New feature: Gitlab-CE deployment #1
16
README.md
16
README.md
@ -9,6 +9,7 @@ It has been tested on :
|
||||
- Debian 9
|
||||
- Debian 10
|
||||
- Debian 11
|
||||
- Debian 12
|
||||
|
||||
Available services
|
||||
------------------
|
||||
@ -19,6 +20,7 @@ Available services
|
||||
- Maildev
|
||||
- cadvisor
|
||||
- Redisinsight
|
||||
- Gitlab
|
||||
|
||||
Role variables
|
||||
---------------
|
||||
@ -54,18 +56,24 @@ Example variables
|
||||
- maildev
|
||||
- cadvisor
|
||||
- redisinsight
|
||||
- gitlab
|
||||
|
||||
traefik_domain: 'mydomain.com'
|
||||
traefik_letsencrypt_email: 'cert@mydomain.com'
|
||||
traefik_domain: 'example.com'
|
||||
traefik_letsencrypt_email: 'cert@example.com'
|
||||
traefik_ipwhitelist: '42.42.42.42/32, 192.168.1.0/24, 127.0.0.1/32'
|
||||
|
||||
maildev_domain: 'maildev.mydomain.com'
|
||||
maildev_domain: 'maildev.example.com'
|
||||
|
||||
redisinsight_domain: 'redisinsight.mydomain.com'
|
||||
redisinsight_domain: 'redisinsight.example.com'
|
||||
redisinsight_whitelist:
|
||||
- 192.168.1.0/24
|
||||
- 31.15.24.XX
|
||||
- 37.58.179.XX
|
||||
|
||||
gitlab_version: 'latest'
|
||||
gitlab_root_password: 'vault-this-thingy'
|
||||
gitlab_domain: gitlab.example.com
|
||||
gitlab_registry_domain: registry.example.com
|
||||
```
|
||||
|
||||
TODO
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
# grafana
|
||||
### Grafana
|
||||
grafana_auth_anonymous_enabled: true
|
||||
grafana_auth_anonymous_org_role: Editor # Viewer
|
||||
grafana_auth_anonymous_org_role: Viewer
|
||||
grafana_auth_anonymous_org_name: 'Main Org.'
|
||||
grafana_auth_disable_login_form: false
|
||||
grafana_editors_can_admin: false
|
||||
@ -10,43 +10,59 @@ grafana_log_level: error
|
||||
grafana_router_logging: false
|
||||
grafana_disable_sanitize_html: true
|
||||
|
||||
|
||||
# provisionning dashboards
|
||||
# see https://grafana.com/docs/administration/provisioning/#dashboards
|
||||
awh_services_grafana_provisionning_dashboards:
|
||||
apiVersion: 1
|
||||
providers:
|
||||
- name: 'Grafana Dashboards'
|
||||
orgId: 1
|
||||
folder: ''
|
||||
folderUid: ''
|
||||
type: file
|
||||
disableDeletion: false
|
||||
editable: true
|
||||
updateIntervalSeconds: 11
|
||||
options:
|
||||
path: /var/lib/grafana/dashboards
|
||||
|
||||
# provisionning datasources.
|
||||
# see https://grafana.com/docs/administration/provisioning/#datasources
|
||||
awh_services_grafana_provisionning_datasources:
|
||||
- name: loki
|
||||
type: loki
|
||||
access: proxy
|
||||
url: http://loki:3100
|
||||
jsonData:
|
||||
httpMode: GET
|
||||
editable: false
|
||||
isDefault: false
|
||||
|
||||
#apiVersion: 1
|
||||
#datasources:
|
||||
- name: prometheus
|
||||
type: prometheus
|
||||
access: proxy
|
||||
database: prometheus
|
||||
url: http://10.0.226.252:9090
|
||||
jsonData:
