4 This cookbook sets up a GitLab server.
8 - [Requirements](#requirements)
9 - [platforms](#platforms)
10 - [packages](#packages)
11 - [Attributes](#attributes)
14 - [gitlab-grid::default](#gitlab-griddefault)
15 - [gitlab-grid::server](#gitlab-gridserver)
16 - [gitlab-grid::docker-compose](#gitlab-griddocker-compose)
17 - [gitlab-grid::runner-docker-compose](#gitlab-gridrunner-docker-compose)
18 - [Role Examples](#role-examples)
19 - [Internal CA certificates management by ssl_cert cookbook](#internal-ca-certificates-management-by-ssl_cert-cookbook)
20 - [SSL server keys and certificates management by ssl_cert cookbook](#ssl-server-keys-and-certificates-management-by-ssl_cert-cookbook)
21 - [License and Authors](#license-and-authors)
33 |Key|Type|Description, example|Default|
35 |`['gitlab-grid']['with_ssl_cert_cookbook']`|Boolean|If this attribute is true, CA certificate and server key pairs are deployed and the `node['gitlab-grid']['gitlab.rb']` settings are overridden by the following `common_name` attributes.|`false`|
36 |`['gitlab-grid']['ssl_cert']['ca_name']`|String|Internal CA name that signs server certificates.|`nil`|
37 |`['gitlab-grid']['ssl_cert']['common_name']`|String|GitLab server common name for TLS|`node['fqdn']`|
38 |`['gitlab-grid']['ssl_cert']['registry']['reuse_gitlab_common_name']`|Boolean|Reuse GitLab domain (same common name) for TLS|`false`|
39 |`['gitlab-grid']['ssl_cert']['registry']['common_name']`|String|Container registry service's unique common name for TLS|`nil`|
40 |`['gitlab-grid']['gitlab.rb']`|Hash|`gitlab.rb` configurations.|See `attributes/default.rb`|
41 |`['gitlab-grid']['gitlab.rb_extra_config_str']`|String|`gitlab.rb` extra configuration string (source code in Ruby).|`nil`|
42 |`['gitlab-grid']['runner-docker-compose']['import_ca']`|Boolean|Import an internal CA certificate to a gitlab-runner container or not.|`false`|
43 |`['gitlab-grid']['runner-docker-compose']['app_dir']`|String||`"#{node['docker-grid']['compose']['app_dir']}/gitlab-runner"`|
44 |`['gitlab-grid']['runner-docker-compose']['etc_dir']`|String||`"#{node['gitlab-grid']['runner-docker-compose']['app_dir']}/etc"`|
45 |`['gitlab-grid']['runner-docker-compose']['config']`|Hash|`docker-compose.yml` configurations.|See `attributes/default.rb`|
51 #### gitlab-grid::default
53 This recipe does nothing.
55 #### gitlab-grid::server
57 This recipe sets up a GitLab server.
59 #### gitlab-grid::docker-compose
61 This recipe generates a `docker-compose.yml` for the GitLab server.
63 #### gitlab-grid::runner-docker-compose
65 This recipe generates a `docker-compose.yml` for the gitlab-runner.
76 'recipe[gitlab-grid::server]',
83 gitlab_cn = 'gitlab.io.example.com'
87 # See https://docs.gitlab.com/omnibus/settings/configuration.html
89 'external_url' => "http://#{gitlab_cn}",
91 'time_zone' => 'Asia/Tokyo',
98 - `roles/gitlab-with-ssl-cert.rb`
101 name 'gitlab-with-ssl-cert'
102 description 'GitLab setup with ssl_cert cookbook'
105 'recipe[ssl_cert::server_key_pairs]',
106 'recipe[gitlab-grid::server]',
111 #default_attributes()
113 gitlab_cn = 'gitlab.io.example.com'
122 'with_ssl_cert_cookbook' => true,
124 'common_name' => gitlab_cn,
127 'external_url' => "https://#{gitlab_cn}",
129 'time_zone' => 'Asia/Tokyo',
132 'redirect_http_to_https' => true,
139 - `roles/gitlab-on-docker.rb`
142 name 'gitlab-on-docker'
143 description 'GitLab on Docker'
145 gitlab_cn = 'gitlab.io.example.com'
146 gitlab_http_port = '8080'
147 gitlab_ssh_port = '2022'
151 'recipe[gitlab-grid::docker-compose]',
156 #default_attributes()
161 'external_url' => "http://#{gitlab_cn}:#{gitlab_http_port}",
163 'time_zone' => 'Asia/Tokyo',
164 'gitlab_shell_ssh_port' => gitlab_ssh_port.to_i,
167 'redirect_http_to_https' => false,
170 'docker-compose' => {
172 # Version 2 docker-compose format
176 'restart' => 'always',
177 'image' => 'gitlab/gitlab-ce:latest',
178 'hostname' => gitlab_cn,
180 "#{gitlab_http_port}:#{gitlab_http_port}",
181 "#{gitlab_ssh_port}:22",
195 - `roles/gitlab-with-ssl-on-docker.rb`: and activates Container registry feature.
