Enabled: false
Style/SpaceBeforeFirstArg:
Enabled: false
+Style/SpaceInsideBlockBraces:
+ Enabled: false
Style/TrailingCommaInLiteral:
- EnforcedStyleForMultiline: comma
+ EnforcedStyleForMultiline: consistent_comma
Style/WordArray:
Enabled: false
# limitations under the License.
#
-# for ver. 3.x
-#source 'https://gpm00.grid.example.com:6280'
source 'https://supermarket.chef.io'
metadata
# gitlab-grid CHANGELOG
+0.1.3
+-----
+- adds the `gitlab-grid::docker-compose` recipe.
+
0.1.2
-----
- improves service management.
source 'https://rubygems.org'
-#gem 'foodcritic'
+# with Chef DK
+gem 'stove'
- [Recipes](#recipes)
- [gitlab-grid::default](#gitlab-griddefault)
- [gitlab-grid::server](#gitlab-gridserver)
- - [gitlab-grid::docker-compose (NOT supported yet)](#gitlab-griddocker-compose-not-supported-yet)
+ - [gitlab-grid::docker-compose](#gitlab-griddocker-compose)
- [gitlab-grid::runner-docker-compose](#gitlab-gridrunner-docker-compose)
- [Role Examples](#role-examples)
- [Internal CA certificates management by ssl_cert cookbook](#internal-ca-certificates-management-by-ssl_cert-cookbook)
This recipe sets up a GitLab server.
-#### gitlab-grid::docker-compose (NOT supported yet)
+#### gitlab-grid::docker-compose
This recipe generates a `docker-compose.yml` for the GitLab server.
)
```
+- `roles/gitlab-on-docker.rb`
+
+```ruby
+name 'gitlab-on-docker'
+description 'GitLab on Docker'
+
+gitlab_cn = 'gitlab.io.example.com'
+gitlab_http_port = '8080'
+gitlab_ssh_port = '2022'
+
+run_list(
+ 'role[docker]',
+ 'recipe[gitlab-grid::docker-compose]',
+)
+
+#env_run_lists()
+
+#default_attributes()
+
+override_attributes(
+ 'gitlab-grid' => {
+ 'gitlab.rb' => {
+ 'external_url' => "http://#{gitlab_cn}:#{gitlab_http_port}",
+ 'gitlab_rails' => {
+ 'time_zone' => 'Asia/Tokyo',
+ 'gitlab_shell_ssh_port' => gitlab_ssh_port.to_i,
+ },
+ 'nginx' => {
+ 'redirect_http_to_https' => false,
+ },
+ },
+ 'docker-compose' => {
+ 'config' => {
+ # Version 2 docker-compose format
+ 'version' => '2',
+ 'services' => {
+ 'gitlab' => {
+ 'restart' => 'always',
+ 'image' => 'gitlab/gitlab-ce:latest',
+ 'hostname' => gitlab_cn,
+ 'ports' => [
+ "#{gitlab_http_port}:#{gitlab_http_port}",
+ "#{gitlab_ssh_port}:22",
+ ],
+ 'environment' => {
+ },
+ #'volumes' => [
+ #],
+ },
+ },
+ },
+ },
+ },
+)
+```
+
+- `roles/gitlab-with-ssl-on-docker.rb`: and activates Container registry feature.
