# gitlab-grid CHANGELOG
+0.1.2
+-----
+- improves service management.
+- adds the feature for container registry setup.
+- adds the `['gitlab-grid']['ssl_cert']['registry']['reuse_gitlab_cn']` attribute.
+- adds the `gitlab-grid::runner-docker-compose` recipe.
+
0.1.1
-----
- improves the `gitlab-grid::server` recipe.
## Contents
-- [Contents](#contents)
- [Requirements](#requirements)
- [platforms](#platforms)
- [packages](#packages)
- [gitlab-grid::default](#gitlab-griddefault)
- [gitlab-grid::server](#gitlab-gridserver)
- [gitlab-grid::docker-compose (NOT supported yet)](#gitlab-griddocker-compose-not-supported-yet)
+ - [gitlab-grid::runner-docker-compose](#gitlab-gridrunner-docker-compose)
- [Role Examples](#role-examples)
+ - [Internal CA certificates management by ssl_cert cookbook](#internal-ca-certificates-management-by-ssl_cert-cookbook)
- [SSL server keys and certificates management by ssl_cert cookbook](#ssl-server-keys-and-certificates-management-by-ssl_cert-cookbook)
- [License and Authors](#license-and-authors)
|Key|Type|Description, example|Default|
|:--|:--|:--|:--|
-|`['gitlab-grid']['with_ssl_cert_cookbook']`|Boolean|If this attribute is true, `node['gitlab-grid']['gitlab.rb']` are are overridden by the following `common_name` attributes.|`false`|
+|`['gitlab-grid']['with_ssl_cert_cookbook']`|Boolean|If this attribute is true, CA certificate and server key pairs are deployed and the `node['gitlab-grid']['gitlab.rb']` settings are overridden by the following `common_name` attributes.|`false`|
+|`['gitlab-grid']['ssl_cert']['ca_name']`|String|Internal CA name that signs server certificates.|`nil`|
|`['gitlab-grid']['ssl_cert']['common_name']`|String|GitLab server common name for TLS|`node['fqdn']`|
+|`['gitlab-grid']['ssl_cert']['registry']['reuse_gitlab_common_name']`|Boolean|Reuse GitLab domain (same common name) for TLS|`false`|
+|`['gitlab-grid']['ssl_cert']['registry']['common_name']`|String|Container registry service's unique common name for TLS|`nil`|
|`['gitlab-grid']['gitlab.rb']`|Hash|`gitlab.rb` configurations.|See `attributes/default.rb`|
-|`['gitlab-grid']['gitlab.rb_extra_config_str']`|String|`gitlab.rb` exstra configuration string (source code in Ruby).|`nil`|
+|`['gitlab-grid']['gitlab.rb_extra_config_str']`|String|`gitlab.rb` extra configuration string (source code in Ruby).|`nil`|
+|`['gitlab-grid']['runner-docker-compose']['import_ca']`|Boolean|Import an internal CA certificate to a gitlab-runner container or not.|`false`|
+|`['gitlab-grid']['runner-docker-compose']['app_dir']`|String||`"#{node['docker-grid']['compose']['app_dir']}/gitlab-runner"`|
+|`['gitlab-grid']['runner-docker-compose']['etc_dir']`|String||`"#{node['gitlab-grid']['runner-docker-compose']['app_dir']}/etc"`|
+|`['gitlab-grid']['runner-docker-compose']['config']`|Hash|`docker-compose.yml` configurations.|See `attributes/default.rb`|
## Usage
#### gitlab-grid::docker-compose (NOT supported yet)
-This recipe generates a docker-compose.yml for the GitLab server.
+This recipe generates a `docker-compose.yml` for the GitLab server.
+
+#### gitlab-grid::runner-docker-compose
+
+This recipe generates a `docker-compose.yml` for the gitlab-runner.
