hifis.gitlab

Panoramica Versioni Approfondimenti

GitLab Ansible Role

:warning: This project is no longer active! :warning:

This role has moved to our hifis.toolkit collection:

This role installs and configures the official GitLab Omnibus package.

The currently supported platforms are:

CentOS 7
AlmaLinux 8
Debian 11 (Bullseye)
Ubuntu 18.04 LTS (Bionic Beaver)
Ubuntu 20.04 LTS (Focal Fossa)
Ubuntu 22.04 LTS (Jemmy Jellyfish)

Requirements

No requirements.

Role Variables

Important Role Variables

GitLab Edition

Choose the GitLab edition to install. Use gitlab-ce for Community Edition or gitlab-ee for Enterprise Edition.

gitlab_edition: "gitlab-ee"

GitLab Version and Release

Specify the GitLab version and release you want to install. You can find the available releases here.

gitlab_version: "15.6.1"

# GitLab Release for RHEL/AlmaLinux 8
gitlab_release: "ce.0.el8"

# GitLab Release for Ubuntu
gitlab_release: "ce.0"

Note: If you don't specify a GitLab version, the latest version will be installed.

GPG Key URL

Provide the URL for the GPG key used to sign the packages.

gitlab_gpg_key_url: "https://packages.gitlab.com/gitlab/{{ gitlab_edition }}/gpgkey"

GPG Key ID

Provide the ID of the GPG key used to sign the packages.

gitlab_gpg_key_id: "F6403F6544A38863DAA0B6E03F01618A51312F3F"

Package Repository URL

Provide the URL to the package repository based on the operating system.

gitlab_repo_url: "https://packages.gitlab.com/gitlab/{{ gitlab_edition }}/ubuntu/"

Source Package Repository URL

Provide the URL to the source package repository (for CentOS and AlmaLinux only).

gitlab_source_repo_url: "https://packages.gitlab.com/gitlab/{{ gitlab_edition }}/el/{{ ansible_facts.distribution_major_version }}/SRPMS"

Package Name

Specify the name of the GitLab package to install.

gitlab_package_name: "{{ gitlab_edition + '=' + gitlab_version + '-' + gitlab_release if gitlab_version and gitlab_release else gitlab_edition }}"

Package Dependencies

List of packages required by GitLab based on the operating system.

gitlab_dependencies:
  - apt-transport-https
  - curl
  - gnupg
  - openssh-server
  - openssl
  - tzdata

URL of Your GitLab Instance

Provide the URL of your GitLab instance:

gitlab_external_url: 'https://gitlab.example.com'

Timezone for GitLab

Select the timezone used by GitLab:

gitlab_time_zone: 'Europe/Berlin'

Backup Retention Period

Set the time (in seconds) to keep your GitLab backups:

gitlab_backup_keep_time: '604800'

Optional Role Variables

Configuration File Template Name

Specify the name of the template for GitLab's configuration file:

gitlab_configuration_file_template: 'gitlab.rb.j2'

Path to GitLab's Configuration File

Provide the path to the configuration file for your GitLab instance:

gitlab_configuration_file_path: '/etc/gitlab/gitlab.rb'

Default Theme for GitLab

Choose the default theme for new GitLab users:

gitlab_default_theme: '2'

Backup Directory Path

Specify the path for GitLab backups:

gitlab_backup_path: '/var/opt/gitlab/backups'

Nginx Listening Port

Set the port that GitLab's web server (Nginx) will listen on:

gitlab_nginx_listen_port: '80'

Nginx HTTPS Requests

Indicate if GitLab's Nginx accepts HTTPS requests:

gitlab_nginx_listen_https: 'false'

Nginx HTTP to HTTPS Redirect

Specify if HTTP requests should be redirected to HTTPS:

gitlab_nginx_redirect_http_to_https: 'false'

Set GitLab Feature Flags

You can enable or disable additional features with GitLab feature flags. This is a list of key-value pairs specifying the feature name and its enabled state.

gitlab_feature_flags:
  - name: "vscode_web_ide"
    enabled: true
  - name: "chatops"
    enabled: true
  - name: "webauthn"
    enabled: false

Mattermost Only Feature

This role can run Mattermost without GitLab. Set to true to prevent the role from reloading services like sidekiq or puma:

gitlab_mattermost_only_context: 'false'

Variables for External Redis

Use External Redis

Set to false to enable an external Redis instance:

gitlab_use_internal_redis: 'false'

Redis Authentication Password

It’s recommended to set a password for Redis Master and Replicas:

gitlab_redis_password: 'changeme'

Caution: Use your own secure password here.