+
+```ruby
+name 'gitlab-with-ssl-on-docker'
+description 'GitLab with SSL on Docker'
+
+gitlab_cn = 'gitlab.io.example.com'
+gitlab_https_port = '8443'
+gitlab_ssh_port = '2022'
+gitlab_registry_port = '5050'
+
+run_list(
+ 'recipe[ssl_cert::server_key_pairs]',
+ 'role[docker]',
+ 'recipe[gitlab-grid::docker-compose]',
+)
+
+#env_run_lists()
+
+#default_attributes()
+
+override_attributes(
+ 'ssl_cert' => {
+ 'common_names' => [
+ gitlab_cn,
+ ],
+ },
+ 'gitlab-grid' => {
+ 'with_ssl_cert_cookbook' => true,
+ 'ssl_cert' => {
+ 'common_name' => gitlab_cn,
+ 'registry' => {
+ 'reuse_gitlab_common_name' => true,
+ # or
+ #'reuse_gitlab_common_name' => false,
+ #'common_name' => registry_gitlab_cn,
+ },
+ },
+ 'gitlab.rb' => {
+ 'external_url' => "https://#{gitlab_cn}:#{gitlab_https_port}",
+ 'registry_external_url' => "https://#{gitlab_cn}:#{gitlab_registry_port}", # Do not use 5000 if same domain (common name)
+ 'gitlab_rails' => {
+ 'time_zone' => 'Asia/Tokyo',
+ 'gitlab_shell_ssh_port' => gitlab_ssh_port.to_i,
+ },
+ 'nginx' => {
+ 'redirect_http_to_https' => true,
+ },
+ 'registry_nginx' => {
+ 'redirect_http_to_https' => true,
+ },
+ },
+ 'docker-compose' => {
+ 'config' => {
+ # Version 2 docker-compose format
+ 'version' => '2',
+ 'services' => {
+ 'gitlab' => {
+ 'restart' => 'always',
+ 'image' => 'gitlab/gitlab-ce:latest',
+ 'hostname' => gitlab_cn,
+ 'ports' => [
+ "#{gitlab_https_port}:#{gitlab_https_port}",
+ "#{gitlab_registry_port}:#{gitlab_registry_port}",
+ "#{gitlab_ssh_port}:22",
+ ],
+ 'environment' => {
+ },
+ #'volumes' => [
+ #],
+ },
+ },
+ },
+ },
+ },
+)
+```
+
- `roles/gitlab-runner.rb`
```ruby
- create vault items.
```text
-$ ruby -rjson -e 'puts JSON.generate({"private" => File.read("gitlab_io_example_com.prod.key")})' \
-> > ~/tmp/gitlab_io_example_com.prod.key.json
+$ ruby -rjson -e 'puts JSON.generate({"private" => File.read("gitlab.io.example.com.prod.key")})' \
+> > ~/tmp/gitlab.io.example.com.prod.key.json
-$ knife vault create ssl_server_keys gitlab.io.example.com.prod \
-> --json ~/tmp/gitlab_io_example_com.prod.key.json
+$ ruby -rjson -e 'puts JSON.generate({"public" => File.read("gitlab.io.example.com.prod.crt")})' \
+> > ~/tmp/gitlab.io.example.com.prod.crt.json
-$ ruby -rjson -e 'puts JSON.generate({"public" => File.read("gitlab_io_example_com.prod.crt")})' \
-> > ~/tmp/gitlab_io_example_com.prod.crt.json
+$ cd $CHEF_REPO_PATH
+
+$ knife vault create ssl_server_keys gitlab.io.example.com.prod \
+> --json ~/tmp/gitlab.io.example.com.prod.key.json
$ knife vault create ssl_server_certs gitlab.io.example.com.prod \
-> --json ~/tmp/gitlab_io_example_com.prod.crt.json
+> --json ~/tmp/gitlab.io.example.com.prod.crt.json
```
- grant reference permission to the gitlab host
require 'rspec/core/rake_task'
require 'rubocop/rake_task'
require 'foodcritic'
+require 'stove/rake_task'
namespace :style do
desc 'Run Ruby style checks'
- RuboCop::RakeTask.new(:ruby)
+ RuboCop::RakeTask.new(:ruby) do |t|
+ t.options = [
+ '--auto-gen-config', # creates .rubocop_todo.yml
+ ]
+ end
desc 'Run Chef style checks'
FoodCritic::Rake::LintTask.new(:chef) do |t|
desc 'Run ChefSpec examples'
RSpec::Core::RakeTask.new(:spec)
+desc 'Publish cookbook'
+Stove::RakeTask.new(:publish) do |t|
+ t.stove_opts = [
+ # `--username` and `--key` are set in ~/.stove typically.
