├── templates ├── .gitkeep ├── .pgpass.epp └── gitlab.rb.erb ├── spec ├── fixtures │ ├── hieradata │ │ └── default.yaml │ └── hiera.yaml ├── setup_acceptance_node.pp ├── acceptance │ ├── nodesets │ │ ├── centos-6-docker.yml │ │ ├── centos-7-docker.yml │ │ ├── debian-76-x64.yml │ │ ├── debian-609-x64.yml │ │ └── ubuntu-server-1404-docker.yml │ └── gitlab_spec.rb ├── spec_helper.rb ├── spec_helper_acceptance.rb ├── defines │ ├── system_hook_spec.rb │ ├── global_hook_spec.rb │ └── custom_hook_spec.rb └── classes │ └── init_spec.rb ├── tasks ├── post_upgrade.sh ├── post_upgrade.json ├── postgres_upgrade.json └── postgres_upgrade.sh ├── files └── gitlab_shell_authorized_keys ├── .msync.yml ├── .github ├── labeler.yml ├── workflows │ ├── labeler.yml │ ├── ci.yml │ ├── release.yml │ └── prepare_release.yml ├── PULL_REQUEST_TEMPLATE.md ├── ISSUE_TEMPLATE.md └── release.yml ├── .puppet-lint.rc ├── .rubocop.yml ├── .fixtures.yml ├── .editorconfig ├── hiera.yaml ├── .gitignore ├── examples └── init.pp ├── data ├── os │ └── Ubuntu.yaml └── family │ ├── Debian.yaml │ └── RedHat.yaml ├── .pmtignore ├── manifests ├── backup.pp ├── install.pp ├── system_hook.pp ├── global_hook.pp ├── service.pp ├── omnibus_package_repository.pp ├── custom_hook.pp ├── host_config.pp ├── omnibus_config.pp └── init.pp ├── Gemfile ├── Rakefile ├── .sync.yml ├── LICENSE ├── .overcommit.yml ├── .rubocop_todo.yml ├── metadata.json ├── Vagrantfile ├── README.md └── REFERENCE.md /templates/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /spec/fixtures/hieradata/default.yaml: -------------------------------------------------------------------------------- 1 | gitlab_ci_runners: 2 | test_runner: {} 3 | -------------------------------------------------------------------------------- /templates/.pgpass.epp: -------------------------------------------------------------------------------- 1 | <%- | 2 | String $pgbouncer_password 3 | | -%> 4 | 127.0.0.1:*:pgbouncer:pgbouncer:<%= $pgbouncer_password -%> 5 | -------------------------------------------------------------------------------- /tasks/post_upgrade.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo 'Cleaning up leftover files from upgrade...' 3 | rm -rf /var/opt/gitlab/postgresql/data.9.2.18 4 | -------------------------------------------------------------------------------- /spec/fixtures/hiera.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | :backends: 3 | - yaml 4 | :yaml: 5 | :datadir: './spec/fixtures/hieradata' 6 | :hierarchy: 7 | - 'default' 8 | -------------------------------------------------------------------------------- /files/gitlab_shell_authorized_keys: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [[ "$1" == "git" ]]; then 4 | /opt/gitlab/embedded/service/gitlab-shell/bin/authorized_keys $2 5 | fi 6 | -------------------------------------------------------------------------------- /tasks/post_upgrade.json: -------------------------------------------------------------------------------- 1 | { 2 | "description": "Cleans up old postgres database after upgrade", 3 | "supports_noop": false, 4 | "input_method": "environment" 5 | } 6 | -------------------------------------------------------------------------------- /tasks/postgres_upgrade.json: -------------------------------------------------------------------------------- 1 | { 2 | "description": "Upgrades the postgres database if needed", 3 | "supports_noop": false, 4 | "input_method": "environment" 5 | } 6 | -------------------------------------------------------------------------------- /.msync.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Managed by modulesync - DO NOT EDIT 3 | # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/ 4 | 5 | modulesync_config_version: '10.4.0' 6 | -------------------------------------------------------------------------------- /.github/labeler.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Managed by modulesync - DO NOT EDIT 3 | # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/ 4 | 5 | skip-changelog: 6 | - head-branch: ['^release-*', 'release'] 7 | -------------------------------------------------------------------------------- /.puppet-lint.rc: -------------------------------------------------------------------------------- 1 | # Managed by modulesync - DO NOT EDIT 2 | # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/ 3 | 4 | --fail-on-warnings 5 | --no-parameter_documentation-check 6 | --no-parameter_types-check 7 | -------------------------------------------------------------------------------- /.rubocop.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Managed by modulesync - DO NOT EDIT 3 | # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/ 4 | 5 | inherit_from: .rubocop_todo.yml 6 | inherit_gem: 7 | voxpupuli-test: rubocop.yml 8 | -------------------------------------------------------------------------------- /spec/setup_acceptance_node.pp: -------------------------------------------------------------------------------- 1 | if $facts['os']['name'] == 'Ubuntu' { 2 | # Facter < 4 needs lsb-release for os.distro.codename 3 | if versioncmp($facts['facterversion'], '4.0.0') <= 0 { 4 | package { 'lsb-release': 5 | ensure => installed, 6 | } 7 | } 8 | } 9 | -------------------------------------------------------------------------------- /.fixtures.yml: -------------------------------------------------------------------------------- 1 | --- 2 | fixtures: 3 | repositories: 4 | apt: https://github.com/puppetlabs/puppetlabs-apt.git 5 | docker: https://github.com/puppetlabs/puppetlabs-docker.git 6 | stdlib: https://github.com/puppetlabs/puppetlabs-stdlib.git 7 | yumrepo_core: https://github.com/puppetlabs/puppetlabs-yumrepo_core.git 8 | -------------------------------------------------------------------------------- /spec/acceptance/nodesets/centos-6-docker.yml: -------------------------------------------------------------------------------- 1 | HOSTS: 2 | centos-6-x64: 3 | platform: el-6-x86_64 4 | hypervisor : docker 5 | image: centos:6 6 | docker_preserve_image: true 7 | docker_cmd: '["/sbin/init"]' 8 | docker_preserve_image: true 9 | CONFIG: 10 | type: foss 11 | log_level: debug 12 | -------------------------------------------------------------------------------- /spec/acceptance/nodesets/centos-7-docker.yml: -------------------------------------------------------------------------------- 1 | HOSTS: 2 | centos-7-x64: 3 | platform: el-7-x86_64 4 | hypervisor : docker 5 | image: centos:7 6 | docker_preserve_image: true 7 | docker_cmd: '["/sbin/init"]' 8 | docker_preserve_image: true 9 | CONFIG: 10 | type: foss 11 | log_level: debug 12 | -------------------------------------------------------------------------------- /spec/acceptance/nodesets/debian-76-x64.yml: -------------------------------------------------------------------------------- 1 | HOSTS: 2 | debian-76-x64: 3 | roles: 4 | - master 5 | platform: debian-7-amd64 6 | box: puppetlabs/debian-7.6-64-nocm 7 | box_url: https://vagrantcloud.com/puppetlabs/boxes/debian-7.6-64-nocm 8 | hypervisor: vagrant 9 | 10 | CONFIG: 11 | log_level: verbose 12 | type: foss 13 | -------------------------------------------------------------------------------- /spec/acceptance/nodesets/debian-609-x64.yml: -------------------------------------------------------------------------------- 1 | HOSTS: 2 | debian-609-x64: 3 | roles: 4 | - master 5 | platform: debian-6-amd64 6 | box: puppetlabs/debian-6.0.9-64-nocm 7 | box_url: https://vagrantcloud.com/puppetlabs/boxes/debian-6.0.9-64-nocm 8 | hypervisor: vagrant 9 | 10 | CONFIG: 11 | log_level: verbose 12 | type: foss 13 | -------------------------------------------------------------------------------- /.editorconfig: -------------------------------------------------------------------------------- 1 | # editorconfig.org 2 | 3 | # Managed by modulesync - DO NOT EDIT 4 | # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/ 5 | 6 | root = true 7 | 8 | [*] 9 | charset = utf-8 10 | end_of_line = lf 11 | indent_size = 2 12 | tab_width = 2 13 | indent_style = space 14 | insert_final_newline = true 15 | trim_trailing_whitespace = true 16 | -------------------------------------------------------------------------------- /spec/acceptance/nodesets/ubuntu-server-1404-docker.yml: -------------------------------------------------------------------------------- 1 | HOSTS: 2 | ubuntu-14-04: 3 | platform: ubuntu-14.04-amd64 4 | image: ubuntu:14.04 5 | hypervisor: docker 6 | docker_cmd: '["/sbin/init"]' 7 | docker_image_commands: 8 | - 'apt-get install -y net-tools wget curl' 9 | - 'locale-gen en_US.UTF-8' 10 | docker_preserve_image: true 11 | CONFIG: 12 | type: foss 13 | log_level: debug 14 | -------------------------------------------------------------------------------- /hiera.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | version: 5 3 | 4 | defaults: 5 | datadir: 'data' 6 | data_hash: yaml_data 7 | 8 | hierarchy: 9 | - name: 'OS Major Release Overrides' 10 | path: "family/%{facts.os.family}/%{facts.os.release.major}.yaml" 11 | - name: 'Operating System' 12 | path: "os/%{facts.os.name}.yaml" 13 | - name: 'Operating System Family' 14 | path: "family/%{facts.os.family}.yaml" 15 | - name: 'Defaults' 16 | path: 'defaults.yaml' 17 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Managed by modulesync - DO NOT EDIT 2 | # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/ 3 | 4 | /pkg/ 5 | /Gemfile.lock 6 | /Gemfile.local 7 | /vendor/ 8 | /.vendor/ 9 | /spec/fixtures/manifests/ 10 | /spec/fixtures/modules/ 11 | /.vagrant/ 12 | /.bundle/ 13 | /.ruby-version 14 | /coverage/ 15 | /log/ 16 | /.idea/ 17 | /.dependencies/ 18 | /.librarian/ 19 | /Puppetfile.lock 20 | *.iml 21 | .