Add sshd to Procfile

aa28d6f2 · Jacob Vosmaer (GitLab) · e16ebc30 · aa28d6f2 · aa28d6f2 · aa28d6f2
Commit aa28d6f2 authored 8 years ago by Jacob Vosmaer (GitLab)
--- a/.gitignore
+++ b/.gitignore
@@ -30,3 +30,6 @@ port
 localhost.*
 influxdb/
 grafana/
+openssh/*_key
+openssh/*.pub
+openssh/sshd_config
--- a/Makefile
+++ b/Makefile
@@ -7,6 +7,8 @@ postgres_replication_user = gitlab_replication
 postgres_dir = $(realpath ./postgresql)
 postgres_replica_dir = $(realpath ./postgresql-replica)
 port = $(shell cat port 2>/dev/null)
+username = $(shell whoami)
+sshd_bin = $(shell which sshd)
  
 all: gitlab-setup gitlab-shell-setup gitlab-workhorse-setup support-setup
  
@@ -86,7 +88,7 @@ gitlab-shell/.git/pull:
  
 # Set up supporting services
  
-support-setup: .ruby-version foreman Procfile redis postgresql
+support-setup: .ruby-version foreman Procfile redis postgresql openssh-setup
 	@echo ""
 	@echo "*********************************************"
 	@echo "************** Setup finished! **************"
@@ -96,6 +98,7 @@ support-setup: .ruby-version foreman Procfile redis postgresql
  
 Procfile:
 	sed -e "s|/home/git|${gitlab_development_root}|g"\
+      -e "s|/usr/sbin/sshd|${sshd_bin}|"\
 	  -e "s|postgres |${postgres_bin_dir}/postgres |"\
 	  $@.example > $@
 	# Listen on external interface if inside a vagrant vm
@@ -180,7 +183,7 @@ grafana/bin/grafana-server:
  
 grafana/grafana.ini:
 	sed -e "s|/home/git|${gitlab_development_root}|g" \
-		-e "s/GDK_USERNAME/${shell whoami}/g" \
+		-e "s/GDK_USERNAME/${username}/g" \
 		$@.example > $@
  
 grafana/gdk-pg-created:
@@ -194,6 +197,16 @@ grafana/gdk-data-source-created:
 	
 performance-metrics-setup:	Procfile influxdb-setup grafana-setup
  
+openssh-setup:	openssh/sshd_config openssh/ssh_host_rsa_key
+
+openssh/sshd_config:
+	sed -e "s|/home/git|${gitlab_development_root}|g" \
+		-e "s/GDK_USERNAME/${username}/g" \
+		$@.example > $@
+
+openssh/ssh_host_rsa_key:
+	ssh-keygen -f $@ -N '' -t rsa
+
 clean-config:
 	rm -f \
 	gitlab/config/gitlab.yml \

--- a/Procfile.example
+++ b/Procfile.example
@@ -8,3 +8,4 @@ rails-background-jobs: RAILS_ENV=development support/exec-cd gitlab bin/backgrou
 #workhorse-stunnel: support/workhorse-stunnel localhost:3443 /home/git/gitlab.socket /home/git/localhost.pem
 #influxdb: influxdb/bin/influxd -config influxdb/influxdb.conf
 #grafana: support/wait-postgresql-ready support/exec-cd grafana bin/grafana-server -config grafana.ini
+#sshd: /usr/sbin/sshd -e -D -f /home/git/openssh/sshd_config
--- a/README.md
+++ b/README.md
@@ -42,6 +42,7 @@ sockets to avoid port conflicts.
 - [NFS](#nfs)
  - [Ubuntu / Debian](#ubuntu--debian)
 - [HTTPS](#https)
+- [SSH](#ssh)
 - [OS X, other developer OS's](#os-x-other-developer-oss)
 - [Troubleshooting](#troubleshooting)
  - [Rebuilding gems with native extensions](#rebuilding-gems-with-native-extensions)
@@ -583,6 +584,18 @@ Next make sure that HTTPS is enabled in gitlab/config/gitlab.yml.
 Uncomment the `workhorse-stunnel` line in your Procfile. Now `./run app`
 (and `./run`) will start stunnel listening on https://localhost:3443.
  
+## SSH
+
+If you want to work on GitLab's SSH integration then uncomment the
+'sshd:' line in your Procfile. Next time you start `run` or `run app`
+you will get an unprivileged SSH daemon process running on
+localhost:2222, integrated with gitlab-shell.
+
+To change the host/port you need to edit openssh/sshd_config and
+gitlab/config/gitlab.yml. If you are not working on GitLab SSH
+integration we recommend that you leave the 'sshd:' line in the
+Procfile commented out.
+
 ## Performance metrics
  
 See [doc/performance_metrics.md](doc/performance_metrics.md).

--- a/openssh/sshd_config.example
+++ b/openssh/sshd_config.example
+AllowUsers GDK_USERNAME
+AuthenticationMethods publickey
+HostKey /home/git/openssh/ssh_host_rsa_key
+ListenAddress 127.0.0.1:2222
+LogLevel VERBOSE
+PasswordAuthentication no
+PidFile none
+Protocol 2
+StrictModes no
+UseLogin no
+UsePAM no
+UsePrivilegeSeparation no
+
+Match User GDK_USERNAME
+AuthorizedKeysFile /home/git/.ssh/authorized_keys
--- a/run
+++ b/run
@@ -50,7 +50,7 @@ db() {
  
 app() {
  print_port
-  foreman_start -c all=0,rails-web=1,rails-background-jobs=1,gitlab-workhorse=1,workhorse-stunnel=1,grafana=1
+  foreman_start -c all=0,rails-web=1,rails-background-jobs=1,gitlab-workhorse=1,workhorse-stunnel=1,grafana=1,sshd=1
 }
  
 grafana() {

--- a/support/edit-gitlab.yml
+++ b/support/edit-gitlab.yml
@@ -7,5 +7,10 @@ ed -s "$1" <<EOF
 / user:/c
    user: $(whoami)
 .
+/^  gitlab_shell:/
+a
+    ssh_port: 2222
+    ssh_host: localhost
+.
 wq
 EOF