yabusygin.gitlab

Panoramica Versioni Approfondimenti

Ansible Role: gitlab

Test workflow status Release workflow status

This is an Ansible role to install GitLab version 13.0 or newer.

Requirements

This role requires the community.docker.docker_compose module, which means you need the community.docker collection on your control node.

On the managed node, you need the following:

It's recommended to use the yabusygin.docker role to install all necessary components on the managed node.

Role Variables

Below are some important variables. Refer to the Wiki and the "Example Playbook" section for more examples.

Docker Configuration

  • gitlab_image -- The Docker container image to use, with a default value of gitlab/gitlab-ce:latest.
  • gitlab_restart_policy -- The restart policy for the Docker container. Options are always, on-failure, unless-stopped. By default, Docker does not restart a container.

URL

  • gitlab_hostname -- The domain name for the GitLab host. Default: gitlab.test.
  • gitlab_web_port -- The web UI port number. Default: 80.
  • gitlab_registry_port -- The container registry port number. Default: 5050.
  • gitlab_ssh_port -- The SSH port for Git shell. Default: 22.

HTTPS

  • gitlab_https_enable -- Enable HTTPS. Default: no.
  • gitlab_letsencrypt_enable -- Enable automated HTTPS with Let’s Encrypt. Default: no.
  • gitlab_https_key -- Path to the private key on the control host.
  • gitlab_https_cert -- Path to the certificate chain on the control host.

Outgoing Emails

  • gitlab_email_enable -- Enable outgoing emails. Values: yes, no. Default: no.
  • gitlab_email_from_mailbox -- The mailbox for the "From" header in outgoing emails.
  • gitlab_email_from_display_name -- The display name for the "From" header in outgoing emails.
  • gitlab_email_reply_to_mailbox -- The mailbox for the "Reply-To" header in outgoing emails.
  • gitlab_email_smtp_server_host -- The name of the SMTP server.
  • gitlab_email_smtp_server_port -- The SMTP server port.
  • gitlab_email_smtp_transport_security -- Security mechanism used for transport. Values: tls (SMTPS), starttls.
  • gitlab_email_smtp_verify_server_cert -- Whether to verify the SMTP server certificate. Default: yes.
  • gitlab_email_smtp_ca_cert -- Local path to the CA certificate used for verifying the SMTP server certificate.
  • gitlab_email_smtp_user_auth_method -- SMTP user authentication method. Values: plain, login, cram_md5.
  • gitlab_email_smtp_user_name -- SMTP user name.
  • gitlab_email_smtp_user_password -- SMTP user password.

Application server (Puma)

Variable reference:

  • gitlab_workers -- Number of Puma workers.
  • gitlab_min_threads -- Minimum number of Puma threads.
  • gitlab_max_threads -- Maximum number of Puma threads.

Monitoring

Variable reference:

  • gitlab_monitoring_whitelist -- List of addresses/subnets for monitoring endpoints allowed to perform health checks.

Backup

Refer to Gitlab documentation for more details.

Automated Backups

  • gitlab_backup_cron_enable -- Enable cron job for periodic backups. Default: no.
  • gitlab_backup_cron_minute -- Cron command minute field. Required variable. See crontab(5).
  • gitlab_backup_cron_hour -- Cron command hour field. Required variable. See crontab(5).
  • gitlab_backup_cron_day_of_month -- Cron command day of month field. Default: *.
  • gitlab_backup_cron_month -- Cron command month field. Default: *.
  • gitlab_backup_cron_day_of_week -- Cron command day of week field. Default: *.
  • gitlab_backup_cron_docker_cmd -- Command for invoking Docker Engine in the backup cron job. Default: docker.
  • gitlab_backup_cron_docker_compose_cmd -- Command for invoking Docker Compose in the backup cron job. Default: docker compose.

Upload Backups to S3-Compatible Storage

  • gitlab_backup_upload_enable -- Enable uploading backups to remote storage. Default: no.
  • gitlab_backup_upload_s3_region -- AWS region.
  • gitlab_backup_upload_s3_bucket -- S3 bucket for backup storage. Required variable.
  • gitlab_backup_upload_s3_access_key_id -- Access key ID. Required variable.
  • gitlab_backup_upload_s3_secret_access_key -- Secret access key. Required variable.
  • gitlab_backup_upload_s3_endpoint -- S3-compatible storage HTTP API endpoint.
  • gitlab_backup_upload_s3_path_style_enable -- Use path-style method for accessing a bucket.

Set Lifetime of Local Backup Files

  • gitlab_backup_keep_time -- Sets the value for gitlab_rails['backup_keep_time'].

Dependencies

If you use the yabusygin.docker role for Docker and other requirements, it's recommended to enable user namespace remapping (see example below).

Example Playbook

Default setup (assuming Docker and other requirements are already installed):

- name: set up GitLab
  hosts: gitlab
  tasks:
    - name: set up GitLab
      ansible.builtin.import_role:
        name: yabusygin.gitlab

Customized setup with yabusygin.docker role:

---
- name: set up customized Docker and GitLab
  hosts: gitlab
  tasks:
    - name: set up Docker
      ansible.builtin.import_role:
        name: yabusygin.docker
      vars:
        userns-remap: default
        log-driver: json-file
        log-opts:
          max-size: 10m
          max-file: "3"

    - name: set up GitLab
      ansible.builtin.import_role:
        name: yabusygin.gitlab
      vars:
        gitlab_image: gitlab/gitlab-ee:latest
        gitlab_restart_policy: always

        gitlab_hostname: gitlab.example.com
        gitlab_web_port: 3443
        gitlab_registry_port: 5001
        gitlab_ssh_port: 2222

        gitlab_https_enable: yes
        gitlab_https_key: https/gitlab.key.pem
        gitlab_https_cert: https/gitlab.crt.pem

        gitlab_workers: 2
        gitlab_min_threads: 4
        gitlab_max_threads: 4

        gitlab_monitoring_whitelist:
          - 192.168.10.39
          - 10.0.1.0/24

        gitlab_email_enable: yes
        gitlab_email_from_mailbox: [email protected]
        gitlab_email_from_display_name: GitLab
        gitlab_email_reply_to_mailbox: [email protected]
        gitlab_email_smtp_server_host: smtp.example.com
        gitlab_email_smtp_server_port: 587
        gitlab_email_smtp_transport_security: starttls
        gitlab_email_smtp_user_auth_method: login
        gitlab_email_smtp_user_name: gitlab
        gitlab_email_smtp_user_password: Pa$$w0rD

        gitlab_backup_cron_enable: yes
        gitlab_backup_cron_minute: 0
        gitlab_backup_cron_hour: 2
        gitlab_backup_cron_docker_cmd: /usr/bin/docker
        gitlab_backup_cron_docker_compose_cmd: /usr/local/bin/docker-compose

        gitlab_backup_upload_enable: yes
        gitlab_backup_upload_type: s3
        gitlab_backup_upload_s3_endpoint: https://ams3.digitaloceanspaces.com
        gitlab_backup_upload_s3_region: ams3
        gitlab_backup_upload_s3_bucket: my.s3.bucket
        gitlab_backup_upload_s3_access_key_id: AKIAKIAKI
        gitlab_backup_upload_s3_secret_access_key: secret123

        gitlab_backup_keep_time: 604800

License

MIT

Author Information

Alexey Busygin <yaabusygin@gmail.com>

Informazioni sul progetto

An Ansible role for setting up GitLab.

role docker git gitlab
Installa
ansible-galaxy install yabusygin.gitlab
GitHub repository
2 stelle
0 fork
3 problemi aperti
Licenza
mit
Download
105
Proprietario