commit | author | age
|
ec8161
|
1 |
# Ansible Role: GitLab |
JR |
2 |
|
|
3 |
[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-gitlab.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-gitlab) |
|
4 |
|
|
5 |
Installs GitLab, a Ruby-based front-end to Git, on any RedHat/CentOS or Debian/Ubuntu linux system. |
|
6 |
|
|
7 |
GitLab's default administrator account details are below; be sure to login immediately after installation and change these credentials! |
|
8 |
|
|
9 |
root |
|
10 |
5iveL!fe |
|
11 |
|
|
12 |
## Requirements |
|
13 |
|
|
14 |
None. |
|
15 |
|
|
16 |
## Role Variables |
|
17 |
|
|
18 |
Available variables are listed below, along with default values (see `defaults/main.yml`): |
|
19 |
|
|
20 |
gitlab_external_url: "https://gitlab/" |
|
21 |
|
|
22 |
The URL at which the GitLab instance will be accessible. This is set as the `external_url` configuration setting in `gitlab.rb`, and if you want to run GitLab on a different port (besides 80/443), you can specify the port here (e.g. `https://gitlab:8443/` for port 8443). |
|
23 |
|
|
24 |
gitlab_git_data_dir: "/var/opt/gitlab/git-data" |
|
25 |
|
|
26 |
The `gitlab_git_data_dir` is the location where all the Git repositories will be stored. You can use a shared drive or any path on the system. |
|
27 |
|
|
28 |
gitlab_backup_path: "/var/opt/gitlab/backups" |
|
29 |
|
|
30 |
The `gitlab_backup_path` is the location where Gitlab backups will be stored. |
|
31 |
|
|
32 |
gitlab_edition: "gitlab-ce" |
|
33 |
|
|
34 |
The edition of GitLab to install. Usually either `gitlab-ce` (Community Edition) or `gitlab-ee` (Enterprise Edition). |
|
35 |
|
|
36 |
gitlab_version: '' |
|
37 |
|
|
38 |
If you'd like to install a specific version, set the version here (e.g. `11.4.0-ce.0` for Debian/Ubuntu, or `11.4.0-ce.0.el7` for RedHat/CentOS). |
|
39 |
|
|
40 |
gitlab_config_template: "gitlab.rb.j2" |
|
41 |
|
|
42 |
The `gitlab.rb.j2` template packaged with this role is meant to be very generic and serve a variety of use cases. However, many people would like to have a much more customized version, and so you can override this role's default template with your own, adding any additional customizations you need. To do this: |
|
43 |
|
|
44 |
- Create a `templates` directory at the same level as your playbook. |
|
45 |
- Create a `templates\mygitlab.rb.j2` file (just choose a different name from the default template). |
|
46 |
- Set the variable like: `gitlab_config_template: mygitlab.rb.j2` (with the name of your custom template). |
|
47 |
|
|
48 |
### SSL Configuration. |
|
49 |
|
|
50 |
gitlab_redirect_http_to_https: "true" |
|
51 |
gitlab_ssl_certificate: "/etc/gitlab/ssl/gitlab.crt" |
|
52 |
gitlab_ssl_certificate_key: "/etc/gitlab/ssl/gitlab.key" |
|
53 |
|
|
54 |
GitLab SSL configuration; tells GitLab to redirect normal http requests to https, and the path to the certificate and key (the default values will work for automatic self-signed certificate creation, if set to `true` in the variable below). |
|
55 |
|
|
56 |
# SSL Self-signed Certificate Configuration. |
|
57 |
gitlab_create_self_signed_cert: "true" |
|
58 |
gitlab_self_signed_cert_subj: "/C=US/ST=Missouri/L=Saint Louis/O=IT/CN=gitlab" |
|
59 |
|
|
60 |
Whether to create a self-signed certificate for serving GitLab over a secure connection. Set `gitlab_self_signed_cert_subj` according to your locality and organization. |
|
61 |
|
|
62 |
# LDAP Configuration. |
|
63 |
gitlab_ldap_enabled: "false" |
|
64 |
gitlab_ldap_host: "example.com" |
|
65 |
gitlab_ldap_port: "389" |
|
66 |
gitlab_ldap_uid: "sAMAccountName" |
|
67 |
gitlab_ldap_method: "plain" |
