Ansible Role: GitLab

Not maintained anymore: As of September 2023, this role is no longer supported because I switched to using Gitea for my personal projects. You may want to fork this role or find another GitLab role made by someone else.

This role installs GitLab, which is a web interface for Git based on Ruby, on any RedHat/CentOS or Debian/Ubuntu Linux system.

Default Admin Login Details

After installing, remember to log in immediately and change the default credentials:

Username: root
Password: 5iveL!fe

Requirements

There are no special requirements.

Role Variables

Here are the variables you can use, along with their default values (found in defaults/main.yml):

• gitlab_domain: Domain name for your GitLab (default is gitlab)
• gitlab_external_url: The URL through which GitLab will be accessed (default is https://{{ gitlab_domain }}/)

You can change the port by using a different URL, such as https://gitlab:8443/ for port 8443.

• gitlab_git_data_dir: Path where Git repositories will be stored (default is /var/opt/gitlab/git-data).
• gitlab_backup_path: Path for GitLab backups (default is /var/opt/gitlab/backups).
• gitlab_edition: Which version of GitLab to install (default is gitlab-ce, meaning Community Edition).
• gitlab_version: If you need a specific version, mention it here.
• gitlab_config_template: Allows you to use a custom configuration template if desired.

SSL Configuration

Configure your SSL setup:

• gitlab_redirect_http_to_https: Set to true to redirect HTTP to HTTPS.
• gitlab_ssl_certificate: Path to your SSL certificate (default is /etc/gitlab/ssl/{{ gitlab_domain }}.crt).
• gitlab_ssl_certificate_key: Path to your SSL certificate key.

You can create a self-signed certificate with:

• gitlab_create_self_signed_cert: If true, a self-signed certificate is created.
• gitlab_self_signed_cert_subj: Customize the certificate details according to your location.

LetsEncrypt Configuration

Use LetsEncrypt for SSL certificates:

• gitlab_letsencrypt_enable: Set to true to enable LetsEncrypt.
• gitlab_letsencrypt_contact_emails: List of emails for communication from LetsEncrypt.
• Settings for automatic renewal are available as well.

LDAP Configuration

If you want to enable LDAP for authentication:

• gitlab_ldap_enabled: Set to true to enable LDAP.
• The rest of the LDAP settings will detail how to connect to your LDAP server.

Dependencies

These packages are required for GitLab to work:

• openssh-server, postfix, curl, openssl, and tzdata.

You can customize these packages if needed.

Time Zone and Backup Settings

• Set the time zone with gitlab_time_zone: "UTC".
• Control how long backups are kept with gitlab_backup_keep_time: (default is 604800 seconds).

Email Configuration

To set up email notifications from GitLab:

• Enable mailing with gitlab_email_enabled, and specify from and reply-to addresses.

SMTP Configuration

For sending emails, set SMTP details if you enable it with gitlab_smtp_enable set to true.

Nginx Configuration

If GitLab is behind a reverse proxy, you may need to configure ports and SSL verification settings to suit your setup.

Additional Configuration Options

GitLab has many more settings. You can add them using the gitlab_extra_settings variable to customize your setup further.

Example Playbook

Here's a simple example of an Ansible playbook using this role:

- hosts: servers
  vars_files:
    - vars/main.yml
  roles:
    - { role: geerlingguy.gitlab }

In vars/main.yml, you would have:

gitlab_external_url: "https://gitlab.example.com/"

License

This project is licensed under MIT/BSD.

Author Information

This role was created by Jeff Geerling in 2014. He is also the author of Ansible for DevOps.