Merge pull request 'New feature: Gitlab-CE deployment' (#1) from gitlab into master

Reviewed-on: #1
This commit is contained in:
Ludovic Cartier 2023-09-06 16:29:22 +02:00
commit 308d877d8f
7 changed files with 179 additions and 86 deletions

View File

@ -9,6 +9,7 @@ It has been tested on :
- Debian 9 - Debian 9
- Debian 10 - Debian 10
- Debian 11 - Debian 11
- Debian 12
Available services Available services
------------------ ------------------
@ -19,6 +20,7 @@ Available services
- Maildev - Maildev
- cadvisor - cadvisor
- Redisinsight - Redisinsight
- Gitlab
Role variables Role variables
--------------- ---------------
@ -54,18 +56,24 @@ Example variables
- maildev - maildev
- cadvisor - cadvisor
- redisinsight - redisinsight
- gitlab
traefik_domain: 'mydomain.com' traefik_domain: 'example.com'
traefik_letsencrypt_email: 'cert@mydomain.com' traefik_letsencrypt_email: 'cert@example.com'
traefik_ipwhitelist: '42.42.42.42/32, 192.168.1.0/24, 127.0.0.1/32' traefik_ipwhitelist: '42.42.42.42/32, 192.168.1.0/24, 127.0.0.1/32'
maildev_domain: 'maildev.mydomain.com' maildev_domain: 'maildev.example.com'
redisinsight_domain: 'redisinsight.mydomain.com' redisinsight_domain: 'redisinsight.example.com'
redisinsight_whitelist: redisinsight_whitelist:
- 192.168.1.0/24 - 192.168.1.0/24
- 31.15.24.XX - 31.15.24.XX
- 37.58.179.XX - 37.58.179.XX
gitlab_version: 'latest'
gitlab_root_password: 'vault-this-thingy'
gitlab_domain: gitlab.example.com
gitlab_registry_domain: registry.example.com
``` ```
TODO TODO

View File

@ -1,7 +1,7 @@
--- ---
# grafana ### Grafana
grafana_auth_anonymous_enabled: true grafana_auth_anonymous_enabled: true
grafana_auth_anonymous_org_role: Editor # Viewer grafana_auth_anonymous_org_role: Viewer
grafana_auth_anonymous_org_name: 'Main Org.' grafana_auth_anonymous_org_name: 'Main Org.'
grafana_auth_disable_login_form: false grafana_auth_disable_login_form: false
grafana_editors_can_admin: false grafana_editors_can_admin: false
@ -10,43 +10,59 @@ grafana_log_level: error
grafana_router_logging: false grafana_router_logging: false
grafana_disable_sanitize_html: true grafana_disable_sanitize_html: true
### Gitlab
# provisionning dashboards # gitlab_root_password: required...
# see https://grafana.com/docs/administration/provisioning/#dashboards gitlab_external_url: 'https://{{ gitlab_domain }}'
awh_services_grafana_provisionning_dashboards: gitlab_shell_ssh_port: 2221
apiVersion: 1 gitlab_ports:
providers: - '{{ gitlab_shell_ssh_port }}:22'
- name: 'Grafana Dashboards' gitlab_smtp_from_name: Gitlab
orgId: 1 gitlab_smtp_authentication: false
folder: '' gitlab_smtp_openssl_verify_mode: none
folderUid: '' gitlab_nginx_client_max_body_size: 250m
type: file gitlab_time_zone: Paris
disableDeletion: false gitlab_git_max_size: 152428800 # 150.megabytes
editable: true gitlab_git_timeout: 300
updateIntervalSeconds: 11 gitlab_backup_retention: 604800 # 7D
options: gitlab_backup_cron: { hour: 12, minute: 0 }
path: /var/lib/grafana/dashboards gitlab_prometheus_enable: false
gitlab_alertmanager_enable: false
# provisionning datasources. gitlab_grafana_enable: false
# see https://grafana.com/docs/administration/provisioning/#datasources gitlab_redis_exporter: false
awh_services_grafana_provisionning_datasources: gitlab_postgres_exporter: false
- name: loki gitlab_gitlab_exporter: false
type: loki gitlab_node_exporter: false
access: proxy gitlab_omnibus_config: |
url: http://loki:3100 |
jsonData: external_url '{{ gitlab_external_url }}'
httpMode: GET nginx['listen_port'] = 80
editable: false nginx['listen_https'] = false