|
||||
httpMode: GET
|
||||
editable: false
|
||||
isDefault: true
|
||||
### Gitlab
|
||||
# gitlab_root_password: required...
|
||||
gitlab_external_url: 'https://{{ gitlab_domain }}'
|
||||
gitlab_shell_ssh_port: 2221
|
||||
gitlab_ports:
|
||||
- '{{ gitlab_shell_ssh_port }}:22'
|
||||
gitlab_smtp_from_name: Gitlab
|
||||
gitlab_smtp_authentication: false
|
||||
gitlab_smtp_openssl_verify_mode: none
|
||||
gitlab_nginx_client_max_body_size: 250m
|
||||
gitlab_time_zone: Paris
|
||||
gitlab_git_max_size: 152428800 # 150.megabytes
|
||||
gitlab_git_timeout: 300
|
||||
gitlab_backup_retention: 604800 # 7D
|
||||
gitlab_backup_cron: { hour: 12, minute: 0 }
|
||||
gitlab_prometheus_enable: false
|
||||
gitlab_alertmanager_enable: false
|
||||
gitlab_grafana_enable: false
|
||||
gitlab_redis_exporter: false
|
||||
gitlab_postgres_exporter: false
|
||||
gitlab_gitlab_exporter: false
|
||||
gitlab_node_exporter: false
|
||||
gitlab_omnibus_config: |
|
||||
|
|
||||
external_url '{{ gitlab_external_url }}'
|
||||
nginx['listen_port'] = 80
|
||||
nginx['listen_https'] = false
|
||||
nginx['client_max_body_size'] = '{{ gitlab_nginx_client_max_body_size }}'
|
||||
gitlab_rails['initial_root_password'] = File.read('/run/secrets/gitlab_root_password')
|
||||
gitlab_rails['gitlab_shell_ssh_port'] = {{ gitlab_shell_ssh_port }}
|
||||
gitlab_rails['time_zone'] = '{{ gitlab_time_zone }}'
|
||||
gitlab_rails['git_max_size'] = {{ gitlab_git_max_size }}
|
||||
gitlab_rails['git_timeout'] = {{ gitlab_git_timeout }}
|
||||
gitlab_rails['gitlab_default_projects_features_issues'] = true
|
||||
gitlab_rails['gitlab_default_projects_features_merge_requests'] = true
|
||||
gitlab_rails['gitlab_default_projects_features_wiki'] = true
|
||||
gitlab_rails['gitlab_default_projects_features_snippets'] = true
|
||||
gitlab_rails['gitlab_default_projects_features_builds'] = true
|
||||
gitlab_rails['artifacts_enabled'] = true
|
||||
gitlab_rails['backup_path'] = "/backups_internal_mount"
|
||||
gitlab_rails['backup_keep_time'] = {{ gitlab_backup_retention }}
|
||||
gitlab_rails['smtp_enable'] = false
|
||||
gitlab_rails['smtp_address'] = '127.0.0.1'
|
||||
gitlab_rails['smtp_port'] = '25'
|
||||
gitlab_rails['gitlab_email_from'] = 'gitlab@localhost'
|
||||
gitlab_rails['gitlab_email_display_name'] = 'Gitlab'
|
||||
gitlab_rails['smtp_authentication'] = false
|
||||
gitlab_rails['smtp_openssl_verify_mode'] = 'none'
|
||||
prometheus['enable'] = {{ gitlab_prometheus_enable|string|lower }}
|
||||
alertmanager['enable'] = {{ gitlab_alertmanager_enable|string|lower }}
|
||||
grafana['enable'] = {{ gitlab_grafana_enable|string|lower }}
|
||||
redis_exporter['enable'] = {{ gitlab_redis_exporter|string|lower }}
|
||||
postgres_exporter['enable'] = {{ gitlab_postgres_exporter|string|lower }}
|
||||
gitlab_exporter['enable'] = {{ gitlab_gitlab_exporter|string|lower }}
|
||||
node_exporter['enable'] = {{ gitlab_node_exporter|string|lower }}
|
||||
{{ gitlab_omnibus_config_extend|default() }}
|
||||
|
||||
@ -41,3 +41,9 @@
|
||||
ignore_errors: '{{ ansible_check_mode }}'
|
||||
tags: ['docker_cadvisor']
