├── .fixtures.yml ├── .forgeignore ├── .gitignore ├── .sync.yml ├── .travis.yml ├── CHANGELOG.md ├── CONTRIBUTING.md ├── Gemfile ├── LICENSE ├── README.md ├── Rakefile ├── manifests ├── ci.pp ├── ci │ ├── config.pp │ ├── install.pp │ ├── package.pp │ ├── params.pp │ ├── runner.pp │ ├── service.pp │ └── setup.pp ├── config.pp ├── config │ ├── database.pp │ ├── resque.pp │ └── unicorn.pp ├── init.pp ├── install.pp ├── package.pp ├── params.pp ├── service.pp └── setup.pp ├── metadata.json ├── spec ├── acceptance │ ├── gitlab_mysql_spec.rb │ ├── gitlab_postgresql_spec.rb │ └── nodesets │ │ ├── centos-70-x64.yml │ │ ├── default.yml │ │ └── ubuntu-server-1404-x64.yml ├── classes │ ├── ci │ │ ├── gitlab_ci_runner_spec.rb │ │ ├── gitlab_config_spec.rb │ │ ├── gitlab_install_spec.rb │ │ ├── gitlab_package_spec.rb │ │ ├── gitlab_service_spec.rb │ │ └── gitlab_setup_spec.rb │ ├── coverage_spec.rb │ ├── gitlab_ci_spec.rb │ ├── gitlab_config_spec.rb │ ├── gitlab_init_spec.rb │ ├── gitlab_install_spec.rb │ ├── gitlab_package_spec.rb │ ├── gitlab_service_spec.rb │ └── gitlab_setup_spec.rb ├── defines │ ├── gitlab_config_database_spec.rb │ ├── gitlab_config_resque_spec.rb │ └── gitlab_config_unicorn_spec.rb ├── fixtures │ └── manifests │ │ └── site.pp ├── shared_examples.rb ├── spec.opts ├── spec_helper.rb └── spec_helper_acceptance.rb ├── templates ├── application.rb.erb ├── backup-gitlab.sh.erb ├── database.yml.erb ├── git.gitconfig.erb ├── gitlab-ci-application.yml.erb ├── gitlab-shell.config.yml.erb ├── gitlab.default.erb ├── gitlab.yml.erb ├── nginx-gitlab.conf.erb ├── resque.yml.erb └── unicorn.rb.erb └── tests └── init.pp /.fixtures.yml: -------------------------------------------------------------------------------- 1 | fixtures: 2 | symlinks: 3 | gitlab: "#{source_dir}" 4 | repositories: 5 | rbenv: 6 | repo: "git://github.com/alup/puppet-rbenv.git" 7 | ref: "6628a24" 8 | stdlib: 9 | repo: "git://github.com/puppetlabs/puppetlabs-stdlib.git" 10 | ref: "4.2.1" 11 | vcsrepo: 12 | repo: "git://github.com/puppetlabs/puppetlabs-vcsrepo.git" 13 | ref: "0.2.0" 14 | git: 15 | repo: "git://github.com/puppetlabs/puppetlabs-git.git" 16 | ref: "0.2.0" 17 | postgresql: 18 | repo: "git://github.com/puppetlabs/puppetlabs-postgresql.git" 19 | ref: "4.4.2" 20 | -------------------------------------------------------------------------------- /.forgeignore: -------------------------------------------------------------------------------- 1 | # Managed by modulesync 2 | # Configs https://github.com/sbadia/modulesync_configs/ 3 | # 4 | - pkg/ 5 | - spec/ 6 | - Rakefile 7 | - coverage/ 8 | - .git/ 9 | - .forgeignore 10 | - .travis.yml 11 | - .gitignore 12 | - Gemfile 13 | - Gemfile.lock 14 | - .fixtures.yml 15 | - .vagrant 16 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Managed by modulesync 2 | # Configs https://github.com/sbadia/modulesync_configs/ 3 | # 4 | pkg/ 5 | Gemfile.lock 6 | vendor/ 7 | spec/fixtures/ 8 | .vagrant/ 9 | .bundle/ 10 | coverage/ 11 | *.sw* 12 | -------------------------------------------------------------------------------- /.sync.yml: -------------------------------------------------------------------------------- 1 | --- 2 | Rakefile: 3 | extra_disabled_lint_checks: 4 | - 'disable_variable_scope' 5 | - 'disable_class_parameter_defaults' 6 | - 'disable_class_inherits_from_params_class' 7 | spec/spec_helper.rb: 8 | unmanaged: true 9 | -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | # Managed by modulesync 2 | # Configs https://github.com/sbadia/modulesync_configs/ 3 | # 4 | --- 5 | language: ruby 6 | bundler_args: --without system_tests 7 | script: "bundle exec rake validate && bundle exec rake lint && bundle exec rake spec SPEC_OPTS='--format documentation'" 8 | sudo: false 9 | matrix: 10 | fast_finish: true 11 | include: 12 | - rvm: 1.9.3 13 | env: PUPPET_GEM_VERSION="~> 3.4" 14 | - rvm: 2.0.0 15 | env: PUPPET_GEM_VERSION="~> 3.4" 16 | - rvm: 2.0.0 17 | env: PUPPET_GEM_VERSION="~> 3.7" 18 | notifications: 19 | email: false 20 | -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | ## 2015-08-05 - 1.1.0 2 | 3 | ### features: 4 | * New dependency on puppet/nodejs 5 | * New dependency on puppetlabs/postgresql 6 | 7 | ### bugfix: 8 | * Use bundle to ensure that the correct rake version is used 9 | * Add missing cmake (on el platform) and nodejs on all distro 10 | * Fix login informations according 7.12 update 11 | 12 | ## 2015-07-11 - 1.0.0 13 | 14 | ### features: 15 | * Install mariadb-devel on EL7 platforms 16 | * Add extra parameters for Gitlab configuration 17 | * Add new config options for GitLab 7.12 18 | * add variables for SSL ciphers/protocol 19 | * Fix spec tests, lint and acceptance 20 | 21 | ### bugfix: 22 | * Offer a coherent gitlab_dbport default value 23 | * Missing System Package: 'cmake', 'pkg-config', 'libkrb5-dev', 'ruby-execjs'. 24 | * create ${git_home].gitlab_setup_done with ensure => file 25 | * gitlab should not fix the system 26 | 27 | ## 2015-03-19 - 0.2.0 28 | 29 | ### features: 30 | * Add a parameter to make rbenv configuration optional 31 | * Introduce modulesync \o/ 32 | * Explicitly support rhel distro 33 | * Added parameter to enable Unicorn to listen on give IP address 34 | * Add flexibility to system packages that are controller by the Gitlab module 35 | * Add ability to manage git user and/or home directory separately, and to manually specify the group for the git user. 36 | * Bumping Ruby version to 2.1.2 37 | * Parameterizing ruby version 38 | * Updating to Ruby 2.0.0-p353 (from 1.9.3-p484) 39 | * Using rbenv instead of managing system ruby 40 | * Add Gitlab CI Runner Support 41 | * Add gitlab::ci class to manage a gitlab-ci instance 42 | * Abstract config files into reusuable defines 43 | * Allowing management of curl elsewhere 44 | 45 | ### bugfix: 46 | * Fix the jobs flag to not break with older bundler 47 | 48 | ## 2014-06-18 - 0.1.5 49 | 50 | ### features: 51 | * Use puppetlabs/git module for git package declaration 52 | * Add parameter for company link and logo support (thx Ludovic) 53 | * Fix compatibility issue with exim (thx Ludovic) [gitlabhq#4866](https://github.com/gitlabhq/gitlabhq/issues/4866) 54 | 55 | ### bugfix: 56 | * Fix gitlab-satellites permissions (should be 0750) 57 | * Fix rspec output formatter (documentation) 58 | * Lock rspec version to 2.14.1 (puppet rspec not yet ready for RSpec +3.0, see https://github.com/rodjek/rspec-puppet/pull/204 ) 59 | 60 | ## 2014-05-26 - 0.1.4 61 | 62 | ### features: 63 | * added `ldap_user_filter` parameter (RFC 4515 style filter for the user) (thanks Igor) 64 | * added nginx to listen ipv6 also 65 | * allow end users to disable nginx (with the param. `manage_nginx`) (thanks Andrew) 66 | * added support for nginx domain aliases (thanks Leonardo) 67 | * added `gitlab_ensure_postfix` parameter (to manage or not postfix package) 68 | * disable gzip compression if SSL enabled (nginx) 69 | * and enable it for static assets 70 | * bump to gitlab 6.9 + gitlab-shell 1.9.4 (6.7 → 6.8 → 6.9) 71 | * allow adjustment of number of bundler threads 72 | * simplify backup task 73 | 74 | ### bugfix: 75 | * Fix travis gate (ruby1.8 and rake > 10.1.0) 76 | * remove MySQL `reaping_frequency` 77 | 78 | ## 2014-03-25 - 0.1.3 79 | 80 | ### features: 81 | * added `ssh_port` parameter (thanks Kalman) 82 | * added `git_proxy` parameter (thanks Stefan) 83 | * added `google_analytics_id` parameter (thanks Andrew) 84 | * internals unit-tests refactoring, better coverage and regexp 85 | * bump to GitLab 6.7 and GitLab Shell 1.9.1 86 | 87 | ### bugfix: 88 | * allow special characters in db passwords (thanks Thomas) 89 | * fixed asset compilation and db migrations (thanks Thomas) 90 | 91 | ## 2014-02-22 - 0.1.2 92 | 93 | ### features: 94 | * manage gitlab relative URL (thanks Vincent) 95 | * add backups support + external script (thanks Igor) 96 | * bump to gitlab 6.6 (6.3 → 6.4 → 6.5 → 6.6) 97 | * securing SSL configuration (thanks Andrew, Igor) 98 | * allow « plain » for `ldap_method` (thanks sven) 99 | * manage http timeout and unicorn workers as parameter 100 | * manage `exec_path` as a parameter 101 | * replace git exec by vcsrepo module (thanks Igor) 102 | 103 | ### bugfix: 104 | * internals: fix spec tests and travis config (thanks Lee) 105 | * fix git package name in RedHat (thanks Stefan) 106 | * allow users to use non-stable GitLab branchs 107 | 108 | ## 2013-12-03 - 0.1.1 109 | 110 | ### features: 111 | * improve documentation (typos) 112 | 113 | ### bugfix: 114 | * fix params in gitlab.yml (http/https with non-default port) 115 | * fix stdlib dependency (librarian require a version number) 116 | 117 | ## 2013-11-27 - 0.1.0 118 | 119 | ### features: 120 | * bump to GitLab 6.3 and gitlab-shell v1.7.9 121 | * add `rack_attack` and logrotate configurations 122 | 123 | ## 2013-11-17 - 0.0.10 124 | 125 | ### features: 126 | * bump gitlab-shell to 1.7.8 (multiple security fix) 127 | 128 | ### bugfix: 129 | * bugfix https://github.com/sbadia/puppet-gitlab/pull/80 130 | 131 | ## 2013-11-08 - 0.0.9 132 | 133 | ### features: 134 | * huge changes/re-factorization by atomaka ! (many thanks !!) 135 | * Use anchors and refactoring of args/class 136 | * Add ssl support for nginx 137 | * Add extra params (repodir,`username_changing`,redis,unicorn) 138 | * Better management of extra packages (thx stdlib) 139 | * Bump to gitlab 6.2.3 140 | * Add spec and travis testing 141 | 142 | ## 2013-06-10 - 0.0.8 143 | 144 | ### features: 145 | * Use nginx,ruby,redis,mysql external modules 146 | * Clean pre.pp file 147 | 148 | ## 2013-04-27 - 0.0.6 149 | 150 | ### features: 151 | * Remove apt and mysql setting from core module 152 | * Bump to GitLab 5.1 (switch from unicorn to puma) 153 | 154 | ### bugfix: 155 | 156 | * Fix packaging issue (https://github.com/sbadia/puppet-gitlab/issues/33) wait for a cleaner way to do that (http://projects.puppetlabs.com/issues/14651) 157 | * Fix timeouts issue, and others bugs 158 | 159 | ## 2013-04-07 - 0.0.5 160 | 161 | ### features: 162 | * up to GitLab 5.0 163 | * remove gitolite (use gitlab-shell) 164 | 165 | ## 2012-11-02 - 0.0.4 166 | 167 | ### features: 168 | * up to GitLab 4.1 169 | 170 | ## 2013-01-01 - 0.0.3 171 | 172 | ### features: 173 | * up to GitLab 3.2 174 | * add dependency to mysql, stdlib 175 | 176 | ## 2012-08-12 - 0.0.1 177 | 178 | ### features: 179 | * initial release 180 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | Checklist (and a short version for the impatient) 2 | ================================================= 3 | 4 | * Commits: 5 | 6 | - Make commits of logical units. 7 | 8 | - Check for unnecessary whitespace with "git diff --check" before 9 | committing. 10 | 11 | - Commit using Unix line endings (check the settings around "crlf" in 12 | git-config(1)). 13 | 14 | - Do not check in commented out code or unneeded files. 15 | 16 | - The first line of the commit message should be a short 17 | description (50 characters is the soft limit, excluding ticket 18 | number(s)), and should skip the full stop. 19 | 20 | - Associate the issue in the message. The first line should include 21 | the issue number in the form "(#XXXX) Rest of message". 22 | 23 | - The body should provide a meaningful commit message, which: 24 | 25 | - uses the imperative, present tense: "change", not "changed" or 26 | "changes". 27 | 28 | - includes motivation for the change, and contrasts its 29 | implementation with the previous behavior. 30 | 31 | - Make sure that you have tests for the bug you are fixing, or 32 | feature you are adding. 33 | 34 | - Make sure the test suites passes after your commit: 35 | `bundle exec rspec spec/acceptance` More information on [testing](#Testing) below 36 | 37 | - When introducing a new feature, make sure it is properly 38 | documented in the README.md 39 | 40 | * Submission: 41 | 42 | * Pre-requisites: 43 | 44 | - Make sure you have a [GitHub account](https://github.com/join) 45 | 46 | - [Create a ticket](https://tickets.puppetlabs.com/secure/CreateIssue!default.jspa), or [watch the ticket](https://tickets.puppetlabs.com/browse/) you are patching for. 47 | 48 | * Preferred method: 49 | 50 | - Fork the repository on GitHub. 51 | 52 | - Push your changes to a topic branch in your fork of the 53 | repository. (the format ticket/1234-short_description_of_change is 54 | usually preferred for this project). 55 | 56 | - Submit a pull request to the repository in the puppetlabs 57 | organization. 58 | 59 | The long version 60 | ================ 61 | 62 | 1. Make separate commits for logically separate changes. 63 | 64 | Please break your commits down into logically consistent units 65 | which include new or changed tests relevant to the rest of the 66 | change. The goal of doing this is to make the diff easier to 67 | read for whoever is reviewing your code. In general, the easier 68 | your diff is to read, the more likely someone will be happy to 69 | review it and get it into the code base. 70 | 71 | If you are going to refactor a piece of code, please do so as a 72 | separate commit from your feature or bug fix changes. 73 | 74 | We also really appreciate changes that include tests to make 75 | sure the bug is not re-introduced, and that the feature is not 76 | accidentally broken. 77 | 78 | Describe the technical detail of the change(s). If your 79 | description starts to get too long, that is a good sign that you 80 | probably need to split up your commit into more finely grained 81 | pieces. 82 | 83 | Commits which plainly describe the things which help 84 | reviewers check the patch and future developers understand the 85 | code are much more likely to be merged in with a minimum of 86 | bike-shedding or requested changes. Ideally, the commit message 87 | would include information, and be in a form suitable for 88 | inclusion in the release notes for the version of Puppet that 89 | includes them. 90 | 91 | Please also check that you are not introducing any trailing 92 | whitespace or other "whitespace errors". You can do this by 93 | running "git diff --check" on your changes before you commit. 94 | 95 | 2. Sending your patches 96 | 97 | To submit your changes via a GitHub pull request, we _highly_ 98 | recommend that you have them on a topic branch, instead of 99 | directly on "master". 100 | It makes things much easier to keep track of, especially if 101 | you decide to work on another thing before your first change 102 | is merged in. 103 | 104 | GitHub has some pretty good 105 | [general documentation](http://help.github.com/) on using 106 | their site. They also have documentation on 107 | [creating pull requests](http://help.github.com/send-pull-requests/). 108 | 109 | In general, after pushing your topic branch up to your 110 | repository on GitHub, you can switch to the branch in the 111 | GitHub UI and click "Pull Request" towards the top of the page 112 | in order to open a pull request. 113 | 114 | 115 | 3. Update the related GitHub issue. 116 | 117 | If there is a GitHub issue associated with the change you 118 | submitted, then you should update the ticket to include the 119 | location of your branch, along with any other commentary you 120 | may wish to make. 121 | 122 | Testing 123 | ======= 124 | 125 | Getting Started 126 | --------------- 127 | 128 | Our puppet modules provide [`Gemfile`](./Gemfile)s which can tell a ruby 129 | package manager such as [bundler](http://bundler.io/) what Ruby packages, 130 | or Gems, are required to build, develop, and test this software. 131 | 132 | Please make sure you have [bundler installed](http://bundler.io/#getting-started) 133 | on your system, then use it to install all dependencies needed for this project, 134 | by running 135 | 136 | ```shell 137 | % bundle install 138 | Fetching gem metadata from https://rubygems.org/........ 139 | Fetching gem metadata from https://rubygems.org/.. 140 | Using rake (10.1.0) 141 | Using builder (3.2.2) 142 | -- 8><-- many more --><8 -- 143 | Using rspec-system-puppet (2.2.0) 144 | Using serverspec (0.6.3) 145 | Using rspec-system-serverspec (1.0.0) 146 | Using bundler (1.3.5) 147 | Your bundle is complete! 148 | Use `bundle show [gemname]` to see where a bundled gem is installed. 149 | ``` 150 | 151 | NOTE some systems may require you to run this command with sudo. 152 | 153 | If you already have those gems installed, make sure they are up-to-date: 154 | 155 | ```shell 156 | % bundle update 157 | ``` 158 | 159 | With all dependencies in place and up-to-date we can now run the tests: 160 | 161 | ```shell 162 | % rake spec 163 | ``` 164 | 165 | This will execute all the [rspec tests](http://rspec-puppet.com/) tests 166 | under [spec/defines](./spec/defines), [spec/classes](./spec/classes), 167 | and so on. rspec tests may have the same kind of dependencies as the 168 | module they are testing. While the module defines in its [Modulefile](./Modulefile), 169 | rspec tests define them in [.fixtures.yml](./fixtures.yml). 170 | 171 | Some puppet modules also come with [beaker](https://github.com/puppetlabs/beaker) 172 | tests. These tests spin up a virtual machine under 173 | [VirtualBox](https://www.virtualbox.org/)) with, controlling it with 174 | [Vagrant](http://www.vagrantup.com/) to actually simulate scripted test 175 | scenarios. In order to run these, you will need both of those tools 176 | installed on your system. 177 | 178 | You can run them by issuing the following command 179 | 180 | ```shell 181 | % rake spec_clean 182 | % rspec spec/acceptance 183 | ``` 184 | 185 | This will now download a pre-fabricated image configured in the [default node-set](./spec/acceptance/nodesets/default.yml), 186 | install puppet, copy this module and install its dependencies per [spec/spec_helper_acceptance.rb](./spec/spec_helper_acceptance.rb) 187 | and then run all the tests under [spec/acceptance](./spec/acceptance). 188 | 189 | Writing Tests 190 | ------------- 191 | 192 | XXX getting started writing tests. 193 | 194 | If you have commit access to the repository 195 | =========================================== 196 | 197 | Even if you have commit access to the repository, you will still need to 198 | go through the process above, and have someone else review and merge 199 | in your changes. The rule is that all changes must be reviewed by a 200 | developer on the project (that did not write the code) to ensure that 201 | all changes go through a code review process. 202 | 203 | Having someone other than the author of the topic branch recorded as 204 | performing the merge is the record that they performed the code 205 | review. 206 | 207 | 208 | Additional Resources 209 | ==================== 210 | 211 | * [Getting additional help](http://puppetlabs.com/community/get-help) 212 | 213 | * [Writing tests](http://projects.puppetlabs.com/projects/puppet/wiki/Development_Writing_Tests) 214 | 215 | * [Patchwork](https://patchwork.puppetlabs.com) 216 | 217 | * [General GitHub documentation](http://help.github.com/) 218 | 219 | * [GitHub pull request documentation](http://help.github.com/send-pull-requests/) 220 | 221 | -------------------------------------------------------------------------------- /Gemfile: -------------------------------------------------------------------------------- 1 | # Managed by modulesync 2 | # Configs https://github.com/sbadia/modulesync_configs/ 3 | # 4 | source ENV['GEM_SOURCE'] || "https://rubygems.org" 5 | 6 | group :development, :unit_tests do 7 | gem 'puppetlabs_spec_helper', :require => false 8 | gem 'rspec-puppet', :require => false 9 | gem 'puppet-blacksmith', :require => false 10 | gem 'puppet-lint-param-docs', :require => false 11 | gem 'puppet-lint-absolute_classname-check', :require => false 12 | gem 'puppet-lint-absolute_template_path', :require => false 13 | gem 'puppet-lint-trailing_newline-check', :require => false 14 | gem 'puppet-lint-unquoted_string-check', :require => false 15 | gem 'puppet-lint-leading_zero-check', :require => false 16 | gem 'puppet-lint-variable_contains_upcase', :require => false 17 | gem 'puppet-lint-numericvariable', :require => false 18 | gem 'puppet-lint-file_ensure-check', :require => false 19 | gem 'puppet-lint-trailing_comma-check', :require => false 20 | gem 'metadata-json-lint', :require => false 21 | gem 'puppet_facts', :require => false 22 | gem 'json', :require => false 23 | end 24 | 25 | group :system_tests do 26 | gem 'beaker-rspec', :require => false 27 | gem 'beaker-puppet_install_helper', :require => false 28 | end 29 | 30 | if facterversion = ENV['FACTER_GEM_VERSION'] 31 | gem 'facter', facterversion, :require => false 32 | else 33 | gem 'facter', :require => false 34 | end 35 | 36 | if puppetversion = ENV['PUPPET_GEM_VERSION'] 37 | gem 'puppet', puppetversion, :require => false 38 | else 39 | gem 'puppet', :require => false 40 | end 41 | 42 | # vim:ft=ruby 43 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Puppet-gitlab 2 | 3 | [![Build Status](https://travis-ci.org/sbadia/puppet-gitlab.png?branch=master)](https://travis-ci.org/sbadia/puppet-gitlab) 4 | [![Puppet Forge](http://img.shields.io/puppetforge/v/sbadia/gitlab.svg)](https://forge.puppetlabs.com/sbadia/gitlab) 5 | [![License](http://img.shields.io/:license-gpl3-blue.svg)](http://www.gnu.org/licenses/gpl-3.0.html) 6 | 7 | #### Table of contents 8 | 9 | 1. [Overview](#overview) 10 | 2. [Module description](#module-description) 11 | 3. [Parameters](#parameters) 12 | 4. [Usage](#usage) 13 | * [Basic usage](#basic-usage) 14 | * [With LDAP](#with-ldap) 15 | 5. [Limitation](#limitation) 16 | 6. [Development](#development) 17 | 18 | # Overview 19 | 20 | [GitLab](http://gitlab.org/) is a free project and repository management application 21 | 22 | A [Puppet Module](http://docs.puppetlabs.com/learning/modules1.html#modules) is a collection of related content that can be used to model the configuration of a discrete service. 23 | 24 | # Module description 25 | 26 | This module is based on the admin guides for [gitlab](https://github.com/gitlabhq/gitlabhq/wiki), stable version. 27 | 28 | - [puppet-gitlab](http://forge.puppetlabs.com/sbadia/gitlab) on puppet forge. 29 | 30 | ## Dependencies 31 | - [alup/puppet-rbenv](https://github.com/alup/puppet-rbenv) 32 | - [puppetlabs/puppetlabs-git](https://github.com/puppetlabs/puppetlabs-git) 33 | - [puppetlabs/puppetlabs-stdlib](https://github.com/puppetlabs/puppetlabs-stdlib) 34 | - [puppetlabs/puppetlabs-vcsrepo](https://github.com/puppetlabs/puppetlabs-vcsrepo) 35 | 36 | See [gitlab example](https://github.com/sbadia/vagrant-gitlab/blob/master/examples/gitlab.pp). 37 | 38 | ## GitLab web interface 39 | - access via your browser under the hostname (e.g. http://gitlab.domain.tld) 40 | - **Login**: admin@example.com (version before GitLab v7.1.0 use admin@local.host) 41 | - **Password**: 5iveL!fe 42 | 43 | 1. Add an ssh key to your account, or create another account 44 | 2. Create a project 45 | 3. Play ! 46 | 47 | # Parameters 48 | 49 | See [manifest/init.pp](https://github.com/sbadia/puppet-gitlab/blob/master/manifests/init.pp) and [manifests/params.pp](https://github.com/sbadia/puppet-gitlab/blob/master/manifests/params.pp) 50 | 51 | # Usage 52 | 53 | _Note:_ Assume that a database server is already installed on your server/infrastructure (see: [vagrant-gitlab](https://github.com/sbadia/vagrant-gitlab/blob/master/examples/gitlab.pp)). 54 | 55 | ## class gitlab 56 | 57 | ```puppet 58 | class { 59 | 'gitlab': 60 | git_email => 'notifs@foobar.fr', 61 | git_comment => 'GitLab', 62 | gitlab_domain => 'gitlab.foobar.fr', 63 | gitlab_dbtype => 'mysql', 64 | gitlab_dbname => $gitlab_dbname, 65 | gitlab_dbuser => $gitlab_dbuser, 66 | gitlab_dbpwd => $gitlab_dbpwd, 67 | ldap_enabled => false, 68 | } 69 | ``` 70 | 71 | ## class gitlab::ci 72 | 73 | ```puppet 74 | class { 'gitlab::ci': 75 | ci_comment => 'GitLab', 76 | gitlab_server_urls => ['https://gitlab.example.org'] 77 | gitlab_domain => $gitlab_domain, 78 | gitlab_dbtype => 'mysql', 79 | gitlab_dbname => $ci_dbname, 80 | gitlab_dbuser => $ci_dbuser, 81 | gitlab_dbpwd => $ci_dbpwd, 82 | gitlab_http_port => 8081, 83 | } 84 | ``` 85 | 86 | ## class gitlab::ci::runner 87 | 88 | ```puppet 89 | # The registration token can be found at: http://ci.example.com/admin/runners, accessible through Header > Runners. 90 | class { 'gitlab::ci::runner': 91 | ci_server_url => 'https://ci.example.com', 92 | registration_token => 'replaceme', 93 | } 94 | ``` 95 | ## A Complete example 96 | 97 | ```puppet 98 | include redis 99 | include nginx 100 | include mysql::server 101 | include git 102 | include nodejs 103 | include logrotate 104 | 105 | mysql::db {'gitlab': user => 'user', password => 'password' } 106 | 107 | class {'gitlab': 108 | git_user => 'git', 109 | git_home => '/home/git', 110 | git_email => 'gitlab@fooboozoo.fr', 111 | git_comment => 'GitLab', 112 | gitlab_sources => 'https://github.com/gitlabhq/gitlabhq.git', 113 | gitlab_domain => 'gitlab.localdomain.local', 114 | gitlab_http_timeout => '300', 115 | gitlab_dbtype => 'mysql', 116 | gitlab_backup => true, 117 | gitlab_dbname => 'gitlab', 118 | gitlab_dbuser => 'user', 119 | gitlab_dbpwd => 'password', 120 | ldap_enabled => false, 121 | } 122 | ``` 123 | 124 | # Limitations 125 | 126 | This module has been built on and tested against Puppet 2.7 and higher. 127 | 128 | The module has been tested on: 129 | 130 | * RedHat Enterprise Linux 5/6/7 131 | * Debian 6/7 132 | * CentOS 5/6/7 133 | * Ubuntu 12.04/14.04 134 | 135 | Testing on other platforms has been light and cannot be guaranteed. 136 | 137 | # Development 138 | 139 | Want to help - send a pull request. 140 | 141 | 142 | # Beaker-Rspec 143 | 144 | This module has beaker-rspec tests 145 | 146 | To run: 147 | 148 | ```shell 149 | bundle install 150 | bundle exec rspec spec/acceptance 151 | # or use BEAKER_destroy=no to keep the resulting vm 152 | BEAKER_destroy=no bundle exec rspec spec/acceptance 153 | # or for centos 154 | BEAKER_set=centos-70-x64 BEAKER_destroy=no bundle exec rspec spec/acceptance 155 | ``` 156 | ## Development environment with vagrant 157 | 158 | See [vagrant-gitlab](https://github.com/sbadia/vagrant-gitlab). 