GithubHelp home page GithubHelp logo

hifis-net / ansible-role-gitlab Goto Github PK

View Code? Open in Web Editor NEW
4.0 3.0 4.0 586 KB

:warning: This role has been migrated to our hifis.toolkit collection. :warning: This role installs and configures the GitLab Omnibus package.

Home Page: https://galaxy.ansible.com/hifis/toolkit

License: Other

Jinja 100.00%
gitlab gitlab-omnibus omnibus ansible

ansible-role-gitlab's Introduction

GitLab Ansible Role

⚠️ This project is archived! ⚠️

This role has been migrated to our hifis.toolkit collection:

CI Status Ansible Galaxy Role Ansible Galaxy Role downloads Ansible Galaxy quality score Apache-2.0 Licensed Latest release

A role to install and configure official GitLab Omnibus package.

Currently supported platforms are:

  • CentOS 7
  • AlmaLinux 8
  • Debian 11 (Bullseye)
  • Ubuntu 18.04 LTS (Bionic Beaver)
  • Ubuntu 20.04 LTS (Focal Fossa)
  • Ubuntu 22.04 LTS (Jemmy Jellyfish)

Requirements

None.

Role Variables

Important Role Variables

GitLab Edition

The GitLab edition to install. Please use either gitlab-ce for Community Edition or gitlab-ee for Enterprise Edition.

gitlab_edition: "gitlab-ee"

GitLab Version and Release

Set a specific GitLab version to install. Please ensure that you also specify the desired release. You can find the available releases here.

gitlab_version: "15.6.1"

# GitLab Release for RHEL/AlmaLinux 8
gitlab_release: "ce.0.el8"

# GitLab Release for Ubuntu
gitlab_release: "ce.0"

Please note: If no GitLab version is specified the role will always install the latest available GitLab package.

GPG Key URL

URL to the GPG key that was used to sign the packages.

gitlab_gpg_key_url: "https://packages.gitlab.com/gitlab/{{ gitlab_edition }}/gpgkey"

GPG Key ID

Identifier of GPG key that was used to sign the packages.

gitlab_gpg_key_id: "F6403F6544A38863DAA0B6E03F01618A51312F3F"

Package Repository URL

URL to the package repository based on the operating system.

gitlab_repo_url: "https://packages.gitlab.com/gitlab/{{ gitlab_edition }}/ubuntu/"

Source Package Repository URL

URL to the source package repository (CentOS and AlmaLinux only).

gitlab_source_repo_url: "https://packages.gitlab.com/gitlab/{{ gitlab_edition }}/el/{{ ansible_facts.distribution_major_version }}/SRPMS"

Package Name

Name of the GitLab package to install.

gitlab_package_name: "{{ gitlab_edition + '=' + gitlab_version + '-' + gitlab_release if gitlab_version and gitlab_release else gitlab_edition }}"

Package Dependencies

List of depend packages required by GitLab based on the operating system.

gitlab_dependencies:
  - apt-transport-https
  - curl
  - gnupg
  - openssh-server
  - openssl
  - tzdata

URL of your GitLab Instance

Give the URL of your GitLab instance:

gitlab_external_url: 'https://gitlab.example.com'

Timezone to Be Used by GitLab

Choose the timezone to be used by GitLab:

gitlab_time_zone: 'Europe/Berlin'

Period of Time to Keep Backups

Set the period of time (in seconds) to keep your GitLab backups:

gitlab_backup_keep_time: '604800'

Optional Role Variables

Name of Template for GitLab's Configuration File

Specify the name of the template for GitLab's configuration file which will be transformed into GitLab's configuration file:

gitlab_configuration_file_template: 'gitlab.rb.j2'

Path to GitLab's Configuration File

Specify the path of the template for GitLab's configuration file which contains custom configurations of your GitLab instance:

gitlab_configuration_file_path: '/etc/gitlab/gitlab.rb'

GitLab Theme to Be Used by Default

Choose the Default Theme to be used for new GitLab users:

gitlab_default_theme: '2'

Path to GitLab Backups

Set the path to the GitLab backups:

gitlab_backup_path: '/var/opt/gitlab/backups'

Port on Which Web-Server Nginx is Listening on

Set the port GitLab's web-server Nginx is listening on:

gitlab_nginx_listen_port: '80'

Does Web-Server Nginx accept HTTPS Requests?

