Skip to content

Commit 94ca2e7

Browse files
th-2021kkimurak
authored andcommitted
change name of secret
add WEBTOKEN secret; remove GITLAB_KAS_SECRET Replace GITLAB_KAS_SECRET by GITLAB_AGENT_KAS_WEBSOCKET_TOKEN_SECRET_FILE
1 parent ec2f2d1 commit 94ca2e7

3 files changed

Lines changed: 12 additions & 12 deletions

File tree

assets/runtime/config/gitlabhq/gitlab.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1177,7 +1177,7 @@ production: &base
11771177
enabled: {{GITLAB_KAS_ENABLED}}
11781178
# File that contains the secret key for verifying access for gitlab-kas.
11791179
# Default is '.gitlab_kas_secret' relative to Rails.root (i.e. root of the GitLab app).
1180-
secret_file: {{GITLAB_KAS_SECRET}} # /home/git/gitlab/.gitlab_kas_secret
1180+
secret_file: {{GITLAB_AGENT_KAS_API_LISTEN_AUTHENTICATION_SECRET_FILE}} # /home/git/gitlab/.gitlab_kas_secret
11811181

11821182
# The URL to the external KAS API (used by the Kubernetes agents)
11831183
external_url: {{GITLAB_KAS_EXTERNAL}} # wss://kas.example.com
@@ -1373,7 +1373,7 @@ test:
13731373
region: us-east-1
13741374

13751375
gitlab:
1376-
host: localhost
1376+
host: 127.0.0.1
13771377
port: 80
13781378

13791379
content_security_policy:

assets/runtime/env-defaults

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -683,13 +683,13 @@ GITLAB_FEATURE_FLAGS_ENABLE_TARGETS=${GITLAB_FEATURE_FLAGS_ENABLE_TARGETS:-}
683683

684684
## Gitlab KAS
685685
GITLAB_KAS_ENABLED=${GITLAB_KAS_ENABLED:-false}
686-
GITLAB_KAS_SECRET=${GITLAB_KAS_SECRET:-${GITLAB_INSTALL_DIR}/.gitlab_kas_secret}
687686
GITLAB_KAS_EXTERNAL=${GITLAB_KAS_EXTERNAL:-"wss://kas.example.com"}
688-
GITLAB_KAS_INTERNAL=${GITLAB_KAS_INTERNAL:-"grpc://localhost:8153"}
687+
GITLAB_KAS_INTERNAL=${GITLAB_KAS_INTERNAL:-"grpc://127.0.0.1:8153"}
689688
GITLAB_KAS_PROXY=${GITLAB_KAS_PROXY:-}
690689

691690
## gitlab-agent KAS (built-in one)
692691
GITLAB_AGENT_KAS_ENABLED=${GITLAB_AGENT_KAS_ENABLED:-${GITLAB_KAS_ENABLED}}
693692
GITLAB_AGENT_KAS_API_LISTEN_AUTHENTICATION_SECRET_FILE=${GITLAB_AGENT_KAS_API_LISTEN_AUTHENTICATION_SECRET_FILE:-${GITLAB_INSTALL_DIR}/.gitlab_kas_api_secret}
694693
GITLAB_AGENT_KAS_PRIVATE_API_LISTEN_AUTHENTICATION_SECRET_FILE=${GITLAB_AGENT_KAS_PRIVATE_API_LISTEN_AUTHENTICATION_SECRET_FILE:-${GITLAB_INSTALL_DIR}/.gitlab_kas_private_api_secret}
694+
GITLAB_AGENT_KAS_WEBSOCKET_TOKEN_SECRET_FILE=${GITLAB_AGENT_KAS_WEBSOCKET_TOKEN_SECRET_FILE:-${GITLAB_INSTALL_DIR}/.gitlab_kas_websocket_token_secret}
695695
GITLAB_AGENT_KAS_REDIS_PASSWORD_FILE=${GITLAB_AGENT_KAS_REDIS_PASSWORD_FILE:-}

assets/runtime/functions

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -369,17 +369,17 @@ gitlab_configure_gitlab_kas() {
369369

370370
update_template ${GITLAB_CONFIG} \
371371
GITLAB_KAS_ENABLED \
372-
GITLAB_KAS_SECRET \
373372
GITLAB_KAS_EXTERNAL \
374373
GITLAB_KAS_INTERNAL \
374+
GITLAB_AGENT_KAS_API_LISTEN_AUTHENTICATION_SECRET_FILE \
375375
GITLAB_KAS_PROXY
376376

377377
printf "Configuring gitlab-agent::KAS (enabled: %s)\n" "${GITLAB_AGENT_BUILTIN_KAS_ENABLED}"
378378
update_template ${GITLAB_KAS_CONFIG} \
379379
GITLAB_RELATIVE_URL_ROOT \
380-
GITLAB_KAS_SECRET \
381380
GITLAB_AGENT_KAS_API_LISTEN_AUTHENTICATION_SECRET_FILE \
382381
GITLAB_AGENT_KAS_PRIVATE_API_LISTEN_AUTHENTICATION_SECRET_FILE \
382+
GITLAB_AGENT_KAS_WEBSOCKET_TOKEN_SECRET_FILE \
383383
REDIS_HOST \
384384
REDIS_PORT \
385385
GITLAB_AGENT_KAS_REDIS_PASSWORD_FILE
@@ -963,12 +963,7 @@ gitlab_configure_secrets() {
963963
chmod 600 "${pages_secret}"
964964
fi
965965

966-
if [[ ! -f "${GITLAB_KAS_SECRET}" ]]; then
967-
exec_as_git openssl rand -base64 -out "${GITLAB_KAS_SECRET}" 32
968-
chmod 600 ${GITALB_KAS_SECRET}
969-
fi
970-
971-
if [[ ! -f "${GITLAB_AGENT_KAS_API_LISTEN_AUTHENTICATION_SECRET_FILE}" ]]; then
966+
if [[ ! -f "${GITLAB_AGENT_kas_aPI_LISTEN_AUTHENTICATION_SECRET_FILE}" ]]; then
972967
exec_as_git openssl rand -base64 -out "${GITLAB_AGENT_KAS_API_LISTEN_AUTHENTICATION_SECRET_FILE}" 32
973968
chmod 600 ${GITLAB_AGENT_KAS_API_LISTEN_AUTHENTICATION_SECRET_FILE}
974969
fi
@@ -979,6 +974,11 @@ gitlab_configure_secrets() {
979974
exec_as_git openssl rand -base64 -out "${GITLAB_AGENT_KAS_PRIVATE_API_LISTEN_AUTHENTICATION_SECRET_FILE}" 32
980975
chmod 600 ${GITLAB_AGENT_KAS_PRIVATE_API_LISTEN_AUTHENTICATION_SECRET_FILE}
981976
fi
977+
978+
if [[ ! -f "${GITLAB_AGENT_KAS_WEBSOCKET_TOKEN_SECRET_FILE}" ]]; then
979+
exec_as_git openssl rand -base64 -out "${GITLAB_AGENT_KAS_WEBSOCKET_TOKEN_SECRET_FILE}" 72
980+
chmod 600 ${GITLAB_AGENT_KAS_WEBSOCKET_TOKEN_SECRET_FILE}
981+
fi
982982
}
983983

984984
gitlab_configure_sidekiq() {

0 commit comments

Comments
 (0)