Grid環境構築用のChefリポジトリです。
Revision | 43909b0d5046317e33789c6bc74c268ee4b4a91d (tree) |
---|---|
Zeit | 2017-02-19 14:31:50 |
Autor | whitestar <whitestar@gaea...> |
Commiter | whitestar |
adds the gitlab-grid cookbook.
@@ -0,0 +1,2 @@ | ||
1 | +~FC001 | |
2 | +~FC019 | |
\ No newline at end of file |
@@ -0,0 +1,48 @@ | ||
1 | +AllCops: | |
2 | + Exclude: | |
3 | + - vendor/**/* | |
4 | + - templates/default/etc/gitlab/gitlab.rb | |
5 | + | |
6 | +AlignParameters: | |
7 | + Enabled: false | |
8 | +LineLength: | |
9 | + Enabled: false | |
10 | +Lint/UnusedBlockArgument: | |
11 | + Enabled: false | |
12 | +Metrics/AbcSize: | |
13 | + Enabled: false | |
14 | +Style/BlockComments: | |
15 | + Enabled: false | |
16 | +Style/BlockDelimiters: | |
17 | + Enabled: false | |
18 | +Style/ExtraSpacing: | |
19 | + Enabled: false | |
20 | +Style/FileName: | |
21 | + Enabled: false | |
22 | +Style/LeadingCommentSpace: | |
23 | + Enabled: false | |
24 | +Style/RescueModifier: | |
25 | + Enabled: false | |
26 | +Style/SpaceBeforeFirstArg: | |
27 | + Enabled: false | |
28 | +Style/TrailingCommaInLiteral: | |
29 | + EnforcedStyleForMultiline: comma | |
30 | +Style/WordArray: | |
31 | + Enabled: false | |
32 | + | |
33 | +#Lint/ShadowingOuterLocalVariable: | |
34 | +# Enabled: false | |
35 | +#Metrics/MethodLength: | |
36 | +# Max: 10 | |
37 | +#Metrics/ModuleLength: | |
38 | +# Max: 100 | |
39 | +#Metrics/CyclomaticComplexity: | |
40 | +# Max: 6 | |
41 | +#Metrics/PerceivedComplexity: | |
42 | +# Max: 7 | |
43 | +#Style/AccessorMethodName: | |
44 | +# Enabled: false | |
45 | +#Style/MultilineOperationIndentation: | |
46 | +# Enabled: false | |
47 | +#Style/PerlBackrefs: | |
48 | +# Enabled: false |
@@ -0,0 +1,21 @@ | ||
1 | +# | |
2 | +# Copyright 2017 whitestar | |
3 | +# | |
4 | +# Licensed under the Apache License, Version 2.0 (the "License"); | |
5 | +# you may not use this file except in compliance with the License. | |
6 | +# You may obtain a copy of the License at | |
7 | +# | |
8 | +# http://www.apache.org/licenses/LICENSE-2.0 | |
9 | +# | |
10 | +# Unless required by applicable law or agreed to in writing, software | |
11 | +# distributed under the License is distributed on an "AS IS" BASIS, | |
12 | +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
13 | +# See the License for the specific language governing permissions and | |
14 | +# limitations under the License. | |
15 | +# | |
16 | + | |
17 | +# for ver. 3.x | |
18 | +#source 'https://gpm00.grid.example.com:6280' | |
19 | +source 'https://supermarket.chef.io' | |
20 | + | |
21 | +metadata |
@@ -0,0 +1,5 @@ | ||
1 | +# gitlab-grid CHANGELOG | |
2 | + | |
3 | +0.1.0 | |
4 | +----- | |
5 | +- Initial release of gitlab-grid |
@@ -0,0 +1,3 @@ | ||
1 | +source 'https://rubygems.org' | |
2 | + | |
3 | +#gem 'foodcritic' |
@@ -0,0 +1,194 @@ | ||
1 | +gitlab-grid Cookbook | |
2 | +===================== | |
3 | + | |
4 | +This cookbook sets up a GitLab server. | |
5 | + | |
6 | +## Contents | |
7 | + | |
8 | +- [Contents](#contents) | |
9 | +- [Requirements](#requirements) | |
10 | + - [platforms](#platforms) | |
11 | + - [packages](#packages) | |
12 | +- [Attributes](#attributes) | |
13 | +- [Usage](#usage) | |
14 | + - [Recipes](#recipes) | |
15 | + - [gitlab-grid::default](#gitlab-griddefault) | |
16 | + - [gitlab-grid::server](#gitlab-gridserver) | |
17 | + - [gitlab-grid::docker-compose (NOT supported yet)](#gitlab-griddocker-compose-not-supported-yet) | |
18 | + - [Role Examples](#role-examples) | |
19 | + - [SSL server keys and certificates management by ssl_cert cookbook](#ssl-server-keys-and-certificates-management-by-ssl_cert-cookbook) | |
20 | +- [License and Authors](#license-and-authors) | |
21 | + | |
22 | +## Requirements | |
23 | + | |
24 | +### platforms | |
25 | +- none. | |
26 | + | |
27 | +### packages | |
28 | +- none. | |
29 | + | |
30 | +## Attributes | |
31 | + | |
32 | +|Key|Type|Description, example|Default| | |
33 | +|:--|:--|:--|:--| | |
34 | +|`['gitlab-grid']['with_ssl_cert_cookbook']`|Boolean|If this attribute is true, `node['gitlab-grid']['gitlab.rb']` are are overridden by the following `common_name` attributes.|`false`| | |
35 | +|`['gitlab-grid']['ssl_cert']['common_name']`|String|GitLab server common name for TLS|`node['fqdn']`| | |
36 | +|`['gitlab-grid']['gitlab.rb']`|Hash|`gitlab.rb` configurations.|See `attributes/default.rb`| | |
37 | +|`['gitlab-grid']['gitlab.rb_extra_config_str']`|String|`gitlab.rb` exstra configuration string (source code in Ruby).|`nil`| | |
38 | + | |
39 | +## Usage | |
40 | + | |
41 | +### Recipes | |
42 | + | |
43 | +#### gitlab-grid::default | |
44 | + | |
45 | +This recipe does nothing. | |
46 | + | |
47 | +#### gitlab-grid::server | |
48 | + | |
49 | +This recipe sets up a GitLab server. | |
50 | + | |
51 | +#### gitlab-grid::docker-compose (NOT supported yet) | |
52 | + | |
53 | +This recipe generates a docker-compose.yml for the GitLab server. | |
54 | + | |
55 | +### Role Examples | |
56 | + | |
57 | +- `roles/gitlab.rb` | |
58 | + | |
59 | +```ruby | |
60 | +name 'gitlab' | |
61 | +description 'GitLab' | |
62 | + | |
63 | +run_list( | |
64 | + 'recipe[gitlab-grid::server]', | |
65 | +) | |
66 | + | |
67 | +#env_run_lists() | |
68 | + | |
69 | +#default_attributes() | |
70 | + | |
71 | +gitlab_cn = 'gitlab.io.example.com' | |
72 | + | |
73 | +override_attributes( | |
74 | + 'gitlab-grid' => { | |
75 | + 'gitlab.rb' => { | |
76 | + 'external_url' => "http://#{gitlab_cn}", | |
77 | + 'gitlab_rails' => { | |
78 | + 'time_zone' => 'Asia/Tokyo', | |
79 | + }, | |
80 | + }, | |
81 | + }, | |
82 | +) | |
83 | +``` | |
84 | + | |
85 | +- `roles/gitlab-with-ssl-cert.rb` | |
86 | + | |
87 | +```ruby | |
88 | +name 'gitlab-with-ssl-cert' | |
89 | +description 'GitLab setup with ssl_cert cookbook' | |
90 | + | |
91 | +run_list( | |
92 | + 'recipe[ssl_cert::server_key_pairs]', | |
93 | + 'recipe[gitlab-grid::server]', | |
94 | +) | |
95 | + | |
96 | +#env_run_lists() | |
97 | + | |
98 | +#default_attributes() | |
99 | + | |
100 | +gitlab_cn = 'gitlab.io.example.com' | |
101 | + | |
102 | +override_attributes( | |
103 | + 'ssl_cert' => { | |
104 | + 'common_names' => [ | |
105 | + gitlab_cn, | |
106 | + ], | |
107 | + }, | |
108 | + 'gitlab-grid' => { | |
109 | + 'with_ssl_cert_cookbook' => true, | |
110 | + 'ssl_cert' => { | |
111 | + 'common_name' => gitlab_cn, | |
112 | + }, | |
113 | + 'gitlab.rb' => { | |
114 | + 'external_url' => "http://#{gitlab_cn}", | |
115 | + 'gitlab_rails' => { | |
116 | + 'time_zone' => 'Asia/Tokyo', | |
117 | + }, | |
118 | + 'nginx' => { | |
119 | + 'redirect_http_to_https' => true, | |
120 | + }, | |
121 | + }, | |
122 | + }, | |
123 | +) | |
124 | +``` | |
125 | + | |
126 | +### SSL server keys and certificates management by ssl_cert cookbook | |
127 | + | |
128 | +- create vault items. | |
129 | + | |
130 | +```text | |
131 | +$ ruby -rjson -e 'puts JSON.generate({"private" => File.read("gitlab_io_example_com.prod.key")})' \ | |
132 | +> > ~/tmp/gitlab_io_example_com.prod.key.json | |
133 | + | |
134 | +$ knife vault create ssl_server_keys gitlab.io.example.com.prod \ | |
135 | +> --json ~/tmp/gitlab_io_example_com.prod.key.json | |
136 | + | |
137 | +$ ruby -rjson -e 'puts JSON.generate({"public" => File.read("gitlab_io_example_com.prod.crt")})' \ | |
138 | +> > ~/tmp/gitlab_io_example_com.prod.crt.json | |
139 | + | |
140 | +$ knife vault create ssl_server_certs gitlab.io.example.com.prod \ | |
141 | +> --json ~/tmp/gitlab_io_example_com.prod.crt.json | |
142 | +``` | |
143 | + | |
144 | +- grant reference permission to the gitlab host | |
145 | + | |
146 | +```text | |
147 | +$ knife vault update ssl_server_keys gitlab.io.example.com.prod -S 'name:gitlab*.io.example.com' | |
148 | +$ knife vault update ssl_server_certs gitlab.io.example.com.prod -S 'name:gitlab*.io.example.com' | |
149 | +``` | |
150 | + | |
151 | +- modify run_list and attributes | |
152 | + | |
153 | +```ruby | |
154 | +run_list( | |
155 | + 'recipe[ssl_cert::server_key_pairs]', | |
156 | + 'recipe[gitlab-grid::server]', | |
157 | + #'recipe[gitlab-grid::docker-compose]', | |
158 | +) | |
159 | + | |
160 | +override_attributes( | |
161 | + 'ssl_cert' => { | |
162 | + 'common_names' => [ | |
163 | + 'gitlab.io.example.com', | |
164 | + ], | |
165 | + }, | |
166 | + 'gitlab-grid' => { | |
167 | + 'with_ssl_cert_cookbook' => true, | |
168 | + 'ssl_cert' => { | |
169 | + 'common_name' => 'gitlab.io.example.com', | |
170 | + }, | |
171 | + # ... | |
172 | + }, | |
173 | +) | |
174 | +``` | |
175 | + | |
176 | +## License and Authors | |
177 | + | |
178 | +- Author:: whitestar at osdn.jp | |
179 | + | |
180 | +```text | |
181 | +Copyright 2017, whitestar | |
182 | + | |
183 | +Licensed under the Apache License, Version 2.0 (the "License"); | |
184 | +you may not use this file except in compliance with the License. | |
185 | +You may obtain a copy of the License at | |
186 | + | |
187 | + http://www.apache.org/licenses/LICENSE-2.0 | |
188 | + | |
189 | +Unless required by applicable law or agreed to in writing, software | |
190 | +distributed under the License is distributed on an "AS IS" BASIS, | |
191 | +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
192 | +See the License for the specific language governing permissions and | |
193 | +limitations under the License. | |
194 | +``` |
@@ -0,0 +1,23 @@ | ||
1 | +require 'rspec/core/rake_task' | |
2 | +require 'rubocop/rake_task' | |
3 | +require 'foodcritic' | |
4 | + | |
5 | +namespace :style do | |
6 | + desc 'Run Ruby style checks' | |
7 | + RuboCop::RakeTask.new(:ruby) | |
8 | + | |
9 | + desc 'Run Chef style checks' | |
10 | + FoodCritic::Rake::LintTask.new(:chef) do |t| | |
11 | + t.options = { | |
12 | + fail_tags: ['any'], | |
13 | + } | |
14 | + end | |
15 | +end | |
16 | + | |
17 | +desc 'Run all style checks' | |
18 | +task style: ['style:chef', 'style:ruby'] | |
19 | + | |
20 | +desc 'Run ChefSpec examples' | |
21 | +RSpec::Core::RakeTask.new(:spec) | |
22 | + | |
23 | +task default: ['style', 'spec'] |
@@ -0,0 +1,67 @@ | ||
1 | +# | |
2 | +# Cookbook Name:: gitlab-grid | |
3 | +# Attributes:: default | |
4 | +# | |
5 | +# Copyright 2017, whitestar | |
6 | +# | |
7 | +# Licensed under the Apache License, Version 2.0 (the "License"); | |
8 | +# you may not use this file except in compliance with the License. | |
9 | +# You may obtain a copy of the License at | |
10 | +# | |
11 | +# http://www.apache.org/licenses/LICENSE-2.0 | |
12 | +# | |
13 | +# Unless required by applicable law or agreed to in writing, software | |
14 | +# distributed under the License is distributed on an "AS IS" BASIS, | |
15 | +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
16 | +# See the License for the specific language governing permissions and | |
17 | +# limitations under the License. | |
18 | +# | |
19 | + | |
20 | +default['gitlab-grid']['with_ssl_cert_cookbook'] = false | |
21 | +# If ['gitlab-grid']['with_ssl_cert_cookbook'] is true, | |
22 | +# node['gitlab-grid']['gitlab.rb'] are overridden by the following 'common_name' attributes. | |
23 | +default['gitlab-grid']['ssl_cert']['common_name'] = node['fqdn'] | |
24 | +default['gitlab-grid']['gitlab.rb'] = { | |
25 | + 'external_url' => "http://#{node['fqdn']}", | |
26 | + 'gitlab_rails' => { | |
27 | + 'time_zone' => 'UTC', | |
28 | + }, | |
29 | + 'nginx' => { | |
30 | + 'redirect_http_to_https' => false, | |
31 | + }, | |
32 | +} | |
33 | +default['gitlab-grid']['gitlab.rb_extra_config_str'] = nil | |
34 | +default['gitlab-grid']['docker-compose']['app_dir'] = "#{node['docker-grid']['compose']['app_dir']}/gitlab" | |
35 | +default['gitlab-grid']['docker-compose']['etc_dir'] = "#{node['gitlab-grid']['docker-compose']['app_dir']}/etc" | |
36 | +default['gitlab-grid']['docker-compose']['logs_dir'] = "#{node['gitlab-grid']['docker-compose']['app_dir']}/logs" | |
37 | +default['gitlab-grid']['docker-compose']['data_dir'] = "#{node['gitlab-grid']['docker-compose']['app_dir']}/data" | |
38 | +default['gitlab-grid']['docker-compose']['config'] = { | |
39 | + # Version 2 docker-compose format | |
40 | + 'version' => '2', | |
41 | + 'services' => { | |
42 | + 'gitlab' => { | |
43 | + 'image' => 'gitlab/gitlab-ce:latest', | |
44 | + 'restart' => 'always', | |
45 | + 'hostname' => 'gitlab.io.example.com', | |
46 | + 'environment' => { | |
47 | +=begin | |
48 | + # Do not use this variable, instead use the `['gitlab-grid']['gitlab.rb']` attribute. | |