159 | -------------------------------------------------------------------------------- /Rakefile: -------------------------------------------------------------------------------- 1 | # -*- mode: ruby -*- 2 | # vi: set ft=ruby : 3 | # 4 | # Managed by modulesync 5 | # Configs https://github.com/sbadia/modulesync_configs/ 6 | # 7 | require 'puppetlabs_spec_helper/rake_tasks' 8 | require 'puppet_blacksmith/rake_tasks' 9 | require 'puppet-lint/tasks/puppet-lint' 10 | require 'puppet-syntax/tasks/puppet-syntax' 11 | 12 | TDIR = File.expand_path(File.dirname(__FILE__)) 13 | NAME = "sbadia-#{File.basename(TDIR).split('-')[1]}" 14 | 15 | exclude_path = ["spec/**/*","pkg/**/*","vendor/**/*"] 16 | 17 | PuppetLint.configuration.fail_on_warnings = true 18 | PuppetLint.configuration.send('disable_80chars') 19 | PuppetLint.configuration.send('disable_variable_scope') 20 | PuppetLint.configuration.send('disable_class_parameter_defaults') 21 | PuppetLint.configuration.send('disable_class_inherits_from_params_class') 22 | PuppetLint.configuration.send('disable_only_variable_string') 23 | PuppetLint.configuration.ignore_paths = exclude_path 24 | PuppetSyntax.exclude_paths = exclude_path 25 | 26 | namespace :module do 27 | desc "Build #{NAME} module (in a clean env, for puppetforge)" 28 | task :build do 29 | exec "rsync -rv --exclude-from=#{TDIR}/.forgeignore . /tmp/#{NAME};cd /tmp/#{NAME};puppet module build" 30 | end 31 | end 32 | -------------------------------------------------------------------------------- /manifests/ci.pp: -------------------------------------------------------------------------------- 1 | # == Class: gitlab::ci 2 | # 3 | # Install and configure a GitLab CI server using puppet. 4 | # 5 | # === Parameters 6 | # 7 | # [*gitlab_server_urls*] 8 | # Fqdn or hostname of gitlab servers (array style) 9 | # default: [] 10 | # 11 | # [*ensure*] 12 | # Ensure present, latest. absent is not yet supported 13 | # default: present 14 | # 15 | # [*ci_user*] 16 | # Name of gitlab CI user 17 | # default: gitlab_ci 18 | # 19 | # [*ci_home*] 20 | # Home directory for gitlab CI 21 | # default: /home/gitlab_ci 22 | # 23 | # [*ci_email*] 24 | # Email address for gitlab CI user 25 | # default: gilab-ci@localhost 26 | # 27 | # [*ci_support_email*] 28 | # Email address of your support contact 29 | # default: support@localhost 30 | # 31 | # [*ci_comment*] 32 | # Gitlab CI user comment 33 | # default: GitLab CI 34 | # 35 | # [*gitlabci_sources*] 36 | # Gitlab CI sources 37 | # default: git://github.com/gitlabhq/gitlabhq-ci.git 38 | # 39 | # [*gitlabci_branch*] 40 | # Gitlab CI branch 41 | # default: 5-0-stable 42 | # 43 | # [*proxy_name*] 44 | # The name of the Nginx proxy 45 | # default: 'gitlab-ci' 46 | # 47 | # [*gitlab_ruby_version*] 48 | # Ruby version to install with rbenv for Gitlab user 49 | # default: 2.1.6 50 | # 51 | # [*gitlab_manage_nginx*] 52 | # Whether or not this module should install a templated Nginx 53 | # configuration; set to false to manage separately 54 | # default: true 55 | # 56 | # [*exec_path*] 57 | # The default PATH passed to all exec ressources (this path include rbenv shims) 58 | # default: '${git_home}/.rbenv/shims:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' 59 | # 60 | # [*gitlab_http_port*] 61 | # Port that NGINX listens on for HTTP traffic 62 | # default: 80 63 | # 64 | # [*gitlab_ssl_port*] 65 | # Port that NGINX listens on for HTTPS traffic 66 | # default: 443 67 | # 68 | # [*gitlab_ssl*] 69 | # Enable SSL for GitLab 70 | # default: false 71 | # 72 | # [*gitlab_ssl_cert*] 73 | # SSL Certificate location 74 | # default: /etc/ssl/certs/ssl-cert-snakeoil.pem 75 | # 76 | # [*gitlab_ssl_key*] 77 | # SSL Key location 78 | # default: /etc/ssl/private/ssl-cert-snakeoil.key 79 | # 80 | # [*gitlab_ssl_self_signed*] 81 | # Set true if your SSL Cert is self signed 82 | # default: false 83 | # 84 | # [*gitlab_http_timeout*] 85 | # HTTP timeout (unicorn and nginx) 86 | # default: 60 87 | # 88 | # [*gitlab_relative_url_root*] 89 | # run in a non-root path 90 | # default: / 91 | # 92 | # [*gitlab_redishost*] 93 | # Redis host used for Sidekiq 94 | # default: localhost 95 | # 96 | # [*gitlab_redisport*] 97 | # Redis host used for Sidekiq 98 | # default: 6379 99 | # 100 | # [*gitlab_dbtype*] 101 | # Gitlab database type 102 | # default: mysql 103 | # 104 | # [*gitlab_dbname*] 105 | # Gitlab database name 106 | # default: gitlab_db 107 | # 108 | # [*gitlab_dbuser*] 109 | # Gitlab database user 110 | # default: gitlab_user 111 | # 112 | # [*gitlab_dbpwd*] 113 | # Gitlab database password 114 | # default: changeme 115 | # 116 | # [*gitlab_dbhost*] 117 | # Gitlab database host 118 | # default: localhost 119 | # 120 | # [*gitlab_dbport*] 121 | # Gitlab database port 122 | # default: 3306 123 | # 124 | # [*gitlab_domain*] 125 | # Gitlab domain 126 | # default: $fqdn 127 | # 128 | # [*gitlab_domain_alias*] 129 | # Gitlab domain aliases for nginx 130 | # default: false (does not configure any alias) 131 | # examples: "hostname1" or "hostname1 hostname2 hostname3.example.com" 132 | # 133 | # [*gitlab_unicorn_listen*] 134 | # IP address that unicorn listens on 135 | # default: 127.0.0.1 136 | # 137 | # [*gitlab_unicorn_port*] 138 | # Port that unicorn listens on 172.0.0.1 for HTTP traffic 139 | # default: 8080 140 | # 141 | # [*gitlab_unicorn_worker*] 142 | # The number of unicorn worker 143 | # default: 2 144 | # 145 | # [*bundler_flags*] 146 | # Flags that should be passed to bundler when installing gems 147 | # default: --deployment 148 | # 149 | # [*bundler_jobs*] 150 | # Number of jobs to use while installing gems. Should match number of 151 | # procs on your system (default: 1) 152 | # 153 | # [*omniauth_url*] 154 | # The url to be used for the omniauth authentication. If the url 155 | # is not defined, the omniauth section will be skipped. (default: undef) 156 | # 157 | # [*omniauth_app_id*] 158 | # The app id to use for the omniauth authentication (default: undef) 159 | # 160 | # [*omniauth_secret_id*] 161 | # The app secret to use for the omniauth authentication (default: undef) 162 | # 163 | class gitlab::ci( 164 | $gitlab_server_urls = [], 165 | $ensure = $gitlab::ci::params::ensure, 166 | $ci_user = $gitlab::ci::params::ci_user, 167 | $ci_comment = $gitlab::ci::params::ci_comment, 168 | $ci_email = $gitlab::ci::params::ci_email, 169 | $ci_support_email = $gitlab::ci::params::ci_support_email, 170 | $ci_home = $gitlab::ci::params::ci_home, 171 | $gitlabci_sources = $gitlab::ci::params::gitlabci_sources, 172 | $gitlabci_branch = $gitlab::ci::params::gitlabci_branch, 173 | $gitlab_manage_nginx = $gitlab::ci::params::gitlabci_manage_nginx, 174 | $proxy_name = 'gitlab-ci', 175 | $gitlab_ruby_version = $gitlab::ci::params::gitlab_ruby_version, 176 | $exec_path = $gitlab::ci::params::exec_path, 177 | $gitlab_http_port = $gitlab::ci::params::gitlabci_http_port, 178 | $gitlab_ssl_port = $gitlab::ci::params::gitlabci_ssl_port, 179 | $gitlab_ssl = $gitlab::ci::params::gitlabci_ssl, 180 | $gitlab_ssl_cert = $gitlab::ci::params::gitlabci_ssl_cert, 181 | $gitlab_ssl_key = $gitlab::ci::params::gitlabci_ssl_key, 182 | $gitlab_ssl_self_signed = $gitlab::ci::params::gitlabci_ssl_self_signed, 183 | $gitlab_http_timeout = $gitlab::ci::params::gitlabci_http_timeout, 184 | $gitlab_relative_url_root = $gitlab::ci::params::gitlab_relative_url_root, 185 | $gitlab_redishost = $gitlab::ci::params::gitlabci_redishost, 186 | $gitlab_redisport = $gitlab::ci::params::gitlabci_redisport, 187 | $gitlab_dbtype = $gitlab::ci::params::gitlabci_dbtype, 188 | $gitlab_dbname = $gitlab::ci::params::gitlabci_dbname, 189 | $gitlab_dbuser = $gitlab::ci::params::gitlabci_dbuser, 190 | $gitlab_dbpwd = $gitlab::ci::params::gitlabci_dbpwd, 191 | $gitlab_dbhost = $gitlab::ci::params::gitlabci_dbhost, 192 | $gitlab_dbport = $gitlab::ci::params::gitlabci_dbport, 193 | $gitlab_domain = $gitlab::ci::params::gitlabci_domain, 194 | $gitlab_domain_alias = $gitlab::ci::params::gitlab_domain_alias, 195 | $gitlab_unicorn_listen = $gitlab::ci::params::gitlabci_unicorn_listen, 196 | $gitlab_unicorn_port = $gitlab::ci::params::gitlabci_unicorn_port, 197 | $gitlab_unicorn_worker = $gitlab::ci::params::gitlabci_unicorn_worker, 198 | $bundler_flags = $gitlab::ci::params::gitlabci_bundler_flags, 199 | $bundler_jobs = $gitlab::ci::params::gitlabci_bundler_jobs, 200 | $omniauth_url = undef, 201 | $omniauth_app_id = undef, 202 | $omniauth_secret_id = undef, 203 | ) inherits gitlab::ci::params { 204 | 205 | anchor { 'gitlab::ci::begin': } -> 206 | class { '::gitlab::ci::setup': } -> 207 | class { '::gitlab::ci::package': } -> 208 | class { '::gitlab::ci::install': } -> 209 | class { '::gitlab::ci::config': } -> 210 | class { '::gitlab::ci::service': } -> 211 | anchor { 'gitlab::ci::end': } 212 | } 213 | -------------------------------------------------------------------------------- /manifests/ci/config.pp: -------------------------------------------------------------------------------- 1 | # Class:: gitlab::config 2 | # 3 | # 4 | class gitlab::ci::config inherits gitlab::ci { 5 | File { 6 | owner => $ci_user, 7 | group => $ci_user, 8 | } 9 | 10 | $socket_path = "${ci_home}/gitlab-ci/tmp/sockets/gitlab-ci.socket" 11 | $root_path = "${ci_home}/gitlab-ci/public" 12 | 13 | if $gitlab_manage_nginx { 14 | file { '/etc/nginx/conf.d/gitlab-ci.conf': 15 | ensure => file, 16 | content => template('gitlab/nginx-gitlab.conf.erb'), 17 | owner => root, 18 | group => root, 19 | mode => '0644', 20 | } 21 | } 22 | 23 | file { '/etc/init.d/gitlab_ci': 24 | ensure => file, 25 | source => "${ci_home}/gitlab-ci/lib/support/init.d/gitlab_ci", 26 | owner => root, 27 | group => root, 28 | mode => '0755', 29 | } 30 | 31 | # directories 32 | file { [ 33 | "${ci_home}/gitlab-ci/tmp", 34 | "${ci_home}/gitlab-ci/tmp/pids", 35 | "${ci_home}/gitlab-ci/tmp/sockets", 36 | "${ci_home}/gitlab-ci/log", 37 | "${ci_home}/gitlab-ci/public", 38 | ]: 39 | ensure => directory, 40 | mode => '0755', 41 | } 42 | } 43 | -------------------------------------------------------------------------------- /manifests/ci/install.pp: -------------------------------------------------------------------------------- 1 | # 2 | class gitlab::ci::install inherits gitlab::ci { 3 | 4 | $without_gems = $gitlab_dbtype ? { 5 | 'mysql' => 'postgres', 6 | 'pgsql' => 'mysql', 7 | default => '', 8 | } 9 | 10 | Exec { 11 | user => $ci_user, 12 | path => $exec_path, 13 | } 14 | 15 | File { 16 | owner => $ci_user, 17 | group => $ci_user, 18 | } 19 | 20 | gitlab::config::database { 'gitlab-ci': 21 | database => $gitlab_dbname, 22 | group => $ci_user, 23 | host => $gitlab_dbhost, 24 | owner => $ci_user, 25 | password => $gitlab_dbpwd, 26 | path => "${ci_home}/gitlab-ci/config/database.yml", 27 | port => $gitlab_dbport, 28 | type => $gitlab_dbtype, 29 | username => $gitlab_dbuser, 30 | } 31 | 32 | gitlab::config::unicorn { 'gitlab-ci': 33 | group => $ci_user, 34 | home => $ci_home, 35 | http_timeout => $gitlab_http_timeout, 36 | owner => $ci_user, 37 | path => "${ci_home}/gitlab-ci/config/unicorn.rb", 38 | relative_url_root => $gitlab_relative_url_root, 39 | unicorn_listen => $gitlab_unicorn_listen, 40 | unicorn_port => $gitlab_unicorn_port, 41 | unicorn_worker => $gitlab_unicorn_worker, 42 | } 43 | 44 | gitlab::config::resque { 'gitlab-ci': 45 | group => $ci_user, 46 | owner => $ci_user, 47 | path => "${ci_home}/gitlab-ci/config/resque.yml", 48 | redis_host => $gitlab_redishost, 49 | redis_port => $gitlab_redisport, 50 | } 51 | 52 | file { "${ci_home}/gitlab-ci/config/application.yml": 53 | ensure => file, 54 | content => template('gitlab/gitlab-ci-application.yml.erb'), 55 | mode => '0640', 56 | notify => Service['gitlab_ci'], 57 | } 58 | 59 | exec { 'install gitlab-ci': 60 | command => "bundle install --without development aws test ${without_gems} ${bundler_flags}", 61 | cwd => "${ci_home}/gitlab-ci", 62 | unless => 'bundle check', 63 | timeout => 0, 64 | require => [ 65 | Gitlab::Config::Database['gitlab-ci'], 66 | Gitlab::Config::Unicorn['gitlab-ci'], 67 | File["${ci_home}/gitlab-ci/config/application.yml"], 68 | Gitlab::Config::Resque['gitlab-ci'], 69 | ], 70 | notify => Exec['run gitlab-ci migrations'], 71 | } 72 | 73 | exec { 'setup gitlab-ci database': 74 | command => "/usr/bin/yes yes | bundle exec rake setup RAILS_ENV=production && touch ${ci_home}/.gitlab-ci_setup_done", 75 | cwd => "${ci_home}/gitlab-ci", 76 | creates => "${ci_home}/.gitlab-ci_setup_done", 77 | require => Exec['install gitlab-ci'], 78 | before => Exec['run gitlab-ci migrations'], 79 | notify => [ 80 | Exec['precompile gitlab-ci assets'], 81 | Exec['run gitlab-ci schedules'] 82 | ], 83 | } 84 | 85 | exec { 'precompile gitlab-ci assets': 86 | command => 'bundle exec rake assets:clean assets:precompile cache:clear RAILS_ENV=production', 87 | cwd => "${ci_home}/gitlab-ci", 88 | refreshonly => true, 89 | } 90 | 91 | exec { 'run gitlab-ci migrations': 92 | command => 'bundle exec rake db:migrate RAILS_ENV=production', 93 | cwd => "${ci_home}/gitlab-ci", 94 | refreshonly => true, 95 | notify => Exec['precompile gitlab-ci assets'], 96 | } 97 | 98 | exec { 'run gitlab-ci schedules': 99 | command => 'bundle exec whenever -w RAILS_ENV=production', 100 | cwd => "${ci_home}/gitlab-ci", 101 | refreshonly => true, 102 | } 103 | 104 | } 105 | -------------------------------------------------------------------------------- /manifests/ci/package.pp: -------------------------------------------------------------------------------- 1 | # Class:: gitlab::ci::package 2 | # 3 | # 4 | class gitlab::ci::package inherits gitlab::ci { 5 | Vcsrepo { 6 | ensure => $ensure, 7 | provider => 'git', 8 | user => $ci_user, 9 | } 10 | 11 | vcsrepo { "${ci_home}/gitlab-ci": 12 | source => $gitlabci_sources, 13 | revision => $gitlabci_branch, 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /manifests/ci/params.pp: -------------------------------------------------------------------------------- 1 | # Class:: gitlab::ci::params 2 | # 3 | # 4 | class gitlab::ci::params { 5 | 6 | $ensure = 'present' 7 | $ci_user = 'gitlab_ci' 8 | $ci_home = '/home/gitlab_ci' 9 | $ci_comment = 'GitLab CI' 10 | $ci_email = 'gitlab-ci@localhost' 11 | $ci_support_email = 'support@localhost' 12 | $gitlabci_sources = 'git://github.com/gitlabhq/gitlab-ci.git' 13 | $gitlabci_branch = '5-0-stable' 14 | $gitlabci_manage_nginx = true 15 | $gitlabci_http_port = '80' 16 | $gitlabci_ssl_port = '443' 17 | $gitlabci_http_timeout = '60' 18 | $gitlabci_redishost = '127.0.0.1' 19 | $gitlabci_redisport = '6379' 20 | $gitlabci_dbtype = 'mysql' 21 | $gitlabci_dbname = 'gitlabci_db' 22 | $gitlabci_dbuser = 'gitlabci_user' 23 | $gitlabci_dbpwd = 'changeme' 24 | $gitlabci_dbhost = 'localhost' 25 | $gitlabci_dbport = '5432' 26 | $gitlabci_domain = $::fqdn 27 | $gitlabci_domain_alias = false 28 | $gitlabci_repodir = $ci_home 29 | $gitlabci_relative_url_root = false 30 | $gitlabci_ssl = false 31 | $gitlabci_ssl_cert = '/etc/ssl/certs/ssl-cert-snakeoil.pem' 32 | $gitlabci_ssl_key = '/etc/ssl/private/ssl-cert-snakeoil.key' 33 | $gitlabci_ssl_self_signed = false 34 | $gitlabci_projects = '10' 35 | $gitlabci_username_change = true 36 | $gitlabci_unicorn_listen = '127.0.0.1' 37 | $gitlabci_unicorn_port = '8081' 38 | $gitlabci_unicorn_worker = '2' 39 | $gitlabci_bundler_flags = '--deployment' 40 | $gitlabci_bundler_jobs = 1 41 | $exec_path = "${ci_home}/.rbenv/shims:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" 42 | $gitlab_ruby_version = '2.1.6' 43 | 44 | } # Class:: gitlab::ci::params 45 | -------------------------------------------------------------------------------- /manifests/ci/runner.pp: -------------------------------------------------------------------------------- 1 | # == Class: gitlab::ci::runner 2 | # 3 | # Install and configure a GitLab CI runner using puppet. 4 | # 5 | # === Parameters 6 | # 7 | # [*ci_server_url*] 8 | # URL of Gitlab CI server 9 | # required 10 | # 11 | # [*registration_token*] 12 | # Token for authentication on Gitlab CI Server 13 | # required 14 | # 15 | # [*ensure*] 16 | # Ensure present, latest. absent is not yet supported 17 | # default: present 18 | # 19 | # [*user*] 20 | # Name of gitlab CI user 21 | # default: gitlab_ci_runner 22 | # 23 | # [*user_home*] 24 | # Home directory for gitlab CI 25 | # default: /home/gitlab_ci_runner 26 | # 27 | # [*source*] 28 | # Gitlab CI sources 29 | # default: git://github.com/gitlabhq/gitlabhq-ci-runner.git 30 | # 31 | # [*branch*] 32 | # Gitlab CI branch 33 | # default: 5-0-stable 34 | # 35 | # [*ruby_version*] 36 | # Ruby version to install with rbenv for Gitlab user 37 | # default: 2.1.6 38 | # 39 | # [*exec_path*] 40 | # The default PATH passed to all exec ressources (this path include rbenv shims) 41 | # default: '${git_home}/.rbenv/shims:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' 42 | # 43 | class gitlab::ci::runner ( 44 | $ci_server_url, 45 | $registration_token, 46 | $ensure = 'present', 47 | $branch = '5-0-stable', 48 | $exec_path = '/home/gitlab_ci_runner/.rbenv/shims:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', 49 | $ruby_version = '2.1.6', 50 | $source = 'https://gitlab.com/gitlab-org/gitlab-ci-runner.git', 51 | $user = 'gitlab_ci_runner', 52 | $user_home = '/home/gitlab_ci_runner', 53 | ){ 54 | 55 | user { $user: 56 | ensure => $ensure, 57 | comment => 'GitLab CI Runner', 58 | home => $user_home, 59 | managehome => true, 60 | password => '*', 61 | shell => '/bin/bash', 62 | system => true, 63 | } 64 | 65 | vcsrepo { "${user_home}/gitlab-ci-runner": 66 | ensure => $ensure, 67 | source => $source, 68 | revision => $branch, 69 | provider => 'git', 70 | user => $user, 71 | } 72 | 73 | case $::osfamily { 74 | 'Debian': { 75 | $system_packages = ['libicu-dev'] 76 | } 77 | 'RedHat': { 78 | $system_packages = ['libicu-devel'] 79 | } 80 | default: { 81 | fail("${::osfamily} not supported yet") 82 | } 83 | } 84 | 85 | ensure_packages($system_packages) 86 | 87 | file { "${user_home}/.bashrc": 88 | ensure => file, 89 | content => "source ${user_home}/.rbenvrc", 90 | require => Rbenv::Install['gitlab_ci_runner'], 91 | } 92 | 93 | rbenv::install { $user: 94 | group => $user, 95 | home => $user_home, 96 | } 97 | 98 | rbenv::compile { 'gitlab-ci-runner/ruby': 99 | user => $user, 100 | home => $user_home, 101 | ruby => $ruby_version, 102 | global => true, 103 | notify => Exec['install gitlab-ci-runner'], 104 | } 105 | 106 | Exec { 107 | user => $user, 108 | path => $exec_path, 109 | } 110 | 111 | exec { 'install gitlab-ci-runner': 112 | command => 'bundle install --deployment', 113 | cwd => "${user_home}/gitlab-ci-runner", 114 | unless => 'bundle check', 115 | timeout => 0, 116 | notify => Exec['run gitlab-ci-runner setup'], 117 | } 118 | 119 | exec { 'run gitlab-ci-runner setup': 120 | command => 'bundle exec ./bin/setup', 121 | cwd => "${user_home}/gitlab-ci-runner", 122 | timeout => 0, 123 | refreshonly => true, 124 | environment => ["CI_SERVER_URL=${ci_server_url}", "REGISTRATION_TOKEN=${registration_token}"], 125 | } 126 | 127 | file { '/etc/init.d/gitlab_ci_runner': 128 | ensure => file, 129 | source => "${user_home}/gitlab-ci-runner/lib/support/init.d/gitlab_ci_runner", 130 | owner => root, 131 | group => root, 132 | mode => '0755', 133 | } 134 | 135 | service { 'gitlab_ci_runner': 136 | ensure => running, 137 | hasstatus => true, 138 | hasrestart => true, 139 | enable => true, 140 | } 141 | 142 | User[$user] -> 143 | Vcsrepo["${user_home}/gitlab-ci-runner"] -> 144 | Rbenv::Install[$user] -> 145 | Rbenv::Compile['gitlab-ci-runner/ruby'] -> 146 | Exec['install gitlab-ci-runner'] -> 147 | File['/etc/init.d/gitlab_ci_runner'] -> 148 | Service['gitlab_ci_runner'] 149 | 150 | } 151 | -------------------------------------------------------------------------------- /manifests/ci/service.pp: -------------------------------------------------------------------------------- 1 | # Class:: gitlab::ci::service 2 | # 3 | # 4 | class gitlab::ci::service { 5 | service { 'gitlab_ci': 6 | ensure => running, 7 | hasstatus => true, 8 | hasrestart => true, 9 | enable => true, 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /manifests/ci/setup.pp: -------------------------------------------------------------------------------- 1 | # Class:: gitlab::ci::setup 2 | # 3 | # 4 | class gitlab::ci::setup inherits gitlab::ci { 5 | 6 | include ::git 7 | 8 | File { 9 | owner => $ci_user, 10 | group => $ci_user, 11 | } 12 | 13 | # user 14 | user { $ci_user: 15 | ensure => present, 16 | shell => '/bin/bash', 17 | password => '*', 18 | home => $ci_home, 19 | comment => $ci_comment, 20 | system => true, 21 | managehome => true, 22 | } 23 | 24 | # database dependencies 25 | case $::osfamily { 26 | 'Debian': { 27 | case $gitlab_dbtype { 28 | 'mysql': { 29 | ensure_packages(['libmysql++-dev','libmysqlclient-dev']) 30 | } 31 | 'pgsql': { 32 | include ::postgresql::client 33 | include ::postgresql::lib::devel 34 | } 35 | default: { 36 | fail("unknow dbtype (${gitlab_dbtype})") 37 | } 38 | } 39 | } 40 | 'RedHat': { 41 | case $gitlab_dbtype { 42 | 'mysql': { 43 | if $::operatingsystemmajrelease >= 7 { 44 | $mysql_devel_package = 'mariadb-devel' 45 | } else { 46 | $mysql_devel_package = 'mysql-devel' 47 | } 48 | ensure_packages([$mysql_devel_package]) 49 | } 50 | 'pgsql': { 51 | include ::postgresql::lib::devel 52 | } 53 | default: { 54 | fail("unknow dbtype (${gitlab_dbtype})") 55 | } 56 | } 57 | } 58 | default: { 59 | fail("${::osfamily} not supported yet") 60 | } 61 | } # Case $::osfamily 62 | 63 | # By default, puppet-rbenv sets ~/.profile to load rbenv, which is 64 | # read when bash is invoked as an interactive login shell, but we 65 | # also need ~/.bashrc to load rbenv (which is read by interactive 66 | # but non-login shells). This works, but may not be the best 67 | # solution, please see issue #114 if you have a better solution. 68 | file { "${ci_home}/.bashrc": 69 | ensure => file, 70 | content => "source ${ci_home}/.rbenvrc", 71 | require => Rbenv::Install[$ci_user], 72 | } 73 | 74 | rbenv::install { $ci_user: 75 | group => $ci_user, 76 | home => $ci_home, 77 | require => User[$ci_user], 78 | } 79 | 80 | rbenv::compile { 'gitlabci/ruby': 81 | user => $ci_user, 82 | home => $ci_home, 83 | ruby => $gitlab_ruby_version, 84 | global => true, 85 | notify => Exec['install gitlab-ci'], 86 | } 87 | 88 | } 89 | -------------------------------------------------------------------------------- /manifests/config.pp: -------------------------------------------------------------------------------- 1 | # Class:: gitlab::config 2 | # 3 | # 4 | class gitlab::config inherits gitlab { 5 | File { 6 | owner => $git_user, 7 | group => $git_group, 8 | } 9 | 10 | $socket_path = "${git_home}/gitlab/tmp/sockets/gitlab.socket" 11 | $root_path = "${git_home}/gitlab/public" 12 | 13 | # gitlab 14 | if $gitlab_manage_nginx { 15 | file { '/etc/nginx/conf.d/gitlab.conf': 16 | ensure => file, 17 | content => template('gitlab/nginx-gitlab.conf.erb'), 18 | owner => root, 19 | group => root, 20 | mode => '0644', 21 | notify => Service[$gitlab::webserver_service_name], 22 | } 23 | } 24 | 25 | file { '/etc/default/gitlab': 26 | ensure => file, 27 | content => template('gitlab/gitlab.default.erb'), 28 | owner => root, 29 | group => root, 30 | mode => '0644', 31 | } 32 | 33 | file { '/etc/init.d/gitlab': 34 | ensure => file, 35 | source => "${git_home}/gitlab/lib/support/init.d/gitlab", 36 | owner => root, 37 | group => root, 38 | mode => '0755', 39 | require => File['/etc/default/gitlab'], 40 | } 41 | 42 | file { '/etc/logrotate.d/gitlab': 43 | ensure => file, 44 | source => "${git_home}/gitlab/lib/support/logrotate/gitlab", 45 | owner => root, 46 | group => root, 47 | mode => '0644'; 48 | } 49 | 50 | # directories 51 | file { [ 52 | "${git_home}/gitlab/tmp", 53 | "${git_home}/gitlab/tmp/pids", 54 | "${git_home}/gitlab/tmp/sockets", 55 | "${git_home}/gitlab/public", 56 | "${git_home}/gitlab/public/uploads", 57 | ]: 58 | ensure => directory, 59 | mode => '0755', 60 | } 61 | 62 | #gitlab does not provide an option to configure a log directory, so create a symlink to 63 | #the desired folder if specified (otherwise, simply ensure the default log folder is there) 64 | $gitlab_log_path_type = $gitlab_log_folder ? { 65 | undef => 'directory', 66 | default => 'link', 67 | } 68 | file { "${git_home}/gitlab/log": 69 | ensure => $gitlab_log_path_type, 70 | target => $gitlab_log_folder, 71 | mode => '0755', 72 | force => true, #for the conversion to link 73 | } 74 | 75 | # backup task 76 | $backup_file = '/usr/local/sbin/backup-gitlab.sh' 77 | 78 | $backup_ensure = $gitlab_backup? { 79 | true => present, 80 | default => absent, 81 | } 82 | 83 | file { $backup_file: 84 | ensure => $backup_ensure, 85 | content => template('gitlab/backup-gitlab.sh.erb'), 86 | mode => '0755', 87 | owner => 'root', 88 | group => 'root', 89 | } 90 | 91 | cron { 'gitlab backup': 92 | ensure => $backup_ensure, 93 | command => $backup_file, 94 | hour => $gitlab_backup_time, 95 | minute => fqdn_rand(60), 96 | user => $git_user, 97 | } 98 | } 99 | -------------------------------------------------------------------------------- /manifests/config/database.pp: -------------------------------------------------------------------------------- 1 | # == define: gitlab::config::database 2 | # 3 | # [*database*] 4 | # (required) Gitlab database name. 5 | # 6 | # [*owner*] 7 | # (required) owner for gitlab database configuration file. 8 | # 9 | # [*host*] 10 | # (required) Gitlab database host. 11 | # 12 | # [*group*] 13 | # (required) group for gitlab database configuration file. 14 | # 15 | # [*password*] 16 | # (required) Gitlab database password. 17 | # 18 | # [*path*] 19 | # (required) path for gitlab database configuration file. 20 | # 21 | # [*port*] 22 | # (required) Gitlab database port. 23 | # 24 | # [*type*] 25 | # (required) Gitlab database type (pgsql or mysql). 26 | # 27 | # [*username*] 28 | # (required) Gitlab database username. 