+ #'--username', 'somebody',
+ #'--key', '~/chef/chef.io.example.com/somebody.pem',
+ #'--endpoint', 'https://supermarket.io.example.com/api/v1', # default: supermarket.chef.io
+ #'--no-ssl-verify',
+ '--no-git',
+ '--log-level', 'info',
+ ]
+end
+
task default: ['style', 'spec']
--- /dev/null
+---
+# $ fly -t target sp -p gitlab-grid-cookbook -c concourse.yml -l fly-vars.yml -l ~/sec/credentials-prod.yml
+resources:
+- name: src-git
+ type: git
+ source:
+ uri: ((git-id-osdn))@git.osdn.net:/gitroot/metasearch/grid-chef-repo.git
+ branch: master
+ paths:
+ - cookbooks/((cookbook-name))
+ private_key: ((git-private-key))
+ git_user: ((git-user-osdn))
+ #check_every: 1h # default: 1m
+- name: chefdk-cache
+ type: docker-image
+ source:
+ repository: chef/chefdk
+ tag: ((chefdk-version))
+ # ((param)) style: fly >= 3.2.0
+ registry_mirror: https://((registry-mirror-domain)) # e.g. https://registry.docker.example.com:5000
+ ca_certs:
+ - domain: ((registry-mirror-domain)) # e.g. registry.docker.example.com:5000
+ cert: ((docker-reg-ca-cert))
+ check_every: 12h # default: 1m
+
+jobs:
+- name: test-cookbook
+ plan:
+ - aggregate:
+ - get: src-git
+ params:
+ depth: 5
+ trigger: true
+ - get: chefdk-cache
+ - task: ci-build
+ image: chefdk-cache
+ params:
+ http_proxy: ((http-proxy)) # e.g. http://proxy.example.com:3128
+ #HTTP_PROXY: ((http-proxy))
+ config:
+ platform: linux
+ #image_resource:
+ # type: docker-image
+ # source:
+ # repository: chef/chefdk
+ # tag: ((chefdk-version))
+ # NG, setting disable
+ #registry_mirror: https://((registry-mirror-domain))
+ #ca_certs:
+ #- domain: ((registry-mirror-domain))
+ # cert: ((docker-reg-ca-cert))
+ inputs:
+ - name: src-git
+ run:
+ #dir: ./src-git/cookbooks/((cookbook-name))
+ #path: rake
+ path: /bin/bash
+ args:
+ - -c
+ - |
+ cd ./src-git/cookbooks/((cookbook-name))
+ bundle install
+ rake
+- name: publish-cookbook
+ plan:
+ - aggregate:
+ - get: src-git
+ params:
+ depth: 5
+ trigger: false
+ passed: [test-cookbook]
+ - get: chefdk-cache
+ passed: [test-cookbook]
+ - task: publish
+ image: chefdk-cache
+ params:
+ http_proxy: ((http-proxy))
+ chef_username: ((chef-username))
+ chef_client_key: ((chef-client-key))
+ config:
+ platform: linux
+ inputs:
+ - name: src-git
+ run:
+ path: /bin/bash
+ args:
+ - -c
+ - |
+ echo '{"username":"((chef-username))","key":"/root/chef-client-key.pem"}' > /root/.stove
+ echo "$chef_client_key" > /root/chef-client-key.pem
+ cd ./src-git/cookbooks/((cookbook-name))
+ bundle install
+ rake publish
+ - put: src-git
+ params:
+ repository: src-git
+ tag_prefix: ((cookbook-name))-
+ tag: src-git/cookbooks/((cookbook-name))/version
+ only_tag: true
+ annotate: ../src-git/cookbooks/((cookbook-name))/version
--- /dev/null
+---
+cookbook-name: gitlab-grid
+chefdk-version: 1.4.3
license 'Apache 2.0'
description 'Installs/Configures gitlab-grid'
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
-version '0.1.2'
+version IO.read(File.join(File.dirname(__FILE__), 'version')).chomp
source_url 'http://scm.osdn.jp/gitroot/metasearch/grid-chef-repo.git'
issues_url 'https://osdn.jp/projects/metasearch/ticket'
+chef_version '>= 12'
supports 'ubuntu', '>= 16.04'
-%w( centos redhat ).each do |os|
+%w(centos redhat).each do |os|
supports os, '>= 7.3'