49 | + 'GITLAB_OMNIBUS_CONFIG' => <<-EOS, | |
50 | +external_url 'http://gitlab.io.example.com' | |
51 | +# Add any other gitlab.rb configuration here, each on its own line | |
52 | + EOS | |
53 | +=end | |
54 | + }, | |
55 | + 'ports' => [ | |
56 | + #'80:80', | |
57 | + #'443:443', | |
58 | + #'22:22', | |
59 | + ], | |
60 | + 'volumes' => [ | |
61 | + "#{node['gitlab-grid']['docker-compose']['etc_dir']}:/etc/gitlab", | |
62 | + "#{node['gitlab-grid']['docker-compose']['logs_dir']}:/var/log/gitlab", | |
63 | + "#{node['gitlab-grid']['docker-compose']['data_dir']}:/var/opt/gitlab", | |
64 | + ], | |
65 | + }, | |
66 | + }, | |
67 | +} |
@@ -0,0 +1,18 @@ | ||
1 | +# $ knife supermarket share gitlab-grid "Applications" | |
2 | +name 'gitlab-grid' | |
3 | +maintainer 'whitestar' | |
4 | +maintainer_email '' | |
5 | +license 'Apache 2.0' | |
6 | +description 'Installs/Configures gitlab-grid' | |
7 | +long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) | |
8 | +version '0.1.0' | |
9 | +source_url 'http://scm.osdn.jp/gitroot/metasearch/grid-chef-repo.git' | |
10 | +issues_url 'https://osdn.jp/projects/metasearch/ticket' | |
11 | + | |
12 | +supports 'ubuntu', '>= 16.04' | |
13 | +%w( centos redhat ).each do |os| | |
14 | + supports os, '>= 7.3' | |
15 | +end | |
16 | + | |
17 | +depends 'docker-grid', '>= 0.3.6' | |
18 | +depends 'ssl_cert', '>= 0.3.3' |
@@ -0,0 +1,30 @@ | ||
1 | +# | |
2 | +# Cookbook Name:: gitlab-grid | |
3 | +# Recipe:: commons | |
4 | +# | |
5 | +# Copyright 2017, whitestar | |
6 | +# | |
7 | +# Licensed under the Apache License, Version 2.0 (the "License"); | |
8 | +# you may not use this file except in compliance with the License. | |
9 | +# You may obtain a copy of the License at | |
10 | +# | |
11 | +# http://www.apache.org/licenses/LICENSE-2.0 | |
12 | +# | |
13 | +# Unless required by applicable law or agreed to in writing, software | |
14 | +# distributed under the License is distributed on an "AS IS" BASIS, | |
15 | +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
16 | +# See the License for the specific language governing permissions and | |
17 | +# limitations under the License. | |
18 | +# | |
19 | + | |
20 | +config = node['gitlab-grid']['gitlab.rb'] | |
21 | +#override_config = node.override['gitlab-grid']['gitlab.rb'] | |
22 | +force_override_config = node.force_override['gitlab-grid']['gitlab.rb'] | |
23 | + | |
24 | +if node['gitlab-grid']['with_ssl_cert_cookbook'] | |
25 | + ::Chef::Recipe.send(:include, SSLCert::Helper) | |
26 | + cn = node['gitlab-grid']['ssl_cert']['common_name'] | |
27 | + force_override_config['external_url'] = config['external_url'].gsub('http://', 'https://') | |
28 | + force_override_config['nginx']['ssl_certificate'] = server_cert_path(cn) | |
29 | + force_override_config['nginx']['ssl_certificate_key'] = server_key_path(cn) | |
30 | +end |
@@ -0,0 +1,18 @@ | ||
1 | +# | |
2 | +# Cookbook Name:: gitlab-grid | |
3 | +# Recipe:: default | |
4 | +# | |
5 | +# Copyright 2017, whitestar | |
6 | +# | |
7 | +# Licensed under the Apache License, Version 2.0 (the "License"); | |
8 | +# you may not use this file except in compliance with the License. | |
9 | +# You may obtain a copy of the License at | |
10 | +# | |
11 | +# http://www.apache.org/licenses/LICENSE-2.0 | |
12 | +# | |
13 | +# Unless required by applicable law or agreed to in writing, software | |
14 | +# distributed under the License is distributed on an "AS IS" BASIS, | |
15 | +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
16 | +# See the License for the specific language governing permissions and | |
17 | +# limitations under the License. | |
18 | +# |
@@ -0,0 +1,87 @@ | ||
1 | +# | |
2 | +# Cookbook Name:: gitlab-grid | |
3 | +# Recipe:: docker-compose | |
4 | +# | |
5 | +# Copyright 2017, whitestar | |
6 | +# | |
7 | +# Licensed under the Apache License, Version 2.0 (the "License"); | |
8 | +# you may not use this file except in compliance with the License. | |
9 | +# You may obtain a copy of the License at | |
10 | +# | |
11 | +# http://www.apache.org/licenses/LICENSE-2.0 | |
12 | +# | |
13 | +# Unless required by applicable law or agreed to in writing, software | |
14 | +# distributed under the License is distributed on an "AS IS" BASIS, | |
15 | +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
16 | +# See the License for the specific language governing permissions and | |
17 | +# limitations under the License. | |
18 | +# | |
19 | + | |
20 | +doc_url = 'https://docs.gitlab.com/omnibus/docker/README.html' | |
21 | + | |
22 | +include_recipe 'docker-grid::compose' | |
23 | +include_recipe 'gitlab-grid::commons' | |
24 | + | |
25 | +config = node['gitlab-grid']['docker-compose']['config'] | |
26 | +override_config = node.override['gitlab-grid']['docker-compose']['config'] | |
27 | +force_override_config = node.force_override['gitlab-grid']['docker-compose']['config'] | |
28 | +app_dir = node['gitlab-grid']['docker-compose']['app_dir'] | |
29 | +etc_dir = node['gitlab-grid']['docker-compose']['etc_dir'] | |
30 | +logs_dir = node['gitlab-grid']['docker-compose']['logs_dir'] | |
31 | +data_dir = node['gitlab-grid']['docker-compose']['data_dir'] | |
32 | +#certs_dir = "#{app_dir}/certs" | |
33 | + | |
34 | +envs = {} | |
35 | +vols = config['services']['gitlab']['volumes'].to_a | |
36 | + | |
37 | +[ | |
38 | + app_dir, | |
39 | + etc_dir, | |
40 | + logs_dir, | |
41 | + data_dir, | |
42 | +].each {|dir| | |
43 | + resources(directory: dir) rescue directory dir do | |
44 | + owner 'root' | |
45 | + group 'root' | |
46 | + mode '0755' | |
47 | + recursive true | |
48 | + end | |
49 | +} | |
50 | + | |
51 | +override_config['services']['gitlab']['ports'] = [ | |
52 | + '80:80', | |
53 | + '443:443', | |
54 | + '22:22', | |
55 | +] if config['services']['gitlab']['ports'].empty? | |
56 | + | |
57 | +=begin | |
58 | +if node['gitlab-grid']['with_ssl_cert_cookbook'] | |
59 | + ::Chef::Recipe.send(:include, SSLCert::Helper) | |
60 | + cn = node['gitlab-grid']['ssl_cert']['common_name'] | |
61 | + # TODO: support | |
62 | +end | |
63 | +=end | |
64 | + | |
65 | +force_override_config['services']['gitlab']['environment'] = envs unless envs.empty? | |
66 | +override_config['services']['gitlab']['volumes'] = vols unless vols.empty? | |
67 | + | |
68 | +[ | |
69 | + 'docker-compose.yml', | |
70 | +].each {|conf_file| | |
71 | + template "#{app_dir}/#{conf_file}" do | |
72 | + source "opt/docker-compose/app/gitlab/#{conf_file}" | |
73 | + owner 'root' | |
74 | + group 'root' | |
75 | + mode '0644' | |
76 | + end | |
77 | +} | |
78 | + | |
79 | +log <<-"EOM" | |
80 | +Note: You must execute the following command manually. | |
81 | + See #{doc_url} | |
82 | + - Start: | |
83 | + $ cd #{app_dir} | |
84 | + $ docker-compose up -d | |
85 | + - Stop | |
86 | + $ docker-compose down | |
87 | +EOM |
@@ -0,0 +1,111 @@ | ||
1 | +# | |
2 | +# Cookbook Name:: gitlab-grid | |
3 | +# Recipe:: server | |
4 | +# | |
5 | +# Copyright 2017, whitestar | |
6 | +# | |
7 | +# Licensed under the Apache License, Version 2.0 (the "License"); | |
8 | +# you may not use this file except in compliance with the License. | |
9 | +# You may obtain a copy of the License at | |
10 | +# | |
11 | +# http://www.apache.org/licenses/LICENSE-2.0 | |
12 | +# | |
13 | +# Unless required by applicable law or agreed to in writing, software | |
14 | +# distributed under the License is distributed on an "AS IS" BASIS, | |
15 | +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
16 | +# See the License for the specific language governing permissions and | |
17 | +# limitations under the License. | |
18 | +# | |
19 | + | |
20 | +# https://about.gitlab.com/downloads/ | |
21 | + | |
22 | +#::Chef::Recipe.send(:include, PlatformUtils::VirtUtils) | |
23 | + | |
24 | +include_recipe 'gitlab-grid::commons' | |
25 | + | |
26 | +#config = node['gitlab-grid']['gitlab.rb'] | |
27 | +#override_config = node.override['gitlab-grid']['gitlab.rb'] | |
28 | +#force_override_config = node.force_override['gitlab-grid']['gitlab.rb'] | |
29 | + | |
30 | +case node['platform_family'] | |
31 | +when 'rhel' | |
32 | + [ | |
33 | + 'curl', | |
34 | + 'policycoreutils', | |
35 | + 'openssh-server', | |
36 | + 'openssh-clients', | |
37 | + 'postfix', | |
38 | + ].each {|pkg| | |
39 | + resources(package: pkg) rescue package pkg do | |
40 | + action :install | |
41 | + end | |
42 | + } | |
43 | + | |
44 | + [ | |
45 | + 'sshd', | |
46 | + 'postfix', | |
47 | + ].each {|srv| | |
48 | + resources(service: srv) rescue service srv do | |
49 | + action [:enable, :start] | |
50 | + end | |
51 | + } | |
52 | + | |
53 | + bash 'update_firewall' do | |
54 | + code <<-EOH | |
55 | + firewall-cmd --permanent --add-service=http | |
56 | + systemctl reload firewalld | |
57 | + EOH | |
58 | + action :run | |
59 | + end | |
60 | + | |
61 | + execute 'add_yum_repo_gitlab-ce' do | |
62 | + command 'curl -sS https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.rpm.sh | bash' | |
63 | + action :run | |
64 | + not_if { File.exist?('/etc/yum.repos.d/gitlab_gitlab-ce.repo') } | |
65 | + end | |
66 | +when 'debian' | |
67 | + [ | |
68 | + 'curl', | |
69 | + 'openssh-server', | |
70 | + 'ca-certificates', | |
71 | + 'postfix', | |
72 | + ].each {|pkg| | |
73 | + resources(package: pkg) rescue package pkg do | |
74 | + action :install | |
75 | + end | |
76 | + } | |
77 | + | |
78 | + apt_get_update = 'apt-get_update' | |
79 | + resources(execute: apt_get_update) rescue execute apt_get_update do | |
80 | + command 'apt-get update' | |
81 | + action :nothing | |
82 | + end | |
83 | + | |
84 | + execute 'add_apt_source_gitlab-ce' do | |
85 | + command 'curl -sS https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.deb.sh | bash' | |
86 | + action :run | |
87 | + not_if { File.exist?('/etc/apt/sources.list.d/gitlab_gitlab-ce.list') } | |
88 | + notifies :run, "execute[#{apt_get_update}]", :immediately | |
89 | + end | |
90 | +end | |
91 | + | |
92 | +[ | |
93 | + 'gitlab-ce', | |
94 | +].each {|pkg| | |
95 | + resources(package: pkg) rescue package pkg do | |
96 | + action :install | |
97 | + end | |
98 | +} | |
99 | + | |
100 | +template '/etc/gitlab/gitlab.rb' do | |
101 | + source 'etc/gitlab/gitlab.rb' | |
102 | + owner 'root' | |
103 | + group 'root' | |
104 | + mode '0600' | |
105 | + action :create | |
106 | +end | |
107 | + | |
108 | +log <<-"EOM" | |
109 | +Note: You must execute the following command manually if the gitlab.rb file has been updated. | |
110 | + $ sudo gitlab-ctl reconfigure | |
111 | +EOM |
@@ -0,0 +1,9 @@ | ||
1 | +require_relative '../spec_helper' | |
2 | + | |
3 | +describe 'gitlab-grid::default' do | |
4 | + let(:chef_run) { ChefSpec::SoloRunner.new.converge(described_recipe) } | |
5 | + | |
6 | + #it 'does something' do | |
7 | + # expect(chef_run).to do_something('...') | |
8 | + #end | |
9 | +end |
@@ -0,0 +1,25 @@ | ||
1 | +# Added by ChefSpec | |
2 | +require 'chefspec' | |
3 | + | |
4 | +# Uncomment to use ChefSpec's Berkshelf extension | |
5 | +# require 'chefspec/berkshelf' | |
6 | + | |
7 | +RSpec.configure do |config| | |
8 | + # Specify the path for Chef Solo to find cookbooks | |
9 | + # config.cookbook_path = '/var/cookbooks' | |
10 | + | |
11 | + # Specify the path for Chef Solo to find roles | |
12 | + # config.role_path = '/var/roles' | |
13 | + | |
14 | + # Specify the Chef log_level (default: :warn) | |
15 | + # config.log_level = :debug | |
16 | + | |
17 | + # Specify the path to a local JSON file with Ohai data | |
18 | + # config.path = 'ohai.json' | |
19 | + | |
20 | + # Specify the operating platform to mock Ohai data from | |
21 | + # config.platform = 'ubuntu' | |
22 | + | |
23 | + # Specify the operating version to mock Ohai data from | |
24 | + # config.version = '12.04' | |
25 | +end |
@@ -0,0 +1,1398 @@ | ||
1 | +## GitLab configuration settings | |
2 | +# These settings are generated by the gitlab-grid Chef cookbook. | |
3 | +# Do NOT edit it manually. | |
4 | +<% | |
5 | +config = node['gitlab-grid']['gitlab.rb'] | |
6 | + | |
7 | +config.each {|key0, val0| | |
8 | + if val0.is_a?(Hash) | |
9 | + val0.each {|key1, val1| | |
10 | +-%> | |
11 | +<%= key0 %>['<%= key1 %>'] = <%= val1.inspect %> | |
12 | +<% | |
13 | + } | |
14 | + else | |
15 | +-%> | |
16 | +<%= key0 %> <%= val0.inspect %> | |
17 | +<% | |
18 | + end | |
19 | +} | |
20 | +-%> | |
21 | +<% unless node['gitlab-grid']['gitlab.rb_extra_config_str'].nil? %> | |