|
||||
|
||||
- name: gitlab-restart
|
||||
systemd:
|
||||
name: docker-compose@gitlab
|
||||
state: restarted
|
||||
ignore_errors: '{{ ansible_check_mode }}'
|
||||
tags: ['docker_gitlab']
|
||||
|
||||
50
tasks/gitlab.yml
Normal file
50
tasks/gitlab.yml
Normal file
@ -0,0 +1,50 @@
|
||||
---
|
||||
- name: gitlab | check vars are defined
|
||||
assert:
|
||||
that:
|
||||
- gitlab_domain is defined
|
||||
- gitlab_registry_domain
|
||||
- gitlab_root_password
|
||||
tags: ['docker_gitlab']
|
||||
|
||||
- include_tasks: base.yml
|
||||
tags: ['docker_gitlab']
|
||||
|
||||
- name: 'gitlab | create docker volumes'
|
||||
docker_volume:
|
||||
name: '{{ item }}'
|
||||
with_items:
|
||||
- 'gitlab__etc_config'
|
||||
- 'gitlab__var_log_gitlab'
|
||||
- 'gitlab__var_opt_gitlab'
|
||||
tags: ['docker_gitlab']
|
||||
|
||||
- name: 'gitlab | create docker volume backup'
|
||||
docker_volume:
|
||||
name: 'gitlab__backups'
|
||||
tags: ['docker_gitlab']
|
||||
|
||||
- name: 'gitlab | create docker volume gitlab__run_secrets'
|
||||
docker_volume:
|
||||
name: 'gitlab__run_secrets'
|
||||
register: 'register_docker_volume_gitlab_gitlab__run_secrets'
|
||||
tags: ['docker_gitlab']
|
||||
|
||||
- name: 'gitlab | configure secret gitlab_root_password'
|
||||
copy:
|
||||
dest: '{{ register_docker_volume_gitlab_gitlab__run_secrets.volume.Mountpoint }}/gitlab_root_password'
|
||||
mode: '0600'
|
||||
content: '{{ gitlab_root_password }}'
|
||||
ignore_errors: '{{ ansible_check_mode }}'
|
||||
tags: ['docker_gitlab']
|
||||
|
||||
- name: 'gitlab : define cronjob backup'
|
||||
cron:
|
||||
name: 'docker_gitlab_backup'
|
||||
job: '/usr/bin/docker exec -t gitlab gitlab-backup create CRON=1 2>&1 | /usr/bin/logger -t docker_gitlab'
|
||||
minute: '{{ gitlab_backup_cron.minute | default(omit) }}'
|
||||
hour: '{{ gitlab_backup_cron.hour | default(omit) }}'
|
||||
day: '{{ gitlab_backup_cron.day | default(omit) }}'
|
||||
month: '{{ gitlab_backup_cron.month | default(omit) }}'
|
||||
weekday: '{{ gitlab_backup_cron.weekday | default(omit) }}'
|
||||
tags: ['docker_gitlab']
|
||||
@ -25,43 +25,3 @@
|
||||
docker_volume:
|
||||
name: grafana__etc_grafana_provisioning_datasources
|
||||
tags: ['docker_grafana']
|
||||
|
||||
#- name: grafana | ensure data perms
|
||||
# file:
|
||||
# path: '{{ item }}'
|
||||
# owner: '472'
|
||||
# group: '472'
|
||||
# state: directory
|
||||
# with_items:
|
||||
# - '{{ register_docker_volume_grafana__var_lib_grafana.ansible_facts.docker_volume.Mountpoint }}'
|
||||
# - '{{ register_docker_volume_grafana__var_lib_grafana.ansible_facts.docker_volume.Mountpoint }}/dashboards'
|
||||
# - '{{ register_docker_volume_grafana__etc_grafana_provisioning_dashboards.ansible_facts.docker_volume.Mountpoint }}'
|
||||
# - '{{ register_docker_volume_grafana__etc_grafana_provisioning_datasources.ansible_facts.docker_volume.Mountpoint }}'
|
||||
# notify: 'docker restart grafana'
|
||||
# tags: ['grafana']
|
||||
#
|
||||
#- name: grafana | configure provisionning dashboards
|
||||
# copy:
|
||||