29 | # 30 | define gitlab::config::database( 31 | $database, 32 | $group, 33 | $host, 34 | $owner, 35 | $password, 36 | $path, 37 | $port, 38 | $type, 39 | $username, 40 | ){ 41 | 42 | file { $path: 43 | ensure => file, 44 | content => template('gitlab/database.yml.erb'), 45 | mode => '0640', 46 | owner => $owner, 47 | group => $group, 48 | } 49 | } 50 | -------------------------------------------------------------------------------- /manifests/config/resque.pp: -------------------------------------------------------------------------------- 1 | # == define: gitlab::config::resque 2 | # 3 | # [*group*] 4 | # (required) group for gitlab database configuration file. 5 | # 6 | # [*owner*] 7 | # (required) owner for gitlab database configuration file. 8 | # 9 | # [*path*] 10 | # (required) path for gitlab database configuration file. 11 | # 12 | # [*redis_host*] 13 | # (required) Redis host used for Sidekiq 14 | # 15 | # [*redis_port*] 16 | # (required) Redis host used for Sidekiq 17 | # 18 | define gitlab::config::resque ( 19 | $group, 20 | $owner, 21 | $path, 22 | $redis_host, 23 | $redis_port, 24 | ){ 25 | 26 | file { $path: 27 | ensure => file, 28 | content => template('gitlab/resque.yml.erb'), 29 | owner => $owner, 30 | group => $group, 31 | } 32 | 33 | } 34 | -------------------------------------------------------------------------------- /manifests/config/unicorn.pp: -------------------------------------------------------------------------------- 1 | # == define: gitlab::config::unicorn 2 | # 3 | # [*owner*] 4 | # (required) owner for gitlab database configuration file. 5 | # 6 | # [*group*] 7 | # (required) group for gitlab database configuration file. 8 | # 9 | # [*home*] 10 | # (required) Home directory for gitlab repository 11 | # 12 | # [*http_timeout*] 13 | # (required) HTTP timeout (unicorn and nginx) 14 | # 15 | # [*path*] 16 | # (required) path for gitlab database configuration file. 17 | # 18 | # [*unicorn_listen*] 19 | # (required) IP address that unicorn listens on 20 | # 21 | # [*unicorn_port*] 22 | # (required) Port that unicorn listens on 172.0.0.1 for HTTP traffic 23 | # 24 | # [*unicorn_worker*] 25 | # (required) The number of unicorn worker 26 | # 27 | # [*relative_url_root*] 28 | # (required) run in a non-root path 29 | # 30 | define gitlab::config::unicorn ( 31 | $group, 32 | $home, 33 | $http_timeout, 34 | $owner, 35 | $path, 36 | $unicorn_listen, 37 | $unicorn_port, 38 | $unicorn_worker, 39 | $relative_url_root = false 40 | ){ 41 | 42 | file { $path: 43 | ensure => file, 44 | content => template('gitlab/unicorn.rb.erb'), 45 | owner => $owner, 46 | group => $group, 47 | } 48 | 49 | } 50 | -------------------------------------------------------------------------------- /manifests/init.pp: -------------------------------------------------------------------------------- 1 | # == Class: gitlab 2 | # 3 | # Install and configure a GitLab server using puppet. 4 | # 5 | # === Parameters 6 | # 7 | # [*ensure*] 8 | # Ensure present, latest. absent is not yet supported 9 | # default: present 10 | # 11 | # [*git_user*] 12 | # Name of gitlab user 13 | # default: git 14 | # 15 | # [*git_group*] 16 | # Name of gitlab group 17 | # default: $git_user 18 | # 19 | # [*git_home*] 20 | # Home directory for gitlab repository 21 | # default: /home/git 22 | # 23 | # [*git_email*] 24 | # Email address for gitlab user 25 | # default: git@someserver.net 26 | # 27 | # [*git_comment*] 28 | # Gitlab user comment 29 | # default: GitLab 30 | # 31 | # [*git_bin_path*] 32 | # Path to git binary. 33 | # default: /usr/bin/git 34 | # 35 | # [*git_max_size*] 36 | # Maximum memory size grit can use, given in number of bytes per git object (e.g. a commit) 37 | # default: 5242880 (5MB) 38 | # 39 | # [*git_timeout*] 40 | # Git timeout to read a commit, in seconds 41 | # default: 10 42 | # 43 | # [*gitlab_manage_user*] 44 | # Whether to manage the Gitlab user account 45 | # default: true 46 | # 47 | # [*gitlab_manage_home*] 48 | # Whether to manage the Gitlab user's home directory 49 | # default: true 50 | # 51 | # [*gitlab_sources*] 52 | # Gitlab sources 53 | # default: git://github.com/gitlabhq/gitlabhq.git 54 | # 55 | # [*gitlab_branch*] 56 | # Gitlab branch 57 | # default: 7-12-stable 58 | # 59 | # [*gitlabshell_sources*] 60 | # Gitlab-shell sources 61 | # default: git://github.com/gitlabhq/gitlab-shell.git 62 | # 63 | # [*gitlabshell_branch*] 64 | # Gitlab-shell branch 65 | # default: v2.6.3 66 | # 67 | # [*gitlabshell_log_folder*] 68 | # Gitlab-shell log folder 69 | # default: the gitlab-shell root directory 70 | # 71 | # [*gitlab_log_folder*] 72 | # Gitlab rails log folder 73 | # default: ${git_home}/gitlab/log 74 | # 75 | # [*proxy_name*] 76 | # The name of the Nginx proxy 77 | # default: 'gitlab' 78 | # 79 | # [*gitlab_manage_nginx*] 80 | # Whether or not this module should install a templated Nginx 81 | # configuration; set to false to manage separately 82 | # default: true 83 | # 84 | # [*gitlab_http_port*] 85 | # Port that NGINX listens on for HTTP traffic 86 | # default: 80 87 | # 88 | # [*gitlab_ssl_port*] 89 | # Port that NGINX listens on for HTTPS traffic 90 | # default: 443 91 | # 92 | # [*gitlab_http_timeout*] 93 | # HTTP timeout (unicorn and nginx) 94 | # default: 60 95 | # 96 | # [*gitlab_webhook_timeout*] 97 | # Number of seconds to wait for HTTP response after sending webhook 98 | # HTTP POST request 99 | # default: 10 100 | # 101 | # [*gitlab_redishost*] 102 | # Redis host used for Sidekiq 103 | # default: localhost 104 | # 105 | # [*gitlab_redisport*] 106 | # Redis host used for Sidekiq 107 | # default: 6379 108 | # 109 | # [*gitlab_dbtype*] 110 | # Gitlab database type 111 | # default: mysql 112 | # 113 | # [*gitlab_dbname*] 114 | # Gitlab database name 115 | # default: gitlab_db 116 | # 117 | # [*gitlab_dbuser*] 118 | # Gitlab database user 119 | # default: gitlab_user 120 | # 121 | # [*gitlab_dbpwd*] 122 | # Gitlab database password 123 | # default: changeme 124 | # 125 | # [*gitlab_dbhost*] 126 | # Gitlab database host 127 | # default: localhost 128 | # 129 | # [*gitlab_dbport*] 130 | # Gitlab database port 131 | # default: 3306 132 | # 133 | # [*gitlab_domain*] 134 | # Gitlab domain 135 | # default: $fqdn 136 | # 137 | # [*gitlab_domain_alias*] 138 | # Gitlab domain aliases for nginx 139 | # default: false (does not configure any alias) 140 | # examples: "hostname1" or "hostname1 hostname2 hostname3.example.com" 141 | # 142 | # [*gitlab_repodir*] 143 | # Gitlab repository directory 144 | # default: $git_home 145 | # 146 | # [*gitlab_backup*] 147 | # Whether to enable automatic backups 148 | # default: false 149 | # 150 | # [*gitlab_backup_path*] 151 | # Path where Gitlab's backup rake task puts its files 152 | # default: 'tmp/backups' (relative to $git_home) 153 | # 154 | # [*gitlab_backup_keep_time*] 155 | # Retention time of Gitlab's backups (in seconds) 156 | # default: 0 (forever) 157 | # 158 | # [*gitlab_backup_time*] 159 | # Time when the Gitlab backup task is run from cron 160 | # default: fqdn_rand(5)+1 161 | # 162 | # [*gitlab_backup_postscript*] 163 | # Path to one or more shell scripts to be executed after the backup 164 | # default: false 165 | # 166 | # [*gitlab_relative_url_root*] 167 | # run in a non-root path 168 | # default: / 169 | # 170 | # [*gitlab_issue_closing_pattern*] 171 | # If a commit message matches this regular expression, all issues referenced from the matched text will be closed. 172 | # This happens when the commit is pushed or merged into the default branch of a project. 173 | # default: '([Cc]lose[sd]|[Ff]ixe[sd]) #(\d+)' on GitLab-CE 174 | # 175 | # [*gitlab_repository_downloads_path*] 176 | # When a user clicks e.g. 'Download zip' on a project, a temporary zip file is 177 | # created in the following directory (relative to the root of the Rails app) 178 | # default: tmp/repositories 179 | # 180 | # [*gitlab_restricted_visibility_levels*] 181 | # Restrict setting visibility levels for non-admin users. 182 | # Specify as an array of one or more of "private" | "internal" | "public" 183 | # default: nil 184 | # 185 | # [*gitlab_default_projects_features_issues*] 186 | # Default project features setting for issues. 187 | # default: true 188 | # 189 | # [*gitlab_default_projects_features_merge_requests*] 190 | # Default project features setting for merge requests. 191 | # default: true 192 | # 193 | # [*gitlab_default_projects_features_wiki*] 194 | # Default project features settings for wiki. 195 | # default: true 196 | # 197 | # [*gitlab_default_projects_features_wall*] 198 | # Default project features setting for wall. 199 | # default: false 200 | # 201 | # [*gitlab_default_projects_features_snippets*] 202 | # Default project features setting for snippets. 203 | # default: false 204 | # 205 | # [*gitlab_default_projects_features_visibility_level*] 206 | # Default project features settings for visibility level. ("private" | "internal" | "public") 207 | # default: private 208 | # 209 | # [*gitlab_email_enabled*] 210 | # Set to false if you need to disable email sending from GitLab 211 | # default: true 212 | # 213 | # [*gitlab_email_reply_to*] 214 | # Reply-to address for emails sent by GitLab 215 | # default: noreply@ 216 | # 217 | # [*gitlab_email_display_name*] 218 | # Sender display name for emails sent by GitLab 219 | # default: GitLab 220 | # 221 | # [*gitlab_support_email*] 222 | # Email address of your support contact 223 | # default: support@local.host 224 | # 225 | # [*gitlab_time_zone*] 226 | # Default time zone of GitLab application 227 | # default: UTC 228 | # 229 | # [*gitlab_ssl*] 230 | # Enable SSL for GitLab 231 | # default: false 232 | # 233 | # [*gitlab_ssl_cert*] 234 | # SSL Certificate location 235 | # default: /etc/ssl/certs/ssl-cert-snakeoil.pem 236 | # 237 | # [*gitlab_ssl_key*] 238 | # SSL Key location 239 | # default: /etc/ssl/private/ssl-cert-snakeoil.key 240 | # 241 | # [*gitlab_ssl_protocols*] 242 | # Nginx SSL enabled protocols 243 | # default: 'TLSv1.2 TLSv1.1 TLSv1' 244 | # 245 | # [*gitlab_ssl_ciphers*] 246 | # Nginx SSL enabled ciphers 247 | # default: 'AES:HIGH:!aNULL:!RC4:!MD5:!ADH:!MDF' 248 | # 249 | # [*gitlab_ssl_self_signed*] 250 | # Set true if your SSL Cert is self signed 251 | # default: false 252 | # 253 | # [*gitlab_projects*] 254 | # GitLab default number of projects for new users 255 | # default: 10 256 | # 257 | # [*gitlab_repodir*] 258 | # Gitlab repository directory 259 | # default: $git_home 260 | # 261 | # [*gitlab_satellitedir*] 262 | # Directory for Gitlab satellites 263 | # default: $git_home 264 | # 265 | # [*gitlab_setup_status_dir*] 266 | # Directory where the Puppet module can store a status file to 267 | # indicate whether the GitLab database has already been initialized. 268 | # default: $git_home 269 | # 270 | # [*gitlab_username_change*] 271 | # Gitlab username changing 272 | # default: true 273 | # 274 | # [*gitlab_unicorn_listen*] 275 | # IP address that unicorn listens on 276 | # default: 127.0.0.1 277 | # 278 | # [*gitlab_unicorn_port*] 279 | # Port that unicorn listens on 172.0.0.1 for HTTP traffic 280 | # default: 8080 281 | # 282 | # [*gitlab_unicorn_worker*] 283 | # The number of unicorn worker 284 | # default: 2 285 | # 286 | # [*gitlab_bundler_flags*] 287 | # Flags that should be passed to bundler when installing gems 288 | # default: --deployment 289 | # 290 | # [*gitlab_manage_rbenv*] 291 | # Whether this module should use rbenv to install a suitable version of Ruby 292 | # for the Gitlab user; set to false to use the system Ruby or manage separately 293 | # default: true 294 | # 295 | # [*gitlab_ruby_version*] 296 | # Ruby version to install with rbenv for the Gitlab user 297 | # default: 2.1.6 298 | # 299 | # [*gitlab_secret_file*] 300 | # File that contains the secret key for verifying access for gitlab-shell. 301 | # default: '.gitlab_shell_secret' relative to Rails.root (i.e. root of the GitLab app). 302 | # 303 | # [*gitlab_auth_file*] 304 | # File used as authorized_keys for gitlab user 305 | # default: ${git_home}/.ssh/authorized_keys 306 | # 307 | # [*exec_path*] 308 | # The default PATH passed to all exec ressources (this path include rbenv shims) 309 | # default: '${git_home}/.rbenv/shims:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' 310 | # 311 | # [*gitlab_bundler_jobs*] 312 | # Number of jobs to use while installing gems. Should match number of 313 | # procs on your system (default: 1) 314 | # 315 | # [*gitlab_ensure_postfix*] 316 | # Whether or not this module should ensure the postfix package is 317 | # installed (used to manage conflicts with other modules) 318 | # default: true 319 | # 320 | # [*gitlab_ensure_curl*] 321 | # Whether or not this module should ensure the curl package is 322 | # installed (used to manage conflicts with other modules) 323 | # default: true 324 | # 325 | # [*ldap_enabled*] 326 | # Enable LDAP backend for gitlab web (see bellow) 327 | # default: false 328 | # 329 | # [*ldap_host*] 330 | # FQDN of LDAP server 331 | # default: ldap.domain.com 332 | # 333 | # [*ldap_base*] 334 | # LDAP base dn 335 | # default: dc=domain,dc=com 336 | # 337 | # [*ldap_uid*] 338 | # Uid for LDAP auth 339 | # default: uid 340 | # 341 | # [*ldap_user_filter*] 342 | # RFC 4515 style filter 343 | # default: '' 344 | # 345 | # [*ldap_port*] 346 | # LDAP port 347 | # default: 636 348 | # 349 | # [*ldap_method*] 350 | # Method to use 351 | # default: ssl 352 | # 353 | # [*ldap_bind_dn*] 354 | # User for LDAP bind auth 355 | # default: nil 356 | # 357 | # [*ldap_bind_password*] 358 | # Password for LDN bind auth 359 | # default: nil 360 | # 361 | # [*ldap_active_directory*] 362 | # This setting specifies if LDAP server is Active Directory LDAP server. 363 | # For non AD servers it skips the AD specific queries. 364 | # If your LDAP server is not AD, set this to false. 365 | # default: true 366 | # 367 | # [*ldap_block_auto_created_users*] 368 | # To maintain tight control over the number of active users on your GitLab installation, 369 | # enable this setting to keep new users blocked until they have been cleared by the admin 370 | # default: false 371 | # 372 | # [*ldap_sync_time*] 373 | # This setting controls the amount of time between LDAP permission checks for each user. 374 | # default: nil 375 | # 376 | # [*ldap_group_base*] 377 | # Base where we can search for groups. 378 | # default: nil 379 | # 380 | # [*ldap_sync_ssh_keys*] 381 | # Name of attribute which holds a ssh public key of the user object. 382 | # If false or nil, SSH key syncronisation will be disabled. 383 | # default: nil 384 | # 385 | # [*ldap_admin_group*] 386 | # LDAP group of users who should be admins in GitLab. 387 | # default: nil 388 | # 389 | # [*issues_tracker*] 390 | # External issues trackers. Provide a hash with all issues_tracker configuration as would 391 | # appear in gitlab.yaml. E.g. { redmine => { title => "Redmine", project_url => ... } } 392 | # default: nil 393 | # 394 | # [*omniauth*] 395 | # Omniauth configuration. Provide a hash with all omniauth configuration as would 396 | # appear in gitlab.yaml. E.g. { enabled => true, providers => [ { name => "github", app_id => ... }]} 397 | # default: nil 398 | # 399 | # [*git_package_name*] 400 | # Package name for git install 401 | # default: git-core (Debian) 402 | # 403 | # [*ssh_port*] 404 | # Port accepting ssh connections 405 | # default: 22 406 | # 407 | # [*google_analytics_id*] 408 | # Google analytics tracking ID 409 | # default: nil 410 | # 411 | # [*git_proxy*] 412 | # Proxy for git access 413 | # default: '' 414 | # 415 | # [*company_logo_url*] 416 | # Url to the company logo to be diplayed at the bottom of the sign_in page 417 | # default: '' 418 | # 419 | # [*company_link*] 420 | # Link to the company displayed under the logo of the company 421 | # default: '' 422 | # 423 | # [*company_name*] 424 | # Name of the company displayed under the logo of the company 425 | # default: '' 426 | # 427 | # [*gravatar_enabled*] 428 | # Use user avatar image from Gravatar.com 429 | # default: true 430 | # 431 | # [*use_exim*] 432 | # Apply a fix for compatibility with exim as explained at github.com/gitlabhq/gitlabhq/issues/4866 433 | # default: false 434 | # 435 | # [*webserver_service_name*] 436 | # Name of webserver service (nginx, apache2) 437 | # default: nginx 438 | # 439 | # [*system_packages*] 440 | # Packages that Gitlab needs to work, and that will be managed by the Gitlab module 441 | # default: $gitlab::params::system_packages 442 | # 443 | # === Examples 444 | # 445 | # See examples/gitlab.pp 446 | # 447 | # node /gitlab/ { 448 | # class { 449 | # 'gitlab': 450 | # git_email => 'toto@foobar' 451 | # } 452 | # } 453 | # 454 | # === Authors 455 | # 456 | # See https://github.com/sbadia/puppet-gitlab/graphs/contributors 457 | # 458 | # === Copyright 459 | # 460 | # See LICENSE file 461 | # 462 | class gitlab( 463 | $ensure = $gitlab::params::ensure, 464 | $git_user = $gitlab::params::git_user, 465 | $git_group = $git_user, 466 | $git_home = $gitlab::params::git_home, 467 | $git_email = $gitlab::params::git_email, 468 | $git_comment = $gitlab::params::git_comment, 469 | $git_bin_path = $gitlab::params::git_bin_path, 470 | $git_max_size = $gitlab::params::git_max_size, 471 | $git_timeout = $gitlab::params::git_timeout, 472 | $gitlab_webhook_timeout = $gitlab::params::gitlab_webhook_timeout, 473 | $gitlab_manage_user = $gitlab::params::gitlab_manage_user, 474 | $gitlab_manage_home = $gitlab::params::gitlab_manage_home, 475 | $gitlab_sources = $gitlab::params::gitlab_sources, 476 | $gitlab_branch = $gitlab::params::gitlab_branch, 477 | $gitlabshell_branch = $gitlab::params::gitlabshell_branch, 478 | $gitlabshell_sources = $gitlab::params::gitlabshell_sources, 479 | $gitlabshell_log_folder = $gitlab::params::gitlabshell_log_folder, 480 | $gitlab_log_folder = $gitlab::params::gitlab_log_folder, 481 | $gitlab_manage_nginx = $gitlab::params::gitlab_manage_nginx, 482 | $proxy_name = 'gitlab', 483 | $gitlab_http_port = $gitlab::params::gitlab_http_port, 484 | $gitlab_ssl_port = $gitlab::params::gitlab_ssl_port, 485 | $gitlab_http_timeout = $gitlab::params::gitlab_http_timeout, 486 | $gitlab_redishost = $gitlab::params::gitlab_redishost, 487 | $gitlab_redisport = $gitlab::params::gitlab_redisport, 488 | $gitlab_dbtype = $gitlab::params::gitlab_dbtype, 489 | $gitlab_dbname = $gitlab::params::gitlab_dbname, 490 | $gitlab_dbuser = $gitlab::params::gitlab_dbuser, 491 | $gitlab_dbpwd = $gitlab::params::gitlab_dbpwd, 492 | $gitlab_dbhost = $gitlab::params::gitlab_dbhost, 493 | $gitlab_dbport = $gitlab::params::gitlab_dbport, 494 | $gitlab_domain = $gitlab::params::gitlab_domain, 495 | $gitlab_domain_alias = $gitlab::params::gitlab_domain_alias, 496 | $gitlab_repodir = $gitlab::params::gitlab_repodir, 497 | $gitlab_satellitedir = $git_home, 498 | $gitlab_setup_status_dir = $git_home, 499 | $gitlab_backup = $gitlab::params::gitlab_backup, 500 | $gitlab_backup_path = $gitlab::params::gitlab_backup_path, 501 | $gitlab_backup_keep_time = $gitlab::params::gitlab_backup_keep_time, 502 | $gitlab_backup_time = $gitlab::params::gitlab_backup_time, 503 | $gitlab_backup_postscript = $gitlab::params::gitlab_backup_postscript, 504 | $gitlab_relative_url_root = $gitlab::params::gitlab_relative_url_root, 505 | $gitlab_issue_closing_pattern = $gitlab::params::gitlab_issue_closing_pattern, 506 | $gitlab_repository_downloads_path = $gitlab::params::gitlab_repository_downloads_path, 507 | $gitlab_restricted_visibility_levels = $gitlab::params::gitlab_restricted_visibility_levels, 508 | $gitlab_default_projects_features_issues = $gitlab::params::gitlab_default_projects_features_issues, 509 | $gitlab_default_projects_features_merge_requests = $gitlab::params::gitlab_default_projects_features_merge_requests, 510 | $gitlab_default_projects_features_wiki = $gitlab::params::gitlab_default_projects_features_wiki, 511 | $gitlab_default_projects_features_wall = $gitlab::params::gitlab_default_projects_features_wall, 512 | $gitlab_default_projects_features_snippets = $gitlab::params::gitlab_default_projects_features_snippets, 513 | $gitlab_default_projects_features_visibility_level = $gitlab::params::gitlab_default_projects_features_visibility_level, 514 | $gitlab_time_zone = $gitlab::params::gitlab_time_zone, 515 | $gitlab_email_enabled = $gitlab::params::gitlab_email_enabled, 516 | $gitlab_email_reply_to = "noreply@${gitlab_domain}", 517 | $gitlab_email_display_name= $gitlab::params::gitlab_email_display_name, 518 | $gitlab_support_email = $gitlab::params::gitlab_support_email, 519 | $gitlab_ssl = $gitlab::params::gitlab_ssl, 520 | $gitlab_ssl_cert = $gitlab::params::gitlab_ssl_cert, 521 | $gitlab_ssl_key = $gitlab::params::gitlab_ssl_key, 522 | $gitlab_ssl_protocols = $gitlab::params::gitlab_ssl_protocols, 523 | $gitlab_ssl_ciphers = $gitlab::params::gitlab_ssl_ciphers, 524 | $gitlab_ssl_self_signed = $gitlab::params::gitlab_ssl_self_signed, 525 | $gitlab_projects = $gitlab::params::gitlab_projects, 526 | $gitlab_username_change = $gitlab::params::gitlab_username_change, 527 | $gitlab_unicorn_listen = $gitlab::params::gitlab_unicorn_listen, 528 | $gitlab_unicorn_port = $gitlab::params::gitlab_unicorn_port, 529 | $gitlab_unicorn_worker = $gitlab::params::gitlab_unicorn_worker, 530 | $gitlab_bundler_flags = $gitlab::params::gitlab_bundler_flags, 531 | $gitlab_bundler_jobs = $gitlab::params::gitlab_bundler_jobs, 532 | $gitlab_ensure_postfix = $gitlab::params::gitlab_ensure_postfix, 533 | $gitlab_ensure_curl = $gitlab::params::gitlab_ensure_curl, 534 | $gitlab_manage_rbenv = $gitlab::params::gitlab_manage_rbenv, 535 | $gitlab_ruby_version = $gitlab::params::gitlab_ruby_version, 536 | $gitlab_secret_file = $gitlab::params::gitlab_secret_file, 537 | $gitlab_auth_file = "${git_home}/.ssh/authorized_keys", 538 | $exec_path = $gitlab::params::exec_path, 539 | $ldap_enabled = $gitlab::params::ldap_enabled, 540 | $ldap_host = $gitlab::params::ldap_host, 541 | $ldap_base = $gitlab::params::ldap_base, 542 | $ldap_uid = $gitlab::params::ldap_uid, 543 | $ldap_user_filter = $gitlab::params::ldap_user_filter, 544 | $ldap_port = $gitlab::params::ldap_port, 545 | $ldap_method = $gitlab::params::ldap_method, 546 | $ldap_bind_dn = $gitlab::params::ldap_bind_dn, 547 | $ldap_bind_password = $gitlab::params::ldap_bind_password, 548 | $ldap_active_directory = $gitlab::params::ldap_active_directory, 549 | $ldap_block_auto_created_users = $gitlab::params::ldap_block_auto_created_users, 550 | $ldap_sync_time = $gitlab::params::ldap_sync_time, 551 | $ldap_group_base = $gitlab::params::ldap_group_base, 552 | $ldap_sync_ssh_keys = $gitlab::params::ldap_sync_ssh_keys, 553 | $ldap_admin_group = $gitlab::params::ldap_admin_group, 554 | $issues_tracker = $gitlab::params::issues_tracker, 555 | $omniauth = $gitlab::params::omniauth, 556 | $ssh_port = $gitlab::params::ssh_port, 557 | $google_analytics_id = $gitlab::params::google_analytics_id, 558 | $git_proxy = $gitlab::params::git_proxy, 559 | $webserver_service_name = $gitlab::params::webserver_service_name, 560 | $system_packages = $gitlab::params::system_packages, 561 | # Deprecated params 562 | $git_package_name = undef, 563 | $company_logo_url = $gitlab::params::company_logo_url, 564 | $company_link = $gitlab::params::company_link, 565 | $company_name = $gitlab::params::company_name, 566 | $gravatar_enabled = $gitlab::params::gravatar_enabled, 567 | $use_exim = $gitlab::params::use_exim, 568 | ) inherits gitlab::params { 569 | case $::osfamily { 570 | 'Debian','Redhat': {} 571 | default: { 572 | fail("${::osfamily} not supported yet") 573 | } 574 | } # case 575 | 576 | # Deprecated params 577 | if $git_package_name { 578 | warning('The git_package_name parameter is deprecated and has no effect.') 