails/shared/encrypted_settings'

 ### Wait for file system to be mounted
-###! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#only-start-omnibus-gitlab-services-after-a-given-filesystem-is-mounted
+###! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#only-start-omnibus-gitlab-services-after-a-given-file-system-is-mounted
 # high_availability['mountpoint'] = ["/var/opt/gitlab/git-data", "/var/opt/gitlab/gitlab-rails/shared"]

 ### GitLab Shell settings for GitLab
@ -705,6 +703,12 @@ gitlab_rails['gitlab_shell_ssh_port'] = __SSH_PORT__
 # gitlab_rails['initial_root_password'] = "password"
 # gitlab_rails['initial_shared_runners_registration_token'] = "token"

+#### Toggle if root password should be printed to STDOUT during initialization
+# gitlab_rails['display_initial_root_password'] = false
+
+#### Toggle if initial root password should be written to /etc/gitlab/initial_root_password
+# gitlab_rails['store_initial_root_password'] = true
+
 #### Set path to an initial license to be used while bootstrapping GitLab.
 ####! **Only applicable on initial setup, future license updations need to be done via UI.
 ####! Updating the file specified in this path won't yield any change after the first reconfigure run.
@ -777,7 +781,9 @@ gitlab_rails['gitlab_shell_ssh_port'] = __SSH_PORT__
 # gitlab_rails['redis_queues_instance'] = nil
 # gitlab_rails['redis_queues_sentinels'] = nil
 # gitlab_rails['redis_shared_state_instance'] = nil
-# gitlab_rails['redis_shared_sentinels'] = nil
+# gitlab_rails['redis_shared_state_sentinels'] = nil
+# gitlab_rails['redis_trace_chunks_instance'] = nil
+# gitlab_rails['redis_trace_chunks_sentinels'] = nil
 # gitlab_rails['redis_actioncable_instance'] = nil
 # gitlab_rails['redis_actioncable_sentinels'] = nil

@ -878,12 +884,20 @@ gitlab_rails['gitlab_shell_ssh_port'] = __SSH_PORT__

 ################################################################################
 ## GitLab Workhorse
-##! Docs: https://gitlab.com/gitlab-org/gitlab-workhorse/blob/master/README.md
+##! Docs: https://gitlab.com/gitlab-org/gitlab/-/blob/master/workhorse/README.md
 ################################################################################

 # gitlab_workhorse['enable'] = true
 # gitlab_workhorse['ha'] = false
 # gitlab_workhorse['alt_document_root'] = nil
+
+##! Duration to wait for all requests to finish (e.g. "10s" for 10
+##! seconds). By default this is disabled to preserve the existing
+##! behavior of fast shutdown. This should not be set higher than 30
+##! seconds, since gitlab-ctl will wait up to 30 seconds (as defined by
+##! the SVWAIT variable) and report a timeout error if the process has
+##! not shut down.
+# gitlab_workhorse['shutdown_timeout'] = nil
 # gitlab_workhorse['listen_network'] = "unix"
 # gitlab_workhorse['listen_umask'] = 000
 # gitlab_workhorse['listen_addr'] = "/var/opt/gitlab/gitlab-workhorse/sockets/socket"
@ -959,42 +973,6 @@ gitlab_rails['gitlab_shell_ssh_port'] = __SSH_PORT__
 # user['git_user_name'] = "GitLab"
 # user['git_user_email'] = "gitlab@#{node['fqdn']}"

