• R/O
  • HTTP
  • SSH
  • HTTPS

grid-chef-repo: Commit

Grid環境構築用のChefリポジトリです。


Commit MetaInfo

Revision43909b0d5046317e33789c6bc74c268ee4b4a91d (tree)
Zeit2017-02-19 14:31:50
Autorwhitestar <whitestar@gaea...>
Commiterwhitestar

Log Message

adds the gitlab-grid cookbook.

Ändern Zusammenfassung

Diff

--- /dev/null
+++ b/cookbooks/gitlab-grid/.foodcritic
@@ -0,0 +1,2 @@
1+~FC001
2+~FC019
\ No newline at end of file
--- /dev/null
+++ b/cookbooks/gitlab-grid/.rubocop.yml
@@ -0,0 +1,48 @@
1+AllCops:
2+ Exclude:
3+ - vendor/**/*
4+ - templates/default/etc/gitlab/gitlab.rb
5+
6+AlignParameters:
7+ Enabled: false
8+LineLength:
9+ Enabled: false
10+Lint/UnusedBlockArgument:
11+ Enabled: false
12+Metrics/AbcSize:
13+ Enabled: false
14+Style/BlockComments:
15+ Enabled: false
16+Style/BlockDelimiters:
17+ Enabled: false
18+Style/ExtraSpacing:
19+ Enabled: false
20+Style/FileName:
21+ Enabled: false
22+Style/LeadingCommentSpace:
23+ Enabled: false
24+Style/RescueModifier:
25+ Enabled: false
26+Style/SpaceBeforeFirstArg:
27+ Enabled: false
28+Style/TrailingCommaInLiteral:
29+ EnforcedStyleForMultiline: comma
30+Style/WordArray:
31+ Enabled: false
32+
33+#Lint/ShadowingOuterLocalVariable:
34+# Enabled: false
35+#Metrics/MethodLength:
36+# Max: 10
37+#Metrics/ModuleLength:
38+# Max: 100
39+#Metrics/CyclomaticComplexity:
40+# Max: 6
41+#Metrics/PerceivedComplexity:
42+# Max: 7
43+#Style/AccessorMethodName:
44+# Enabled: false
45+#Style/MultilineOperationIndentation:
46+# Enabled: false
47+#Style/PerlBackrefs:
48+# Enabled: false
--- /dev/null
+++ b/cookbooks/gitlab-grid/Berksfile
@@ -0,0 +1,21 @@
1+#
2+# Copyright 2017 whitestar
3+#
4+# Licensed under the Apache License, Version 2.0 (the "License");
5+# you may not use this file except in compliance with the License.
6+# You may obtain a copy of the License at
7+#
8+# http://www.apache.org/licenses/LICENSE-2.0
9+#
10+# Unless required by applicable law or agreed to in writing, software
11+# distributed under the License is distributed on an "AS IS" BASIS,
12+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13+# See the License for the specific language governing permissions and
14+# limitations under the License.
15+#
16+
17+# for ver. 3.x
18+#source 'https://gpm00.grid.example.com:6280'
19+source 'https://supermarket.chef.io'
20+
21+metadata
--- /dev/null
+++ b/cookbooks/gitlab-grid/CHANGELOG.md
@@ -0,0 +1,5 @@
1+# gitlab-grid CHANGELOG
2+
3+0.1.0
4+-----
5+- Initial release of gitlab-grid
--- /dev/null
+++ b/cookbooks/gitlab-grid/Gemfile
@@ -0,0 +1,3 @@
1+source 'https://rubygems.org'
2+
3+#gem 'foodcritic'
--- /dev/null
+++ b/cookbooks/gitlab-grid/README.md
@@ -0,0 +1,194 @@
1+gitlab-grid Cookbook
2+=====================
3+
4+This cookbook sets up a GitLab server.
5+
6+## Contents
7+
8+- [Contents](#contents)
9+- [Requirements](#requirements)
10+ - [platforms](#platforms)
11+ - [packages](#packages)
12+- [Attributes](#attributes)
13+- [Usage](#usage)
14+ - [Recipes](#recipes)
15+ - [gitlab-grid::default](#gitlab-griddefault)
16+ - [gitlab-grid::server](#gitlab-gridserver)
17+ - [gitlab-grid::docker-compose (NOT supported yet)](#gitlab-griddocker-compose-not-supported-yet)
18+ - [Role Examples](#role-examples)
19+ - [SSL server keys and certificates management by ssl_cert cookbook](#ssl-server-keys-and-certificates-management-by-ssl_cert-cookbook)
20+- [License and Authors](#license-and-authors)
21+
22+## Requirements
23+
24+### platforms
25+- none.
26+
27+### packages
28+- none.
29+
30+## Attributes
31+
32+|Key|Type|Description, example|Default|
33+|:--|:--|:--|:--|
34+|`['gitlab-grid']['with_ssl_cert_cookbook']`|Boolean|If this attribute is true, `node['gitlab-grid']['gitlab.rb']` are are overridden by the following `common_name` attributes.|`false`|
35+|`['gitlab-grid']['ssl_cert']['common_name']`|String|GitLab server common name for TLS|`node['fqdn']`|
36+|`['gitlab-grid']['gitlab.rb']`|Hash|`gitlab.rb` configurations.|See `attributes/default.rb`|
37+|`['gitlab-grid']['gitlab.rb_extra_config_str']`|String|`gitlab.rb` exstra configuration string (source code in Ruby).|`nil`|
38+
39+## Usage
40+
41+### Recipes
42+
43+#### gitlab-grid::default
44+
45+This recipe does nothing.
46+
47+#### gitlab-grid::server
48+
49+This recipe sets up a GitLab server.
50+
51+#### gitlab-grid::docker-compose (NOT supported yet)
52+
53+This recipe generates a docker-compose.yml for the GitLab server.
54+
55+### Role Examples
56+
57+- `roles/gitlab.rb`
58+
59+```ruby
60+name 'gitlab'
61+description 'GitLab'
62+
63+run_list(
64+ 'recipe[gitlab-grid::server]',
65+)
66+
67+#env_run_lists()
68+
69+#default_attributes()
70+
71+gitlab_cn = 'gitlab.io.example.com'
72+
73+override_attributes(
74+ 'gitlab-grid' => {
75+ 'gitlab.rb' => {
76+ 'external_url' => "http://#{gitlab_cn}",
77+ 'gitlab_rails' => {
78+ 'time_zone' => 'Asia/Tokyo',
79+ },
80+ },
81+ },
82+)
83+```
84+
85+- `roles/gitlab-with-ssl-cert.rb`
86+
87+```ruby
88+name 'gitlab-with-ssl-cert'
89+description 'GitLab setup with ssl_cert cookbook'
90+
91+run_list(
92+ 'recipe[ssl_cert::server_key_pairs]',
93+ 'recipe[gitlab-grid::server]',
94+)
95+
96+#env_run_lists()
97+
98+#default_attributes()
99+
100+gitlab_cn = 'gitlab.io.example.com'
101+
102+override_attributes(
103+ 'ssl_cert' => {
104+ 'common_names' => [
105+ gitlab_cn,
106+ ],
107+ },
108+ 'gitlab-grid' => {
109+ 'with_ssl_cert_cookbook' => true,
110+ 'ssl_cert' => {
111+ 'common_name' => gitlab_cn,
112+ },
113+ 'gitlab.rb' => {
114+ 'external_url' => "http://#{gitlab_cn}",
115+ 'gitlab_rails' => {
116+ 'time_zone' => 'Asia/Tokyo',
117+ },
118+ 'nginx' => {
119+ 'redirect_http_to_https' => true,
120+ },
121+ },
122+ },
123+)
124+```
125+
126+### SSL server keys and certificates management by ssl_cert cookbook
127+
128+- create vault items.
129+
130+```text
131+$ ruby -rjson -e 'puts JSON.generate({"private" => File.read("gitlab_io_example_com.prod.key")})' \
132+> > ~/tmp/gitlab_io_example_com.prod.key.json
133+
134+$ knife vault create ssl_server_keys gitlab.io.example.com.prod \
135+> --json ~/tmp/gitlab_io_example_com.prod.key.json
136+
137+$ ruby -rjson -e 'puts JSON.generate({"public" => File.read("gitlab_io_example_com.prod.crt")})' \
138+> > ~/tmp/gitlab_io_example_com.prod.crt.json
139+
140+$ knife vault create ssl_server_certs gitlab.io.example.com.prod \
141+> --json ~/tmp/gitlab_io_example_com.prod.crt.json
142+```
143+
144+- grant reference permission to the gitlab host
145+
146+```text
147+$ knife vault update ssl_server_keys gitlab.io.example.com.prod -S 'name:gitlab*.io.example.com'
148+$ knife vault update ssl_server_certs gitlab.io.example.com.prod -S 'name:gitlab*.io.example.com'
149+```
150+
151+- modify run_list and attributes
152+
153+```ruby
154+run_list(
155+ 'recipe[ssl_cert::server_key_pairs]',
156+ 'recipe[gitlab-grid::server]',
157+ #'recipe[gitlab-grid::docker-compose]',
158+)
159+
160+override_attributes(
161+ 'ssl_cert' => {
162+ 'common_names' => [
163+ 'gitlab.io.example.com',
164+ ],
165+ },
166+ 'gitlab-grid' => {
167+ 'with_ssl_cert_cookbook' => true,
168+ 'ssl_cert' => {
169+ 'common_name' => 'gitlab.io.example.com',
170+ },
171+ # ...
172+ },
173+)
174+```
175+
176+## License and Authors
177+
178+- Author:: whitestar at osdn.jp
179+
180+```text
181+Copyright 2017, whitestar
182+
183+Licensed under the Apache License, Version 2.0 (the "License");
184+you may not use this file except in compliance with the License.
185+You may obtain a copy of the License at
186+
187+ http://www.apache.org/licenses/LICENSE-2.0
188+
189+Unless required by applicable law or agreed to in writing, software
190+distributed under the License is distributed on an "AS IS" BASIS,
191+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
192+See the License for the specific language governing permissions and
193+limitations under the License.
194+```
--- /dev/null
+++ b/cookbooks/gitlab-grid/Rakefile
@@ -0,0 +1,23 @@
1+require 'rspec/core/rake_task'
2+require 'rubocop/rake_task'
3+require 'foodcritic'
4+
5+namespace :style do
6+ desc 'Run Ruby style checks'
7+ RuboCop::RakeTask.new(:ruby)
8+
9+ desc 'Run Chef style checks'
10+ FoodCritic::Rake::LintTask.new(:chef) do |t|
11+ t.options = {
12+ fail_tags: ['any'],
13+ }
14+ end
15+end
16+
17+desc 'Run all style checks'
18+task style: ['style:chef', 'style:ruby']
19+
20+desc 'Run ChefSpec examples'
21+RSpec::Core::RakeTask.new(:spec)
22+
23+task default: ['style', 'spec']
--- /dev/null
+++ b/cookbooks/gitlab-grid/attributes/default.rb
@@ -0,0 +1,67 @@
1+#
2+# Cookbook Name:: gitlab-grid
3+# Attributes:: default
4+#
5+# Copyright 2017, whitestar
6+#
7+# Licensed under the Apache License, Version 2.0 (the "License");
8+# you may not use this file except in compliance with the License.
9+# You may obtain a copy of the License at
10+#
11+# http://www.apache.org/licenses/LICENSE-2.0
12+#
13+# Unless required by applicable law or agreed to in writing, software
14+# distributed under the License is distributed on an "AS IS" BASIS,
15+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16+# See the License for the specific language governing permissions and
17+# limitations under the License.
18+#
19+
20+default['gitlab-grid']['with_ssl_cert_cookbook'] = false
21+# If ['gitlab-grid']['with_ssl_cert_cookbook'] is true,
22+# node['gitlab-grid']['gitlab.rb'] are overridden by the following 'common_name' attributes.
