Merge branch 'master' into deps/5a89a91-3b3d888

spec/chef/recipes/selinux_spec.rb

@@ -2,37 +2,42 @@ require 'chef_helper'
 RSpec.describe 'gitlab::gitlab-selinux' do
   let(:chef_run) { ChefSpec::SoloRunner.new(step_into: %w(templatesymlink storage_directory)).converge('gitlab::default') }
+  let(:templatesymlink) { chef_run.templatesymlink('Create a config.yml and create a symlink to Rails root') }
   before do
     allow(Gitlab).to receive(:[]).and_call_original
+    stub_default_should_notify?(true)
   end
   context 'when NOT running on selinux' do
-    before { stub_command('id -Z').and_return(false) }
+    before do
+      allow_any_instance_of(ShellOutHelper).to receive(:success?).with('id -Z').and_return(false)
+    end
     it 'should not run the semanage bash command' do
-      expect(chef_run).not_to run_bash('Set proper security context on ssh files for selinux')
+      expect(templatesymlink).to_not notify('bash[Set proper security context on ssh files for selinux]').delayed
     end
   end
   context 'when running on selinux' do
     before do
-      stub_command('id -Z').and_return('')
+      allow_any_instance_of(ShellOutHelper).to receive(:success?).with('id -Z').and_return(true)
       allow(File).to receive(:exist?).and_call_original
       allow(File).to receive(:exist?).with('/var/opt/gitlab/.ssh').and_return(true)
       allow(File).to receive(:exist?).with('/var/opt/gitlab/.ssh/authorized_keys').and_return(true)
       allow(File).to receive(:exist?).with('/var/opt/gitlab/gitlab-rails/etc/gitlab_shell_secret').and_return(true)
       allow(File).to receive(:exist?).with('/var/opt/gitlab/gitlab-shell/config.yml').and_return(true)
+      allow(File).to receive(:exist?).with('/var/opt/gitlab/gitlab-workhorse/sockets').and_return(true)
     end
     let(:bash_block) { chef_run.bash('Set proper security context on ssh files for selinux') }
     def semanage_fcontext(filename)
-      "semanage fcontext -a -t ssh_home_t '#{filename}'"
+      "semanage fcontext -a -t gitlab_shell_t '#{filename}'"
     end
     it 'should run the semanage bash command' do
-      expect(chef_run).to run_bash('Set proper security context on ssh files for selinux')
+      expect(templatesymlink).to notify('bash[Set proper security context on ssh files for selinux]').delayed
     end
     it 'sets the security context of gitlab-shell files' do
@@ -40,7 +45,8 @@ RSpec.describe 'gitlab::gitlab-selinux' do
       files = %w(/var/opt/gitlab/.ssh(/.*)?
                  /var/opt/gitlab/.ssh/authorized_keys
                  /var/opt/gitlab/gitlab-shell/config.yml
-                 /var/opt/gitlab/gitlab-rails/etc/gitlab_shell_secret)
+                 /var/opt/gitlab/gitlab-rails/etc/gitlab_shell_secret
+                 /var/opt/gitlab/gitlab-workhorse/sockets)
       managed_files = files.map { |file| semanage_fcontext(file) }
       expect(lines).to include(*managed_files)
@@ -48,6 +54,29 @@ RSpec.describe 'gitlab::gitlab-selinux' do
       expect(lines).to include("restorecon -v '/var/opt/gitlab/.ssh/authorized_keys'")
       expect(lines).to include("restorecon -v '/var/opt/gitlab/gitlab-shell/config.yml'")
       expect(lines).to include("restorecon -v '/var/opt/gitlab/gitlab-rails/etc/gitlab_shell_secret'")
+      expect(lines).to include("restorecon -v '/var/opt/gitlab/gitlab-workhorse/sockets'")
+    end
+
+    context 'and the user configured a custom workhorse sockets directory' do
+      let(:user_sockets_directory) { '/how/do/you/do' }
+      before do
+        stub_gitlab_rb(
+          gitlab_workhorse: {
+            listen_network: 'unix',
+            sockets_directory: user_sockets_directory
+          }
+        )
+      end
+
+      it 'sets the security context of a custom workhorse sockets directory' do
+        allow(File).to receive(:exist?).with(user_sockets_directory).and_return(true)
+        lines = bash_block.code.split("\n")
+        files = [user_sockets_directory]
+        managed_files = files.map { |file| semanage_fcontext(file) }
+
+        expect(lines).to include(*managed_files)
+        expect(lines).to include("restorecon -v '#{user_sockets_directory}'")
+      end
     end
     context 'when gitlab-rails is disabled' do

