diff --git a/ansible/playbooks/role-gitlab-ee.yml b/ansible/playbooks/role-gitlab-ee.yml index cd1a9b8..ff50ab9 100644 --- a/ansible/playbooks/role-gitlab-ee.yml +++ b/ansible/playbooks/role-gitlab-ee.yml @@ -3,8 +3,12 @@ - name: Install and Provision Gitlab hosts: gitlabservers become: true - vars_file: - - vars/gitlab.yml + vars_files: + - vars/gitlab.yml + + # This is to try to avoid the handler issue in pre/post tasks + handlers: + - import_tasks: handlers/main.yml pre_tasks: - name: Check if ansible cannot be run here diff --git a/ansible/playbooks/tasks/gitlab-reconfigure.yml b/ansible/playbooks/tasks/gitlab-reconfigure.yml index edc694e..f817ed6 100644 --- a/ansible/playbooks/tasks/gitlab-reconfigure.yml +++ b/ansible/playbooks/tasks/gitlab-reconfigure.yml @@ -29,6 +29,7 @@ owner: root group: root mode: '0644' + remote_src: true when: gitlab_create_self_signed_cert - name: Copy self-signed certificate key @@ -38,12 +39,13 @@ owner: root group: root mode: '0644' + remote_src: true when: gitlab_create_self_signed_cert - name: Symlink the IPA CA file: src: "/etc/ipa/ca.crt" - dest: "/etc/gitlab/trusted_certs/ca.crt" + dest: "/etc/gitlab/trusted-certs/ipa-ca.crt" owner: root group: root state: link diff --git a/ansible/playbooks/templates/etc/gitlab/rocky_gitlab.rb b/ansible/playbooks/templates/etc/gitlab/rocky_gitlab.rb index 87a3e26..6795d13 100644 --- a/ansible/playbooks/templates/etc/gitlab/rocky_gitlab.rb +++ b/ansible/playbooks/templates/etc/gitlab/rocky_gitlab.rb @@ -29,28 +29,28 @@ gitlab_rails['backup_path'] = "{{ gitlab_backup_path }}" # https://gitlab.com/gitlab-org/gitlab-ce/blob/master/config/gitlab.yml.example#L118 gitlab_rails['ldap_enabled'] = {{ gitlab_ldap_enabled }} {% if gitlab_ldap_enabled == "true" %} - gitlab_rails['ldap_servers'] = YAML.load <<-'EOS' - main: - label: 'LDAP' - host: '{{ gitlab_ldap_host }}' - port: {{ gitlab_ldap_port }} - uid: '{{ gitlab_ldap_uid }}' - method: '{{ gitlab_ldap_method}}' - bind_dn: '{{ gitlab_ldap_bind_dn }}' - password: '{{ gitlab_ldap_password }}' - allow_username_or_email_login: true - base: '{{ gitlab_ldap_base }}' - user_filter: '' - group_base: '{{ gitlab_ldap_group_dn }}' - admin_group: '{{ gitlab_ldap_admin_group }}' - sync_ssh_keys: true - attributes: - username: ['uid'] - email: ['mail'] - name: 'cn' - first_name: 'givenName' - last_name: 'sn' - EOS +gitlab_rails['ldap_servers'] = YAML.load <<-'EOS' + main: + label: 'LDAP' + host: '{{ gitlab_ldap_host }}' + port: {{ gitlab_ldap_port }} + uid: '{{ gitlab_ldap_uid }}' + method: '{{ gitlab_ldap_method}}' + bind_dn: '{{ gitlab_ldap_bind_dn }}' + password: '{{ gitlab_ldap_password }}' + allow_username_or_email_login: true + base: '{{ gitlab_ldap_base }}' + user_filter: '' + group_base: '{{ gitlab_ldap_group_dn }}' + admin_group: '{{ gitlab_ldap_admin_group }}' + sync_ssh_keys: true + attributes: + username: ['uid'] + email: ['mail'] + name: 'cn' + first_name: 'givenName' + last_name: 'sn' +EOS {% endif %} # GitLab Nginx diff --git a/ansible/playbooks/templates/etc/nginx/nginx.conf.j2 b/ansible/playbooks/templates/etc/nginx/nginx.conf.j2 index 273f1e8..41f3485 100644 --- a/ansible/playbooks/templates/etc/nginx/nginx.conf.j2 +++ b/ansible/playbooks/templates/etc/nginx/nginx.conf.j2 @@ -1,5 +1,5 @@ # MANAGED BY ANSIBLE -# Hostname: {{ inventory_host }} +# Hostname: {{ ansible_fqdn }} user nginx; worker_processes auto; error_log /var/log/nginx/error.log; diff --git a/ansible/roles/requirements.yml b/ansible/roles/requirements.yml index b31370c..9645938 100644 --- a/ansible/roles/requirements.yml +++ b/ansible/roles/requirements.yml @@ -8,6 +8,7 @@ roles: - name: rockylinux.ipsilon src: https://github.com/rocky-linux/ansible-role-ipsilon version: main + - name: geerlingguy.gitlab collections: # freeipa