-################################################################################
-## GitLab Unicorn
-##! Tweak unicorn settings.
-##! Docs: https://docs.gitlab.com/omnibus/settings/unicorn.html
-################################################################################
-
-# unicorn['enable'] = false
-# unicorn['worker_timeout'] = 60
-###! Minimum worker_processes is 2 at this moment
-###! See https://gitlab.com/gitlab-org/gitlab-foss/issues/18771
-# unicorn['worker_processes'] = 2
-
-### Advanced settings
-# unicorn['listen'] = 'localhost'
-# unicorn['port'] = 8080
-# unicorn['socket'] = '/var/opt/gitlab/gitlab-rails/sockets/gitlab.socket'
-# unicorn['pidfile'] = '/opt/gitlab/var/unicorn/unicorn.pid'
-# unicorn['tcp_nopush'] = true
-# unicorn['backlog_socket'] = 1024
-
-###! **Make sure somaxconn is equal or higher then backlog_socket**
-# unicorn['somaxconn'] = 1024
-
-###! **We do not recommend changing this setting**
-# unicorn['log_directory'] = "/var/log/gitlab/unicorn"
-
-### **Only change these settings if you understand well what they mean**
-###! Docs: https://docs.gitlab.com/ee/administration/operations/unicorn.html#unicorn-worker-killer
-###!       https://github.com/kzk/unicorn-worker-killer
-# unicorn['worker_memory_limit_min'] = "1024 * 1 << 20"
-# unicorn['worker_memory_limit_max'] = "1280 * 1 << 20"
-
-# unicorn['exporter_enabled'] = false
-# unicorn['exporter_address'] = "127.0.0.1"
-# unicorn['exporter_port'] = 8083
-
 ################################################################################
 ## GitLab Puma
 ##! Tweak puma settings. You should only use Unicorn or Puma, not both.
@ -1040,7 +1018,6 @@ puma['port'] = __PUMA_PORT__
 # sidekiq['log_directory'] = "/var/log/gitlab/sidekiq"
 # sidekiq['log_format'] = "json"
 # sidekiq['shutdown_timeout'] = 4
-# sidekiq['cluster'] = true
 # sidekiq['queue_selector'] = false
 # sidekiq['interval'] = nil
 # sidekiq['max_concurrency'] = 50
@ -1058,7 +1035,7 @@ puma['port'] = __PUMA_PORT__

 # sidekiq['queue_groups'] = ['*']

-##! If negate is enabled then sidekiq-cluster will process all the queues that
+##! If negate is enabled then Sidekiq will process all the queues that
 ##! don't match those in queue_groups.

 # sidekiq['negate'] = false
@ -1113,8 +1090,6 @@ sidekiq['listen_port'] = __SIDEKIQ_PORT__
 ## endpoint to the cluster. By default it is the same as postgresql['port'].
 # postgresql['connect_port'] = 5432

-# postgresql['data_dir'] = "/var/opt/gitlab/postgresql/data"
-
 ##! **recommend value is 1/4 of total RAM, up to 14GB.**
 # postgresql['shared_buffers'] = "256MB"

@ -1150,7 +1125,7 @@ sidekiq['listen_port'] = __SIDEKIQ_PORT__
 # postgresql['hot_standby'] = "off"

 ### SSL settings
-# See https://www.postgresql.org/docs/11/static/runtime-config-connection.html#GUC-SSL-CERT-FILE for more details
+# See https://www.postgresql.org/docs/12/static/runtime-config-connection.html#GUC-SSL-CERT-FILE for more details
 # postgresql['ssl'] = 'on'
 # postgresql['hostssl'] = false
 # postgresql['ssl_ciphers'] = 'HIGH:MEDIUM:+3DES:!aNULL:!SSLv3:!TLSv1'
@ -1240,7 +1215,7 @@ sidekiq['listen_port'] = __SIDEKIQ_PORT__
 #     }
 #   ]
 # }
-# See https://www.postgresql.org/docs/11/static/auth-pg-hba-conf.html for an explanation
+# See https://www.postgresql.org/docs/12/static/auth-pg-hba-conf.html for an explanation
 # of the values

 ### Version settings
@ -1652,8 +1627,11 @@ nginx['listen_https'] = false
 ##! GitLab API JWT Token expiry time
 # gitlab_pages['gitlab_client_jwt_expiry'] = "30s"

-##! Domain configuration source, defaults to disk if set to nil
-# gitlab_pages['domain_config_source'] = nil
+##! Fallback to legacy storage
+##! Warning: support for this flag will be removed in %14.3
+##! If you need to use it, please comment on https://gitlab.com/gitlab-org/gitlab/-/issues/331699
+##! and describe why
+# gitlab_pages['use_legacy_storage'] = nil