spec/chef/secrets_spec.rb

@@ -71,6 +71,11 @@ RSpec.describe 'secrets' do
         pages_shared_secret = new_secrets['gitlab_pages']['api_secret_key']
         expect(Base64.strict_decode64(pages_shared_secret).length).to eq(32)
       end
+
+      it 'generates an appropriate shared secret for gitlab-kas' do
+        kas_shared_secret = new_secrets['gitlab_kas']['api_secret_key']
+        expect(Base64.strict_decode64(kas_shared_secret).length).to eq(32)
+      end
     end
     context 'gitlab.rb provided gitlab_pages.api_secret_key' do
@@ -93,6 +98,26 @@ RSpec.describe 'secrets' do
       end
     end
+    context 'gitlab.rb provided gitlab_kas.api_secret_key' do
+      before do
+        allow(Gitlab).to receive(:[]).and_call_original
+      end
+
+      it 'fails when provided gitlab_kas.shared_secret is not 32 bytes' do
+        stub_gitlab_rb(gitlab_kas: { api_secret_key: SecureRandom.base64(16) })
+
+        expect { chef_run }.to raise_error(RuntimeError, /gitlab_kas\['api_secret_key'\] should be exactly 32 bytes/)
+      end
+
+      it 'accepts provided gitlab_kas.api_secret_key when it is 32 bytes' do
+        api_secret_key = SecureRandom.base64(32)
+        stub_gitlab_rb(gitlab_kas: { api_secret_key: api_secret_key })
+
+        expect { chef_run }.not_to raise_error
+        expect(new_secrets['gitlab_kas']['api_secret_key']).to eq(api_secret_key)
+      end
+    end
+
     context 'when there are existing secrets in /etc/gitlab/gitlab-secrets.json' do
       before do
         allow(SecretsHelper).to receive(:system)

spec/chef_helper.rb

@@ -6,7 +6,7 @@ require 'chefspec'
 require 'ohai'
 # Load our cookbook libraries so we can stub them in our tests
-cookbooks = %w(package gitlab gitaly mattermost gitlab-ee letsencrypt monitoring patroni)
+cookbooks = %w(package gitlab gitaly mattermost gitlab-ee letsencrypt monitoring patroni gitlab-kas)
 cookbooks.each do |cookbook|
   Dir[File.join(__dir__, "../files/gitlab-cookbooks/#{cookbook}/libraries/**/*.rb")].each { |f| require f }
 end