579 | } 580 | 581 | validate_absolute_path($git_home) 582 | validate_absolute_path($gitlab_ssl_cert) 583 | validate_absolute_path($gitlab_ssl_key) 584 | 585 | validate_bool($gitlab_ssl) 586 | validate_bool($gitlab_ssl_self_signed) 587 | validate_bool($gitlab_username_change) 588 | validate_bool($ldap_enabled) 589 | validate_bool($gitlab_default_projects_features_issues) 590 | validate_bool($gitlab_default_projects_features_merge_requests) 591 | validate_bool($gitlab_default_projects_features_wiki) 592 | validate_bool($gitlab_default_projects_features_wall) 593 | validate_bool($gitlab_default_projects_features_snippets) 594 | 595 | validate_re($gitlab_dbtype, '(mysql|pgsql)', 'gitlab_dbtype is not supported') 596 | validate_re("${gitlab_dbport}", '^\d+$', 'gitlab_dbport is not a valid port') 597 | validate_re("${ldap_port}", '^\d+$', 'ldap_port is not a valid port') 598 | validate_re("${gitlab_ssl_port}", '^\d+$', 'gitlab_ssl_port is not a valid port') 599 | validate_re("${gitlab_http_port}", '^\d+$', 'gitlab_http_port is not a valid port') 600 | validate_re("${gitlab_http_timeout}", '^\d+$', 'gitlab_http_timeout is not a number') 601 | validate_re("${gitlab_redisport}", '^\d+$', 'gitlab_redisport is not a valid port') 602 | validate_re($ldap_method, '(ssl|tls|plain)', 'ldap_method is not supported (ssl, tls or plain)') 603 | validate_re("${gitlab_projects}", '^\d+$', 'gitlab_projects is not valid') 604 | validate_re("${gitlab_unicorn_port}", '^\d+$', 'gitlab_unicorn_port is not valid') 605 | validate_re("${gitlab_unicorn_worker}", '^\d+$', 'gitlab_unicorn_worker is not valid') 606 | validate_re("${gitlab_bundler_jobs}", '^\d+$', 'gitlab_bundler_jobs is not valid') 607 | validate_re($ensure, '(present|latest)', 'ensure is not valid (present|latest)') 608 | validate_re("${ssh_port}", '^\d+$', 'ssh_port is not a valid port') 609 | validate_re($gitlab_default_projects_features_visibility_level, 'private|internal|public','gitlab_default_projects_features_visibility_level is not valid') 610 | 611 | if !is_ip_address($gitlab_unicorn_listen){ 612 | fail("${gitlab_unicorn_listen} is not a valid IP address") 613 | } 614 | 615 | if $gitlab_restricted_visibility_levels { 616 | validate_array($gitlab_restricted_visibility_levels) 617 | } 618 | if $omniauth { 619 | validate_hash($omniauth) 620 | } 621 | if $issues_tracker { 622 | validate_hash($issues_tracker) 623 | } 624 | 625 | validate_string($git_user) 626 | validate_string($git_email) 627 | validate_string($git_comment) 628 | validate_string($gitlab_sources) 629 | validate_string($gitlab_branch) 630 | validate_string($gitlabshell_sources) 631 | validate_string($gitlabshell_branch) 632 | validate_string($gitlab_dbname) 633 | validate_string($gitlab_dbuser) 634 | validate_string($gitlab_dbpwd) 635 | validate_string($gitlab_dbhost) 636 | validate_string($gitlab_bundler_flags) 637 | validate_string($ldap_base) 638 | validate_string($ldap_uid) 639 | validate_string($ldap_host) 640 | validate_string($google_analytics_id) 641 | validate_string($company_logo_url) 642 | validate_string($company_link) 643 | validate_string($company_name) 644 | 645 | anchor { 'gitlab::begin': } -> 646 | class { '::gitlab::setup': } -> 647 | class { '::gitlab::package': } -> 648 | class { '::gitlab::install': } -> 649 | class { '::gitlab::config': } -> 650 | class { '::gitlab::service': } -> 651 | anchor { 'gitlab::end': } 652 | 653 | } # Class:: gitlab 654 | -------------------------------------------------------------------------------- /manifests/install.pp: -------------------------------------------------------------------------------- 1 | # Class:: gitlab::install 2 | # 3 | # 4 | class gitlab::install inherits gitlab { 5 | 6 | # note that this is *without* 7 | $gitlab_without_gems = $gitlab_dbtype ? { 8 | 'mysql' => 'postgres', 9 | 'pgsql' => 'mysql', 10 | default => '', 11 | } 12 | 13 | Exec { 14 | user => $git_user, 15 | path => $exec_path, 16 | } 17 | 18 | File { 19 | owner => $git_user, 20 | group => $git_group, 21 | } 22 | 23 | # gitlab shell 24 | file { "${git_home}/gitlab-shell/config.yml": 25 | ensure => file, 26 | content => template('gitlab/gitlab-shell.config.yml.erb'), 27 | mode => '0644', 28 | } 29 | 30 | exec { 'install gitlab-shell': 31 | command => "ruby ${git_home}/gitlab-shell/bin/install", 32 | cwd => $git_home, 33 | creates => "${gitlab_repodir}/repositories", 34 | require => File["${git_home}/gitlab-shell/config.yml"], 35 | } 36 | 37 | # gitlab 38 | gitlab::config::database { 'gitlab': 39 | database => $gitlab_dbname, 40 | group => $git_group, 41 | host => $gitlab_dbhost, 42 | owner => $git_user, 43 | password => $gitlab_dbpwd, 44 | path => "${git_home}/gitlab/config/database.yml", 45 | port => $gitlab_dbport, 46 | type => $gitlab_dbtype, 47 | username => $gitlab_dbuser, 48 | } 49 | 50 | gitlab::config::unicorn { 'gitlab': 51 | group => $git_group, 52 | home => $git_home, 53 | http_timeout => $gitlab_http_timeout, 54 | owner => $git_user, 55 | path => "${git_home}/gitlab/config/unicorn.rb", 56 | relative_url_root => $gitlab_relative_url_root, 57 | unicorn_listen => $gitlab_unicorn_listen, 58 | unicorn_port => $gitlab_unicorn_port, 59 | unicorn_worker => $gitlab_unicorn_worker, 60 | } 61 | 62 | file { "${git_home}/gitlab/config/gitlab.yml": 63 | ensure => file, 64 | content => template('gitlab/gitlab.yml.erb'), 65 | mode => '0640', 66 | } 67 | 68 | gitlab::config::resque { 'gitlab': 69 | group => $git_group, 70 | owner => $git_user, 71 | path => "${git_home}/gitlab/config/resque.yml", 72 | redis_host => $gitlab_redishost, 73 | redis_port => $gitlab_redisport, 74 | } 75 | 76 | file { "${git_home}/gitlab/config/initializers/rack_attack.rb": 77 | ensure => file, 78 | source => "${git_home}/gitlab/config/initializers/rack_attack.rb.example", 79 | } 80 | 81 | if $gitlab_relative_url_root or $use_exim { 82 | file { "${git_home}/gitlab/config/application.rb": 83 | ensure => file, 84 | content => template('gitlab/application.rb.erb'), 85 | } 86 | } 87 | 88 | if($gitlab_bundler_jobs == '1') { 89 | $gitlab_bundler_jobs_flag = '' 90 | } else { 91 | $gitlab_bundler_jobs_flag = " -j${gitlab_bundler_jobs}" 92 | } 93 | exec { 'install gitlab': 94 | command => "bundle install${gitlab_bundler_jobs_flag} --without development aws test ${gitlab_without_gems} ${gitlab_bundler_flags}", 95 | cwd => "${git_home}/gitlab", 96 | unless => 'bundle check', 97 | timeout => 0, 98 | require => [ 99 | Gitlab::Config::Database['gitlab'], 100 | Gitlab::Config::Unicorn['gitlab'], 101 | File["${git_home}/gitlab/config/gitlab.yml"], 102 | Gitlab::Config::Resque['gitlab'], 103 | ], 104 | notify => Exec['run migrations'], 105 | } 106 | 107 | exec { 'setup gitlab database': 108 | command => '/usr/bin/yes yes | bundle exec rake gitlab:setup RAILS_ENV=production', 109 | cwd => "${git_home}/gitlab", 110 | creates => "${gitlab_setup_status_dir}/.gitlab_setup_done", 111 | require => [ 112 | Exec['install gitlab-shell'], 113 | Exec['install gitlab'], 114 | ], 115 | notify => Exec['precompile assets'], 116 | before => Exec['run migrations'], 117 | } 118 | 119 | exec { 'precompile assets': 120 | command => 'bundle exec rake assets:clean assets:precompile cache:clear RAILS_ENV=production', 121 | cwd => "${git_home}/gitlab", 122 | refreshonly => true, 123 | } 124 | 125 | exec { 'run migrations': 126 | command => 'bundle exec rake db:migrate RAILS_ENV=production', 127 | cwd => "${git_home}/gitlab", 128 | refreshonly => true, 129 | notify => Exec['precompile assets'], 130 | } 131 | 132 | file { 133 | "${gitlab_setup_status_dir}/.gitlab_setup_done": 134 | ensure => file, 135 | owner => 'root', 136 | group => 'root', 137 | require => Exec['setup gitlab database']; 138 | } 139 | 140 | if ($gitlab_manage_rbenv) { 141 | #gitlab-shell hooks must be updated to use the Ruby version installed by rbenv. 142 | #Use a script because different versions of gitlab-shell have a varying 143 | #set of hooks 144 | $ruby_cmd="${git_home}/.rbenv/shims/ruby" 145 | exec { 'fix ruby paths in gitlab-shell hooks': 146 | command => "ruby -p -i -e '\$_.sub!(/^#!.*ruby\$/,\"#!${ruby_cmd}\")' *", 147 | cwd => "${git_home}/gitlab-shell/hooks", 148 | onlyif => "head -q -n 1 * | egrep -v '^#!${ruby_cmd}\$'", 149 | require => Exec['install gitlab-shell'], 150 | } 151 | } 152 | 153 | } 154 | -------------------------------------------------------------------------------- /manifests/package.pp: -------------------------------------------------------------------------------- 1 | # Class:: gitlab::package 2 | # 3 | # 4 | class gitlab::package inherits gitlab { 5 | Vcsrepo { 6 | ensure => $ensure, 7 | provider => 'git', 8 | user => $git_user, 9 | } 10 | 11 | vcsrepo { "${git_home}/gitlab": 12 | source => $gitlab_sources, 13 | revision => $gitlab_branch, 14 | } 15 | vcsrepo { "${git_home}/gitlab-shell": 16 | source => $gitlabshell_sources, 17 | revision => $gitlabshell_branch, 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /manifests/params.pp: -------------------------------------------------------------------------------- 1 | # Class:: gitlab::params 2 | # 3 | # 4 | class gitlab::params { 5 | 6 | $ensure = 'present' 7 | $gitlab_manage_user = true 8 | $gitlab_manage_home = true 9 | $git_user = 'git' 10 | $git_group = $git_user 11 | $git_home = '/home/git' 12 | $git_email = 'git@someserver.net' 13 | $git_comment = 'GitLab' 14 | $git_bin_path = '/usr/bin/git' 15 | $git_max_size = 5242880 16 | $git_timeout = 10 17 | $gitlab_webhook_timeout = 10 18 | $gitlab_sources = 'git://github.com/gitlabhq/gitlabhq.git' 19 | $gitlab_branch = '7-12-stable' 20 | $gitlabshell_sources = 'git://github.com/gitlabhq/gitlab-shell.git' 21 | $gitlabshell_branch = 'v2.6.3' 22 | $gitlabshell_log_folder = undef 23 | $gitlab_log_folder = undef 24 | $gitlab_manage_nginx = true 25 | $gitlab_http_port = '80' 26 | $gitlab_ssl_port = '443' 27 | $gitlab_http_timeout = '60' 28 | $gitlab_redishost = '127.0.0.1' 29 | $gitlab_redisport = '6379' 30 | $gitlab_dbtype = 'mysql' 31 | $gitlab_dbname = 'gitlab_db' 32 | $gitlab_dbuser = 'gitlab_user' 33 | $gitlab_dbpwd = 'changeme' 34 | $gitlab_dbhost = 'localhost' 35 | $gitlab_dbport = '3306' 36 | $gitlab_domain = $::fqdn 37 | $gitlab_domain_alias = false 38 | $gitlab_repodir = $git_home 39 | $gitlab_satellitedir = $git_home 40 | $gitlab_setup_status_dir = $git_home 41 | $gitlab_backup = false 42 | $gitlab_backup_path = 'tmp/backups/' 43 | $gitlab_backup_keep_time = '0' 44 | $gitlab_backup_time = fqdn_rand(5)+1 45 | $gitlab_backup_postscript = false 46 | $gitlab_relative_url_root = false 47 | $gitlab_issue_closing_pattern = undef 48 | $gitlab_repository_downloads_path = 'tmp/repositories' 49 | $gitlab_restricted_visibility_levels = undef 50 | $gitlab_default_projects_features_issues = true 51 | $gitlab_default_projects_features_merge_requests = true 52 | $gitlab_default_projects_features_wiki = true 53 | $gitlab_default_projects_features_wall = false 54 | $gitlab_default_projects_features_snippets = false 55 | $gitlab_default_projects_features_visibility_level = 'private' 56 | $gitlab_time_zone = false 57 | $gitlab_email_enabled = true 58 | $gitlab_email_reply_to = "noreply@${gitlab_domain}" 59 | $gitlab_email_display_name= 'GitLab' 60 | $gitlab_support_email = 'support@localhost' 61 | $gitlab_ssl = false 62 | $gitlab_ssl_protocols = 'TLSv1.2 TLSv1.1 TLSv1' 63 | $gitlab_ssl_ciphers = 'AES:HIGH:!aNULL:!RC4:!MD5:!ADH:!MDF' 64 | $gitlab_ssl_cert = '/etc/ssl/certs/ssl-cert-snakeoil.pem' 65 | $gitlab_ssl_key = '/etc/ssl/private/ssl-cert-snakeoil.key' 66 | $gitlab_ssl_self_signed = false 67 | $gitlab_projects = '10' 68 | $gitlab_username_change = true 69 | $gitlab_unicorn_listen = '127.0.0.1' 70 | $gitlab_unicorn_port = '8080' 71 | $gitlab_unicorn_worker = '2' 72 | $gitlab_bundler_flags = '--deployment' 73 | $gitlab_bundler_jobs = 1 74 | $gitlab_ensure_postfix = true 75 | $gitlab_ensure_curl = true 76 | $gitlab_manage_rbenv = true 77 | $gitlab_ruby_version = '2.1.6' 78 | $gitlab_auth_file = "${git_home}/.ssh/authorized_keys" 79 | $gitlab_secret_file = undef 80 | $exec_path = "${git_home}/.rbenv/shims:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" 81 | $ldap_enabled = false 82 | $ldap_host = 'ldap.domain.com' 83 | $ldap_base = 'dc=domain,dc=com' 84 | $ldap_uid = 'uid' 85 | $ldap_user_filter = '' 86 | $ldap_port = '636' 87 | $ldap_method = 'ssl' 88 | $ldap_bind_dn = '' 89 | $ldap_bind_password = '' 90 | $ldap_active_directory = true 91 | $ldap_block_auto_created_users = false 92 | $ldap_sync_time = '' 93 | $ldap_group_base = '' 94 | $ldap_sync_ssh_keys = '' 95 | $ldap_admin_group = '' 96 | $issues_tracker = undef 97 | $omniauth = undef 98 | $ssh_port = '22' 99 | $google_analytics_id = '' 100 | $git_proxy = undef 101 | $company_logo_url = '' 102 | $company_link = '' 103 | $company_name = '' 104 | $gravatar_enabled = true 105 | $use_exim = false 106 | $webserver_service_name = 'nginx' 107 | 108 | # determine pre-requisite packages 109 | case $::osfamily { 110 | 'Debian': { 111 | # system packages 112 | $system_packages = ['libicu-dev', 'python2.7','python-docutils', 113 | 'libxml2-dev', 'libxslt1-dev','python-dev', 114 | 'cmake', 'pkg-config', 'libkrb5-dev', 'ruby-execjs'] 115 | } 116 | 'RedHat': { 117 | # system packages 118 | $system_packages = ['libicu-devel', 'perl-Time-HiRes','libxml2-devel', 119 | 'libxslt-devel','python-devel','libcurl-devel', 120 | 'readline-devel','openssl-devel','zlib-devel', 121 | 'cmake','libyaml-devel','patch','gcc-c++'] 122 | } 123 | default: { 124 | fail("${::osfamily} not supported yet") 125 | } 126 | } 127 | 128 | validate_array($system_packages) 129 | 130 | } # Class:: gitlab::params 131 | -------------------------------------------------------------------------------- /manifests/service.pp: -------------------------------------------------------------------------------- 1 | # Class:: gitlab::service 2 | # 3 | # 4 | class gitlab::service inherits gitlab { 5 | service { 'gitlab': 6 | ensure => running, 7 | hasstatus => true, 8 | hasrestart => true, 9 | enable => true, 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /manifests/setup.pp: -------------------------------------------------------------------------------- 1 | # Class:: gitlab::setup 2 | # 3 | # 4 | class gitlab::setup inherits gitlab { 5 | 6 | include ::git 7 | 8 | File { 9 | owner => $git_user, 10 | group => $git_group, 11 | } 12 | 13 | # user 14 | if($gitlab_manage_user) 15 | { 16 | user { $git_user: 17 | ensure => present, 18 | shell => '/bin/bash', 19 | password => '*', 20 | home => $git_home, 21 | comment => $git_comment, 22 | system => true, 23 | } 24 | } 25 | 26 | sshkey { 'localhost': 27 | ensure => present, 28 | host_aliases => $::fqdn, 29 | key => $::sshrsakey, 30 | type => 'ssh-rsa', 31 | } 32 | 33 | file { "${git_home}/.gitconfig": 34 | ensure => file, 35 | content => template('gitlab/git.gitconfig.erb'), 36 | mode => '0644', 37 | } 38 | 39 | # directories 40 | if($gitlab_manage_home) 41 | { 42 | file { $git_home: 43 | ensure => directory, 44 | mode => '0755', 45 | } 46 | } 47 | 48 | file { "${gitlab_satellitedir}/gitlab-satellites": 49 | ensure => directory, 50 | mode => '0750', 51 | } 52 | 53 | # database dependencies 54 | case $::osfamily { 55 | 'Debian': { 56 | case $gitlab_dbtype { 57 | 'mysql': { 58 | ensure_packages(['libmysql++-dev','libmysqlclient-dev']) 59 | } 60 | 'pgsql': { 61 | include ::postgresql::client 62 | include ::postgresql::lib::devel 63 | } 64 | default: { 65 | fail("unknow dbtype (${gitlab_dbtype})") 66 | } 67 | } 68 | } 69 | 'RedHat': { 70 | case $gitlab_dbtype { 71 | 'mysql': { 72 | if (versioncmp($::operatingsystemmajrelease, '7') >= 0) { 73 | $mysql_devel_package = 'mariadb-devel' 74 | } else { 75 | $mysql_devel_package = 'mysql-devel' 76 | } 77 | ensure_packages([$mysql_devel_package]) 78 | } 79 | 'pgsql': { 80 | include ::postgresql::lib::devel 81 | } 82 | default: { 83 | fail("unknow dbtype (${gitlab_dbtype})") 84 | } 85 | } 86 | } 87 | default: { 88 | fail("${::osfamily} not supported yet") 89 | } 90 | } # Case $::osfamily 91 | 92 | # dev. dependencies 93 | ensure_packages($gitlab::system_packages) 94 | 95 | if ($gitlab_manage_rbenv) { 96 | rbenv::install { $git_user: 97 | group => $git_group, 98 | home => $git_home, 99 | } 100 | 101 | # By default, puppet-rbenv sets ~/.profile to load rbenv, which is 102 | # read when bash is invoked as an interactive login shell, but we 103 | # also need ~/.bashrc to load rbenv (which is read by interactive 104 | # but non-login shells). This works, but may not be the best 105 | # solution, please see issue #114 if you have a better solution. 106 | file { "${git_home}/.bashrc": 107 | ensure => link, 108 | target => "${git_home}/.profile", 109 | require => Rbenv::Install[$git_user], 110 | } 111 | 112 | rbenv::compile { 'gitlab/ruby': 113 | user => $git_user, 114 | group => $git_group, 115 | home => $git_home, 116 | ruby => $gitlab_ruby_version, 117 | global => true, 118 | notify => [ 119 | Exec['install gitlab-shell'], 120 | Exec['install gitlab'], 121 | ], 122 | } 123 | 124 | #Gitlab <= 6.3 requires us to install the charlock_holmes gem 125 | rbenv::gem { 'charlock_holmes': 126 | ensure => '0.6.9.4', 127 | user => $git_user, 128 | home => $git_home, 129 | ruby => $gitlab_ruby_version, 130 | } 131 | } #end if ($gitlab_manage_rbenv) 132 | 133 | # other packages 134 | if $gitlab_ensure_curl { 135 | ensure_packages(['curl']) 136 | } 137 | 138 | if $gitlab_ensure_postfix { 139 | ensure_packages(['postfix']) 140 | } 141 | } 142 | -------------------------------------------------------------------------------- /metadata.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "sbadia-gitlab", 3 | "version": "1.1.0", 4 | "author": "Andrew Tomaka, Steffen Roegner, Igor Galic, Uwe Kleinmann, Matt Klich, Sebastien Badia", 5 | "summary": "Puppet GitLab Module", 6 | "license": "GPL-3.0", 7 | "source": "git://github.com/sbadia/puppet-gitlab.git", 8 | "project_page": "https://github.com/sbadia/puppet-gitlab/", 9 | "issues_url": "https://github.com/sbadia/puppet-gitlab/issues", 10 | "operatingsystem_support": [ 11 | { 12 | "operatingsystem": "RedHat", 13 | "operatingsystemrelease": ["5","6","7"] 14 | }, 15 | { 16 | "operatingsystem": "CentOS", 17 | "operatingsystemrelease": ["5","6","7"] 18 | }, 19 | { 20 | "operatingsystem": "Debian", 21 | "operatingsystemrelease": ["6","7"] 22 | }, 23 | { 24 | "operatingsystem": "Ubuntu", 25 | "operatingsystemrelease": ["12.04","14.04"] 26 | } 27 | ], 28 | "description": "Module to install GitLab using puppet", 29 | "tags": ["gitlab","git","vcs"], 30 | "dependencies": [ 31 | { "name": "alup/rbenv", "version_requirement": ">= 1.2.0 <= 2.0.0" }, 32 | { "name": "puppetlabs/stdlib", "version_requirement": ">= 3.1.0 <= 5.0.0" }, 33 | { "name": "puppetlabs/vcsrepo", "version_requirement": ">= 0.2.0 <= 2.0.0" }, 34 | { "name": "puppetlabs/git", "version_requirement": ">= 0.4.0 <= 1.0.0" }, 35 | { "name": "puppetlabs/mysql", "version_requirement": ">= 3.0.0 <= 4.0.0" }, 36 | { "name": "puppetlabs/postgresql", "version_requirement": ">=3.3.0 <5.0.0" }, 37 | { "name": "puppet/nodejs", "version_requirement": ">= 1.1.0 <= 2.0.0" }, 38 | { "name": "treydock/gpg_key", "version_requirement": ">= 0.0.3 <= 1.0.0" }, 39 | { "name": "jfryman/nginx", "version_requirement": ">= 0.2.7 <= 1.0.0" }, 40 | { "name": "evenup/logrotate", "version_requirement": ">= 1.0.0 <= 2.0.0" }, 41 | { "name": "fsalum/redis", "version_requirement": ">= 1.0.3 <= 2.0.0" } 42 | ] 43 | } 44 | -------------------------------------------------------------------------------- /spec/acceptance/gitlab_mysql_spec.rb: -------------------------------------------------------------------------------- 1 | require 'spec_helper_acceptance' 2 | 3 | describe 'gitlab class' do 4 | context 'default parameters' do 5 | hosts.each do |host| 6 | if fact('osfamily') == 'RedHat' 7 | if fact('architecture') == 'amd64' 8 | on host, "wget http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm; rpm -ivh epel-release-6-8.noarch.rpm" 9 | else 10 | on host, "wget http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm; rpm -ivh epel-release-6-8.noarch.rpm" 11 | end 12 | end 13 | end 14 | 15 | it 'should work with no errors' do 16 | pp= <<-EOS 17 | include redis 18 | include nginx 19 | include mysql::server 20 | include git 21 | include nodejs 22 | include logrotate 23 | 24 | mysql::db {'gitlab': user => 'user', password => 'password' } 25 | 26 | class {'gitlab': 27 | git_user => 'git', 28 | git_home => '/home/git', 29 | git_email => 'gitlab@fooboozoo.fr', 30 | git_comment => 'GitLab', 31 | gitlab_sources => 'https://github.com/gitlabhq/gitlabhq.git', 32 | gitlab_domain => 'gitlab.localdomain.local', 33 | gitlab_http_timeout => '300', 34 | gitlab_dbtype => 'mysql', 35 | gitlab_backup => true, 36 | gitlab_dbname => 'gitlab', 37 | gitlab_dbuser => 'user', 38 | gitlab_dbpwd => 'password', 39 | ldap_enabled => false, 40 | } 41 | EOS 42 | 43 | # Run it twice and test for idempotency 44 | apply_manifest(pp, :catch_failures => true) 45 | apply_manifest(pp, :catch_changes => true) 46 | end 47 | 48 | end 49 | end 50 | -------------------------------------------------------------------------------- /spec/acceptance/gitlab_postgresql_spec.rb: -------------------------------------------------------------------------------- 1 | require 'spec_helper_acceptance' 2 | 3 | describe 'gitlab class' do 4 | context 'using postgresql backend' do 5 | hosts.each do |host| 6 | if fact('osfamily') == 'RedHat' 7 | if fact('architecture') == 'amd64' 8 | on host, "wget http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm; rpm -ivh epel-release-6-8.noarch.rpm" 9 | else 10 | on host, "wget http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm; rpm -ivh epel-release-6-8.noarch.rpm" 11 | end 12 | end 13 | end 14 | 15 | it 'should work with no errors' do 16 | pp= <<-EOS 17 | include redis 18 | include nginx 19 | include postgresql::server 20 | include git 21 | include nodejs 22 | include logrotate 23 | 24 | postgresql::server::db { 'gitlab': 25 | user => 'user', 26 | password => postgresql_password('user', 'password'), 27 | } 28 | 29 | class {'gitlab': 30 | git_user => 'git', 31 | git_home => '/home/git', 32 | git_email => 'gitlab@fooboozoo.fr', 33 | git_comment => 'GitLab', 34 | gitlab_sources => 'https://github.com/gitlabhq/gitlabhq.git', 35 | gitlab_domain => 'gitlab.localdomain.local', 36 | gitlab_http_timeout => '300', 37 | gitlab_dbtype => 'pgsql', 38 | gitlab_backup => true, 39 | gitlab_dbname => 'gitlab', 40 | gitlab_dbuser => 'user', 41 | gitlab_dbpwd => 'password', 42 | gitlab_dbport => '5432', 43 | ldap_enabled => false, 44 | } 45 | EOS 46 | 47 | # Run it twice and test for idempotency 48 | apply_manifest(pp, :catch_failures => true) 49 | apply_manifest(pp, :catch_changes => true) 50 | end 51 | 52 | end 53 | end 54 | -------------------------------------------------------------------------------- /spec/acceptance/nodesets/centos-70-x64.yml: -------------------------------------------------------------------------------- 1 | HOSTS: 2 | centos-server-70-x64: 3 | roles: 4 | - master 5 | platform: el-7-x86_64 6 | box: puppetlabs/centos-7.0-64-nocm 7 | box_url: https://vagrantcloud.com/puppetlabs/centos-7.0-64-nocm 8 | hypervisor: vagrant 9 | CONFIG: 10 | log_level: debug 11 | type: foss 12 | -------------------------------------------------------------------------------- /spec/acceptance/nodesets/default.yml: -------------------------------------------------------------------------------- 1 | ubuntu-server-1404-x64.yml -------------------------------------------------------------------------------- /spec/acceptance/nodesets/ubuntu-server-1404-x64.yml: -------------------------------------------------------------------------------- 1 | HOSTS: 2 | ubuntu-server-1404-x64: 3 | roles: 4 | - master 5 | platform: ubuntu-14.04-amd64 6 | box: puppetlabs/ubuntu-14.04-64-nocm 7 | box_url: https://vagrantcloud.com/puppetlabs/ubuntu-14.04-64-nocm 8 | hypervisor: vagrant 9 | CONFIG: 10 | log_level: debug 11 | type: foss 12 | -------------------------------------------------------------------------------- /spec/classes/ci/gitlab_ci_runner_spec.rb: -------------------------------------------------------------------------------- 1 | require 'spec_helper' 2 | 3 | describe 'gitlab::ci::runner' do 4 | 5 | let :params do 6 | { 7 | :ci_server_url => 'ci.fooboozoo.fr', 8 | :registration_token => 'replaceme' 9 | } 10 | end 11 | 12 | it { is_expected.to contain_vcsrepo('/home/gitlab_ci_runner/gitlab-ci-runner').with( 13 | :ensure => 'present', 14 | :user => 'gitlab_ci_runner', 15 | :provider => 'git', 16 | :source => 'https://gitlab.com/gitlab-org/gitlab-ci-runner.git', 17 | :revision => '5-0-stable' 18 | )} 19 | 20 | it { is_expected.to contain_user('gitlab_ci_runner').with( 21 | :ensure => 'present', 22 | :comment => 'GitLab CI Runner', 23 | :home => '/home/gitlab_ci_runner', 24 | :managehome => true, 25 | :password => '*', 26 | :shell => '/bin/bash', 27 | :system => true 28 | )} 29 | 30 | it { is_expected.to contain_rbenv__install('gitlab_ci_runner').with( 31 | :group => 'gitlab_ci_runner', 32 | :home => '/home/gitlab_ci_runner' 33 | )} 34 | 35 | it { is_expected.to contain_file('/home/gitlab_ci_runner/.bashrc').with( 36 | :ensure => 'file', 37 | :content => 'source /home/gitlab_ci_runner/.rbenvrc', 38 | :require => 'Rbenv::Install[gitlab_ci_runner]' 39 | )} 40 | 41 | it { is_expected.to contain_rbenv__compile('gitlab-ci-runner/ruby').with( 42 | :user => 'gitlab_ci_runner', 43 | :home => '/home/gitlab_ci_runner', 44 | :ruby => '2.1.6', 45 | :global => true, 46 | :notify => 'Exec[install gitlab-ci-runner]' 47 | )} 48 | 49 | it { is_expected.to contain_exec('install gitlab-ci-runner').with( 50 | :user => 'gitlab_ci_runner', 51 | :path => '/home/gitlab_ci_runner/.rbenv/shims:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', 52 | :command => "bundle install --deployment", 53 | :unless => 'bundle check', 54 | :cwd => '/home/gitlab_ci_runner/gitlab-ci-runner', 55 | :timeout => 0, 56 | :notify => 'Exec[run gitlab-ci-runner setup]' 57 | )} 58 | 59 | it { is_expected.to contain_exec('run gitlab-ci-runner setup').with( 60 | :user => 'gitlab_ci_runner', 61 | :path => '/home/gitlab_ci_runner/.rbenv/shims:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', 62 | :command => 'bundle exec ./bin/setup', 63 | :cwd => '/home/gitlab_ci_runner/gitlab-ci-runner', 64 | :refreshonly => true, 65 | :environment => ["CI_SERVER_URL=#{params[:ci_server_url]}", "REGISTRATION_TOKEN=#{params[:registration_token]}"] 66 | )} 67 | 68 | it { is_expected.to contain_file('/etc/init.d/gitlab_ci_runner').with( 69 | :ensure => 'file', 70 | :owner => 'root', 71 | :group => 'root', 72 | :mode => '0755', 73 | :source => "/home/gitlab_ci_runner/gitlab-ci-runner/lib/support/init.d/gitlab_ci_runner" 74 | )} 75 | 76 | it { is_expected.to contain_service('gitlab_ci_runner').with( 77 | :ensure => 'running', 78 | :hasstatus => 'true', 79 | :hasrestart => 'true', 80 | :enable => 'true' 81 | )} 82 | 83 | end 84 | -------------------------------------------------------------------------------- /spec/classes/ci/gitlab_config_spec.rb: -------------------------------------------------------------------------------- 1 | require 'spec_helper' 2 | 3 | # Gitlab 4 | describe 'gitlab::ci' do 5 | let(:facts) {{ 6 | :fqdn => 'gitlab-ci.fooboozoo.fr', 7 | }} 8 | 9 | ## Parameter set 10 | # a non-default common parameter set 11 | let :params_set do 12 | { 13 | :ci_user => 'ci', 14 | :ci_home => '/srv/ci', 15 | :gitlab_http_timeout => '300' 16 | } 17 | end 18 | 19 | # a non-default parameter set for SSL support 20 | let :params_ssl do 21 | { 22 | :gitlab_ssl => true, 23 | :gitlab_ssl_self_signed => true 24 | } 25 | end 26 | 27 | ### Gitlab::config 28 | describe 'gitlab::config' do 29 | context 'with default params' do 30 | describe 'nginx config' do 31 | it { is_expected.to contain_file('/etc/nginx/conf.d/gitlab-ci.conf').with( 32 | :ensure => 'file', 33 | :owner => 'root', 34 | :group => 'root', 35 | :mode => '0644' 36 | )} 37 | it { is_expected.to contain_file('/etc/nginx/conf.d/gitlab-ci.conf').with_content(/^\s*server unix:\/home\/gitlab_ci\/gitlab-ci\/tmp\/sockets\/gitlab-ci.socket;$/)} 38 | it { is_expected.to contain_file('/etc/nginx/conf.d/gitlab-ci.conf').with_content(/^\s*listen 80;$/)} 39 | it { is_expected.to contain_file('/etc/nginx/conf.d/gitlab-ci.conf').with_content(/^\s*server_name gitlab-ci.fooboozoo.fr;$/)} 40 | it { is_expected.to contain_file('/etc/nginx/conf.d/gitlab-ci.conf').with_content(/^\s*server_tokens off;$/)} 41 | it { is_expected.to contain_file('/etc/nginx/conf.d/gitlab-ci.conf').with_content(/^\s*root \/home\/gitlab_ci\/gitlab-ci\/public;$/)} 42 | it { is_expected.to