end
# limitations under the License.
#
-config = node['gitlab-grid']['gitlab.rb']
-#override_config = node.override['gitlab-grid']['gitlab.rb']
-force_override_config = node.force_override['gitlab-grid']['gitlab.rb']
+gitlab_rb = node['gitlab-grid']['gitlab.rb']
+#override_gitlab_rb = node.override['gitlab-grid']['gitlab.rb']
+force_override_gitlab_rb = node.force_override['gitlab-grid']['gitlab.rb']
if node['gitlab-grid']['with_ssl_cert_cookbook']
::Chef::Recipe.send(:include, SSLCert::Helper)
cn = node['gitlab-grid']['ssl_cert']['common_name']
cert_path = server_cert_path(cn)
key_path = server_key_path(cn)
- force_override_config['external_url'] = config['external_url'].gsub('http://', 'https://')
- force_override_config['nginx']['ssl_certificate'] = cert_path
- force_override_config['nginx']['ssl_certificate_key'] = key_path
+ force_override_gitlab_rb['external_url'] = gitlab_rb['external_url'].gsub('http://', 'https://')
+ force_override_gitlab_rb['nginx']['ssl_certificate'] = cert_path
+ force_override_gitlab_rb['nginx']['ssl_certificate_key'] = key_path
# GitLab Container Registry
- unless config['registry_external_url'].nil?
- force_override_config['registry_external_url'] = config['registry_external_url'].gsub('http://', 'https://')
+ unless gitlab_rb['registry_external_url'].nil?
+ force_override_gitlab_rb['registry_external_url'] = gitlab_rb['registry_external_url'].gsub('http://', 'https://')
end
reg_cert_path = nil
end
end
- force_override_config['registry_nginx']['ssl_certificate'] = reg_cert_path unless reg_cert_path.nil?
- force_override_config['registry_nginx']['ssl_certificate_key'] = reg_key_path unless reg_key_path.nil?
+ force_override_gitlab_rb['registry_nginx']['ssl_certificate'] = reg_cert_path unless reg_cert_path.nil?
+ force_override_gitlab_rb['registry_nginx']['ssl_certificate_key'] = reg_key_path unless reg_key_path.nil?
end
include_recipe 'docker-grid::compose'
include_recipe 'gitlab-grid::commons'
+#gitlab_rb = node['gitlab-grid']['gitlab.rb']
+#override_gitlab_rb = node.override['gitlab-grid']['gitlab.rb']
+force_override_gitlab_rb = node.force_override['gitlab-grid']['gitlab.rb']
+
config = node['gitlab-grid']['docker-compose']['config']
override_config = node.override['gitlab-grid']['docker-compose']['config']
force_override_config = node.force_override['gitlab-grid']['docker-compose']['config']
+
app_dir = node['gitlab-grid']['docker-compose']['app_dir']
etc_dir = node['gitlab-grid']['docker-compose']['etc_dir']
logs_dir = node['gitlab-grid']['docker-compose']['logs_dir']
data_dir = node['gitlab-grid']['docker-compose']['data_dir']
-#certs_dir = "#{app_dir}/certs"
envs = {}
vols = config['services']['gitlab']['volumes'].to_a
+if node['gitlab-grid']['with_ssl_cert_cookbook']
+ # GitLab
+ # These paths are already set in the `gitlab-grid::commons` recipe.
+ cert_path = force_override_gitlab_rb['nginx']['ssl_certificate']
+ key_path = force_override_gitlab_rb['nginx']['ssl_certificate_key']
+
+ vols.push("#{cert_path}:/etc/gitlab/server.crt:ro")
+ vols.push("#{key_path}:/etc/gitlab/server.key:ro")
+ force_override_gitlab_rb['nginx']['ssl_certificate'] = '/etc/gitlab/server.crt'
+ force_override_gitlab_rb['nginx']['ssl_certificate_key'] = '/etc/gitlab/server.key'
+
+ # GitLab Container Registry
+ # These paths are already set in the `gitlab-grid::commons` recipe.