spec/gitlab-ctl-commands-ee/lib/geo/promote_to_primary_node_spec.rb

@@ -9,8 +9,8 @@ RSpec.describe Geo::PromoteToPrimaryNode, '#execute' do
   subject(:command) { described_class.new(nil, options) }
-  let(:temp_directory) { Dir.mktmpdir }
-  let(:gitlab_config_path) { File.join(temp_directory, 'gitlab.rb') }
+  let(:config_path) { Dir.mktmpdir }
+  let(:gitlab_config_path) { File.join(config_path, 'gitlab.rb') }
   before do
     allow($stdout).to receive(:puts)
@@ -20,13 +20,14 @@ RSpec.describe Geo::PromoteToPrimaryNode, '#execute' do
   end
   after do
-    FileUtils.rm_rf(temp_directory)
+    FileUtils.rm_rf(config_path)
   end
   describe '#run_preflight_checks' do
     before do
       allow(STDIN).to receive(:gets).and_return('y')
+      allow(command).to receive(:toggle_geo_roles).and_return(true)
       allow(command).to receive(:promote_postgresql_to_primary).and_return(true)
       allow(command).to receive(:reconfigure).and_return(true)
       allow(command).to receive(:promote_to_primary).and_return(true)
@@ -64,6 +65,53 @@ RSpec.describe Geo::PromoteToPrimaryNode, '#execute' do
     end
   end
+  describe '#toggle_geo_roles' do
+    let(:gitlab_cluster_config_path) { File.join(config_path, 'gitlab-cluster.json') }
+
+    before do
+      stub_const('GitlabClusterHelper::CONFIG_PATH', config_path)
+      stub_const('GitlabClusterHelper::JSON_FILE', gitlab_cluster_config_path)
+
+      allow(STDIN).to receive(:gets).and_return('y')
+
+      allow(command).to receive(:run_preflight_checks).and_return(true)
+      allow(command).to receive(:promote_postgresql_to_primary).and_return(true)
+      allow(command).to receive(:reconfigure).and_return(true)
+      allow(command).to receive(:promote_to_primary).and_return(true)
+      allow(command).to receive(:success_message).and_return(true)
+    end
+
+    context 'when the cluster configuration file does not exist' do
+      it 'creates the file with the Geo primary role enabled and secondary role disabled' do
+        command.execute
+
+        expect(File.exist?(gitlab_cluster_config_path)).to eq(true)
+        expect(read_file_content(gitlab_cluster_config_path)).to eq("primary" => true, "secondary" => false)
+      end
+    end
+
+    context 'when the cluster configuration file exists' do
+      it 'disables the Geo secondary role' do
+        write_file_content(gitlab_cluster_config_path, primary: false, secondary: true)
+
+        command.execute
+
+        expect(read_file_content(gitlab_cluster_config_path)).to eq("primary" => true, "secondary" => false)
+      end
+    end
+
+    def read_file_content(fullpath)
+      JSON.parse(File.read(fullpath))
+    end
+
+    def write_file_content(fullpath, content)
+      File.open(fullpath, 'w') do |f|
+        f.write(content.to_json)
+        f.chmod(0600)
+      end
+    end
+  end
+
   context 'when preflight checks pass' do
     before do
       allow(STDIN).to receive(:gets).and_return('y')
@@ -71,6 +119,7 @@ RSpec.describe Geo::PromoteToPrimaryNode, '#execute' do
       allow_any_instance_of(Geo::PromotionPreflightChecks).to receive(
         :execute).and_return(true)
+      allow(command).to receive(:toggle_geo_roles).and_return(true)
       allow(command).to receive(:promote_postgresql_to_primary).and_return(true)
       allow(command).to receive(:reconfigure).and_return(true)
       allow(command).to receive(:promote_to_primary).and_return(true)
@@ -95,8 +144,12 @@ RSpec.describe Geo::PromoteToPrimaryNode, '#execute' do
       end
       context 'when final confirmation is given' do
-        it 'calls the next subcommand' do
+        it 'calls all the subcommands' do
+          expect(command).to receive(:toggle_geo_roles)
           expect(command).to receive(:promote_postgresql_to_primary)
+          expect(command).to receive(:reconfigure)
+          expect(command).to receive(:promote_to_primary)
+          expect(command).to receive(:success_message)
           command.execute
         end
@@ -141,9 +194,11 @@ RSpec.describe Geo::PromoteToPrimaryNode, '#execute' do
       it 'calls all the subcommands if user affirms' do
         allow(STDIN).to receive(:gets).and_return('y')
+        is_expected.to receive(:toggle_geo_roles)
         is_expected.to receive(:promote_postgresql_to_primary)
         is_expected.to receive(:reconfigure)
         is_expected.to receive(:promote_to_primary)
+        is_expected.to receive(:success_message)
         command.execute
       end
@@ -157,4 +212,47 @@ RSpec.describe Geo::PromoteToPrimaryNode, '#execute' do
       end
     end
   end
+
+  context 'when writing to the cluster configuration file fail' do
+    around do |example|
+      example.run
+    rescue SystemExit
+    end
+
+    before do
+      allow(STDIN).to receive(:gets).and_return('y')
+
+      allow(command).to receive(:run_preflight_checks).and_return(true)
+
+      allow_any_instance_of(GitlabClusterHelper)
+        .to receive(:write_to_file!).and_return(false)
+    end
+
+    it 'exits with 1' do
+      expect { command.execute }.to raise_error(SystemExit)
+    end
+  end
+
+  context 'when writing to the cluster configuration file succeed' do
+    before do
+      allow(STDIN).to receive(:gets).and_return('y')
+
+      allow(command).to receive(:promote_postgresql_to_primary).and_return(true)
+      allow(command).to receive(:reconfigure).and_return(true)
+      allow(command).to receive(:promote_to_primary).and_return(true)
+      allow(command).to receive(:success_message).and_return(true)
+
+      allow_any_instance_of(GitlabClusterHelper)
+        .to receive(:write_to_file!).and_return(true)
+    end
+
+    it 'calls all the subcommands' do
+      expect(command).to receive(:promote_postgresql_to_primary)
+      expect(command).to receive(:reconfigure)
+      expect(command).to receive(:promote_to_primary)
+      expect(command).to receive(:success_message)
+
+      command.execute
+    end
+  end
 end

