⚠️ This project is archived! ⚠️

This role has been migrated to our hifis.toolkit collection:

• https://github.com/hifis-net/ansible-collection-toolkit
• https://galaxy.ansible.com/ui/repo/published/hifis/toolkit/

A role to install and configure official GitLab Omnibus package.

Currently supported platforms are:

• CentOS 7
• AlmaLinux 8
• Debian 11 (Bullseye)
• Ubuntu 18.04 LTS (Bionic Beaver)
• Ubuntu 20.04 LTS (Focal Fossa)
• Ubuntu 22.04 LTS (Jemmy Jellyfish)

None.

The GitLab edition to install. Please use either gitlab-ce for Community Edition or gitlab-ee for Enterprise Edition.

gitlab_edition: "gitlab-ee"

Set a specific GitLab version to install. Please ensure that you also specify the desired release. You can find the available releases here.

gitlab_version: "15.6.1"

# GitLab Release for RHEL/AlmaLinux 8
gitlab_release: "ce.0.el8"

# GitLab Release for Ubuntu
gitlab_release: "ce.0"

Please note: If no GitLab version is specified the role will always install the latest available GitLab package.

URL to the GPG key that was used to sign the packages.

gitlab_gpg_key_url: "https://packages.gitlab.com/gitlab/{{ gitlab_edition }}/gpgkey"

Identifier of GPG key that was used to sign the packages.

gitlab_gpg_key_id: "F6403F6544A38863DAA0B6E03F01618A51312F3F"

URL to the package repository based on the operating system.

gitlab_repo_url: "https://packages.gitlab.com/gitlab/{{ gitlab_edition }}/ubuntu/"

URL to the source package repository (CentOS and AlmaLinux only).

gitlab_source_repo_url: "https://packages.gitlab.com/gitlab/{{ gitlab_edition }}/el/{{ ansible_facts.distribution_major_version }}/SRPMS"

Name of the GitLab package to install.

gitlab_package_name: "{{ gitlab_edition + '=' + gitlab_version + '-' + gitlab_release if gitlab_version and gitlab_release else gitlab_edition }}"

List of depend packages required by GitLab based on the operating system.

gitlab_dependencies:
  - apt-transport-https
  - curl
  - gnupg
  - openssh-server
  - openssl
  - tzdata

Give the URL of your GitLab instance:

gitlab_external_url: 'https://gitlab.example.com'

Choose the timezone to be used by GitLab:

gitlab_time_zone: 'Europe/Berlin'

Set the period of time (in seconds) to keep your GitLab backups:

gitlab_backup_keep_time: '604800'

Specify the name of the template for GitLab's configuration file which will be transformed into GitLab's configuration file:

gitlab_configuration_file_template: 'gitlab.rb.j2'

Specify the path of the template for GitLab's configuration file which contains custom configurations of your GitLab instance:

gitlab_configuration_file_path: '/etc/gitlab/gitlab.rb'

Choose the Default Theme to be used for new GitLab users:

gitlab_default_theme: '2'

Set the path to the GitLab backups:

gitlab_backup_path: '/var/opt/gitlab/backups'

Set the port GitLab's web-server Nginx is listening on:

gitlab_nginx_listen_port: '80'

Choose whether GitLab's web-server Nginx accepts HTTPS requests:

gitlab_nginx_listen_https: 'false'

Choose whether GitLab's web-server Nginx redirects HTTP requests to HTTPS:

gitlab_nginx_redirect_http_to_https: 'false'

Set GitLab feature flags to enable or disable additional features. The variable is a list of key-value pairs which requires the name of the feature flag and its boolean state enabled. The default value is set to an empty list [].

gitlab_feature_flags:
  - name: "vscode_web_ide"
    enabled: true
  - name: "chatops"
    enabled: true
  - name: "webauthn"
    enabled: false  

This role can be used to run Mattermost without deploying GitLab. In this scenario services like sidekiq or puma are not required. Set to true to prevent the role from reloading those services:

gitlab_mattermost_only_context: 'false'

Set switch to false to enable external Redis instance:

gitlab_use_internal_redis: 'false'

It is recommended to enable authentication for Redis Master and Redis Replicas by providing the respective password:

gitlab_redis_password: 'changeme'

Caution: You have to use your own private and encrypted password here.