+ reg_cert_path = force_override_gitlab_rb['registry_nginx']['ssl_certificate']
+ reg_key_path = force_override_gitlab_rb['registry_nginx']['ssl_certificate_key']
+
+ unless reg_cert_path.nil?
+ vols.push("#{reg_cert_path}:/etc/gitlab/reg_server.crt:ro")
+ force_override_gitlab_rb['registry_nginx']['ssl_certificate'] = '/etc/gitlab/reg_server.crt'
+ end
+ unless reg_key_path.nil?
+ vols.push("#{reg_key_path}:/etc/gitlab/reg_server.key:ro")
+ force_override_gitlab_rb['registry_nginx']['ssl_certificate_key'] = '/etc/gitlab/reg_server.key'
+ end
+end
+
[
app_dir,
data_dir,
end
}
-override_config['services']['gitlab']['ports'] = [
- '80:80',
- '443:443',
- '22:22',
-] if config['services']['gitlab']['ports'].empty?
-
-=begin
-if node['gitlab-grid']['with_ssl_cert_cookbook']
- ::Chef::Recipe.send(:include, SSLCert::Helper)
- cn = node['gitlab-grid']['ssl_cert']['common_name']
- # TODO: support
+if config['services']['gitlab']['ports'].empty?
+ override_config['services']['gitlab']['ports'] = [
+ '80:80',
+ '443:443',
+ '22:22',
+ ]
end
-=end
force_override_config['services']['gitlab']['environment'] = envs unless envs.empty?
override_config['services']['gitlab']['volumes'] = vols unless vols.empty?
+template "#{etc_dir}/gitlab.rb" do
+ source 'etc/gitlab/gitlab.rb'
+ owner 'root'
+ group 'root'
+ mode '0644'
+end
+
[
'docker-compose.yml',
].each {|conf_file|
<%
config = node['gitlab-grid']['docker-compose']['config'].to_hash
-gitlab_rb = render('etc/gitlab/gitlab.rb').force_encoding("UTF-8")
-config['services']['gitlab']['environment']['GITLAB_OMNIBUS_CONFIG'] = gitlab_rb
+#gitlab_rb = render('etc/gitlab/gitlab.rb').force_encoding("UTF-8")
+#config['services']['gitlab']['environment']['GITLAB_OMNIBUS_CONFIG'] = gitlab_rb
require 'yaml'
yaml_str = config.to_yaml
--- /dev/null
+{
+ "run_list": [
+ "role[gitlab-on-docker]"
+ ]
+}
--- /dev/null
+name 'gitlab-on-docker'
+description 'GitLab on Docker'
+
+gitlab_cn = 'gitlab.io.example.com'
+gitlab_http_port = '8080'
+gitlab_ssh_port = '2022'
+
+run_list(
+ 'role[docker]',
+ 'recipe[gitlab-grid::docker-compose]',
+)
+
+#env_run_lists()
+
+#default_attributes()
+
+override_attributes(
+ 'gitlab-grid' => {
+ 'gitlab.rb' => {
+ 'external_url' => "http://#{gitlab_cn}:#{gitlab_http_port}",
+ 'gitlab_rails' => {
+ 'time_zone' => 'UTC',
+ #'time_zone' => 'Asia/Tokyo',
+ 'gitlab_shell_ssh_port' => gitlab_ssh_port.to_i,
+ },
+ 'nginx' => {
+ 'redirect_http_to_https' => false,
+ },
+ },
+ 'docker-compose' => {
+ 'config' => {
+ # Version 2 docker-compose format
+ 'version' => '2',
+ 'services' => {
+ 'gitlab' => {
+ 'restart' => 'always',
+ 'image' => 'gitlab/gitlab-ce:latest',
+ 'hostname' => gitlab_cn,
+ 'ports' => [
+ "#{gitlab_http_port}:#{gitlab_http_port}",
+ "#{gitlab_ssh_port}:22",
+ ],
+ },
+ },
+ },
+ },
+ },
+)