Version information
This version is compatible with:
- Puppet Enterprise 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x, 2018.1.x, 2017.3.x, 2017.2.x, 2016.4.x
- Puppet >= 4.10.0 < 7.0.0
Start using this module
Add this module to your Puppetfile:
mod 'aursu-gitlabinstall', '1.0.2'
Learn more about managing modules with a PuppetfileDocumentation
gitlabinstall
Table of Contents
- Description
- Setup - The basics of getting started with gitlabinstall
- Usage - Configuration options and additional functionality
- Limitations - OS compatibility, etc.
- Development - Guide for contributing to the module
Description
This module main goal is to install GitLab and provide ability to intagrate it with externally managed Nginx, Postgres and Docker Registry.
Setup
What gitlabinstall affects OPTIONAL
gitlabinstall installs gitlab-ce Omnibus package from https://packages.gitlab.com/gitlab/gitlab-ce. Exact package version should be provided
Also it could manage Nginx setup (non-bundled) and Postgres setup (also non-bundled)
SSL certificates management is also included
Setup Requirements OPTIONAL
It requires to use custom fork of Puppet Nginx module located on GitHub.
For .fixtures.yml
nginx:
repo: https://github.com/aursu/puppet-nginx.git
ref: tags/v1.1.1-rc0.7
and for Puppetfile:
mod 'nginx',
:git => 'https://github.com/aursu/puppet-nginx.git',
:tag => 'v1.1.1-rc0.7'
Also requires non-published on Puppet Forge module aursu::lsys
which is set
of different basic profiles
Puppetfile setup:
mod 'lsys',
:git => 'https://github.com/aursu/puppet-lsys.git',
:tag => 'v0.5.1'
Beginning with gitlabinstall
Main class for GitLab installation is gitlabinstall::gitlab
:
class { 'gitlabinstall': }
class { 'gitlabinstall::gitlab':
external_url => 'https://gitlab.domain.tld',
database_password => 'secret',
gitlab_package_ensure => '13.3.5-ce.0.el7',
}
Usage
Use it with registry installed on separate host and on the same host as PuppetDB:
class { 'gitlabinstall::gitlab':
external_url => 'https://gitlab.domain.tld',
cert_identity => '*.domain.tld',
# DevCI has PuppetDB which listen on 8080, PuppetDB could be used
# externally but not GitLab Unicorn
gitlab_rails_port => 8008,
monitoring => false,
external_registry_service => true,
registry_host => 'registry.domain.tld',
registry_api_url => 'http://registry.domain.tld:5000',
gitlab_package_ensure => '12.10.14-ce.0.el7',
}
Use it with registry on the same host:
class { 'gitlabinstall::gitlab':
external_url => 'https://gitlab.domain.tld',
cert_identity => '*.domain.tld',
external_registry_service => true,
registry_host => 'registry.domain.tld',
}
Reference
See REFERENCE.md
Limitations
Development
Release Notes/Contributors/Etc. Optional
Reference
Table of Contents
Classes
gitlabinstall
: GitLab installationgitlabinstall::gitlab
: GitLab installation managementgitlabinstall::nginx
: A short summary of the purpose of this classgitlabinstall::params
: Basic module settingsgitlabinstall::postgres
: Install postgres database and pg_trgm extensiongitlabinstall::ssl
: A short summary of the purpose of this class
Classes
gitlabinstall
GitLab installation
Examples
include gitlabinstall
Parameters
The following parameters are available in the gitlabinstall
class.
gitlab_package_ensure
Data type: String
RPM package version. For example, 13.3.2-ce.0.el7 (see https://packages.gitlab.com/gitlab/gitlab-ce)
Default value: '13.0.10-ce.0.el7'
external_url
Data type: Stdlib::HTTPUrl
Configuring the external URL for GitLab see Configuring the external URL for GitLab
Default value: 'http://localhost'
database_password
Data type: Optional[String]
PostgreSQL database password
Default value: undef
manage_cert_data
Data type: Boolean
Whether provided certificate and key should be installed on server or not
Default value: true
cert_identity
Data type: Optional[String]
Certificate name to use in order to lookup certificate data in Puppet Hiera
Default value: undef
external_postgresql_service
Data type: Boolean
Using a non-packaged PostgreSQL database management server see Using a non-packaged PostgreSQL database management server
Default value: true
manage_postgresql_core
Data type: Boolean
Whether to manage PostgreSQL core or not (installation, initialization, service start)
Default value: true
non_bundled_web_server
Data type: Boolean
Whether to use bundled into GitLab Nginx service or not
Default value: true
manage_nginx_core
Data type: Boolean
Whether to manage core settings for Nginx or not (installation, nginx.conf setup, service setup)
Default value: true
external_registry_service
Data type: Boolean
Whether to integrate external Container registry into GitLab or not
Default value: false
registry_host
Data type: Optional[Stdlib::Fqdn]
Registry endpoint without the scheme, the address that gets shown to the end user.