22 | +# extra configuration. | |
23 | +<%= node['gitlab-grid']['gitlab.rb_extra_config_str'] %> | |
24 | +<% end %> | |
25 | + | |
26 | +## GitLab URL | |
27 | +##! URL on which GitLab will be reachable. | |
28 | +##! For more details on configuring external_url see: | |
29 | +##! https://docs.gitlab.com/omnibus/settings/configuration.html#configuring-the-external-url-for-gitlab | |
30 | +# external_url 'http://gitlab.example.com' | |
31 | + | |
32 | +## Legend | |
33 | +##! The following notations at the beginning of each line may be used to | |
34 | +##! differentiate between components of this file and to easily select them using | |
35 | +##! a regex. | |
36 | +##! ## Titles, subtitles etc | |
37 | +##! ##! More information - Description, Docs, Links, Issues etc. | |
38 | +##! Configuration settings have a single # followed by a single space at the | |
39 | +##! beginning; Remove them to enable the setting. | |
40 | + | |
41 | +##! Latest options are listed at: | |
42 | +##! https://gitlab.com/gitlab-org/omnibus-gitlab/raw/master/files/gitlab-config-template/gitlab.rb.template | |
43 | + | |
44 | +##! **Configuration settings below are optional.** | |
45 | +##! **The values currently assigned are only examples and ARE NOT the default | |
46 | +##! values.** | |
47 | + | |
48 | + | |
49 | +################################################################################ | |
50 | +################################################################################ | |
51 | +## Configuration Settings for GitLab CE and EE ## | |
52 | +################################################################################ | |
53 | +################################################################################ | |
54 | + | |
55 | +################################################################################ | |
56 | +## gitlab.yml configuration | |
57 | +##! Docs: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/gitlab.yml.md | |
58 | +################################################################################ | |
59 | +# gitlab_rails['gitlab_ssh_host'] = 'ssh.host_example.com' | |
60 | +# gitlab_rails['time_zone'] = 'UTC' | |
61 | + | |
62 | +### Email Settings | |
63 | +# gitlab_rails['gitlab_email_enabled'] = true | |
64 | +# gitlab_rails['gitlab_email_from'] = 'example@example.com' | |
65 | +# gitlab_rails['gitlab_email_display_name'] = 'Example' | |
66 | +# gitlab_rails['gitlab_email_reply_to'] = 'noreply@example.com' | |
67 | +# gitlab_rails['gitlab_email_subject_suffix'] = '' | |
68 | + | |
69 | +### GitLab user privileges | |
70 | +# gitlab_rails['gitlab_default_can_create_group'] = true | |
71 | +# gitlab_rails['gitlab_username_changing_enabled'] = true | |
72 | + | |
73 | +### Default Theme | |
74 | +# gitlab_rails['gitlab_default_theme'] = 2 | |
75 | + | |
76 | +### Default project feature settings | |
77 | +# gitlab_rails['gitlab_default_projects_features_issues'] = true | |
78 | +# gitlab_rails['gitlab_default_projects_features_merge_requests'] = true | |
79 | +# gitlab_rails['gitlab_default_projects_features_wiki'] = true | |
80 | +# gitlab_rails['gitlab_default_projects_features_snippets'] = false | |
81 | +# gitlab_rails['gitlab_default_projects_features_builds'] = true | |
82 | +# gitlab_rails['gitlab_default_projects_features_container_registry'] = true | |
83 | + | |
84 | +### Automatic issue closing | |
85 | +###! See https://docs.gitlab.com/ce/customization/issue_closing.html for more | |
86 | +###! information about this pattern. | |
87 | +# gitlab_rails['gitlab_issue_closing_pattern'] = "((?:[Cc]los(?:e[sd]?|ing)|[Ff]ix(?:e[sd]|ing)?) +(?:(?:issues? +)?%{issue_ref}(?:(?:, *| +and +)?))+)" | |
88 | + | |
89 | +### Download location | |
90 | +###! When a user clicks e.g. 'Download zip' on a project, a temporary zip file | |
91 | +###! is created in the following directory. | |
92 | +# gitlab_rails['gitlab_repository_downloads_path'] = 'tmp/repositories' | |
93 | + | |
94 | +### Gravatar Settings | |
95 | +# gitlab_rails['gravatar_plain_url'] = 'http://www.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon' | |
96 | +# gitlab_rails['gravatar_ssl_url'] = 'https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon' | |
97 | + | |
98 | +### Auxiliary jobs | |
99 | +###! Periodically executed jobs, to self-heal Gitlab, do external | |
100 | +###! synchronizations, etc. | |
101 | +###! Docs: https://github.com/ondrejbartas/sidekiq-cron#adding-cron-job | |
102 | +###! https://docs.gitlab.com/ce/ci/yaml/README.html#artifacts:expire_in | |
103 | +# gitlab_rails['stuck_ci_builds_worker_cron'] = "0 0 * * *" | |
104 | +# gitlab_rails['expire_build_artifacts_worker_cron'] = "50 * * * *" | |
105 | +# gitlab_rails['repository_check_worker_cron'] = "20 * * * *" | |
106 | +# gitlab_rails['admin_email_worker_cron'] = "0 0 * * 0" | |
107 | +# gitlab_rails['repository_archive_cache_worker_cron'] = "0 * * * *" | |
108 | + | |
109 | +### Webhook Settings | |
110 | +###! Number of seconds to wait for HTTP response after sending webhook HTTP POST | |
111 | +###! request (default: 10) | |
112 | +# gitlab_rails['webhook_timeout'] = 10 | |
113 | + | |
114 | +### Trusted proxies | |
115 | +###! Customize if you have GitLab behind a reverse proxy which is running on a | |
116 | +###! different machine. | |
117 | +###! **Add the IP address for your reverse proxy to the list, otherwise users | |
118 | +###! will appear signed in from that address.** | |
119 | +# gitlab_rails['trusted_proxies'] = [] | |
120 | + | |
121 | +### Reply by email | |
122 | +###! Allow users to comment on issues and merge requests by replying to | |
123 | +###! notification emails. | |
124 | +###! Docs: https://docs.gitlab.com/ce/administration/reply_by_email.html | |
125 | +# gitlab_rails['incoming_email_enabled'] = true | |
126 | + | |
127 | +#### Incoming Email Address | |
128 | +####! The email address including the `%{key}` placeholder that will be replaced | |
129 | +####! to reference the item being replied to. | |
130 | +####! **The placeholder can be omitted but if present, it must appear in the | |
131 | +####! "user" part of the address (before the `@`).** | |
132 | +# gitlab_rails['incoming_email_address'] = "gitlab-incoming+%{key}@gmail.com" | |
133 | + | |
134 | +#### Email account username | |
135 | +####! **With third party providers, this is usually the full email address.** | |
136 | +####! **With self-hosted email servers, this is usually the user part of the | |
137 | +####! email address.** | |
138 | +# gitlab_rails['incoming_email_email'] = "gitlab-incoming@gmail.com" | |
139 | + | |
140 | +#### Email account password | |
141 | +# gitlab_rails['incoming_email_password'] = "[REDACTED]" | |
142 | + | |
143 | +#### IMAP Settings | |
144 | +# gitlab_rails['incoming_email_host'] = "imap.gmail.com" | |
145 | +# gitlab_rails['incoming_email_port'] = 993 | |
146 | +# gitlab_rails['incoming_email_ssl'] = true | |
147 | +# gitlab_rails['incoming_email_start_tls'] = false | |
148 | + | |
149 | +#### Incoming Mailbox Settings | |
150 | +####! The mailbox where incoming mail will end up. Usually "inbox". | |
151 | +# gitlab_rails['incoming_email_mailbox_name'] = "inbox" | |
152 | +####! The location where incoming mails will be logged. | |
153 | +# gitlab_rails['incoming_email_log_directory'] = "/var/log/gitlab/mailroom" | |
154 | + | |
155 | +### Build Artifacts | |
156 | +# gitlab_rails['artifacts_enabled'] = true | |
157 | +# gitlab_rails['artifacts_path'] = "/mnt/storage/artifacts" | |
158 | + | |
159 | +### Git LFS | |
160 | +# gitlab_rails['lfs_enabled'] = true | |
161 | +# gitlab_rails['lfs_storage_path'] = "/mnt/storage/lfs-objects" | |
162 | + | |
163 | +### GitLab Mattermost | |
164 | +###! These settings are void if Mattermost is installed on the same omnibus | |
165 | +###! install | |
166 | +# gitlab_rails['mattermost_host'] = "https://mattermost.example.com" | |
167 | + | |
168 | +### LDAP Settings | |
169 | +###! Docs: https://docs.gitlab.com/omnibus/settings/ldap.html | |
170 | +###! **Be careful not to break the indentation in the ldap_servers block. It is | |
171 | +###! in yaml format and the spaces must be retained. Using tabs will not work.** | |
172 | + | |
173 | +# gitlab_rails['ldap_enabled'] = false | |
174 | + | |
175 | +###! **remember to close this block with 'EOS' below** | |
176 | +# gitlab_rails['ldap_servers'] = YAML.load <<-'EOS' | |
177 | +# main: # 'main' is the GitLab 'provider ID' of this LDAP server | |
178 | +# label: 'LDAP' | |
179 | +# host: '_your_ldap_server' | |
180 | +# port: 389 | |
181 | +# uid: 'sAMAccountName' | |
182 | +# method: 'plain' # "tls" or "ssl" or "plain" | |
183 | +# bind_dn: '_the_full_dn_of_the_user_you_will_bind_with' | |
184 | +# password: '_the_password_of_the_bind_user' | |
185 | +# active_directory: true | |
186 | +# allow_username_or_email_login: false | |
187 | +# block_auto_created_users: false | |
188 | +# base: '' | |
189 | +# user_filter: '' | |
190 | +# attributes: | |
191 | +# username: ['uid', 'userid', 'sAMAccountName'] | |
192 | +# email: ['mail', 'email', 'userPrincipalName'] | |
193 | +# name: 'cn' | |
194 | +# first_name: 'givenName' | |
195 | +# last_name: 'sn' | |
196 | +# ## EE only | |
197 | +# group_base: '' | |
198 | +# admin_group: '' | |
199 | +# sync_ssh_keys: false | |
200 | +# | |
201 | +# secondary: # 'secondary' is the GitLab 'provider ID' of second LDAP server | |
202 | +# label: 'LDAP' | |
203 | +# host: '_your_ldap_server' | |
204 | +# port: 389 | |
205 | +# uid: 'sAMAccountName' | |
206 | +# method: 'plain' # "tls" or "ssl" or "plain" | |
207 | +# bind_dn: '_the_full_dn_of_the_user_you_will_bind_with' | |
208 | +# password: '_the_password_of_the_bind_user' | |
209 | +# active_directory: true | |
210 | +# allow_username_or_email_login: false | |
211 | +# block_auto_created_users: false | |
212 | +# base: '' | |
213 | +# user_filter: '' | |
214 | +# attributes: | |
215 | +# username: ['uid', 'userid', 'sAMAccountName'] | |
216 | +# email: ['mail', 'email', 'userPrincipalName'] | |
217 | +# name: 'cn' | |
218 | +# first_name: 'givenName' | |
219 | +# last_name: 'sn' | |
220 | +# ## EE only | |
221 | +# group_base: '' | |
222 | +# admin_group: '' | |
223 | +# sync_ssh_keys: false | |
224 | +# EOS | |
225 | + | |
226 | +### OmniAuth Settings | |
227 | +###! Docs: https://docs.gitlab.com/ce/integration/omniauth.html | |
228 | +# gitlab_rails['omniauth_enabled'] = false | |
229 | +# gitlab_rails['omniauth_allow_single_sign_on'] = ['saml'] | |
230 | +# gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'saml' | |
231 | +# gitlab_rails['omniauth_block_auto_created_users'] = true | |
232 | +# gitlab_rails['omniauth_auto_link_ldap_user'] = false | |
233 | +# gitlab_rails['omniauth_auto_link_saml_user'] = false | |
234 | +# gitlab_rails['omniauth_external_providers'] = ['twitter', 'google_oauth2'] | |
235 | +# gitlab_rails['omniauth_providers'] = [ | |
236 | +# { | |
237 | +# "name" => "google_oauth2", | |
238 | +# "app_id" => "YOUR APP ID", | |
239 | +# "app_secret" => "YOUR APP SECRET", | |
240 | +# "args" => { "access_type" => "offline", "approval_prompt" => "" } | |
241 | +# } | |
242 | +# ] | |
243 | + | |
244 | +###! **If you setup Bitbucket importer under omniauth providers you will need to | |
245 | +###! add the keys which will allow connection between Bitbucket and GitLab.** | |
246 | +###! Docs: https://docs.gitlab.com/ce/integration/bitbucket.html | |
247 | +# gitlab_rails['bitbucket'] = { | |
248 | +# 'known_hosts_key' => 'bitbucket.org,207.223.240.182 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw==', | |
249 | +# 'private_key' => '-----BEGIN RSA PRIVATE KEY----- | |
250 | +# MIIEowIBAAKCAQEAyXxYHwz2KjcwSjTREwlhYHqrf/8U0UM8ej3cqQ551gE4Wo3t | |
251 | +# -----END RSA PRIVATE KEY-----', | |
252 | +# 'public_key' => 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJfFgfDPYqN git@gitlab.example.com' | |
253 | +# } | |
254 | + | |
255 | +### Backup Settings | |
256 | +###! Docs: https://docs.gitlab.com/omnibus/settings/backups.html | |
257 | + | |
258 | +# gitlab_rails['manage_backup_path'] = true | |
259 | +# gitlab_rails['backup_path'] = "/var/opt/gitlab/backups" | |
260 | + | |
261 | +###! Docs: https://docs.gitlab.com/ce/raketasks/backup_restore.html#backup-archive-permissions | |
262 | +# gitlab_rails['backup_archive_permissions'] = 0644 | |
263 | + | |
264 | +# gitlab_rails['backup_pg_schema'] = 'public' | |