23+default['gitlab-grid']['ssl_cert']['common_name'] = node['fqdn']
24+default['gitlab-grid']['gitlab.rb'] = {
25+ 'external_url' => "http://#{node['fqdn']}",
26+ 'gitlab_rails' => {
27+ 'time_zone' => 'UTC',
28+ },
29+ 'nginx' => {
30+ 'redirect_http_to_https' => false,
31+ },
32+}
33+default['gitlab-grid']['gitlab.rb_extra_config_str'] = nil
34+default['gitlab-grid']['docker-compose']['app_dir'] = "#{node['docker-grid']['compose']['app_dir']}/gitlab"
35+default['gitlab-grid']['docker-compose']['etc_dir'] = "#{node['gitlab-grid']['docker-compose']['app_dir']}/etc"
36+default['gitlab-grid']['docker-compose']['logs_dir'] = "#{node['gitlab-grid']['docker-compose']['app_dir']}/logs"
37+default['gitlab-grid']['docker-compose']['data_dir'] = "#{node['gitlab-grid']['docker-compose']['app_dir']}/data"
38+default['gitlab-grid']['docker-compose']['config'] = {
39+ # Version 2 docker-compose format
40+ 'version' => '2',
41+ 'services' => {
42+ 'gitlab' => {
43+ 'image' => 'gitlab/gitlab-ce:latest',
44+ 'restart' => 'always',
45+ 'hostname' => 'gitlab.io.example.com',
46+ 'environment' => {
47+=begin
48+ # Do not use this variable, instead use the `['gitlab-grid']['gitlab.rb']` attribute.
49+ 'GITLAB_OMNIBUS_CONFIG' => <<-EOS,
50+external_url 'http://gitlab.io.example.com'
51+# Add any other gitlab.rb configuration here, each on its own line
52+ EOS
53+=end
54+ },
55+ 'ports' => [
56+ #'80:80',
57+ #'443:443',
58+ #'22:22',
59+ ],
60+ 'volumes' => [
61+ "#{node['gitlab-grid']['docker-compose']['etc_dir']}:/etc/gitlab",
62+ "#{node['gitlab-grid']['docker-compose']['logs_dir']}:/var/log/gitlab",
63+ "#{node['gitlab-grid']['docker-compose']['data_dir']}:/var/opt/gitlab",
64+ ],
65+ },
66+ },
67+}
--- /dev/null
+++ b/cookbooks/gitlab-grid/metadata.rb
@@ -0,0 +1,18 @@
1+# $ knife supermarket share gitlab-grid "Applications"
2+name 'gitlab-grid'
3+maintainer 'whitestar'
4+maintainer_email ''
5+license 'Apache 2.0'
6+description 'Installs/Configures gitlab-grid'
7+long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
8+version '0.1.0'
9+source_url 'http://scm.osdn.jp/gitroot/metasearch/grid-chef-repo.git'
10+issues_url 'https://osdn.jp/projects/metasearch/ticket'
11+
12+supports 'ubuntu', '>= 16.04'
13+%w( centos redhat ).each do |os|
14+ supports os, '>= 7.3'
15+end
16+
17+depends 'docker-grid', '>= 0.3.6'
18+depends 'ssl_cert', '>= 0.3.3'
--- /dev/null
+++ b/cookbooks/gitlab-grid/recipes/commons.rb
@@ -0,0 +1,30 @@
1+#
2+# Cookbook Name:: gitlab-grid
3+# Recipe:: commons
4+#
5+# Copyright 2017, whitestar
6+#
7+# Licensed under the Apache License, Version 2.0 (the "License");
8+# you may not use this file except in compliance with the License.
9+# You may obtain a copy of the License at
10+#
11+# http://www.apache.org/licenses/LICENSE-2.0
12+#
13+# Unless required by applicable law or agreed to in writing, software
14+# distributed under the License is distributed on an "AS IS" BASIS,
15+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16+# See the License for the specific language governing permissions and
17+# limitations under the License.
18+#
19+
20+config = node['gitlab-grid']['gitlab.rb']
21+#override_config = node.override['gitlab-grid']['gitlab.rb']
22+force_override_config = node.force_override['gitlab-grid']['gitlab.rb']
23+
24+if node['gitlab-grid']['with_ssl_cert_cookbook']
25+ ::Chef::Recipe.send(:include, SSLCert::Helper)
26+ cn = node['gitlab-grid']['ssl_cert']['common_name']
27+ force_override_config['external_url'] = config['external_url'].gsub('http://', 'https://')
28+ force_override_config['nginx']['ssl_certificate'] = server_cert_path(cn)
29+ force_override_config['nginx']['ssl_certificate_key'] = server_key_path(cn)
30+end
--- /dev/null
+++ b/cookbooks/gitlab-grid/recipes/default.rb
@@ -0,0 +1,18 @@
1+#
2+# Cookbook Name:: gitlab-grid
3+# Recipe:: default
4+#
5+# Copyright 2017, whitestar
6+#
7+# Licensed under the Apache License, Version 2.0 (the "License");
8+# you may not use this file except in compliance with the License.
9+# You may obtain a copy of the License at
10+#
11+# http://www.apache.org/licenses/LICENSE-2.0
12+#
13+# Unless required by applicable law or agreed to in writing, software
14+# distributed under the License is distributed on an "AS IS" BASIS,
15+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16+# See the License for the specific language governing permissions and
17+# limitations under the License.
18+#
--- /dev/null
+++ b/cookbooks/gitlab-grid/recipes/docker-compose.rb
@@ -0,0 +1,87 @@
1+#
2+# Cookbook Name:: gitlab-grid
3+# Recipe:: docker-compose
4+#
5+# Copyright 2017, whitestar
6+#
7+# Licensed under the Apache License, Version 2.0 (the "License");
8+# you may not use this file except in compliance with the License.
9+# You may obtain a copy of the License at
10+#
11+# http://www.apache.org/licenses/LICENSE-2.0
12+#
13+# Unless required by applicable law or agreed to in writing, software
14+# distributed under the License is distributed on an "AS IS" BASIS,
15+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16+# See the License for the specific language governing permissions and
17+# limitations under the License.
18+#
19+
20+doc_url = 'https://docs.gitlab.com/omnibus/docker/README.html'
21+
22+include_recipe 'docker-grid::compose'
23+include_recipe 'gitlab-grid::commons'
24+
25+config = node['gitlab-grid']['docker-compose']['config']
26+override_config = node.override['gitlab-grid']['docker-compose']['config']
27+force_override_config = node.force_override['gitlab-grid']['docker-compose']['config']
28+app_dir = node['gitlab-grid']['docker-compose']['app_dir']
29+etc_dir = node['gitlab-grid']['docker-compose']['etc_dir']
30+logs_dir = node['gitlab-grid']['docker-compose']['logs_dir']
31+data_dir = node['gitlab-grid']['docker-compose']['data_dir']
32+#certs_dir = "#{app_dir}/certs"
33+
34+envs = {}
35+vols = config['services']['gitlab']['volumes'].to_a
36+
37+[
38+ app_dir,
39+ etc_dir,
40+ logs_dir,
41+ data_dir,
42+].each {|dir|
43+ resources(directory: dir) rescue directory dir do
44+ owner 'root'
45+ group 'root'
46+ mode '0755'
47+ recursive true
48+ end
49+}
50+
51+override_config['services']['gitlab']['ports'] = [
52+ '80:80',
53+ '443:443',
54+ '22:22',
55+] if config['services']['gitlab']['ports'].empty?
56+
57+=begin
58+if node['gitlab-grid']['with_ssl_cert_cookbook']
59+ ::Chef::Recipe.send(:include, SSLCert::Helper)
60+ cn = node['gitlab-grid']['ssl_cert']['common_name']
61+ # TODO: support
62+end
63+=end
64+
65+force_override_config['services']['gitlab']['environment'] = envs unless envs.empty?
66+override_config['services']['gitlab']['volumes'] = vols unless vols.empty?
67+
68+[
69+ 'docker-compose.yml',
70+].each {|conf_file|
71+ template "#{app_dir}/#{conf_file}" do
72+ source "opt/docker-compose/app/gitlab/#{conf_file}"
73+ owner 'root'
74+ group 'root'
75+ mode '0644'
76+ end
77+}
78+
79+log <<-"EOM"
80+Note: You must execute the following command manually.
81+ See #{doc_url}
82+ - Start:
83+ $ cd #{app_dir}
84+ $ docker-compose up -d
85+ - Stop
86+ $ docker-compose down
87+EOM
--- /dev/null
+++ b/cookbooks/gitlab-grid/recipes/server.rb
@@ -0,0 +1,111 @@
1+#
2+# Cookbook Name:: gitlab-grid
3+# Recipe:: server
4+#
5+# Copyright 2017, whitestar
6+#
7+# Licensed under the Apache License, Version 2.0 (the "License");
8+# you may not use this file except in compliance with the License.
9+# You may obtain a copy of the License at
10+#
11+# http://www.apache.org/licenses/LICENSE-2.0
12+#
13+# Unless required by applicable law or agreed to in writing, software
14+# distributed under the License is distributed on an "AS IS" BASIS,
15+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16+# See the License for the specific language governing permissions and
17+# limitations under the License.
18+#
19+
20+# https://about.gitlab.com/downloads/
21+
22+#::Chef::Recipe.send(:include, PlatformUtils::VirtUtils)
23+
24+include_recipe 'gitlab-grid::commons'
25+
26+#config = node['gitlab-grid']['gitlab.rb']
27+#override_config = node.override['gitlab-grid']['gitlab.rb']
28+#force_override_config = node.force_override['gitlab-grid']['gitlab.rb']
29+
30+case node['platform_family']
31+when 'rhel'
32+ [
33+ 'curl',
34+ 'policycoreutils',
35+ 'openssh-server',
36+ 'openssh-clients',
37+ 'postfix',
38+ ].each {|pkg|
39+ resources(package: pkg) rescue package pkg do
40+ action :install
41+ end
42+ }
43+
44+ [
45+ 'sshd',
46+ 'postfix',
47+ ].each {|srv|
48+ resources(service: srv) rescue service srv do
49+ action [:enable, :start]
50+ end
51+ }
52+
53+ bash 'update_firewall' do
54+ code <<-EOH
55+ firewall-cmd --permanent --add-service=http
56+ systemctl reload firewalld
57+ EOH
58+ action :run
59+ end
60+
61+ execute 'add_yum_repo_gitlab-ce' do
62+ command 'curl -sS https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.rpm.sh | bash'
63+ action :run
64+ not_if { File.exist?('/etc/yum.repos.d/gitlab_gitlab-ce.repo') }
65+ end
66+when 'debian'
67+ [
68+ 'curl',
69+ 'openssh-server',
70+ 'ca-certificates',
71+ 'postfix',
72+ ].each {|pkg|
73+ resources(package: pkg) rescue package pkg do
74+ action :install
75+ end
76+ }
77+
78+ apt_get_update = 'apt-get_update'
79+ resources(execute: apt_get_update) rescue execute apt_get_update do
80+ command 'apt-get update'
81+ action :nothing
82+ end
83+
84+ execute 'add_apt_source_gitlab-ce' do
85+ command 'curl -sS https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.deb.sh | bash'
86+ action :run
87+ not_if { File.exist?('/etc/apt/sources.list.d/gitlab_gitlab-ce.list') }
88+ notifies :run, "execute[#{apt_get_update}]", :immediately
89+ end
90+end
91+
92+[
93+ 'gitlab-ce',
94+].each {|pkg|
95+ resources(package: pkg) rescue package pkg do
96+ action :install
97+ end
98+}
99+
100+template '/etc/gitlab/gitlab.rb' do
101+ source 'etc/gitlab/gitlab.rb'
102+ owner 'root'
103+ group 'root'
104+ mode '0600'
105+ action :create
106+end
107+
108+log <<-"EOM"
109+Note: You must execute the following command manually if the gitlab.rb file has been updated.
