infrastructure/mono-infrastructure
7
0
Fork 0
mirror of https://github.com/rocky-linux/infrastructure synced 2024-11-22 13:11:29 +00:00
Code Issues Projects Releases Wiki Activity

add custom gitlab template

Browse Source
This commit is contained in:
nazunalika 2020-12-18 00:39:37 -07:00
parent c6323199f4
commit e3b6aa652f
3 changed files with 135 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
ansible/playbooks/tasks/gitlab-reconfigure.yml
View File

@ -1,16 +1,4 @@
--- ---
# We need to do some additional configuration for GitLab to ensure that it
# works and operates immediately with FreeIPA.
- name: Insert Additional GitLab EE Settings
blockinfile:
path: /etc/gitlab/gitlab.rb
block: |
gitlab_rails['ldap_group_base'] = 'cn=groups,cn=accounts,dc=rockylinux,dc=org'
gitlab_rails['ldap_admin_group'] = 'cn=gitadm,cn=groups,cn=accounts,dc=rockylinux,dc=org'
nginx['enable'] = false
nginx['external_users'] = ['nginx']
notify: restart_gitlab
- name: Install nginx normally - name: Install nginx normally
yum: yum:
name: nginx name: nginx
@ -52,6 +40,14 @@
mode: '0644' mode: '0644'
when: gitlab_create_self_signed_cert when: gitlab_create_self_signed_cert
- name: Symlink the IPA CA
file:
src: "/etc/ipa/ca.crt"
dest: "/etc/gitlab/trusted_certs/ca.crt"
owner: root
group: root
state: link
- name: Turn on necessary SELinux booleans - name: Turn on necessary SELinux booleans
ansible.posix.seboolean: ansible.posix.seboolean:
name: "{{ item }}" name: "{{ item }}"