Redis Sentinel Password

Specify the password for Redis Sentinel if needed:

gitlab_redis_sentinel_password: 'changeme'

Caution: Use your own secure password here.

Redis Cluster Name

Provide a name for the Redis cluster:

gitlab_redis_cluster_name: 'redis-cluster'

Redis Sentinel IPs

List the IP addresses for Redis Sentinel servers:

gitlab_redis_sentinel_ips:
  - '192.168.33.11'
  - '192.168.33.12'
  - '192.168.33.13'

Redis Sentinel Port

Specify the port for Redis Sentinel servers:

gitlab_redis_sentinel_port: '26379'

Whitelist IPs for Redis Monitoring

Specify the range of GitLab IP addresses allowed to monitor Redis Sentinel servers:

gitlab_ip_range: '{{ ansible_facts.default_ipv4.address }}/24'

Variables for External Gitaly

Use External Gitaly

Set to false to enable an external Gitaly instance:

gitlab_use_internal_gitaly: 'false'

GitLab Data Directory

Specify where GitLab's data directory is located:

gitlab_git_data_dir: "/var/opt/gitlab/git-data"

Gitaly Authentication Token

Provide a token for Gitaly authentication:

gitlab_gitaly_token: 'changeme'

Caution: Use your own secure password here.

GitLab Shell Token

Provide a token for GitLab Shell:

gitlab_secret_token: 'changeme'

Caution: Use your own secure password here.

Gitaly Instance IP

Specify the IP address of the Gitaly instance:

gitlab_gitaly_instance_ip: '127.0.0.1'

Gitaly Instance Port

Specify the port of the Gitaly instance:

gitlab_gitaly_instance_port: '8075'

Variables for External PostgreSQL Database

Use External PostgreSQL

Set to false to enable an external PostgreSQL Database instance:

gitlab_use_internal_postgresql: 'false'

PostgreSQL Database IP

Provide the IP address of the external PostgreSQL Database:

gitlab_postgresql_db_host: '127.0.0.1'

PostgreSQL Database Password

Set the password for the external PostgreSQL Database:

gitlab_postgresql_db_password: 'changeme'

Caution: Use your own secure password here.

Enable GitLab Registry

Enable the GitLab container registry:

gitlab_registry_enable: "true"

Keep in mind: If you don't use a load balancer with GitLab, you'll need to configure registry_nginx['ssl_certificate'] and registry_nginx['ssl_certificate_key'] through gitlab_additional_configurations.

Additional Role Variables

Other GitLab configurations that are not included in the default configuration file can be set using Ansible role variables.

Configurations via Dictionary-like Variables

You can provide additional configurations using Ruby-style key-value pairs.

Example Usage:

gitlab_additional_configurations:
  - gitlab_rails:
      - key: "time_zone"
        value: "Europe/Berlin"
  - nginx:
      - key: "listen_port"
        type: "plain"
        value: "80"
      - key: "listen_https"
        type: "plain"
        value: "false"

Resulting Configuration:

gitlab_rails['time_zone'] = 'Europe/Berlin'
nginx['listen_port'] = 80
nginx['listen_https'] = false

Configurations via Ruby Function Calls

You can provide more complex configurations using Ruby function calls.

Example Usage:

gitlab_ruby_configuration_calls:
  - key: "pages_external_url"
    value: "https://pages.example.com"
  - key: "registry_external_url"
    value: "https://registry.example.com"
  - key: "mattermost_external_url"
    value: "https://mattermost.example.com"

Resulting Configuration:

registry_external_url "https://registry.example.com"
pages_external_url "https://pages.example.com"
mattermost_external_url "https://mattermost.example.com"