Default value: undef
registry_port
Data type: Integer
Registry endpoint port, visible to the end user
Default value: 443
registry_api_url
Data type: Stdlib::HTTPUrl
Registry API URL Gitlab should connect to
Default value: 'http://localhost:5000'
database_host
Data type: Variant[Stdlib::Fqdn, Stdlib::IP::Address]
Default value: 'localhost'
gitlabinstall::gitlab
GitLab installation management
Examples
include gitlabinstall::gitlab
Parameters
The following parameters are available in the gitlabinstall::gitlab
class.
external_url
Data type: Stdlib::HTTPUrl
Configuring the external URL for GitLab see Configuring the external URL for GitLab
Default value: $gitlabinstall::external_url
gitlab_package_ensure
Data type: String
RPM package version. For example, 13.3.2-ce.0.el7 (see https://packages.gitlab.com/gitlab/gitlab-ce)
Default value: $gitlabinstall::gitlab_package_ensure
log_dir
Data type: String
Log directory to manage
Default value: '/var/log/gitlab'
external_postgresql_service
Data type: Boolean
Using a non-packaged PostgreSQL database management server see Using a non-packaged PostgreSQL database management server
Default value: $gitlabinstall::external_postgresql_service
registry_api_url
Data type: Stdlib::HTTPUrl
This is the Registry URL used internally that users do not need to interact with it is gitlab_rails['registry_api_url'] setting in /etc/gitlab/gitlab.rb
Default value: $gitlabinstall::registry_api_url
registry_host
Data type: Optional[Stdlib::Fqdn]
Registry endpoint without the scheme, the address that gets shown to the end user. it is gitlab_rails['registry_host'] setting in /etc/gitlab/gitlab.rb
Default value: $gitlabinstall::registry_host
registry_port
Data type: Integer
Registry endpoint port, visible to the end user it is gitlab_rails['registry_port'] setting in /etc/gitlab/gitlab.rb
Default value: $gitlabinstall::registry_port
registry_internal_key
Data type: Optional[String]
Contents of the key that GitLab uses to sign the tokens. It is registry['internal_key'] setting in /etc/gitlab/gitlab.rb A certificate-key pair is required for GitLab and the external container registry to communicate securely. You will need to create a certificate-key pair, configuring the external container registry with the public certificate and configuring GitLab with the private key
Default value: undef
registry_key_path
Data type: Optional[Stdlib::Unixpath]
Path to the key that matches the certificate on the Registry side.
It is gitlab_rails['registry_key_path'] setting in /etc/gitlab/gitlab.rb
Custom file for Omnibus GitLab to write the contents of
registry['internal_key'] to. The file specified at registry_key_path
gets
populated with the content specified by internal_key
, each time reconfigure
is executed. If no file is specified, Omnibus GitLab will default it to
/var/opt/gitlab/gitlab-rails/etc/gitlab-registry.key
and will populate it.
Default value: undef
packages_enabled
Data type: Boolean
Enabling the Packages feature see GitLab Package Registry administration
Default value: true
packages_storage_path
Data type: Optional[Stdlib::Unixpath]
Local storage path for packages for Omnibus GitLab installation
Default value: $gitlabinstall::params::packages_storage_path
ssl_cert
Data type: Optional[String]
Content of x509 certificate to use for GitLab TLS setup
Default value: undef
ssl_key
Data type: Optional[String]
Content of RSA private key to use for GitLab TLS setup
Default value: undef
repo_sslverify
Data type: Optional[Integer[0,1]]
Set sslverify
flag for Omnibus GitLab Yum repository
Default value: undef
database_password
Data type: String[8]
Default value: $gitlabinstall::database_password
manage_postgresql_core
Data type: Boolean
Default value: $gitlabinstall::manage_postgresql_core
database_host
Data type: String
Default value: $gitlabinstall::database_host
database_port
Data type: Variant[Integer, Pattern[/^[0-9]+$/]]
Default value: $gitlabinstall::params::database_port
database_username
Data type: String
Default value: $gitlabinstall::params::database_username
database_name
Data type: String
Default value: $gitlabinstall::params::database_name
non_bundled_web_server
Data type: Boolean
Default value: $gitlabinstall::non_bundled_web_server
manage_nginx_core
Data type: Boolean
Default value: true
manage_cert_data
Data type: Boolean
Default value: true
cert_identity
Data type: Optional[String]
Default value: undef
gitlab_rails_host
Data type: String
Default value: 'localhost'
gitlab_rails_port
Data type: Integer
Default value: 8080
monitoring
Data type: Boolean
Default value: false
external_registry_service
Data type: Boolean
Default value: $gitlabinstall::external_registry_service
mnt_distro
Data type: Optional[Stdlib::Unixpath]
Default value: undef
mnt_distro_fstype
Data type: String
Default value: 'ext4'
mnt_data
Data type: Optional[Stdlib::Unixpath]
Default value: undef
mnt_data_fstype
Data type: String
Default value: 'ext4'
gitlabinstall::nginx
A description of what this class does
Examples
include gitlabinstall::nginx
Parameters
The following parameters are available in the gitlabinstall::nginx
class.