### Role Examples
override_attributes(
'gitlab-grid' => {
+ # See https://docs.gitlab.com/omnibus/settings/configuration.html
'gitlab.rb' => {
'external_url' => "http://#{gitlab_cn}",
'gitlab_rails' => {
'common_name' => gitlab_cn,
},
'gitlab.rb' => {
- 'external_url' => "http://#{gitlab_cn}",
+ 'external_url' => "https://#{gitlab_cn}",
'gitlab_rails' => {
'time_zone' => 'Asia/Tokyo',
},
)
```
+- `roles/gitlab-runner.rb`
+
+```ruby
+name 'gitlab-runner'
+description 'GitLab-runner'
+
+run_list(
+ #'recipe[ssl_cert::ca_certs]',
+ 'role[docker]',
+ 'recipe[gitlab-grid::runner-docker-compose]',
+)
+
+#env_run_lists()
+
+#default_attributes()
+
+ca_name = 'grid_ca' # Internal CA
+
+override_attributes(
+ 'ssl_cert' => {
+ 'ca_names' => [
+ ca_name,
+ ],
+ },
+ 'gitlab-grid' => {
+ #'with_ssl_cert_cookbook' => true,
+ 'ssl_cert' => {
+ 'ca_name' => ca_name,
+ },
+ 'runner-docker-compose' => {
+ #'import_ca' => true,
+ 'config' => {
+ 'services' => {
+ 'runner' => {
+ 'volumes' => [
+ # for Docker executor
+ '/var/run/docker.sock:/var/run/docker.sock',
+ ],
+ },
+ },
+ },
+ },
+ },
+)
+```
+
+### Internal CA certificates management by ssl_cert cookbook
+
+See https://supermarket.chef.io/cookbooks/ssl_cert
+
### SSL server keys and certificates management by ssl_cert cookbook
- create vault items.
default['gitlab-grid']['with_ssl_cert_cookbook'] = false
# If ['gitlab-grid']['with_ssl_cert_cookbook'] is true,
# node['gitlab-grid']['gitlab.rb'] are overridden by the following 'common_name' attributes.
+default['gitlab-grid']['ssl_cert']['ca_name'] = nil
default['gitlab-grid']['ssl_cert']['common_name'] = node['fqdn']
+default['gitlab-grid']['ssl_cert']['registry'] = {
+ # Container Registry
+ 'reuse_gitlab_common_name' => false,
+ 'common_name' => nil,
+}
default['gitlab-grid']['gitlab.rb'] = {
'external_url' => "http://#{node['fqdn']}",
+ #'registry_external_url' => "https://#{node['fqdn']}:5000",
'gitlab_rails' => {
'time_zone' => 'UTC',
},
},
},
}
+
+default['gitlab-grid']['runner-docker-compose']['import_ca'] = false
+default['gitlab-grid']['runner-docker-compose']['app_dir'] = "#{node['docker-grid']['compose']['app_dir']}/gitlab-runner"
+default['gitlab-grid']['runner-docker-compose']['etc_dir'] = "#{node['gitlab-grid']['runner-docker-compose']['app_dir']}/etc"
+default['gitlab-grid']['runner-docker-compose']['config'] = {
+ # Version 2 docker-compose format
+ 'version' => '2',
+ 'services' => {
+ 'runner' => {
+ 'container_name' => 'gitlab-runner',
+ 'image' => 'gitlab/gitlab-runner:latest',
+ 'restart' => 'always',
+ #'environment' => {
+ #},
+ 'volumes' => [
+ #"#{node['gitlab-grid']['runner-docker-compose']['etc_dir']}:/etc/gitlab-runner",
+ #'/var/run/docker.sock:/var/run/docker.sock',
+ ],
+ },
+ },
+}
license 'Apache 2.0'
description 'Installs/Configures gitlab-grid'
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
-version '0.1.1'
+version '0.1.2'
source_url 'http://scm.osdn.jp/gitroot/metasearch/grid-chef-repo.git'
issues_url 'https://osdn.jp/projects/metasearch/ticket'
if node['gitlab-grid']['with_ssl_cert_cookbook']
::Chef::Recipe.send(:include, SSLCert::Helper)
+ # GitLab
cn = node['gitlab-grid']['ssl_cert']['common_name']
+ cert_path = server_cert_path(cn)
+ key_path = server_key_path(cn)
force_override_config['external_url'] = config['external_url'].gsub('http://', 'https://')
- force_override_config['nginx']['ssl_certificate'] = server_cert_path(cn)
- force_override_config['nginx']['ssl_certificate_key'] = server_key_path(cn)
+ force_override_config['nginx']['ssl_certificate'] = cert_path
+ force_override_config['nginx']['ssl_certificate_key'] = key_path
+
+ # GitLab Container Registry
+ unless config['registry_external_url'].nil?
+ force_override_config['registry_external_url'] = config['registry_external_url'].gsub('http://', 'https://')
+ end
+
+ reg_cert_path = nil
+ reg_key_path = nil
+ if node['gitlab-grid']['ssl_cert']['registry']['reuse_gitlab_common_name']
+ reg_cert_path = cert_path
+ reg_key_path = key_path
+ else
+ reg_cn = node['gitlab-grid']['ssl_cert']['registry']['common_name']
+ unless reg_cn.nil?
