forked from tdm00/gitlabhq_install
-
Notifications
You must be signed in to change notification settings - Fork 0
/
fedora_gitlab_unattended_install_allinone.sh
267 lines (173 loc) · 7.58 KB
/
fedora_gitlab_unattended_install_allinone.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
#!/bin/sh
# This script has been customised based on a CENTOS 6.2 box. We need the EPEL repos for this to work as required.
# Define the version of ruby and the environment that we are installing for
export RUBY_VERSION=ruby-1.9.2-p290
export RAILS_ENV=production
# Check our OS version/Flavour - We only care if we are RHEL/CENTOS/Fedora - All others will fail
#
# - Lightly shoplifted from here - https://github.com/coto/server-easy-install/blob/master/lib/core.sh - Thanks coto :-)
if [ -f /etc/redhat-release ] ; then
DIST=`cat /etc/redhat-release |sed s/\ release.*//`
RELEASENAME=`cat /etc/redhat-release | sed s/.*\(// | sed s/\)//`
REV=`cat /etc/redhat-release | sed s/.*release\ // | sed s/\ .*//`
else
echo "This is not a Redhat/Fedora system - This script will provide you no love."
exit 0
fi
# Test if we are Fedora and if not, install the EPEL repo
# Right now I only care about RHEL/CENTOS 6,
# if you are 5, then you are on your own as this may not get the right libs,
# but the build *should* function
if [ "$DIST" != 'Fedora' ]
then
echo 'Installing the EPEL repo.'
/bin/rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-5.noarch.rpm
fi
# Make sure that we have a colletion of things istalled - These are needed to build the various components- I aint testing for any exceptions... You best be vigilant.
echo 'installing the required libs and packages'
yum install -y \
make \
libtool \
openssh-clients \
gcc \
libxml2 \
libxml2-devel \
libxslt \
libxslt-devel \
python-devel \
wget \
readline-devel \
ncurses-devel \
gdbm-devel \
glibc-devel \
tcl-devel \
openssl-devel \
db4-devel \
byacc \
httpd \
gcc-c++ \
curl-devel \
openssl-devel \
zlib-devel \
httpd-devel \
apr-devel \
apr-util-devel \
sqlite-devel \
libicu-devel \
gitolite \
redis \
sudo \
postfix
# Lets get some user and other general Admin shite out of the way.
# add a user, make them a system user - call them git.
echo 'Creating the git user'
/usr/sbin/adduser -r -m --shell /bin/bash --comment 'git version control' git
# Create our ssh key as the git user - lets not mess with this too much
ssh-keygen -q -N '' -t rsa -f /home/git/.ssh/id_rsa
# Ensure correct ownership
/bin/chown git:git -R /home/git/.ssh
# Make sure that the perms are correct against the .ssh dir
/bin/chmod 0700 /home/git/.ssh
# Exit from the git user once done
# Righto - GitlabHQ and Gitolite integration stuff - We need for the user that runs the webserver to have access to the gitolite admin repo
# we will be adding and removing permissions on this repo.
# We already have the git user who is the owner of the repo, so we clone his key to make life easier.
# This may not be best practice - but y'know without being too complex this is functional.
# Apache may have to run some things in a shell. I hate this
echo 'providing apache with a ssh key and permissions to the repositories'
/usr/sbin/usermod -s /bin/bash -d /var/www/ -G git apache
# Create the keydir for the webserver user (apache)
mkdir /var/www/.ssh
# Copy the git users key, chown that stuff
cp -f /home/git/.ssh/id_rsa* /var/www/.ssh/ && chown apache:apache /var/www/.ssh/id_rsa* && chmod 600 /var/www/.ssh/id_rsa*