110+ $ sudo gitlab-ctl reconfigure
111+EOM
--- /dev/null
+++ b/cookbooks/gitlab-grid/spec/recipes/default_spec.rb
@@ -0,0 +1,9 @@
1+require_relative '../spec_helper'
2+
3+describe 'gitlab-grid::default' do
4+ let(:chef_run) { ChefSpec::SoloRunner.new.converge(described_recipe) }
5+
6+ #it 'does something' do
7+ # expect(chef_run).to do_something('...')
8+ #end
9+end
--- /dev/null
+++ b/cookbooks/gitlab-grid/spec/spec_helper.rb
@@ -0,0 +1,25 @@
1+# Added by ChefSpec
2+require 'chefspec'
3+
4+# Uncomment to use ChefSpec's Berkshelf extension
5+# require 'chefspec/berkshelf'
6+
7+RSpec.configure do |config|
8+ # Specify the path for Chef Solo to find cookbooks
9+ # config.cookbook_path = '/var/cookbooks'
10+
11+ # Specify the path for Chef Solo to find roles
12+ # config.role_path = '/var/roles'
13+
14+ # Specify the Chef log_level (default: :warn)
15+ # config.log_level = :debug
16+
17+ # Specify the path to a local JSON file with Ohai data
18+ # config.path = 'ohai.json'
19+
20+ # Specify the operating platform to mock Ohai data from
21+ # config.platform = 'ubuntu'
22+
23+ # Specify the operating version to mock Ohai data from
24+ # config.version = '12.04'
25+end
--- /dev/null
+++ b/cookbooks/gitlab-grid/templates/default/etc/gitlab/gitlab.rb
@@ -0,0 +1,1398 @@
1+## GitLab configuration settings
2+# These settings are generated by the gitlab-grid Chef cookbook.
3+# Do NOT edit it manually.
4+<%
5+config = node['gitlab-grid']['gitlab.rb']
6+
7+config.each {|key0, val0|
8+ if val0.is_a?(Hash)
9+ val0.each {|key1, val1|
10+-%>
11+<%= key0 %>['<%= key1 %>'] = <%= val1.inspect %>
12+<%
13+ }
14+ else
15+-%>
16+<%= key0 %> <%= val0.inspect %>
17+<%
18+ end
19+}
20+-%>
21+<% unless node['gitlab-grid']['gitlab.rb_extra_config_str'].nil? %>
22+# extra configuration.
23+<%= node['gitlab-grid']['gitlab.rb_extra_config_str'] %>
24+<% end %>
25+
26+## GitLab URL
27+##! URL on which GitLab will be reachable.
28+##! For more details on configuring external_url see:
29+##! https://docs.gitlab.com/omnibus/settings/configuration.html#configuring-the-external-url-for-gitlab
30+# external_url 'http://gitlab.example.com'
31+
32+## Legend
33+##! The following notations at the beginning of each line may be used to
34+##! differentiate between components of this file and to easily select them using
35+##! a regex.
36+##! ## Titles, subtitles etc
37+##! ##! More information - Description, Docs, Links, Issues etc.
38+##! Configuration settings have a single # followed by a single space at the
39+##! beginning; Remove them to enable the setting.
40+
41+##! Latest options are listed at:
42+##! https://gitlab.com/gitlab-org/omnibus-gitlab/raw/master/files/gitlab-config-template/gitlab.rb.template
43+
44+##! **Configuration settings below are optional.**
45+##! **The values currently assigned are only examples and ARE NOT the default
46+##! values.**
47+
48+
49+################################################################################
50+################################################################################
51+## Configuration Settings for GitLab CE and EE ##
52+################################################################################
53+################################################################################
54+
55+################################################################################
56+## gitlab.yml configuration
57+##! Docs: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/gitlab.yml.md
58+################################################################################
59+# gitlab_rails['gitlab_ssh_host'] = 'ssh.host_example.com'
60+# gitlab_rails['time_zone'] = 'UTC'
61+
62+### Email Settings
63+# gitlab_rails['gitlab_email_enabled'] = true
64+# gitlab_rails['gitlab_email_from'] = 'example@example.com'
65+# gitlab_rails['gitlab_email_display_name'] = 'Example'
66+# gitlab_rails['gitlab_email_reply_to'] = 'noreply@example.com'
67+# gitlab_rails['gitlab_email_subject_suffix'] = ''
68+
69+### GitLab user privileges
70+# gitlab_rails['gitlab_default_can_create_group'] = true
71+# gitlab_rails['gitlab_username_changing_enabled'] = true
72+
73+### Default Theme
74+# gitlab_rails['gitlab_default_theme'] = 2
75+
76+### Default project feature settings
77+# gitlab_rails['gitlab_default_projects_features_issues'] = true
78+# gitlab_rails['gitlab_default_projects_features_merge_requests'] = true
79+# gitlab_rails['gitlab_default_projects_features_wiki'] = true
80+# gitlab_rails['gitlab_default_projects_features_snippets'] = false
81+# gitlab_rails['gitlab_default_projects_features_builds'] = true
82+# gitlab_rails['gitlab_default_projects_features_container_registry'] = true
83+
84+### Automatic issue closing
85+###! See https://docs.gitlab.com/ce/customization/issue_closing.html for more
86+###! information about this pattern.
87+# gitlab_rails['gitlab_issue_closing_pattern'] = "((?:[Cc]los(?:e[sd]?|ing)|[Ff]ix(?:e[sd]|ing)?) +(?:(?:issues? +)?%{issue_ref}(?:(?:, *| +and +)?))+)"
88+
89+### Download location
90+###! When a user clicks e.g. 'Download zip' on a project, a temporary zip file
91+###! is created in the following directory.
92+# gitlab_rails['gitlab_repository_downloads_path'] = 'tmp/repositories'
93+
94+### Gravatar Settings
95+# gitlab_rails['gravatar_plain_url'] = 'http://www.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon'
96+# gitlab_rails['gravatar_ssl_url'] = 'https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon'
97+
98+### Auxiliary jobs
99+###! Periodically executed jobs, to self-heal Gitlab, do external
100+###! synchronizations, etc.
101+###! Docs: https://github.com/ondrejbartas/sidekiq-cron#adding-cron-job
102+###! https://docs.gitlab.com/ce/ci/yaml/README.html#artifacts:expire_in
103+# gitlab_rails['stuck_ci_builds_worker_cron'] = "0 0 * * *"
104+# gitlab_rails['expire_build_artifacts_worker_cron'] = "50 * * * *"
105+# gitlab_rails['repository_check_worker_cron'] = "20 * * * *"
106+# gitlab_rails['admin_email_worker_cron'] = "0 0 * * 0"
107+# gitlab_rails['repository_archive_cache_worker_cron'] = "0 * * * *"
108+
109+### Webhook Settings
110+###! Number of seconds to wait for HTTP response after sending webhook HTTP POST
111+###! request (default: 10)
112+# gitlab_rails['webhook_timeout'] = 10
113+
114+### Trusted proxies
115+###! Customize if you have GitLab behind a reverse proxy which is running on a
116+###! different machine.
117+###! **Add the IP address for your reverse proxy to the list, otherwise users
118+###! will appear signed in from that address.**
119+# gitlab_rails['trusted_proxies'] = []
120+
121+### Reply by email
122+###! Allow users to comment on issues and merge requests by replying to
123+###! notification emails.
124+###! Docs: https://docs.gitlab.com/ce/administration/reply_by_email.html
125+# gitlab_rails['incoming_email_enabled'] = true
126+
127+#### Incoming Email Address
128+####! The email address including the `%{key}` placeholder that will be replaced
129+####! to reference the item being replied to.
130+####! **The placeholder can be omitted but if present, it must appear in the
131+####! "user" part of the address (before the `@`).**
132+# gitlab_rails['incoming_email_address'] = "gitlab-incoming+%{key}@gmail.com"
133+
134+#### Email account username
135+####! **With third party providers, this is usually the full email address.**
136+####! **With self-hosted email servers, this is usually the user part of the
137+####! email address.**
138+# gitlab_rails['incoming_email_email'] = "gitlab-incoming@gmail.com"
139+
140+#### Email account password
141+# gitlab_rails['incoming_email_password'] = "[REDACTED]"
142+
143+#### IMAP Settings
144+# gitlab_rails['incoming_email_host'] = "imap.gmail.com"
145+# gitlab_rails['incoming_email_port'] = 993
146+# gitlab_rails['incoming_email_ssl'] = true
147+# gitlab_rails['incoming_email_start_tls'] = false
148+
149+#### Incoming Mailbox Settings
150+####! The mailbox where incoming mail will end up. Usually "inbox".
151+# gitlab_rails['incoming_email_mailbox_name'] = "inbox"
152+####! The location where incoming mails will be logged.