Choose whether GitLab's web-server Nginx accepts HTTPS requests:

gitlab_nginx_listen_https: 'false'

Does Web-Server Nginx Redirect HTTP Requests to HTTPS?

Choose whether GitLab's web-server Nginx redirects HTTP requests to HTTPS:

gitlab_nginx_redirect_http_to_https: 'false'

Set GitLab feature flags

Set GitLab feature flags to enable or disable additional features. The variable is a list of key-value pairs which requires the name of the feature flag and its boolean state enabled. The default value is set to an empty list [].

gitlab_feature_flags:
  - name: "vscode_web_ide"
    enabled: true
  - name: "chatops"
    enabled: true
  - name: "webauthn"
    enabled: false  

Mattermost only use case

This role can be used to run Mattermost without deploying GitLab. In this scenario services like sidekiq or puma are not required. Set to true to prevent the role from reloading those services:

gitlab_mattermost_only_context: 'false'

Variables to be Set if External Redis is Used

Switch to Use External Redis Instance

Set switch to false to enable external Redis instance:

gitlab_use_internal_redis: 'false'

Password to Authenticate Redis Services within Cluster

It is recommended to enable authentication for Redis Master and Redis Replicas by providing the respective password:

gitlab_redis_password: 'changeme'

Caution: You have to use your own private and encrypted password here.

Password to Authenticate Redis Sentinels

Support for Redis Sentinel password authentication was introduced in GitLab 16.1.

gitlab_redis_sentinel_password: 'changeme'

Caution: You have to use your own private and encrypted password here.

Reference Name of the Redis Cluster

Choose a name of the Redis Cluster for references:

gitlab_redis_cluster_name: 'redis-cluster'

List of IP addresses of Redis Sentinel Servers

Add a list of IP addresses of the involved Redis Sentinel servers:

gitlab_redis_sentinel_ips:
  - '192.168.33.11'
  - '192.168.33.12'
  - '192.168.33.13'

Port on Which Redis Sentinel Servers are Listening

Choose port on which Redis Sentinel servers are listening:

gitlab_redis_sentinel_port: '26379'

Whitelist IP Address Range for Monitoring Redis Sentinel Servers

Range of GitLab IP addresses that are allowed to monitor Redis Sentinel servers:

gitlab_ip_range: '{{ ansible_facts.default_ipv4.address }}/24'

Variables to be Set if External Gitaly is Used

Switch to Use External Gitaly Instance

Set switch to false to enable external Gitaly instance:

gitlab_use_internal_gitaly: 'false'

Path to GitLab Data Directory

Specify where to put the GitLab data directory:

gitlab_git_data_dir: "/var/opt/gitlab/git-data"

Gitaly Authentication Token

A Gitaly authentication token needs to be given:

gitlab_gitaly_token: 'changeme'

Caution: You have to use your own private and encrypted password here.

GitLab Shell Token

A GitLab shell token needs to be given:

gitlab_secret_token: 'changeme'

Caution: You have to use your own private and encrypted password here.

Gitaly IP Address

Specify IP address of the Gitaly instance:

gitlab_gitaly_instance_ip: '127.0.0.1'

Gitaly Port

Specify port of the Gitaly instance:

gitlab_gitaly_instance_port: '8075'

Variables to be Set if External PostgreSQL Database is Used

Switch to Use External PostgreSQL Database Instance

Set switch to false to enable external PostgreSQL Database instance:

gitlab_use_internal_postgresql: 'false'

IP Address of External PostgreSQL Database Instance

Set IP Address of PostgreSQL Database instance:

gitlab_postgresql_db_host: '127.0.0.1'

Password for External PostgreSQL Database Instance

Set password of PostgreSQL Database instance:

gitlab_postgresql_db_password: 'changeme'

Caution: You have to use your own private and encrypted password here.