# dest: '{{ register_docker_volume_grafana__etc_grafana_provisioning_dashboards.ansible_facts.docker_volume.Mountpoint }}/local.yml'
|
||||
# content: |
|
||||
# {{ grafana_provisionning_dashboards|to_nice_yaml }}
|
||||
# notify: 'docker restart grafana'
|
||||
# tags: ['grafana']
|
||||
#
|
||||
#- name: grafana | configure provisionning datasources
|
||||
# copy:
|
||||
# dest: '{{ register_docker_volume_grafana__etc_grafana_provisioning_datasources.ansible_facts.docker_volume.Mountpoint }}/datasources.yml'
|
||||
# content: |
|
||||
# {{ grafana_provisionning_datasources|to_nice_yaml }}
|
||||
# notify: 'docker restart grafana'
|
||||
# tags: ['grafana']
|
||||
#
|
||||
#- name: grafana | download dashboard
|
||||
# get_url:
|
||||
# url: '{{ item.url }}'
|
||||
# dest: '{{ register_docker_volume_grafana__var_lib_grafana.ansible_facts.docker_volume.Mountpoint + "/dashboards/" + item.name }}.json'
|
||||
# force: '{{ item.force|default(grafana_dashboards_force|default("no")) }}'
|
||||
# with_items: '{{ grafana_dashboards|default([]) }}'
|
||||
# loop_control:
|
||||
# label: '{{ item.name }}'
|
||||
# tags: ['grafana']
|
||||
|
||||
@ -15,5 +15,6 @@
|
||||
- docker_grafana
|
||||
- docker_maildev
|
||||
- docker_redisinsight
|
||||
- docker_gitlab
|
||||
with_items:
|
||||
- "{{ docker_services }}"
|
||||
|
||||
52
templates/compose/gitlab.yml.j2
Normal file
52
templates/compose/gitlab.yml.j2
Normal file
@ -0,0 +1,52 @@
|
||||
version: '3.7'
|
||||
|
||||
networks:
|
||||
traefik:
|
||||
external: true
|
||||
|
||||
volumes:
|
||||
gitlab__etc_config:
|
||||
external: true
|
||||
gitlab__var_log_gitlab:
|
||||
external: true
|
||||
gitlab__var_opt_gitlab:
|
||||
external: true
|
||||
gitlab__backups:
|
||||
external: true
|
||||
gitlab__run_secrets:
|
||||
external: true
|
||||
|
||||
services:
|
||||
gitlab:
|
||||
image: gitlab/gitlab-ce:{{ gitlab_version|default("latest") }}
|
||||
container_name: gitlab
|
||||
restart: 'unless-stopped'
|
||||
labels:
|
||||
traefik.enable: "true"
|
||||
traefik.http.routers.gitlab.rule: "Host(`{{ gitlab_domain }}`) || Host(`{{ gitlab_registry_domain }}`)"
|
||||
traefik.http.routers.gitlab.tls: true
|
||||
traefik.http.routers.gitlab.tls.certresolver: "letsencrypt"
|
||||
traefik.http.routers.gitlab.entrypoints: "websecure"
|
||||
{% if traefik_ipwhitelist is defined %}
|
||||
traefik.http.routers.grafana.middlewares: "clientips@docker"
|
||||
{% endif %}
|
||||
traefik.http.services.gitlab.loadbalancer.server.port: "80"
|
||||
cap_add:
|
||||
- SYS_ADMIN
|
||||
environment:
|
||||
GITLAB_SIGNUP_ENABLED: 'false'
|
||||
GITLAB_OMNIBUS_CONFIG: |-
|
||||
{{ gitlab_omnibus_config | indent(width=8)}}
|
||||
ports: {{ gitlab_ports }}
|
||||
volumes:
|
||||
- 'gitlab__etc_config:/etc/gitlab'
|
||||
- 'gitlab__var_log_gitlab:/var/log/gitlab'
|
||||
- 'gitlab__var_opt_gitlab:/var/opt/gitlab'
|
||||
- 'gitlab__run_secrets:/run/secrets'
|
||||
- '{{ gitlab_backup_path|default("gitlab__backups") }}:/backups_internal_mount'
|
||||
logging:
|
||||
driver: syslog
|
||||
options:
|
||||
tag: docker_gitlab
|
||||
networks:
|
||||
- traefik
|
||||
Loading…
x
Reference in New Issue
Block a user