+ reg_cert_path = server_cert_path(reg_cn)
+ reg_key_path = server_key_path(reg_cn)
+ end
+ end
+
+ force_override_config['registry_nginx']['ssl_certificate'] = reg_cert_path unless reg_cert_path.nil?
+ force_override_config['registry_nginx']['ssl_certificate_key'] = reg_key_path unless reg_key_path.nil?
end
--- /dev/null
+#
+# Cookbook Name:: gitlab-grid
+# Recipe:: runner-docker-compose
+#
+# Copyright 2017, whitestar
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+doc_url = 'https://github.com/ayufan/gitlab-ci-multi-runner/blob/master/docs/install/docker.md'
+
+include_recipe 'docker-grid::compose'
+#include_recipe 'gitlab-grid::commons'
+
+config = node['gitlab-grid']['runner-docker-compose']['config']
+override_config = node.override['gitlab-grid']['runner-docker-compose']['config']
+#force_override_config = node.force_override['gitlab-grid']['runner-docker-compose']['config']
+app_dir = node['gitlab-grid']['runner-docker-compose']['app_dir']
+etc_dir = node['gitlab-grid']['runner-docker-compose']['etc_dir']
+certs_dir = "#{etc_dir}/certs"
+
+#envs = {}
+vols = config['services']['runner']['volumes'].to_a
+
+[
+ app_dir,
+ etc_dir,
+ certs_dir,
+].each {|dir|
+ resources(directory: dir) rescue directory dir do
+ owner 'root'
+ group 'root'
+ mode '0755'
+ recursive true
+ end
+}
+
+vols.push("#{etc_dir}:/etc/gitlab-runner")
+
+if node['gitlab-grid']['with_ssl_cert_cookbook'] && node['gitlab-grid']['runner-docker-compose']['import_ca']
+ ::Chef::Recipe.send(:include, SSLCert::Helper)
+ vols.push("#{ca_cert_path(node['gitlab-grid']['ssl_cert']['ca_name'])}:/etc/gitlab-runner/certs/ca.crt:ro")
+end
+
+override_config['services']['runner']['volumes'] = vols unless vols.empty?
+
+[
+ 'docker-compose.yml',
+].each {|conf_file|
+ template "#{app_dir}/#{conf_file}" do
+ source "opt/docker-compose/app/gitlab-runner/#{conf_file}"
+ owner 'root'
+ group 'root'
+ mode '0644'
+ end
+}
+
+log <<-"EOM"
+Note: You must execute the following command manually.
+ See #{doc_url}
+ - Start:
+ $ cd #{app_dir}
+ $ docker-compose up -d
+ $ docker exec -it #{config['services']['runner']['container_name']} gitlab-runner register
+ - Stop
+ $ docker-compose down
+EOM
}
[
- 'sshd',
+ #'sshd',
'postfix',
].each {|srv|
resources(service: srv) rescue service srv do
--- /dev/null
+<%
+config = node['gitlab-grid']['runner-docker-compose']['config'].to_hash
+
+require 'yaml'
+yaml_str = config.to_yaml
+-%>
+<%= yaml_str %>
--- /dev/null
+{
+ "run_list": [
+ "role[gitlab-runner]"
+ ]
+}
--- /dev/null
+name 'gitlab-runner'
+description 'GitLab-runner'
+
+run_list(
+ #'recipe[ssl_cert::ca_certs]',
+ 'role[docker]',
+ 'recipe[gitlab-grid::runner-docker-compose]',
+)
+
+#env_run_lists()
+
+#default_attributes()
+
+ca_name = 'grid_ca' # Internal CA
+
+override_attributes(
+ 'ssl_cert' => {
+ 'ca_names' => [
+ ca_name,
+ ],
+ },
+ 'gitlab-grid' => {
+ #'with_ssl_cert_cookbook' => true,
+ 'ssl_cert' => {
+ 'ca_name' => ca_name,
+ },
+ 'runner-docker-compose' => {
+ #'import_ca' => true,
+ 'config' => {
+ 'services' => {
+ 'runner' => {
+ 'volumes' => [
+ # for Docker executor
+ '/var/run/docker.sock:/var/run/docker.sock',
+ ],
+ },
+ },
+ },
+ },
+ },
+)
OSDN Git Service
