commit 9baa6f93046d893460deed31617bcb8bc3bc8dcc Author: Christoph Date: Tue May 14 16:28:15 2019 +0200 Initial commit diff --git a/reconfigure-gitlab-ce.sh b/reconfigure-gitlab-ce.sh new file mode 100755 index 0000000..aefd11f --- /dev/null +++ b/reconfigure-gitlab-ce.sh @@ -0,0 +1,517 @@ +#!/usr/bin/env bash + +script_name="$(basename $(realpath $0))" +working_dir="$(dirname $(realpath $0))" + +conf_file="${working_dir}/conf/${script_name%%.*}.conf" + +LOCK_DIR="/tmp/$(basename $0).$$.LOCK" +log_file="${LOCK_DIR}/${script_name%%.*}.log" + +backup_date="$(date +%Y-%m-%d-%H%M)" + + +# ---------- +# Base Function(s) +# ---------- + +clean_up() { + + # Perform program exit housekeeping + rm -rf "$LOCK_DIR" + blank_line + exit $1 +} + + +echononl(){ + if $terminal ; then + echo X\\c > /tmp/shprompt$$ + if [ `wc -c /tmp/shprompt$$ | awk '{print $1}'` -eq 1 ]; then + echo -e -n " $*\\c" 1>&2 + else + echo -e -n " $*" 1>&2 + fi + rm /tmp/shprompt$$ + fi +} + +fatal(){ + echo "" + if $terminal ; then + echo -e " [ \033[31m\033[1mFatal\033[m ] $*" + else + echo -e " [ Fatal ] $*" + fi + echo "" + if $terminal ; then + echo -e " \033[1mScript terminated\033[m.." + else + echo -e " Script terminated.." + fi + echo "" + rm -rf $LOCK_DIR + exit 1 +} + +error (){ + echo "" + if $terminal ; then + echo -e " [ \033[31m\033[1mError\033[m ] $*" + else + echo " [ Error ] $*" + fi + echo "" +} + +warn (){ + if $LOGGING || $terminal ; then + echo "" + if $terminal ; then + echo -e " [ \033[33m\033[1mWarn\033[m ] $*" + else + echo " [ Warn ] $*" + fi + echo "" + fi +} + +info (){ + if $LOGGING || $terminal ; then + echo "" + if $terminal ; then + echo -e " [ \033[32m\033[1mInfo\033[m ] $*" + else + echo " [ Info ] $*" + fi + echo "" + fi +} + +ok (){ + if $LOGGING || $terminal ; then + echo "" + if $terminal ; then + echo -e " [ \033[32m\033[1mOk\033[m ] $*" + else + echo " [ Ok ] $*" + fi + echo "" + fi +} + +echo_done() { + if $terminal ; then + echo -e "\033[75G[ \033[32mdone\033[m ]" + fi +} +echo_ok() { + if $terminal ; then + echo -e "\033[75G[ \033[32mok\033[m ]" + fi +} +echo_failed(){ + if $terminal ; then + echo -e "\033[75G[ \033[1;31mfailed\033[m ]" + fi +} +echo_skipped() { + if $terminal ; then + echo -e "\033[75G[ \033[33m\033[1mskipped\033[m ]" + fi +} +echo_wait(){ + if $terminal ; then + echo -en "\033[75G[ \033[5m\033[1m...\033[m ]" + fi +} + +trim() { + local var="$*" + var="${var#"${var%%[![:space:]]*}"}" # remove leading whitespace characters + var="${var%"${var##*[![:space:]]}"}" # remove trailing whitespace characters + echo -n "$var" +} + +blank_line() { + if $terminal ; then + echo "" + fi +} + + + +# ---------- +# - Jobhandling +# ---------- + +# - Run 'clean_up' for signals SIGHUP SIGINT SIGTERM +# - +trap clean_up SIGHUP SIGINT SIGTERM + +# - Create lock directory '$LOCK_DIR" +# +mkdir "$LOCK_DIR" + + +# ---------- +# - Some checks .. +# ---------- + +# - Running in a terminal? +# - +if [[ -t 1 ]] ; then + terminal=true +else + terminal=false +fi + + +# ========== +# - Begin