|
68 |
gitlab_ldap_bind_dn: "CN=Username,CN=Users,DC=example,DC=com" |
|
69 |
gitlab_ldap_password: "password" |
|
70 |
gitlab_ldap_base: "DC=example,DC=com" |
|
71 |
|
|
72 |
GitLab LDAP configuration; if `gitlab_ldap_enabled` is `true`, the rest of the configuration will tell GitLab how to connect to an LDAP server for centralized authentication. |
|
73 |
|
|
74 |
gitlab_time_zone: "UTC" |
|
75 |
|
|
76 |
Gitlab timezone. |
|
77 |
|
|
78 |
gitlab_backup_keep_time: "604800" |
|
79 |
|
|
80 |
How long to keep local backups (useful if you don't want backups to fill up your drive!). |
|
81 |
|
|
82 |
gitlab_download_validate_certs: true |
|
83 |
|
|
84 |
Controls whether to validate certificates when downloading the GitLab installation repository install script. |
|
85 |
|
|
86 |
# Email configuration. |
|
87 |
gitlab_email_enabled: "false" |
|
88 |
gitlab_email_from: "gitlab@example.com" |
|
89 |
gitlab_email_display_name: "Gitlab" |
|
90 |
gitlab_email_reply_to: "gitlab@example.com" |
|
91 |
|
|
92 |
Gitlab system mail configuration. Disabled by default; set `gitlab_email_enabled` to `true` to enable, and make sure you enter valid from/reply-to values. |
|
93 |
|
|
94 |
# SMTP Configuration |
|
95 |
gitlab_smtp_enable: "false" |
|
96 |
gitlab_smtp_address: "smtp.server" |
|
97 |
gitlab_smtp_port: "465" |
|
98 |
gitlab_smtp_user_name: "smtp user" |
|
99 |
gitlab_smtp_password: "smtp password" |
|
100 |
gitlab_smtp_domain: "example.com" |
|
101 |
gitlab_smtp_authentication: "login" |
|
102 |
gitlab_smtp_enable_starttls_auto: "true" |
|
103 |
gitlab_smtp_tls: "false" |
|
104 |
gitlab_smtp_openssl_verify_mode: "none" |
|
105 |
gitlab_smtp_ca_path: "/etc/ssl/certs" |
|
106 |
gitlab_smtp_ca_file: "/etc/ssl/certs/ca-certificates.crt" |
|
107 |
|
|
108 |
Gitlab SMTP configuration; of `gitlab_smtp_enable` is `true`, the rest of the configuration will tell GitLab how to send mails using an smtp server. |
|
109 |
|
|
110 |
gitlab_nginx_listen_port: 8080 |
|
111 |
|
|
112 |
If you are running GitLab behind a reverse proxy, you may want to override the listen port to something else. |
|
113 |
|
|
114 |
gitlab_nginx_listen_https: "false" |
|
115 |
|
|
116 |
If you are running GitLab behind a reverse proxy, you may wish to terminate SSL at another proxy server or load balancer |
|
117 |
|
|
118 |
gitlab_nginx_ssl_verify_client: "" |
|
119 |
gitlab_nginx_ssl_client_certificate: "" |
|
120 |
|
|
121 |
If you want to enable [2-way SSL Client Authentication](https://docs.gitlab.com/omnibus/settings/nginx.html#enable-2-way-ssl-client-authentication), set `gitlab_nginx_ssl_verify_client` and add a path to the client certificate in `gitlab_nginx_ssl_client_certificate`. |
|
122 |
|
|
123 |
gitlab_default_theme: 2 |
|
124 |
|
|
125 |
GitLab includes a number of themes, and you can set the default for all users with this variable. See [the included GitLab themes to choose a default](https://github.com/gitlabhq/gitlabhq/blob/master/config/gitlab.yml.example#L79-L85). |
|
126 |
|
|
127 |
## Dependencies |
|
128 |
|
|
129 |
None. |
|
130 |
|
|
131 |
## Example Playbook |
|
132 |
|
|
133 |
- hosts: servers |
|
134 |
vars_files: |
|
135 |
- vars/main.yml |
|
136 |
roles: |
|
137 |
- { role: geerlingguy.gitlab } |
|
138 |
|
|
139 |
*Inside `vars/main.yml`*: |
|
140 |
|
|
141 |
gitlab_external_url: "https://gitlab.example.com/" |
|
142 |
|
|
143 |
## License |
|
144 |
|
|
145 |
MIT / BSD |
|
146 |
|
|
147 |
## Author Information |
|
148 |
|
|
149 |
This role was created in 2014 by [Jeff Geerling](http://jeffgeerling.com/), author of [Ansible for DevOps](http://ansiblefordevops.com/). |