spec/gitlab-ctl-commands-ee/lib/patroni_spec.rb

@@ -7,14 +7,16 @@ require_relative('../../../files/gitlab-ctl-commands-ee/lib/patroni')
 RSpec.describe 'Patroni' do
   core_commands = %w(bootstrap check-leader check-replica)
-  additional_commands = %w(members pause resume failover switchover)
+  additional_commands = %w(members pause resume failover switchover restart reload)
   all_commands = core_commands + additional_commands
   command_lines = {
     'bootstrap' => %w(--srcdir=SRCDIR --scope=SCOPE --datadir=DATADIR),
     'pause' => %w(-w),
     'resume' => %w(--wait),
     'failover' => %w(--master MASTER --candidate CANDIDATE),
-    'switchover' => %w(--master MASTER --candidate CANDIDATE --scheduled SCHEDULED)
+    'switchover' => %w(--master MASTER --candidate CANDIDATE --scheduled SCHEDULED),
+    'restart' => [],
+    'reload' => []
   }
   command_options = {
     'bootstrap' => { srcdir: 'SRCDIR', scope: 'SCOPE', datadir: 'DATADIR' },
@@ -22,13 +24,17 @@ RSpec.describe 'Patroni' do
     'resume' => { wait: true },
     'failover' => { master: 'MASTER', candidate: 'CANDIDATE' },
     'switchover' => { master: 'MASTER', candidate: 'CANDIDATE', scheduled: 'SCHEDULED' },
+    'restart' => {},
+    'reload' => {}
   }
   patronictl_command = {
     'members' => 'list',
     'pause' => 'pause -w',
     'resume' => 'resume -w',
     'failover' => 'failover --master MASTER --candidate CANDIDATE',
-    'switchover' => 'switchover --master MASTER --candidate CANDIDATE --scheduled SCHEDULED'
+    'switchover' => 'switchover --master MASTER --candidate CANDIDATE --scheduled SCHEDULED',
+    'restart' => 'restart --force fake-scope fake-node',
+    'reload' => 'reload --force fake-scope fake-node'
   }
   describe '#parse_options' do
@@ -133,6 +139,7 @@ RSpec.describe 'Patroni' do
   describe 'additional commands' do
     before do
       allow(GitlabCtl::Util).to receive(:get_public_node_attributes).and_return({ 'patroni' => { 'config_dir' => '/fake' } })
+      allow(GitlabCtl::Util).to receive(:get_node_attributes).and_return({ 'patroni' => { 'scope' => 'fake-scope', 'name' => 'fake-node' } })
       allow(GitlabCtl::Util).to receive(:run_command)
     end