265 | +# gitlab_rails['backup_keep_time'] = 604800 | |
266 | +# gitlab_rails['backup_upload_connection'] = { | |
267 | +# 'provider' => 'AWS', | |
268 | +# 'region' => 'eu-west-1', | |
269 | +# 'aws_access_key_id' => 'AKIAKIAKI', | |
270 | +# 'aws_secret_access_key' => 'secret123' | |
271 | +# } | |
272 | +# gitlab_rails['backup_upload_remote_directory'] = 'my.s3.bucket' | |
273 | +# gitlab_rails['backup_multipart_chunk_size'] = 104857600 | |
274 | + | |
275 | +###! **Turns on AWS Server-Side Encryption with Amazon S3-Managed Keys for | |
276 | +###! backups** | |
277 | +# gitlab_rails['backup_encryption'] = 'AES256' | |
278 | + | |
279 | +### For setting up different data storing directory | |
280 | +###! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#storing-git-data-in-an-alternative-directory | |
281 | +###! **If you want to use a single non-default directory to store git data use a | |
282 | +###! path that doesn't contain symlinks.** | |
283 | +# git_data_dirs({"default" => "/var/opt/gitlab/git-data"}) | |
284 | + | |
285 | +### For storing GitLab application uploads, eg. LFS objects, build artifacts | |
286 | +###! Docs: https://docs.gitlab.com/ce/development/shared_files.html | |
287 | +# gitlab_rails['shared_path'] = '/var/opt/gitlab/gitlab-rails/shared' | |
288 | + | |
289 | + | |
290 | +### DEPRECATED: gitlab_rails['satellites_timeout'] = 30 | |
291 | + | |
292 | +### GitLab Shell settings for GitLab | |
293 | +# gitlab_rails['gitlab_shell_ssh_port'] = 22 | |
294 | +# gitlab_rails['git_max_size'] = 20971520 | |
295 | +# gitlab_rails['git_timeout'] = 10 | |
296 | + | |
297 | +### Extra customization | |
298 | +# gitlab_rails['extra_google_analytics_id'] = '_your_tracking_id' | |
299 | +# gitlab_rails['extra_piwik_url'] = '_your_piwik_url' | |
300 | +# gitlab_rails['extra_piwik_site_id'] = '_your_piwik_site_id' | |
301 | + | |
302 | +##! Docs: https://docs.gitlab.com/omnibus/settings/environment-variables.html | |
303 | +# gitlab_rails['env'] = { | |
304 | +# 'BUNDLE_GEMFILE' => "/opt/gitlab/embedded/service/gitlab-rails/Gemfile", | |
305 | +# 'PATH' => "/opt/gitlab/bin:/opt/gitlab/embedded/bin:/bin:/usr/bin" | |
306 | +# } | |
307 | + | |
308 | +# gitlab_rails['rack_attack_git_basic_auth'] = { | |
309 | +# 'enabled' => true, | |
310 | +# 'ip_whitelist' => ["127.0.0.1"], | |
311 | +# 'maxretry' => 10, | |
312 | +# 'findtime' => 60, | |
313 | +# 'bantime' => 3600 | |
314 | +# } | |
315 | + | |
316 | +# gitlab_rails['rack_attack_protected_paths'] = [ | |
317 | +# '/users/password', | |
318 | +# '/users/sign_in', | |
319 | +# '/api/#{API::API.version}/session.json', | |
320 | +# '/api/#{API::API.version}/session', | |
321 | +# '/users', | |
322 | +# '/users/confirmation', | |
323 | +# '/unsubscribes/', | |
324 | +# '/import/github/personal_access_token' | |
325 | +# ] | |
326 | + | |
327 | +###! **We do not recommend changing these directories.** | |
328 | +# gitlab_rails['dir'] = "/var/opt/gitlab/gitlab-rails" | |
329 | +# gitlab_rails['log_directory'] = "/var/log/gitlab/gitlab-rails" | |
330 | + | |
331 | +### GitLab application settings | |
332 | +# gitlab_rails['uploads_directory'] = "/var/opt/gitlab/gitlab-rails/uploads" | |
333 | +# gitlab_rails['rate_limit_requests_per_period'] = 10 | |
334 | +# gitlab_rails['rate_limit_period'] = 60 | |
335 | + | |
336 | +#### Change the initial default admin password and shared runner registraion tokens. | |
337 | +####! **Only applicable on initial setup, changing these settings after database | |
338 | +####! is created and seeded won't yield any change.** | |
339 | +# gitlab_rails['initial_root_password'] = "password" | |
340 | +# gitlab_rails['initial_shared_runners_registration_token'] = "token" | |
341 | + | |
342 | +#### Enable or disable automatic database migrations | |
343 | +# gitlab_rails['auto_migrate'] = true | |
344 | + | |
345 | +### GitLab database settings | |
346 | +###! Docs: https://docs.gitlab.com/omnibus/settings/database.html | |
347 | +###! **Only needed if you use an external database.** | |
348 | +# gitlab_rails['db_adapter'] = "postgresql" | |
349 | +# gitlab_rails['db_encoding'] = "unicode" | |
350 | +# gitlab_rails['db_collation'] = nil | |
351 | +# gitlab_rails['db_database'] = "gitlabhq_production" | |
352 | +# gitlab_rails['db_pool'] = 10 | |
353 | +# gitlab_rails['db_username'] = "gitlab" | |
354 | +# gitlab_rails['db_password'] = nil | |
355 | +# gitlab_rails['db_host'] = nil | |
356 | +# gitlab_rails['db_port'] = 5432 | |
357 | +# gitlab_rails['db_socket'] = nil | |
358 | +# gitlab_rails['db_sslmode'] = nil | |
359 | +# gitlab_rails['db_sslrootcert'] = nil | |
360 | + | |
361 | + | |
362 | +### GitLab Redis settings | |
363 | +###! Connect to your own Redis instance | |
364 | +###! Docs: https://docs.gitlab.com/omnibus/settings/redis.html | |
365 | + | |
366 | +#### Redis TCP connection | |
367 | +# gitlab_rails['redis_host'] = "127.0.0.1" | |
368 | +# gitlab_rails['redis_port'] = 6379 | |
369 | +# gitlab_rails['redis_password'] = nil | |
370 | +# gitlab_rails['redis_database'] = 0 | |
371 | + | |
372 | +#### Redis local UNIX socket (will be disabled if TCP method is used) | |
373 | +# gitlab_rails['redis_socket'] = "/var/opt/gitlab/redis/redis.socket" | |
374 | + | |
375 | +#### Sentinel support | |
376 | +####! To have Sentinel working, you must enable Redis TCP connection support | |
377 | +####! above and define a few Sentinel hosts below (to get a reliable setup | |
378 | +####! at least 3 hosts). | |
379 | +####! **You don't need to list every sentinel host, but the ones not listed will | |
380 | +####! not be used in a fail-over situation to query for the new master.** | |
381 | +# gitlab_rails['redis_sentinels'] = [ | |
382 | +# {'host' => '127.0.0.1', 'port' => 26379}, | |
383 | +# ] | |
384 | + | |
385 | +### GitLab email server settings | |
386 | +###! Docs: https://docs.gitlab.com/omnibus/settings/smtp.html | |
387 | +###! **Use smtp instead of sendmail/postfix.** | |
388 | + | |
389 | +# gitlab_rails['smtp_enable'] = true | |
390 | +# gitlab_rails['smtp_address'] = "smtp.server" | |
391 | +# gitlab_rails['smtp_port'] = 465 | |
392 | +# gitlab_rails['smtp_user_name'] = "smtp user" | |
393 | +# gitlab_rails['smtp_password'] = "smtp password" | |
394 | +# gitlab_rails['smtp_domain'] = "example.com" | |
395 | +# gitlab_rails['smtp_authentication'] = "login" | |
396 | +# gitlab_rails['smtp_enable_starttls_auto'] = true | |
397 | +# gitlab_rails['smtp_tls'] = false | |
398 | + | |
399 | +###! **Can be: 'none', 'peer', 'client_once', 'fail_if_no_peer_cert'** | |
400 | +###! Docs: http://api.rubyonrails.org/classes/ActionMailer/Base.html | |
401 | +# gitlab_rails['smtp_openssl_verify_mode'] = 'none' | |
402 | + | |
403 | +# gitlab_rails['smtp_ca_path'] = "/etc/ssl/certs" | |
404 | +# gitlab_rails['smtp_ca_file'] = "/etc/ssl/certs/ca-certificates.crt" | |
405 | + | |
406 | +################################################################################ | |
407 | +## Container Registry settings | |
408 | +##! Docs: https://docs.gitlab.com/ce/administration/container_registry.html | |
409 | +################################################################################ | |
410 | + | |
411 | +# registry_external_url 'https://registry.gitlab.example.com' | |
412 | + | |
413 | +### Settings used by GitLab application | |
414 | +# gitlab_rails['registry_enabled'] = true | |
415 | +# gitlab_rails['registry_host'] = "registry.gitlab.example.com" | |
416 | +# gitlab_rails['registry_port'] = "5005" | |
417 | +# gitlab_rails['registry_path'] = "/var/opt/gitlab/gitlab-rails/shared/registry" | |
418 | + | |
419 | +###! **Do not change the following 3 settings unless you know what you are | |
420 | +###! doing** | |
421 | +# gitlab_rails['registry_api_url'] = "http://localhost:5000" | |
422 | +# gitlab_rails['registry_key_path'] = "/var/opt/gitlab/gitlab-rails/certificate.key" | |
423 | +# gitlab_rails['registry_issuer'] = "omnibus-gitlab-issuer" | |
424 | + | |
425 | +### Settings used by Registry application | |
426 | +# registry['enable'] = true | |
427 | +# registry['username'] = "registry" | |
428 | +# registry['group'] = "registry" | |
429 | +# registry['uid'] = nil | |
430 | +# registry['gid'] = nil | |
431 | +# registry['dir'] = "/var/opt/gitlab/registry" | |
432 | +# registry['registry_http_addr'] = "localhost:5000" | |
433 | +# registry['debug_addr'] = "localhost:5001" | |
434 | +# registry['log_directory'] = "/var/log/gitlab/registry" | |
435 | +# registry['log_level'] = "info" | |
436 | +# registry['rootcertbundle'] = "/var/opt/gitlab/registry/certificate.crt" | |
437 | +# registry['storage_delete_enabled'] = true | |
438 | + | |
439 | +### Registry backend storage | |
440 | +###! Docs: https://docs.gitlab.com/ce/administration/container_registry.html#container-registry-storage-driver | |
441 | +# registry['storage'] = { | |
442 | +# 's3' => { | |
443 | +# 'accesskey' => 'AKIAKIAKI', | |
444 | +# 'secretkey' => 'secret123', | |
445 | +# 'bucket' => 'gitlab-registry-bucket-AKIAKIAKI' | |
446 | +# } | |
447 | +# } | |
448 | + | |
449 | + | |
450 | +################################################################################ | |
451 | +## GitLab Workhorse | |
452 | +##! Docs: https://gitlab.com/gitlab-org/gitlab-workhorse/blob/master/README.md | |
453 | +################################################################################ | |
454 | + | |
455 | +# gitlab_workhorse['enable'] = true | |
456 | +# gitlab_workhorse['ha'] = false | |
457 | +# gitlab_workhorse['listen_network'] = "unix" | |
458 | +# gitlab_workhorse['listen_umask'] = 000 | |
459 | +# gitlab_workhorse['listen_addr'] = "/var/opt/gitlab/gitlab-workhorse/socket" | |
460 | +# gitlab_workhorse['auth_backend'] = "http://localhost:8080" | |
461 | + | |
462 | +##! the empty string is the default in gitlab-workhorse option parser | |
463 | +# gitlab_workhorse['auth_socket'] = "''" | |
464 | + | |
465 | +##! put an empty string on the command line | |
466 | +# gitlab_workhorse['pprof_listen_addr'] = "''" | |
467 | + | |
468 | +##! put an empty string on the command line | |
469 | +# gitlab_workhorse['prometheus_listen_addr'] = "''" | |
470 | + | |
471 | +# gitlab_workhorse['dir'] = "/var/opt/gitlab/gitlab-workhorse" | |
472 | +# gitlab_workhorse['log_directory'] = "/var/log/gitlab/gitlab-workhorse" | |
473 | +# gitlab_workhorse['proxy_headers_timeout'] = "1m0s" | |
474 | + | |
475 | +##! limit number of concurrent API requests, defaults to 0 which is unlimited | |
476 | +# gitlab_workhorse['api_limit'] = 0 | |
477 | + | |
478 | +##! limit number of API requests allowed to be queued, defaults to 0 which | |
479 | +##! disables queuing | |
480 | +# gitlab_workhorse['api_queue_limit'] = 0 | |
481 | + | |
482 | +##! duration after which we timeout requests if they sit too long in the queue | |
483 | +# gitlab_workhorse['api_queue_duration'] = "30s" | |
484 | + | |
485 | +# gitlab_workhorse['env'] = { | |
486 | +# 'PATH' => "/opt/gitlab/bin:/opt/gitlab/embedded/bin:/bin:/usr/bin" | |
487 | +# } | |
488 | + | |
489 | +################################################################################ | |
490 | +## GitLab User Settings | |
491 | +##! Modify default git user. | |
492 | +##! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#changing-the-name-of-the-git-user-group | |
493 | +################################################################################ | |
494 | + | |
495 | +# user['username'] = "git" | |
496 | +# user['group'] = "git" | |
497 | +# user['uid'] = nil | |
498 | +# user['gid'] = nil | |
499 | + | |
500 | +##! The shell for the git user | |
501 | +# user['shell'] = "/bin/sh" | |
502 | + | |
503 | +##! The home directory for the git user | |
504 | +# user['home'] = "/var/opt/gitlab" | |
505 | + | |
506 | +# user['git_user_name'] = "GitLab" | |
507 | +# user['git_user_email'] = "gitlab@#{node['fqdn']}" | |
508 | + | |
509 | +################################################################################ | |
510 | +## GitLab Unicorn | |
511 | +##! Tweak unicorn settings. | |
512 | +##! Docs: https://docs.gitlab.com/omnibus/settings/unicorn.html | |
513 | +################################################################################ | |
514 | + | |
515 | +# unicorn['worker_timeout'] = 60 | |
516 | +# unicorn['worker_processes'] = 2 | |
517 | + | |
518 | +### Advanced settings | |
519 | +# unicorn['listen'] = '127.0.0.1' | |