# As we will be looping back to localhost only, we grab the local key to avoid issues when its unattended.
/usr/bin/sudo -u apache ssh-keyscan localhost >> /var/www/.ssh/known_hosts
# Apparently we like to be sure who owns what.
/bin/chown apache:apache -R /var/www/.ssh
#END OS SETUP STUFF#
# Lets configure GitlabHQ and gitolite to do our bidding.
# Change the default umask in gitolite so that repos get created with permissions that allow apache to read them
# Otherwise you will get issues with commits/code/whateveryouexpect not showing up.
# N.B. We make this change against the *example* config file.
sed -i 's/0077/0007/g' /usr/share/gitolite/conf/example.gitolite.rc
# Do the heavy lifting. Configure gitolite and make git the primary admin.
echo 'Setting up Gitolite'
su - git -c "gl-setup -q /home/git/.ssh/id_rsa.pub"
# Cause we are paranoid about ownership, pimp slap that shit.
/bin/chown -R git:git /home/git/
/bin/chmod 770 /home/git/repositories/
/bin/chmod 770 /home/git/
/bin/chmod 600 -R /home/git/.ssh/
/bin/chmod 700 /home/git/.ssh/
/bin/chmod 600 /home/git/.ssh/authorized_keys
# Install Ruby using the RVM method. This has caused me pain in the past.
# The following is direct from the RVM doc set
# I suspect that I need to punch ruby in the face.
# Apparently my Great Aunt was called Ruby and she was a very nice lady.
echo 'Insalling RVM'
curl -o /tmp/rvm-installer https://raw.github.com/wayneeseguin/rvm/master/binscripts/rvm-installer
sh /tmp/rvm-installer --branch stable
# Source the RVM vars
source /etc/profile.d/rvm.sh
# Install Ruby via the RVM wrapper
echo 'Installing Ruby'
rvm install $RUBY_VERSION
# Use thie ruby
rvm use $RUBY_VERSION --default
# Update the core Gems system (As root)
echo ' Upgrading core Gems'
gem update --system --no-rdoc --no-ri
# Install some core gems system wide
echo ' System wide install of core gems'
gem install rails passenger rake bundler grit --no-rdoc --no-ri
# Install pip from the python thing - There are no pip packages for RHEL/CENTOS that I trust anyways.
echo ' Installing Python requirements'
curl http://python-distribute.org/distribute_setup.py | python
easy_install pip
# Install Python Pygments - Allowing for some nice code highlighting??
pip install pygments
# Clone the gitlabHQ sources to our desired location
echo ' Installing GitlabHQ'
cd /var/www && git clone [email protected]:owindsor/gitlabhq.git
# Lets change to the git user, source the rvm crud again and execute bundle
cd /var/www/gitlabhq && bundle install
# Exit back to root
rvm all do passenger-install-apache2-module -a
# Clean up after ourselves
rm /tmp/rvm-installer
echo 'DONE initial setup'
##
# Database setup
#
# Before we do anything, make sure that redis is started
/etc/init.d/redis start
chkconfig redis on
# Lets build the DB and some other jazz
# Do this as the apache user - else shit gets weird
cd /var/www/gitlabhq
source /etc/profile.d/rvm.sh
rvm all do rake db:setup RAILS_ENV=production
rvm all do rake db:seed_fu RAILS_ENV=production
##
# Finish the setup
#
export PASSENGER_VERSION=`find /usr/local/rvm/gems/$RUBY_VERSION/gems -type d -name "passenger*" | cut -d '-' -f 4`
# Shove everything in to a vhost - I hate Passenger config in the main, it gets in my way
echo -e "<VirtualHost *:80>\nServerName `hostname --fqdn`\nDocumentRoot /var/www/gitlabhq/public\nLoadModule passenger_module /usr/local/rvm/gems/$RUBY_VERSION/gems/passenger-$PASSENGER_VERSION/ext/apache2/mod_passenger.so\n PassengerRoot /usr/local/rvm/gems/$RUBY_VERSION/gems/passenger-3.0.11\nPassengerRuby /usr/local/rvm/wrappers/$RUBY_VERSION/ruby\n<Directory /var/www/gitlabhq/public>\nAllowOverride all\nOptions -MultiViews\n</Directory>\n</VirtualHost>" > /etc/httpd/conf.d/gitlabhq.conf
# Ensure that apache owns all of gitlabhq - No shallower
chown -R apache:apache /var/www/gitlabhq
# permit apache the ability to write gem files if needed.. To be reviewed.
chown apache:root -R /usr/local/rvm/gems/
# Allow group access the git home dir - Allows apache in the door
chmod 770 /home/git/
chmod go-w /home/git/
# Slap selinux upside the head
setenforce 0
sed -i 's/SELINUX=enforcing/SELINUX=permissive/g' /etc/selinux/config
# Mod iptables - Allow port 22 and 80 in
sed -i '/--dport 22/ a\-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT' /etc/sysconfig/iptables
#Restart iptables.
service iptables restart
# Add httpd to start and start the service
chkconfig httpd on
service httpd start