contain_file('/etc/nginx/conf.d/gitlab-ci.conf').with_content(/^\s*proxy_read_timeout 60;$/)} 43 | it { is_expected.to contain_file('/etc/nginx/conf.d/gitlab-ci.conf').with_content(/^\s*proxy_connect_timeout 60;$/)} 44 | end # nginx config 45 | describe 'gitlab init' do 46 | it { is_expected.to contain_file('/etc/init.d/gitlab_ci').with( 47 | :ensure => 'file', 48 | :owner => 'root', 49 | :group => 'root', 50 | :mode => '0755', 51 | :source => "/home/gitlab_ci/gitlab-ci/lib/support/init.d/gitlab_ci" 52 | )} 53 | end # gitlab init 54 | describe 'gitlab-ci directories' do 55 | ['gitlab-ci/tmp','gitlab-ci/tmp/pids','gitlab-ci/tmp/sockets','gitlab-ci/log','gitlab-ci/public'].each do |dir| 56 | it { is_expected.to contain_file("/home/gitlab_ci/#{dir}").with( 57 | :ensure => 'directory', 58 | :mode => '0755' 59 | )} 60 | end 61 | end # gitlab directories 62 | end # default params 63 | context 'with specifics params' do 64 | let(:params) { params_set } 65 | describe 'nginx config' do 66 | it { is_expected.to contain_file('/etc/nginx/conf.d/gitlab-ci.conf').with( 67 | :ensure => 'file', 68 | :owner => 'root', 69 | :group => 'root', 70 | :mode => '0644' 71 | )} 72 | it { is_expected.to contain_file('/etc/nginx/conf.d/gitlab-ci.conf').with_content(/^\s*server unix:#{params_set[:ci_home]}\/gitlab-ci\/tmp\/sockets\/gitlab-ci.socket;$/)} 73 | it { is_expected.to contain_file('/etc/nginx/conf.d/gitlab-ci.conf').with_content(/^\s*server_name gitlab-ci.fooboozoo.fr;$/)} 74 | it { is_expected.to contain_file('/etc/nginx/conf.d/gitlab-ci.conf').with_content(/^\s*server_tokens off;$/)} 75 | it { is_expected.to contain_file('/etc/nginx/conf.d/gitlab-ci.conf').with_content(/^\s*root #{params_set[:ci_home]}\/gitlab-ci\/public;$/)} 76 | it { is_expected.to contain_file('/etc/nginx/conf.d/gitlab-ci.conf').with_content(/^\s*proxy_read_timeout #{params_set[:gitlab_http_timeout]};$/)} 77 | it { is_expected.to contain_file('/etc/nginx/conf.d/gitlab-ci.conf').with_content(/^\s*proxy_connect_timeout #{params_set[:gitlab_http_timeout]};$/)} 78 | ["hostname1", "hostname1 hostname2.example.com hostname3.example.org"].each do |domain_alias| 79 | context "with domain_alias => #{domain_alias}" do 80 | let(:params) { params_set.merge(:gitlab_domain_alias => domain_alias)} 81 | it { is_expected.to contain_file('/etc/nginx/conf.d/gitlab-ci.conf').with_content(/^\s*server_name gitlab-ci.fooboozoo.fr #{domain_alias};$/)} 82 | end 83 | end 84 | context 'with ssl' do 85 | let(:params) { params_set.merge(params_ssl) } 86 | it { is_expected.to contain_file('/etc/nginx/conf.d/gitlab-ci.conf').with_content(/^\s*listen 443;$/)} 87 | it { is_expected.to contain_file('/etc/nginx/conf.d/gitlab-ci.conf').with_content(/^\s*ssl_certificate \/etc\/ssl\/certs\/ssl-cert-snakeoil.pem;$/)} 88 | it { is_expected.to contain_file('/etc/nginx/conf.d/gitlab-ci.conf').with_content(/^\s*ssl_certificate_key \/etc\/ssl\/private\/ssl-cert-snakeoil.key;$/)} 89 | it { is_expected.to contain_file('/etc/nginx/conf.d/gitlab-ci.conf').with_content(/^\s*proxy_set_header X-Forwarded-Ssl on;$/)} 90 | end 91 | ["hostname1", "hostname1 hostname2.example.com hostname3.example.org"].each do |domain_alias| 92 | context "with ssl and domain_alias => #{domain_alias}" do 93 | let(:params) { params_set.merge(:gitlab_domain_alias => domain_alias)} 94 | it { is_expected.to contain_file('/etc/nginx/conf.d/gitlab-ci.conf').with_content(/^\s*server_name gitlab-ci.fooboozoo.fr #{domain_alias};$/)} 95 | end 96 | end 97 | context 'with ssl and custom certs' do 98 | let(:params) { params_set.merge(params_ssl.merge({:gitlab_ssl_cert => '/srv/ssl/gitlab.pem',:gitlab_ssl_key => '/srv/ssl/gitlab.key'})) } 99 | it { is_expected.to contain_file('/etc/nginx/conf.d/gitlab-ci.conf').with_content(/^\s*ssl_certificate \/srv\/ssl\/gitlab.pem;$/)} 100 | it { is_expected.to contain_file('/etc/nginx/conf.d/gitlab-ci.conf').with_content(/^\s*ssl_certificate_key \/srv\/ssl\/gitlab.key;$/)} 101 | end 102 | end # nginx config 103 | describe 'gitlab init' do 104 | it { is_expected.to contain_file('/etc/init.d/gitlab_ci').with( 105 | :ensure => 'file', 106 | :owner => 'root', 107 | :group => 'root', 108 | :mode => '0755', 109 | :source => "#{params_set[:ci_home]}/gitlab-ci/lib/support/init.d/gitlab_ci" 110 | )} 111 | end # gitlab init 112 | describe 'gitlab-ci directories' do 113 | ['gitlab-ci/tmp','gitlab-ci/tmp/pids','gitlab-ci/tmp/sockets','gitlab-ci/log','gitlab-ci/public'].each do |dir| 114 | it { is_expected.to contain_file("#{params_set[:ci_home]}/#{dir}").with( 115 | :ensure => 'directory', 116 | :mode => '0755' 117 | )} 118 | end 119 | end # gitlab directories 120 | end # specifics params 121 | end # gitlab::config 122 | end # gitlab 123 | -------------------------------------------------------------------------------- /spec/classes/ci/gitlab_install_spec.rb: -------------------------------------------------------------------------------- 1 | require 'spec_helper' 2 | 3 | # Gitlab 4 | describe 'gitlab::ci' do 5 | 6 | ## Parameter set 7 | # a non-default common parameter set 8 | let :params_set do 9 | { 10 | :ci_user => 'ci', 11 | :ci_home => '/srv/ci', 12 | :ci_email => 'ci@fooboozoo.fr', 13 | :gitlab_redishost => 'redis.fooboozoo.fr', 14 | :gitlab_redisport => '9736', 15 | :gitlab_dbname => 'gitlab_production', 16 | :gitlab_dbuser => 'baltig', 17 | :gitlab_dbpwd => 'Cie7cheewei 'sql.fooboozoo.fr', 19 | :gitlab_dbport => '2345', 20 | :gitlab_http_timeout => '300', 21 | :gitlab_unicorn_port => '8888', 22 | :gitlab_unicorn_worker => '8', 23 | :bundler_flags => '--no-deployment', 24 | :bundler_jobs => '2', 25 | :exec_path => '/opt/bw/bin:/bin:/usr/bin:/usr/sbin:/sbin:/usr/local/bin:/usr/local/sbin', 26 | } 27 | end 28 | 29 | # a non-default parameter set for SSL support 30 | let :params_ssl do 31 | { 32 | :gitlab_ssl => true, 33 | :gitlab_ssl_self_signed => true 34 | } 35 | end 36 | 37 | # a non-default parameter set for SSL support with a non-default port 38 | let :params_ssl_non do 39 | { 40 | :gitlab_ssl => true, 41 | :gitlab_ssl_self_signed => true, 42 | :gitlab_ssl_port => '4443' 43 | } 44 | end 45 | 46 | ## Gitlab::install 47 | describe 'gitlab::ci::install' do 48 | context 'with default params' do 49 | describe 'install gitlab ci' do 50 | it { is_expected.to contain_exec('install gitlab-ci').with( 51 | :user => 'gitlab_ci', 52 | :path => '/home/gitlab_ci/.rbenv/shims:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', 53 | :command => "bundle install --without development aws test postgres --deployment", 54 | :unless => 'bundle check', 55 | :cwd => '/home/gitlab_ci/gitlab-ci', 56 | :timeout => 0, 57 | :require => ['Gitlab::Config::Database[gitlab-ci]', 58 | 'Gitlab::Config::Unicorn[gitlab-ci]', 59 | 'File[/home/gitlab_ci/gitlab-ci/config/application.yml]', 60 | 'Gitlab::Config::Resque[gitlab-ci]'], 61 | :notify => 'Exec[run gitlab-ci migrations]' 62 | )} 63 | it { is_expected.to contain_exec('run gitlab-ci migrations').with( 64 | :command => 'bundle exec rake db:migrate RAILS_ENV=production', 65 | :cwd => '/home/gitlab_ci/gitlab-ci', 66 | :refreshonly => 'true', 67 | :notify => 'Exec[precompile gitlab-ci assets]' 68 | )} 69 | it { is_expected.to contain_exec('run gitlab-ci schedules').with( 70 | :command => 'bundle exec whenever -w RAILS_ENV=production', 71 | :cwd => '/home/gitlab_ci/gitlab-ci', 72 | :refreshonly => 'true' 73 | )} 74 | context 'postgresql' do 75 | let(:params) {{ :gitlab_dbtype => 'pgsql' }} 76 | it { is_expected.to contain_exec('install gitlab-ci').with( 77 | :user => 'gitlab_ci', 78 | :path => '/home/gitlab_ci/.rbenv/shims:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', 79 | :command => "bundle install --without development aws test mysql --deployment", 80 | :unless => 'bundle check', 81 | :cwd => '/home/gitlab_ci/gitlab-ci', 82 | :timeout => 0, 83 | :require => ['Gitlab::Config::Database[gitlab-ci]', 84 | 'Gitlab::Config::Unicorn[gitlab-ci]', 85 | 'File[/home/gitlab_ci/gitlab-ci/config/application.yml]', 86 | 'Gitlab::Config::Resque[gitlab-ci]'] 87 | )} 88 | end # pgsql 89 | end # install gitlab 90 | describe 'setup gitlab-ci database' do 91 | it { is_expected.to contain_exec('setup gitlab-ci database').with( 92 | :user => 'gitlab_ci', 93 | :path => '/home/gitlab_ci/.rbenv/shims:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', 94 | :command => '/usr/bin/yes yes | bundle exec rake setup RAILS_ENV=production && touch /home/gitlab_ci/.gitlab-ci_setup_done', 95 | :cwd => '/home/gitlab_ci/gitlab-ci', 96 | :creates => '/home/gitlab_ci/.gitlab-ci_setup_done', 97 | :before => 'Exec[run gitlab-ci migrations]', 98 | :require => 'Exec[install gitlab-ci]', 99 | :notify => ['Exec[precompile gitlab-ci assets]','Exec[run gitlab-ci schedules]'] 100 | )} 101 | it { is_expected.to contain_exec('precompile gitlab-ci assets').with( 102 | :command => 'bundle exec rake assets:clean assets:precompile cache:clear RAILS_ENV=production', 103 | :cwd => '/home/gitlab_ci/gitlab-ci', 104 | :refreshonly => 'true' 105 | )} 106 | end # setup gitlab database 107 | end # defaults params 108 | context 'with specifics params' do 109 | let(:params) { params_set } 110 | 111 | describe 'install gitlab-ci' do 112 | it { is_expected.to contain_exec('install gitlab-ci').with( 113 | :user => params_set[:ci_user], 114 | :path => params_set[:exec_path], 115 | :command => "bundle install --without development aws test postgres #{params_set[:bundler_flags]}", 116 | :unless => 'bundle check', 117 | :cwd => "#{params_set[:ci_home]}/gitlab-ci", 118 | :timeout => 0, 119 | :require => ['Gitlab::Config::Database[gitlab-ci]', 120 | 'Gitlab::Config::Unicorn[gitlab-ci]', 121 | "File[#{params_set[:ci_home]}/gitlab-ci/config/application.yml]", 122 | 'Gitlab::Config::Resque[gitlab-ci]'] 123 | )} 124 | context 'postgresql' do 125 | let(:params) { params_set.merge({ :gitlab_dbtype => 'pgsql' }) } 126 | it { is_expected.to contain_exec('install gitlab-ci').with( 127 | :user => params_set[:ci_user], 128 | :path => params_set[:exec_path], 129 | :command => "bundle install --without development aws test mysql #{params_set[:bundler_flags]}", 130 | :unless => 'bundle check', 131 | :cwd => "#{params_set[:ci_home]}/gitlab-ci", 132 | :timeout => 0, 133 | :require => ['Gitlab::Config::Database[gitlab-ci]', 134 | 'Gitlab::Config::Unicorn[gitlab-ci]', 135 | "File[#{params_set[:ci_home]}/gitlab-ci/config/application.yml]", 136 | 'Gitlab::Config::Resque[gitlab-ci]'] 137 | )} 138 | end # pgsql 139 | end # install gitlab-ci 140 | describe 'setup gitlab-ci database' do 141 | it { is_expected.to contain_exec('setup gitlab-ci database').with( 142 | :user => params_set[:ci_user], 143 | :path => params_set[:exec_path], 144 | :command => "/usr/bin/yes yes | bundle exec rake setup RAILS_ENV=production && touch #{params_set[:ci_home]}/.gitlab-ci_setup_done", 145 | :cwd => "#{params_set[:ci_home]}/gitlab-ci", 146 | :creates => "#{params_set[:ci_home]}/.gitlab-ci_setup_done", 147 | :require => 'Exec[install gitlab-ci]' 148 | )} 149 | end # setup gitlab-ci database 150 | end # with params 151 | end # gitlab-ci::install 152 | end # gitlab-ci 153 | -------------------------------------------------------------------------------- /spec/classes/ci/gitlab_package_spec.rb: -------------------------------------------------------------------------------- 1 | require 'spec_helper' 2 | 3 | # Gitlab 4 | describe 'gitlab::ci' do 5 | 6 | ## Parameter set 7 | # a non-default common parameter set 8 | let :params_set do 9 | { 10 | :ci_user => 'ci', 11 | :ci_home => '/srv/ci', 12 | :gitlabci_sources => 'https://github.com/gitlabhq/gitlabci', 13 | :gitlabci_branch => '4-2-stable' 14 | } 15 | end 16 | 17 | ## Gitlab::package 18 | describe 'gitlab::ci::package' do 19 | describe 'get gitlabci sources' do 20 | context 'with default params' do 21 | it { is_expected.to contain_vcsrepo('/home/gitlab_ci/gitlab-ci').with( 22 | :ensure => 'present', 23 | :user => 'gitlab_ci', 24 | :provider => 'git', 25 | :source => 'git://github.com/gitlabhq/gitlab-ci.git', 26 | :revision => '5-0-stable' 27 | )} 28 | end 29 | context 'with specifics params' do 30 | let(:params) { params_set } 31 | it { is_expected.to contain_vcsrepo("#{params_set[:ci_home]}/gitlab-ci").with( 32 | :ensure => 'present', 33 | :user => params_set[:ci_user], 34 | :provider => 'git', 35 | :source => params_set[:gitlabci_sources], 36 | :revision => params_set[:gitlabci_branch] 37 | )} 38 | end 39 | end # get gitlab sources 40 | end # gitlab::ci::package 41 | end # gitlab 42 | -------------------------------------------------------------------------------- /spec/classes/ci/gitlab_service_spec.rb: -------------------------------------------------------------------------------- 1 | require 'spec_helper' 2 | 3 | # Gitlab 4 | describe 'gitlab::ci' do 5 | 6 | ### Gitlab::service 7 | describe 'gitlab::ci::service' do 8 | it { is_expected.to contain_service('gitlab_ci').with( 9 | :ensure => 'running', 10 | :hasstatus => 'true', 11 | :hasrestart => 'true', 12 | :enable => 'true' 13 | )} 14 | end 15 | end 16 | -------------------------------------------------------------------------------- /spec/classes/ci/gitlab_setup_spec.rb: -------------------------------------------------------------------------------- 1 | require 'spec_helper' 2 | 3 | # Gitlab 4 | describe 'gitlab::ci' do 5 | 6 | ## Parameter set 7 | # a non-default common parameter set 8 | let :params_set do 9 | { 10 | :ci_user => 'ci', 11 | :ci_home => '/srv/ci', 12 | :ci_comment => 'ci user' 13 | } 14 | end 15 | 16 | ## Gitlab::setup 17 | describe 'gitlab::ci::setup' do 18 | 19 | ### User, gitconfig, home and satellites 20 | describe 'user, home' do 21 | context 'with default params' do 22 | it { is_expected.to contain_user('gitlab_ci').with( 23 | :ensure => 'present', 24 | :shell => '/bin/bash', 25 | :password => '*', 26 | :home => '/home/gitlab_ci', 27 | :comment => 'GitLab CI', 28 | :system => true, 29 | :managehome => true 30 | )} 31 | end 32 | context 'with specifics params' do 33 | let(:params) { params_set } 34 | it { is_expected.to contain_user(params_set[:ci_user]).with( 35 | :ensure => 'present', 36 | :shell => '/bin/bash', 37 | :password => '*', 38 | :home => params_set[:ci_home], 39 | :comment => params_set[:ci_comment], 40 | :system => true, 41 | :managehome => true 42 | )} 43 | end 44 | 45 | ### Ruby 46 | describe 'rbenv' do 47 | context 'with default params' do 48 | it { is_expected.to contain_rbenv__install('gitlab_ci').with( 49 | :group => 'gitlab_ci', 50 | :home => '/home/gitlab_ci' 51 | )} 52 | it { is_expected.to contain_file('/home/gitlab_ci/.bashrc').with( 53 | :ensure => 'file', 54 | :content => 'source /home/gitlab_ci/.rbenvrc', 55 | :require => 'Rbenv::Install[gitlab_ci]' 56 | )} 57 | it { is_expected.to contain_rbenv__compile('gitlabci/ruby').with( 58 | :user => 'gitlab_ci', 59 | :home => '/home/gitlab_ci', 60 | :ruby => '2.1.6', 61 | :global => true, 62 | :notify => 'Exec[install gitlab-ci]' 63 | )} 64 | end 65 | end 66 | end 67 | 68 | end # gitlab::ci::setup 69 | end # gitlab 70 | -------------------------------------------------------------------------------- /spec/classes/coverage_spec.rb: -------------------------------------------------------------------------------- 1 | #at_exit { RSpec::Puppet::Coverage.report! } 2 | -------------------------------------------------------------------------------- /spec/classes/gitlab_ci_spec.rb: -------------------------------------------------------------------------------- 1 | require 'spec_helper' 2 | 3 | # Gitlab 4 | describe 'gitlab::ci' do 5 | 6 | describe 'gitlab::ci internal' do 7 | it { is_expected.to contain_anchor('gitlab::ci::begin') } 8 | it { is_expected.to contain_class('gitlab::ci::setup') } 9 | it { is_expected.to contain_class('gitlab::ci::package') } 10 | it { is_expected.to contain_class('gitlab::ci::install') } 11 | it { is_expected.to contain_class('gitlab::ci::config') } 12 | it { is_expected.to contain_class('gitlab::ci::service') } 13 | it { is_expected.to contain_anchor('gitlab::ci::end') } 14 | 15 | it { is_expected.to contain_class('gitlab::ci::params') } 16 | it { is_expected.to contain_class('gitlab::ci') } 17 | end 18 | 19 | end # gitlab::ci 20 | -------------------------------------------------------------------------------- /spec/classes/gitlab_config_spec.rb: -------------------------------------------------------------------------------- 1 | require 'spec_helper' 2 | 3 | # Gitlab 4 | describe 'gitlab' do 5 | 6 | ## Parameter set 7 | # a non-default common parameter set 8 | let :params_set do 9 | { 10 | :git_user => 'gitlab', 11 | :git_home => '/srv/gitlab', 12 | :gitlab_http_timeout => '300', 13 | :webserver_service_name => 'nginx', 14 | } 15 | end 16 | 17 | # a non-default parameter set for SSL support 18 | let :params_ssl do 19 | { 20 | :gitlab_ssl => true, 21 | :gitlab_ssl_self_signed => true 22 | } 23 | end 24 | 25 | # a non-default parameter set with non-default http port 26 | let :params_backup do 27 | { 28 | :gitlab_backup => true, 29 | :gitlab_backup_time => '7', 30 | :gitlab_backup_keep_time => "#{ 60*60*24*30 }", 31 | :gitlab_backup_postscript => [ 32 | 'rsync -a --delete --max-delete=15 /home/git/gitlab/tmp/backups/ backup@backup01.esat:/queue/in/git01.esat', 33 | ], 34 | } 35 | end 36 | 37 | ### Gitlab::config 38 | describe 'gitlab::config' do 39 | context 'with default params' do 40 | describe 'nginx config' do 41 | it { is_expected.to contain_file('/etc/nginx/conf.d/gitlab.conf').with( 42 | :ensure => 'file', 43 | :owner => 'root', 44 | :group => 'root', 45 | :mode => '0644', 46 | :notify => "Service[#{params_set[:webserver_service_name]}]" 47 | )} 48 | it { is_expected.to contain_file('/etc/nginx/conf.d/gitlab.conf').with_content(/^\s*server unix:\/home\/git\/gitlab\/tmp\/sockets\/gitlab.socket;$/)} 49 | it { is_expected.to contain_file('/etc/nginx/conf.d/gitlab.conf').with_content(/^\s*listen 80;$/)} 50 | it { is_expected.to contain_file('/etc/nginx/conf.d/gitlab.conf').with_content(/^\s*server_name gitlab.fooboozoo.fr;$/)} 51 | it { is_expected.to contain_file('/etc/nginx/conf.d/gitlab.conf').with_content(/^\s*server_tokens off;$/)} 52 | it { is_expected.to contain_file('/etc/nginx/conf.d/gitlab.conf').with_content(/^\s*root \/home\/git\/gitlab\/public;$/)} 53 | it { is_expected.to contain_file('/etc/nginx/conf.d/gitlab.conf').with_content(/^\s*proxy_read_timeout 60;$/)} 54 | it { is_expected.to contain_file('/etc/nginx/conf.d/gitlab.conf').with_content(/^\s*proxy_connect_timeout 60;$/)} 55 | end # nginx config 56 | describe 'gitlab init' do 57 | it { is_expected.to contain_file('/etc/default/gitlab').with( 58 | :ensure => 'file', 59 | :owner => 'root', 60 | :group => 'root', 61 | :mode => '0644' 62 | )} 63 | it { is_expected.to contain_file('/etc/default/gitlab').with_content(/^\s*app_root="\/home\/git\/gitlab"$/)} 64 | it { is_expected.to contain_file('/etc/default/gitlab').with_content(/^\s*app_user="git"$/)} 65 | end # gitlab default 66 | describe 'gitlab init' do 67 | it { is_expected.to contain_file('/etc/init.d/gitlab').with( 68 | :ensure => 'file', 69 | :owner => 'root', 70 | :group => 'root', 71 | :mode => '0755', 72 | :require => 'File[/etc/default/gitlab]', 73 | :source => '/home/git/gitlab/lib/support/init.d/gitlab' 74 | )} 75 | end # gitlab init 76 | describe 'gitlab logrotate' do 77 | it { is_expected.to contain_file("/etc/logrotate.d/gitlab").with( 78 | :ensure => 'file', 79 | :source => '/home/git/gitlab/lib/support/logrotate/gitlab', 80 | :owner => 'root', 81 | :group => 'root', 82 | :mode => '0644' 83 | )} 84 | end # gitlab logrotate 85 | describe 'gitlab directories' do 86 | ['gitlab/tmp','gitlab/tmp/pids','gitlab/tmp/sockets','gitlab/log','gitlab/public','gitlab/public/uploads'].each do |dir| 87 | it { is_expected.to contain_file("/home/git/#{dir}").with( 88 | :ensure => 'directory', 89 | :mode => '0755' 90 | )} 91 | end 92 | end # gitlab directories 93 | 94 | describe 'no gitlab backup by default' do 95 | it { is_expected.not_to contain_file("/usr/local/sbin/gitlab-backup.sh") } 96 | it { is_expected.not_to contain_cron("gitlab backup ") } 97 | end # no gitlab backup by default 98 | 99 | end # default params 100 | context 'with specifics params' do 101 | let(:params) { params_set } 102 | describe 'nginx config' do 103 | it { is_expected.to contain_file('/etc/nginx/conf.d/gitlab.conf').with( 104 | :ensure => 'file', 105 | :owner => 'root', 106 | :group => 'root', 107 | :mode => '0644' 108 | )} 109 | it { is_expected.to contain_file('/etc/nginx/conf.d/gitlab.conf').with_content(/^\s*server unix:#{params_set[:git_home]}\/gitlab\/tmp\/sockets\/gitlab.socket;$/)} 110 | it { is_expected.to contain_file('/etc/nginx/conf.d/gitlab.conf').with_content(/^\s*server_name gitlab.fooboozoo.fr;$/)} 111 | it { is_expected.to contain_file('/etc/nginx/conf.d/gitlab.conf').with_content(/^\s*server_tokens off;$/)} 112 | it { is_expected.to contain_file('/etc/nginx/conf.d/gitlab.conf').with_content(/^\s*root #{params_set[:git_home]}\/gitlab\/public;$/)} 113 | it { is_expected.to contain_file('/etc/nginx/conf.d/gitlab.conf').with_content(/^\s*proxy_read_timeout #{params_set[:gitlab_http_timeout]};$/)} 114 | it { is_expected.to contain_file('/etc/nginx/conf.d/gitlab.conf').with_content(/^\s*proxy_connect_timeout #{params_set[:gitlab_http_timeout]};$/)} 115 | ["hostname1", "hostname1 hostname2.example.com hostname3.example.org"].each do |domain_alias| 116 | context "with domain_alias => #{domain_alias}" do 117 | let(:params) { params_set.merge(:gitlab_domain_alias => domain_alias)} 118 | it { is_expected.to contain_file('/etc/nginx/conf.d/gitlab.conf').with_content(/^\s*server_name gitlab.fooboozoo.fr #{domain_alias};$/)} 119 | end 120 | end 121 | context 'with ssl' do 122 | let(:params) { params_set.merge(params_ssl) } 123 | it { is_expected.to contain_file('/etc/nginx/conf.d/gitlab.conf').with_content(/^\s*listen 443;$/)} 124 | it { is_expected.to contain_file('/etc/nginx/conf.d/gitlab.conf').with_content(/^\s*ssl_certificate \/etc\/ssl\/certs\/ssl-cert-snakeoil.pem;$/)} 125 | it { is_expected.to contain_file('/etc/nginx/conf.d/gitlab.conf').with_content(/^\s*ssl_certificate_key \/etc\/ssl\/private\/ssl-cert-snakeoil.key;$/)} 126 | it { is_expected.to contain_file('/etc/nginx/conf.d/gitlab.conf').with_content(/^\s*ssl_protocols TLSv1.2 TLSv1.1 TLSv1;$/)} 127 | it { is_expected.to contain_file('/etc/nginx/conf.d/gitlab.conf').with_content(/^\s*ssl_ciphers AES:HIGH:!aNULL:!RC4:!MD5:!ADH:!MDF;$/)} 128 | it { is_expected.to contain_file('/etc/nginx/conf.d/gitlab.conf').with_content(/^\s*proxy_set_header X-Forwarded-Ssl on;$/)} 129 | end 130 | ["hostname1", "hostname1 hostname2.example.com hostname3.example.org"].each do |domain_alias| 131 | context "with ssl and domain_alias => #{domain_alias}" do 132 | let(:params) { params_set.merge(:gitlab_domain_alias => domain_alias)} 133 | it { is_expected.to contain_file('/etc/nginx/conf.d/gitlab.conf').with_content(/^\s*server_name gitlab.fooboozoo.fr #{domain_alias};$/)} 134 | end 135 | end 136 | context 'with ssl and custom certs' do 137 | let(:params) { params_set.merge(params_ssl.merge({:gitlab_ssl_cert => '/srv/ssl/gitlab.pem',:gitlab_ssl_key => '/srv/ssl/gitlab.key'})) } 138 | it { is_expected.to contain_file('/etc/nginx/conf.d/gitlab.conf').with_content(/^\s*ssl_certificate \/srv\/ssl\/gitlab.pem;$/)} 139 | it { is_expected.to contain_file('/etc/nginx/conf.d/gitlab.conf').with_content(/^\s*ssl_certificate_key \/srv\/ssl\/gitlab.key;$/)} 140 | end 141 | end # nginx config 142 | 143 | context 'with backup' do 144 | let(:params) { params_set.merge(params_backup) } 145 | it { is_expected.to contain_file('/usr/local/sbin/backup-gitlab.sh').with_content(/^\s*rsync -a --delete --max-delete=15.