Support for Redis Sentinel password authentication was introduced in GitLab 16.1.

gitlab_redis_sentinel_password: 'changeme'

Caution: You have to use your own private and encrypted password here.

Choose a name of the Redis Cluster for references:

gitlab_redis_cluster_name: 'redis-cluster'

Add a list of IP addresses of the involved Redis Sentinel servers:

gitlab_redis_sentinel_ips:
  - '192.168.33.11'
  - '192.168.33.12'
  - '192.168.33.13'

Choose port on which Redis Sentinel servers are listening:

gitlab_redis_sentinel_port: '26379'

Range of GitLab IP addresses that are allowed to monitor Redis Sentinel servers:

gitlab_ip_range: '{{ ansible_facts.default_ipv4.address }}/24'

Set switch to false to enable external Gitaly instance:

gitlab_use_internal_gitaly: 'false'

Specify where to put the GitLab data directory:

gitlab_git_data_dir: "/var/opt/gitlab/git-data"

A Gitaly authentication token needs to be given:

gitlab_gitaly_token: 'changeme'

Caution: You have to use your own private and encrypted password here.

A GitLab shell token needs to be given:

gitlab_secret_token: 'changeme'

Caution: You have to use your own private and encrypted password here.

Specify IP address of the Gitaly instance:

gitlab_gitaly_instance_ip: '127.0.0.1'

Specify port of the Gitaly instance:

gitlab_gitaly_instance_port: '8075'

Set switch to false to enable external PostgreSQL Database instance:

gitlab_use_internal_postgresql: 'false'

Set IP Address of PostgreSQL Database instance:

gitlab_postgresql_db_host: '127.0.0.1'

Set password of PostgreSQL Database instance:

gitlab_postgresql_db_password: 'changeme'

Caution: You have to use your own private and encrypted password here.

Enable GitLab container registry:

gitlab_registry_enable: "true"

Please note: If you do not run a load balancer in front of GitLab and let NGinx care about SSL encryption, please also configure registry_nginx['ssl_certificate'] and registry_nginx['ssl_certificate_key'] via gitlab_additional_configurations.

Any other configurations that are not yet part of GitLab's configuration file can be given by Ansible role variables.

Ruby variables that are not part of GitLab's configuration file can be given by Ansible role variables.

Code Attribution / Terms of Use:

This idea of generic key-value pairs is attributed to the work of Jeff Geerling which is originally licensed under the MIT License.

Usage example:

gitlab_additional_configurations:
  - gitlab_rails:
      - key: "time_zone"
        value: "Europe/Berlin"
  - nginx:
      - key: "listen_port"
        type: "plain"
        value: "80"
      - key: "listen_https"
        type: "plain"
        value: "false"

Resulting configuration:

gitlab_rails['time_zone'] = 'Europe/Berlin'
nginx['listen_port'] = 80
nginx['listen_https'] = false

Ruby function calls that are not part of GitLab's configuration file can be given by Ansible role variables.

Usage example:

gitlab_ruby_configuration_calls:
  - key: "pages_external_url"
    value: "https://pages.example.com"
  - key: "registry_external_url"
    value: "https://registry.example.com"
  - key: "mattermost_external_url"
    value: "https://mattermost.example.com"

Resulting configuration:

registry_external_url "https://registry.example.com"
pages_external_url "https://pages.example.com"
mattermost_external_url "https://mattermost.example.com"

None.

Apache-2.0

HIFIS Software Team

We would like to thank and give credits to the following contributors of this project:

• flyinggecko