*.sw? 22 | /.yardoc/ 23 | /Guardfile 24 | bolt-debug.log 25 | .rerun.json 26 | -------------------------------------------------------------------------------- /.github/workflows/labeler.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Managed by modulesync - DO NOT EDIT 3 | # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/ 4 | 5 | name: "Pull Request Labeler" 6 | 7 | # yamllint disable-line rule:truthy 8 | on: 9 | pull_request_target: {} 10 | 11 | permissions: 12 | contents: read 13 | pull-requests: write 14 | 15 | jobs: 16 | labeler: 17 | permissions: 18 | contents: read 19 | pull-requests: write 20 | runs-on: ubuntu-latest 21 | steps: 22 | - uses: actions/labeler@v5 23 | -------------------------------------------------------------------------------- /examples/init.pp: -------------------------------------------------------------------------------- 1 | # The baseline for module testing used by Puppet Labs is that each manifest 2 | # should have a corresponding test manifest that declares that class or defined 3 | # type. 4 | # 5 | # Tests are then run by using puppet apply --noop (to check for compilation 6 | # errors and view a log of events) or by fully applying the test in a virtual 7 | # environment (to compare the resulting system state to the desired state). 8 | # 9 | # Learn more about module testing here: 10 | # http://docs.puppetlabs.com/guides/tests_smoke.html 11 | # 12 | include gitlab 13 | -------------------------------------------------------------------------------- /.github/workflows/ci.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Managed by modulesync - DO NOT EDIT 3 | # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/ 4 | 5 | name: CI 6 | 7 | # yamllint disable-line rule:truthy 8 | on: 9 | pull_request: {} 10 | push: 11 | branches: 12 | - main 13 | - master 14 | 15 | concurrency: 16 | group: ${{ github.ref_name }} 17 | cancel-in-progress: true 18 | 19 | permissions: 20 | contents: read 21 | 22 | jobs: 23 | puppet: 24 | name: Puppet 25 | uses: voxpupuli/gha-puppet/.github/workflows/beaker.yml@v4 26 | with: 27 | beaker_hypervisor: 'docker' 28 | -------------------------------------------------------------------------------- /data/os/Ubuntu.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | gitlab::repository_configuration: 4 | 'apt::source': 5 | "gitlab_official_ce": 6 | comment: 'Official repository for GitLab Omnibus' 7 | location: "https://packages.gitlab.com/gitlab/gitlab-ce/ubuntu" 8 | key: 9 | name: 'gitlab_ce.asc' 10 | source: 'https://packages.gitlab.com/gpg.key' 11 | "gitlab_official_ee": 12 | comment: 'Official repository for GitLab Omnibus' 13 | location: "https://packages.gitlab.com/gitlab/gitlab-ee/ubuntu" 14 | key: 15 | name: 'gitlab_ee.asc' 16 | source: 'https://packages.gitlab.com/gpg.key' 17 | -------------------------------------------------------------------------------- /data/family/Debian.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | gitlab::repository_configuration: 4 | 'apt::source': 5 | "gitlab_official_ce": 6 | comment: 'Official repository for GitLab Omnibus' 7 | location: "https://packages.gitlab.com/gitlab/gitlab-ce/debian" 8 | key: 9 | name: 'gitlab_ce.asc' 10 | source: 'https://packages.gitlab.com/gpg.key' 11 | "gitlab_official_ee": 12 | comment: 'Official repository for GitLab Omnibus' 13 | location: "https://packages.gitlab.com/gitlab/gitlab-ee/debian" 14 | key: 15 | name: 'gitlab_ee.asc' 16 | source: 'https://packages.gitlab.com/gpg.key' 17 | -------------------------------------------------------------------------------- /.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | 9 | #### Pull Request (PR) description 10 | 13 | 14 | #### This Pull Request (PR) fixes the following issues 15 | 21 | -------------------------------------------------------------------------------- /.pmtignore: -------------------------------------------------------------------------------- 1 | # Managed by modulesync - DO NOT EDIT 2 | # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/ 3 | 4 | /docs/ 5 | /pkg/ 6 | /Gemfile 7 | /Gemfile.lock 8 | /Gemfile.local 9 | /vendor/ 10 | /.vendor/ 11 | /spec/ 12 | /Rakefile 13 | /.vagrant/ 14 | /.bundle/ 15 | /.ruby-version 16 | /coverage/ 17 | /log/ 18 | /.idea/ 19 | /.dependencies/ 20 | /.github/ 21 | /.librarian/ 22 | /Puppetfile.lock 23 | /Puppetfile 24 | *.iml 25 | /.editorconfig 26 | /.fixtures.yml 27 | /.gitignore 28 | /.msync.yml 29 | /.overcommit.yml 30 | /.pmtignore 31 | /.rspec 32 | /.rspec_parallel 33 | /.rubocop.yml 34 | /.sync.yml 35 | .*.sw? 36 | /.yardoc/ 37 | /.yardopts 38 | /Dockerfile 39 | /HISTORY.md 40 | -------------------------------------------------------------------------------- /.github/workflows/release.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Managed by modulesync - DO NOT EDIT 3 | # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/ 4 | 5 | name: Release 6 | 7 | # yamllint disable-line rule:truthy 8 | on: 9 | push: 10 | tags: 11 | - '*' 12 | 13 | permissions: 14 | contents: write 15 | 16 | jobs: 17 | release: 18 | name: Release 19 | uses: voxpupuli/gha-puppet/.github/workflows/release.yml@v3 20 | with: 21 | allowed_owner: 'voxpupuli' 22 | secrets: 23 | # Configure secrets here: 24 | # https://docs.github.com/en/actions/security-guides/encrypted-secrets 25 | username: ${{ secrets.PUPPET_FORGE_USERNAME }} 26 | api_key: ${{ secrets.PUPPET_FORGE_API_KEY }} 27 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | 10 | 11 | ## Affected Puppet, Ruby, OS and module versions/distributions 12 | 13 | - Puppet: 14 | - Ruby: 15 | - Distribution: 16 | - Module version: 17 | 18 | ## How to reproduce (e.g Puppet code you use) 19 | 20 | ## What are you seeing 21 | 22 | ## What behaviour did you expect instead 23 | 24 | ## Output log 25 | 26 | ## Any additional information you'd like to impart 27 | -------------------------------------------------------------------------------- /manifests/backup.pp: -------------------------------------------------------------------------------- 1 | # @summary This class is called from gitlab for backup config. 2 | class gitlab::backup { 3 | $rake_exec = $gitlab::rake_exec 4 | $backup_cron_enable = $gitlab::backup_cron_enable 5 | $backup_cron_minute = $gitlab::backup_cron_minute 6 | $backup_cron_hour = $gitlab::backup_cron_hour 7 | if empty($gitlab::backup_cron_skips) { 8 | $backup_cron_skips = '' 9 | } else { 10 | $_backup_cron_skips = join($gitlab::backup_cron_skips, ',') 11 | $backup_cron_skips = "SKIP=${_backup_cron_skips}" 12 | } 13 | 14 | if $backup_cron_enable { 15 | cron { 'gitlab backup': 16 | command => "${rake_exec} gitlab:backup:create CRON=1 ${backup_cron_skips} 2>&1", 17 | hour => $backup_cron_hour, 18 | minute => $backup_cron_minute, 19 | } 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /Gemfile: -------------------------------------------------------------------------------- 1 | # Managed by modulesync - DO NOT EDIT 2 | # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/ 3 | 4 | source ENV['GEM_SOURCE'] || 'https://rubygems.org' 5 | 6 | group :test do 7 | gem 'voxpupuli-test', '~> 13.0', :require => false 8 | gem 'puppet_metadata', '~> 5.0', :require => false 9 | end 10 | 11 | group :development do 12 | gem 'guard-rake', :require => false 13 | gem 'overcommit', '>= 0.39.1', :require => false 14 | end 15 | 16 | group :system_tests do 17 | gem 'voxpupuli-acceptance', '~> 4.0', :require => false 18 | end 19 | 20 | group :release do 21 | gem 'voxpupuli-release', '~> 5.0', :require => false 22 | end 23 | 24 | gem 'rake', :require => false 25 | 26 | gem 'openvox', ENV.fetch('OPENVOX_GEM_VERSION', [">= 7", "< 9"]), :require => false, :groups => [:test] 27 | 28 | # vim: syntax=ruby 29 | -------------------------------------------------------------------------------- /.github/workflows/prepare_release.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Managed by modulesync - DO NOT EDIT 3 | # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/ 4 | 5 | name: 'Prepare Release' 6 | 7 | on: 8 | workflow_dispatch: 9 | inputs: 10 | version: 11 | description: 'Module version to be released. Must be a valid semver string without leading v. (1.2.3)' 12 | required: false 13 | 14 | permissions: 15 | contents: write 16 | pull-requests: write 17 | 18 | jobs: 19 | release_prep: 20 | uses: 'voxpupuli/gha-puppet/.github/workflows/prepare_release.yml@v3' 21 | with: 22 | version: ${{ github.event.inputs.version }} 23 | allowed_owner: 'voxpupuli' 24 | secrets: 25 | # Configure secrets here: 26 | # https://docs.github.com/en/actions/security-guides/encrypted-secrets 27 | github_pat: '${{ secrets.PCCI_PAT_RELEASE_PREP }}' 28 | -------------------------------------------------------------------------------- /tasks/postgres_upgrade.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | echo 'Checking pgsql version' 4 | CMD=$(gitlab-psql --version) 5 | echo "version is ${CMD##* }" 6 | #9.2.18 7 | if [[ ${CMD##* } == "9.2.18" ]]; then 8 | echo 'Version is below required for Gitlab 10+, checking...' 9 | DB_SIZE=$(du -sk /var/opt/gitlab/postgresql/data | awk '{print $1}') 10 | FREE=$(df -k /var/opt/gitlab/postgresql/data/ | tail -1 | awk '{print $4}') 11 | echo "Database size is: $DB_SIZE kb and freespace is $FREE kb" 12 | if (( DB_SIZE < FREE )); then 13 | echo 'Enough freespace available to proceed.' 