spec/libraries/helpers/gitlab_cluster_helper_spec.rb

+require 'spec_helper'
+require_relative '../../../files/gitlab-cookbooks/package/libraries/helpers/gitlab_cluster_helper'
+
+RSpec.describe GitlabClusterHelper do
+  let(:gitlab_cluster_config_path) { described_class::JSON_FILE }
+
+  describe '.config_available?' do
+    context 'when cluster configuration file exists' do
+      it 'returns true' do
+        allow(File).to receive(:exist?).with(gitlab_cluster_config_path).and_return(true)
+
+        expect(described_class.config_available?).to eq(true)
+      end
+    end
+
+    context 'when cluster configuration file does not exist' do
+      it 'returns false' do
+        expect(described_class.config_available?).to eq(false)
+      end
+    end
+  end
+
+  describe '#config' do
+    context 'when the cluster configuration file does not exist' do
+      it 'returns an empty hash' do
+        expect(subject.config).to be_empty
+      end
+    end
+
+    context 'when the cluster configuration file exists' do
+      it 'parses the file content' do
+        stub_file_content(gitlab_cluster_config_path, foo: 'bar')
+
+        expect(subject.config).to eq('foo' => 'bar')
+      end
+    end
+  end
+
+  describe '#load_roles!' do
+    before do
+      stub_gitlab_rb(application_role: { enable: true }, geo_primary_role: { enable: nil }, geo_secondary_role: { enable: true })
+    end
+
+    it 'overrides roles defined in the configuration file' do
+      stub_file_content(gitlab_cluster_config_path, secondary: false)
+
+      subject.load_roles!
+
+      expect(Gitlab['application_role']['enable']).to eq(true)
+      expect(Gitlab['geo_secondary_role']['enable']).to eq(false)
+    end
+
+    it 'does not override roles not defined in the configuration file' do
+      stub_file_content(gitlab_cluster_config_path, {})
+
+      subject.load_roles!
+
+      expect(Gitlab['application_role']['enable']).to eq(true)
+      expect(Gitlab['geo_secondary_role']['enable']).to eq(true)
+    end
+
+    it 'prints a warning message for each enabled role defined in the configuration file' do
+      stub_file_content(gitlab_cluster_config_path, primary: true, secondary: false)
+
+      expect(LoggingHelper)
+        .not_to receive(:warning)
+        .with("The geo_primary_role is defined in #{gitlab_cluster_config_path} as primary and takes priority over the role in the /etc/gitlab/gitlab.rb")
+
+      expect(LoggingHelper)
+        .to receive(:warning)
+        .with("The geo_secondary_role is defined in #{gitlab_cluster_config_path} as secondary and takes priority over the role in the /etc/gitlab/gitlab.rb")
+        .once
+
+      subject.load_roles!
+    end
+  end
+
+  describe '#write_to_file!' do
+    let(:config_path) { Dir.mktmpdir }
+    let(:gitlab_cluster_config_path) { File.join(config_path, 'gitlab-cluster.json') }
+
+    before do
+      stub_const('GitlabClusterHelper::CONFIG_PATH', config_path)
+      stub_const('GitlabClusterHelper::JSON_FILE', gitlab_cluster_config_path)
+    end
+
+    after do
+      FileUtils.rm_rf(config_path)
+    end
+
+    context 'when the config directory does not exist' do
+      it 'does not create the configuration file' do
+        FileUtils.rm_rf(config_path)
+
+        subject.write_to_file!
+
+        expect(File.exist?(gitlab_cluster_config_path)).to eq(false)
+      end
+    end
+
+    context 'when the cluster configuration file does not exist' do
+      it 'creates the configuration file' do
+        FileUtils.rm_rf(gitlab_cluster_config_path)
+
+        subject.write_to_file!
+
+        expect(File.exist?(gitlab_cluster_config_path)).to eq(true)
+        expect(read_file_content(gitlab_cluster_config_path)).to be_empty
+      end
+    end
+
+    context 'when the cluster configuration file exists' do
+      it 'overrides previous settings' do
+        write_file_content(gitlab_cluster_config_path, foo: 'bar', zoo: true)
+        subject.config['zoo'] = false
+
+        subject.write_to_file!
+
+        expect(read_file_content(gitlab_cluster_config_path)).to eq("foo" => "bar", "zoo" => false)
+      end
+    end
+  end
+
+  def stub_file_content(fullpath, content)
+    allow(File).to receive(:exist?).with(fullpath).and_return(true)
+    allow(IO).to receive(:read).with(fullpath).and_return(content.to_json)
+  end
+
+  def read_file_content(fullpath)
+    JSON.parse(File.read(fullpath))
+  end
+
+  def write_file_content(fullpath, content)
+    File.open(fullpath, 'w') do |f|
+      f.write(content.to_json)
+      f.chmod(0600)
+    end
+  end
+end