124
ansible/playbooks/templates/etc/gitlab/rocky_gitlab.rb Normal file
View File

@ -0,0 +1,124 @@
# The URL through which GitLab will be accessed.
external_url "{{ gitlab_external_url }}"
# gitlab.yml configuration
gitlab_rails['time_zone'] = "{{ gitlab_time_zone }}"
gitlab_rails['backup_keep_time'] = {{ gitlab_backup_keep_time }}
gitlab_rails['gitlab_email_enabled'] = {{ gitlab_email_enabled }}
{% if gitlab_email_enabled == "true" %}
gitlab_rails['gitlab_email_from'] = "{{ gitlab_email_from }}"
gitlab_rails['gitlab_email_display_name'] = "{{ gitlab_email_display_name }}"
gitlab_rails['gitlab_email_reply_to'] = "{{ gitlab_email_reply_to }}"
{% endif %}
# Default Theme
gitlab_rails['gitlab_default_theme'] = "{{ gitlab_default_theme }}"
# Whether to redirect http to https.
nginx['redirect_http_to_https'] = {{ gitlab_redirect_http_to_https }}
nginx['ssl_certificate'] = "{{ gitlab_ssl_certificate }}"
nginx['ssl_certificate_key'] = "{{ gitlab_ssl_certificate_key }}"
# The directory where Git repositories will be stored.
git_data_dirs({"default" => {"path" => "{{ gitlab_git_data_dir }}"} })
# The directory where Gitlab backups will be stored
gitlab_rails['backup_path'] = "{{ gitlab_backup_path }}"
# These settings are documented in more detail at
# https://gitlab.com/gitlab-org/gitlab-ce/blob/master/config/gitlab.yml.example#L118
gitlab_rails['ldap_enabled'] = {{ gitlab_ldap_enabled }}
{% if gitlab_ldap_enabled == "true" %}
gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
main:
label: 'LDAP'
host: '{{ gitlab_ldap_host }}'
port: {{ gitlab_ldap_port }}
uid: '{{ gitlab_ldap_uid }}'
method: '{{ gitlab_ldap_method}}'
bind_dn: '{{ gitlab_ldap_bind_dn }}'
password: '{{ gitlab_ldap_password }}'
allow_username_or_email_login: true
base: '{{ gitlab_ldap_base }}'
user_filter: ''
group_base: '{{ gitlab_ldap_group_dn }}'
admin_group: '{{ gitlab_ldap_admin_group }}'
sync_ssh_keys: true
attributes:
username: ['uid']
email: ['mail']
name: 'cn'
first_name: 'givenName'
last_name: 'sn'
EOS
{% endif %}
# GitLab Nginx
## See https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/nginx.md
{% if gitlab_nginx_listen_port is defined %}
nginx['listen_port'] = "{{ gitlab_nginx_listen_port }}"
{% endif %}
{% if gitlab_nginx_listen_https is defined %}
nginx['listen_https'] = {{ gitlab_nginx_listen_https }}
{% endif %}
# Use smtp instead of sendmail/postfix
# More details and example configuration at
# https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/smtp.md
gitlab_rails['smtp_enable'] = {{ gitlab_smtp_enable }}
{% if gitlab_smtp_enable == "true" %}
gitlab_rails['smtp_address'] = '{{ gitlab_smtp_address }}'
gitlab_rails['smtp_port'] = {{ gitlab_smtp_port }}
{% if gitlab_smtp_user_name %}
gitlab_rails['smtp_user_name'] = '{{ gitlab_smtp_user_name }}'
{% endif %}
{% if gitlab_smtp_password %}
gitlab_rails['smtp_password'] = '{{ gitlab_smtp_password }}'
{% endif %}
gitlab_rails['smtp_domain'] = '{{ gitlab_smtp_domain }}'
{% if gitlab_smtp_authentication %}
gitlab_rails['smtp_authentication'] = '{{ gitlab_smtp_authentication }}'
{% endif %}
gitlab_rails['smtp_enable_starttls_auto'] = {{ gitlab_smtp_enable_starttls_auto }}
gitlab_rails['smtp_tls'] = {{ gitlab_smtp_tls }}
gitlab_rails['smtp_openssl_verify_mode'] = '{{ gitlab_smtp_openssl_verify_mode }}'
gitlab_rails['smtp_ca_path'] = '{{ gitlab_smtp_ca_path }}'
gitlab_rails['smtp_ca_file'] = '{{ gitlab_smtp_ca_file }}'
{% endif %}
# 2-way SSL Client Authentication.
{% if gitlab_nginx_ssl_verify_client %}
nginx['ssl_verify_client'] = "{{ gitlab_nginx_ssl_verify_client }}"
{% endif %}
{% if gitlab_nginx_ssl_client_certificate %}
nginx['ssl_client_certificate'] = "{{ gitlab_nginx_ssl_client_certificate }}"
{% endif %}
# GitLab registry.
registry['enable'] = {{ gitlab_registry_enable }}
{% if gitlab_registry_enable == "true" %}
registry_external_url "{{ gitlab_registry_external_url }}"
registry_nginx['ssl_certificate'] = "{{ gitlab_registry_nginx_ssl_certificate }}"
registry_nginx['ssl_certificate_key'] = "{{ gitlab_registry_nginx_ssl_certificate_key }}"
{% endif %}
{% if gitlab_extra_settings is defined %}
# Extra configuration
{% for extra in gitlab_extra_settings %}
{% for setting in extra %}
{% for kv in extra[setting] %}
{% if (kv.type is defined and kv.type == 'plain') or (kv.value is not string) %}
{{ setting }}['{{ kv.key }}'] = {{ kv.value }}
{% else %}
{{ setting }}['{{ kv.key }}'] = '{{ kv.value }}'
{% endif %}
{% endfor %}
{% endfor %}
{% endfor %}
{% endif %}
# To change other settings, see:
# https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/README.md#changing-gitlab-yml-settings
nginx['enable'] = false
nginx['external_users'] = ['nginx']

3
ansible/playbooks/vars/gitlab.yml
View File

@ -1,4 +1,5 @@
--- ---
gitlab_config_template: "etc/gitlab/rocky_gitlab.rb"
gitlab_domain: git.rockylinux.org gitlab_domain: git.rockylinux.org
gitlab_external_url: "https://{{ gitlab_domain }}/" gitlab_external_url: "https://{{ gitlab_domain }}/"
@ -25,6 +26,8 @@ gitlab_ldap_method: "start_tls"
gitlab_ldap_bind_dn: "uid=binder,cn=sysaccounts,cn=etc,dc=rockylinux,dc=org" gitlab_ldap_bind_dn: "uid=binder,cn=sysaccounts,cn=etc,dc=rockylinux,dc=org"
gitlab_ldap_password: "ThisIsNotThePassword!" gitlab_ldap_password: "ThisIsNotThePassword!"
gitlab_ldap_base: "cn=users,cn=accounts,dc=rockylinux,dc=org" gitlab_ldap_base: "cn=users,cn=accounts,dc=rockylinux,dc=org"
gitlab_ldap_group_dn: "cn=groups,cn=accounts,dc=rockylinux,dc=org"
gitlab_ldap_admin_group: "cn=gitadm,cn=groups,cn=accounts,dc=rockylinux,dc=org"
gitlab_time_zone: "UTC" gitlab_time_zone: "UTC"