Main Script +# ========== + +# ---------- +# - Headline +# ---------- + +if $terminal ; then + echo "" + echo -e "\033[1m----------\033[m" + echo -e "\033[32m\033[1mRunning script \033[m\033[1m$script_name\033[32m .. \033[m" + echo -e "\033[1m----------\033[m" +fi + + +# ---------- +# Read Configurations from $conf_file +# ---------- + + +# - Give your default values here +# - +LOGGING=false +BATCH_MODE=false +LETS_ENCRYPT_CERT_DIR="/var/lib/dehydrated/certs/${HOST_NAME}" +GITLAB_CONF_FILE="/etc/gitlab/gitlab.rb" +gitlab_reconfigure=false +gitlab_ctl_script=/usr/bin/gitlab-ctl + + +if [[ -f "$conf_file" ]]; then + source "$conf_file" +else + warn "No configuration file '$conf_file' present.\n + Loading default values.." +fi + +if [[ ! -f "${GITLAB_CONF_FILE}" ]] ; then + fatal "Gitlab configuration file ('${GITLAB_CONF_FILE}') not found!" +fi + +if [[ ! -f "${gitlab_ctl_script}" ]] ; then + fatal "Gitlab control script ('${gitlab_ctl_script}') not found!" +fi + +echo "" +echo -e "\033[32m--\033[m" +echo "" +echo "Insert hostname (external_url)" +echo "" +_HOST_NAME="$(hostname --fqdn)" +HOST_NAME= +echononl "Hostname [${_HOST_NAME}]: " +read HOST_NAME +if [[ "X${HOST_NAME}" = "X" ]] ; then + HOST_NAME="${_HOST_NAME}" +fi + + +# ---------- +# - Main part of script +# ---------- + +if $terminal ; then + echo "" + echo "" + echo -e " \033[1mMain part of script ..\033[m" + echo "" +fi + +if [[ -n "$GITLAB_CONF_FILE" ]]; then + + if [[ ! -d "/var/lib/dehydrated/certs/${HOST_NAME}" ]]; then + URL_SCHEMA="http" + else + URL_SCHEMA="https" + fi + + echononl " Adjust ${GITLAB_CONF_FILE} - external_url" + + if ! grep -E "^\s*external_url" $GITLAB_CONF_FILE 2> /dev/null | grep -q -E "${URL_SCHEMA}://${HOST_NAME}" 2> /dev/null ; then + + if grep -q -E "^\s*external_url" $GITLAB_CONF_FILE 2> /dev/null ; then + + perl -i -n -p -e "s#^(\s*(external_url).*)#\#\# \1\n\2 '${URL_SCHEMA}://${HOST_NAME}'#" $GITLAB_CONF_FILE + if [[ $? -eq 0 ]] ; then + echo_ok + gitlab_reconfigure=true + else + echo_failed + fi + + elif ! grep -q -E "^\s*#\s*external_url" $GITLAB_CONF_FILE 2> /dev/null ; then + cat <> ${GITLAB_CONF_FILE} + +################################################################################ +## Added by dehydrated install script $(basename $0) +################################################################################ + +external_url '${URL_SCHEMA}://${HOST_NAME}' + +EOF + if [[ $? -eq 0 ]] ; then + echo_ok + gitlab_reconfigure=true + else + echo_failed + fi + else + perl -i -n -p -e "s#^(\s*\#\s*(external_url).*)#\1\n\2 '${URL_SCHEMA}://${HOST_NAME}'#" $GITLAB_CONF_FILE + if [[ $? -eq 0 ]] ; then + echo_ok + gitlab_reconfigure=true + else + echo_failed + fi + fi + else + echo_skipped + fi + + echononl " Adjust ${GITLAB_CONF_FILE} - nginx['custom_gitlab_server_config']" + + if ! grep -E "^\s*nginx\['custom_gitlab_server_config'\]" $GITLAB_CONF_FILE 2> /dev/null | grep -q ".well-known/acme-challenge" 2> /dev/null ; then + if ! grep -q -E "^\s*#\s*nginx\['custom_gitlab_server_config'\]" $GITLAB_CONF_FILE 2> /dev/null ; then + cat <> ${GITLAB_CONF_FILE} + +################################################################################ +## Added by dehydrated install script $(basename $0) +################################################################################ + +nginx['custom_gitlab_server_config'] = "location ^~ /.well-known/acme-challenge {\\n alias /var/www/dehydrated;\\n auth_basic off;\\n }\\n" + +EOF + if [[ $? -eq 0 ]] ; then + echo_ok + gitlab_reconfigure=true + else + echo_failed + fi + else + perl -i -n -p -e "s#^(\s*\#\s*(nginx\['custom_gitlab_server_config'\]).*)#\1\n\2 = \"location ^~ /.well-known/acme-challenge {\\\n alias \/var\/www\/dehydrated;\\\n auth_basic off;\\\n }\\\n\"#" $GITLAB_CONF_FILE + if [[ $? -eq 0 ]] ; then + echo_ok + gitlab_reconfigure=true + else + echo_failed + fi + fi + else + echo_skipped + fi + + echononl " Adjust ${GITLAB_CONF_FILE} - nginx['listen_addresses']" + + if ! grep -E "^\s*nginx\['listen_addresses'\]" $GITLAB_CONF_FILE 2> /dev/null | grep -q -E "\['\*',\s*'\[::]'\]" 2> /dev/null ; then + + if ! grep -q -E "^\s*#\s*nginx\['listen_addresses'\]" $GITLAB_CONF_FILE 2> /dev/null ; then + cat <> ${GITLAB_CONF_FILE} + +################################################################################ +## Added by dehydrated install script $(basename $0) +################################################################################ + +nginx['listen_addresses'] = ['*', '[::]'] + +EOF + if [[ $? -eq 0 ]] ; then + echo_ok + gitlab_reconfigure=true + else + echo_failed + fi + else + perl -i -n -p -e "s#^(\s*\#\s*(nginx\['listen_addresses'\]).*)#\1\n\2 = ['*', '[::]']#" $GITLAB_CONF_FILE + if [[ $? -eq 0 ]] ; then + echo_ok + gitlab_reconfigure=true + else + echo_failed + fi + fi + else + echo_skipped + fi + + if [[ -d "/var/lib/dehydrated/certs/${HOST_NAME}" ]]; then + + echononl " Adjust ${GITLAB_CONF_FILE} - letsencrypt['enable']" + + if ! grep -E "^\s*letsencrypt\['enable'\]" $GITLAB_CONF_FILE 2> /dev/null | grep -q -E "false" 2> /dev/null ; then + + if grep -q -E "^\s*letsencrypt\['enable'\]" $GITLAB_CONF_FILE 2> /dev/null ; then + + perl -i -n -p -e "s#^(\s*(letsencrypt\['enable'\]).*)#\#\# \1\n\2 = false#" $GITLAB_CONF_FILE + if [[ $? -eq 0 ]] ; then + echo_ok + gitlab_reconfigure=true + else + echo_failed + fi + + elif ! grep -q -E "^\s*#\s*letsencrypt\['enable'\]" $GITLAB_CONF_FILE 2> /dev/null ; then + cat <> ${GITLAB_CONF_FILE} + +################################################################################ +## Added by dehydrated install script $(basename $0) +################################################################################ + +letsencrypt['enable'] = false + +EOF + if [[ $? -eq 0 ]] ; then + echo_ok + gitlab_reconfigure=true + else + echo_failed + fi + else + perl -i -n -p -e "s#^(\s*\#\s*(letsencrypt\['enable'\]).