manage_service
Data type: Boolean
Whether to manage Nginx core settings or not
Default value: $gitlabinstall::manage_nginx_core
global_proxy_settings
Data type: Boolean
Whether to enable global proxy cache settings or not. These settings will
reside in Nginx http context (therefore they are global). These settings
could be applied only if Nginx core is managed not here (so manage_service
is false)
Default value: true
server_name
Data type: String
daemon_user
Data type: String
Default value: $gitlabinstall::params::user
daemon_user_id
Data type: Integer
Default value: $gitlabinstall::params::user_id
daemon_group
Data type: String
Default value: $gitlabinstall::params::group
daemon_group_id
Data type: Integer
Default value: $gitlabinstall::params::group_id
nginx_user_home
Data type: String
Default value: $gitlabinstall::params::user_home
web_server_user_shell
Data type: String
Default value: $gitlabinstall::params::user_shell
ssl
Data type: Boolean
Default value: false
ssl_cert_path
Data type: Optional[String]
Default value: undef
ssl_key_path
Data type: Optional[String]
Default value: undef
manage_document_root
Data type: Boolean
Default value: false
gitlabinstall::params
Basic module settings
Examples
include gitlabinstall::params
gitlabinstall::postgres
Install postgres database and pg_trgm extension
Examples
include gitlabinstall::postgres
Parameters
The following parameters are available in the gitlabinstall::postgres
class.
database_password
Data type: String[8]
Default value: $gitlabinstall::database_password
manage_service
Data type: Boolean
Default value: $gitlabinstall::manage_postgresql_core
database_username
Data type: String
Default value: $gitlabinstall::params::database_username
database_name
Data type: String
Default value: $gitlabinstall::params::database_name
gitlabinstall::ssl
A description of what this class does
Examples
include gitlabinstall::ssl
Parameters
The following parameters are available in the gitlabinstall::ssl
class.
server_name
Data type: Stdlib::Fqdn
GitLab server name (must be part of external_url)
cert_identity
Data type: Optional[String]
Certificate name to use in order to lookup certificate data in Puppet Hiera
Hiera lookup keys are <cert_identity>_private
and <cert_identity>_certificate
where <cert_identity>
is normalized value following next rules:
'*' -> 'wildcard', '.' -> '', '-' -> '', "'" -> '' and ' ' -> ''
cert_identity must match either certificate Common Name or any of Subject alternate DNS name
Default value: $gitlabinstall::cert_identity
ssl_cert
Data type: Optional[String]
Content of x509 certificate to use for GitLab TLS setup
Default value: undef
ssl_key
Data type: Optional[String]
Content of RSA private key to use for GitLab TLS setup
Default value: undef
manage_cert_data
Data type: Boolean
Whether provided certificate and key should be installed on server or not
Default value: $gitlabinstall::manage_cert_data
Changelog
All notable changes to this project will be documented in this file.
Release 0.1.0
Features
Bugfixes
Known Issues
Release 1.0.2
Features
Added repo_sslverify
parameter into class gitlabinstall::gitlab
in order
to override global settings for this flag
Bugfixes
Added dependency of registry default path on gitlab package
Dependencies
- puppet/gitlab (>= 5.1.0 < 6.0.0)
- aursu/lsys (>= 0.5.1 < 1.0.0)
- puppet/nginx (>= 1.0.0 < 2.0.0)
- puppetlabs/postgresql (>= 6.6.0 < 7.0.0)
- puppetlabs/stdlib (>= 4.1.0 < 7.0.0)
- aursu/tlsinfo (>= 0.3.5 < 1.0.0)