14 | gitlab-ctl pg-upgrade 15 | echo 'Upgrade complete. Please verify everything is correct and then run the post_upgrade task.' 16 | else 17 | echo 'You need to have enough freespace for a second copy of the database. Please resolve and then re-run the task.' 18 | exit 1 19 | fi 20 | else 21 | echo 'Version is correct for Gitlab 10+, upgrade skipped...' 22 | fi 23 | -------------------------------------------------------------------------------- /spec/spec_helper.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | # Managed by modulesync - DO NOT EDIT 4 | # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/ 5 | 6 | # puppetlabs_spec_helper will set up coverage if the env variable is set. 7 | # We want to do this if lib exists and it hasn't been explicitly set. 8 | ENV['COVERAGE'] ||= 'yes' if Dir.exist?(File.expand_path('../lib', __dir__)) 9 | 10 | require 'voxpupuli/test/spec_helper' 11 | 12 | RSpec.configure do |c| 13 | c.facterdb_string_keys = false 14 | c.hiera_config = File.expand_path(File.join(__dir__, 'fixtures', 'hiera.yaml')) 15 | end 16 | 17 | add_mocked_facts! 18 | 19 | if File.exist?(File.join(__dir__, 'default_module_facts.yml')) 20 | facts = YAML.safe_load(File.read(File.join(__dir__, 'default_module_facts.yml'))) 21 | facts&.each do |name, value| 22 | add_custom_fact name.to_sym, value 23 | end 24 | end 25 | Dir['./spec/support/spec/**/*.rb'].sort.each { |f| require f } 26 | -------------------------------------------------------------------------------- /spec/spec_helper_acceptance.rb: -------------------------------------------------------------------------------- 1 | require 'voxpupuli/acceptance/spec_helper_acceptance' 2 | 3 | configure_beaker do |host| 4 | # The omnibus installer use the following algorithm to know what to do. 5 | # https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/runit/recipes/default.rb 6 | # If this peace of code trigger docker case, the installer hang indefinitly. 7 | pp = %( 8 | file {'/.dockerenv': 9 | ensure => absent, 10 | } 11 | package { ['curl']: 12 | ensure => present, 13 | } 14 | ) 15 | 16 | apply_manifest_on(host, pp, catch_failures: true) 17 | 18 | # https://gitlab.com/gitlab-org/omnibus-gitlab/issues/2229 19 | # There is no /usr/share/zoneinfo in latest Docker image for ubuntu 16.04 20 | # Gitlab installer fail without this file 21 | tzdata = %( 22 | package { ['tzdata']: 23 | ensure => present, 24 | } 25 | ) 26 | 27 | apply_manifest_on(host, tzdata, catch_failures: true) 28 | end 29 | -------------------------------------------------------------------------------- /.github/release.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Managed by modulesync - DO NOT EDIT 3 | # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/ 4 | 5 | # https://docs.github.com/en/repositories/releasing-projects-on-github/automatically-generated-release-notes 6 | 7 | changelog: 8 | exclude: 9 | labels: 10 | - duplicate 11 | - invalid 12 | - modulesync 13 | - question 14 | - skip-changelog 15 | - wont-fix 16 | - wontfix 17 | 18 | categories: 19 | - title: Breaking Changes 🛠 20 | labels: 21 | - backwards-incompatible 22 | 23 | - title: New Features 🎉 24 | labels: 25 | - enhancement 26 | 27 | - title: Bug Fixes 🐛 28 | labels: 29 | - bug 30 | 31 | - title: Documentation Updates 📚 32 | labels: 33 | - documentation 34 | - docs 35 | 36 | - title: Dependency Updates ⬆️ 37 | labels: 38 | - dependencies 39 | 40 | - title: Other Changes 41 | labels: 42 | - "*" 43 | -------------------------------------------------------------------------------- /Rakefile: -------------------------------------------------------------------------------- 1 | # Managed by modulesync - DO NOT EDIT 2 | # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/ 3 | 4 | begin 5 | require 'voxpupuli/test/rake' 6 | rescue LoadError 7 | # only available if gem group test is installed 8 | end 9 | 10 | begin 11 | require 'voxpupuli/acceptance/rake' 12 | rescue LoadError 13 | # only available if gem group acceptance is installed 14 | end 15 | 16 | begin 17 | require 'voxpupuli/release/rake_tasks' 18 | rescue LoadError 19 | # only available if gem group releases is installed 20 | else 21 | GCGConfig.user = 'voxpupuli' 22 | GCGConfig.project = 'puppet-gitlab' 23 | end 24 | 25 | desc "Run main 'test' task and report merged results to coveralls" 26 | task test_with_coveralls: [:test] do 27 | if Dir.exist?(File.expand_path('../lib', __FILE__)) 28 | require 'coveralls/rake/task' 29 | Coveralls::RakeTask.new 30 | Rake::Task['coveralls:push'].invoke 31 | else 32 | puts 'Skipping reporting to coveralls. Module has no lib dir' 33 | end 34 | end 35 | 36 | # vim: syntax=ruby 37 | -------------------------------------------------------------------------------- /manifests/install.pp: -------------------------------------------------------------------------------- 1 | # @summary This class is called from gitlab for install. 2 | class gitlab::install ( 3 | $package_name = $gitlab::package_name, 4 | $package_ensure = $gitlab::package_ensure, 5 | $package_hold = $gitlab::package_hold, 6 | $manage_package = $gitlab::manage_package, 7 | ) { 8 | assert_private() 9 | 10 | if $gitlab::manage_upstream_edition != 'disabled' { 11 | if $gitlab::edition { 12 | $_edition = $gitlab::edition 13 | } else { 14 | $_edition = $gitlab::manage_upstream_edition 15 | } 16 | 17 | $_package_name = "gitlab-${_edition}" 18 | } else { 19 | unless $package_name { 20 | fail('gitlab::package_name required when gitlab::manage_upstream_edition is `disabled`') 21 | } 22 | 23 | $_package_name = $package_name 24 | } 25 | 26 | if $manage_package { 27 | package { 'gitlab-omnibus': 28 | ensure => $package_ensure, 29 | name => $_package_name, 30 | mark => $package_hold, 31 | require => Class['gitlab::omnibus_package_repository'], 32 | } 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /.sync.yml: -------------------------------------------------------------------------------- 1 | --- 2 | .travis.yml: 3 | docker_sets: 4 | - set: centos6-64 5 | - set: centos7-64 6 | - set: centos8-64 7 | - set: debian9-64 8 | - set: debian10-64 9 | - set: ubuntu1604-64 10 | - set: ubuntu1804-64 11 | secure: "iStKD31BM2tH9V3IbVJ0BTekwPWwhZbj4rb+6Xiz44cL4pNTHX3ymiAmbGjP0tlVbkzr1+jgUiTXG7ubLG0lTr2mjbgmBWa8ZcyH933HTZ7pzwIUtBjKuZjHT9vG1qZ3MPLDgb9R/i1qRj9rk6pRNlAyhqk5B/ynmO1uzcPneQHo8wToN/WvFGQIw/9I/FFWQQO/6Ap9LpD7xSF5ZAcg94tMpTkBebEuibZOi3Ze5Ah3zf2vHOOFSRcTTrFynyn1mYkUFU1xaOuoqvyTp7Tv+M1+uB1zIXJSJ4oNNeWsC5mLkKz1UBT5GQN7CFaFLawmGqhLQx29sk483Y5+K1NIX8UST47oZFc+bTQjAWJPlVj16lMApB1AXBzov3Cdz3n7GOfZla4BK/2FLqXXbG2KLMMQS/dG3rnLFM4vCT3ED48ZIXV4mb+wpbiXPV4HlOhEbtMSNwXwgWzq3+9yn2PO0rrmGA8tYeY1+ffHoyYGu4aiXO6xzQE8Xbp4LqDeYzRRM078t5BlYyuaU6ZTYgCVFoS9weQETGD1soF8nRObD9Flk2kB+XRIaQytIkQwOR8B28Z44L4ha5syfqvNbuNcJWHvJJNkhT9WlfdcQdmTdIPhglrCGrPtiVp83Ictps6qL5mJRpWcVQarubOGac2YfWC6CBFvxgo7lMFSoYFR3gc=" 12 | spec/spec_helper.rb: 13 | hiera_config: "File.expand_path(File.join(__dir__, 'fixtures', 'hiera.yaml'))" 14 | 15 | .github/workflows/ci.yml: 16 | beaker_hypervisor: 'docker' 17 | -------------------------------------------------------------------------------- /spec/acceptance/gitlab_spec.rb: -------------------------------------------------------------------------------- 1 | require 'spec_helper_acceptance' 2 | 3 | describe 'gitlab class' do 4 | context 'default parameters' do 5 | it 'idempotently with no errors' do 6 | pp = <<-EOS 7 | class { 'gitlab': 8 | external_url => "http://${facts['networking']['fqdn']}", 9 | } 10 | EOS 11 | 12 | result = apply_manifest(pp, catch_failures: true) 13 | 14 | # gitlab-ctl reconfigure emits a warning if the LD_LIBRARY_PATH 15 | # is set, even if it is empty. 16 | expect(result.stdout).not_to match(%r{LD_LIBRARY_PATH was found}) 17 | 18 | apply_manifest(pp, catch_changes: true) 19 | 20 | shell('sleep 15') # give it some time to start up 21 | end 22 | 23 | describe package('gitlab-ce') do 24 | it { is_expected.to be_installed } 25 | end 26 | 27 | describe file('/etc/gitlab/initial_root_password') do 28 | it { is_expected.to be_file } 29 | its(:content) { is_expected.to match %r{^Password: ...................} } 30 | end 31 | 32 | describe command('curl -s -S http://127.0.0.1:80/users/sign_in') do 33 | its(:exit_status) { is_expected.to eq 0 } 34 | its(:stdout) { is_expected.to match %r{