isDefault: false nginx['client_max_body_size'] = '{{ gitlab_nginx_client_max_body_size }}'
gitlab_rails['initial_root_password'] = File.read('/run/secrets/gitlab_root_password')
#apiVersion: 1 gitlab_rails['gitlab_shell_ssh_port'] = {{ gitlab_shell_ssh_port }}
#datasources: gitlab_rails['time_zone'] = '{{ gitlab_time_zone }}'
- name: prometheus gitlab_rails['git_max_size'] = {{ gitlab_git_max_size }}
type: prometheus gitlab_rails['git_timeout'] = {{ gitlab_git_timeout }}
access: proxy gitlab_rails['gitlab_default_projects_features_issues'] = true
database: prometheus gitlab_rails['gitlab_default_projects_features_merge_requests'] = true
url: http://10.0.226.252:9090 gitlab_rails['gitlab_default_projects_features_wiki'] = true
jsonData: gitlab_rails['gitlab_default_projects_features_snippets'] = true
httpMode: GET gitlab_rails['gitlab_default_projects_features_builds'] = true
editable: false gitlab_rails['artifacts_enabled'] = true
isDefault: true gitlab_rails['backup_path'] = "/backups_internal_mount"
gitlab_rails['backup_keep_time'] = {{ gitlab_backup_retention }}
gitlab_rails['smtp_enable'] = false
gitlab_rails['smtp_address'] = '127.0.0.1'
gitlab_rails['smtp_port'] = '25'
gitlab_rails['gitlab_email_from'] = 'gitlab@localhost'
gitlab_rails['gitlab_email_display_name'] = 'Gitlab'
gitlab_rails['smtp_authentication'] = false
gitlab_rails['smtp_openssl_verify_mode'] = 'none'
prometheus['enable'] = {{ gitlab_prometheus_enable|string|lower }}
alertmanager['enable'] = {{ gitlab_alertmanager_enable|string|lower }}
grafana['enable'] = {{ gitlab_grafana_enable|string|lower }}
redis_exporter['enable'] = {{ gitlab_redis_exporter|string|lower }}
postgres_exporter['enable'] = {{ gitlab_postgres_exporter|string|lower }}
gitlab_exporter['enable'] = {{ gitlab_gitlab_exporter|string|lower }}
node_exporter['enable'] = {{ gitlab_node_exporter|string|lower }}
{{ gitlab_omnibus_config_extend|default() }}

View File

@ -41,3 +41,9 @@
ignore_errors: '{{ ansible_check_mode }}' ignore_errors: '{{ ansible_check_mode }}'
tags: ['docker_cadvisor'] tags: ['docker_cadvisor']
- name: gitlab-restart
systemd:
name: docker-compose@gitlab
state: restarted
ignore_errors: '{{ ansible_check_mode }}'
tags: ['docker_gitlab']

50
tasks/gitlab.yml Normal file
View File

@ -0,0 +1,50 @@
---
- name: gitlab | check vars are defined
assert:
that:
- gitlab_domain is defined
- gitlab_registry_domain
- gitlab_root_password
tags: ['docker_gitlab']
- include_tasks: base.yml
tags: ['docker_gitlab']
- name: 'gitlab | create docker volumes'
docker_volume:
name: '{{ item }}'
with_items:
- 'gitlab__etc_config'
- 'gitlab__var_log_gitlab'
- 'gitlab__var_opt_gitlab'
tags: ['docker_gitlab']
- name: 'gitlab | create docker volume backup'
docker_volume:
name: 'gitlab__backups'
tags: ['docker_gitlab']
- name: 'gitlab | create docker volume gitlab__run_secrets'
docker_volume:
name: 'gitlab__run_secrets'
register: 'register_docker_volume_gitlab_gitlab__run_secrets'
tags: ['docker_gitlab']
- name: 'gitlab | configure secret gitlab_root_password'
copy:
dest: '{{ register_docker_volume_gitlab_gitlab__run_secrets.volume.Mountpoint }}/gitlab_root_password'
mode: '0600'
content: '{{ gitlab_root_password }}'
ignore_errors: '{{ ansible_check_mode }}'
tags: ['docker_gitlab']
- name: 'gitlab : define cronjob backup'
cron:
name: 'docker_gitlab_backup'
job: '/usr/bin/docker exec -t gitlab gitlab-backup create CRON=1 2>&1 | /usr/bin/logger -t docker_gitlab'
minute: '{{ gitlab_backup_cron.minute | default(omit) }}'
hour: '{{ gitlab_backup_cron.hour | default(omit) }}'
day: '{{ gitlab_backup_cron.day | default(omit) }}'