spec/libraries/helpers/gitlab_workhorse_helper_spec.rb

+require 'chef_helper'
+
+RSpec.describe GitlabWorkhorseHelper do
+  let(:node) { chef_run.node }
+  subject { described_class.new(node) }
+
+  before do
+    allow(Gitlab).to receive(:[]).and_call_original
+  end
+
+  context 'workhorse is listening on a tcp socket' do
+    cached(:chef_run) { converge_config }
+    let(:tcp_address) { '1.9.8.4' }
+
+    before do
+      stub_gitlab_rb(
+        gitlab_workhorse: {
+          listen_network: 'http',
+          listen_addr: tcp_address
+        }
+      )
+    end
+
+    describe '#unix_socket?' do
+      it 'returns false' do
+        expect(subject.unix_socket?).to be false
+      end
+    end
+  end
+
+  context 'workhorse is listening on a unix socket' do
+    cached(:chef_run) { converge_config }
+    before do
+      stub_gitlab_rb(
+        gitlab_workhorse: {
+          listen_network: 'unix'
+        }
+      )
+    end
+
+    describe '#unix_socket?' do
+      it 'returns true' do
+        expect(subject.unix_socket?).to be true
+      end
+    end
+  end
+end

spec/libraries/workhorse_spec.rb

+# This spec is to test the Workhorse library and whether the values parsed
+# are the ones we expect
+require 'chef_helper'
+
+RSpec.describe 'GitlabWorkhorse' do
+  let(:node) { chef_run.node }
+  let(:user_socket) { '/where/is/my/ten/mm/socket_now' }
+  let(:user_sockets_directory) { '/where/is/my/ten/mm/sockets' }
+  let(:default_sockets_directory) { '/var/opt/gitlab/gitlab-workhorse/sockets' }
+  let(:default_socket) { '/var/opt/gitlab/gitlab-workhorse/sockets/socket' }
+  let(:tcp_listen_address) { '1.9.8.4' }
+
+  before do
+    allow(Gitlab).to receive(:[]).and_call_original
+  end
+
+  context '.parse_variables' do
+    context 'listening on a tcp socket' do
+      let(:chef_run) { converge_config }
+
+      before do
+        stub_gitlab_rb(
+          gitlab_workhorse: {
+            listen_network: 'http',
+            listen_addr: tcp_listen_address
+          }
+        )
+      end
+
+      it 'uses the user configured TCP listen address' do
+        expect(node['gitlab']['gitlab-workhorse']['listen_addr']).to eq(tcp_listen_address)
+      end
+
+      it 'keeps the sockets_directory as nil' do
+        expect(node['gitlab']['gitlab-workhorse']['sockets_directory']).to eq(nil)
+      end
+    end
+
+    context 'listening on a unix socket' do
+      context 'using default configuration' do
+        let(:chef_run) { converge_config }
+
+        before do
+          stub_gitlab_rb(
+            gitlab_workhorse: {
+              listen_network: 'unix'
+            }
+          )
+        end
+
+        it 'uses the default sockets directory' do
+          expect(node['gitlab']['gitlab-workhorse']['sockets_directory']).to eq(default_sockets_directory)
+        end
+
+        it 'uses the default socket file path' do
+          expect(node['gitlab']['gitlab-workhorse']['listen_addr']).to eq(default_socket)
+        end
+      end
+
+      context 'only listen_addr is set' do
+        let(:chef_run) { converge_config }
+
+        before do
+          stub_gitlab_rb(
+            gitlab_workhorse: {
+              listen_network: 'unix',
