| commit | author | age | ||
| ec8161 | 1 | # Ansible Role: GitLab |
| JR | 2 | |
| 3 | [](https://travis-ci.org/geerlingguy/ansible-role-gitlab) | |
| 4 | ||
| 5 | Installs GitLab, a Ruby-based front-end to Git, on any RedHat/CentOS or Debian/Ubuntu linux system. | |
| 6 | ||
| 7 | GitLab's default administrator account details are below; be sure to login immediately after installation and change these credentials! | |
| 8 | ||
| 9 | root | |
| 10 | 5iveL!fe | |
| 11 | ||
| 12 | ## Requirements | |
| 13 | ||
| 14 | None. | |
| 15 | ||
| 16 | ## Role Variables | |
| 17 | ||
| 18 | Available variables are listed below, along with default values (see `defaults/main.yml`): | |
| 19 | ||
| 20 | gitlab_external_url: "https://gitlab/" | |
| 21 | ||
| 22 | The URL at which the GitLab instance will be accessible. This is set as the `external_url` configuration setting in `gitlab.rb`, and if you want to run GitLab on a different port (besides 80/443), you can specify the port here (e.g. `https://gitlab:8443/` for port 8443). | |
| 23 | ||
| 24 | gitlab_git_data_dir: "/var/opt/gitlab/git-data" | |
| 25 | ||
| 26 | The `gitlab_git_data_dir` is the location where all the Git repositories will be stored. You can use a shared drive or any path on the system. | |
| 27 | ||
| 28 | gitlab_backup_path: "/var/opt/gitlab/backups" | |
| 29 | ||
| 30 | The `gitlab_backup_path` is the location where Gitlab backups will be stored. | |
| 31 | ||
| 32 | gitlab_edition: "gitlab-ce" | |
| 33 | ||
| 34 | The edition of GitLab to install. Usually either `gitlab-ce` (Community Edition) or `gitlab-ee` (Enterprise Edition). | |
| 35 | ||
| 36 | gitlab_version: '' | |
| 37 | ||
| 38 | If you'd like to install a specific version, set the version here (e.g. `11.4.0-ce.0` for Debian/Ubuntu, or `11.4.0-ce.0.el7` for RedHat/CentOS). | |
| 39 | ||
| 40 | gitlab_config_template: "gitlab.rb.j2" | |
| 41 | ||
| 42 | The `gitlab.rb.j2` template packaged with this role is meant to be very generic and serve a variety of use cases. However, many people would like to have a much more customized version, and so you can override this role's default template with your own, adding any additional customizations you need. To do this: | |
| 43 | ||
| 44 | - Create a `templates` directory at the same level as your playbook. | |
| 45 | - Create a `templates\mygitlab.rb.j2` file (just choose a different name from the default template). | |
| 46 | - Set the variable like: `gitlab_config_template: mygitlab.rb.j2` (with the name of your custom template). | |
| 47 | ||
| 48 | ### SSL Configuration. | |
| 49 | ||
| 50 | gitlab_redirect_http_to_https: "true" | |
| 51 | gitlab_ssl_certificate: "/etc/gitlab/ssl/gitlab.crt" | |
| 52 | gitlab_ssl_certificate_key: "/etc/gitlab/ssl/gitlab.key" | |
| 53 | ||
| 54 | GitLab SSL configuration; tells GitLab to redirect normal http requests to https, and the path to the certificate and key (the default values will work for automatic self-signed certificate creation, if set to `true` in the variable below). | |
| 55 | ||
| 56 | # SSL Self-signed Certificate Configuration. | |
| 57 | gitlab_create_self_signed_cert: "true" | |
| 58 | gitlab_self_signed_cert_subj: "/C=US/ST=Missouri/L=Saint Louis/O=IT/CN=gitlab" | |
| 59 | ||
| 60 | Whether to create a self-signed certificate for serving GitLab over a secure connection. Set `gitlab_self_signed_cert_subj` according to your locality and organization. | |
| 61 | ||
| 62 | # LDAP Configuration. | |
| 63 | gitlab_ldap_enabled: "false" | |
| 64 | gitlab_ldap_host: "example.com" | |
| 65 | gitlab_ldap_port: "389" | |
| 66 | gitlab_ldap_uid: "sAMAccountName" | |
| 67 | gitlab_ldap_method: "plain" | |
| 68 | gitlab_ldap_bind_dn: "CN=Username,CN=Users,DC=example,DC=com" | |