520 | +# unicorn['port'] = 8080 | |
521 | +# unicorn['socket'] = '/var/opt/gitlab/gitlab-rails/sockets/gitlab.socket' | |
522 | +# unicorn['pidfile'] = '/opt/gitlab/var/unicorn/unicorn.pid' | |
523 | +# unicorn['tcp_nopush'] = true | |
524 | +# unicorn['backlog_socket'] = 1024 | |
525 | + | |
526 | +###! **Make sure somaxconn is equal or higher then backlog_socket** | |
527 | +# unicorn['somaxconn'] = 1024 | |
528 | + | |
529 | +###! **We do not recommend changing this setting** | |
530 | +# unicorn['log_directory'] = "/var/log/gitlab/unicorn" | |
531 | + | |
532 | +### **Only change these settings if you understand well what they mean** | |
533 | +###! Docs: https://about.gitlab.com/2015/06/05/how-gitlab-uses-unicorn-and-unicorn-worker-killer/ | |
534 | +###! https://github.com/kzk/unicorn-worker-killer | |
535 | +# unicorn['worker_memory_limit_min'] = "400 * 1 << 20" | |
536 | +# unicorn['worker_memory_limit_max'] = "650 * 1 << 20" | |
537 | + | |
538 | +################################################################################ | |
539 | +## GitLab Sidekiq | |
540 | +################################################################################ | |
541 | + | |
542 | +# sidekiq['log_directory'] = "/var/log/gitlab/sidekiq" | |
543 | +# sidekiq['shutdown_timeout'] = 4 | |
544 | +# sidekiq['concurrency'] = 25 | |
545 | + | |
546 | +################################################################################ | |
547 | +## gitlab-shell | |
548 | +################################################################################ | |
549 | + | |
550 | +# gitlab_shell['audit_usernames'] = false | |
551 | +# gitlab_shell['log_level'] = 'INFO' | |
552 | +# gitlab_shell['http_settings'] = { user: 'username', password: 'password', ca_file: '/etc/ssl/cert.pem', ca_path: '/etc/pki/tls/certs', self_signed_cert: false} | |
553 | +# gitlab_shell['log_directory'] = "/var/log/gitlab/gitlab-shell/" | |
554 | +# gitlab_shell['custom_hooks_dir'] = "/opt/gitlab/embedded/service/gitlab-shell/hooks" | |
555 | + | |
556 | +##! **If enabled, git-annex needs to be installed on the server where GitLab is | |
557 | +##! setup. | |
558 | +##! For Debian and Ubuntu systems this can be done with: | |
559 | +##! `sudo apt-get install git-annex`. | |
560 | +##! For CentOS: | |
561 | +##! `sudo yum install epel-release && sudo yum install git-annex`** | |
562 | +# gitlab_shell['git_annex_enabled'] = false | |
563 | + | |
564 | +# gitlab_shell['auth_file'] = "/var/opt/gitlab/.ssh/authorized_keys" | |
565 | + | |
566 | +### Git trace log file. | |
567 | +###! If set, git commands receive GIT_TRACE* environment variables | |
568 | +###! Docs: https://git-scm.com/book/es/v2/Git-Internals-Environment-Variables#Debugging | |
569 | +###! An absolute path starting with / – the trace output will be appended to | |
570 | +###! that file. It needs to exist so we can check permissions and avoid | |
571 | +###! throwing warnings to the users. | |
572 | +# gitlab_shell['git_trace_log_file'] = "/var/log/gitlab/gitlab-shell/gitlab-shell-git-trace.log" | |
573 | + | |
574 | +##! **We do not recommend changing this directory.** | |
575 | +# gitlab_shell['dir'] = "/var/opt/gitlab/gitlab-shell" | |
576 | + | |
577 | +################################################################ | |
578 | +## GitLab PostgreSQL | |
579 | +################################################################ | |
580 | + | |
581 | +# postgresql['enable'] = true | |
582 | +# postgresql['listen_address'] = nil | |
583 | +# postgresql['port'] = 5432 | |
584 | +# postgresql['data_dir'] = "/var/opt/gitlab/postgresql/data" | |
585 | + | |
586 | +##! **recommend value is 1/4 of total RAM, up to 14GB.** | |
587 | +# postgresql['shared_buffers'] = "256MB" | |
588 | + | |
589 | +### Advanced settings | |
590 | +# postgresql['ha'] = false | |
591 | +# postgresql['dir'] = "/var/opt/gitlab/postgresql" | |
592 | +# postgresql['log_directory'] = "/var/log/gitlab/postgresql" | |
593 | +# postgresql['username'] = "gitlab-psql" | |
594 | +# postgresql['uid'] = nil | |
595 | +# postgresql['gid'] = nil | |
596 | +# postgresql['shell'] = "/bin/sh" | |
597 | +# postgresql['home'] = "/var/opt/gitlab/postgresql" | |
598 | +# postgresql['user_path'] = "/opt/gitlab/embedded/bin:/opt/gitlab/bin:$PATH" | |
599 | +# postgresql['sql_user'] = "gitlab" | |
600 | +# postgresql['sql_ci_user'] = "gitlab_ci" | |
601 | +# postgresql['max_connections'] = 200 | |
602 | +# postgresql['md5_auth_cidr_addresses'] = [] | |
603 | +# postgresql['trust_auth_cidr_addresses'] = [] | |
604 | +# postgresql['shmmax'] = 17179869184 # or 4294967295 | |
605 | +# postgresql['shmall'] = 4194304 # or 1048575 | |
606 | +# postgresql['work_mem'] = "8MB" | |
607 | +# postgresql['maintenance_work_mem'] = "16MB" | |
608 | +# postgresql['effective_cache_size'] = "1MB" | |
609 | +# postgresql['checkpoint_segments'] = 10 | |
610 | +# postgresql['checkpoint_timeout'] = "5min" | |
611 | +# postgresql['checkpoint_completion_target'] = 0.9 | |
612 | +# postgresql['checkpoint_warning'] = "30s" | |
613 | +# postgresql['wal_buffers'] = "-1" | |
614 | +# postgresql['autovacuum'] = "on" | |
615 | +# postgresql['log_autovacuum_min_duration'] = "-1" | |
616 | +# postgresql['autovacuum_max_workers'] = "3" | |
617 | +# postgresql['autovacuum_naptime'] = "1min" | |
618 | +# postgresql['autovacuum_vacuum_threshold'] = "50" | |
619 | +# postgresql['autovacuum_analyze_threshold'] = "50" | |
620 | +# postgresql['autovacuum_vacuum_scale_factor'] = "0.02" | |
621 | +# postgresql['autovacuum_analyze_scale_factor'] = "0.01" | |
622 | +# postgresql['autovacuum_freeze_max_age'] = "200000000" | |
623 | +# postgresql['autovacuum_vacuum_cost_delay'] = "20ms" | |
624 | +# postgresql['autovacuum_vacuum_cost_limit'] = "-1" | |
625 | +# postgresql['statement_timeout'] = "0" | |
626 | +# postgresql['log_line_prefix'] = "%a" | |
627 | +# postgresql['track_activity_query_size'] = "1024" | |
628 | +# postgresql['shared_preload_libraries'] = nil | |
629 | + | |
630 | +### Replication settings | |
631 | +# postgresql['sql_replication_user'] = "gitlab_replicator" | |
632 | +# postgresql['wal_level'] = "hot_standby" | |
633 | +# postgresql['max_wal_senders'] = 5 | |
634 | +# postgresql['wal_keep_segments'] = 10 | |
635 | +# postgresql['hot_standby'] = "off" | |
636 | + | |
637 | +### Available in PostgreSQL 9.6 and later | |
638 | +# postgresql['min_wal_size'] = 80MB | |
639 | +# postgresql['max_wal_size'] = 1GB | |
640 | + | |
641 | +################################################################################ | |
642 | +## GitLab Redis | |
643 | +##! **Can be disabled if you are using your own Redis instance.** | |
644 | +##! Docs: https://docs.gitlab.com/omnibus/settings/redis.html | |
645 | +################################################################################ | |
646 | + | |
647 | +# redis['enable'] = true | |
648 | +# redis['username'] = "gitlab-redis" | |
649 | +# redis['maxclients'] = "10000" | |
650 | +# redis['tcp_timeout'] = "60" | |
651 | +# redis['tcp_keepalive'] = "300" | |
652 | +# redis['uid'] = nil | |
653 | +# redis['gid'] = nil | |
654 | + | |
655 | +###! **To enable only Redis service in this machine, uncomment | |
656 | +###! one of the lines below (choose master or slave instance types).** | |
657 | +###! Docs: https://docs.gitlab.com/omnibus/settings/redis.html | |
658 | +###! https://docs.gitlab.com/ce/administration/high_availability/redis.html | |
659 | +# redis_master_role['enable'] = true | |
660 | +# redis_slave_role['enable'] = true | |
661 | + | |
662 | +### Redis TCP support (will disable UNIX socket transport) | |
663 | +# redis['bind'] = '0.0.0.0' # or specify an IP to bind to a single one | |
664 | +# redis['port'] = 6379 | |
665 | +# redis['password'] = 'redis-password-goes-here' | |
666 | + | |
667 | +### Redis Sentinel support | |
668 | +###! **You need a master slave Redis replication to be able to do failover** | |
669 | +###! **Please read the documentation before enabling it to understand the | |
670 | +###! caveats:** | |
671 | +###! Docs: https://docs.gitlab.com/ce/administration/high_availability/redis.html | |
672 | + | |
673 | +### Replication support | |
674 | +#### Slave Redis instance | |
675 | +# redis['master'] = false # by default this is true | |
676 | + | |
677 | +#### Slave and Sentinel shared configuration | |
678 | +####! **Both need to point to the master Redis instance to get replication and | |
679 | +####! heartbeat monitoring** | |
680 | +# redis['master_name'] = 'gitlab-redis' | |
681 | +# redis['master_ip'] = nil | |
682 | +# redis['master_port'] = 6379 | |
683 | + | |
684 | +####! **Master password should have the same value defined in | |
685 | +####! redis['password'] to enable the instance to transition to/from | |
686 | +####! master/slave in a failover event.** | |
687 | +# redis['master_password'] = 'redis-password-goes-here' | |
688 | + | |
689 | +####! Increase these values when your slaves can't catch up with master | |
690 | +# redis['client_output_buffer_limit_normal'] = '0 0 0' | |
691 | +# redis['client_output_buffer_limit_slave'] = '256mb 64mb 60' | |
692 | +# redis['client_output_buffer_limit_pubsub'] = '32mb 8mb 60' | |
693 | + | |
694 | +################################################################################ | |
695 | +## GitLab Web server | |
696 | +##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#using-a-non-bundled-web-server | |
697 | +################################################################################ | |
698 | + | |
699 | +##! When bundled nginx is disabled we need to add the external webserver user to | |
700 | +##! the GitLab webserver group. | |
701 | +# web_server['external_users'] = [] | |
702 | +# web_server['username'] = 'gitlab-www' | |
703 | +# web_server['group'] = 'gitlab-www' | |
704 | +# web_server['uid'] = nil | |
705 | +# web_server['gid'] = nil | |
706 | +# web_server['shell'] = '/bin/false' | |
707 | +# web_server['home'] = '/var/opt/gitlab/nginx' | |
708 | + | |
709 | +################################################################################ | |
710 | +## GitLab Nginx | |
711 | +##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html | |
712 | +################################################################################ | |
713 | + | |
714 | +# nginx['enable'] = true | |
715 | +# nginx['client_max_body_size'] = '250m' | |
716 | +# nginx['redirect_http_to_https'] = false | |
717 | +# nginx['redirect_http_to_https_port'] = 80 | |
718 | + | |
719 | +##! Most root CA's are included by default | |
720 | +# nginx['ssl_client_certificate'] = "/etc/gitlab/ssl/ca.crt" | |
721 | + | |
722 | +##! enable/disable 2-way SSL client authentication | |
723 | +# nginx['ssl_verify_client'] = "off" | |
724 | + | |
725 | +##! if ssl_verify_client on, verification depth in the client certificates chain | |
726 | +# nginx['ssl_verify_depth'] = "1" | |
727 | + | |
728 | +# nginx['ssl_certificate'] = "/etc/gitlab/ssl/#{node['fqdn']}.crt" | |
729 | +# nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/#{node['fqdn']}.key" | |
730 | +# nginx['ssl_ciphers'] = "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256" | |
731 | +# nginx['ssl_prefer_server_ciphers'] = "on" | |
732 | + | |
733 | +##! **Recommended by: https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html | |
734 | +##! https://cipherli.st/** | |
735 | +# nginx['ssl_protocols'] = "TLSv1 TLSv1.1 TLSv1.2" | |
736 | + | |
737 | +##! **Recommended in: https://nginx.org/en/docs/http/ngx_http_ssl_module.html** | |
738 | +# nginx['ssl_session_cache'] = "builtin:1000 shared:SSL:10m" | |
739 | + | |
740 | +##! **Default according to https://nginx.org/en/docs/http/ngx_http_ssl_module.html** | |
741 | +# nginx['ssl_session_timeout'] = "5m" | |
742 | + | |
743 | +# nginx['ssl_dhparam'] = nil # Path to dhparams.pem, eg. /etc/gitlab/ssl/dhparams.pem | |
744 | +# nginx['listen_addresses'] = ['*', '[::]'] | |
745 | + | |
746 | +##! **Override only if you use a reverse proxy** | |
747 | +##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#setting-the-nginx-listen-port | |
748 | +# nginx['listen_port'] = nil | |
749 | + | |
750 | +##! **Override only if your reverse proxy internally communicates over HTTP** | |
751 | +##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#supporting-proxied-ssl | |
752 | +# nginx['listen_https'] = nil | |
753 | + | |