 ##! Advanced settings for API-based configuration for GitLab Pages.
 ##! The recommended default values are set inside GitLab Pages.
@ -2274,8 +2252,15 @@ nginx['listen_https'] = false
 # praefect['database_sslrootcert'] = '/path/to/rootcert'
 # praefect['reconciliation_scheduling_interval'] = '5m'
 # praefect['reconciliation_histogram_buckets'] = '[0.001, 0.005, 0.025, 0.1, 0.5, 1.0, 10.0]'
-# praefect['database_host_no_proxy'] = 'postgres.internal'
-# praefect['database_port_no_proxy'] = 5432
+# praefect['database_direct_host'] = 'postgres.internal'
+# praefect['database_direct_port'] = 5432
+# praefect['database_direct_user'] = 'praefect'
+# praefect['database_direct_password'] = 'secret'
+# praefect['database_direct_dbname'] = 'praefect_production_direct'
+# praefect['database_direct_sslmode'] = 'disable'
+# praefect['database_direct_sslcert'] = '/path/to/client-cert'
+# praefect['database_direct_sslkey'] = '/path/to/client-key'
+# praefect['database_direct_sslrootcert'] = '/path/to/rootcert'

 ################################################################################
 # Storage check
@ -2511,6 +2496,7 @@ package['modify_kernel_parameters'] = __MODIFY_KERNEL_PARAMETERS__
 # geo_secondary['db_sslcompression'] = 0
 # geo_secondary['db_sslrootcert'] = nil
 # geo_secondary['db_sslca'] = nil
+# geo_secondary['db_prepared_statements'] = false

 ################################################################################
 ## GitLab Geo Secondary Tracking Database (EE only)
@ -2519,7 +2505,6 @@ package['modify_kernel_parameters'] = __MODIFY_KERNEL_PARAMETERS__
 # geo_postgresql['enable'] = false
 # geo_postgresql['ha'] = false
 # geo_postgresql['dir'] = '/var/opt/gitlab/geo-postgresql'
-# geo_postgresql['data_dir'] = '/var/opt/gitlab/geo-postgresql/data'
 # geo_postgresql['pgbouncer_user'] = nil
 # geo_postgresql['pgbouncer_user_password'] = nil
 ##! `SQL_USER_PASSWORD_HASH` can be generated using the command `gitlab-ctl pg-password-md5 gitlab`
@ -2643,66 +2628,12 @@ package['modify_kernel_parameters'] = __MODIFY_KERNEL_PARAMETERS__
 # pgbouncer['server_tls_protocols'] = 'all'
 # pgbouncer['server_tls_ciphers'] = 'fast'

-################################################################################
-# Repmgr (EE only)
-################################################################################
-# repmgr['enable'] = false
-# repmgr['cluster'] = 'gitlab_cluster'
-# repmgr['database'] = 'gitlab_repmgr'
-# repmgr['host'] = nil
-# repmgr['node_number'] = nil
-# repmgr['port'] = 5432
-# repmgr['trust_auth_cidr_addresses'] = []
-# repmgr['username'] = 'gitlab_repmgr'
-# repmgr['sslmode'] = 'prefer'
-# repmgr['sslcompression'] = 0
-# repmgr['failover'] = 'automatic'
-# repmgr['log_directory'] = '/var/log/gitlab/repmgrd'
-# repmgr['node_name'] = nil
-# repmgr['pg_bindir'] = '/opt/gitlab/embedded/bin'
-# repmgr['service_start_command'] = '/opt/gitlab/bin/gitlab-ctl start postgresql'
-# repmgr['service_stop_command'] = '/opt/gitlab/bin/gitlab-ctl stop postgresql'
-# repmgr['service_reload_command'] = '/opt/gitlab/bin/gitlab-ctl hup postgresql'
-# repmgr['service_restart_command'] = '/opt/gitlab/bin/gitlab-ctl restart postgresql'
-# repmgr['service_promote_command'] = nil
-# repmgr['promote_command'] = '/opt/gitlab/embedded/bin/repmgr standby promote -f /var/opt/gitlab/postgresql/repmgr.conf'
-# repmgr['follow_command'] = '/opt/gitlab/embedded/bin/repmgr standby follow -f /var/opt/gitlab/postgresql/repmgr.conf'
-
-# repmgr['upstream_node'] = nil
-# repmgr['use_replication_slots'] = false
-# repmgr['loglevel'] = 'INFO'
-# repmgr['logfacility'] = 'STDERR'
-# repmgr['logfile'] = nil
-
-# repmgr['event_notification_command'] = nil
-# repmgr['event_notifications'] = nil
-
-# repmgr['rsync_options'] = nil
-# repmgr['ssh_options'] = nil
-# repmgr['priority'] = nil
-#
-# HA setting to specify if a node should attempt to be master on initialization
-# repmgr['master_on_initialization'] = true
-
-# repmgr['retry_promote_interval_secs'] = 300
-# repmgr['witness_repl_nodes_sync_interval_secs'] = 15
-# repmgr['reconnect_attempts'] = 6
-# repmgr['reconnect_interval'] = 10
-# repmgr['monitor_interval_secs'] = 2
-# repmgr['master_response_timeout'] = 60
-# repmgr['daemon'] = true
-# repmgrd['enable'] = true
-
 ################################################################################
 # Patroni (EE only)
-#
-# NOTICE: Patroni is an experimental feature and subject to change.
-#
 ################################################################################
 # patroni['enable'] = false