153+# gitlab_rails['incoming_email_log_directory'] = "/var/log/gitlab/mailroom"
154+
155+### Build Artifacts
156+# gitlab_rails['artifacts_enabled'] = true
157+# gitlab_rails['artifacts_path'] = "/mnt/storage/artifacts"
158+
159+### Git LFS
160+# gitlab_rails['lfs_enabled'] = true
161+# gitlab_rails['lfs_storage_path'] = "/mnt/storage/lfs-objects"
162+
163+### GitLab Mattermost
164+###! These settings are void if Mattermost is installed on the same omnibus
165+###! install
166+# gitlab_rails['mattermost_host'] = "https://mattermost.example.com"
167+
168+### LDAP Settings
169+###! Docs: https://docs.gitlab.com/omnibus/settings/ldap.html
170+###! **Be careful not to break the indentation in the ldap_servers block. It is
171+###! in yaml format and the spaces must be retained. Using tabs will not work.**
172+
173+# gitlab_rails['ldap_enabled'] = false
174+
175+###! **remember to close this block with 'EOS' below**
176+# gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
177+# main: # 'main' is the GitLab 'provider ID' of this LDAP server
178+# label: 'LDAP'
179+# host: '_your_ldap_server'
180+# port: 389
181+# uid: 'sAMAccountName'
182+# method: 'plain' # "tls" or "ssl" or "plain"
183+# bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
184+# password: '_the_password_of_the_bind_user'
185+# active_directory: true
186+# allow_username_or_email_login: false
187+# block_auto_created_users: false
188+# base: ''
189+# user_filter: ''
190+# attributes:
191+# username: ['uid', 'userid', 'sAMAccountName']
192+# email: ['mail', 'email', 'userPrincipalName']
193+# name: 'cn'
194+# first_name: 'givenName'
195+# last_name: 'sn'
196+# ## EE only
197+# group_base: ''
198+# admin_group: ''
199+# sync_ssh_keys: false
200+#
201+# secondary: # 'secondary' is the GitLab 'provider ID' of second LDAP server
202+# label: 'LDAP'
203+# host: '_your_ldap_server'
204+# port: 389
205+# uid: 'sAMAccountName'
206+# method: 'plain' # "tls" or "ssl" or "plain"
207+# bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
208+# password: '_the_password_of_the_bind_user'
209+# active_directory: true
210+# allow_username_or_email_login: false
211+# block_auto_created_users: false
212+# base: ''
213+# user_filter: ''
214+# attributes:
215+# username: ['uid', 'userid', 'sAMAccountName']
216+# email: ['mail', 'email', 'userPrincipalName']
217+# name: 'cn'
218+# first_name: 'givenName'
219+# last_name: 'sn'
220+# ## EE only
221+# group_base: ''
222+# admin_group: ''
223+# sync_ssh_keys: false
224+# EOS
225+
226+### OmniAuth Settings
227+###! Docs: https://docs.gitlab.com/ce/integration/omniauth.html
228+# gitlab_rails['omniauth_enabled'] = false
229+# gitlab_rails['omniauth_allow_single_sign_on'] = ['saml']
230+# gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'saml'
231+# gitlab_rails['omniauth_block_auto_created_users'] = true
232+# gitlab_rails['omniauth_auto_link_ldap_user'] = false
233+# gitlab_rails['omniauth_auto_link_saml_user'] = false
234+# gitlab_rails['omniauth_external_providers'] = ['twitter', 'google_oauth2']
235+# gitlab_rails['omniauth_providers'] = [
236+# {
237+# "name" => "google_oauth2",
238+# "app_id" => "YOUR APP ID",
239+# "app_secret" => "YOUR APP SECRET",
240+# "args" => { "access_type" => "offline", "approval_prompt" => "" }
241+# }
242+# ]
243+
244+###! **If you setup Bitbucket importer under omniauth providers you will need to
245+###! add the keys which will allow connection between Bitbucket and GitLab.**
246+###! Docs: https://docs.gitlab.com/ce/integration/bitbucket.html
247+# gitlab_rails['bitbucket'] = {
248+# 'known_hosts_key' => 'bitbucket.org,207.223.240.182 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw==',
249+# 'private_key' => '-----BEGIN RSA PRIVATE KEY-----
250+# MIIEowIBAAKCAQEAyXxYHwz2KjcwSjTREwlhYHqrf/8U0UM8ej3cqQ551gE4Wo3t
251+# -----END RSA PRIVATE KEY-----',
252+# 'public_key' => 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJfFgfDPYqN git@gitlab.example.com'
253+# }
254+
255+### Backup Settings
256+###! Docs: https://docs.gitlab.com/omnibus/settings/backups.html
257+
258+# gitlab_rails['manage_backup_path'] = true
259+# gitlab_rails['backup_path'] = "/var/opt/gitlab/backups"
260+
261+###! Docs: https://docs.gitlab.com/ce/raketasks/backup_restore.html#backup-archive-permissions
262+# gitlab_rails['backup_archive_permissions'] = 0644
263+
264+# gitlab_rails['backup_pg_schema'] = 'public'
265+# gitlab_rails['backup_keep_time'] = 604800
266+# gitlab_rails['backup_upload_connection'] = {
267+# 'provider' => 'AWS',
268+# 'region' => 'eu-west-1',
269+# 'aws_access_key_id' => 'AKIAKIAKI',
270+# 'aws_secret_access_key' => 'secret123'
271+# }
272+# gitlab_rails['backup_upload_remote_directory'] = 'my.s3.bucket'
273+# gitlab_rails['backup_multipart_chunk_size'] = 104857600
274+
275+###! **Turns on AWS Server-Side Encryption with Amazon S3-Managed Keys for
276+###! backups**
277+# gitlab_rails['backup_encryption'] = 'AES256'
278+
279+### For setting up different data storing directory
280+###! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#storing-git-data-in-an-alternative-directory
281+###! **If you want to use a single non-default directory to store git data use a
282+###! path that doesn't contain symlinks.**
283+# git_data_dirs({"default" => "/var/opt/gitlab/git-data"})
284+
285+### For storing GitLab application uploads, eg. LFS objects, build artifacts
286+###! Docs: https://docs.gitlab.com/ce/development/shared_files.html
287+# gitlab_rails['shared_path'] = '/var/opt/gitlab/gitlab-rails/shared'
288+
289+
290+### DEPRECATED: gitlab_rails['satellites_timeout'] = 30
291+
292+### GitLab Shell settings for GitLab
293+# gitlab_rails['gitlab_shell_ssh_port'] = 22
294+# gitlab_rails['git_max_size'] = 20971520
295+# gitlab_rails['git_timeout'] = 10
296+
297+### Extra customization
298+# gitlab_rails['extra_google_analytics_id'] = '_your_tracking_id'
299+# gitlab_rails['extra_piwik_url'] = '_your_piwik_url'
300+# gitlab_rails['extra_piwik_site_id'] = '_your_piwik_site_id'
301+
302+##! Docs: https://docs.gitlab.com/omnibus/settings/environment-variables.html
303+# gitlab_rails['env'] = {
304+# 'BUNDLE_GEMFILE' => "/opt/gitlab/embedded/service/gitlab-rails/Gemfile",
305+# 'PATH' => "/opt/gitlab/bin:/opt/gitlab/embedded/bin:/bin:/usr/bin"
306+# }
307+
308+# gitlab_rails['rack_attack_git_basic_auth'] = {
309+# 'enabled' => true,
310+# 'ip_whitelist' => ["127.0.0.1"],
311+# 'maxretry' => 10,
312+# 'findtime' => 60,
313+# 'bantime' => 3600
314+# }
315+
316+# gitlab_rails['rack_attack_protected_paths'] = [
317+# '/users/password',
318+# '/users/sign_in',
319+# '/api/#{API::API.version}/session.json',
320+# '/api/#{API::API.version}/session',
321+# '/users',
322+# '/users/confirmation',
323+# '/unsubscribes/',
324+# '/import/github/personal_access_token'
325+# ]
326+
327+###! **We do not recommend changing these directories.**
328+# gitlab_rails['dir'] = "/var/opt/gitlab/gitlab-rails"
329+# gitlab_rails['log_directory'] = "/var/log/gitlab/gitlab-rails"
330+
331+### GitLab application settings
332+# gitlab_rails['uploads_directory'] = "/var/opt/gitlab/gitlab-rails/uploads"
333+# gitlab_rails['rate_limit_requests_per_period'] = 10
334+# gitlab_rails['rate_limit_period'] = 60
335+
336+#### Change the initial default admin password and shared runner registraion tokens.
337+####! **Only applicable on initial setup, changing these settings after database
338+####! is created and seeded won't yield any change.**
339+# gitlab_rails['initial_root_password'] = "password"
340+# gitlab_rails['initial_shared_runners_registration_token'] = "token"
341+
342+#### Enable or disable automatic database migrations
343+# gitlab_rails['auto_migrate'] = true
344+
345+### GitLab database settings
346+###! Docs: https://docs.gitlab.com/omnibus/settings/database.html
347+###! **Only needed if you use an external database.**
348+# gitlab_rails['db_adapter'] = "postgresql"
349+# gitlab_rails['db_encoding'] = "unicode"
350+# gitlab_rails['db_collation'] = nil
351+# gitlab_rails['db_database'] = "gitlabhq_production"
352+# gitlab_rails['db_pool'] = 10
353+# gitlab_rails['db_username'] = "gitlab"
354+# gitlab_rails['db_password'] = nil
355+# gitlab_rails['db_host'] = nil
356+# gitlab_rails['db_port'] = 5432
357+# gitlab_rails['db_socket'] = nil
358+# gitlab_rails['db_sslmode'] = nil
359+# gitlab_rails['db_sslrootcert'] = nil
360+
361+
362+### GitLab Redis settings
363+###! Connect to your own Redis instance
364+###! Docs: https://docs.gitlab.com/omnibus/settings/redis.html
365+
366+#### Redis TCP connection
367+# gitlab_rails['redis_host'] = "127.0.0.1"
368+# gitlab_rails['redis_port'] = 6379
369+# gitlab_rails['redis_password'] = nil
370+# gitlab_rails['redis_database'] = 0
371+
372+#### Redis local UNIX socket (will be disabled if TCP method is used)
373+# gitlab_rails['redis_socket'] = "/var/opt/gitlab/redis/redis.socket"
374+
375+#### Sentinel support
376+####! To have Sentinel working, you must enable Redis TCP connection support
377+####! above and define a few Sentinel hosts below (to get a reliable setup
378+####! at least 3 hosts).
379+####! **You don't need to list every sentinel host, but the ones not listed will
380+####! not be used in a fail-over situation to query for the new master.**
381+# gitlab_rails['redis_sentinels'] = [
382+# {'host' => '127.0.0.1', 'port' => 26379},
383+# ]
384+
385+### GitLab email server settings
386+###! Docs: https://docs.gitlab.com/omnibus/settings/smtp.html
387+###! **Use smtp instead of sendmail/postfix.**
388+
389+# gitlab_rails['smtp_enable'] = true
390+# gitlab_rails['smtp_address'] = "smtp.server"
391+# gitlab_rails['smtp_port'] = 465
392+# gitlab_rails['smtp_user_name'] = "smtp user"
393+# gitlab_rails['smtp_password'] = "smtp password"
394+# gitlab_rails['smtp_domain'] = "example.com"
395+# gitlab_rails['smtp_authentication'] = "login"
396+# gitlab_rails['smtp_enable_starttls_auto'] = true
397+# gitlab_rails['smtp_tls'] = false
398+
399+###! **Can be: 'none', 'peer', 'client_once', 'fail_if_no_peer_cert'**
400+###! Docs: http://api.rubyonrails.org/classes/ActionMailer/Base.html
401+# gitlab_rails['smtp_openssl_verify_mode'] = 'none'
402+
403+# gitlab_rails['smtp_ca_path'] = "/etc/ssl/certs"
404+# gitlab_rails['smtp_ca_file'] = "/etc/ssl/certs/ca-certificates.crt"
405+
406+################################################################################
407+## Container Registry settings
408+##! Docs: https://docs.gitlab.com/ce/administration/container_registry.html
409+################################################################################
410+
411+# registry_external_url 'https://registry.gitlab.example.com'
412+
413+### Settings used by GitLab application
414+# gitlab_rails['registry_enabled'] = true
415+# gitlab_rails['registry_host'] = "registry.gitlab.example.com"
416+# gitlab_rails['registry_port'] = "5005"
417+# gitlab_rails['registry_path'] = "/var/opt/gitlab/gitlab-rails/shared/registry"
418+
419+###! **Do not change the following 3 settings unless you know what you are
420+###! doing**
421+# gitlab_rails['registry_api_url'] = "http://localhost:5000"
422+# gitlab_rails['registry_key_path'] = "/var/opt/gitlab/gitlab-rails/certificate.key"
423+# gitlab_rails['registry_issuer'] = "omnibus-gitlab-issuer"
424+
425+### Settings used by Registry application
426+# registry['enable'] = true
427+# registry['username'] = "registry"
428+# registry['group'] = "registry"
429+# registry['uid'] = nil
430+# registry['gid'] = nil
431+# registry['dir'] = "/var/opt/gitlab/registry"
432+# registry['registry_http_addr'] = "localhost:5000"
433+# registry['debug_addr'] = "localhost:5001"
434+# registry['log_directory'] = "/var/log/gitlab/registry"
435+# registry['log_level'] = "info"
436+# registry['rootcertbundle'] = "/var/opt/gitlab/registry/certificate.crt"
437+# registry['storage_delete_enabled'] = true
438+
439+### Registry backend storage
440+###! Docs: https://docs.gitlab.com/ce/administration/container_registry.html#container-registry-storage-driver
441+# registry['storage'] = {
442+# 's3' => {
443+# 'accesskey' => 'AKIAKIAKI',
444+# 'secretkey' => 'secret123',
445+# 'bucket' => 'gitlab-registry-bucket-AKIAKIAKI'
446+# }
447+# }
448+
449+
450+################################################################################
451+## GitLab Workhorse
452+##! Docs: https://gitlab.com/gitlab-org/gitlab-workhorse/blob/master/README.md
453+################################################################################
454+
455+# gitlab_workhorse['enable'] = true
456+# gitlab_workhorse['ha'] = false
457+# gitlab_workhorse['listen_network'] = "unix"
458+# gitlab_workhorse['listen_umask'] = 000
459+# gitlab_workhorse['listen_addr'] = "/var/opt/gitlab/gitlab-workhorse/socket"
460+# gitlab_workhorse['auth_backend'] = "http://localhost:8080"
461+
462+##! the empty string is the default in gitlab-workhorse option parser
463+# gitlab_workhorse['auth_socket'] = "''"
464+
465+##! put an empty string on the command line
466+# gitlab_workhorse['pprof_listen_addr'] = "''"
467+
468+##! put an empty string on the command line
469+# gitlab_workhorse['prometheus_listen_addr'] = "''"
470+
471+# gitlab_workhorse['dir'] = "/var/opt/gitlab/gitlab-workhorse"
472+# gitlab_workhorse['log_directory'] = "/var/log/gitlab/gitlab-workhorse"
473+# gitlab_workhorse['proxy_headers_timeout'] = "1m0s"
474+
475+##! limit number of concurrent API requests, defaults to 0 which is unlimited
476+# gitlab_workhorse['api_limit'] = 0
477+
478+##! limit number of API requests allowed to be queued, defaults to 0 which
479+##! disables queuing
480+# gitlab_workhorse['api_queue_limit'] = 0
481+
482+##! duration after which we timeout requests if they sit too long in the queue
483+# gitlab_workhorse['api_queue_duration'] = "30s"
484+
485+# gitlab_workhorse['env'] = {
486+# 'PATH' => "/opt/gitlab/bin:/opt/gitlab/embedded/bin:/bin:/usr/bin"
487+# }
488+
489+################################################################################
490+## GitLab User Settings
491+##! Modify default git user.