198 name 'gitlab-with-ssl-on-docker'
199 description 'GitLab with SSL on Docker'
201 gitlab_cn = 'gitlab.io.example.com'
202 gitlab_https_port = '8443'
203 gitlab_ssh_port = '2022'
204 gitlab_registry_port = '5050'
207 'recipe[ssl_cert::server_key_pairs]',
209 'recipe[gitlab-grid::docker-compose]',
214 #default_attributes()
223 'with_ssl_cert_cookbook' => true,
225 'common_name' => gitlab_cn,
227 'reuse_gitlab_common_name' => true,
229 #'reuse_gitlab_common_name' => false,
230 #'common_name' => registry_gitlab_cn,
234 'external_url' => "https://#{gitlab_cn}:#{gitlab_https_port}",
235 'registry_external_url' => "https://#{gitlab_cn}:#{gitlab_registry_port}", # Do not use 5000 if same domain (common name)
237 'time_zone' => 'Asia/Tokyo',
238 'gitlab_shell_ssh_port' => gitlab_ssh_port.to_i,
241 'redirect_http_to_https' => true,
243 'registry_nginx' => {
244 'redirect_http_to_https' => true,
247 'docker-compose' => {
249 # Version 2 docker-compose format
253 'restart' => 'always',
254 'image' => 'gitlab/gitlab-ce:latest',
255 'hostname' => gitlab_cn,
257 "#{gitlab_https_port}:#{gitlab_https_port}",
258 "#{gitlab_registry_port}:#{gitlab_registry_port}",
259 "#{gitlab_ssh_port}:22",
273 - `roles/gitlab-runner.rb`
277 description 'GitLab-runner'
280 #'recipe[ssl_cert::ca_certs]',
282 'recipe[gitlab-grid::runner-docker-compose]',
287 #default_attributes()
289 ca_name = 'grid_ca' # Internal CA
298 #'with_ssl_cert_cookbook' => true,
300 'ca_name' => ca_name,
302 'runner-docker-compose' => {
303 #'import_ca' => true,
308 # for Docker executor
309 '/var/run/docker.sock:/var/run/docker.sock',
319 ### Internal CA certificates management by ssl_cert cookbook
321 See https://supermarket.chef.io/cookbooks/ssl_cert
323 ### SSL server keys and certificates management by ssl_cert cookbook
325 - create vault items.
328 $ ruby -rjson -e 'puts JSON.generate({"private" => File.read("gitlab.io.example.com.prod.key")})' \
329 > > ~/tmp/gitlab.io.example.com.prod.key.json
331 $ ruby -rjson -e 'puts JSON.generate({"public" => File.read("gitlab.io.example.com.prod.crt")})' \
332 > > ~/tmp/gitlab.io.example.com.prod.crt.json
336 $ knife vault create ssl_server_keys gitlab.io.example.com.prod \
337 > --json ~/tmp/gitlab.io.example.com.prod.key.json
339 $ knife vault create ssl_server_certs gitlab.io.example.com.prod \
340 > --json ~/tmp/gitlab.io.example.com.prod.crt.json
343 - grant reference permission to the gitlab host
346 $ knife vault update ssl_server_keys gitlab.io.example.com.prod -S 'name:gitlab*.io.example.com'
347 $ knife vault update ssl_server_certs gitlab.io.example.com.prod -S 'name:gitlab*.io.example.com'
350 - modify run_list and attributes
354 'recipe[ssl_cert::server_key_pairs]',
355 'recipe[gitlab-grid::server]',
356 #'recipe[gitlab-grid::docker-compose]',
362 'gitlab.io.example.com',
366 'with_ssl_cert_cookbook' => true,
368 'common_name' => 'gitlab.io.example.com',
375 ## License and Authors
377 - Author:: whitestar at osdn.jp
380 Copyright 2017, whitestar
382 Licensed under the Apache License, Version 2.0 (the "License");
383 you may not use this file except in compliance with the License.
384 You may obtain a copy of the License at
386 http://www.apache.org/licenses/LICENSE-2.0
388 Unless required by applicable law or agreed to in writing, software
389 distributed under the License is distributed on an "AS IS" BASIS,
390 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
391 See the License for the specific language governing permissions and
392 limitations under the License.