month: '{{ gitlab_backup_cron.month | default(omit) }}'
weekday: '{{ gitlab_backup_cron.weekday | default(omit) }}'
tags: ['docker_gitlab']

View File

@ -25,43 +25,3 @@
docker_volume: docker_volume:
name: grafana__etc_grafana_provisioning_datasources name: grafana__etc_grafana_provisioning_datasources
tags: ['docker_grafana'] tags: ['docker_grafana']
#- name: grafana | ensure data perms
# file:
# path: '{{ item }}'
# owner: '472'
# group: '472'
# state: directory
# with_items:
# - '{{ register_docker_volume_grafana__var_lib_grafana.ansible_facts.docker_volume.Mountpoint }}'
# - '{{ register_docker_volume_grafana__var_lib_grafana.ansible_facts.docker_volume.Mountpoint }}/dashboards'
# - '{{ register_docker_volume_grafana__etc_grafana_provisioning_dashboards.ansible_facts.docker_volume.Mountpoint }}'
# - '{{ register_docker_volume_grafana__etc_grafana_provisioning_datasources.ansible_facts.docker_volume.Mountpoint }}'
# notify: 'docker restart grafana'
# tags: ['grafana']
#
#- name: grafana | configure provisionning dashboards
# copy:
# dest: '{{ register_docker_volume_grafana__etc_grafana_provisioning_dashboards.ansible_facts.docker_volume.Mountpoint }}/local.yml'
# content: |
# {{ grafana_provisionning_dashboards|to_nice_yaml }}
# notify: 'docker restart grafana'
# tags: ['grafana']
#
#- name: grafana | configure provisionning datasources
# copy:
# dest: '{{ register_docker_volume_grafana__etc_grafana_provisioning_datasources.ansible_facts.docker_volume.Mountpoint }}/datasources.yml'
# content: |
# {{ grafana_provisionning_datasources|to_nice_yaml }}
# notify: 'docker restart grafana'
# tags: ['grafana']
#
#- name: grafana | download dashboard
# get_url:
# url: '{{ item.url }}'
# dest: '{{ register_docker_volume_grafana__var_lib_grafana.ansible_facts.docker_volume.Mountpoint + "/dashboards/" + item.name }}.json'
# force: '{{ item.force|default(grafana_dashboards_force|default("no")) }}'
# with_items: '{{ grafana_dashboards|default([]) }}'
# loop_control:
# label: '{{ item.name }}'
# tags: ['grafana']

View File

@ -15,5 +15,6 @@
- docker_grafana - docker_grafana
- docker_maildev - docker_maildev
- docker_redisinsight - docker_redisinsight
- docker_gitlab
with_items: with_items:
- "{{ docker_services }}" - "{{ docker_services }}"

View File

@ -0,0 +1,52 @@
version: '3.7'
networks:
traefik:
external: true
volumes:
gitlab__etc_config:
external: true
gitlab__var_log_gitlab:
external: true
gitlab__var_opt_gitlab:
external: true
gitlab__backups:
external: true
gitlab__run_secrets:
external: true
services:
gitlab:
image: gitlab/gitlab-ce:{{ gitlab_version|default("latest") }}
container_name: gitlab
restart: 'unless-stopped'
labels:
traefik.enable: "true"
traefik.http.routers.gitlab.rule: "Host(`{{ gitlab_domain }}`) || Host(`{{ gitlab_registry_domain }}`)"
traefik.http.routers.gitlab.tls: true
traefik.http.routers.gitlab.tls.certresolver: "letsencrypt"
traefik.http.routers.gitlab.entrypoints: "websecure"
{% if traefik_ipwhitelist is defined %}
traefik.http.routers.grafana.middlewares: "clientips@docker"
{% endif %}
traefik.http.services.gitlab.loadbalancer.server.port: "80"
cap_add:
- SYS_ADMIN
environment:
GITLAB_SIGNUP_ENABLED: 'false'
GITLAB_OMNIBUS_CONFIG: |-
{{ gitlab_omnibus_config | indent(width=8)}}
ports: {{ gitlab_ports }}
volumes:
- 'gitlab__etc_config:/etc/gitlab'
- 'gitlab__var_log_gitlab:/var/log/gitlab'
- 'gitlab__var_opt_gitlab:/var/opt/gitlab'
- 'gitlab__run_secrets:/run/secrets'
- '{{ gitlab_backup_path|default("gitlab__backups") }}:/backups_internal_mount'
logging:
driver: syslog
options:
tag: docker_gitlab
networks:
- traefik