| 69 | gitlab_ldap_password: "password" | |
| 70 | gitlab_ldap_base: "DC=example,DC=com" | |
| 71 | ||
| 72 | GitLab LDAP configuration; if `gitlab_ldap_enabled` is `true`, the rest of the configuration will tell GitLab how to connect to an LDAP server for centralized authentication. | |
| 73 | ||
| 74 | gitlab_time_zone: "UTC" | |
| 75 | ||
| 76 | Gitlab timezone. | |
| 77 | ||
| 78 | gitlab_backup_keep_time: "604800" | |
| 79 | ||
| 80 | How long to keep local backups (useful if you don't want backups to fill up your drive!). | |
| 81 | ||
| 82 | gitlab_download_validate_certs: true | |
| 83 | ||
| 84 | Controls whether to validate certificates when downloading the GitLab installation repository install script. | |
| 85 | ||
| 86 | # Email configuration. | |
| 87 | gitlab_email_enabled: "false" | |
| 88 | gitlab_email_from: "gitlab@example.com" | |
| 89 | gitlab_email_display_name: "Gitlab" | |
| 90 | gitlab_email_reply_to: "gitlab@example.com" | |
| 91 | ||
| 92 | Gitlab system mail configuration. Disabled by default; set `gitlab_email_enabled` to `true` to enable, and make sure you enter valid from/reply-to values. | |
| 93 | ||
| 94 | # SMTP Configuration | |
| 95 | gitlab_smtp_enable: "false" | |
| 96 | gitlab_smtp_address: "smtp.server" | |
| 97 | gitlab_smtp_port: "465" | |
| 98 | gitlab_smtp_user_name: "smtp user" | |
| 99 | gitlab_smtp_password: "smtp password" | |
| 100 | gitlab_smtp_domain: "example.com" | |
| 101 | gitlab_smtp_authentication: "login" | |
| 102 | gitlab_smtp_enable_starttls_auto: "true" | |
| 103 | gitlab_smtp_tls: "false" | |
| 104 | gitlab_smtp_openssl_verify_mode: "none" | |
| 105 | gitlab_smtp_ca_path: "/etc/ssl/certs" | |
| 106 | gitlab_smtp_ca_file: "/etc/ssl/certs/ca-certificates.crt" | |
| 107 | ||
| 108 | Gitlab SMTP configuration; of `gitlab_smtp_enable` is `true`, the rest of the configuration will tell GitLab how to send mails using an smtp server. | |
| 109 | ||
| 110 | gitlab_nginx_listen_port: 8080 | |
| 111 | ||
| 112 | If you are running GitLab behind a reverse proxy, you may want to override the listen port to something else. | |
| 113 | ||
| 114 | gitlab_nginx_listen_https: "false" | |
| 115 | ||
| 116 | If you are running GitLab behind a reverse proxy, you may wish to terminate SSL at another proxy server or load balancer | |
| 117 | ||
| 118 | gitlab_nginx_ssl_verify_client: "" | |
| 119 | gitlab_nginx_ssl_client_certificate: "" | |
| 120 | ||
| 121 | If you want to enable [2-way SSL Client Authentication](https://docs.gitlab.com/omnibus/settings/nginx.html#enable-2-way-ssl-client-authentication), set `gitlab_nginx_ssl_verify_client` and add a path to the client certificate in `gitlab_nginx_ssl_client_certificate`. | |
| 122 | ||
| 123 | gitlab_default_theme: 2 | |
| 124 | ||
| 125 | GitLab includes a number of themes, and you can set the default for all users with this variable. See [the included GitLab themes to choose a default](https://github.com/gitlabhq/gitlabhq/blob/master/config/gitlab.yml.example#L79-L85). | |
| 126 | ||
| 127 | ## Dependencies | |
| 128 | ||
| 129 | None. | |
| 130 | ||
| 131 | ## Example Playbook | |
| 132 | ||
| 133 | - hosts: servers | |
| 134 | vars_files: | |
| 135 | - vars/main.yml | |
| 136 | roles: | |
| 137 | - { role: geerlingguy.gitlab } | |
| 138 | ||
| 139 | *Inside `vars/main.yml`*: | |
| 140 | ||
| 141 | gitlab_external_url: "https://gitlab.example.com/" | |
| 142 | ||
| 143 | ## License | |
| 144 | ||
| 145 | MIT / BSD | |
| 146 | ||
| 147 | ## Author Information | |
| 148 | ||
| 149 | This role was created in 2014 by [Jeff Geerling](http://jeffgeerling.com/), author of [Ansible for DevOps](http://ansiblefordevops.com/). | |