492+##! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#changing-the-name-of-the-git-user-group
493+################################################################################
494+
495+# user['username'] = "git"
496+# user['group'] = "git"
497+# user['uid'] = nil
498+# user['gid'] = nil
499+
500+##! The shell for the git user
501+# user['shell'] = "/bin/sh"
502+
503+##! The home directory for the git user
504+# user['home'] = "/var/opt/gitlab"
505+
506+# user['git_user_name'] = "GitLab"
507+# user['git_user_email'] = "gitlab@#{node['fqdn']}"
508+
509+################################################################################
510+## GitLab Unicorn
511+##! Tweak unicorn settings.
512+##! Docs: https://docs.gitlab.com/omnibus/settings/unicorn.html
513+################################################################################
514+
515+# unicorn['worker_timeout'] = 60
516+# unicorn['worker_processes'] = 2
517+
518+### Advanced settings
519+# unicorn['listen'] = '127.0.0.1'
520+# unicorn['port'] = 8080
521+# unicorn['socket'] = '/var/opt/gitlab/gitlab-rails/sockets/gitlab.socket'
522+# unicorn['pidfile'] = '/opt/gitlab/var/unicorn/unicorn.pid'
523+# unicorn['tcp_nopush'] = true
524+# unicorn['backlog_socket'] = 1024
525+
526+###! **Make sure somaxconn is equal or higher then backlog_socket**
527+# unicorn['somaxconn'] = 1024
528+
529+###! **We do not recommend changing this setting**
530+# unicorn['log_directory'] = "/var/log/gitlab/unicorn"
531+
532+### **Only change these settings if you understand well what they mean**
533+###! Docs: https://about.gitlab.com/2015/06/05/how-gitlab-uses-unicorn-and-unicorn-worker-killer/
534+###! https://github.com/kzk/unicorn-worker-killer
535+# unicorn['worker_memory_limit_min'] = "400 * 1 << 20"
536+# unicorn['worker_memory_limit_max'] = "650 * 1 << 20"
537+
538+################################################################################
539+## GitLab Sidekiq
540+################################################################################
541+
542+# sidekiq['log_directory'] = "/var/log/gitlab/sidekiq"
543+# sidekiq['shutdown_timeout'] = 4
544+# sidekiq['concurrency'] = 25
545+
546+################################################################################
547+## gitlab-shell
548+################################################################################
549+
550+# gitlab_shell['audit_usernames'] = false
551+# gitlab_shell['log_level'] = 'INFO'
552+# gitlab_shell['http_settings'] = { user: 'username', password: 'password', ca_file: '/etc/ssl/cert.pem', ca_path: '/etc/pki/tls/certs', self_signed_cert: false}
553+# gitlab_shell['log_directory'] = "/var/log/gitlab/gitlab-shell/"
554+# gitlab_shell['custom_hooks_dir'] = "/opt/gitlab/embedded/service/gitlab-shell/hooks"
555+
556+##! **If enabled, git-annex needs to be installed on the server where GitLab is
557+##! setup.
558+##! For Debian and Ubuntu systems this can be done with:
559+##! `sudo apt-get install git-annex`.
560+##! For CentOS:
561+##! `sudo yum install epel-release && sudo yum install git-annex`**
562+# gitlab_shell['git_annex_enabled'] = false
563+
564+# gitlab_shell['auth_file'] = "/var/opt/gitlab/.ssh/authorized_keys"
565+
566+### Git trace log file.
567+###! If set, git commands receive GIT_TRACE* environment variables
568+###! Docs: https://git-scm.com/book/es/v2/Git-Internals-Environment-Variables#Debugging
569+###! An absolute path starting with / – the trace output will be appended to
570+###! that file. It needs to exist so we can check permissions and avoid
571+###! throwing warnings to the users.
572+# gitlab_shell['git_trace_log_file'] = "/var/log/gitlab/gitlab-shell/gitlab-shell-git-trace.log"
573+
574+##! **We do not recommend changing this directory.**
575+# gitlab_shell['dir'] = "/var/opt/gitlab/gitlab-shell"
576+
577+################################################################
578+## GitLab PostgreSQL
579+################################################################
580+
581+# postgresql['enable'] = true
582+# postgresql['listen_address'] = nil
583+# postgresql['port'] = 5432
584+# postgresql['data_dir'] = "/var/opt/gitlab/postgresql/data"
585+
586+##! **recommend value is 1/4 of total RAM, up to 14GB.**
587+# postgresql['shared_buffers'] = "256MB"
588+
589+### Advanced settings
590+# postgresql['ha'] = false
591+# postgresql['dir'] = "/var/opt/gitlab/postgresql"
592+# postgresql['log_directory'] = "/var/log/gitlab/postgresql"
593+# postgresql['username'] = "gitlab-psql"
594+# postgresql['uid'] = nil
595+# postgresql['gid'] = nil
596+# postgresql['shell'] = "/bin/sh"
597+# postgresql['home'] = "/var/opt/gitlab/postgresql"
598+# postgresql['user_path'] = "/opt/gitlab/embedded/bin:/opt/gitlab/bin:$PATH"
599+# postgresql['sql_user'] = "gitlab"
600+# postgresql['sql_ci_user'] = "gitlab_ci"
601+# postgresql['max_connections'] = 200
602+# postgresql['md5_auth_cidr_addresses'] = []
603+# postgresql['trust_auth_cidr_addresses'] = []
604+# postgresql['shmmax'] = 17179869184 # or 4294967295
605+# postgresql['shmall'] = 4194304 # or 1048575
606+# postgresql['work_mem'] = "8MB"
607+# postgresql['maintenance_work_mem'] = "16MB"
608+# postgresql['effective_cache_size'] = "1MB"
609+# postgresql['checkpoint_segments'] = 10
610+# postgresql['checkpoint_timeout'] = "5min"
611+# postgresql['checkpoint_completion_target'] = 0.9
612+# postgresql['checkpoint_warning'] = "30s"
613+# postgresql['wal_buffers'] = "-1"
614+# postgresql['autovacuum'] = "on"
615+# postgresql['log_autovacuum_min_duration'] = "-1"
616+# postgresql['autovacuum_max_workers'] = "3"
617+# postgresql['autovacuum_naptime'] = "1min"
618+# postgresql['autovacuum_vacuum_threshold'] = "50"
619+# postgresql['autovacuum_analyze_threshold'] = "50"
620+# postgresql['autovacuum_vacuum_scale_factor'] = "0.02"
621+# postgresql['autovacuum_analyze_scale_factor'] = "0.01"
622+# postgresql['autovacuum_freeze_max_age'] = "200000000"
623+# postgresql['autovacuum_vacuum_cost_delay'] = "20ms"
624+# postgresql['autovacuum_vacuum_cost_limit'] = "-1"
625+# postgresql['statement_timeout'] = "0"
626+# postgresql['log_line_prefix'] = "%a"
627+# postgresql['track_activity_query_size'] = "1024"
628+# postgresql['shared_preload_libraries'] = nil
629+
630+### Replication settings
631+# postgresql['sql_replication_user'] = "gitlab_replicator"
632+# postgresql['wal_level'] = "hot_standby"
633+# postgresql['max_wal_senders'] = 5
634+# postgresql['wal_keep_segments'] = 10
635+# postgresql['hot_standby'] = "off"
636+
637+### Available in PostgreSQL 9.6 and later
638+# postgresql['min_wal_size'] = 80MB
639+# postgresql['max_wal_size'] = 1GB
640+
641+################################################################################
642+## GitLab Redis
643+##! **Can be disabled if you are using your own Redis instance.**
644+##! Docs: https://docs.gitlab.com/omnibus/settings/redis.html
645+################################################################################
646+
647+# redis['enable'] = true
648+# redis['username'] = "gitlab-redis"
649+# redis['maxclients'] = "10000"
650+# redis['tcp_timeout'] = "60"
651+# redis['tcp_keepalive'] = "300"
652+# redis['uid'] = nil
653+# redis['gid'] = nil
654+
655+###! **To enable only Redis service in this machine, uncomment
656+###! one of the lines below (choose master or slave instance types).**
657+###! Docs: https://docs.gitlab.com/omnibus/settings/redis.html
658+###! https://docs.gitlab.com/ce/administration/high_availability/redis.html
659+# redis_master_role['enable'] = true
660+# redis_slave_role['enable'] = true
661+
662+### Redis TCP support (will disable UNIX socket transport)
663+# redis['bind'] = '0.0.0.0' # or specify an IP to bind to a single one
664+# redis['port'] = 6379
665+# redis['password'] = 'redis-password-goes-here'
666+
667+### Redis Sentinel support
668+###! **You need a master slave Redis replication to be able to do failover**
669+###! **Please read the documentation before enabling it to understand the
670+###! caveats:**
671+###! Docs: https://docs.gitlab.com/ce/administration/high_availability/redis.html
672+
673+### Replication support
674+#### Slave Redis instance
675+# redis['master'] = false # by default this is true
676+
677+#### Slave and Sentinel shared configuration
678+####! **Both need to point to the master Redis instance to get replication and
679+####! heartbeat monitoring**
680+# redis['master_name'] = 'gitlab-redis'
681+# redis['master_ip'] = nil
682+# redis['master_port'] = 6379
683+
684+####! **Master password should have the same value defined in
685+####! redis['password'] to enable the instance to transition to/from
686+####! master/slave in a failover event.**
687+# redis['master_password'] = 'redis-password-goes-here'
688+
689+####! Increase these values when your slaves can't catch up with master
690+# redis['client_output_buffer_limit_normal'] = '0 0 0'
691+# redis['client_output_buffer_limit_slave'] = '256mb 64mb 60'
692+# redis['client_output_buffer_limit_pubsub'] = '32mb 8mb 60'
693+
694+################################################################################
695+## GitLab Web server
696+##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#using-a-non-bundled-web-server
697+################################################################################
698+
699+##! When bundled nginx is disabled we need to add the external webserver user to
700+##! the GitLab webserver group.