Configure GitLab Registry

Enable GitLab container registry:

gitlab_registry_enable: "true"

Please note: If you do not run a load balancer in front of GitLab and let NGinx care about SSL encryption, please also configure registry_nginx['ssl_certificate'] and registry_nginx['ssl_certificate_key'] via gitlab_additional_configurations.

Additional Configurations given as Role Variables

Any other configurations that are not yet part of GitLab's configuration file can be given by Ansible role variables.

Configurations via Dictionary-like Ruby Variables

Ruby variables that are not part of GitLab's configuration file can be given by Ansible role variables.

Code Attribution / Terms of Use:

This idea of generic key-value pairs is attributed to the work of Jeff Geerling which is originally licensed under the MIT License.

Usage example:

gitlab_additional_configurations:
  - gitlab_rails:
      - key: "time_zone"
        value: "Europe/Berlin"
  - nginx:
      - key: "listen_port"
        type: "plain"
        value: "80"
      - key: "listen_https"
        type: "plain"
        value: "false"

Resulting configuration:

gitlab_rails['time_zone'] = 'Europe/Berlin'
nginx['listen_port'] = 80
nginx['listen_https'] = false

Configurations via Ruby Function Calls

Ruby function calls that are not part of GitLab's configuration file can be given by Ansible role variables.

Usage example:

gitlab_ruby_configuration_calls:
  - key: "pages_external_url"
    value: "https://pages.example.com"
  - key: "registry_external_url"
    value: "https://registry.example.com"
  - key: "mattermost_external_url"
    value: "https://mattermost.example.com"

Resulting configuration:

registry_external_url "https://registry.example.com"
pages_external_url "https://pages.example.com"
mattermost_external_url "https://mattermost.example.com"

Dependencies

None.

License

Apache-2.0

Author Information

HIFIS Software Team

Contributors

We would like to thank and give credits to the following contributors of this project:

ansible-role-gitlab's People

Contributors

christianhueserhzdr avatar dependabot[bot] avatar flyinggecko avatar normo avatar renovate-bot avatar tobiashuste avatar

Stargazers

 avatar  avatar  avatar

Watchers

 avatar  avatar  avatar

ansible-role-gitlab's Issues

Update package cache in check-mode

To avoid the error of a supposedly non-existent package due to an outdated package cache.

TASK [external/hifis.gitlab : Install or upgrade GitLab.] **********************
fatal: [host.example.org]: FAILED! => changed=false 
  cache_update_time: 1669795358
  cache_updated: true
  msg: no available installation candidate for gitlab-ce=15.5.5-ce.0

Improve Molecule verification step

Currently, the verification step is rather testing a bit of basic stuff. This should be extended.

  • Verify if GitLab is properly running via gitlab status
  • Retrieve information from the health endpoints
  • Check the web interface.

conditional check 'gitlab_ctl.stat.exists' failed

The conditional check 'gitlab_ctl.stat.exists' failed. The error was: error while evaluating conditional (gitlab_ctl.stat.exists): 'gitlab_ctl' is undefined. 'gitlab_ctl' is undefined
  
    The error appears to be in '/home/bestflei/dev/hifis/technology/gitlab/roles/external/hifis.gitlab/tasks/reconfigure.yml': line 8, column 3, but may
    be elsewhere in the file depending on the exact syntax problem.
  
    The offending line appears to be:
  
  
    - name: Reconfigure Primary GitLab
      ^ here

Related to #131

Prefix variables with role name

Currently, only a couple of variables are prefixed with the role name. This way they conflict with variables configured in other roles, e.g. redis_password. It should better be called gitlab_redis_password.

Add a contribution guide

In order to motivate people to contribute a CONTRIBUTING guide for Ansible roles needs to be put into this repository.

Molecule folder not linted by molecule

When providing . as the folder path of the lintables to ansible-lint it does not lint the folder molecule/default containing converge.yml, prepare.yml, verify.yml, hence folder molecule/ need to be added to the ansible-lint call in the molecule lint commands.

Linting violations need to be fixed alongside this change.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.