 # patroni['dir'] = '/var/opt/gitlab/patroni'
-# patroni['data_dir'] = '/var/opt/gitlab/patroni/data'
 # patroni['ctl_command'] = '/opt/gitlab/embedded/bin/patronictl'

 ## Patroni dynamic configuration settings
--- a/manifest.json
+++ b/manifest.json
@ -2,7 +2,7 @@
    "name": "GitLab",
    "id": "gitlab",
    "packaging_format": 1,
-    "version": "13.12.4~ynh1",
+    "version": "14.0.0~ynh1",
    "description": {
        "en": "Git-repository manager providing wiki, issue-tracking and CI/CD pipeline features.",
        "fr": "Gestionnaire de dépôts Git proposant des fonctionnalités de wiki, suivi de bugs et de pipeline CI/CD."
--- a/scripts/upgrade
+++ b/scripts/upgrade
@ -203,6 +203,27 @@ if [ $swap_needed -gt 0 ]; then
 	fi
 fi

+#=================================================
+# CHECK IF KERNEL IS READ-ONLY
+#=================================================
+
+modify_kernel_parameters="true"
+
+for value_to_check in "kernel.shmall" "kernel.shmmax" "kernel.sem" "net.core.somaxconn"
+do
+	if ! ynh_exec_fully_quiet sysctl --write $value_to_check="$(sysctl --value $value_to_check)"; then
+		modify_kernel_parameters="false"
+		break
+	fi
+done
+
+# For gitlab rb
+
+mkdir -p $config_path
+ssh_port=$(grep -P "Port\s+\d+" /etc/ssh/sshd_config | grep -P -o "\d+")
+
+generated_external_url="https://$domain${path_url%/}"
+
 #=================================================
 # DOWNLOAD, CHECK AND UNPACK SOURCE
 #=================================================
@ -274,33 +295,30 @@ then
 		ynh_exec_warn_less ynh_secure_remove --file="$tempdir"

 		current_version=$(grep gitlab-ce /opt/gitlab/version-manifest.txt | cut -d' ' -f2)
+
+		# Sometimes we need to update the gitlab.rb configuration file in order to migrate to the next version.
+		if [ -e "$YNH_APP_BASEDIR/conf/gitlab.$current_major_version.rb" ]; then
+			if [ -e "$YNH_APP_BASEDIR/scripts/upgrade.d/upgrade.$current_major_version.last.sh" ]; then
+				source $YNH_APP_BASEDIR/scripts/upgrade.d/upgrade.$current_major_version.last.sh
+			fi
+			if dpkg --compare-versions "$gitlab_version" "ge" "$current_version"; then
+				ynh_add_config --template="$YNH_APP_BASEDIR/conf/gitlab.$current_major_version.rb" --destination="$config_path/gitlab.rb"
+
+				touch "$config_path/gitlab-persistent.rb"
+				chown root:root "$config_path/gitlab-persistent.rb"
+				chmod 640 "$config_path/gitlab-persistent.rb"
+
+				gitlab-ctl reconfigure
+			fi
+		fi
 	done
 fi