701+# web_server['external_users'] = []
702+# web_server['username'] = 'gitlab-www'
703+# web_server['group'] = 'gitlab-www'
704+# web_server['uid'] = nil
705+# web_server['gid'] = nil
706+# web_server['shell'] = '/bin/false'
707+# web_server['home'] = '/var/opt/gitlab/nginx'
708+
709+################################################################################
710+## GitLab Nginx
711+##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html
712+################################################################################
713+
714+# nginx['enable'] = true
715+# nginx['client_max_body_size'] = '250m'
716+# nginx['redirect_http_to_https'] = false
717+# nginx['redirect_http_to_https_port'] = 80
718+
719+##! Most root CA's are included by default
720+# nginx['ssl_client_certificate'] = "/etc/gitlab/ssl/ca.crt"
721+
722+##! enable/disable 2-way SSL client authentication
723+# nginx['ssl_verify_client'] = "off"
724+
725+##! if ssl_verify_client on, verification depth in the client certificates chain
726+# nginx['ssl_verify_depth'] = "1"
727+
728+# nginx['ssl_certificate'] = "/etc/gitlab/ssl/#{node['fqdn']}.crt"
729+# nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/#{node['fqdn']}.key"
730+# nginx['ssl_ciphers'] = "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256"
731+# nginx['ssl_prefer_server_ciphers'] = "on"
732+
733+##! **Recommended by: https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
734+##! https://cipherli.st/**
735+# nginx['ssl_protocols'] = "TLSv1 TLSv1.1 TLSv1.2"
736+
737+##! **Recommended in: https://nginx.org/en/docs/http/ngx_http_ssl_module.html**
738+# nginx['ssl_session_cache'] = "builtin:1000 shared:SSL:10m"
739+
740+##! **Default according to https://nginx.org/en/docs/http/ngx_http_ssl_module.html**
741+# nginx['ssl_session_timeout'] = "5m"
742+
743+# nginx['ssl_dhparam'] = nil # Path to dhparams.pem, eg. /etc/gitlab/ssl/dhparams.pem
744+# nginx['listen_addresses'] = ['*', '[::]']
745+
746+##! **Override only if you use a reverse proxy**
747+##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#setting-the-nginx-listen-port
748+# nginx['listen_port'] = nil
749+
750+##! **Override only if your reverse proxy internally communicates over HTTP**
751+##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#supporting-proxied-ssl
752+# nginx['listen_https'] = nil
753+
754+# nginx['custom_gitlab_server_config'] = "location ^~ /foo-namespace/bar-project/raw/ {\n deny all;\n}\n"
755+# nginx['custom_nginx_config'] = "include /etc/nginx/conf.d/example.conf;"
756+# nginx['proxy_read_timeout'] = 3600
757+# nginx['proxy_connect_timeout'] = 300
758+# nginx['proxy_set_headers'] = {
759+# "Host" => "$http_host",
760+# "X-Real-IP" => "$remote_addr",
761+# "X-Forwarded-For" => "$proxy_add_x_forwarded_for",
762+# "X-Forwarded-Proto" => "https",
763+# "X-Forwarded-Ssl" => "on",
764+# "Upgrade" => "$http_upgrade",
765+# "Connection" => "$connection_upgrade"
766+# }
767+# nginx['proxy_cache_path'] = 'proxy_cache keys_zone=gitlab:10m max_size=1g levels=1:2'
768+# nginx['proxy_cache'] = 'gitlab'
769+# nginx['http2_enabled'] = true
770+# nginx['real_ip_trusted_addresses'] = []
771+# nginx['real_ip_header'] = nil
772+# nginx['real_ip_recursive'] = nil
773+# nginx['custom_error_pages'] = {
774+# '404' => {
775+# 'title' => 'Example title',
776+# 'header' => 'Example header',
777+# 'message' => 'Example message'
778+# }
779+# }
780+
781+### Advanced settings
782+# nginx['dir'] = "/var/opt/gitlab/nginx"
783+# nginx['log_directory'] = "/var/log/gitlab/nginx"
784+# nginx['worker_processes'] = 4
785+# nginx['worker_connections'] = 10240
786+# nginx['log_format'] = '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"'
787+# nginx['sendfile'] = 'on'
788+# nginx['tcp_nopush'] = 'on'
789+# nginx['tcp_nodelay'] = 'on'
790+# nginx['gzip'] = "on"
791+# nginx['gzip_http_version'] = "1.0"
792+# nginx['gzip_comp_level'] = "2"
793+# nginx['gzip_proxied'] = "any"
794+# nginx['gzip_types'] = [ "text/plain", "text/css", "application/x-javascript", "text/xml", "application/xml", "application/xml+rss", "text/javascript", "application/json" ]
795+# nginx['keepalive_timeout'] = 65
796+# nginx['cache_max_size'] = '5000m'
797+# nginx['server_names_hash_bucket_size'] = 64
798+
799+### Nginx status
800+# nginx['status'] = {
801+# "enable" => true,
802+# "listen_addresses" => ["127.0.0.1"],
803+# "fqdn" => "dev.example.com",
804+# "port" => 9999,
805+# "options" => {
806+# "stub_status" => "on", # Turn on stats
807+# "server_tokens" => "off", # Don't show the version of NGINX
808+# "access_log" => "on", # Disable logs for stats
809+# "allow" => "127.0.0.1", # Only allow access from localhost
810+# "deny" => "all" # Deny access to anyone else
811+# }
812+# }
813+
814+################################################################################
815+## GitLab Logging
816+##! Docs: https://docs.gitlab.com/omnibus/settings/logs.html
817+################################################################################
818+
819+# logging['svlogd_size'] = 200 * 1024 * 1024 # rotate after 200 MB of log data
820+# logging['svlogd_num'] = 30 # keep 30 rotated log files
821+# logging['svlogd_timeout'] = 24 * 60 * 60 # rotate after 24 hours
822+# logging['svlogd_filter'] = "gzip" # compress logs with gzip
823+# logging['svlogd_udp'] = nil # transmit log messages via UDP
824+# logging['svlogd_prefix'] = nil # custom prefix for log messages
825+# logging['logrotate_frequency'] = "daily" # rotate logs daily
826+# logging['logrotate_size'] = nil # do not rotate by size by default
827+# logging['logrotate_rotate'] = 30 # keep 30 rotated logs
828+# logging['logrotate_compress'] = "compress" # see 'man logrotate'
829+# logging['logrotate_method'] = "copytruncate" # see 'man logrotate'
830+# logging['logrotate_postrotate'] = nil # no postrotate command by default
831+# logging['logrotate_dateformat'] = nil # use date extensions for rotated files rather than numbers e.g. a value of "-%Y-%m-%d" would give rotated files like production.log-2016-03-09.gz
832+
833+### EE only
834+###! remote host to ship log messages to via UDP
835+# logging['udp_log_shipping_host'] = nil
836+
837+###! remote port to ship log messages to via UDP
838+# logging['udp_log_shipping_port'] = 514
839+
840+################################################################################
841+## Logrotate
842+##! Docs: https://docs.gitlab.com/omnibus/settings/logs.html#logrotate
843+##! You can disable built in logrotate feature.
844+################################################################################
845+# logrotate['enable'] = true
846+
847+################################################################################
848+## Users and groups accounts
849+##! Disable management of users and groups accounts.
850+##! **Set only if creating accounts manually**
851+##! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#disable-user-and-group-account-management
852+################################################################################
853+
854+# manage_accounts['enable'] = false
855+
856+################################################################################
857+## Storage directories
858+##! Disable managing storage directories
859+##! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#disable-storage-directories-management
860+################################################################################
861+
862+##! **Set only if the select directories are created manually**
863+# manage_storage_directories['enable'] = false
864+# manage_storage_directories['manage_etc'] = false
865+
866+################################################################################
867+## Git
868+##! Advanced setting for configuring git system settings for omnibus-gitlab
869+##! internal git
870+################################################################################
871+
872+##! For multiple options under one header use array of comma separated values,
873+##! eg.:
874+##! { "receive" => ["fsckObjects = true"], "alias" => ["st = status", "co = checkout"] }
875+
876+# omnibus_gitconfig['system'] = {
877+# "pack" => ["threads = 1"],
878+# "receive" => ["fsckObjects = true"],
879+# "repack" => ["writeBitmaps = true"],
880+# "transfer" => ["hideRefs=^refs/tmp/", "hideRefs=^refs/keep-around/"],
881+# }
882+
883+################################################################################
884+## GitLab CI
885+##! Docs: https://docs.gitlab.com/omnibus/gitlab-ci/README.html
886+################################################################################
887+
888+# gitlab_ci['gitlab_ci_all_broken_builds'] = true
889+# gitlab_ci['gitlab_ci_add_pusher'] = true
890+# gitlab_ci['builds_directory'] = '/var/opt/gitlab/gitlab-ci/builds'
891+
892+### DEPRECATED: ci_external_url 'http://ci.example.com'
893+
894+################################################################################
895+## GitLab Mattermost
896+##! Docs: https://docs.gitlab.com/omnibus/gitlab-mattermost
897+################################################################################
898+
899+# mattermost_external_url 'http://mattermost.example.com'
900+
901+# mattermost['enable'] = false
902+# mattermost['username'] = 'mattermost'
903+# mattermost['group'] = 'mattermost'
904+# mattermost['uid'] = nil
905+# mattermost['gid'] = nil
906+# mattermost['home'] = '/var/opt/gitlab/mattermost'
907+# mattermost['database_name'] = 'mattermost_production'
908+
909+# mattermost['service_use_ssl'] = false
910+# mattermost['service_address'] = "127.0.0.1"
911+# mattermost['service_port'] = "8065"
912+# mattermost['service_site_url'] = nil
913+# mattermost['service_maximum_login_attempts'] = 10
914+# mattermost['service_segment_developer_key'] = nil
915+# mattermost['service_google_developer_key'] = nil
916+# mattermost['service_enable_incoming_webhooks'] = true
917+# mattermost['service_enable_post_username_override'] = true
918+# mattermost['service_enable_post_icon_override'] = true
919+# mattermost['service_enable_testing'] = false
920+# mattermost['service_enable_security_fix_alert'] = true
921+# mattermost['service_enable_insecure_outgoing_connections'] = false
922+# mattermost['service_allow_cors_from'] = ""
923+# mattermost['service_enable_outgoing_webhooks'] = true
924+# mattermost['service_enable_commands'] = true
925+# mattermost['service_enable_custom_emoji'] = false
926+# mattermost['service_enable_only_admin_integrations'] = true
927+# mattermost['service_enable_oauth_service_provider'] = false
928+# mattermost['service_enable_developer'] = false
929+# mattermost['service_session_length_web_in_days'] = 30
930+# mattermost['service_session_length_mobile_in_days'] = 30
931+# mattermost['service_session_length_sso_in_days'] = 30
932+# mattermost['service_session_cache_in_minutes'] = 10
933+# mattermost['service_connection_security'] = nil
934+# mattermost['service_tls_cert_file'] = nil
935+# mattermost['service_tls_key_file'] = nil
936+# mattermost['service_use_lets_encrypt'] = false
937+# mattermost['service_lets_encrypt_cert_cache_file'] = "./config/letsencrypt.cache"
938+# mattermost['service_forward_80_to_443'] = false
939+# mattermost['service_read_timeout'] = 300
940+# mattermost['service_write_timeout'] = 300
941+
942+# mattermost['team_site_name'] = "GitLab Mattermost"
943+# mattermost['team_max_users_per_team'] = 150
944+# mattermost['team_enable_team_creation'] = true
945+# mattermost['team_enable_user_creation'] = true
946+# mattermost['team_enable_open_server'] = false
947+# mattermost['team_allow_public_link'] = true
948+# mattermost['team_allow_valet_default'] = false
949+# mattermost['team_restrict_creation_to_domains'] = "gmail.com"