} } 35 | end 36 | end 37 | end 38 | -------------------------------------------------------------------------------- /data/family/RedHat.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # From: https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/config_file.repo?os=centos&dist=7&source=script 4 | gitlab::repository_configuration: 5 | yumrepo: 6 | "gitlab_official_ce": 7 | ensure: 'present' 8 | descr: 'gitlab-ce' 9 | assumeyes: true 10 | enabled: 1 11 | baseurl: "https://packages.gitlab.com/gitlab/gitlab-ce/el/%{facts.os.release.major}/$basearch" 12 | gpgkey: "https://packages.gitlab.com/gitlab/gitlab-ce/gpgkey https://packages.gitlab.com/gitlab/gitlab-ce/gpgkey/gitlab-gitlab-ce-3D645A26AB9FBD22.pub.gpg https://packages.gitlab.com/gitlab/gitlab-ce/gpgkey/gitlab-gitlab-ce-CB947AD886C8E8FD.pub.gpg" 13 | gpgcheck: 1 14 | repo_gpgcheck: 1 15 | sslverify: 1 16 | "gitlab_official_ee": 17 | ensure: 'present' 18 | descr: 'gitlab-ee' 19 | assumeyes: true 20 | enabled: 1 21 | baseurl: "https://packages.gitlab.com/gitlab/gitlab-ee/el/%{facts.os.release.major}/$basearch" 22 | gpgkey: "https://packages.gitlab.com/gitlab/gitlab-ee/gpgkey https://packages.gitlab.com/gitlab/gitlab-ee/gpgkey/gitlab-gitlab-ee-3D645A26AB9FBD22.pub.gpg https://packages.gitlab.com/gitlab/gitlab-ee/gpgkey/gitlab-gitlab-ee-CB947AD886C8E8FD.pub.gpg" 23 | gpgcheck: 1 24 | repo_gpgcheck: 1 25 | sslverify: 1 26 | -------------------------------------------------------------------------------- /spec/defines/system_hook_spec.rb: -------------------------------------------------------------------------------- 1 | require 'spec_helper' 2 | 3 | describe 'gitlab::system_hook' do 4 | let(:title) { 'test-system-hook' } 5 | 6 | let(:pre_condition) do 7 | <<-MANIFEST 8 | class { 'gitlab': 9 | repository_configuration => {}, 10 | } 11 | MANIFEST 12 | end 13 | 14 | context 'with source' do 15 | let(:source) { 'puppet:///modules/my_module/file-hook' } 16 | let(:params) do 17 | { 18 | system_hooks_dir: '/custom/hooks/dir', 19 | source: source 20 | } 21 | end 22 | 23 | it { is_expected.to compile.with_all_deps } 24 | 25 | it do 26 | is_expected.to contain_file('/custom/hooks/dir'). 27 | with_ensure('directory') 28 | end 29 | 30 | it do 31 | is_expected.to contain_file("/custom/hooks/dir/#{title}"). 32 | with_ensure('file'). 33 | with_source(source) 34 | end 35 | end 36 | 37 | context 'with source' do 38 | let(:content) { "#!/usr/bin/env bash\ntest 0" } 39 | let(:params) do 40 | { 41 | system_hooks_dir: '/custom/hooks/dir', 42 | content: content 43 | } 44 | end 45 | 46 | it { is_expected.to compile.with_all_deps } 47 | 48 | it do 49 | is_expected.to contain_file('/custom/hooks/dir'). 50 | with_ensure('directory') 51 | end 52 | 53 | it do 54 | is_expected.to contain_file("/custom/hooks/dir/#{title}"). 55 | with_ensure('file'). 56 | with_content(content) 57 | end 58 | end 59 | end 60 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2015, VSHN AG, info@vshn.ch 2 | All rights reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without 5 | modification, are permitted provided that the following conditions are met: 6 | 7 | * Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | * Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation 12 | and/or other materials provided with the distribution. 13 | 14 | * Neither the name of VSHN nor the names of its 15 | contributors may be used to endorse or promote products derived from 16 | this software without specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 19 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 22 | FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23 | DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 24 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 25 | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 26 | OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 27 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | 29 | -------------------------------------------------------------------------------- /.overcommit.yml: -------------------------------------------------------------------------------- 1 | # Managed by modulesync - DO NOT EDIT 2 | # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/ 3 | # 4 | # Hooks are only enabled if you take action. 5 | # 6 | # To enable the hooks run: 7 | # 8 | # ``` 9 | # bundle exec overcommit --install 10 | # # ensure .overcommit.yml does not harm to you and then 11 | # bundle exec overcommit --sign 12 | # ``` 13 | # 14 | # (it will manage the .git/hooks directory): 15 | # 16 | # Examples howto skip a test for a commit or push: 17 | # 18 | # ``` 19 | # SKIP=RuboCop git commit 20 | # SKIP=PuppetLint git commit 21 | # SKIP=RakeTask git push 22 | # ``` 23 | # 24 | # Don't invoke overcommit at all: 25 | # 26 | # ``` 27 | # OVERCOMMIT_DISABLE=1 git commit 28 | # ``` 29 | # 30 | # Read more about overcommit: https://github.com/brigade/overcommit 31 | # 32 | # To manage this config yourself in your module add 33 | # 34 | # ``` 35 | # .overcommit.yml: 36 | # unmanaged: true 37 | # ``` 38 | # 39 | # to your modules .sync.yml config 40 | --- 41 | PreCommit: 42 | RuboCop: 43 | enabled: true 44 | description: 'Runs rubocop on modified files only' 45 | command: ['bundle', 'exec', 'rubocop'] 46 | RakeTarget: 47 | enabled: true 48 | description: 'Runs lint on modified files only' 49 | targets: 50 | - 'lint' 51 | command: ['bundle', 'exec', 'rake'] 52 | YamlSyntax: 53 | enabled: true 54 | JsonSyntax: 55 | enabled: true 56 | TrailingWhitespace: 57 | enabled: true 58 | 59 | PrePush: 60 | RakeTarget: 61 | enabled: true 62 | description: 'Run rake targets' 63 | targets: 64 | - 'validate' 65 | - 'test' 66 | - 'rubocop' 67 | command: ['bundle', 'exec', 'rake'] 68 | -------------------------------------------------------------------------------- /.rubocop_todo.yml: -------------------------------------------------------------------------------- 1 | # This configuration was generated by 2 | # `rubocop --auto-gen-config` 3 | # on 2022-12-13 08:48:17 UTC using RuboCop version 1.22.3. 4 | # The point is for the user to remove these configuration records 5 | # one by one as the offenses are removed from the code base. 6 | # Note that changes in the inspected code, or installation of new 7 | # versions of RuboCop, may require this file to be generated again. 8 | 9 | # Offense count: 2 10 | # Cop supports --auto-correct. 11 | # Configuration parameters: AllowConsecutiveOneLiners. 12 | RSpec/EmptyLineAfterExample: 13 | Exclude: 14 | - 'spec/classes/init_spec.rb' 15 | 16 | # Offense count: 30 17 | # Cop supports --auto-correct. 18 | RSpec/EmptyLineAfterExampleGroup: 19 | Exclude: 20 | - 'spec/classes/init_spec.rb' 21 | 22 | # Offense count: 2 23 | RSpec/RepeatedExampleGroupDescription: 24 | Exclude: 25 | - 'spec/defines/system_hook_spec.rb' 26 | 27 | # Offense count: 6 28 | # Cop supports --auto-correct. 29 | # Configuration parameters: EnforcedStyle. 30 | # SupportedStyles: always, always_true, never 31 | Style/FrozenStringLiteralComment: 32 | Exclude: 33 | - 'spec/acceptance/gitlab_spec.rb' 34 | - 'spec/classes/init_spec.rb' 35 | - 'spec/defines/global_hook_spec.rb' 36 | - 'spec/defines/system_hook_spec.rb' 37 | - 'spec/spec_helper_acceptance.rb' 38 | - 'spec/spec_helper_methods.rb' 39 | 40 | # Offense count: 47 41 | # Cop supports --auto-correct. 42 | Style/RedundantRegexpEscape: 43 | Exclude: 44 | - 'spec/classes/init_spec.rb' 45 | 46 | # Offense count: 1 47 | # Cop supports --auto-correct. 48 | # Configuration parameters: WordRegex. 49 | # SupportedStyles: percent, brackets 50 | Style/WordArray: 51 | EnforcedStyle: percent 52 | MinSize: 4 53 | -------------------------------------------------------------------------------- /spec/defines/global_hook_spec.rb: -------------------------------------------------------------------------------- 1 | require 'spec_helper' 2 | 3 | describe 'gitlab::global_hook' do 4 | let(:title) { 'test-hook' } 5 | 6 | let(:pre_condition) do 7 | <<-MANIFEST 8 | class { 'gitlab': 9 | repository_configuration => {}, 10 | } 11 | MANIFEST 12 | end 13 | 14 | ['post-receive', 'pre-receive', 'update'].each do |type| 15 | context "with type => #{type} and source" do 16 | let(:source) { 'puppet:///modules/my_module/post-receive' } 17 | let(:params) do 18 | { 19 | type: type, 20 | custom_hooks_dir: '/custom/hooks/dir', 21 | source: source 22 | } 23 | end 24 | 25 | it { is_expected.to compile } 26 | 27 | it do 28 | is_expected.to contain_file("/custom/hooks/dir/#{type}.d"). 29 | with_ensure('directory') 30 | end 31 | 32 | it do 33 | is_expected.to contain_file("/custom/hooks/dir/#{type}.d/#{title}"). 34 | with_ensure('file'). 35 | with_source(source) 36 | end 37 | end 38 | 39 | context "with type => #{type} and content" do 40 | let(:content) { "#!/usr/bin/env bash\ntest 0" } 41 | let(:params) do 42 | { 43 | type: type, 44 | custom_hooks_dir: '/custom/hooks/dir', 45 | content: content 46 | } 47 | end 48 | 49 | it { is_expected.to compile } 50 | 51 | it do 52 | is_expected.to contain_file("/custom/hooks/dir/#{type}.d"). 53 | with_ensure('directory') 54 | end 55 | 56 | it do 57 | is_expected.to contain_file("/custom/hooks/dir/#{type}.d/#{title}"). 58 | with_ensure('file'). 59 | with_content(content) 60 | end 61 | end 62 | end 63 | end 64 | -------------------------------------------------------------------------------- /metadata.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "puppet-gitlab", 3 | "version": "11.0.1-rc0", 4 | "author": "Vox Pupuli", 5 | "summary": "Installation and configuration of Gitlab Omnibus", 6 | "license": "BSD-3-Clause", 7 | "source": "https://github.com/voxpupuli/puppet-gitlab", 8 | "project_page": "https://github.com/voxpupuli/puppet-gitlab", 9 | "issues_url": "https://github.com/voxpupuli/puppet-gitlab/issues", 10 | "tags": [ 11 | "git", 12 | "gitlab" 13 | ], 14 | "dependencies": [ 15 | { 16 | "name": "puppetlabs/stdlib", 17 | "version_requirement": ">= 4.13.1 < 10.0.0" 18 | }, 19 | { 20 | "name": "puppetlabs/apt", 21 | "version_requirement": ">= 9.2.0 < 12.0.0" 22 | } 23 | ], 24 | "operatingsystem_support": [ 25 | { 26 | "operatingsystem": "RedHat", 27 | "operatingsystemrelease": [ 28 | "8", 29 | "9", 30 | "10" 31 | ] 32 | }, 33 | { 34 | "operatingsystem": "CentOS", 35 | "operatingsystemrelease": [ 36 | "9", 37 | "10" 38 | ] 39 | }, 40 | { 41 | "operatingsystem": "OracleLinux", 42 | "operatingsystemrelease": [ 43 | "8", 44 | "9", 45 | "10" 46 | ] 47 | }, 48 | { 49 | "operatingsystem": "AlmaLinux", 50 | "operatingsystemrelease": [ 51 | "8", 52 | "9", 53 | "10" 54 | ] 55 | }, 56 | { 57 | "operatingsystem": "Rocky", 58 | "operatingsystemrelease": [ 59 | "8", 60 | "9", 61 | "10" 62 | ] 63 | }, 64 | { 65 | "operatingsystem": "Debian", 66 | "operatingsystemrelease": [ 67 | "12", 68 | "13" 69 | ] 70 | }, 71 | { 72 | "operatingsystem": "Ubuntu", 73 | "operatingsystemrelease": [ 74 | "22.04", 75 | "24.04" 76 | ] 77 | } 78 | ], 79 | "requirements": [ 80 | { 81 | "name": "openvox", 82 | "version_requirement": ">= 8.19.0 < 9.0.0" 83 | } 84 | ] 85 | } 86 | -------------------------------------------------------------------------------- /manifests/system_hook.pp: -------------------------------------------------------------------------------- 1 | # @summary A file hook will run on each event so it's up to you to filter events or projects 2 | # within a file hook code. You can have as many file hooks as you want. Each file hook will 3 | # be triggered by GitLab asynchronously in case of an event. For a list of events 4 | # see the system hooks documentation. 