*$/)} 146 | it { is_expected.to contain_file('/usr/local/sbin/backup-gitlab.sh').with_content(/^\s*cd #{params_set[:git_home]}\/gitlab$/)} 147 | it { is_expected.to contain_cron('gitlab backup').with( 148 | :command => '/usr/local/sbin/backup-gitlab.sh', 149 | :hour => '7', 150 | :user => params_set[:git_user] 151 | )} 152 | it { is_expected.to contain_file("#{params_set[:git_home]}/gitlab/config/gitlab.yml").with_content(/^\s*keep_time: 2592000$/)} 153 | end 154 | 155 | describe 'gitlab default' do 156 | it { is_expected.to contain_file('/etc/default/gitlab').with( 157 | :ensure => 'file', 158 | :owner => 'root', 159 | :group => 'root', 160 | :mode => '0644' 161 | )} 162 | it { is_expected.to contain_file('/etc/default/gitlab').with_content(/^\s*app_root="#{params_set[:git_home]}\/gitlab"$/)} 163 | it { is_expected.to contain_file('/etc/default/gitlab').with_content(/^\s*app_user="#{params_set[:git_user]}"$/)} 164 | end # gitlab default 165 | describe 'gitlab init' do 166 | it { is_expected.to contain_file('/etc/init.d/gitlab').with( 167 | :ensure => 'file', 168 | :owner => 'root', 169 | :group => 'root', 170 | :mode => '0755', 171 | :require => 'File[/etc/default/gitlab]', 172 | :source => "#{params_set[:git_home]}/gitlab/lib/support/init.d/gitlab" 173 | )} 174 | end # gitlab init 175 | describe 'gitlab logrotate' do 176 | it { is_expected.to contain_file("/etc/logrotate.d/gitlab").with( 177 | :ensure => 'file', 178 | :source => "#{params_set[:git_home]}/gitlab/lib/support/logrotate/gitlab", 179 | :owner => 'root', 180 | :group => 'root', 181 | :mode => '0644' 182 | )} 183 | end # gitlab logrotate 184 | describe 'gitlab directories' do 185 | ['gitlab/tmp','gitlab/tmp/pids','gitlab/tmp/sockets','gitlab/log','gitlab/public','gitlab/public/uploads'].each do |dir| 186 | it { is_expected.to contain_file("#{params_set[:git_home]}/#{dir}").with( 187 | :ensure => 'directory', 188 | :mode => '0755' 189 | )} 190 | end 191 | end # gitlab directories 192 | end # specifics params 193 | end # gitlab::config 194 | end # gitlab 195 | -------------------------------------------------------------------------------- /spec/classes/gitlab_init_spec.rb: -------------------------------------------------------------------------------- 1 | require 'spec_helper' 2 | 3 | # Gitlab 4 | describe 'gitlab' do 5 | 6 | describe 'input validation' do 7 | 8 | describe 'on a unsupported os' do 9 | let(:facts) {{ :osfamily => 'Rainbow' }} 10 | it_raises 'a Puppet::Error', /Rainbow not supported yet/ 11 | end 12 | 13 | describe 'unknown dbtype' do 14 | let(:params) {{ :gitlab_dbtype => 'yatta' }} 15 | it_raises 'a Puppet::Error', /gitlab_dbtype is not supported/ 16 | end 17 | end 18 | 19 | describe 'gitlab internal' do 20 | it { is_expected.to contain_anchor('gitlab::begin') } 21 | it { is_expected.to contain_class('gitlab::setup') } 22 | it { is_expected.to contain_class('gitlab::package') } 23 | it { is_expected.to contain_class('gitlab::install') } 24 | it { is_expected.to contain_class('gitlab::config') } 25 | it { is_expected.to contain_class('gitlab::service') } 26 | it { is_expected.to contain_anchor('gitlab::end') } 27 | 28 | it { is_expected.to contain_class('gitlab::params') } 29 | it { is_expected.to contain_class('gitlab') } 30 | end 31 | 32 | end # gitlab 33 | -------------------------------------------------------------------------------- /spec/classes/gitlab_install_spec.rb: -------------------------------------------------------------------------------- 1 | require 'spec_helper' 2 | 3 | # Gitlab 4 | describe 'gitlab' do 5 | 6 | ## Parameter set 7 | # a non-default common parameter set 8 | let :params_set do 9 | { 10 | :git_user => 'gitlab', 11 | :git_group => 'gitgroup', 12 | :git_home => '/srv/gitlab', 13 | :git_email => 'gitlab@fooboozoo.fr', 14 | :gitlab_repodir => '/mnt/nas', 15 | :gitlab_redishost => 'redis.fooboozoo.fr', 16 | :gitlab_redisport => '9736', 17 | :gitlab_dbname => 'gitlab_production', 18 | :gitlab_dbuser => 'baltig', 19 | :gitlab_dbpwd => 'Cie7cheewei 'sql.fooboozoo.fr', 21 | :gitlab_dbport => '2345', 22 | :gitlab_relative_url_root => '/myfoobooforge', 23 | :gitlab_http_timeout => '300', 24 | :gitlab_projects => '42', 25 | :gitlab_username_change => false, 26 | :gitlab_unicorn_port => '8888', 27 | :gitlab_unicorn_worker => '8', 28 | :gitlab_bundler_flags => '--no-deployment', 29 | :gitlab_bundler_jobs => '2', 30 | :exec_path => '/opt/bw/bin:/bin:/usr/bin:/usr/sbin:/sbin:/usr/local/bin:/usr/local/sbin', 31 | :ldap_host => 'ldap.fooboozoo.fr', 32 | :ldap_base => 'dc=fooboozoo,dc=fr', 33 | :ldap_port => '666', 34 | :ldap_uid => 'cn', 35 | :ldap_user_filter => 'employeeType=developer', 36 | :ldap_method => 'tls', 37 | :ldap_bind_dn => 'uid=gitlab,o=bots,dc=fooboozoo,dc=fr', 38 | :ldap_bind_password => 'aV!oo1ier5ahch;a', 39 | :ssh_port => '2223', 40 | :google_analytics_id => 'UA-12345678-9', 41 | :company_logo_url => 'http://fooboozoo.fr/logo.png', 42 | :company_link => 'http://fooboozoo.fr', 43 | :company_name => 'Fooboozoo', 44 | :use_exim => true 45 | } 46 | end 47 | 48 | # a non-default parameter set for SSL support 49 | let :params_ssl do 50 | { 51 | :gitlab_ssl => true, 52 | :gitlab_ssl_self_signed => true 53 | } 54 | end 55 | 56 | # a non-default parameter set for SSL support with a non-default port 57 | let :params_ssl_non do 58 | { 59 | :gitlab_ssl => true, 60 | :gitlab_ssl_self_signed => true, 61 | :gitlab_ssl_port => '4443' 62 | } 63 | end 64 | 65 | ## Gitlab::install 66 | describe 'gitlab::install' do 67 | context 'with default params' do 68 | describe 'gitlab-shell' do 69 | it { is_expected.to contain_file('/home/git/gitlab-shell/config.yml').with(:ensure => 'file', :mode => '0644', :group => 'git', :owner => 'git')} 70 | it { is_expected.to contain_file('/home/git/gitlab-shell/config.yml').with_content(/^\s*user: git$/)} 71 | it { is_expected.to contain_file('/home/git/gitlab-shell/config.yml').with_content(/^\s*gitlab_url: "http:\/\/gitlab.fooboozoo.fr:80\/"$/)} 72 | it { is_expected.to contain_file('/home/git/gitlab-shell/config.yml').with_content(/^\s*self_signed_cert: false$/)} 73 | it { is_expected.to contain_file('/home/git/gitlab-shell/config.yml').with_content(/^\s*repos_path: "\/home\/git\/repositories"$/)} 74 | it { is_expected.to contain_file('/home/git/gitlab-shell/config.yml').with_content(/^\s*auth_file: "\/home\/git\/.ssh\/authorized_keys"$/)} 75 | it { is_expected.to contain_file('/home/git/gitlab-shell/config.yml').with_content(/^\s*host: 127.0.0.1$/)} 76 | it { is_expected.to contain_file('/home/git/gitlab-shell/config.yml').with_content(/^\s*port: 6379$/)} 77 | it { is_expected.to contain_exec('install gitlab-shell').with( 78 | :user => 'git', 79 | :path => '/home/git/.rbenv/shims:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', 80 | :command => 'ruby /home/git/gitlab-shell/bin/install', 81 | :cwd => '/home/git', 82 | :creates => '/home/git/repositories', 83 | :require => 'File[/home/git/gitlab-shell/config.yml]' 84 | )} 85 | end # gitlab-shell 86 | describe 'gitlab config' do 87 | it { is_expected.to contain_file('/home/git/gitlab/config/gitlab.yml').with(:ensure => 'file',:owner => 'git',:group => 'git')} 88 | it { is_expected.to contain_file('/home/git/gitlab/config/gitlab.yml').with_content(/^\s*host: gitlab.fooboozoo.fr$/)} 89 | context 'with ssl' do 90 | let(:params) {{ :gitlab_ssl => true }} 91 | it { is_expected.to contain_file('/home/git/gitlab/config/gitlab.yml').with_content(/^\s*port: 443$/)} 92 | it { is_expected.to contain_file('/home/git/gitlab/config/gitlab.yml').with_content(/^\s*https: true$/)} 93 | end 94 | it { is_expected.to contain_file('/home/git/gitlab/config/gitlab.yml').with_content(/^\s*port: 80$/)} 95 | it { is_expected.to contain_file('/home/git/gitlab/config/gitlab.yml').with_content(/^\s*https: false$/)} 96 | it { is_expected.not_to contain_file('/home/git/gitlab/config/gitlab.yml').with_content(/^\s*relative_url_root: \/myfoobooforge$/)} 97 | it { is_expected.not_to contain_file('/home/git/gitlab/config/application.rb')} 98 | it { is_expected.to contain_file('/home/git/gitlab/config/gitlab.yml').with_content(/^\s*email_from: git@someserver.net$/)} 99 | it { is_expected.to contain_file('/home/git/gitlab/config/gitlab.yml').with_content(/^\s*default_projects_limit: 10$/)} 100 | it { is_expected.to contain_file('/home/git/gitlab/config/gitlab.yml').with_content(/^\s*username_changing_enabled: true$/)} 101 | it { is_expected.to contain_file('/home/git/gitlab/config/gitlab.yml').with_content(/^\s*host: 'ldap.domain.com'$/)} 102 | it { is_expected.to contain_file('/home/git/gitlab/config/gitlab.yml').with_content(/^\s*base: 'dc=domain,dc=com'$/)} 103 | it { is_expected.to contain_file('/home/git/gitlab/config/gitlab.yml').with_content(/^\s*port: 636$/)} 104 | it { is_expected.to contain_file('/home/git/gitlab/config/gitlab.yml').with_content(/^\s*uid: 'uid'$/)} 105 | it { is_expected.to contain_file('/home/git/gitlab/config/gitlab.yml').with_content(/^\s*user_filter: ''$/)} 106 | it { is_expected.to contain_file('/home/git/gitlab/config/gitlab.yml').with_content(/^\s*method: 'ssl'$/)} 107 | it { is_expected.to contain_file('/home/git/gitlab/config/gitlab.yml').with_content(/^\s*path: \/home\/git\/gitlab-satellites\/$/)} 108 | it { is_expected.to contain_file('/home/git/gitlab/config/gitlab.yml').with_content(/^\s*repos_path: \/home\/git\/repositories\/$/)} 109 | it { is_expected.to contain_file('/home/git/gitlab/config/gitlab.yml').with_content(/^\s*hooks_path: \/home\/git\/gitlab-shell\/hooks\/$/)} 110 | it { is_expected.to contain_file('/home/git/gitlab/config/gitlab.yml').with_content(/^\s*ssh_port: 22$/)} 111 | it { is_expected.to contain_file('/home/git/gitlab/config/gitlab.yml').with_content(/^\s*# google_analytics_id: '_your_tracking_id'$/)} 112 | it { is_expected.to contain_file('/home/git/gitlab/config/gitlab.yml').with_content(/^\s*# sign_in_text: \|\n\s*# !\[Company Logo\]\(http:\/\/www.companydomain.com\/logo.png\)\n\s*# \[Learn more about CompanyName\]\(http:\/\/www.companydomain.com\/\)$/)} 113 | end # gitlab config 114 | describe 'rack_attack config' do 115 | it { is_expected.to contain_file('/home/git/gitlab/config/initializers/rack_attack.rb').with( 116 | :ensure => 'file', 117 | :source => '/home/git/gitlab/config/initializers/rack_attack.rb.example' 118 | )} 119 | end # rack_attack config 120 | describe 'install gitlab' do 121 | it { is_expected.to contain_exec('install gitlab').with( 122 | :user => 'git', 123 | :path => '/home/git/.rbenv/shims:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', 124 | :command => "bundle install --without development aws test postgres --deployment", 125 | :unless => 'bundle check', 126 | :cwd => '/home/git/gitlab', 127 | :timeout => 0, 128 | :require => ['Gitlab::Config::Database[gitlab]', 129 | 'Gitlab::Config::Unicorn[gitlab]', 130 | 'File[/home/git/gitlab/config/gitlab.yml]', 131 | 'Gitlab::Config::Resque[gitlab]'], 132 | :notify => 'Exec[run migrations]' 133 | )} 134 | it { is_expected.to contain_exec('run migrations').with( 135 | :command => 'bundle exec rake db:migrate RAILS_ENV=production', 136 | :cwd => '/home/git/gitlab', 137 | :refreshonly => 'true', 138 | :notify => 'Exec[precompile assets]' 139 | )} 140 | context 'postgresql' do 141 | let(:params) {{ :gitlab_dbtype => 'pgsql' }} 142 | it { is_expected.to contain_exec('install gitlab').with( 143 | :user => 'git', 144 | :path => '/home/git/.rbenv/shims:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', 145 | :command => "bundle install --without development aws test mysql --deployment", 146 | :unless => 'bundle check', 147 | :cwd => '/home/git/gitlab', 148 | :timeout => 0, 149 | :require => ['Gitlab::Config::Database[gitlab]', 150 | 'Gitlab::Config::Unicorn[gitlab]', 151 | 'File[/home/git/gitlab/config/gitlab.yml]', 152 | 'Gitlab::Config::Resque[gitlab]'] 153 | )} 154 | end # pgsql 155 | it { should contain_exec('fix ruby paths in gitlab-shell hooks').with( 156 | :user => 'git', 157 | :path => '/home/git/.rbenv/shims:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', 158 | :command => 'ruby -p -i -e \'$_.sub!(/^#!.*ruby$/,"#!/home/git/.rbenv/shims/ruby")\' *', 159 | :cwd => '/home/git/gitlab-shell/hooks', 160 | :onlyif => 'head -q -n 1 * | egrep -v \'^#!/home/git/.rbenv/shims/ruby$\'', 161 | :require => 'Exec[install gitlab-shell]' 162 | )} 163 | end # install gitlab 164 | describe 'setup gitlab database' do 165 | it { is_expected.to contain_exec('setup gitlab database').with( 166 | :user => 'git', 167 | :path => '/home/git/.rbenv/shims:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', 168 | :command => '/usr/bin/yes yes | bundle exec rake gitlab:setup RAILS_ENV=production', 169 | :cwd => '/home/git/gitlab', 170 | :creates => '/home/git/.gitlab_setup_done', 171 | :before => 'Exec[run migrations]', 172 | :require => ['Exec[install gitlab-shell]', 173 | 'Exec[install gitlab]'], 174 | :notify => 'Exec[precompile assets]' 175 | )} 176 | it { is_expected.to contain_exec('precompile assets').with( 177 | :command => 'bundle exec rake assets:clean assets:precompile cache:clear RAILS_ENV=production', 178 | :cwd => '/home/git/gitlab', 179 | :refreshonly => 'true' 180 | )} 181 | it { is_expected.to contain_file("/home/git/.gitlab_setup_done").with( 182 | :owner => 'root', 183 | :group => 'root', 184 | :require => 'Exec[setup gitlab database]' 185 | )} 186 | end # setup gitlab database 187 | end # defaults params 188 | context 'with specifics params' do 189 | let(:params) { params_set } 190 | describe 'gitlab-shell' do 191 | it { is_expected.to contain_file("#{params_set[:git_home]}/gitlab-shell/config.yml").with(:ensure => 'file',:mode => '0644',:group => 'gitgroup',:owner => 'gitlab')} 192 | it { is_expected.to contain_file("#{params_set[:git_home]}/gitlab-shell/config.yml").with_content(/^\s*user: #{params_set[:git_user]}$/)} 193 | it { is_expected.to contain_file("#{params_set[:git_home]}/gitlab-shell/config.yml").with_content(/^\s*gitlab_url: "http:\/\/gitlab.fooboozoo.fr:80#{params_set[:gitlab_relative_url_root]}"$/)} 194 | context 'with ssl' do 195 | let(:params) { params_set.merge(params_ssl) } 196 | it { is_expected.to contain_file("#{params_set[:git_home]}/gitlab-shell/config.yml").with_content(/^\s*gitlab_url: "https:\/\/gitlab.fooboozoo.fr:443#{params_set[:gitlab_relative_url_root]}"$/)} 197 | end 198 | it { is_expected.to contain_file("#{params_set[:git_home]}/gitlab-shell/config.yml").with_content(/^\s*self_signed_cert: false$/)} 199 | context 'with self signed ssl cert' do 200 | let(:params) { params_set.merge(params_ssl) } 201 | it { is_expected.to contain_file("#{params_set[:git_home]}/gitlab-shell/config.yml").with_content(/^\s*self_signed_cert: true$/)} 202 | end 203 | it { is_expected.to contain_file("#{params_set[:git_home]}/gitlab-shell/config.yml").with_content(/^\s*repos_path: "#{params_set[:gitlab_repodir]}\/repositories"$/)} 204 | it { is_expected.to contain_file("#{params_set[:git_home]}/gitlab-shell/config.yml").with_content(/^\s*auth_file: "#{params_set[:git_home]}\/.ssh\/authorized_keys"$/)} 205 | it { is_expected.to contain_file("#{params_set[:git_home]}/gitlab-shell/config.yml").with_content(/^\s*host: #{params_set[:gitlab_redishost]}$/)} 206 | it { is_expected.to contain_file("#{params_set[:git_home]}/gitlab-shell/config.yml").with_content(/^\s*port: #{params_set[:gitlab_redisport]}$/)} 207 | it { is_expected.to contain_exec('install gitlab-shell').with( 208 | :user => params_set[:git_user], 209 | :path => params_set[:exec_path], 210 | :command => "ruby #{params_set[:git_home]}/gitlab-shell/bin/install", 211 | :cwd => params_set[:git_home], 212 | :creates => "#{params_set[:gitlab_repodir]}/repositories", 213 | :require => "File[#{params_set[:git_home]}/gitlab-shell/config.yml]" 214 | )} 215 | end # gitlab-shell 216 | 217 | describe 'gitlab config' do 218 | it { is_expected.to contain_file("#{params_set[:git_home]}/gitlab/config/gitlab.yml").with(:ensure => 'file',:owner => params_set[:git_user],:group => params_set[:git_group])} 219 | it { is_expected.to contain_file("#{params_set[:git_home]}/gitlab/config/gitlab.yml").with_content(/^\s*host: gitlab.fooboozoo.fr$/)} 220 | it { is_expected.to contain_file("#{params_set[:git_home]}/gitlab/config/gitlab.yml").with_content(/^\s*port: 80$/)} 221 | it { is_expected.to contain_file("#{params_set[:git_home]}/gitlab/config/gitlab.yml").with_content(/^\s*https: false$/)} 222 | context 'with ssl' do 223 | let(:params) { params_set.merge(params_ssl) } 224 | it { is_expected.to contain_file("#{params_set[:git_home]}/gitlab/config/gitlab.yml").with_content(/^\s*port: 443$/)} 225 | it { is_expected.to contain_file("#{params_set[:git_home]}/gitlab/config/gitlab.yml").with_content(/^\s*https: true$/)} 226 | end 227 | context 'with non-default http ports' do 228 | let(:params) { params_set.merge!(:gitlab_http_port => '81') } 229 | it { is_expected.to contain_file("#{params_set[:git_home]}/gitlab/config/gitlab.yml").with_content(/^\s*port: 81$/)} 230 | it { is_expected.to contain_file("#{params_set[:git_home]}/gitlab/config/gitlab.yml").with_content(/^\s*https: false$/)} 231 | context 'with non-default https ports' do 232 | let(:params) { params_set.merge!(:gitlab_ssl => true, :gitlab_ssl_self_signed => true, :gitlab_ssl_port => '444') } 233 | it { is_expected.to contain_file("#{params_set[:git_home]}/gitlab/config/gitlab.yml").with_content(/^\s*port: 444$/)} 234 | it { is_expected.to contain_file("#{params_set[:git_home]}/gitlab/config/gitlab.yml").with_content(/^\s*https: true$/)} 235 | end 236 | end 237 | it { is_expected.to contain_file("#{params_set[:git_home]}/gitlab/config/gitlab.yml").with_content(/^\s*relative_url_root: #{params_set[:gitlab_relative_url_root]}$/)} 238 | it { is_expected.to contain_file("#{params_set[:git_home]}/gitlab/config/application.rb").with_content(/^\s*config.relative_url_root = "#{params_set[:gitlab_relative_url_root]}"$/)} 239 | it { is_expected.to contain_file("#{params_set[:git_home]}/gitlab/config/gitlab.yml").with_content(/^\s*email_from: #{params_set[:git_email]}$/)} 240 | it { is_expected.to contain_file("#{params_set[:git_home]}/gitlab/config/gitlab.yml").with_content(/^\s*default_projects_limit: #{params_set[:gitlab_projects]}$/)} 241 | it { is_expected.to contain_file("#{params_set[:git_home]}/gitlab/config/gitlab.yml").with_content(/^\s*username_changing_enabled: #{params_set[:gitlab_username_change]}$/)} 242 | it { is_expected.to contain_file("#{params_set[:git_home]}/gitlab/config/gitlab.yml").with_content(/^\s*host: '#{params_set[:ldap_host]}'$/)} 243 | it { is_expected.to contain_file("#{params_set[:git_home]}/gitlab/config/gitlab.yml").with_content(/^\s*base: '#{params_set[:ldap_base]}'$/)} 244 | it { is_expected.to contain_file("#{params_set[:git_home]}/gitlab/config/gitlab.yml").with_content(/^\s*port: #{params_set[:ldap_port]}$/)} 245 | it { is_expected.to contain_file("#{params_set[:git_home]}/gitlab/config/gitlab.yml").with_content(/^\s*uid: '#{params_set[:ldap_uid]}'$/)} 246 | it { is_expected.to contain_file("#{params_set[:git_home]}/gitlab/config/gitlab.yml").with_content(/^\s*user_filter: '#{params_set[:ldap_user_filter]}'$/)} 247 | it { is_expected.to contain_file("#{params_set[:git_home]}/gitlab/config/gitlab.yml").with_content(/^\s*method: '#{params_set[:ldap_method]}'$/)} 248 | it { is_expected.to contain_file("#{params_set[:git_home]}/gitlab/config/gitlab.yml").with_content(/^\s*bind_dn: '#{params_set[:ldap_bind_dn]}'$/)} 249 | it { is_expected.to contain_file("#{params_set[:git_home]}/gitlab/config/gitlab.yml").with_content(/^\s*password: '#{params_set[:ldap_bind_password]}'$/)} 250 | it { is_expected.to contain_file("#{params_set[:git_home]}/gitlab/config/gitlab.yml").with_content(/^\s*path: #{params_set[:git_home]}\/gitlab-satellites\/$/)} 251 | it { is_expected.to contain_file("#{params_set[:git_home]}/gitlab/config/gitlab.yml").with_content(/^\s*repos_path: #{params_set[:gitlab_repodir]}\/repositories\/$/)} 252 | it { is_expected.to contain_file("#{params_set[:git_home]}/gitlab/config/gitlab.yml").with_content(/^\s*hooks_path: #{params_set[:git_home]}\/gitlab-shell\/hooks\/$/)} 253 | it { is_expected.to contain_file("#{params_set[:git_home]}/gitlab/config/gitlab.yml").with_content(/^\s*ssh_port: #{params_set[:ssh_port]}$/)} 254 | it { is_expected.to contain_file("#{params_set[:git_home]}/gitlab/config/gitlab.yml").with_content(/^\s*google_analytics_id: #{params_set[:google_analytics_id]}$/)} 255 | it { is_expected.to contain_file("#{params_set[:git_home]}/gitlab/config/gitlab.yml").with_content(/^\s*sign_in_text: \|\n\s*!\[Company Logo\]\(#{params_set[:company_logo_url]}\)\n\s*\[Learn more about #{params_set[:company_name]}\]\(#{params_set[:company_link]}\)$/)} 256 | it { is_expected.to contain_file("#{params_set[:git_home]}/gitlab/config/application.rb").with_content(/^\s*#Fix for compatibility issue with exim as explained at https:\/\/github.com\/gitlabhq\/gitlabhq\/issues\/4866\s*config.action_mailer.sendmail_settings = \{ :arguments => "-i" \}$/)} 257 | end # gitlab config 258 | describe 'rack_attack config' do 259 | it { is_expected.to contain_file("#{params_set[:git_home]}/gitlab/config/initializers/rack_attack.rb").with( 260 | :ensure => 'file', 261 | :source => "#{params_set[:git_home]}/gitlab/config/initializers/rack_attack.rb.example" 262 | )} 263 | end # rack_attack config 264 | describe 'install gitlab' do 265 | it { is_expected.to contain_exec('install gitlab').with( 266 | :user => params_set[:git_user], 267 | :path => params_set[:exec_path], 268 | :command => "bundle install -j#{params_set[:gitlab_bundler_jobs]} --without development aws test postgres #{params_set[:gitlab_bundler_flags]}", 269 | :unless => 'bundle check', 270 | :cwd => "#{params_set[:git_home]}/gitlab", 271 | :timeout => 0, 272 | :require => ['Gitlab::Config::Database[gitlab]', 273 | 'Gitlab::Config::Unicorn[gitlab]', 274 | "File[#{params_set[:git_home]}/gitlab/config/gitlab.yml]", 275 | 'Gitlab::Config::Resque[gitlab]'] 276 | )} 277 | context 'postgresql' do 278 | let(:params) { params_set.merge({ :gitlab_dbtype => 'pgsql' }) } 279 | it { is_expected.to contain_exec('install gitlab').with( 280 | :user => params_set[:git_user], 281 | :path => params_set[:exec_path], 282 | :command => "bundle install -j#{params_set[:gitlab_bundler_jobs]} --without development aws test mysql #{params_set[:gitlab_bundler_flags]}", 283 | :unless => 'bundle check', 284 | :cwd => "#{params_set[:git_home]}/gitlab", 285 | :timeout => 0, 286 | :require => ['Gitlab::Config::Database[gitlab]', 287 | 'Gitlab::Config::Unicorn[gitlab]', 288 | "File[#{params_set[:git_home]}/gitlab/config/gitlab.yml]", 289 | 'Gitlab::Config::Resque[gitlab]'] 290 | )} 291 | end # pgsql 292 | it { should contain_exec('fix ruby paths in gitlab-shell hooks').with( 293 | :user => params_set[:git_user], 294 | :path => params_set[:exec_path], 295 | :command => "ruby -p -i -e '$_.sub!(/^#!.*ruby$/,\"#!#{params_set[:git_home]}/.rbenv/shims/ruby\")' *", 296 | :cwd => "#{params_set[:git_home]}/gitlab-shell/hooks", 297 | :onlyif => "head -q -n 1 * | egrep -v '^#!#{params_set[:git_home]}/.rbenv/shims/ruby$'", 298 | :require => 'Exec[install gitlab-shell]' 299 | )} 300 | end # install gitlab 301 | describe 'setup gitlab database' do 302 | it { is_expected.to contain_exec('setup gitlab database').with( 303 | :user => params_set[:git_user], 304 | :path => params_set[:exec_path], 305 | :command => '/usr/bin/yes yes | bundle exec rake gitlab:setup RAILS_ENV=production', 306 | :cwd => "#{params_set[:git_home]}/gitlab", 307 | :creates => "#{params_set[:git_home]}/.gitlab_setup_done", 308 | :require => ['Exec[install gitlab-shell]', 309 | 'Exec[install gitlab]'] 310 | )} 311 | it { is_expected.to contain_file("#{params_set[:git_home]}/.gitlab_setup_done").with( 312 | :owner => 'root', 313 | :group => 'root', 314 | :require => 'Exec[setup gitlab database]' 315 | )} 316 | end # setup gitlab database 317 | end # with params 318 | end # gitlab::install 319 | end # gitlab 320 | -------------------------------------------------------------------------------- /spec/classes/gitlab_package_spec.rb: -------------------------------------------------------------------------------- 1 | require 'spec_helper' 2 | 3 | # Gitlab 4 | describe 'gitlab' do 5 | 6 | ## Parameter set 7 | # a non-default common parameter set 8 | let :params_set do 9 | { 10 | :git_user => 'gitlab', 11 | :git_home => '/srv/gitlab', 12 | :gitlab_sources => 'https://github.com/gitlabhq/gitlabhq', 13 | :gitlab_branch => '4-2-stable', 14 | :gitlabshell_sources => 'https://github.com/gitlabhq/gitlab-shell', 15 | :gitlabshell_branch => 'v1.2.3', 16 | } 17 | end 18 | 19 | ## Gitlab::package 20 | describe 'gitlab::package' do 21 | describe 'get gitlab{-shell} sources' do 22 | context 'with default params' do 23 | it { is_expected.to contain_vcsrepo('/home/git/gitlab').with( 24 | :ensure => 'present', 25 | :user => 'git', 26 | :provider => 'git', 27 | :source => 'git://github.com/gitlabhq/gitlabhq.git', 28 | :revision => '7-12-stable' 29 | )} 30 | it { is_expected.to contain_vcsrepo('/home/git/gitlab-shell').with( 31 | :ensure => 'present', 32 | :user => 'git', 33 | :provider => 'git', 34 | :source => 'git://github.com/gitlabhq/gitlab-shell.git', 35 | :revision => 'v2.6.3' 36 | )} 37 | end 38 | context 'with specifics params' do 39 | let(:params) { params_set } 40 | it { is_expected.to contain_vcsrepo("#{params_set[:git_home]}/gitlab").with( 41 | :ensure => 'present', 42 | :user => params_set[:git_user], 43 | :provider => 'git', 44 | :source => params_set[:gitlab_sources], 45 | :revision => params_set[:gitlab_branch] 46 | )} 47 | it { is_expected.to contain_vcsrepo("#{params_set[:git_home]}/gitlab-shell").with( 48 | :ensure => 'present', 49 | :user => params_set[:git_user], 50 | :provider => 'git', 51 | :source => params_set[:gitlabshell_sources], 52 | :revision => params_set[:gitlabshell_branch] 53 | )} 54 | end 55 | end # get gitlab sources 56 | end # gitlab::package 57 | end # gitlab 58 | -------------------------------------------------------------------------------- /spec/classes/gitlab_service_spec.rb: -------------------------------------------------------------------------------- 1 | require 'spec_helper' 2 | 3 | # Gitlab 4 | describe 'gitlab' do 5 | 6 | ### Gitlab::service 7 | describe 'gitlab::service' do 8 | it { is_expected.to contain_service('gitlab').with( 9 | :ensure => 'running', 10 | :hasstatus => 'true', 11 | :hasrestart => 'true', 12 | :enable => 'true' 13 | )} 14 | end # gitlab::service 15 | end # gitlab 16 | -------------------------------------------------------------------------------- /spec/classes/gitlab_setup_spec.rb: -------------------------------------------------------------------------------- 1 | require 'spec_helper' 2 | 3 | # Gitlab 4 | describe 'gitlab' do 5 | 6 | ## Parameter set 7 | # a non-default common parameter set 8 | let :params_set do 9 | { 10 | :git_user => 'gitlab', 11 | :git_home => '/srv/gitlab', 12 | :git_comment => 'Labfooboozoo', 13 | :git_email => 'gitlab@fooboozoo.fr', 14 | :git_proxy => 'http://proxy.fooboozoo.fr:3128', 15 | :gitlab_ruby_version => '2.0.0', 16 | :gitlab_manage_rbenv => false, 17 | } 18 | end 19 | 20 | ## Gitlab::setup 21 | describe 'gitlab::setup' do 22 | 23 | ### User, gitconfig, home and satellites 24 | describe 'user, home, gitconfig and GitLab satellites' do 25 | context 'with default params' do 26 | it { is_expected.to contain_user('git').with( 27 | :ensure => 'present', 28 | :shell => '/bin/bash', 29 | :password => '*', 30 | :home => '/home/git', 31 | :comment => 'GitLab', 32 | :system => true 33 | )} 34 | it { is_expected.to contain_file('/home/git/.gitconfig').with_content(/^\s*name = "GitLab"$/)} 35 | it { is_expected.to contain_file('/home/git/.gitconfig').with_content(/^\s*email = git@someserver.net$/)} 36 | it { is_expected.not_to contain_file('/srv/gitlab/.gitconfig').with_content(/^\s*proxy$/)} 37 | it { is_expected.to contain_file('/home/git').with(:ensure => 'directory', :mode => '0755')} 38 | it { is_expected.to contain_file('/home/git/gitlab-satellites').with(:ensure => 'directory', :mode => '0750')} 39 | end 40 | context 'with specific params' do 41 | let(:params) { params_set } 42 | it { is_expected.to contain_user(params_set[:git_user]).with( 43 | :ensure => 'present', 44 | :shell => '/bin/bash', 45 | :password => '*', 46 | :home => params_set[:git_home], 47 | :comment => params_set[:git_comment], 48 | :system => true 49 | )} 50 | it { is_expected.to contain_file('/srv/gitlab/.gitconfig').with_content(/^\s*name = "GitLab"$/)} 