-#=================================================
-# CHECK IF KERNEL IS READ-ONLY
-#=================================================
-
-modify_kernel_parameters="true"
-
-for value_to_check in "kernel.shmall" "kernel.shmmax" "kernel.sem" "net.core.somaxconn"
-do
-	if ! ynh_exec_fully_quiet sysctl --write $value_to_check="$(sysctl --value $value_to_check)"; then
-		modify_kernel_parameters="false"
-		break
-	fi
-done
-
 #=================================================
 # RECONFIGURE GITLAB
 #=================================================
 ynh_script_progression --message="Reconfigure GitLab..." --weight=13

-mkdir -p $config_path
-ssh_port=$(grep -P "Port\s+\d+" /etc/ssh/sshd_config | grep -P -o "\d+")
-
-generated_external_url="https://$domain${path_url%/}"
-
 ynh_add_config --template="$YNH_APP_BASEDIR/conf/gitlab.rb" --destination="$config_path/gitlab.rb"

 touch "$config_path/gitlab-persistent.rb"
--- a/scripts/upgrade.d/upgrade.13.last.sh
+++ b/scripts/upgrade.d/upgrade.13.last.sh
@ -0,0 +1,34 @@
+#!/bin/bash
+
+gitlab_version="13.12.5"
+
+# sha256sum found here: https://packages.gitlab.com/gitlab
+gitlab_debian_version="buster"
+
+gitlab_x86_64_buster_source_sha256="3dd65585a09575a207e53d12a81fb506a33954d2f9aa043320e07eec7447f9ef"
+
+gitlab_arm64_buster_source_sha256="3b92897536f3b44fc13c5e8eab31d18424524e667d26ea074a93de346c5ab4c4"
+
+gitlab_arm_buster_source_sha256="3ffc3d6628321ad11289459c824cd1d81a480cde2574fe98c094f37951235b79"
+
+architecture=$(ynh_app_setting_get --app="$app" --key=architecture)
+
+if [ "$architecture" = "x86-64" ]; then
+	gitlab_source_sha256=$gitlab_x86_64_buster_source_sha256
+elif [ "$architecture" = "arm64" ]; then
+	gitlab_source_sha256=$gitlab_arm64_buster_source_sha256
+elif [ "$architecture" = "arm" ]; then
+	gitlab_source_sha256=$gitlab_arm_buster_source_sha256
+fi
+
+gitlab_filename="gitlab-ce-${gitlab_version}.deb"
+
+# Action to do in case of failure of the package_check
+package_check_action() {
+	ynh_backup_if_checksum_is_different --file="$config_path/gitlab.rb"
+	cat <<EOF >> "$config_path/gitlab.rb"
+# Last chance to fix Gitlab
+package['modify_kernel_parameters'] = false
+EOF
+	ynh_store_file_checksum --file="$config_path/gitlab.rb"
+}
--- a/scripts/upgrade.d/upgrade.last.sh
+++ b/scripts/upgrade.d/upgrade.last.sh
@ -1,15 +1,15 @@
 #!/bin/bash

-gitlab_version="13.12.4"
+gitlab_version="14.0.0"

 # sha256sum found here: https://packages.gitlab.com/gitlab
 gitlab_debian_version="buster"

-gitlab_x86_64_buster_source_sha256="76bb8b86edeec1fc4ed7c4169b47ed2ac0a86d0f0dcc9907e79e7ea1219d2b8e"
+gitlab_x86_64_buster_source_sha256="fc395f2f6150ab081dfb5ab012c2273be4d15d3d0dd4b9cc07aa793dcf27c67b"

-gitlab_arm64_buster_source_sha256="914bf42acb71b660e512b1b99002787c3fce354f3f6eaa2eaee1fb85afd78e67"
+gitlab_arm64_buster_source_sha256="aa2924f935e02e06f52320795e2d4839181ea0d0d410786f44ae4df86d2fc90d"

-gitlab_arm_buster_source_sha256="68ed3dab94277365cded17b03f01a9347a09370c0dfe3144e9d2938eb83268e1"
+gitlab_arm_buster_source_sha256="3b52c9d414974b2c6c639f881e2c736c9790eac16fcb070ce82bcce52b8958a2"

 architecture=$(ynh_app_setting_get --app="$app" --key=architecture)