754 | +# nginx['custom_gitlab_server_config'] = "location ^~ /foo-namespace/bar-project/raw/ {\n deny all;\n}\n" | |
755 | +# nginx['custom_nginx_config'] = "include /etc/nginx/conf.d/example.conf;" | |
756 | +# nginx['proxy_read_timeout'] = 3600 | |
757 | +# nginx['proxy_connect_timeout'] = 300 | |
758 | +# nginx['proxy_set_headers'] = { | |
759 | +# "Host" => "$http_host", | |
760 | +# "X-Real-IP" => "$remote_addr", | |
761 | +# "X-Forwarded-For" => "$proxy_add_x_forwarded_for", | |
762 | +# "X-Forwarded-Proto" => "https", | |
763 | +# "X-Forwarded-Ssl" => "on", | |
764 | +# "Upgrade" => "$http_upgrade", | |
765 | +# "Connection" => "$connection_upgrade" | |
766 | +# } | |
767 | +# nginx['proxy_cache_path'] = 'proxy_cache keys_zone=gitlab:10m max_size=1g levels=1:2' | |
768 | +# nginx['proxy_cache'] = 'gitlab' | |
769 | +# nginx['http2_enabled'] = true | |
770 | +# nginx['real_ip_trusted_addresses'] = [] | |
771 | +# nginx['real_ip_header'] = nil | |
772 | +# nginx['real_ip_recursive'] = nil | |
773 | +# nginx['custom_error_pages'] = { | |
774 | +# '404' => { | |
775 | +# 'title' => 'Example title', | |
776 | +# 'header' => 'Example header', | |
777 | +# 'message' => 'Example message' | |
778 | +# } | |
779 | +# } | |
780 | + | |
781 | +### Advanced settings | |
782 | +# nginx['dir'] = "/var/opt/gitlab/nginx" | |
783 | +# nginx['log_directory'] = "/var/log/gitlab/nginx" | |
784 | +# nginx['worker_processes'] = 4 | |
785 | +# nginx['worker_connections'] = 10240 | |
786 | +# nginx['log_format'] = '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"' | |
787 | +# nginx['sendfile'] = 'on' | |
788 | +# nginx['tcp_nopush'] = 'on' | |
789 | +# nginx['tcp_nodelay'] = 'on' | |
790 | +# nginx['gzip'] = "on" | |
791 | +# nginx['gzip_http_version'] = "1.0" | |
792 | +# nginx['gzip_comp_level'] = "2" | |
793 | +# nginx['gzip_proxied'] = "any" | |
794 | +# nginx['gzip_types'] = [ "text/plain", "text/css", "application/x-javascript", "text/xml", "application/xml", "application/xml+rss", "text/javascript", "application/json" ] | |
795 | +# nginx['keepalive_timeout'] = 65 | |
796 | +# nginx['cache_max_size'] = '5000m' | |
797 | +# nginx['server_names_hash_bucket_size'] = 64 | |
798 | + | |
799 | +### Nginx status | |
800 | +# nginx['status'] = { | |
801 | +# "enable" => true, | |
802 | +# "listen_addresses" => ["127.0.0.1"], | |
803 | +# "fqdn" => "dev.example.com", | |
804 | +# "port" => 9999, | |
805 | +# "options" => { | |
806 | +# "stub_status" => "on", # Turn on stats | |
807 | +# "server_tokens" => "off", # Don't show the version of NGINX | |
808 | +# "access_log" => "on", # Disable logs for stats | |
809 | +# "allow" => "127.0.0.1", # Only allow access from localhost | |
810 | +# "deny" => "all" # Deny access to anyone else | |
811 | +# } | |
812 | +# } | |
813 | + | |
814 | +################################################################################ | |
815 | +## GitLab Logging | |
816 | +##! Docs: https://docs.gitlab.com/omnibus/settings/logs.html | |
817 | +################################################################################ | |
818 | + | |
819 | +# logging['svlogd_size'] = 200 * 1024 * 1024 # rotate after 200 MB of log data | |
820 | +# logging['svlogd_num'] = 30 # keep 30 rotated log files | |
821 | +# logging['svlogd_timeout'] = 24 * 60 * 60 # rotate after 24 hours | |
822 | +# logging['svlogd_filter'] = "gzip" # compress logs with gzip | |
823 | +# logging['svlogd_udp'] = nil # transmit log messages via UDP | |
824 | +# logging['svlogd_prefix'] = nil # custom prefix for log messages | |
825 | +# logging['logrotate_frequency'] = "daily" # rotate logs daily | |
826 | +# logging['logrotate_size'] = nil # do not rotate by size by default | |
827 | +# logging['logrotate_rotate'] = 30 # keep 30 rotated logs | |
828 | +# logging['logrotate_compress'] = "compress" # see 'man logrotate' | |
829 | +# logging['logrotate_method'] = "copytruncate" # see 'man logrotate' | |
830 | +# logging['logrotate_postrotate'] = nil # no postrotate command by default | |
831 | +# logging['logrotate_dateformat'] = nil # use date extensions for rotated files rather than numbers e.g. a value of "-%Y-%m-%d" would give rotated files like production.log-2016-03-09.gz | |
832 | + | |
833 | +### EE only | |
834 | +###! remote host to ship log messages to via UDP | |
835 | +# logging['udp_log_shipping_host'] = nil | |
836 | + | |
837 | +###! remote port to ship log messages to via UDP | |
838 | +# logging['udp_log_shipping_port'] = 514 | |
839 | + | |
840 | +################################################################################ | |
841 | +## Logrotate | |
842 | +##! Docs: https://docs.gitlab.com/omnibus/settings/logs.html#logrotate | |
843 | +##! You can disable built in logrotate feature. | |
844 | +################################################################################ | |
845 | +# logrotate['enable'] = true | |
846 | + | |
847 | +################################################################################ | |
848 | +## Users and groups accounts | |
849 | +##! Disable management of users and groups accounts. | |
850 | +##! **Set only if creating accounts manually** | |
851 | +##! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#disable-user-and-group-account-management | |
852 | +################################################################################ | |
853 | + | |
854 | +# manage_accounts['enable'] = false | |
855 | + | |
856 | +################################################################################ | |
857 | +## Storage directories | |
858 | +##! Disable managing storage directories | |
859 | +##! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#disable-storage-directories-management | |
860 | +################################################################################ | |
861 | + | |
862 | +##! **Set only if the select directories are created manually** | |
863 | +# manage_storage_directories['enable'] = false | |
864 | +# manage_storage_directories['manage_etc'] = false | |
865 | + | |
866 | +################################################################################ | |
867 | +## Git | |
868 | +##! Advanced setting for configuring git system settings for omnibus-gitlab | |
869 | +##! internal git | |
870 | +################################################################################ | |
871 | + | |
872 | +##! For multiple options under one header use array of comma separated values, | |
873 | +##! eg.: | |
874 | +##! { "receive" => ["fsckObjects = true"], "alias" => ["st = status", "co = checkout"] } | |
875 | + | |
876 | +# omnibus_gitconfig['system'] = { | |
877 | +# "pack" => ["threads = 1"], | |
878 | +# "receive" => ["fsckObjects = true"], | |
879 | +# "repack" => ["writeBitmaps = true"], | |
880 | +# "transfer" => ["hideRefs=^refs/tmp/", "hideRefs=^refs/keep-around/"], | |
881 | +# } | |
882 | + | |
883 | +################################################################################ | |
884 | +## GitLab CI | |
885 | +##! Docs: https://docs.gitlab.com/omnibus/gitlab-ci/README.html | |
886 | +################################################################################ | |
887 | + | |
888 | +# gitlab_ci['gitlab_ci_all_broken_builds'] = true | |
889 | +# gitlab_ci['gitlab_ci_add_pusher'] = true | |
890 | +# gitlab_ci['builds_directory'] = '/var/opt/gitlab/gitlab-ci/builds' | |
891 | + | |
892 | +### DEPRECATED: ci_external_url 'http://ci.example.com' | |
893 | + | |
894 | +################################################################################ | |
895 | +## GitLab Mattermost | |
896 | +##! Docs: https://docs.gitlab.com/omnibus/gitlab-mattermost | |
897 | +################################################################################ | |
898 | + | |
899 | +# mattermost_external_url 'http://mattermost.example.com' | |
900 | + | |
901 | +# mattermost['enable'] = false | |
902 | +# mattermost['username'] = 'mattermost' | |
903 | +# mattermost['group'] = 'mattermost' | |
904 | +# mattermost['uid'] = nil | |
905 | +# mattermost['gid'] = nil | |
906 | +# mattermost['home'] = '/var/opt/gitlab/mattermost' | |
907 | +# mattermost['database_name'] = 'mattermost_production' | |
908 | + | |
909 | +# mattermost['service_use_ssl'] = false | |
910 | +# mattermost['service_address'] = "127.0.0.1" | |
911 | +# mattermost['service_port'] = "8065" | |
912 | +# mattermost['service_site_url'] = nil | |
913 | +# mattermost['service_maximum_login_attempts'] = 10 | |
914 | +# mattermost['service_segment_developer_key'] = nil | |
915 | +# mattermost['service_google_developer_key'] = nil | |
916 | +# mattermost['service_enable_incoming_webhooks'] = true | |
917 | +# mattermost['service_enable_post_username_override'] = true | |
918 | +# mattermost['service_enable_post_icon_override'] = true | |
919 | +# mattermost['service_enable_testing'] = false | |
920 | +# mattermost['service_enable_security_fix_alert'] = true | |
921 | +# mattermost['service_enable_insecure_outgoing_connections'] = false | |
922 | +# mattermost['service_allow_cors_from'] = "" | |
923 | +# mattermost['service_enable_outgoing_webhooks'] = true | |
924 | +# mattermost['service_enable_commands'] = true | |
925 | +# mattermost['service_enable_custom_emoji'] = false | |
926 | +# mattermost['service_enable_only_admin_integrations'] = true | |
927 | +# mattermost['service_enable_oauth_service_provider'] = false | |
928 | +# mattermost['service_enable_developer'] = false | |
929 | +# mattermost['service_session_length_web_in_days'] = 30 | |
930 | +# mattermost['service_session_length_mobile_in_days'] = 30 | |
931 | +# mattermost['service_session_length_sso_in_days'] = 30 | |
932 | +# mattermost['service_session_cache_in_minutes'] = 10 | |
933 | +# mattermost['service_connection_security'] = nil | |
934 | +# mattermost['service_tls_cert_file'] = nil | |
935 | +# mattermost['service_tls_key_file'] = nil | |
936 | +# mattermost['service_use_lets_encrypt'] = false | |
937 | +# mattermost['service_lets_encrypt_cert_cache_file'] = "./config/letsencrypt.cache" | |
938 | +# mattermost['service_forward_80_to_443'] = false | |
939 | +# mattermost['service_read_timeout'] = 300 | |
940 | +# mattermost['service_write_timeout'] = 300 | |
941 | + | |
942 | +# mattermost['team_site_name'] = "GitLab Mattermost" | |
943 | +# mattermost['team_max_users_per_team'] = 150 | |
944 | +# mattermost['team_enable_team_creation'] = true | |
945 | +# mattermost['team_enable_user_creation'] = true | |
946 | +# mattermost['team_enable_open_server'] = false | |
947 | +# mattermost['team_allow_public_link'] = true | |
948 | +# mattermost['team_allow_valet_default'] = false | |
949 | +# mattermost['team_restrict_creation_to_domains'] = "gmail.com" | |
950 | +# mattermost['team_restrict_team_names'] = true | |
951 | +# mattermost['team_restrict_direct_message'] = "any" | |
952 | +# mattermost['team_max_channels_per_team'] = 2000 | |
953 | + | |
954 | +# mattermost['sql_driver_name'] = 'mysql' | |
955 | +# mattermost['sql_data_source'] = "mmuser:mostest@tcp(dockerhost:3306)/mattermost_test?charset=utf8mb4,utf8" | |
956 | +# mattermost['sql_data_source_replicas'] = ["mmuser:mostest@tcp(dockerhost:3306)/mattermost_test?charset=utf8mb4,utf8"] | |
957 | +# mattermost['sql_max_idle_conns'] = 10 | |
958 | +# mattermost['sql_max_open_conns'] = 10 | |
959 | +# mattermost['sql_trace'] = false | |
960 | + | |
961 | +# mattermost['log_file_directory'] = '/var/log/gitlab/mattermost' | |
962 | +# mattermost['log_console_enable'] = true | |
963 | +# mattermost['log_console_level'] = 'INFO' | |
964 | +# mattermost['log_enable_file'] = false | |
965 | +# mattermost['log_file_level'] = 'INFO' | |
966 | +# mattermost['log_file_format'] = nil | |
967 | +# mattermost['log_enable_diagnostics'] = true | |
968 | + | |
969 | +# mattermost['gitlab_enable'] = false | |
970 | +# mattermost['gitlab_id'] = "12345656" | |
971 | +# mattermost['gitlab_secret'] = "123456789" | |
972 | +# mattermost['gitlab_scope'] = "" | |
973 | +# mattermost['gitlab_auth_endpoint'] = "http://gitlab.example.com/oauth/authorize" | |
974 | +# mattermost['gitlab_token_endpoint'] = "http://gitlab.example.com/oauth/token" | |
975 | +# mattermost['gitlab_user_api_endpoint'] = "http://gitlab.example.com/api/v3/user" | |
976 | + | |
977 | +# mattermost['aws'] = {'S3AccessKeyId' => '123', 'S3SecretAccessKey' => '123', 'S3Bucket' => 'aa', 'S3Region' => 'bb'} | |
978 | + | |
979 | +# mattermost['email_enable_sign_up_with_email'] = true | |