51 | it { is_expected.to contain_file('/srv/gitlab/.gitconfig').with_content(/^\s*email = #{params_set[:git_email]}$/)} 52 | it { is_expected.to contain_file('/srv/gitlab/.gitconfig').with_content(/^\s*proxy = #{params_set[:git_proxy]}$/)} 53 | it { is_expected.to contain_file('/srv/gitlab').with(:ensure => 'directory',:mode => '0755')} 54 | it { is_expected.to contain_file('/srv/gitlab/gitlab-satellites').with(:ensure => 'directory',:mode => '0750')} 55 | end 56 | end 57 | 58 | ### Ruby 59 | describe 'rbenv' do 60 | context 'with default params' do 61 | it { is_expected.to contain_rbenv__install('git').with( 62 | :group => 'git', 63 | :home => '/home/git' 64 | )} 65 | it { is_expected.to contain_file('/home/git/.bashrc').with( 66 | :ensure => 'link', 67 | :target => '/home/git/.profile', 68 | :require => 'Rbenv::Install[git]' 69 | )} 70 | it { is_expected.to contain_rbenv__compile('gitlab/ruby').with( 71 | :user => 'git', 72 | :home => '/home/git', 73 | :ruby => '2.1.6', 74 | :global => true, 75 | :notify => ['Exec[install gitlab-shell]', 'Exec[install gitlab]'] 76 | )} 77 | 78 | end 79 | context 'with specific params' do 80 | let(:params) { params_set } 81 | it { is_expected.not_to contain_rbenv__install(params_set[:git_user]) } 82 | it { is_expected.not_to contain_file('/srv/gitlab/.bashrc') } 83 | it { is_expected.not_to contain_rbenv__compile('gitlab/ruby') } 84 | end 85 | end 86 | 87 | ### Sshkey 88 | describe 'sshkey (hostfile)' do 89 | it { is_expected.to contain_sshkey('localhost').with( 90 | :ensure => 'present', 91 | :host_aliases => 'gitlab.fooboozoo.fr', 92 | :key => 'AAAAB3NzaC1yc2EAAAA', 93 | :type => 'ssh-rsa' 94 | )} 95 | end 96 | 97 | ### Packages setup 98 | #= Packages helper 99 | p = { 100 | 'Debian' => { 101 | 'db_packages' => { 102 | 'mysql' => { 103 | '6' => ['libmysql++-dev','libmysqlclient-dev'], 104 | '7' => ['libmysql++-dev','libmysqlclient-dev'], 105 | }, 106 | 'pgsql' => { 107 | '6' => ['postgresql-devel', 'postgresql-client'], 108 | '7' => ['postgresql-devel', 'postgresql-client'], 109 | }, 110 | }, 111 | 'system_packages' => ['libicu-dev', 'python2.7','python-docutils', 112 | 'libxml2-dev','libxslt1-dev','python-dev'], 113 | }, 114 | 'RedHat' => { 115 | 'db_packages' => { 116 | 'mysql' => { 117 | '6' => ['mysql-devel'], 118 | '7' => ['mariadb-devel'], 119 | }, 120 | 'pgsql' => { 121 | '6' => ['postgresql-devel'], 122 | '7' => ['postgresql-devel'], 123 | }, 124 | }, 125 | 'system_packages' => ['libicu-devel','perl-Time-HiRes','libxml2-devel', 126 | 'libxslt-devel','python-devel','libcurl-devel', 127 | 'readline-devel','openssl-devel','zlib-devel', 128 | 'libyaml-devel','patch','gcc-c++'], 129 | } 130 | } 131 | 132 | #### Db and devel packages 133 | describe 'packages' do 134 | #= On each distro 135 | ['Debian','RedHat'].each do |distro| 136 | #= With each dbtype 137 | ['mysql','pgsql'].each do |dbtype| 138 | ['6', '7'].each do |majrelease| 139 | context "for #{dbtype} devel on #{distro}" do 140 | let(:facts) {{ :osfamily => distro, :processorcount => '2', :operatingsystemmajrelease => majrelease }} 141 | let(:params) {{ :gitlab_dbtype => dbtype }} 142 | p[distro]['db_packages'][dbtype][majrelease].each do |pkg| 143 | it { is_expected.to contain_package(pkg) } 144 | end 145 | end 146 | end 147 | end 148 | context "for devel dependencies on #{distro}" do 149 | let(:facts) {{ :osfamily => distro, :processorcount => '2' }} 150 | p[distro]['system_packages'].each do |pkg| 151 | it { is_expected.to contain_package(pkg) } 152 | end 153 | 154 | it { is_expected.to contain_class('git') } 155 | it { is_expected.to contain_package('git') } 156 | end 157 | end 158 | #### Gems (all dist.) 159 | describe 'commons gems' do 160 | context 'with default params' do 161 | it { is_expected.to contain_rbenv__gem('charlock_holmes').with( 162 | :ensure => '0.6.9.4' 163 | )} 164 | end 165 | context 'with specific params' do 166 | let(:params) { params_set } 167 | it { is_expected.not_to contain_rbenv__gem('charlock_holmes') } 168 | end 169 | end 170 | #### Commons packages (all dist.) 171 | describe 'commons packages' do 172 | ['postfix','curl'].each do |pkg| 173 | it { is_expected.to contain_package(pkg) } 174 | end 175 | end 176 | end # packages 177 | end # gitlab::setup 178 | end # gitlab 179 | -------------------------------------------------------------------------------- /spec/defines/gitlab_config_database_spec.rb: -------------------------------------------------------------------------------- 1 | require 'spec_helper' 2 | 3 | describe 'gitlab::config::database', :type => :define do 4 | 5 | let(:title) { 'gitlab' } 6 | 7 | context 'mysql' do 8 | let (:params) { 9 | { 10 | :database => 'gitlab_db', 11 | :group => 'git', 12 | :host => 'localhost', 13 | :owner => 'git', 14 | :password => 'changeme', 15 | :path => '/home/git/gitlab/config/database.yml', 16 | :port => '3306', 17 | :type => 'mysql', 18 | :username => 'gitlab_user' 19 | } 20 | } 21 | 22 | it { is_expected.to contain_file('/home/git/gitlab/config/database.yml').with( 23 | :ensure => 'file', 24 | :owner => 'git', 25 | :group => 'git' 26 | )} 27 | it { is_expected.to contain_file('/home/git/gitlab/config/database.yml').with_content(/^\s*adapter: mysql2$/)} 28 | it { is_expected.to contain_file('/home/git/gitlab/config/database.yml').with_content(/^\s*encoding: utf8$/)} 29 | it { is_expected.to contain_file('/home/git/gitlab/config/database.yml').with_content(/^\s*database: gitlab_db$/)} 30 | it { is_expected.to contain_file('/home/git/gitlab/config/database.yml').with_content(/^\s*username: gitlab_user$/)} 31 | it { is_expected.to contain_file('/home/git/gitlab/config/database.yml').with_content(/^\s*password: 'changeme'$/)} 32 | it { is_expected.to contain_file('/home/git/gitlab/config/database.yml').with_content(/^\s*host: localhost$/)} 33 | it { is_expected.to contain_file('/home/git/gitlab/config/database.yml').with_content(/^\s*port: 3306$/)} 34 | end 35 | 36 | context 'postgresql' do 37 | let (:params) { 38 | { 39 | :database => 'gitlab_db', 40 | :group => 'git', 41 | :host => 'localhost', 42 | :owner => 'git', 43 | :password => 'changeme', 44 | :path => '/home/git/gitlab/config/database.yml', 45 | :port => '5432', 46 | :type => 'pgsql', 47 | :username => 'gitlab_user' 48 | } 49 | } 50 | it { is_expected.to contain_file('/home/git/gitlab/config/database.yml').with_content(/^\s*adapter: postgresql$/)} 51 | it { is_expected.to contain_file('/home/git/gitlab/config/database.yml').with_content(/^\s*encoding: unicode$/)} 52 | it { is_expected.to contain_file('/home/git/gitlab/config/database.yml').with_content(/^\s*database: gitlab_db$/)} 53 | it { is_expected.to contain_file('/home/git/gitlab/config/database.yml').with_content(/^\s*username: gitlab_user$/)} 54 | it { is_expected.to contain_file('/home/git/gitlab/config/database.yml').with_content(/^\s*password: 'changeme'$/)} 55 | it { is_expected.to contain_file('/home/git/gitlab/config/database.yml').with_content(/^\s*host: localhost$/)} 56 | it { is_expected.to contain_file('/home/git/gitlab/config/database.yml').with_content(/^\s*port: 5432$/)} 57 | end 58 | end 59 | -------------------------------------------------------------------------------- /spec/defines/gitlab_config_resque_spec.rb: -------------------------------------------------------------------------------- 1 | require 'spec_helper' 2 | 3 | describe 'gitlab::config::resque', :type => :define do 4 | 5 | let(:title) { 'gitlab' } 6 | let :params do 7 | { 8 | :group => 'git', 9 | :owner => 'git', 10 | :path => '/home/git/gitlab/config/resque.yml', 11 | :redis_host => '127.0.0.1', 12 | :redis_port => '6379', 13 | } 14 | end 15 | 16 | describe 'resque config' do 17 | it { is_expected.to contain_file('/home/git/gitlab/config/resque.yml').with( 18 | :ensure => 'file', 19 | :owner => 'git', 20 | :group => 'git' 21 | )} 22 | it { is_expected.to contain_file('/home/git/gitlab/config/resque.yml').with_content(/^\s*production: redis:\/\/127.0.0.1:6379$/)} 23 | end 24 | end 25 | -------------------------------------------------------------------------------- /spec/defines/gitlab_config_unicorn_spec.rb: -------------------------------------------------------------------------------- 1 | require 'spec_helper' 2 | 3 | describe 'gitlab::config::unicorn', :type => :define do 4 | 5 | let(:title) { 'gitlab' } 6 | let :params_set do 7 | { 8 | :group => 'git', 9 | :home => '/home/git', 10 | :http_timeout => 60, 11 | :owner => 'git', 12 | :path => '/home/git/gitlab/config/unicorn.rb', 13 | :relative_url_root => false, 14 | :unicorn_port => 8080, 15 | :unicorn_listen => '127.0.0.1', 16 | :unicorn_worker => 2 17 | } 18 | end 19 | 20 | describe 'unicorn config' do 21 | let(:params) { params_set } 22 | it { is_expected.to contain_file('/home/git/gitlab/config/unicorn.rb').with( 23 | :ensure => 'file', 24 | :owner => 'git', 25 | :group => 'git' 26 | )} 27 | it { is_expected.to contain_file('/home/git/gitlab/config/unicorn.rb').with_content(/^\s*worker_processes 2$/)} 28 | it { is_expected.to contain_file('/home/git/gitlab/config/unicorn.rb').with_content(/^\s*working_directory "\/home\/git\/gitlab"$/)} 29 | it { is_expected.to contain_file('/home/git/gitlab/config/unicorn.rb').with_content(/^\s*listen "127.0.0.1:8080", :tcp_nopush => true$/)} 30 | it { is_expected.to contain_file('/home/git/gitlab/config/unicorn.rb').with_content(/^\s*listen "\/home\/git\/gitlab\/tmp\/sockets\/gitlab.socket", :backlog => 64$/)} 31 | it { is_expected.to contain_file('/home/git/gitlab/config/unicorn.rb').with_content(/^\s*timeout 60$/)} 32 | it { is_expected.to contain_file('/home/git/gitlab/config/unicorn.rb').with_content(/^\s*pid "\/home\/git\/gitlab\/tmp\/pids\/unicorn.pid"$/)} 33 | it { is_expected.to contain_file('/home/git/gitlab/config/unicorn.rb').with_content(/^\s*stderr_path "\/home\/git\/gitlab\/log\/unicorn.stderr.log"$/)} 34 | it { is_expected.to contain_file('/home/git/gitlab/config/unicorn.rb').with_content(/^\s*stdout_path "\/home\/git\/gitlab\/log\/unicorn.stdout.log"$/)} 35 | 36 | 37 | context 'with non default url-root-path' do 38 | let(:params) { params_set.merge(:relative_url_root => '/blahforge') } 39 | it { is_expected.to contain_file('/home/git/gitlab/config/unicorn.rb').with_content(/^\s*ENV\['RAILS_RELATIVE_URL_ROOT'\] = "\/blahforge"$/)} 40 | end 41 | 42 | context 'with non default unicorn_listen param' do 43 | let(:params) { params_set.merge(:unicorn_listen => '1.3.3.7') } 44 | it { is_expected.to contain_file('/home/git/gitlab/config/unicorn.rb').with_content(/^\s*listen "1.3.3.7:8080", :tcp_nopush => true$/)} 45 | end 46 | 47 | context 'with non default unicorn_port param' do 48 | let(:params) { params_set.merge(:unicorn_port => '666') } 49 | it { is_expected.to contain_file('/home/git/gitlab/config/unicorn.rb').with_content(/^\s*listen "127.0.0.1:666", :tcp_nopush => true$/)} 50 | end 51 | 52 | 53 | end 54 | end 55 | -------------------------------------------------------------------------------- /spec/fixtures/manifests/site.pp: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /spec/shared_examples.rb: -------------------------------------------------------------------------------- 1 | shared_examples_for "a Puppet::Error" do |description| 2 | it "with message matching #{description.inspect}" do 3 | expect { is_expected.to have_class_count(1) }.to raise_error(Puppet::Error, description) 4 | end 5 | end 6 | -------------------------------------------------------------------------------- /spec/spec.opts: -------------------------------------------------------------------------------- 1 | --format 2 | s 3 | --colour 4 | --loadby 5 | mtime 6 | --backtrace 7 | -------------------------------------------------------------------------------- /spec/spec_helper.rb: -------------------------------------------------------------------------------- 1 | require 'puppetlabs_spec_helper/module_spec_helper' 2 | require 'shared_examples' 3 | 4 | RSpec.configure do |c| 5 | c.alias_it_should_behave_like_to :it_configures, 'configures' 6 | c.alias_it_should_behave_like_to :it_raises, 'raises' 7 | 8 | c.default_facts = { 9 | :osfamily => 'Debian', 10 | :operatingsystem => 'Debian', 11 | :kernel => 'Linux', 12 | :lsbdistid => 'debian', 13 | :lsbdistcodename => 'wheezy', 14 | :operatingsystemrelease => '6.5', 15 | :fqdn => 'gitlab.fooboozoo.fr', 16 | :processorcount => '2', 17 | :sshrsakey => 'AAAAB3NzaC1yc2EAAAA', 18 | :concat_basedir => '/var/lib/puppet/concat' 19 | } 20 | 21 | end 22 | -------------------------------------------------------------------------------- /spec/spec_helper_acceptance.rb: -------------------------------------------------------------------------------- 1 | require 'beaker-rspec' 2 | require 'beaker/puppet_install_helper' 3 | 4 | run_puppet_install_helper 5 | 6 | RSpec.configure do |c| 7 | # Project root 8 | proj_root = File.expand_path(File.join(File.dirname(__FILE__), '..')) 9 | modname = JSON.parse(open('metadata.json').read)['name'].split('-')[1] 10 | 11 | # Readable test descriptions 12 | c.formatter = :documentation 13 | 14 | # Configure all nodes in nodeset 15 | c.before :suite do 16 | 17 | # Install module 18 | # 19 | puppet_module_install(:source => proj_root, :module_name => modname) 20 | hosts.each do |host| 21 | on host, puppet('module','install','alup/rbenv'), { :acceptable_exit_codes => [0,1] } 22 | on host, puppet('module','install','fsalum/redis'), { :acceptable_exit_codes => [0,1] } 23 | on host, puppet('module','install','jfryman/nginx'), { :acceptable_exit_codes => [0,1] } 24 | on host, puppet('module','install','evenup/logrotate'), { :acceptable_exit_codes => [0,1] } 25 | on host, puppet('module','install','puppet/nodejs'), { :acceptable_exit_codes => [0,1] } 26 | # FIXME https://github.com/puppet-community/puppet-nodejs/pull/152 27 | on host, puppet('module','install','treydock/gpg_key'), { :acceptable_exit_codes => [0,1] } 28 | on host, puppet('module','install','puppetlabs-git'), { :acceptable_exit_codes => [0,1] } 29 | on host, puppet('module','install','puppetlabs-vcsrepo'), { :acceptable_exit_codes => [0,1] } 30 | on host, puppet('module','install','puppetlabs-mysql'), { :acceptable_exit_codes => [0,1] } 31 | on host, puppet('module','install','puppetlabs-postgresql'), { :acceptable_exit_codes => [0,1] } 32 | on host, puppet('module','install','puppetlabs-stdlib'), { :acceptable_exit_codes => [0,1] } 33 | 34 | # List modules installed to help with debugging 35 | on host, puppet('module','list'), { :acceptable_exit_codes => [0] } 36 | end 37 | end 38 | end 39 | -------------------------------------------------------------------------------- /templates/application.rb.erb: -------------------------------------------------------------------------------- 1 | require File.expand_path('../boot', __FILE__) 2 | 3 | require 'rails/all' 4 | require 'devise' 5 | 6 | Bundler.require(:default, Rails.env) 7 | 8 | module Gitlab 9 | class Application < Rails::Application 10 | <%- if @use_exim %> 11 | #Fix for compatibility issue with exim as explained at https://github.com/gitlabhq/gitlabhq/issues/4866 12 | config.action_mailer.sendmail_settings = { :arguments => "-i" } 13 | 14 | <%- end %> 15 | # Settings in config/environments/* take precedence over those specified here. 16 | # Application configuration should go into files in config/initializers 17 | # -- all .rb files in that directory are automatically loaded. 18 | 19 | # Custom directories with classes and modules you want to be autoloadable. 20 | config.autoload_paths += %W(#{config.root}/lib #{config.root}/app/finders #{config.root}/app/models/concerns #{config.root}/app/models/project_services) 21 | 22 | # Only load the plugins named here, in the order given (default is alphabetical). 23 | # :all can be used as a placeholder for all plugins not explicitly named. 24 | # config.plugins = [ :exception_notification, :ssl_requirement, :all ] 25 | 26 | # Activate observers that should always be running. 27 | config.active_record.observers = :milestone_observer, 28 | :project_activity_cache_observer, 29 | :note_observer, 30 | :project_observer, 31 | :system_hook_observer, 32 | :user_observer, 33 | :users_group_observer, 34 | :users_project_observer 35 | 36 | # Set Time.zone default to the specified zone and make Active Record auto-convert to this zone. 37 | # Run "rake -D time" for a list of tasks for finding time zone names. Default is UTC. 38 | # config.time_zone = 'Central Time (US & Canada)' 39 | 40 | # The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded. 41 | # config.i18n.load_path += Dir[Rails.root.join('my', 'locales', '*.{rb,yml}').to_s] 42 | # config.i18n.default_locale = :de 43 | config.i18n.enforce_available_locales = false 44 | 45 | # Configure the default encoding used in templates for Ruby 1.9. 46 | config.encoding = "utf-8" 47 | 48 | # Configure sensitive parameters which will be filtered from the log file. 49 | config.filter_parameters += [:password] 50 | 51 | # Enable escaping HTML in JSON. 52 | config.active_support.escape_html_entities_in_json = true 53 | 54 | # Use SQL instead of Active Record's schema dumper when creating the database. 55 | # This is necessary if your schema can't be completely dumped by the schema dumper, 56 | # like if you have constraints or database-specific column types 57 | # config.active_record.schema_format = :sql 58 | 59 | # Enforce whitelist mode for mass assignment. 60 | # This will create an empty whitelist of attributes available for mass-assignment for all models 61 | # in your app. As such, your models will need to explicitly whitelist or blacklist accessible 62 | # parameters by using an attr_accessible or attr_protected declaration. 63 | config.active_record.whitelist_attributes = true 64 | 65 | # Enable the asset pipeline 66 | config.assets.enabled = true 67 | config.assets.paths << Emoji.images_path 68 | config.assets.precompile << "emoji/*.png" 69 | config.assets.precompile << "print.css" 70 | 71 | # Version of your assets, change this if you want to expire all your assets 72 | config.assets.version = '1.0' 73 | 74 | # Relative url support 75 | # Uncomment and customize the last line to run in a non-root path 76 | # WARNING: We recommend creating a FQDN to host GitLab in a root path instead of this. 77 | # Note that following settings need to be changed for this to work. 78 | # 1) In your application.rb file: config.relative_url_root = "/gitlab" 79 | # 2) In your gitlab.yml file: relative_url_root: /gitlab 80 | # 3) In your unicorn.rb: ENV['RAILS_RELATIVE_URL_ROOT'] = "/gitlab" 81 | # 4) In ../gitlab-shell/config.yml: gitlab_url: "http://127.0.0.1/gitlab" 82 | # 5) In lib/support/nginx/gitlab : do not use asset gzipping, remove block starting with "location ~ ^/(assets)/" 83 | # 84 | # To update the path, run: sudo -u git -H bundle exec rake assets:precompile RAILS_ENV=production 85 | # 86 | # config.relative_url_root = "/gitlab" 87 | <%- if @gitlab_relative_url_root %> 88 | config.relative_url_root = "<%= @gitlab_relative_url_root %>" 89 | <%- end %> 90 | 91 | config.middleware.use Rack::Attack 92 | 93 | # Allow access to GitLab API from other domains 94 | config.middleware.use Rack::Cors do 95 | allow do 96 | origins '*' 97 | resource '/api/*', headers: :any, methods: [:get, :post, :options, :put, :delete] 98 | end 99 | end 100 | end 101 | end 102 | -------------------------------------------------------------------------------- /templates/backup-gitlab.sh.erb: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | PATH=<%= @exec_path %> 3 | export PATH 4 | 5 | cd <%= @git_home %>/gitlab 6 | bundle exec rake RAILS_ENV=production gitlab:backup:create >/dev/null 7 | 8 | <% if @gitlab_backup_postscript -%> 9 | <%- [@gitlab_backup_postscript].flatten.compact.each do |script|%> 10 | <%= script %> 11 | <%- end -%> 12 | <% end -%> 13 | -------------------------------------------------------------------------------- /templates/database.yml.erb: -------------------------------------------------------------------------------- 1 | # MANAGED BY PUPPET 2 | # Module:: gitlab 3 | # 4 | # PRODUCTION 5 | # 6 | <% case @type -%> 7 | <% when 'mysql' -%> 8 | production: 9 | adapter: mysql2 10 | encoding: utf8 11 | reconnect: false 12 | database: <%= @database %> 13 | pool: 10 14 | username: <%= @username %> 15 | password: '<%= @password %>' 16 | host: <%= @host %> 17 | port: <%= @port %> 18 | # socket: /tmp/mysql.sock 19 | <% when 'pgsql' -%> 20 | production: 21 | adapter: postgresql 22 | encoding: unicode 23 | database: <%= @database %> 24 | pool: 10 25 | username: <%= @username %> 26 | password: '<%= @password %>' 27 | host: <%= @host %> 28 | port: <%= @port %> 29 | # socket: /tmp/postgresql.sock 30 | <% end -%> 31 | -------------------------------------------------------------------------------- /templates/git.gitconfig.erb: -------------------------------------------------------------------------------- 1 | # MANAGED BY PUPPET 2 | # Module:: gitlab 3 | # 4 | [user] 5 | name = "GitLab" 6 | email = <%= @git_email %> 7 | 8 | [core] 9 | editor = vim 10 | autocrlf = input 11 | 12 | [color] 13 | ui = true 14 | log = auto 15 | branch = auto 16 | diff = auto 17 | status = auto 18 | 19 | [alias] 20 | br = branch 21 | st = status 22 | ch = checkout 23 | 24 | <% if @git_proxy %> 25 | [http] 26 | proxy = <%= @git_proxy %> 27 | [https] 28 | proxy = <%= @git_proxy %> 29 | <% end %> 30 | -------------------------------------------------------------------------------- /templates/gitlab-ci-application.yml.erb: -------------------------------------------------------------------------------- 1 | defaults: &defaults 2 | gitlab_server_urls: 3 | # Replace with your gitlab server url 4 | <% Array(@gitlab_server_urls).each do |server| -%> 5 | - <%= server %> 6 | <% end -%> 7 | 8 | ## Gitlab CI settings 9 | gitlab_ci: 10 | ## Web server settings 11 | host: <%= @gitlab_domain %> 12 | port: <%= @gitlab_ssl ? @gitlab_ssl_port : @gitlab_http_port %> 13 | https: <%= @gitlab_ssl %> 14 | 15 | ## Email settings 16 | # Email address used in the "From" field in mails sent by GitLab-CI 17 | email_from: <%= @ci_email %> 18 | 19 | # Email address of your support contact (default: same as email_from) 20 | support_email: <%= @ci_support_email %> 21 | 22 | # Default project notifications settings: 23 | # 24 | # Send emails only on broken builds (default: true) 25 | # all_broken_builds: true 26 | # 27 | # Add committer to recipients list (default: false) 28 | # add_committer: true 29 | 30 | gravatar: 31 | enabled: true 32 | plain_url: "http://www.gravatar.com/avatar/%{hash}?s=%{size}&d=mm" 33 | ssl_url: "https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=mm" 34 | <%- if @omniauth_url %> 35 | gitlab_server: 36 | url: <%= @omniauth_url %> 37 | app_id: <%= @omniauth_app_id %> 38 | app_secret: <%= @omniauth_secret_id %> 39 | <% end -%> 40 | 41 | 42 | development: 43 | <<: *defaults 44 | 45 | test: 46 | <<: *defaults 47 | gitlab_server_urls: 48 | - 'http://demo.gitlab.com/' 49 | 50 | production: 51 | <<: *defaults 52 | -------------------------------------------------------------------------------- /templates/gitlab-shell.config.yml.erb: -------------------------------------------------------------------------------- 1 | # GitLab user. git by default 2 | user: <%= @git_user %> 3 | 4 | # Url to gitlab instance. Used for api calls. Should end with a slash. 5 | gitlab_url: "<%= @gitlab_ssl ? 'https' : 'http' %>://<%= @gitlab_domain %>:<%= @gitlab_ssl ? @gitlab_ssl_port : @gitlab_http_port %><%= @gitlab_relative_url_root ? @gitlab_relative_url_root : '/' %>" 6 | 7 | http_settings: 8 | # user: someone 9 | # password: somepass 10 | # ca_file: /etc/ssl/cert.pem 11 | # ca_path: /etc/pki/tls/certs 12 | self_signed_cert: <%= @gitlab_ssl_self_signed %> 13 | 14 | # Repositories path 15 | # Give the canonicalized absolute pathname, 16 | # REPOS_PATH MUST NOT CONTAIN ANY SYMLINK!!! 17 | # Check twice that none of the components is a symlink, including "/home". 18 | repos_path: "<%= @gitlab_repodir %>/repositories" 19 | 20 | # File used as authorized_keys for gitlab user 21 | auth_file: "<%= @gitlab_auth_file %>" 22 | 23 | # Redis settings used for pushing commit notices to gitlab 24 | redis: 25 | bin: /usr/bin/redis-cli 26 | host: <%= @gitlab_redishost %> 27 | port: <%= @gitlab_redisport %> 28 | # socket: /tmp/redis.socket # Only define this if you want to use sockets 29 | namespace: resque:gitlab 30 | 31 | # Log file. 32 | # Default is gitlab-shell.log in the root directory. 33 | # log_file: "/home/git/gitlab-shell/gitlab-shell.log" 34 | <% if @gitlabshell_log_folder %> 35 | log_file: "<%=@gitlabshell_log_folder%>/gitlab-shell.log" 36 | <% end -%> 37 | 38 | # Log level. INFO by default 39 | log_level: INFO 40 | 41 | # Audit usernames. 42 | # Set to true to see real usernames in the logs instead of key ids, which is easier to follow, but 43 | # incurs an extra API call on every gitlab-shell command. 44 | audit_usernames: false 45 | -------------------------------------------------------------------------------- /templates/gitlab.default.erb: -------------------------------------------------------------------------------- 1 | # MANAGED BY PUPPET 2 | # Module:: gitlab 3 | # 4 | # Copy this lib/support/init.d/gitlab.default.example file to 5 | # /etc/default/gitlab in order for it to apply to your system. 6 | 7 | # RAILS_ENV defines the type of installation that is running. 8 | # Normal values are "production", "test" and "development". 9 | RAILS_ENV="production" 10 | 11 | # app_user defines the user that GitLab is run as. 12 | # The default is "git". 13 | app_user="<%= @git_user %>" 14 | 15 | # app_root defines the folder in which gitlab and it's components are installed. 16 | # The default is "/home/$app_user/gitlab" 17 | app_root="<%= @git_home %>/gitlab" 18 | 19 | # pid_path defines a folder in which the gitlab and it's components place their pids. 20 | # This variable is also used below to define the relevant pids for the gitlab components. 