5 | # 6 | # 7 | # @example System hook usage 8 | # gitlab::system_hook { 'my_system_hook': 9 | # type => 'post-receive', 10 | # source => 'puppet:///modules/my_module/post-receive', 11 | # } 12 | # 13 | # @param system_hooks_dir The GitLab shell repos path. This defaults to '/opt/gitlab/embedded/service/gitlab-rails/file_hooks' if not present. 14 | # @param content Specify the system hook contents either as a string or using the template function. If this paramter is specified source parameter must not be present. 15 | # @param source Specify a file source path to populate the system hook contents. If this paramter is specified content parameter must not be present. 16 | define gitlab::system_hook ( 17 | Stdlib::Absolutepath $system_hooks_dir = $gitlab::system_hooks_dir, 18 | Optional[String[1]] $content = undef, 19 | Optional[Pattern[/^puppet:/]] $source = undef, 20 | ) { 21 | if ! ($content) and ! ($source) { 22 | fail('gitlab::system_hook resource must specify either content or source') 23 | } 24 | 25 | if ($content) and ($source) { 26 | fail('gitlab::system_hook resource must specify either content or source, but not both') 27 | } 28 | 29 | File { 30 | owner => $gitlab::service_user, 31 | group => $gitlab::service_group, 32 | mode => '0755', 33 | } 34 | 35 | # Create the hook chain directory for this project, if it doesn't exist 36 | if !defined(File[$system_hooks_dir]) { 37 | file { $system_hooks_dir: 38 | ensure => directory, 39 | } 40 | } 41 | 42 | file { "${system_hooks_dir}/${name}": 43 | ensure => 'file', 44 | content => $content, 45 | source => $source, 46 | } 47 | } 48 | -------------------------------------------------------------------------------- /manifests/global_hook.pp: -------------------------------------------------------------------------------- 1 | # @summary Manage global chain loaded hook files for all GitLab projects. 2 | # Hooks can be created as a pre-receive, post-receive, or update hook. 3 | # It's possible to create multipe hooks per type as long as their names are unique. 4 | # Support for chained (global) hooks is introduced in GitLab Shell 4.1.0 and GitLab 8.15. 5 | # 6 | # @example Global hook usage 7 | # gitlab::custom_hook { 'my_custom_hook': 8 | # type => 'post-receive', 9 | # source => 'puppet:///modules/my_module/post-receive', 10 | # } 11 | # 12 | # @param type The custom hook type. Should be one of pre-receive, post-receive, or update. 13 | # @param custom_hooks_dir The GitLab shell repos path. This defaults to '/opt/gitlab/embedded/service/gitlab-shell/hooks' if not present. 14 | # @param content Specify the custom hook contents either as a string or using the template function. If this paramter is specified source parameter must not be present. 15 | # @param source Specify a file source path to populate the custom hook contents. If this paramter is specified content parameter must not be present. 16 | define gitlab::global_hook ( 17 | Enum['post-receive', 'pre-receive', 'update'] $type, 18 | Stdlib::Absolutepath $custom_hooks_dir = $gitlab::custom_hooks_dir, 19 | Optional[String[1]] $content = undef, 20 | Optional[Pattern[/^puppet:/]] $source = undef, 21 | ) { 22 | if ! ($content) and ! ($source) { 23 | fail('gitlab::custom_hook resource must specify either content or source') 24 | } 25 | 26 | if ($content) and ($source) { 27 | fail('gitlab::custom_hook resource must specify either content or source, but not both') 28 | } 29 | 30 | $hook_path = "${custom_hooks_dir}/${type}.d" 31 | 32 | File { 33 | owner => $gitlab::service_user, 34 | group => $gitlab::service_group, 35 | mode => '0755', 36 | } 37 | 38 | # Create the hook chain directory for this project, if it doesn't exist 39 | if !defined(File[$hook_path]) { 40 | file { $hook_path: 41 | ensure => directory, 42 | } 43 | } 44 | 45 | file { "${hook_path}/${name}": 46 | ensure => 'file', 47 | content => $content, 48 | source => $source, 49 | } 50 | } 51 | -------------------------------------------------------------------------------- /Vagrantfile: -------------------------------------------------------------------------------- 1 | # -*- mode: ruby -*- 2 | # vi: set ft=ruby : 3 | 4 | Vagrant.configure("2") do |config| 5 | # All Vagrant configuration is done here. The most common configuration 6 | # options are documented and commented below. For a complete reference, 7 | # please see the online documentation at vagrantup.com. 8 | 9 | config.vm.provider "virtualbox" do |vb| 10 | vb.customize ["modifyvm", :id, "--memory", 1024] 11 | vb.customize ["modifyvm", :id, "--cpus", "2"] 12 | vb.customize ["modifyvm", :id, "--ioapic", "on"] #http://geekbacon.com/2013/02/26/cannot-set-more-than-1-cpu-in-vagrant/ 13 | end 14 | 15 | config.vm.hostname ="gitlab-test" 16 | config.vm.network :private_network, ip: "192.168.33.10" 17 | config.vm.synced_folder ".", "/etc/puppet/modules/gitlab" 18 | 19 | # Add the puppetlabs stdlib module 20 | # Install it to non default path, since /etc/puppet/modules is linked to the host file system 21 | config.vm.provision "shell", 22 | inline: "puppet module install puppetlabs/stdlib --modulepath=/usr/share/puppet/modules" 23 | 24 | # Centos 6 25 | config.vm.define "centos", primary: true do |centosbox| 26 | centosbox.vm.box = "centos-6_5-x64-virtualbox_4_3-plain" 27 | centosbox.vm.box_url = "http://puppet-vagrant-boxes.puppetlabs.com/centos-65-x64-virtualbox-puppet.box" 28 | end 29 | 30 | # Ubuntu 12.04 31 | config.vm.define "ubuntu", autostart: false do |ubuntubox| 32 | ubuntubox.vm.box = "ubuntu-12_04-x64-virtualbox_4_2_10-plain" 33 | ubuntubox.vm.box_url = "http://puppet-vagrant-boxes.puppetlabs.com/ubuntu-server-12042-x64-vbox4210.box" 34 | end 35 | 36 | # Sles 11 SP1 37 | config.vm.define "sles", autostart: false do |slesbox| 38 | slesbox.vm.box = "sles-11_sp1-x64-virtualbox_4_2_10-plain" 39 | slesbox.vm.box_url = "http://puppet-vagrant-boxes.puppetlabs.com/sles-11sp1-x64-vbox4210.box" 40 | end 41 | 42 | # Debian 7 43 | config.vm.define "debian", autostart: false do |debianbox| 44 | debianbox.vm.box = "debian-7_3-x64-virtualbox_4_3-plain" 45 | debianbox.vm.box_url = "http://puppet-vagrant-boxes.puppetlabs.com/debian-73-x64-virtualbox-puppet.box" 46 | end 47 | 48 | # Oracle Linux 6.5 49 | config.vm.define "oraclelinux6", autostart: false do |oraclelinuxbox| 50 | oraclelinuxbox.vm.box = "oraclelinux-6_5-x64-virtualbox_4_3-plain" 51 | oraclelinuxbox.vm.box_url = "https://storage.us2.oraclecloud.com/v1/istoilis-istoilis/vagrant/oel65-64.box" 52 | end 53 | 54 | end 55 | -------------------------------------------------------------------------------- /manifests/service.pp: -------------------------------------------------------------------------------- 1 | # @summary This class is meant to be called from gitlab. It ensure the service is running. 2 | # 3 | # @param service_ensure Should Puppet start the service? 4 | # @param service_enable Run the system service on boot. 5 | # @param service_name Name of the system service. 6 | # @param service_exec The service executable path. Provide this variable value only if the service executable path would be a subject of change in future GitLab versions for any reason. 7 | # @param service_manage Should Puppet manage the service? 8 | # @param service_provider_restart Should Puppet restart the gitlab systemd service? 