980 | +# mattermost['email_enable_sign_in_with_email'] = true | |
981 | +# mattermost['email_enable_sign_in_with_username'] = false | |
982 | +# mattermost['email_send_email_notifications'] = false | |
983 | +# mattermost['email_require_email_verification'] = false | |
984 | +# mattermost['email_smtp_username'] = nil | |
985 | +# mattermost['email_smtp_password'] = nil | |
986 | +# mattermost['email_smtp_server'] = nil | |
987 | +# mattermost['email_smtp_port'] = nil | |
988 | +# mattermost['email_connection_security'] = nil | |
989 | +# mattermost['email_feedback_name'] = nil | |
990 | +# mattermost['email_feedback_email'] = nil | |
991 | +# mattermost['email_feedback_organization'] = nil | |
992 | +# mattermost['email_send_push_notifications'] = true | |
993 | +# mattermost['email_push_notification_server'] = "" | |
994 | +# mattermost['email_push_notification_contents'] = "generic" | |
995 | +# mattermost['email_enable_batching'] = false | |
996 | +# mattermost['email_batching_buffer_size'] = 256 | |
997 | +# mattermost['email_batching_interval'] = 30 | |
998 | + | |
999 | +# mattermost['file_max_file_size'] = 52428800 | |
1000 | +# mattermost['file_driver_name'] = "local" | |
1001 | +# mattermost['file_directory'] = "/var/opt/gitlab/mattermost/data" | |
1002 | +# mattermost['file_enable_public_link'] = true | |
1003 | +# mattermost['file_thumbnail_width'] = 120 | |
1004 | +# mattermost['file_thumbnail_height'] = 100 | |
1005 | +# mattermost['file_preview_width'] = 1024 | |
1006 | +# mattermost['file_preview_height'] = 0 | |
1007 | +# mattermost['file_profile_width'] = 128 | |
1008 | +# mattermost['file_profile_height'] = 128 | |
1009 | +# mattermost['file_initial_font'] = 'luximbi.ttf' | |
1010 | +# mattermost['file_amazon_s3_access_key_id'] = nil | |
1011 | +# mattermost['file_amazon_s3_bucket'] = nil | |
1012 | +# mattermost['file_amazon_s3_secret_access_key'] = nil | |
1013 | +# mattermost['file_amazon_s3_region'] = nil | |
1014 | +# mattermost["file_amazon_s3_endpoint"] = nil | |
1015 | +# mattermost["file_amazon_s3_bucket_endpoint"] = nil | |
1016 | +# mattermost["file_amazon_s3_location_constraint"] = false | |
1017 | +# mattermost["file_amazon_s3_lowercase_bucket"] = false | |
1018 | +# mattermost["file_amazon_s3_ssl"] = true | |
1019 | + | |
1020 | +# mattermost['ratelimit_enable_rate_limiter'] = false | |
1021 | +# mattermost['ratelimit_per_sec'] = 10 | |
1022 | +# mattermost['ratelimit_memory_store_size'] = 10000 | |
1023 | +# mattermost['ratelimit_vary_by_remote_addr'] = true | |
1024 | +# mattermost['ratelimit_vary_by_header'] = nil | |
1025 | +# mattermost['ratelimit_max_burst'] = 100 | |
1026 | + | |
1027 | +# mattermost['support_terms_of_service_link'] = "/static/help/terms.html" | |
1028 | +# mattermost['support_privacy_policy_link'] = "/static/help/privacy.html" | |
1029 | +# mattermost['support_about_link'] = "/static/help/about.html" | |
1030 | +# mattermost['support_report_a_problem_link'] = "/static/help/report_problem.html" | |
1031 | +# mattermost['support_email'] = "support@example.com" | |
1032 | + | |
1033 | +# mattermost['privacy_show_email_address'] = true | |
1034 | +# mattermost['privacy_show_full_name'] = true | |
1035 | + | |
1036 | +# mattermost['localization_server_locale'] = "en" | |
1037 | +# mattermost['localization_client_locale'] = "en" | |
1038 | +# mattermost['localization_available_locales'] = "en,es,fr,ja,pt-BR" | |
1039 | + | |
1040 | +# mattermost['webrtc_enable'] = false | |
1041 | +# mattermost['webrtc_gateway_websocket_url'] = nil | |
1042 | +# mattermost['webrtc_gateway_admin_url'] = nil | |
1043 | +# mattermost['webrtc_gateway_admin_secret'] = nil | |
1044 | +# mattermost['webrtc_gateway_stun_uri'] = nil | |
1045 | +# mattermost['webrtc_gateway_turn_uri'] = nil | |
1046 | +# mattermost['webrtc_gateway_turn_username'] = nil | |
1047 | +# mattermost['webrtc_gateway_turn_shared_key'] = ni | |
1048 | + | |
1049 | +################################################################################ | |
1050 | +## Mattermost NGINX | |
1051 | +################################################################################ | |
1052 | + | |
1053 | +# mattermost_nginx['enable'] = false | |
1054 | +# mattermost_nginx['client_max_body_size'] = '250m' | |
1055 | +# mattermost_nginx['redirect_http_to_https'] = false | |
1056 | +# mattermost_nginx['redirect_http_to_https_port'] = 80 | |
1057 | +# mattermost_nginx['ssl_certificate'] = "/etc/gitlab/ssl/#{node['fqdn']}.crt" | |
1058 | +# mattermost_nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/#{node['fqdn']}.key" | |
1059 | +# mattermost_nginx['ssl_ciphers'] = "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256" | |
1060 | +# mattermost_nginx['ssl_prefer_server_ciphers'] = "on" | |
1061 | + | |
1062 | +##! Recommended by: https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html | |
1063 | +##! https://cipherli.st/ | |
1064 | +# mattermost_nginx['ssl_protocols'] = "TLSv1 TLSv1.1 TLSv1.2" | |
1065 | + | |
1066 | +##! Recommended in https://nginx.org/en/docs/http/ngx_http_ssl_module.html | |
1067 | +# mattermost_nginx['ssl_session_cache'] = "builtin:1000 shared:SSL:10m" | |
1068 | + | |
1069 | +##! Default according to https://nginx.org/en/docs/http/ngx_http_ssl_module.html | |
1070 | +# mattermost_nginx['ssl_session_timeout'] = "5m" | |
1071 | + | |
1072 | +##! Path to ci_dhparams.pem, eg. /etc/gitlab/ssl/ci_dhparams.pem | |
1073 | +# mattermost_nginx['ssl_dhparam'] = nil | |
1074 | + | |
1075 | +# mattermost_nginx['listen_addresses'] = ['*', '[::]'] | |
1076 | + | |
1077 | +##! **Override only if you use a reverse proxy** | |
1078 | +##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#setting-the-nginx-listen-port | |
1079 | +# mattermost_nginx['listen_port'] = nil | |
1080 | + | |
1081 | +##! **Override only if your reverse proxy internally communicates over HTTP** | |
1082 | +##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#supporting-proxied-ssl | |
1083 | +# mattermost_nginx['listen_https'] = nil | |
1084 | + | |
1085 | +# mattermost_nginx['custom_gitlab_mattermost_server_config'] = "location ^~ /foo-namespace/bar-project/raw/ {\n deny all;\n}\n" | |
1086 | +# mattermost_nginx['proxy_set_headers'] = { | |
1087 | +# "Host" => "$http_host", | |
1088 | +# "X-Real-IP" => "$remote_addr", | |
1089 | +# "X-Forwarded-For" => "$proxy_add_x_forwarded_for", | |
1090 | +# "X-Frame-Options" => "SAMEORIGIN", | |
1091 | +# "X-Forwarded-Proto" => "https", | |
1092 | +# "X-Forwarded-Ssl" => "on", | |
1093 | +# "Upgrade" => "$http_upgrade", | |
1094 | +# "Connection" => "$connection_upgrade" | |
1095 | +# } | |
1096 | +# mattermost_nginx['real_ip_trusted_addresses'] = [] | |
1097 | +# mattermost_nginx['real_ip_header'] = nil | |
1098 | +# mattermost_nginx['real_ip_recursive'] = nil | |
1099 | + | |
1100 | +### Advanced settings | |
1101 | +# mattermost_nginx['dir'] = "/var/opt/gitlab/nginx" | |
1102 | +# mattermost_nginx['log_directory'] = "/var/log/gitlab/nginx" | |
1103 | +# mattermost_nginx['worker_processes'] = 4 | |
1104 | +# mattermost_nginx['worker_connections'] = 10240 | |
1105 | +# mattermost_nginx['sendfile'] = 'on' | |
1106 | +# mattermost_nginx['tcp_nopush'] = 'on' | |
1107 | +# mattermost_nginx['tcp_nodelay'] = 'on' | |
1108 | +# mattermost_nginx['gzip'] = "on" | |
1109 | +# mattermost_nginx['gzip_http_version'] = "1.0" | |
1110 | +# mattermost_nginx['gzip_comp_level'] = "2" | |
1111 | +# mattermost_nginx['gzip_proxied'] = "any" | |
1112 | +# mattermost_nginx['gzip_types'] = [ "text/plain", "text/css", "application/x-javascript", "text/xml", "application/xml", "application/xml+rss", "text/javascript", "application/json" ] | |
1113 | +# mattermost_nginx['keepalive_timeout'] = 65 | |
1114 | +# mattermost_nginx['cache_max_size'] = '5000m' | |
1115 | + | |
1116 | +################################################################################ | |
1117 | +## Registry NGINX | |
1118 | +################################################################################ | |
1119 | + | |
1120 | +# registry_nginx['enable'] = false | |
1121 | +# registry_nginx['redirect_http_to_https'] = false | |
1122 | +# registry_nginx['redirect_http_to_https_port'] = 80 | |
1123 | +# registry_nginx['ssl_ciphers'] = "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256" | |
1124 | +# registry_nginx['ssl_prefer_server_ciphers'] = "on" | |
1125 | +# registry_nginx['ssl_certificate'] = "/etc/gitlab/ssl/certificate.pem" | |
1126 | +# registry_nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/certificate.key" | |
1127 | + | |
1128 | +##! **Override only if you use a reverse proxy** | |
1129 | +##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#setting-the-nginx-listen-port | |
1130 | +# registry_nginx['listen_port'] = nil | |
1131 | + | |
1132 | +##! **Override only if your reverse proxy internally communicates over HTTP** | |
1133 | +##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#supporting-proxied-ssl | |
1134 | +# registry_nginx['listen_https'] = nil | |
1135 | + | |
1136 | +# registry_nginx['proxy_set_headers'] = { | |
1137 | +# "Host" => "$http_host", | |
1138 | +# "X-Real-IP" => "$remote_addr", | |
1139 | +# "X-Forwarded-For" => "$proxy_add_x_forwarded_for", | |
1140 | +# "X-Forwarded-Proto" => "https", | |
1141 | +# "X-Forwarded-Ssl" => "on" | |
1142 | +# } | |
1143 | + | |
1144 | +##! Recommended by : https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html | |
1145 | +##! https://cipherli.st/ | |
1146 | +# registry_nginx['ssl_protocols'] = "TLSv1 TLSv1.1 TLSv1.2" | |
1147 | + | |
1148 | +##! Recommended in https://nginx.org/en/docs/http/ngx_http_ssl_module.html | |
1149 | +# registry_nginx['ssl_session_cache'] = "builtin:1000 shared:SSL:10m" | |
1150 | + | |
1151 | +##! Default according to https://nginx.org/en/docs/http/ngx_http_ssl_module.html | |
1152 | +# registry_nginx['ssl_session_timeout'] = "5m" | |
1153 | + | |
1154 | +##! Path to ci_dhparams.pem, eg. /etc/gitlab/ssl/ci_dhparams.pem | |
1155 | +# registry_nginx['ssl_dhparam'] = nil | |
1156 | + | |
1157 | +# registry_nginx['listen_addresses'] = ['*', '[::]'] | |
1158 | + | |
1159 | +### Advanced settings | |
1160 | +# registry_nginx['log_directory'] = "/var/log/gitlab/nginx" | |
1161 | + | |
1162 | +# registry_nginx['custom_gitlab_server_config'] = "location ^~ /foo-namespace/bar-project/raw/ {\n deny all;\n}\n" | |
1163 | + | |
1164 | +################################################################################ | |
1165 | +## Prometheus | |
1166 | +################################################################################ | |
1167 | + | |
1168 | +##! Docs: https://docs.gitlab.com/omnibus/gitlab-prometheus/prometheus.html | |
1169 | + | |
1170 | +# prometheus['enable'] = false | |
1171 | +# prometheus['username'] = 'gitlab-prometheus' | |
1172 | +# prometheus['uid'] = nil | |
1173 | +# prometheus['gid'] = nil | |
1174 | +# prometheus['shell'] = '/bin/sh' | |
1175 | +# prometheus['home'] = '/var/opt/gitlab/prometheus' | |
1176 | +# prometheus['log_directory'] = '/var/log/gitlab/prometheus' | |
1177 | +# prometheus['scrape_interval'] = 15 | |
1178 | +# prometheus['scrape_timeout'] = 15 | |
1179 | +# prometheus['flags'] = { | |
1180 | +# 'storage.local.path' => "#{node['gitlab']['prometheus']['home']}/data", | |
1181 | +# 'storage.local.memory-chunks' => '50000', | |
1182 | +# 'storage.local.max-chunks-to-persist' => '40000', | |
1183 | +# 'config.file' => "#{node['gitlab']['prometheus']['home']}/prometheus.yml" | |
1184 | +# } | |
1185 | + | |
1186 | +##! Advanced settings. Should be changed only if absolutely needed. | |
1187 | +# prometheus['listen_address'] = 'localhost:9090' | |
1188 | + | |
1189 | +################################################################################ | |
1190 | +## Prometheus Node Exporter | |
1191 | +################################################################################ | |
1192 | + | |
1193 | +##! Docs: https://docs.gitlab.com/omnibus/gitlab-prometheus/node-exporter.html | |
1194 | + | |
1195 | +# node_exporter['enable'] = false | |
1196 | +# node_exporter['home'] = '/var/opt/gitlab/node-exporter' | |
1197 | +# node_exporter['log_directory'] = '/var/log/gitlab/node-exporter' | |
1198 | +# node_exporter['flags'] = { | |
1199 | +# 'collector.textfile.directory' => "#{node['gitlab']['node-exporter']['home']}/textfile_collector" | |
1200 | +# } | |
1201 | + | |
1202 | +##! Advanced settings. Should be changed only if absolutely needed. | |