950+# mattermost['team_restrict_team_names'] = true
951+# mattermost['team_restrict_direct_message'] = "any"
952+# mattermost['team_max_channels_per_team'] = 2000
953+
954+# mattermost['sql_driver_name'] = 'mysql'
955+# mattermost['sql_data_source'] = "mmuser:mostest@tcp(dockerhost:3306)/mattermost_test?charset=utf8mb4,utf8"
956+# mattermost['sql_data_source_replicas'] = ["mmuser:mostest@tcp(dockerhost:3306)/mattermost_test?charset=utf8mb4,utf8"]
957+# mattermost['sql_max_idle_conns'] = 10
958+# mattermost['sql_max_open_conns'] = 10
959+# mattermost['sql_trace'] = false
960+
961+# mattermost['log_file_directory'] = '/var/log/gitlab/mattermost'
962+# mattermost['log_console_enable'] = true
963+# mattermost['log_console_level'] = 'INFO'
964+# mattermost['log_enable_file'] = false
965+# mattermost['log_file_level'] = 'INFO'
966+# mattermost['log_file_format'] = nil
967+# mattermost['log_enable_diagnostics'] = true
968+
969+# mattermost['gitlab_enable'] = false
970+# mattermost['gitlab_id'] = "12345656"
971+# mattermost['gitlab_secret'] = "123456789"
972+# mattermost['gitlab_scope'] = ""
973+# mattermost['gitlab_auth_endpoint'] = "http://gitlab.example.com/oauth/authorize"
974+# mattermost['gitlab_token_endpoint'] = "http://gitlab.example.com/oauth/token"
975+# mattermost['gitlab_user_api_endpoint'] = "http://gitlab.example.com/api/v3/user"
976+
977+# mattermost['aws'] = {'S3AccessKeyId' => '123', 'S3SecretAccessKey' => '123', 'S3Bucket' => 'aa', 'S3Region' => 'bb'}
978+
979+# mattermost['email_enable_sign_up_with_email'] = true
980+# mattermost['email_enable_sign_in_with_email'] = true
981+# mattermost['email_enable_sign_in_with_username'] = false
982+# mattermost['email_send_email_notifications'] = false
983+# mattermost['email_require_email_verification'] = false
984+# mattermost['email_smtp_username'] = nil
985+# mattermost['email_smtp_password'] = nil
986+# mattermost['email_smtp_server'] = nil
987+# mattermost['email_smtp_port'] = nil
988+# mattermost['email_connection_security'] = nil
989+# mattermost['email_feedback_name'] = nil
990+# mattermost['email_feedback_email'] = nil
991+# mattermost['email_feedback_organization'] = nil
992+# mattermost['email_send_push_notifications'] = true
993+# mattermost['email_push_notification_server'] = ""
994+# mattermost['email_push_notification_contents'] = "generic"
995+# mattermost['email_enable_batching'] = false
996+# mattermost['email_batching_buffer_size'] = 256
997+# mattermost['email_batching_interval'] = 30
998+
999+# mattermost['file_max_file_size'] = 52428800
1000+# mattermost['file_driver_name'] = "local"
1001+# mattermost['file_directory'] = "/var/opt/gitlab/mattermost/data"
1002+# mattermost['file_enable_public_link'] = true
1003+# mattermost['file_thumbnail_width'] = 120
1004+# mattermost['file_thumbnail_height'] = 100
1005+# mattermost['file_preview_width'] = 1024
1006+# mattermost['file_preview_height'] = 0
1007+# mattermost['file_profile_width'] = 128
1008+# mattermost['file_profile_height'] = 128
1009+# mattermost['file_initial_font'] = 'luximbi.ttf'
1010+# mattermost['file_amazon_s3_access_key_id'] = nil
1011+# mattermost['file_amazon_s3_bucket'] = nil
1012+# mattermost['file_amazon_s3_secret_access_key'] = nil
1013+# mattermost['file_amazon_s3_region'] = nil
1014+# mattermost["file_amazon_s3_endpoint"] = nil
1015+# mattermost["file_amazon_s3_bucket_endpoint"] = nil
1016+# mattermost["file_amazon_s3_location_constraint"] = false
1017+# mattermost["file_amazon_s3_lowercase_bucket"] = false
1018+# mattermost["file_amazon_s3_ssl"] = true
1019+
1020+# mattermost['ratelimit_enable_rate_limiter'] = false
1021+# mattermost['ratelimit_per_sec'] = 10
1022+# mattermost['ratelimit_memory_store_size'] = 10000
1023+# mattermost['ratelimit_vary_by_remote_addr'] = true
1024+# mattermost['ratelimit_vary_by_header'] = nil
1025+# mattermost['ratelimit_max_burst'] = 100
1026+
1027+# mattermost['support_terms_of_service_link'] = "/static/help/terms.html"
1028+# mattermost['support_privacy_policy_link'] = "/static/help/privacy.html"
1029+# mattermost['support_about_link'] = "/static/help/about.html"
1030+# mattermost['support_report_a_problem_link'] = "/static/help/report_problem.html"
1031+# mattermost['support_email'] = "support@example.com"
1032+
1033+# mattermost['privacy_show_email_address'] = true
1034+# mattermost['privacy_show_full_name'] = true
1035+
1036+# mattermost['localization_server_locale'] = "en"
1037+# mattermost['localization_client_locale'] = "en"
1038+# mattermost['localization_available_locales'] = "en,es,fr,ja,pt-BR"
1039+
1040+# mattermost['webrtc_enable'] = false
1041+# mattermost['webrtc_gateway_websocket_url'] = nil
1042+# mattermost['webrtc_gateway_admin_url'] = nil
1043+# mattermost['webrtc_gateway_admin_secret'] = nil
1044+# mattermost['webrtc_gateway_stun_uri'] = nil
1045+# mattermost['webrtc_gateway_turn_uri'] = nil
1046+# mattermost['webrtc_gateway_turn_username'] = nil
1047+# mattermost['webrtc_gateway_turn_shared_key'] = ni
1048+
1049+################################################################################
1050+## Mattermost NGINX
1051+################################################################################
1052+
1053+# mattermost_nginx['enable'] = false
1054+# mattermost_nginx['client_max_body_size'] = '250m'
1055+# mattermost_nginx['redirect_http_to_https'] = false
1056+# mattermost_nginx['redirect_http_to_https_port'] = 80
1057+# mattermost_nginx['ssl_certificate'] = "/etc/gitlab/ssl/#{node['fqdn']}.crt"
1058+# mattermost_nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/#{node['fqdn']}.key"
1059+# mattermost_nginx['ssl_ciphers'] = "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256"
1060+# mattermost_nginx['ssl_prefer_server_ciphers'] = "on"
1061+
1062+##! Recommended by: https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
1063+##! https://cipherli.st/
1064+# mattermost_nginx['ssl_protocols'] = "TLSv1 TLSv1.1 TLSv1.2"
1065+
1066+##! Recommended in https://nginx.org/en/docs/http/ngx_http_ssl_module.html
1067+# mattermost_nginx['ssl_session_cache'] = "builtin:1000 shared:SSL:10m"
1068+
1069+##! Default according to https://nginx.org/en/docs/http/ngx_http_ssl_module.html
1070+# mattermost_nginx['ssl_session_timeout'] = "5m"
1071+
1072+##! Path to ci_dhparams.pem, eg. /etc/gitlab/ssl/ci_dhparams.pem
1073+# mattermost_nginx['ssl_dhparam'] = nil
1074+
1075+# mattermost_nginx['listen_addresses'] = ['*', '[::]']
1076+
1077+##! **Override only if you use a reverse proxy**
1078+##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#setting-the-nginx-listen-port
1079+# mattermost_nginx['listen_port'] = nil
1080+
1081+##! **Override only if your reverse proxy internally communicates over HTTP**
1082+##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#supporting-proxied-ssl
1083+# mattermost_nginx['listen_https'] = nil
1084+
1085+# mattermost_nginx['custom_gitlab_mattermost_server_config'] = "location ^~ /foo-namespace/bar-project/raw/ {\n deny all;\n}\n"
1086+# mattermost_nginx['proxy_set_headers'] = {
1087+# "Host" => "$http_host",
1088+# "X-Real-IP" => "$remote_addr",
1089+# "X-Forwarded-For" => "$proxy_add_x_forwarded_for",
1090+# "X-Frame-Options" => "SAMEORIGIN",
1091+# "X-Forwarded-Proto" => "https",
1092+# "X-Forwarded-Ssl" => "on",
1093+# "Upgrade" => "$http_upgrade",
1094+# "Connection" => "$connection_upgrade"
1095+# }
1096+# mattermost_nginx['real_ip_trusted_addresses'] = []
1097+# mattermost_nginx['real_ip_header'] = nil
1098+# mattermost_nginx['real_ip_recursive'] = nil
1099+
1100+### Advanced settings
1101+# mattermost_nginx['dir'] = "/var/opt/gitlab/nginx"
1102+# mattermost_nginx['log_directory'] = "/var/log/gitlab/nginx"
1103+# mattermost_nginx['worker_processes'] = 4
1104+# mattermost_nginx['worker_connections'] = 10240
1105+# mattermost_nginx['sendfile'] = 'on'
1106+# mattermost_nginx['tcp_nopush'] = 'on'
1107+# mattermost_nginx['tcp_nodelay'] = 'on'
1108+# mattermost_nginx['gzip'] = "on"
1109+# mattermost_nginx['gzip_http_version'] = "1.0"
1110+# mattermost_nginx['gzip_comp_level'] = "2"
1111+# mattermost_nginx['gzip_proxied'] = "any"
1112+# mattermost_nginx['gzip_types'] = [ "text/plain", "text/css", "application/x-javascript", "text/xml", "application/xml", "application/xml+rss", "text/javascript", "application/json" ]
1113+# mattermost_nginx['keepalive_timeout'] = 65
1114+# mattermost_nginx['cache_max_size'] = '5000m'
1115+
1116+################################################################################
1117+## Registry NGINX
1118+################################################################################
1119+
1120+# registry_nginx['enable'] = false
1121+# registry_nginx['redirect_http_to_https'] = false
1122+# registry_nginx['redirect_http_to_https_port'] = 80
1123+# registry_nginx['ssl_ciphers'] = "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256"
1124+# registry_nginx['ssl_prefer_server_ciphers'] = "on"
1125+# registry_nginx['ssl_certificate'] = "/etc/gitlab/ssl/certificate.pem"
1126+# registry_nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/certificate.key"
1127+
1128+##! **Override only if you use a reverse proxy**
1129+##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#setting-the-nginx-listen-port
1130+# registry_nginx['listen_port'] = nil
1131+
1132+##! **Override only if your reverse proxy internally communicates over HTTP**
1133+##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#supporting-proxied-ssl
1134+# registry_nginx['listen_https'] = nil
1135+
1136+# registry_nginx['proxy_set_headers'] = {
1137+# "Host" => "$http_host",
1138+# "X-Real-IP" => "$remote_addr",
1139+# "X-Forwarded-For" => "$proxy_add_x_forwarded_for",
1140+# "X-Forwarded-Proto" => "https",
1141+# "X-Forwarded-Ssl" => "on"
1142+# }
1143+
1144+##! Recommended by : https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
1145+##! https://cipherli.st/
1146+# registry_nginx['ssl_protocols'] = "TLSv1 TLSv1.1 TLSv1.2"
1147+
1148+##! Recommended in https://nginx.org/en/docs/http/ngx_http_ssl_module.html
1149+# registry_nginx['ssl_session_cache'] = "builtin:1000 shared:SSL:10m"
1150+
1151+##! Default according to https://nginx.org/en/docs/http/ngx_http_ssl_module.html
1152+# registry_nginx['ssl_session_timeout'] = "5m"
1153+
1154+##! Path to ci_dhparams.pem, eg. /etc/gitlab/ssl/ci_dhparams.pem
1155+# registry_nginx['ssl_dhparam'] = nil
1156+
1157+# registry_nginx['listen_addresses'] = ['*', '[::]']
1158+
1159+### Advanced settings
1160+# registry_nginx['log_directory'] = "/var/log/gitlab/nginx"
1161+
1162+# registry_nginx['custom_gitlab_server_config'] = "location ^~ /foo-namespace/bar-project/raw/ {\n deny all;\n}\n"
1163+
1164+################################################################################
1165+## Prometheus
1166+################################################################################
1167+
1168+##! Docs: https://docs.gitlab.com/omnibus/gitlab-prometheus/prometheus.html
1169+
1170+# prometheus['enable'] = false
1171+# prometheus['username'] = 'gitlab-prometheus'
1172+# prometheus['uid'] = nil
1173+# prometheus['gid'] = nil
1174+# prometheus['shell'] = '/bin/sh'
1175+# prometheus['home'] = '/var/opt/gitlab/prometheus'
1176+# prometheus['log_directory'] = '/var/log/gitlab/prometheus'
1177+# prometheus['scrape_interval'] = 15
1178+# prometheus['scrape_timeout'] = 15
1179+# prometheus['flags'] = {
1180+# 'storage.local.path' => "#{node['gitlab']['prometheus']['home']}/data",
1181+# 'storage.local.memory-chunks' => '50000',
1182+# 'storage.local.max-chunks-to-persist' => '40000',
1183+# 'config.file' => "#{node['gitlab']['prometheus']['home']}/prometheus.yml"
1184+# }
1185+
1186+##! Advanced settings. Should be changed only if absolutely needed.