9 | # @param skip_post_deployment_migrations Adds SKIP_POST_DEPLOYMENT_MIGRATIONS=true to the execution of gitlab-ctl reconfigure. Used for zero-downtime updates 10 | class gitlab::service ( 11 | $service_ensure = $gitlab::service_ensure, 12 | $service_enable = $gitlab::service_enable, 13 | $service_name = $gitlab::service_name, 14 | $service_exec = $gitlab::service_exec, 15 | $service_manage = $gitlab::service_manage, 16 | $service_provider_restart = $gitlab::service_provider_restart, 17 | $skip_post_deployment_migrations = $gitlab::skip_post_deployment_migrations, 18 | ) { 19 | if $service_manage { 20 | $restart = "${service_exec} restart" 21 | $start = "${service_exec} start" 22 | $stop = "${service_exec} stop" 23 | $status = "${service_exec} status" 24 | 25 | service { $service_name: 26 | ensure => $service_ensure, 27 | enable => $service_enable, 28 | restart => $restart, 29 | start => $start, 30 | stop => $stop, 31 | status => $status, 32 | hasstatus => true, 33 | hasrestart => true, 34 | } 35 | } 36 | 37 | $reconfigure_attributes = { 38 | command => '/bin/sh -c "unset LD_LIBRARY_PATH; /usr/bin/gitlab-ctl reconfigure"', 39 | refreshonly => true, 40 | timeout => 1800, 41 | logoutput => true, 42 | tries => 5, 43 | subscribe => Class['gitlab::omnibus_config'], 44 | require => Class['gitlab::install'], 45 | } 46 | 47 | if $skip_post_deployment_migrations { 48 | $_reconfigure_attributes = $reconfigure_attributes + { environment => ['SKIP_POST_DEPLOYMENT_MIGRATIONS=true'] } 49 | } else { 50 | $_reconfigure_attributes = $reconfigure_attributes 51 | } 52 | 53 | if ($service_manage and $service_provider_restart) { 54 | #lint:ignore:exec_idempotency 55 | exec { 'gitlab_reconfigure': 56 | notify => Service[$service_name], 57 | * => $_reconfigure_attributes, 58 | } 59 | #lint:endignore 60 | } else { 61 | #lint:ignore:exec_idempotency 62 | exec { 'gitlab_reconfigure': 63 | * => $_reconfigure_attributes, 64 | } 65 | #lint:endignore 66 | } 67 | } 68 | -------------------------------------------------------------------------------- /manifests/omnibus_package_repository.pp: -------------------------------------------------------------------------------- 1 | # @summary This class is used to configure gitlab repositories 2 | # 3 | # @param repository_configuration A hash of repository types and attributes for configuraiton the gitlab package repositories. See docs in README.md 4 | # @param manage_omnibus_repository Set to false if you wish to manage gitlab without configuring the package repository 5 | # @param manage_upstream_edition One of [ 'ce', 'ee', 'disabled' ]. Manage the installation of an upstream Gitlab Omnibus edition to install. 6 | class gitlab::omnibus_package_repository ( 7 | $repository_configuration = $gitlab::repository_configuration, 8 | $manage_omnibus_repository = $gitlab::manage_omnibus_repository, 9 | $manage_upstream_edition = $gitlab::manage_upstream_edition, 10 | ) { 11 | if $manage_omnibus_repository { 12 | if $gitlab::edition { 13 | $_edition = $gitlab::edition 14 | notify { 'gitlab::edition is deprecated': 15 | message => 'gitlab::edition has been deprecated, use gitlab::manage_upstream_edition instead', 16 | } 17 | } else { 18 | $_edition = $manage_upstream_edition 19 | } 20 | 21 | if $_edition == 'disabled' { 22 | $_repository_configuration = $repository_configuration 23 | } else { 24 | # if we manage the repositories, adjust the ensure => present/absent 25 | # attributes according to the desired edition. 26 | $_repository_configuration = $repository_configuration.reduce ({}) | $_memo, $_pair1 | { 27 | # yumrepo => ... 28 | [$_rsc_type, $_repo_hash] = $_pair1 29 | 30 | $_mapped_repo_hash = $_repo_hash.reduce ({}) | $_memo, $_pair2 | { 31 | # gitlab_official_ce => ... 32 | [$_repo_name, $_repo_attrs,] = $_pair2 33 | 34 | if $_repo_name == "gitlab_official_${_edition}" { 35 | $_ensure = 'present' 36 | } else { 37 | $_ensure = 'absent' 38 | } 39 | 40 | $_memo + { $_repo_name => $_repo_attrs + { ensure => $_ensure } } 41 | } 42 | 43 | $_memo + { $_rsc_type => $_mapped_repo_hash } 44 | } 45 | } 46 | 47 | # common attributes for all repository configuration resources 48 | # ensures correct ordering regardless of the number or configuration 49 | # of repository related resources 50 | $resource_defaults = { 51 | tag => 'gitlab_omnibus_repository_resource', 52 | before => Class['gitlab::install'], 53 | } 54 | 55 | # create all the repository resources 56 | $_repository_configuration.each() | String $resource_type, Hash $resources | { 57 | if downcase($resource_type) == 'apt::source' { 58 | Class['Apt::Update'] -> Class['gitlab::install'] 59 | } 60 | create_resources($resource_type, $resources, $resource_defaults) 61 | } 62 | } 63 | } 64 | -------------------------------------------------------------------------------- /spec/defines/custom_hook_spec.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'spec_helper' 4 | 5 | describe 'gitlab::custom_hook' do 6 | let(:title) { 'test-hook' } 7 | 8 | let(:pre_condition) do 9 | <<-MANIFEST 10 | class { 'gitlab': 11 | repository_configuration => {}, 12 | } 13 | MANIFEST 14 | end 15 | 16 | ['post-receive', 'pre-receive', 'update'].each do |type| 17 | context "with type => #{type} and source" do 18 | let(:source) { 'puppet:///modules/my_module/post-receive' } 19 | let(:params) do 20 | { 21 | type: type, 22 | repos_path: '/custom/hooks/dir', 23 | source: source, 24 | namespace: 'foo', 25 | project: 'bar' 26 | } 27 | end 28 | 29 | it { is_expected.to compile } 30 | 31 | it do 32 | is_expected.to contain_file('/custom/hooks/dir/foo/bar.git/custom_hooks'). 33 | with_ensure('directory') 34 | end 35 | 36 | it do 37 | is_expected.to contain_file("/custom/hooks/dir/foo/bar.git/custom_hooks/#{type}"). 38 | with_ensure('file'). 39 | with_source(source) 40 | end 41 | end 42 | 43 | context "with type => #{type} and content" do 44 | let(:content) { "#!/usr/bin/env bash\ntest 0" } 45 | let(:params) do 46 | { 47 | type: type, 48 | repos_path: '/custom/hooks/dir', 49 | content: content, 50 | namespace: 'foo', 51 | project: 'bar' 52 | } 53 | end 54 | 55 | it { is_expected.to compile } 56 | 57 | it do 58 | is_expected.to contain_file('/custom/hooks/dir/foo/bar.git/custom_hooks'). 59 | with_ensure('directory') 60 | end 61 | 62 | it do 63 | is_expected.to contain_file("/custom/hooks/dir/foo/bar.git/custom_hooks/#{type}"). 64 | with_ensure('file'). 65 | with_content(content) 66 | end 67 | end 68 | 69 | context "with type => #{type} and project hash" do 70 | let(:content) { "#!/usr/bin/env bash\ntest 0" } 71 | let(:params) do 72 | { 73 | type: type, 74 | repos_path: '/custom/hooks/dir', 75 | content: content, 76 | hashed_storage: true, 77 | project: '6e4001871c0cf27c7634ef1dc478408f642410fd3a444e2a88e301f5c4a35a4d' 78 | } 79 | end 80 | 81 | it { is_expected.to compile } 82 | 83 | it do 84 | is_expected.to contain_file('/custom/hooks/dir/@hashed/6e/40/6e4001871c0cf27c7634ef1dc478408f642410fd3a444e2a88e301f5c4a35a4d.git/custom_hooks'). 85 | with_ensure('directory') 86 | end 87 | 88 | it do 89 | is_expected.to contain_file("/custom/hooks/dir/@hashed/6e/40/6e4001871c0cf27c7634ef1dc478408f642410fd3a444e2a88e301f5c4a35a4d.git/custom_hooks/#{type}"). 90 | with_ensure('file'). 91 | with_content(content) 92 | end 93 | end 94 | 95 | context "with type => #{type} and project id" do 96 | let(:content) { "#!/usr/bin/env bash\ntest 0" } 97 | let(:params) do 98 | { 99 | type: type, 100 | repos_path: '/custom/hooks/dir', 101 | content: content, 102 | hashed_storage: true, 103 | project: 93 104 | } 105 | end 106 | 107 | it { is_expected.to compile } 108 | 109 | it do 110 | is_expected.to contain_file('/custom/hooks/dir/@hashed/6e/40/6e4001871c0cf27c7634ef1dc478408f642410fd3a444e2a88e301f5c4a35a4d.git/custom_hooks'). 111 | with_ensure('directory') 112 | end 113 | 114 | it do 115 | is_expected.to contain_file("/custom/hooks/dir/@hashed/6e/40/6e4001871c0cf27c7634ef1dc478408f642410fd3a444e2a88e301f5c4a35a4d.git/custom_hooks/#{type}"). 116 | with_ensure('file'). 117 | with_content(content) 118 | end 119 | end 120 | end 121 | end 122 | -------------------------------------------------------------------------------- /manifests/custom_hook.pp: -------------------------------------------------------------------------------- 1 | # @summary Manage custom hook files within a GitLab project. 2 | # Custom hooks can be created as a pre-receive, post-receive, or update hook. 3 | # Only one of each is currently supported by this module. 4 | # 5 | # @example Custom hook usage 6 | # gitlab::custom_hook { 'my_custom_hook': 7 | # namespace => 'my_group', 8 | # project => 'my_project', 9 | # type => 'post-receive', 10 | # source => 'puppet:///modules/my_module/post-receive', 11 | # } 12 | # 13 | # @example Calculate hashed storage path 14 | # gitlab::custom_hook { 'my_custom_hook': 15 | # project => 93, 16 | # hashed_storage => true, 17 | # type => 'post-receive', 18 | # source => 'puppet:///modules/my_module/post-receive', 19 | # } 20 | # # Hook path will be `@hashed/6e/40/6e4001871c0cf27c7634ef1dc478408f642410fd3a444e2a88e301f5c4a35a4d` 21 | # 22 | # @param project The GitLab project name, or the hashed directory name or project ID number 23 | # @param namespace The GitLab group namespace for the project. 24 | # @param type The custom hook type. Should be one of pre-receive, post-receive, or update. 25 | # @param content Specify the custom hook contents either as a string or using the template function. If this paramter is specified source parameter must not be present. 26 | # @param source Specify a file source path to populate the custom hook contents. If this paramter is specified content parameter must not be present. 27 | # @param repos_path The GitLab shell repos path. This defaults to '/var/opt/gitlab/git-data/repositories' if not present. 