Configure GitLab Rails app (gitlab.yml)
Activity
Reassigned to @jacobvosmaer
They create a directory where the rails app can write files under
/var/opt/chef-server/chef-server-webui:$ sudo tree -L 3 /var/opt/chef-server/chef-server-webui/ /var/opt/chef-server/chef-server-webui/ ├── etc │ ├── chefserver.rb │ ├── config.ru │ ├── secret_token.rb │ ├── session_store.rb │ └── unicorn.rb ├── tmp │ └── cache │ └── assets └── workingThe directory with the actual rails code in it is owned by the application user and has symlinks to the 'writable area' under
/var:$ sudo ls -la /opt/chef-server/embedded/service/chef-server-webui/ total 72 drwxr-xr-x 10 1001 1001 4096 Feb 4 07:10 . drwxr-xr-x 11 1001 1001 4096 Feb 4 07:08 .. drwxr-xr-x 8 1001 1001 4096 Feb 4 07:08 app drwxr-xr-x 2 1001 1001 4096 Feb 4 07:08 .bundle drwxr-xr-x 5 1001 1001 4096 Feb 4 07:08 config lrwxrwxrwx 1 root root 52 Feb 4 07:10 config.ru -> /var/opt/chef-server/chef-server-webui/etc/config.ru drwxr-xr-x 2 1001 1001 4096 Feb 4 07:08 db -rw-r--r-- 1 1001 1001 348 Dec 4 03:21 Gemfile -rw-r--r-- 1 1001 1001 3755 Dec 4 03:21 Gemfile.lock drwxr-xr-x 6 1001 1001 4096 Feb 4 07:08 lib -rw-r--r-- 1 1001 1001 10850 Dec 4 03:21 LICENSE -rw-r--r-- 1 1001 1001 388 Dec 4 03:21 NOTICE drwxr-xr-x 2 chef_server 1001 4096 Feb 4 07:08 public -rw-r--r-- 1 1001 1001 430 Dec 4 03:21 Rakefile -rw-r--r-- 1 1001 1001 2425 Dec 4 03:21 README.md drwxr-xr-x 2 1001 1001 4096 Feb 4 07:08 script lrwxrwxrwx 1 root root 42 Feb 4 07:10 tmp -> /var/opt/chef-server/chef-server-webui/tmp drwxr-xr-x 4 1001 1001 4096 Feb 4 07:08 vendorThe unicorn config points to the
workingdirectory in the writable area, which is still empty on my test server.## # Unicorn config at /var/opt/chef-server/chef-server-webui/etc/unicorn.rb # Managed by Chef - Local Changes will be Nuked from Orbit (just to be sure) ## # What ports/sockets to listen on, and what options for them. listen "127.0.0.1:9462", :backlog => 1024, :tcp_nodelay => true working_directory '/var/opt/chef-server/chef-server-webui/working' # What the timeout for killing busy workers is, in seconds timeout 3600 # Whether the app should be pre-loaded preload_app false # How many worker processes worker_processes 2How do they load the actual Rails app?
The runit launch script for unicorn
cds into the Rails directory under '/opt' and launches Unicorn using theconfig.rufile that is there:$ sudo cat /opt/chef-server/sv/chef-server-webui/run #!/bin/sh cd /opt/chef-server/embedded/service/chef-server-webui exec 2>&1 exec chpst -P -U chef_server -u chef_server /usr/bin/env HOME="/var/opt/chef-server/chef-server-webui" /opt/chef-server/embedded/bin/bundle exec unicorn -E chefserver -c /var/opt/chef-server/chef-server-webui/etc/unicorn.rb /opt/chef-server/embedded/service/chef-server-webui/config.ruI suspect this working directory Unicorn dance is to make it possible to unmount
/optand still keep chef-server running. Unix deamons traditionally change their working directory to/for the same reason; a process that has its working directory on a volume prevents that volume from being unmounted (or so I remember).Not sure yet why omnibus-chef-server uses
/var/opt/chef-server/chef-server-webui/workinginstead of/though.I do not follow all the intricacies here but I feel inclined to cargo-cult along with them.
- for every GitLab file that ships as a
.example, put it in/var/opt/gitlab/gitlab-core/etcand create a symlink from the 'Rails directory'; - symlink
.secretin the Rails directory toetc/; - symlink
tmpandlogto/var/opt/gitlab/gitlab-core; - no need to put
config.ruinetc/; that looks like legacy to me. Their config.ru used to be a template but now it is static. - also no symlinked
session_store.rb.
- for every GitLab file that ships as a
I started cargo-culting in !21 (merged)
Mostly done in !21 (merged). Still need to do
rack_attack.rb.I have split the remaining work into #31 (closed) and #32 (closed).
mentioned in commit 1d89b55d