*)#\1\n\2 = false#" $GITLAB_CONF_FILE + if [[ $? -eq 0 ]] ; then + echo_ok + gitlab_reconfigure=true + else + echo_failed + fi + fi + else + echo_skipped + fi + + echononl " Adjust ${GITLAB_CONF_FILE} - nginx['redirect_http_to_https']" + + if ! grep -E "^\s*nginx\['redirect_http_to_https'\]" $GITLAB_CONF_FILE 2> /dev/null | grep -q -E "true" 2> /dev/null ; then + + if grep -q -E "^\s*nginx\['redirect_http_to_https'\]" $GITLAB_CONF_FILE 2> /dev/null ; then + + perl -i -n -p -e "s#^(\s*(nginx\['redirect_http_to_https'\]).*)#\#\# \1\n\2 = true#" $GITLAB_CONF_FILE + if [[ $? -eq 0 ]] ; then + echo_ok + gitlab_reconfigure=true + else + echo_failed + fi + + elif ! grep -q -E "^\s*#\s*nginx\['redirect_http_to_https'\]" $GITLAB_CONF_FILE 2> /dev/null ; then + cat <> ${GITLAB_CONF_FILE} + +################################################################################ +## Added by dehydrated install script $(basename $0) +################################################################################ + +nginx['redirect_http_to_https'] = true + +EOF + if [[ $? -eq 0 ]] ; then + echo_ok + gitlab_reconfigure=true + else + echo_failed + fi + else + perl -i -n -p -e "s#^(\s*\#\s*(nginx\['redirect_http_to_https'\]).*)#\1\n\2 = true#" $GITLAB_CONF_FILE + if [[ $? -eq 0 ]] ; then + echo_ok + gitlab_reconfigure=true + else + echo_failed + fi + fi + else + echo_skipped + fi + + echononl " Create Directory '/etc/gitlab/ssl'.." + if [[ ! -d "/etc/gitlab/ssl" ]]; then + mkdir -p "/etc/gitlab/ssl" > /dev/null 2>&1 + if [[ $? -eq 0 ]] ; then + echo_ok + gitlab_reconfigure=true + else + echo_failed + fi + else + echo_skipped + fi + + echononl " Create Symlink '/etc/gitlab/ssl/${HOST_NAME}.key'.." + + if [[ -h "/etc/gitlab/ssl/${HOST_NAME}.key" ]] \ + && [[ "$(readlink -qs "/etc/gitlab/ssl/${HOST_NAME}.key")" = "/var/lib/dehydrated/certs/${HOST_NAME}/privkey.pem" ]] ; then + echo_skipped + else + rm -rf "/etc/gitlab/ssl/${HOST_NAME}.key" > /dev/null 2>&1 + ln -s "/var/lib/dehydrated/certs/${HOST_NAME}/privkey.pem" "/etc/gitlab/ssl/${HOST_NAME}.key" > /dev/null 2>&1 + if [[ $? -eq 0 ]] ; then + echo_ok + gitlab_reconfigure=true + else + echo_failed + fi + fi + + echononl " Create Symlink '/etc/gitlab/ssl/${HOST_NAME}.crt'.." + if [[ -h "/etc/gitlab/ssl/${HOST_NAME}.crt" ]] \ + && [[ "$(readlink -qs "/etc/gitlab/ssl/${HOST_NAME}.crt")" = "/var/lib/dehydrated/certs/${HOST_NAME}/fullchain.pem" ]]; then + echo_skipped + else + rm -rf "/etc/gitlab/ssl/${HOST_NAME}.crt" > /dev/null 2>&1 + ln -s "/var/lib/dehydrated/certs/${HOST_NAME}/fullchain.pem" "/etc/gitlab/ssl/${HOST_NAME}.crt" > /dev/null 2>&1 + if [[ $? -eq 0 ]] ; then + echo_ok + gitlab_reconfigure=true + else + echo_failed + fi + fi + + fi + + +fi + +if $gitlab_installed ; then + echo "" + echononl " Reconfiguring (and restarting) Gitlab Services.." + if $gitlab_reconfigure ; then + if [[ -x "$gitlab_ctl_script" ]]; then + $gitlab_ctl_script reconfigure > /dev/null 2>&1 + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + warn "Restart of Gitlab Services failed.." + fi + else + echo_skipped + warn "Gitlab Control Script (gitlab-ctl) not found." + fi + else + echo_skipped + fi +fi + + +clean_up 0 +