21 | # The default is "$app_root/tmp/pids" 22 | pid_path="$app_root/tmp/pids" 23 | 24 | # socket_path defines the folder in which gitlab places the sockets 25 | #The default is "$app_root/tmp/sockets" 26 | socket_path="$app_root/tmp/sockets" 27 | 28 | # web_server_pid_path defines the path in which to create the pid file fo the web_server 29 | # The default is "$pid_path/unicorn.pid" 30 | web_server_pid_path="$pid_path/unicorn.pid" 31 | 32 | # sidekiq_pid_path defines the path in which to create the pid file for sidekiq 33 | # The default is "$pid_path/sidekiq.pid" 34 | sidekiq_pid_path="$pid_path/sidekiq.pid" 35 | -------------------------------------------------------------------------------- /templates/gitlab.yml.erb: -------------------------------------------------------------------------------- 1 | # Managed by Puppet 2 | # Module gitlab 3 | # 4 | # # # # # # # # # # # # # # # # # # 5 | # GitLab application config file # 6 | # # # # # # # # # # # # # # # # # # 7 | # 8 | # How to use: 9 | # 1. copy file as gitlab.yml 10 | # 2. Replace gitlab -> host with your domain 11 | # 3. Replace gitlab -> email_from 12 | 13 | production: &base 14 | # 15 | # 1. GitLab app settings 16 | # ========================== 17 | 18 | ## GitLab settings 19 | gitlab: 20 | ## Web server settings (note: host is the FQDN, do not include http://) 21 | host: <%= @gitlab_domain %> 22 | port: <%= @gitlab_ssl ? @gitlab_ssl_port : @gitlab_http_port %> 23 | https: <%= @gitlab_ssl %> 24 | 25 | # Uncommment this line below if your ssh host is different from HTTP/HTTPS one 26 | # (you'd obviously need to replace ssh.host_example.com with your own host). 27 | # Otherwise, ssh host will be set to the `host:` value above 28 | # ssh_host: ssh.host_example.com 29 | 30 | # WARNING: See config/application.rb under "Relative url support" for the list of 31 | # other files that need to be changed for relative url support 32 | # relative_url_root: /gitlab 33 | <%- if @gitlab_relative_url_root %> 34 | relative_url_root: <%= @gitlab_relative_url_root %> 35 | <%- end %> 36 | 37 | # Uncomment and customize if you can't use the default user to run GitLab (default: 'git') 38 | # user: git 39 | 40 | # Uncomment and customize if you want to change the default time zone of GitLab application. 41 | # To see all available zones, run `bundle exec rake time:zones:all RAILS_ENV=production` 42 | <%- if @gitlab_time_zone %> 43 | time_zone: <%= @gitlab_time_zone %> 44 | <%- end %> 45 | 46 | ## Email settings 47 | # Uncomment and set to false if you need to disable email sending from GitLab (default: true) 48 | email_enabled: <%= @gitlab_email_enabled %> 49 | # Email address used in the "From" field in mails sent by GitLab 50 | email_from: <%= @git_email %> 51 | email_display_name: <%= @gitlab_email_display_name %> 52 | email_reply_to: <%= @gitlab_email_reply_to %> 53 | 54 | # Email server smtp settings are in config/initializers/smtp_settings.rb.sample 55 | 56 | # Email address of your support contact (default: same as email_from) 57 | support_email: <%= @gitlab_support_email %> 58 | 59 | ## User settings 60 | default_projects_limit: <%= @gitlab_projects %> 61 | # default_can_create_group: false # default: true 62 | # default: true - User can change her username/namespace 63 | username_changing_enabled: <%= @gitlab_username_change ? 'true' : 'false' %> 64 | ## Default theme 65 | ## BASIC = 1 66 | ## MARS = 2 67 | ## MODERN = 3 68 | ## GRAY = 4 69 | ## COLOR = 5 70 | # default_theme: 2 # default: 2 71 | 72 | 73 | ## Users management 74 | # default: false - Account passwords are not sent via the email if signup is enabled. 75 | # signup_enabled: true 76 | # 77 | # default: true - If set to false, standard login form won't be shown on the sign-in page 78 | # signin_enabled: false 79 | 80 | # Restrict setting visibility levels for non-admin users. 81 | # The default is to allow all levels. 82 | <% if @restricted_visibility_levels %> 83 | restricted_visibility_levels: 84 | <% @restricted_visibility_levels.each do |level| %> 85 | - <%= level %> 86 | <% end %> 87 | <% else %> 88 | #restricted_visibility_levels: [ "public" ] 89 | <% end %> 90 | 91 | ## Automatic issue closing 92 | # If a commit message matches this regular expression, all issues referenced from the matched text will be closed. 93 | # This happens when the commit is pushed or merged into the default branch of a project. 94 | # When not specified the default issue_closing_pattern as specified below will be used. 95 | # issue_closing_pattern: '([Cc]lose[sd]|[Ff]ixe[sd]) #(\d+)' 96 | <% if @gitlab_issue_closing_pattern -%> 97 | issue_closing_pattern: '<%= @gitlab_issue_closing_pattern.gsub("'","''") %>' 98 | <% end -%> 99 | 100 | ## Default project features settings 101 | default_projects_features: 102 | issues: <%= @gitlab_default_projects_features_issues %> 103 | merge_requests: <%= @gitlab_default_projects_features_merge_requests %> 104 | wiki: <%= @gitlab_default_projects_features_wiki %> 105 | wall: <%= @gitlab_default_projects_features_wall %> 106 | snippets: <%= @gitlab_default_projects_features_snippets %> 107 | # can be "private" | "internal" | "public" 108 | visibility_level: <%= @gitlab_default_projects_features_visibility_level %> 109 | 110 | ## Webhook settings 111 | # Number of seconds to wait for HTTP response after sending webhook HTTP POST request (default: 10) 112 | webhook_timeout: <%= @gitlab_webhook_timeout %> 113 | 114 | ## Repository downloads directory 115 | # When a user clicks e.g. 'Download zip' on a project, a temporary zip file is created in the following directory. 116 | # The default is 'tmp/repositories' relative to the root of the Rails app. 117 | repository_downloads_path: <%= @gitlab_repository_downloads_path %> 118 | 119 | ## External issues trackers 120 | issues_tracker: 121 | <% if @issues_tracker %> 122 | <% @issues_tracker.keys.sort.each do |name| %> 123 | <%= name %>: 124 | <% @issues_tracker[name].keys.sort.each do |k| %> 125 | <%= k %>: <%= @issues_tracker[name][k] -%> 126 | <% end -%> 127 | <% end -%> 128 | <% else %> 129 | # redmine: 130 | # title: "Redmine" 131 | # ## If not nil, link 'Issues' on project page will be replaced with this 132 | # ## Use placeholders: 133 | # ## :project_id - GitLab project identifier 134 | # ## :issues_tracker_id - Project Name or Id in external issue tracker 135 | # project_url: "http://redmine.sample/projects/:issues_tracker_id" 136 | # 137 | # ## If not nil, links from /#\d/ entities from commit messages will replaced with this 138 | # ## Use placeholders: 139 | # ## :project_id - GitLab project identifier 140 | # ## :issues_tracker_id - Project Name or Id in external issue tracker 141 | # ## :id - Issue id (from commit messages) 142 | # issues_url: "http://redmine.sample/issues/:id" 143 | # 144 | # ## If not nil, links to creating new issues will be replaced with this 145 | # ## Use placeholders: 146 | # ## :project_id - GitLab project identifier 147 | # ## :issues_tracker_id - Project Name or Id in external issue tracker 148 | # new_issue_url: "http://redmine.sample/projects/:issues_tracker_id/issues/new" 149 | # 150 | # jira: 151 | # title: "Atlassian Jira" 152 | # project_url: "http://jira.sample/issues/?jql=project=:issues_tracker_id" 153 | # issues_url: "http://jira.sample/browse/:id" 154 | # new_issue_url: "http://jira.sample/secure/CreateIssue.jspa" 155 | <% end %> 156 | 157 | ## Gravatar 158 | gravatar: 159 | enabled: <%= @gravatar_enabled %> # Use user avatar image from Gravatar.com (default: true) 160 | # gravatar urls: possible placeholders: %{hash} %{size} %{email} 161 | # plain_url: "http://..." # default: http://www.gravatar.com/avatar/%{hash}?s=%{size}&d=mm 162 | # ssl_url: "https://..." # default: https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=mm 163 | 164 | # 165 | # 2. Auth settings 166 | # ========================== 167 | 168 | ## LDAP settings 169 | # You can inspect a sample of the LDAP users with login access by running: 170 | # bundle exec rake gitlab:ldap:check RAILS_ENV=production 171 | ldap: 172 | enabled: <%= @ldap_enabled %> 173 | host: '<%= @ldap_host %>' 174 | port: <%= @ldap_port %> 175 | uid: '<%= @ldap_uid %>' 176 | # "tls" or "ssl" or "plain" 177 | method: '<%= @ldap_method %>' 178 | <% if @ldap_bind_dn != '' -%> 179 | bind_dn: '<%= @ldap_bind_dn %>' 180 | password: '<%= @ldap_bind_password %>' 181 | <% end -%> 182 | 183 | # This setting specifies if LDAP server is Active Directory LDAP server. 184 | # For non AD servers it skips the AD specific queries. 185 | # If your LDAP server is not AD, set this to false. 186 | active_directory: <%= @ldap_active_directory %> 187 | 188 | # If allow_username_or_email_login is enabled, GitLab will ignore everything 189 | # after the first '@' in the LDAP username submitted by the user on login. 190 | # 191 | # Example: 192 | # - the user enters 'jane.doe@example.com' and 'p@ssw0rd' as LDAP credentials; 193 | # - GitLab queries the LDAP server with 'jane.doe' and 'p@ssw0rd'. 194 | # 195 | # If you are using "uid: 'userPrincipalName'" on ActiveDirectory you need to 196 | # disable this setting, because the userPrincipalName contains an '@'. 197 | allow_username_or_email_login: true 198 | 199 | 200 | # To maintain tight control over the number of active users on your GitLab installation, 201 | # enable this setting to keep new users blocked until they have been cleared by the admin 202 | # (default: false). 203 | block_auto_created_users: <%= @ldap_block_auto_created_users %> 204 | 205 | # Base where we can search for users 206 | # 207 | # Ex. ou=People,dc=gitlab,dc=example 208 | # 209 | base: '<%= @ldap_base %>' 210 | 211 | # Filter LDAP users 212 | # 213 | # Format: RFC 4515 214 | # Ex. (employeeType=developer) 215 | # 216 | user_filter: '<%= @ldap_user_filter -%>' 217 | 218 | # EE settings 219 | <% if @ldap_sync_time!= '' -%> 220 | sync_time: <%=@ldap_sync_time%> 221 | <% end -%> 222 | <% if @ldap_group_base!= '' -%> 223 | group_base: <%=@ldap_group_base%> 224 | <% end -%> 225 | <% if @ldap_sync_ssh_keys!= '' -%> 226 | sync_ssh_keys: <%=@ldap_sync_ssh_keys%> 227 | <% end -%> 228 | <% if @ldap_admin_group!= '' -%> 229 | admin_group: <%=@ldap_admin_group%> 230 | <% end -%> 231 | 232 | 233 | ## OmniAuth settings 234 | omniauth: 235 | <% if @omniauth -%> 236 | <% @omniauth.keys.reject{|param| param=="providers"}.sort.each do |param| -%> 237 | <%= param %>: <%= @omniauth[param] %> 238 | <% end -%> 239 | providers: 240 | <% @omniauth["providers"] && @omniauth["providers"].each do |provider| -%> 241 | - 242 | <% provider.keys.reject{|key| key=="args"}.sort.each do |key| -%> 243 | <%= key %>: <%= provider[key] %> 244 | <% end -%> 245 | args: 246 | <% provider["args"] && provider["args"].keys.sort.each do |arg| -%> 247 | <%= arg %>: <%= provider["args"][arg] %> 248 | <% end -%> 249 | <% end -%> 250 | <% else %> 251 | # Allow login via Twitter, Google, etc. using OmniAuth providers 252 | enabled: false 253 | 254 | # CAUTION! 255 | # This allows users to login without having a user account first (default: false). 256 | # User accounts will be created automatically when authentication was successful. 257 | allow_single_sign_on: false 258 | # Locks down those users until they have been cleared by the admin (default: true). 259 | block_auto_created_users: true 260 | 261 | ## Auth providers 262 | # Uncomment the following lines and fill in the data of the auth provider you want to use 263 | # If your favorite auth provider is not listed you can use others: 264 | # see https://github.com/gitlabhq/gitlab-public-wiki/wiki/Custom-omniauth-provider-configurations 265 | # The 'app_id' and 'app_secret' parameters are always passed as the first two 266 | # arguments, followed by optional 'args' which can be either a hash or an array. 267 | # Documentation for this is available at http://doc.gitlab.com/ce/integration/omniauth.html 268 | providers: 269 | # - { name: 'google_oauth2', app_id: 'YOUR APP ID', 270 | # app_secret: 'YOUR APP SECRET', 271 | # args: { access_type: 'offline', approval_prompt: '' } } 272 | # - { name: 'twitter', app_id: 'YOUR APP ID', 273 | # app_secret: 'YOUR APP SECRET'} 274 | # - { name: 'github', app_id: 'YOUR APP ID', 275 | # app_secret: 'YOUR APP SECRET', 276 | # args: { scope: 'user:email' } } 277 | <% end %> 278 | 279 | 280 | # 281 | # 3. Advanced settings 282 | # ========================== 283 | 284 | # GitLab Satellites 285 | satellites: 286 | # Relative paths are relative to Rails.root (default: tmp/repo_satellites/) 287 | path: <%= @gitlab_satellitedir %>/gitlab-satellites/ 288 | 289 | ## Backup settings 290 | backup: 291 | # Relative paths are relative to Rails.root (default: tmp/backups/) 292 | path: <%= @gitlab_backup_path %> 293 | # default: 0 (forever) (in seconds) 294 | keep_time: <%= @gitlab_backup_keep_time %> 295 | 296 | ## GitLab Shell settings 297 | gitlab_shell: 298 | path: <%= @git_home %>/gitlab-shell/ 299 | 300 | # REPOS_PATH MUST NOT BE A SYMLINK!!! 301 | repos_path: <%= @gitlab_repodir %>/repositories/ 302 | hooks_path: <%= @git_home %>/gitlab-shell/hooks/ 303 | 304 | # File that contains the secret key for verifying access for gitlab-shell. 305 | # Default is '.gitlab_shell_secret' relative to Rails.root (i.e. root of the GitLab app). 306 | <% if @gitlab_secret_file -%> 307 | secret_file: <%= @gitlab_secret_file %> 308 | <% else -%> 309 | # secret_file: /home/git/gitlab/.gitlab_shell_secret 310 | <% end -%> 311 | 312 | # Git over HTTP 313 | upload_pack: true 314 | receive_pack: true 315 | 316 | # If you use non-standard ssh port you need to specify it 317 | ssh_port: <%= @ssh_port %> 318 | 319 | ## Git settings 320 | # CAUTION! 321 | # Use the default values unless you really know what you are doing 322 | git: 323 | bin_path: <%= @git_bin_path %> 324 | # The next value is the maximum memory size grit can use 325 | # Given in number of bytes per git object (e.g. a commit) 326 | # This value can be increased if you have very large commits 327 | # 5.megabytes 328 | max_size: <%= @git_max_size %> 329 | # Git timeout to read a commit, in seconds 330 | timeout: <%= @git_timeout %> 331 | 332 | # 333 | # 4. Extra customization 334 | # ========================== 335 | 336 | extra: 337 | ## Google analytics. Uncomment if you want it 338 | <% if @google_analytics_id != '' %> 339 | google_analytics_id: <%= @google_analytics_id %> 340 | <% else %> 341 | # google_analytics_id: '_your_tracking_id' 342 | <% end %> 343 | 344 | ## Piwik analytics. 345 | # piwik_url: '_your_piwik_url' 346 | # piwik_site_id: '_your_piwik_site_id' 347 | 348 | ## Text under sign-in page (Markdown enabled) 349 | <% if @company_logo_url != '' or @company_link != '' or @company_name != '' %> 350 | sign_in_text: | 351 | <% if @company_logo_url != '' %> 352 | ![Company Logo](<%= @company_logo_url %>) 353 | <% end %> 354 | <% if @company_name != '' and @company_link != '' %> 355 | [Learn more about <%= @company_name %>](<%= @company_link %>) 356 | <% elsif @company_name != '' %> 357 | <%= @company_name %> 358 | <% else %> 359 | <%= @company_link %> 360 | <% end %> 361 | <% else %> 362 | # sign_in_text: | 363 | # ![Company Logo](http://www.companydomain.com/logo.png) 364 | # [Learn more about CompanyName](http://www.companydomain.com/) 365 | <% end %> 366 | 367 | development: 368 | <<: *base 369 | 370 | test: 371 | <<: *base 372 | gravatar: 373 | enabled: true 374 | gitlab: 375 | host: localhost 376 | port: 80 377 | issues_tracker: 378 | redmine: 379 | title: "Redmine" 380 | project_url: "http://redmine/projects/:issues_tracker_id" 381 | issues_url: "http://redmine/:project_id/:issues_tracker_id/:id" 382 | new_issue_url: "http://redmine/projects/:issues_tracker_id/issues/new" 383 | 384 | staging: 385 | <<: *base 386 | -------------------------------------------------------------------------------- /templates/nginx-gitlab.conf.erb: -------------------------------------------------------------------------------- 1 | # GITLAB 2 | # Maintainer: @randx 3 | 4 | # CHUNKED TRANSFER 5 | # It is a known issue that Git-over-HTTP requires chunked transfer encoding [0] which is not 6 | # supported by Nginx < 1.3.9 [1]. As a result, pushing a large object with Git (i.e. a single large file) 7 | # can lead to a 411 error. In theory you can get around this by tweaking this configuration file and either 8 | # - installing an old version of Nginx with the chunkin module [2] compiled in, or 9 | # - using a newer version of Nginx. 10 | # 11 | # At the time of writing we do not know if either of these theoretical solutions works. As a workaround 12 | # users can use Git over SSH to push large files. 13 | # 14 | # [0] https://git.kernel.org/cgit/git/git.git/tree/Documentation/technical/http-protocol.txt#n99 15 | # [1] https://github.com/agentzh/chunkin-nginx-module#status 16 | # [2] https://github.com/agentzh/chunkin-nginx-module 17 | 18 | upstream <%= @proxy_name %> { 19 | server unix:<%= @socket_path %>; 20 | } 21 | 22 | <% if @gitlab_ssl %> 23 | server { 24 | listen <%= @gitlab_http_port %>; 25 | listen [::]:<%= @gitlab_http_port %> ipv6only=on; 26 | server_name <%= @gitlab_domain_alias ? @gitlab_domain+' '+@gitlab_domain_alias : @gitlab_domain %>; 27 | server_tokens off; 28 | root /nowhere; 29 | rewrite ^ https://$server_name$request_uri permanent; 30 | } 31 | <% end %> 32 | 33 | server { 34 | # e.g., listen 192.168.1.1:80; 35 | listen <%= @gitlab_ssl ? @gitlab_ssl_port : @gitlab_http_port %>; 36 | listen [::]:<%= @gitlab_ssl ? @gitlab_ssl_port : @gitlab_http_port %> ipv6only=on; 37 | # e.g., server_name source.example.com; 38 | server_name <%= @gitlab_domain_alias ? @gitlab_domain+' '+@gitlab_domain_alias : @gitlab_domain %>; 39 | server_tokens off; 40 | root <%= @root_path %>; 41 | 42 | # Increase this if you want to upload large attachments 43 | # Or if you want to accept large git objects over http 44 | client_max_body_size 20m; 45 | 46 | <% if @gitlab_ssl %> 47 | gzip off; 48 | ssl on; 49 | ssl_certificate <%= @gitlab_ssl_cert %>; 50 | ssl_certificate_key <%= @gitlab_ssl_key %>; 51 | # please see https://github.com/sbadia/puppet-gitlab/pull/104 52 | # ssl_protocols TLSv1.2 TLSv1.1 TLSv1; 53 | # ssl_ciphers AES:HIGH:!aNULL:!RC4:!MD5:!ADH:!MDF; 54 | ssl_prefer_server_ciphers on; 55 | ssl_protocols <%= @gitlab_ssl_protocols %>; 56 | ssl_ciphers <%= @gitlab_ssl_ciphers %>; 57 | <% end %> 58 | 59 | # individual nginx logs for this gitlab vhost 60 | access_log /var/log/nginx/<%= @proxy_name %>_access.log; 61 | error_log /var/log/nginx/<%= @proxy_name %>_error.log; 62 | 63 | location / { 64 | # serve static files from defined root folder;. 65 | # @gitlab is a named location for the upstream fallback, see below 66 | try_files $uri $uri/index.html $uri.html @<%= @proxy_name %>; 67 | } 68 | 69 | # Enable gzip compression as per rails guide: http://guides.rubyonrails.org/asset_pipeline.html#gzip-compression 70 | location ~ ^/(assets)/ { 71 | root <%= @root_path %>; 72 | gzip_static on; # to serve pre-gzipped version 73 | expires max; 74 | add_header Cache-Control public; 75 | } 76 | 77 | # if a file, which is not found in the root folder is requested, 78 | # then the proxy pass the request to the upsteam (gitlab unicorn) 79 | location @<%= @proxy_name %> { 80 | # https://github.com/gitlabhq/gitlabhq/issues/694 81 | proxy_read_timeout <%= @gitlab_http_timeout %>; 82 | # https://github.com/gitlabhq/gitlabhq/issues/694 83 | proxy_connect_timeout <%= @gitlab_http_timeout %>; 84 | proxy_redirect off; 85 | 86 | proxy_set_header X-Forwarded-Proto $scheme; 87 | <% if @gitlab_ssl %> 88 | proxy_set_header X-Forwarded-Ssl on; 89 | <% end %> 90 | proxy_set_header Host $http_host; 91 | proxy_set_header X-Real-IP $remote_addr; 92 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 93 | 94 | proxy_pass http://<%= @proxy_name %>; 95 | } 96 | 97 | error_page 502 /502.html; 98 | } 99 | 100 | -------------------------------------------------------------------------------- /templates/resque.yml.erb: -------------------------------------------------------------------------------- 1 | production: redis://<%= @redis_host %>:<%= @redis_port %> 2 | -------------------------------------------------------------------------------- /templates/unicorn.rb.erb: -------------------------------------------------------------------------------- 1 | # Sample verbose configuration file for Unicorn (not Rack) 2 | # MANAGED BY PUPPET 3 | # 4 | # Module:: gitlab 5 | # 6 | # 7 | # This configuration file documents many features of Unicorn 8 | # that may not be needed for some applications. See 9 | # http://unicorn.bogomips.org/examples/unicorn.conf.minimal.rb 10 | # for a much simpler configuration file. 11 | # 12 | # See http://unicorn.bogomips.org/Unicorn/Configurator.html for complete 13 | # documentation. 14 | 15 | # Uncomment and customize the last line to run in a non-root path 16 | # WARNING: We recommend creating a FQDN to host GitLab in a root path instead of this. 17 | # Note that four settings need to be changed for this to work. 18 | # 1) In your application.rb file: config.relative_url_root = "/<%= @name %>" 19 | # 2) In your <%= @name %>.yml file: relative_url_root: /<%= @name %> 20 | # 3) In your unicorn.rb: ENV['RAILS_RELATIVE_URL_ROOT'] = "/<%= @name %>" 21 | # 4) In ../<%= @name %>-shell/config.yml: <%= @name %>_url: "http://127.0.0.1/<%= @name %>" 22 | # To update the path, run: sudo -u git -H bundle exec rake assets:precompile RAILS_ENV=production 23 | # 24 | <%- if @relative_url_root %> 25 | ENV['RAILS_RELATIVE_URL_ROOT'] = "<%= @relative_url_root %>" 26 | <%- end %> 27 | 28 | # Use at least one worker per core if you're on a dedicated server, 29 | # more will usually help for _short_ waits on databases/caches. 30 | worker_processes <%= @unicorn_worker %> 31 | 32 | # Since Unicorn is never exposed to outside clients, it does not need to 33 | # run on the standard HTTP port (80), there is no reason to start Unicorn 34 | # as root unless it's from system init scripts. 35 | # If running the master process as root and the workers as an unprivileged 36 | # user, do this to switch euid/egid in the workers (also chowns logs): 37 | # user "unprivileged_user", "unprivileged_group" 38 | 39 | # Help ensure your application will always spawn in the symlinked 40 | # "current" directory that Capistrano sets up. 41 | # available in 0.94.0+ 42 | working_directory "<%= @home %>/<%= @name %>" 43 | 44 | # listen on both a Unix domain socket and a TCP port, 45 | # we use a shorter backlog for quicker failover when busy 46 | listen "<%= @home %>/<%= @name %>/tmp/sockets/<%= @name %>.socket", :backlog => 64 47 | listen "<%= @unicorn_listen %>:<%= @unicorn_port %>", :tcp_nopush => true 48 | 49 | # nuke workers after 30 seconds instead of 60 seconds (the default) 50 | timeout <%= @http_timeout %> 51 | 52 | # feel free to point this anywhere accessible on the filesystem 53 | pid "<%= @home %>/<%= @name %>/tmp/pids/unicorn.pid" 54 | 55 | # By default, the Unicorn logger will write to stderr. 56 | # Additionally, some applications/frameworks log to stderr or stdout, 57 | # so prevent them from going to /dev/null when daemonized here: 58 | stderr_path "<%= @home %>/<%= @name %>/log/unicorn.stderr.log" 59 | stdout_path "<%= @home %>/<%= @name %>/log/unicorn.stdout.log" 60 | 61 | # combine Ruby 2.0.0dev or REE with "preload_app true" for memory savings 62 | # http://rubyenterpriseedition.com/faq.html#adapt_apps_for_cow 63 | preload_app true 64 | GC.respond_to?(:copy_on_write_friendly=) and 65 | GC.copy_on_write_friendly = true 66 | 67 | # Enable this flag to have unicorn test client connections by writing the 68 | # beginning of the HTTP headers before calling the application. This 69 | # prevents calling the application for connections that have disconnected 70 | # while queued. This is only guaranteed to detect clients on the same 71 | # host unicorn runs on, and unlikely to detect disconnects even on a 72 | # fast LAN. 73 | check_client_connection false 74 | 75 | before_fork do |server, worker| 76 | # the following is highly recomended for Rails + "preload_app true" 77 | # as there's no need for the master process to hold a connection 78 | defined?(ActiveRecord::Base) and 79 | ActiveRecord::Base.connection.disconnect! 80 | 81 | # The following is only recommended for memory/DB-constrained 82 | # installations. It is not needed if your system can house 83 | # twice as many worker_processes as you have configured. 84 | # 85 | # This allows a new master process to incrementally 86 | # phase out the old master process with SIGTTOU to avoid a 87 | # thundering herd (especially in the "preload_app false" case) 88 | # when doing a transparent upgrade. The last worker spawned 89 | # will then kill off the old master process with a SIGQUIT. 90 | old_pid = "#{server.config[:pid]}.oldbin" 91 | if old_pid != server.pid 92 | begin 93 | sig = (worker.nr + 1) >= server.worker_processes ? :QUIT : :TTOU 94 | Process.kill(sig, File.read(old_pid).to_i) 95 | rescue Errno::ENOENT, Errno::ESRCH 96 | end 97 | end 98 | # 99 | # Throttle the master from forking too quickly by sleeping. Due 100 | # to the implementation of standard Unix signal handlers, this 101 | # helps (but does not completely) prevent identical, repeated signals 102 | # from being lost when the receiving process is busy. 103 | # sleep 1 104 | end 105 | 106 | after_fork do |server, worker| 107 | # per-process listener ports for debugging/admin/migrations 108 | # addr = "127.0.0.1:#{9293 + worker.nr}" 109 | # server.listen(addr, :tries => -1, :delay => 5, :tcp_nopush => true) 110 | 111 | # the following is *required* for Rails + "preload_app true", 112 | defined?(ActiveRecord::Base) and 113 | ActiveRecord::Base.establish_connection 114 | 115 | # if preload_app is true, then you may also want to check and 116 | # restart any other shared sockets/descriptors such as Memcached, 117 | # and Redis. TokyoCabinet file handles are safe to reuse 118 | # between any number of forked children (assuming your kernel 119 | # correctly implements pread()/pwrite() system calls) 120 | end 121 | -------------------------------------------------------------------------------- /tests/init.pp: -------------------------------------------------------------------------------- 1 | include ::gitlab 2 | --------------------------------------------------------------------------------