1203 | +# node_exporter['listen_address'] = 'localhost:9100' | |
1204 | + | |
1205 | +################################################################################ | |
1206 | +################################################################################ | |
1207 | +## Configuration Settings for GitLab EE only ## | |
1208 | +################################################################################ | |
1209 | +################################################################################ | |
1210 | + | |
1211 | + | |
1212 | +################################################################################ | |
1213 | +## Auxiliary cron jobs applicable to GitLab EE only | |
1214 | +################################################################################ | |
1215 | +# | |
1216 | +# gitlab_rails['geo_bulk_notify_worker_cron'] = "*/10 * * * * *" | |
1217 | +# gitlab_rails['ldap_sync_worker_cron'] = "30 1 * * *" | |
1218 | +# gitlab_rails['update_all_remote_mirrors_worker_cron'] = "30 * * * *" | |
1219 | +# gitlab_rails['update_all_mirrors_worker_cron'] = "0 * * * *" | |
1220 | +# gitlab_rails['historical_data_worker_cron'] = "0 12 * * *" | |
1221 | + | |
1222 | +################################################################################ | |
1223 | +## ElasticSearch (EE Only) | |
1224 | +##! Docs: http://docs.gitlab.com/ee/integration/elasticsearch.html | |
1225 | +################################################################################ | |
1226 | +# gitlab_rails['elasticsearch_enabled'] = false | |
1227 | +# gitlab_rails['elasticsearch_host'] = "localhost" | |
1228 | +# gitlab_rails['elasticsearch_port'] = 9200 | |
1229 | + | |
1230 | +################################################################################ | |
1231 | +## GitLab Pages (EE Only) | |
1232 | +##! Docs: https://docs.gitlab.com/ee/pages/administration.html | |
1233 | +################################################################################ | |
1234 | + | |
1235 | +##! Define to enable GitLab Pages | |
1236 | +# pages_external_url "http://pages.example.com/" | |
1237 | +# gitlab_pages['enable'] = false | |
1238 | + | |
1239 | +##! Configure to expose GitLab Pages on external IP address, serving the HTTP | |
1240 | +# gitlab_pages['external_http'] = nil | |
1241 | + | |
1242 | +##! Configure to expose GitLab Pages on external IP address, serving the HTTPS | |
1243 | +# gitlab_pages['external_https'] = nil | |
1244 | + | |
1245 | +# gitlab_pages['listen_proxy'] = "localhost:8090" | |
1246 | +# gitlab_pages['redirect_http'] = true | |
1247 | +# gitlab_pages['use_http2'] = true | |
1248 | +# gitlab_pages['dir'] = "/var/opt/gitlab/gitlab-pages" | |
1249 | +# gitlab_pages['log_directory'] = "/var/log/gitlab/gitlab-pages" | |
1250 | + | |
1251 | +################################################################################ | |
1252 | +## GitLab Pages NGINX (EE Only) | |
1253 | +################################################################################ | |
1254 | + | |
1255 | +# pages_nginx['enable'] = false | |
1256 | +# pages_nginx['redirect_http_to_https'] = false | |
1257 | +# pages_nginx['redirect_http_to_https_port'] = 80 | |
1258 | +# pages_nginx['ssl_certificate'] = "/etc/gitlab/ssl/#{node['fqdn']}.crt" | |
1259 | +# pages_nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/#{node['fqdn']}.key" | |
1260 | +# pages_nginx['ssl_ciphers'] = "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256" | |
1261 | +# pages_nginx['ssl_prefer_server_ciphers'] = "on" | |
1262 | + | |
1263 | +##! Recommended by : https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html | |
1264 | +##! https://cipherli.st/ | |
1265 | +# pages_nginx['ssl_protocols'] = "TLSv1 TLSv1.1 TLSv1.2" | |
1266 | + | |
1267 | +##! Recommended in https://nginx.org/en/docs/http/ngx_http_ssl_module.html | |
1268 | +# pages_nginx['ssl_session_cache'] = "builtin:1000 shared:SSL:10m" | |
1269 | + | |
1270 | +##! Default according to https://nginx.org/en/docs/http/ngx_http_ssl_module.html | |
1271 | +# pages_nginx['ssl_session_timeout'] = "5m" | |
1272 | + | |
1273 | +##! Path to ci_dhparams.pem, eg. /etc/gitlab/ssl/ci_dhparams.pem | |
1274 | +# pages_nginx['ssl_dhparam'] = nil | |
1275 | + | |
1276 | +# pages_nginx['listen_addresses'] = ['*', '[::]'] | |
1277 | + | |
1278 | +##! **Override only if you use a reverse proxy** | |
1279 | +##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#setting-the-nginx-listen-port | |
1280 | +# pages_nginx['listen_port'] = nil | |
1281 | + | |
1282 | +##! **Override only if your reverse proxy internally communicates over HTTP** | |
1283 | +##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#supporting-proxied-ssl | |
1284 | +# pages_nginx['listen_https'] = nil | |
1285 | + | |
1286 | +# pages_nginx['custom_gitlab_server_config'] = "location ^~ /foo-namespace/bar-project/raw/ {\n deny all;\n}\n" | |
1287 | + | |
1288 | +### Advanced settings | |
1289 | +# pages_nginx['dir'] = "/var/opt/gitlab/nginx" | |
1290 | +# pages_nginx['log_directory'] = "/var/log/gitlab/nginx" | |
1291 | + | |
1292 | +# gitlab_rails['pages_path'] = "/mnt/storage/pages" | |
1293 | + | |
1294 | +################################################################################ | |
1295 | +## Kerberos (EE Only) | |
1296 | +##! Docs: https://docs.gitlab.com/ee/integration/kerberos.html#http-git-access | |
1297 | +################################################################################ | |
1298 | + | |
1299 | +# gitlab_rails['kerberos_enabled'] = true | |
1300 | +# gitlab_rails['kerberos_keytab'] = /etc/http.keytab | |
1301 | +# gitlab_rails['kerberos_service_principal_name'] = HTTP/gitlab.example.com@EXAMPLE.COM | |
1302 | +# gitlab_rails['kerberos_use_dedicated_port'] = true | |
1303 | +# gitlab_rails['kerberos_port'] = 8443 | |
1304 | +# gitlab_rails['kerberos_https'] = true | |
1305 | + | |
1306 | +################################################################################ | |
1307 | +## GitLab Sentinel (EE Only) | |
1308 | +##! Docs: http://docs.gitlab.com/ce/administration/high_availability/redis.html#high-availability-with-sentinel | |
1309 | +################################################################################ | |
1310 | + | |
1311 | +##! **Make sure you configured all redis['master_*'] keys above before | |
1312 | +##! continuing.** | |
1313 | + | |
1314 | +##! To enable Sentinel and disable all other services in this machine, | |
1315 | +##! uncomment the line below (if you've enabled Redis role, it will keep it). | |
1316 | +##! Docs: https://docs.gitlab.com/ce/administration/high_availability/redis.html | |
1317 | +# redis_sentinel_role['enable'] = true | |
1318 | + | |
1319 | +# sentinel['enable'] = true | |
1320 | + | |
1321 | +##! Bind to all interfaces, uncomment to specify an IP and bind to a single one | |
1322 | +# sentinel['bind'] = '0.0.0.0' | |
1323 | + | |
1324 | +##! Uncomment to change default port | |
1325 | +# sentinel['port'] = 26379 | |
1326 | + | |
1327 | +##! Quorum must reflect the amount of voting sentinels it take to start a | |
1328 | +##! failover. | |
1329 | +##! **Value must NOT be greater then the amount of sentinels.** | |
1330 | +##! The quorum can be used to tune Sentinel in two ways: | |
1331 | +##! 1. If a the quorum is set to a value smaller than the majority of Sentinels | |
1332 | +##! we deploy, we are basically making Sentinel more sensible to master | |
1333 | +##! failures, triggering a failover as soon as even just a minority of | |
1334 | +##! Sentinels is no longer able to talk with the master. | |
1335 | +##! 2. If a quorum is set to a value greater than the majority of Sentinels, we | |
1336 | +##! are making Sentinel able to failover only when there are a very large | |
1337 | +##! number (larger than majority) of well connected Sentinels which agree | |
1338 | +##! about the master being down. | |
1339 | +# sentinel['quorum'] = 1 | |
1340 | + | |
1341 | +### Consider unresponsive server down after x amount of ms. | |
1342 | +# sentinel['down_after_milliseconds'] = 10000 | |
1343 | + | |
1344 | +### Specifies the failover timeout in milliseconds. | |
1345 | +##! It is used in many ways: | |
1346 | +##! | |
1347 | +##! - The time needed to re-start a failover after a previous failover was | |
1348 | +##! already tried against the same master by a given Sentinel, is two | |
1349 | +##! times the failover timeout. | |
1350 | +##! | |
1351 | +##! - The time needed for a slave replicating to a wrong master according | |
1352 | +##! to a Sentinel current configuration, to be forced to replicate | |
1353 | +##! with the right master, is exactly the failover timeout (counting since | |
1354 | +##! the moment a Sentinel detected the misconfiguration). | |
1355 | +##! | |
1356 | +##! - The time needed to cancel a failover that is already in progress but | |
1357 | +##! did not produced any configuration change (SLAVEOF NO ONE yet not | |
1358 | +##! acknowledged by the promoted slave). | |
1359 | +##! | |
1360 | +##! - The maximum time a failover in progress waits for all the slaves to be | |
1361 | +##! reconfigured as slaves of the new master. However even after this time | |
1362 | +##! the slaves will be reconfigured by the Sentinels anyway, but not with | |
1363 | +##! the exact parallel-syncs progression as specified. | |
1364 | +# sentinel['failover_timeout'] = 60000 | |
1365 | + | |
1366 | +################################################################################ | |
1367 | +## Logging (Additional, EE Only features) | |
1368 | +##! Docs: http://docs.gitlab.com/omnibus/settings/logs.html#udp-log-shipping-gitlab-enterprise-edition-only- | |
1369 | +################################################################################ | |
1370 | + | |
1371 | +##! remote host to ship log messages to via UDP | |
1372 | +# logging['udp_log_shipping_host'] = nil | |
1373 | + | |
1374 | +##! remote port to ship log messages to via UDP | |
1375 | +# logging['udp_log_shipping_port'] = 514 | |
1376 | + | |
1377 | +################################################################################ | |
1378 | +## GitLab Sidekiq Cluster (EE only) | |
1379 | +################################################################################ | |
1380 | + | |
1381 | +##! GitLab Enterprise Edition allows one to start an extra set of Sidekiq processes | |
1382 | +##! besides the default one. These processes can be used to consume a dedicated set | |
1383 | +##! of queues. This can be used to ensure certain queues always have dedicated | |
1384 | +##! workers, no matter the amount of jobs that need to be processed. | |
1385 | + | |
1386 | +# sidekiq_cluster['enable'] = false | |
1387 | +# sidekiq_cluster['ha'] = false | |
1388 | +# sidekiq_cluster['log_directory'] = "/var/log/gitlab/sidekiq-cluster" | |
1389 | +# sidekiq_cluster['interval'] = 5 # The number of seconds to wait between worker checks | |
1390 | + | |
1391 | +##! Each entry in the queue_groups array denotes a group of queues that have to be processed by a | |
1392 | +##! Sidekiq process. Multiple queues can be processed by the same process by | |
1393 | +##! separating them with a comma within the group entry | |
1394 | + | |
1395 | +# sidekiq_cluster['queue_groups'] = [ | |
1396 | +# "process_commit,post_receive", | |
1397 | +# "gitlab_shell" | |
1398 | +# ] |
@@ -0,0 +1,9 @@ | ||
1 | +<% | |
2 | +config = node['gitlab-grid']['docker-compose']['config'].to_hash | |
3 | +gitlab_rb = render('etc/gitlab/gitlab.rb').force_encoding("UTF-8") | |
4 | +config['services']['gitlab']['environment']['GITLAB_OMNIBUS_CONFIG'] = gitlab_rb | |
5 | + | |
6 | +require 'yaml' | |
7 | +yaml_str = config.to_yaml | |
8 | +-%> | |
9 | +<%= yaml_str %> |
@@ -0,0 +1,5 @@ | ||
1 | +{ | |
2 | + "run_list": [ | |
3 | + "role[gitlab]" | |
4 | + ] | |
5 | +} |
@@ -0,0 +1,23 @@ | ||
1 | +name 'gitlab' | |
2 | +description 'GitLab' | |
3 | + | |
4 | +run_list( | |
5 | + 'recipe[gitlab-grid::server]', | |
6 | +) | |
7 | + | |
8 | +#env_run_lists() | |
9 | + | |
10 | +#default_attributes() | |
11 | + | |
12 | +gitlab_cn = 'gitlab.io.example.com' | |
13 | + | |
14 | +override_attributes( | |
15 | + 'gitlab-grid' => { | |
16 | + 'gitlab.rb' => { | |
17 | + #'external_url' => "http://#{gitlab_cn}", | |
18 | + 'gitlab_rails' => { | |
19 | + 'time_zone' => 'UTC', | |
20 | + }, | |
21 | + }, | |
22 | + }, | |
23 | +) |