+              listen_addr: user_socket
+            }
+          )
+        end
+
+        it 'uses the user configured listen address' do
+          expect(node['gitlab']['gitlab-workhorse']['listen_addr']).to eq(user_socket)
+        end
+
+        it 'keeps the sockets_directory as nil' do
+          expect(node['gitlab']['gitlab-workhorse']['sockets_directory']).to eq(nil)
+        end
+      end
+
+      context 'only sockets_directory is set' do
+        let(:chef_run) { converge_config }
+
+        before do
+          stub_gitlab_rb(
+            gitlab_workhorse: {
+              listen_network: 'unix',
+              sockets_directory: user_sockets_directory
+            }
+          )
+        end
+
+        it 'uses the user configured sockets directory' do
+          expect(node['gitlab']['gitlab-workhorse']['sockets_directory']).to eq(user_sockets_directory)
+        end
+
+        it 'creates a socket named socket in the user configured sockets directory' do
+          expect(node['gitlab']['gitlab-workhorse']['listen_addr']).to eq("#{user_sockets_directory}/socket")
+        end
+      end
+
+      context 'listen_addr and sockets_directory are both set' do
+        let(:chef_run) { converge_config }
+
+        before do
+          stub_gitlab_rb(
+            gitlab_workhorse: {
+              listen_network: 'unix',
+              listen_addr: user_socket,
+              sockets_directory: user_sockets_directory
+            }
+          )
+        end
+
+        it 'uses the user configured sockets directory' do
+          expect(node['gitlab']['gitlab-workhorse']['sockets_directory']).to eq(user_sockets_directory)
+        end
+
+        it 'creates a socket matching the configured listen_addr' do
+          expect(node['gitlab']['gitlab-workhorse']['listen_addr']).to eq(user_socket)
+        end
+      end
+    end
+  end
+end

spec/support/shared_examples/ctl_shared_context.rb

@@ -3,8 +3,16 @@ require 'omnibus-ctl'
 RSpec.shared_context 'ctl' do
   let(:ctl) { Omnibus::Ctl.new('testing-ctl') }
+
   before do
     allow_any_instance_of(Omnibus::Ctl).to receive(:require).and_call_original
+
+    allow_any_instance_of(Omnibus::Ctl).to receive(:require).with(
+      "/opt/testing-ctl/embedded/cookbooks/package/libraries/helpers/gitlab_cluster_helper"
+    ) do
+      require_relative("../../../files/gitlab-cookbooks/package/libraries/helpers/gitlab_cluster_helper")
+    end
+
     allow_any_instance_of(Omnibus::Ctl).to receive(:require).with(
       "/opt/testing-ctl/embedded/service/omnibus-ctl-ee/lib/geo/#{command_script}"
     ) do

spec/support/shared_examples/object_store_shared_context.rb

@@ -10,7 +10,8 @@ RSpec.shared_context 'object storage config' do
       external_diffs: { bucket: 'external_diffs' },
       packages: { bucket: 'packages' },
       terraform_state: { enabled: false, bucket: 'terraform' },
-      uploads: { bucket: 'uploads' }
+      uploads: { bucket: 'uploads' },
+      pages: { bucket: 'pages' }
     }
   end
   let(:aws_connection_hash) do

support/notify_slack.sh

-#!/bin/bash
+#!/bin/sh
 # Sends Slack notification ERROR_MSG to CHANNEL
 # An env. variable CI_SLACK_WEBHOOK_URL needs to be set.