1187+# prometheus['listen_address'] = 'localhost:9090'
1188+
1189+################################################################################
1190+## Prometheus Node Exporter
1191+################################################################################
1192+
1193+##! Docs: https://docs.gitlab.com/omnibus/gitlab-prometheus/node-exporter.html
1194+
1195+# node_exporter['enable'] = false
1196+# node_exporter['home'] = '/var/opt/gitlab/node-exporter'
1197+# node_exporter['log_directory'] = '/var/log/gitlab/node-exporter'
1198+# node_exporter['flags'] = {
1199+# 'collector.textfile.directory' => "#{node['gitlab']['node-exporter']['home']}/textfile_collector"
1200+# }
1201+
1202+##! Advanced settings. Should be changed only if absolutely needed.
1203+# node_exporter['listen_address'] = 'localhost:9100'
1204+
1205+################################################################################
1206+################################################################################
1207+## Configuration Settings for GitLab EE only ##
1208+################################################################################
1209+################################################################################
1210+
1211+
1212+################################################################################
1213+## Auxiliary cron jobs applicable to GitLab EE only
1214+################################################################################
1215+#
1216+# gitlab_rails['geo_bulk_notify_worker_cron'] = "*/10 * * * * *"
1217+# gitlab_rails['ldap_sync_worker_cron'] = "30 1 * * *"
1218+# gitlab_rails['update_all_remote_mirrors_worker_cron'] = "30 * * * *"
1219+# gitlab_rails['update_all_mirrors_worker_cron'] = "0 * * * *"
1220+# gitlab_rails['historical_data_worker_cron'] = "0 12 * * *"
1221+
1222+################################################################################
1223+## ElasticSearch (EE Only)
1224+##! Docs: http://docs.gitlab.com/ee/integration/elasticsearch.html
1225+################################################################################
1226+# gitlab_rails['elasticsearch_enabled'] = false
1227+# gitlab_rails['elasticsearch_host'] = "localhost"
1228+# gitlab_rails['elasticsearch_port'] = 9200
1229+
1230+################################################################################
1231+## GitLab Pages (EE Only)
1232+##! Docs: https://docs.gitlab.com/ee/pages/administration.html
1233+################################################################################
1234+
1235+##! Define to enable GitLab Pages
1236+# pages_external_url "http://pages.example.com/"
1237+# gitlab_pages['enable'] = false
1238+
1239+##! Configure to expose GitLab Pages on external IP address, serving the HTTP
1240+# gitlab_pages['external_http'] = nil
1241+
1242+##! Configure to expose GitLab Pages on external IP address, serving the HTTPS
1243+# gitlab_pages['external_https'] = nil
1244+
1245+# gitlab_pages['listen_proxy'] = "localhost:8090"
1246+# gitlab_pages['redirect_http'] = true
1247+# gitlab_pages['use_http2'] = true
1248+# gitlab_pages['dir'] = "/var/opt/gitlab/gitlab-pages"
1249+# gitlab_pages['log_directory'] = "/var/log/gitlab/gitlab-pages"
1250+
1251+################################################################################
1252+## GitLab Pages NGINX (EE Only)
1253+################################################################################
1254+
1255+# pages_nginx['enable'] = false
1256+# pages_nginx['redirect_http_to_https'] = false
1257+# pages_nginx['redirect_http_to_https_port'] = 80
1258+# pages_nginx['ssl_certificate'] = "/etc/gitlab/ssl/#{node['fqdn']}.crt"
1259+# pages_nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/#{node['fqdn']}.key"
1260+# pages_nginx['ssl_ciphers'] = "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256"
1261+# pages_nginx['ssl_prefer_server_ciphers'] = "on"
1262+
1263+##! Recommended by : https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
1264+##! https://cipherli.st/
1265+# pages_nginx['ssl_protocols'] = "TLSv1 TLSv1.1 TLSv1.2"
1266+
1267+##! Recommended in https://nginx.org/en/docs/http/ngx_http_ssl_module.html
1268+# pages_nginx['ssl_session_cache'] = "builtin:1000 shared:SSL:10m"
1269+
1270+##! Default according to https://nginx.org/en/docs/http/ngx_http_ssl_module.html
1271+# pages_nginx['ssl_session_timeout'] = "5m"
1272+
1273+##! Path to ci_dhparams.pem, eg. /etc/gitlab/ssl/ci_dhparams.pem
1274+# pages_nginx['ssl_dhparam'] = nil
1275+
1276+# pages_nginx['listen_addresses'] = ['*', '[::]']
1277+
1278+##! **Override only if you use a reverse proxy**
1279+##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#setting-the-nginx-listen-port
1280+# pages_nginx['listen_port'] = nil
1281+
1282+##! **Override only if your reverse proxy internally communicates over HTTP**
1283+##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#supporting-proxied-ssl
1284+# pages_nginx['listen_https'] = nil
1285+
1286+# pages_nginx['custom_gitlab_server_config'] = "location ^~ /foo-namespace/bar-project/raw/ {\n deny all;\n}\n"
1287+
1288+### Advanced settings
1289+# pages_nginx['dir'] = "/var/opt/gitlab/nginx"
1290+# pages_nginx['log_directory'] = "/var/log/gitlab/nginx"
1291+
1292+# gitlab_rails['pages_path'] = "/mnt/storage/pages"
1293+
1294+################################################################################
1295+## Kerberos (EE Only)
1296+##! Docs: https://docs.gitlab.com/ee/integration/kerberos.html#http-git-access
1297+################################################################################
1298+
1299+# gitlab_rails['kerberos_enabled'] = true
1300+# gitlab_rails['kerberos_keytab'] = /etc/http.keytab
1301+# gitlab_rails['kerberos_service_principal_name'] = HTTP/gitlab.example.com@EXAMPLE.COM
1302+# gitlab_rails['kerberos_use_dedicated_port'] = true
1303+# gitlab_rails['kerberos_port'] = 8443
1304+# gitlab_rails['kerberos_https'] = true
1305+
1306+################################################################################
1307+## GitLab Sentinel (EE Only)
1308+##! Docs: http://docs.gitlab.com/ce/administration/high_availability/redis.html#high-availability-with-sentinel
1309+################################################################################
1310+
1311+##! **Make sure you configured all redis['master_*'] keys above before
1312+##! continuing.**
1313+
1314+##! To enable Sentinel and disable all other services in this machine,
1315+##! uncomment the line below (if you've enabled Redis role, it will keep it).
1316+##! Docs: https://docs.gitlab.com/ce/administration/high_availability/redis.html
1317+# redis_sentinel_role['enable'] = true
1318+
1319+# sentinel['enable'] = true
1320+
1321+##! Bind to all interfaces, uncomment to specify an IP and bind to a single one
1322+# sentinel['bind'] = '0.0.0.0'
1323+
1324+##! Uncomment to change default port
1325+# sentinel['port'] = 26379
1326+
1327+##! Quorum must reflect the amount of voting sentinels it take to start a
1328+##! failover.
1329+##! **Value must NOT be greater then the amount of sentinels.**
1330+##! The quorum can be used to tune Sentinel in two ways:
1331+##! 1. If a the quorum is set to a value smaller than the majority of Sentinels
1332+##! we deploy, we are basically making Sentinel more sensible to master
1333+##! failures, triggering a failover as soon as even just a minority of
1334+##! Sentinels is no longer able to talk with the master.
1335+##! 2. If a quorum is set to a value greater than the majority of Sentinels, we
1336+##! are making Sentinel able to failover only when there are a very large
1337+##! number (larger than majority) of well connected Sentinels which agree
1338+##! about the master being down.
1339+# sentinel['quorum'] = 1
1340+
1341+### Consider unresponsive server down after x amount of ms.
1342+# sentinel['down_after_milliseconds'] = 10000
1343+
1344+### Specifies the failover timeout in milliseconds.
1345+##! It is used in many ways:
1346+##!
1347+##! - The time needed to re-start a failover after a previous failover was
1348+##! already tried against the same master by a given Sentinel, is two
1349+##! times the failover timeout.
1350+##!
1351+##! - The time needed for a slave replicating to a wrong master according
1352+##! to a Sentinel current configuration, to be forced to replicate
1353+##! with the right master, is exactly the failover timeout (counting since
1354+##! the moment a Sentinel detected the misconfiguration).
1355+##!
1356+##! - The time needed to cancel a failover that is already in progress but
1357+##! did not produced any configuration change (SLAVEOF NO ONE yet not
1358+##! acknowledged by the promoted slave).
1359+##!
1360+##! - The maximum time a failover in progress waits for all the slaves to be
1361+##! reconfigured as slaves of the new master. However even after this time
1362+##! the slaves will be reconfigured by the Sentinels anyway, but not with
1363+##! the exact parallel-syncs progression as specified.
1364+# sentinel['failover_timeout'] = 60000
1365+
1366+################################################################################
1367+## Logging (Additional, EE Only features)
1368+##! Docs: http://docs.gitlab.com/omnibus/settings/logs.html#udp-log-shipping-gitlab-enterprise-edition-only-
1369+################################################################################
1370+
1371+##! remote host to ship log messages to via UDP
1372+# logging['udp_log_shipping_host'] = nil
1373+
1374+##! remote port to ship log messages to via UDP
1375+# logging['udp_log_shipping_port'] = 514
1376+
1377+################################################################################
1378+## GitLab Sidekiq Cluster (EE only)
1379+################################################################################
1380+
1381+##! GitLab Enterprise Edition allows one to start an extra set of Sidekiq processes
1382+##! besides the default one. These processes can be used to consume a dedicated set
1383+##! of queues. This can be used to ensure certain queues always have dedicated
1384+##! workers, no matter the amount of jobs that need to be processed.
1385+
1386+# sidekiq_cluster['enable'] = false
1387+# sidekiq_cluster['ha'] = false
1388+# sidekiq_cluster['log_directory'] = "/var/log/gitlab/sidekiq-cluster"
1389+# sidekiq_cluster['interval'] = 5 # The number of seconds to wait between worker checks
1390+
1391+##! Each entry in the queue_groups array denotes a group of queues that have to be processed by a
1392+##! Sidekiq process. Multiple queues can be processed by the same process by
1393+##! separating them with a comma within the group entry
1394+
1395+# sidekiq_cluster['queue_groups'] = [
1396+# "process_commit,post_receive",
1397+# "gitlab_shell"
1398+# ]
--- /dev/null
+++ b/cookbooks/gitlab-grid/templates/default/opt/docker-compose/app/gitlab/docker-compose.yml
@@ -0,0 +1,9 @@
1+<%
2+config = node['gitlab-grid']['docker-compose']['config'].to_hash
3+gitlab_rb = render('etc/gitlab/gitlab.rb').force_encoding("UTF-8")
4+config['services']['gitlab']['environment']['GITLAB_OMNIBUS_CONFIG'] = gitlab_rb
5+
6+require 'yaml'
7+yaml_str = config.to_yaml
8+-%>
9+<%= yaml_str %>
--- /dev/null
+++ b/nodes/local-gitlab.json
@@ -0,0 +1,5 @@
1+{
2+ "run_list": [
3+ "role[gitlab]"
4+ ]
5+}
--- /dev/null
+++ b/roles/gitlab.rb
@@ -0,0 +1,23 @@
1+name 'gitlab'
2+description 'GitLab'
3+
4+run_list(
5+ 'recipe[gitlab-grid::server]',
6+)
7+
8+#env_run_lists()
9+
10+#default_attributes()
11+
12+gitlab_cn = 'gitlab.io.example.com'
13+
14+override_attributes(
15+ 'gitlab-grid' => {
16+ 'gitlab.rb' => {
17+ #'external_url' => "http://#{gitlab_cn}",
18+ 'gitlab_rails' => {
19+ 'time_zone' => 'UTC',
20+ },
21+ },
22+ },
23+)
Show on old repository browser