28 | # @param hashed_storage Whether to treat the project name as a hashed storage directory name or ID number 29 | # 30 | define gitlab::custom_hook ( 31 | Variant[String,Integer] $project, 32 | Enum['update', 'post-receive', 'pre-receive'] $type, 33 | Optional[String] $namespace = undef, 34 | Optional[String] $content = undef, 35 | Optional[String] $source = undef, 36 | Optional[Stdlib::Absolutepath] $repos_path = undef, 37 | Boolean $hashed_storage = false, 38 | ) { 39 | if $repos_path { 40 | $_repos_path = $repos_path 41 | } elsif $gitlab::git_data_dir { 42 | $_repos_path = "${gitlab::git_data_dir}/repositories" 43 | } else { 44 | $_repos_path = '/var/opt/gitlab/git-data/repositories' 45 | } 46 | 47 | if ! ($content) and ! ($source) { 48 | fail("gitlab::custom_hook[${name}]: Must specify either content or source") 49 | } 50 | 51 | if ($content) and ($source) { 52 | fail("gitlab::custom_hook[${name}]: Must specify either content or source, but not both") 53 | } 54 | 55 | if ! ($hashed_storage) and ! ($namespace) { 56 | fail("gitlab::custom_hook[${name}]: Must specify either namespace or hashed_storage") 57 | } 58 | 59 | if ($hashed_storage) and ($namespace) { 60 | fail("gitlab::custom_hook[${name}]: Must specify either namespace or hashed_storage, but not both") 61 | } 62 | 63 | if ($namespace) { 64 | $hook_path = "${_repos_path}/${namespace}/${project}.git/custom_hooks" 65 | } elsif ($hashed_storage) { 66 | if ($project.is_a(Integer)) { 67 | $_project_hash = sha256(String($project)) 68 | } else { 69 | $_project_hash = $project 70 | } 71 | 72 | if ($_project_hash.length != 64) { 73 | fail("gitlab::custom_hook[${name}]: Invalid project hash ${_project_hash}") 74 | } 75 | 76 | $hook_path = "${_repos_path}/@hashed/${_project_hash[0,2]}/${_project_hash[2,2]}/${_project_hash}.git/custom_hooks" 77 | } 78 | 79 | File { 80 | owner => $gitlab::service_user, 81 | group => $gitlab::service_group, 82 | mode => '0755', 83 | } 84 | 85 | # Create the custom_hooks directory for this project, if it doesn't exist 86 | if !defined(File[$hook_path]) { 87 | file { $hook_path: 88 | ensure => directory, 89 | } 90 | } 91 | 92 | file { "${hook_path}/${type}": 93 | ensure => file, 94 | content => $content, 95 | source => $source, 96 | } 97 | } 98 | -------------------------------------------------------------------------------- /manifests/host_config.pp: -------------------------------------------------------------------------------- 1 | # @summary This class is for setting host configurations required for gitlab installation. 2 | # 3 | # @param config_dir The service executable path. Provide this variable value only if the service executable path would be a subject of change in future GitLab versions for any reason. 4 | # @param skip_auto_migrations Deprecated if using Gitlab > 10.6.4 and < 11.0.0, unsupported by gitlab omnibus using gitlab 11+. Use skip_auto_reconfigure 5 | # @param skip_auto_reconfigure Utilized for Zero Downtime Updates, See: https://docs.gitlab.com/omnibus/update/README.html#zero-downtime-updates 6 | # @param store_git_keys_in_db Enable or disable Fast Lookup of authorized SSH keys in the database. See: https://docs.gitlab.com/ee/administration/operations/fast_ssh_key_lookup.html 7 | # @param pgpass_file_ensure Create .pgpass file for pgbouncer authentication. When set to present requires valid value for pgbouncer_password. 8 | # @param pgpass_file_location Path to location of .pgpass file used by consul to authenticate with pgbouncer database 9 | # @param pgbouncer_password Password for the gitlab-consul database user in the pgbouncer database 10 | class gitlab::host_config ( 11 | $config_dir = '/etc/gitlab', 12 | $skip_auto_migrations = $gitlab::skip_auto_migrations, 13 | $skip_auto_reconfigure = $gitlab::skip_auto_reconfigure, 14 | $store_git_keys_in_db = $gitlab::store_git_keys_in_db, 15 | $pgpass_file_ensure = $gitlab::pgpass_file_ensure, 16 | $pgpass_file_location = $gitlab::pgpass_file_location, 17 | $pgbouncer_password = $gitlab::pgbouncer_password, 18 | ) { 19 | file { $config_dir: 20 | ensure => 'directory', 21 | owner => 'root', 22 | group => 'root', 23 | mode => '0775', 24 | } 25 | 26 | # Deprecation notice: 27 | # skip_auto_migrations is deprecated and will be removed at some point after 28 | # GitLab 11.0 is released 29 | $skip_auto_migrations_deprecation_msg = "DEPRECTATION: 'skip_auto_migrations' is deprecated if using GitLab 10.6 or greater. Set skip_auto_reconfigure instead" 30 | $skip_auto_reconfigure_attributes = { 31 | owner => 'root', 32 | group => 'root', 33 | mode => '0644', 34 | } 35 | 36 | if $skip_auto_migrations != undef { 37 | notify { $skip_auto_migrations_deprecation_msg: } 38 | 39 | $_skip_auto_migrations_ensure = $skip_auto_migrations ? { 40 | true => 'present', 41 | default => 'absent', 42 | } 43 | 44 | file { '/etc/gitlab/skip-auto-migrations': 45 | ensure => $_skip_auto_migrations_ensure, 46 | * => $skip_auto_reconfigure_attributes, 47 | } 48 | } 49 | 50 | file { '/etc/gitlab/skip-auto-reconfigure': 51 | ensure => $skip_auto_reconfigure, 52 | * => $skip_auto_reconfigure_attributes, 53 | } 54 | 55 | if $store_git_keys_in_db != undef { 56 | $_store_git_keys_in_db = $store_git_keys_in_db ? { 57 | true => 'file', 58 | default => 'absent', 59 | } 60 | 61 | $opt_gitlab_shell_dir = $store_git_keys_in_db ? { 62 | true => 'directory', 63 | default => 'absent' 64 | } 65 | 66 | file { '/opt/gitlab-shell': 67 | ensure => $opt_gitlab_shell_dir, 68 | owner => 'root', 69 | group => 'git', 70 | } 71 | 72 | file { '/opt/gitlab-shell/authorized_keys': 73 | ensure => $_store_git_keys_in_db, 74 | owner => 'root', 75 | group => 'git', 76 | mode => '0650', 77 | source => 'puppet:///modules/gitlab/gitlab_shell_authorized_keys', 78 | } 79 | } 80 | 81 | if ($pgpass_file_ensure == 'present' and $pgbouncer_password == undef) { 82 | fail('A password must be provided to pgbouncer_password if pgpass_file_attrs[ensure] is \'present\'') 83 | } elsif ($pgpass_file_ensure == 'absent') { 84 | file { $pgpass_file_location: 85 | ensure => 'absent', 86 | } 87 | } else { 88 | # owner,group params for pgpass_file should NOT be changed, as they are hardcoded into gitlab HA db schema for pgbouncer database template 89 | file { $pgpass_file_location: 90 | ensure => $pgpass_file_ensure, 91 | owner => 'gitlab-consul', 92 | group => 'gitlab-consul', 93 | content => epp('gitlab/.pgpass.epp', { 94 | 'pgbouncer_password' => $pgbouncer_password, 95 | }), 96 | } 97 | } 98 | 99 | include gitlab::backup 100 | } 101 | -------------------------------------------------------------------------------- /manifests/omnibus_config.pp: -------------------------------------------------------------------------------- 1 | # @summary This class is used to configure the gitlab omnibus package on a node 2 | # 3 | # @param config_manage Should Puppet manage the config? 4 | # @param config_file Path of the Gitlab Omnibus config file. 5 | class gitlab::omnibus_config ( 6 | $config_manage = $gitlab::config_manage, 7 | $config_file = $gitlab::config_file 8 | ) { 9 | # get variables from the toplevel manifest for usage in the template 10 | $alertmanager = $gitlab::alertmanager 11 | $ci_redis = $gitlab::ci_redis 12 | $ci_unicorn = $gitlab::ci_unicorn 13 | $consul = $gitlab::consul 14 | $external_url = $gitlab::external_url 15 | $external_port = $gitlab::external_port 16 | $geo_postgresql = $gitlab::geo_postgresql 17 | $geo_logcursor = $gitlab::geo_logcursor 18 | $geo_primary_role = $gitlab::geo_primary_role 19 | $geo_secondary = $gitlab::geo_secondary 20 | $geo_secondary_role = $gitlab::geo_secondary_role 21 | $git = $gitlab::git 22 | $gitaly = $gitlab::gitaly 23 | $git_data_dirs = $gitlab::git_data_dirs 24 | $gitlab_git_http_server = $gitlab::gitlab_git_http_server 25 | $gitlab_ci = $gitlab::gitlab_ci 26 | $gitlab_kas = $gitlab::gitlab_kas 27 | $gitlab_pages = $gitlab::gitlab_pages 28 | $gitlab_rails = $gitlab::gitlab_rails 29 | $gitlab_sshd = $gitlab::gitlab_sshd 30 | $grafana = $gitlab::grafana 31 | $high_availability = $gitlab::high_availability 32 | $letsencrypt = $gitlab::letsencrypt 33 | $package = $gitlab::package 34 | $logging = $gitlab::logging 35 | $logrotate = $gitlab::logrotate 36 | $manage_storage_directories = $gitlab::manage_storage_directories 37 | $manage_accounts = $gitlab::manage_accounts 38 | $mattermost = $gitlab::mattermost 39 | $mattermost_external_url = $gitlab::mattermost_external_url 40 | $mattermost_nginx = $gitlab::mattermost_nginx 41 | $mattermost_nginx_eq_nginx = $gitlab::mattermost_nginx_eq_nginx 42 | $nginx = $gitlab::nginx 43 | $node_exporter = $gitlab::node_exporter 44 | $redis_exporter = $gitlab::redis_exporter 45 | $postgres_exporter = $gitlab::postgres_exporter 46 | $pgbouncer_exporter = $gitlab::pgbouncer_exporter 47 | $gitlab_monitor = $gitlab::gitlab_monitor 48 | $gitlab_exporter = $gitlab::gitlab_exporter 49 | $pages_external_url = $gitlab::pages_external_url 50 | $pages_nginx = $gitlab::pages_nginx 51 | $pages_nginx_eq_nginx = $gitlab::pages_nginx_eq_nginx 52 | $pgbouncer = $gitlab::pgbouncer 53 | $praefect = $gitlab::praefect 54 | $postgresql = $gitlab::postgresql 55 | $prometheus = $gitlab::prometheus 56 | $prometheus_monitoring_enable = $gitlab::prometheus_monitoring_enable 57 | $redis = $gitlab::redis 58 | $redis_master_role = $gitlab::redis_master_role 59 | $redis_slave_role = $gitlab::redis_slave_role 60 | $redis_sentinel_role = $gitlab::redis_sentinel_role 61 | $registry = $gitlab::registry 62 | $registry_nginx = $gitlab::registry_nginx 63 | $registry_nginx_eq_nginx = $gitlab::registry_nginx_eq_nginx 64 | $registry_external_url = $gitlab::registry_external_url 65 | $repmgr = $gitlab::repmgr 66 | $sentinel = $gitlab::sentinel 67 | $service_group = $gitlab::service_group 68 | $service_user = $gitlab::service_user 69 | $rake_exec = $gitlab::rake_exec 70 | $shell = $gitlab::shell 71 | $sidekiq = $gitlab::sidekiq 72 | $sidekiq_cluster = $gitlab::sidekiq_cluster 73 | $source_config_file = $gitlab::source_config_file 74 | $unicorn = $gitlab::unicorn 75 | $puma = $gitlab::puma 76 | $gitlab_workhorse = $gitlab::gitlab_workhorse 77 | $user = $gitlab::user 78 | $web_server = $gitlab::web_server 79 | $roles = $gitlab::roles 80 | 81 | # replicate $nginx to $mattermost_nginx if $mattermost_nginx_eq_nginx true 82 | if $mattermost_nginx_eq_nginx { 83 | $_real_mattermost_nginx = $nginx 84 | } else { 85 | $_real_mattermost_nginx = $mattermost_nginx 86 | } 87 | 88 | # replicate $nginx to $pages_nginx if $pages_nginx_eq_nginx true 89 | if $pages_nginx_eq_nginx { 90 | $_real_pages_nginx = $nginx 91 | } else { 92 | $_real_pages_nginx = $pages_nginx 93 | } 94 | 95 | # replicate $nginx to $registry_nginx if $registry_nginx_eq_nginx true 96 | if $registry_nginx_eq_nginx { 97 | $_real_registry_nginx = $nginx 98 | } else { 99 | $_real_registry_nginx = $registry_nginx 100 | } 101 | 102 | # Throw deprecation warning if gitlab_monitor is used 103 | if $gitlab_monitor { 104 | notify { "DEPRECTATION: 'gitlab_monitor' is deprecated if using GitLab 12.3 or greater. Set 'gitlab_exporter' instead": } 105 | } 106 | 107 | # attributes shared by all config files used by omnibus package 108 | $config_file_attributes = { 109 | ensure => 'present', 110 | owner => $service_user, 111 | group => $service_group, 112 | mode => '0600', 113 | } 114 | 115 | if $config_manage { 116 | if $source_config_file { 117 | file { $config_file: 118 | * => $config_file_attributes, 119 | source => $source_config_file, 120 | } 121 | } else { 122 | file { $config_file: 123 | * => $config_file_attributes, 124 | content => template('gitlab/gitlab.rb.erb'); 125 | } 126 | } 127 | } 128 | } 129 | -------------------------------------------------------------------------------- /manifests/init.pp: -------------------------------------------------------------------------------- 1 | # @summary This module installs and configures Gitlab with the Omnibus package. 2 | # 3 | # @param package_ensure Can be used to choose exact package version to install. 4 | # @param service_name Name of the system service. 5 | # @param service_enable Run the system service on boot. 6 | # @param service_exec The service executable path. Provide this variable value only if the service executable path would be a subject of change in future GitLab versions for any reason. 7 | # @param service_ensure Should Puppet start the service? 8 | # @param service_manage Should Puppet manage the service? 9 | # @param service_provider_restart Should Puppet restart the gitlab systemd service? 10 | # @param service_user Owner of the config file. 11 | # @param service_group Group of the config file. 12 | # @param rake_exec The gitlab-rake executable path. You should not need to change this path. 13 | # @param edition **Deprecated**: See `manage_upstream_edition` 14 | # @param manage_upstream_edition One of [ 'ce', 'ee', 'disabled' ]. Manage the installation of an upstream Gitlab Omnibus edition to install. 15 | # @param config_manage Should Puppet manage the config? 16 | # @param config_file Path of the Gitlab Omnibus config file. 17 | # @param alertmanager Hash of 'alertmanager' config parameters. 18 | # @param ci_redis Hash of 'ci_redis' config parameters. 19 | # @param ci_unicorn Hash of 'ci_unicorn' config parameters. 20 | # @param external_url External URL of Gitlab. 21 | # @param external_port External PORT of Gitlab. 22 | # @param geo_postgresql Hash of 'geo_postgresql' config parameters. 23 | # @param geo_logcursor Hash of 'geo_logcursor' config parameters. 24 | # @param geo_primary_role Boolean to enable Geo primary role 25 | # @param geo_secondary Hash of 'geo_secondary' config parameters. 26 | # @param geo_secondary_role Boolean to enable Geo secondary role 27 | # @param git Hash of 'omnibus_gitconfig' config parameters. 28 | # @param gitaly Hash of 'omnibus_gitconfig' config parameters. 29 | # @param git_data_dirs Hash of git data directories 30 | # 31 | # **Deprecated**: This option was removed in Gitlab 18. 32 | # 33 | # To configure the storage location for a Gitaly node: 34 | # ```patch 35 | # - git_data_dirs => { 36 | # - 'default' => { 'path' => '/mnt/example/git-data'}, 37 | # - }, 38 | # + gitaly => { 39 | # + configuration => { 40 | # + 'storage' => [ 41 | # + { 42 | # + 'name' => 'default', 43 | # + 'path' => '/mnt/example/git-data/repositories', 44 | # + }, 45 | # + ], 46 | # + }, 47 | # + }, 48 | # ``` 49 | # 50 | # To configure the storage location for other nodes: 51 | # ```patch 52 | # - git_data_dirs => { 53 | # - 'default' => { 'gitaly_address' => 'tcp://gitaly1.internal:8075'}, 54 | # - }, 55 | # + gitlab_rails => { 56 | # + repositories_storages => { 57 | # + 'default' => { 'gitaly_address' => 'tcp://gitaly1.internal:8075'}, 58 | # + }, 59 | # + }, 60 | # ``` 61 | # @param gitlab_git_http_server Hash of 'gitlab_git_http_server' config parameters. 62 | # @param gitlab_ci Hash of 'gitlab_ci' config parameters. 63 | # @param gitlab_kas Hash of 'gitlab_kas' config parameters. 64 | # @param gitlab_pages Hash of 'gitlab_pages' config parameters. 65 | # @param gitlab_rails Hash of 'gitlab_pages' config parameters. 66 | # @param gitlab_sshd Hash of 'gitlab_sshd' config parameters. 67 | # @param gitlab_workhorse Hash of 'gitlab_workhorse' config parameters. 68 | # @param grafana Hash of 'grafana' config parameters. 69 | # @param logging Hash of 'logging' config parameters. 70 | # @param letsencrypt Hash of 'letsencrypt' config parameters. 71 | # @param package Hash of 'package' config parameters. 72 | # @param logrotate Hash of 'logrotate' config parameters. 73 | # @param manage_storage_directories Hash of 'manage_storage_directories' config parameters. 74 | # @param manage_accounts Hash of 'manage_accounts' config parameters. 75 | # @param mattermost_external_url External URL of Mattermost. 76 | # @param mattermost Hash of 'mattmost' config parameters. 77 | # @param mattermost_nginx Hash of 'mattmost_nginx' config parameters. 78 | # @param mattermost_nginx_eq_nginx Replicate the Mattermost Nginx config from the Gitlab Nginx config. 79 | # @param nginx Hash of 'nginx' config parameters. 80 | # @param node_exporter Hash of 'node_exporter' config parameters. 81 | # @param redis_exporter Hash of 'redis_exporter' config parameters. 82 | # @param postgres_exporter Hash of 'postgres_exporter' config parameters. 83 | # @param pgbouncer_exporter Hash of 'pgbouncer_exporter' config parameters. 84 | # @param gitlab_monitor Deprecated if using Gitlab > 12.3 and < 13.0, unsupported by gitlab omnibus using Gitlab 13+. Hash of 'gitlab_monitor' config parameters. 85 | # @param gitlab_exporter Hash of 'gitlab_exporter' config parameters. 86 | # @param pages_external_url External URL of Gitlab Pages. 87 | # @param pages_nginx Hash of 'pages_nginx' config parameters. 88 | # @param pages_nginx_eq_nginx Replicate the Pages Nginx config from the Gitlab Nginx config. 89 | # @param praefect Hash of 'praefect' config parameters. 90 | # @param postgresql Hash of 'postgresql' config parameters. 91 | # @param prometheus Hash of 'prometheus' config parameters. 92 | # @param prometheus_monitoring_enable Enable/disable prometheus support. 93 | # @param redis Hash of 'redis' config parameters. 94 | # @param redis_master_role To enable Redis master role for the node. 95 | # @param redis_slave_role To enable Redis slave role for the node. 96 | # @param redis_sentinel_role To enable sentinel role for the node. 97 | # @param registry Hash of 'registry' config parameters. 98 | # @param registry_external_url External URL of Registry 99 | # @param registry_nginx Hash of 'registry_nginx' config parameters. 100 | # @param registry_nginx_eq_nginx Replicate the registry Nginx config from the Gitlab Nginx config. 101 | # @param roles Array of roles when using a HA or Geo enabled GitLab configuration. See: https://docs.gitlab.com/omnibus/roles/README.html for acceptable values 102 | # @param sentinel Hash of 'sentinel' config parameters. 103 | # @param shell Hash of 'gitlab_shell' config parameters. 104 | # @param sidekiq Hash of 'sidekiq' config parameters 105 | # @param sidekiq_cluster Hash of 'sidekiq_cluster' config parameters. 106 | # @param skip_auto_migrations Deprecated if using Gitlab > 10.6.4 and < 11.0.0, unsupported by gitlab omnibus using gitlab 11+. Use skip_auto_reconfigure 107 | # @param skip_auto_reconfigure Utilized for Zero Downtime Updates, See: https://docs.gitlab.com/omnibus/update/README.html#zero-downtime-updates 108 | # @param skip_post_deployment_migrations Adds SKIP_POST_DEPLOYMENT_MIGRATIONS=true to the execution of gitlab-ctl reconfigure. Used for zero-downtime updates 109 | # @param store_git_keys_in_db Enable or disable Fast Lookup of authorized SSH keys in the database. See: https://docs.gitlab.com/ee/administration/operations/fast_ssh_key_lookup.html 110 | # @param source_config_file Override Hiera config with path to gitlab.rb config file 111 | # @param unicorn Hash of 'unicorn' config parameters. 112 | # @param puma Hash of 'puma' config parameters. 113 | # @param user Hash of 'user' config parameters. 114 | # @param web_server Hash of 'web_server' config parameters. 115 | # @param high_availability Hash of 'high_availability' config parameters. 116 | # @param backup_cron_enable Boolean to enable the daily backup cron job 117 | # @param backup_cron_minute The minute when to run the daily backup cron job 118 | # @param backup_cron_hour The hour when to run the daily backup cron job 119 | # @param backup_cron_skips Array of items to skip valid values: db, uploads, repositories, builds, artifacts, lfs, registry, pages 120 | # @param package_hold Wether to hold the specified package version. Available options are 'hold' or 'none'. Defaults to 'none'. Available only for Debian/Solaris package managers. 121 | # @param package_name The internal packaging system's name for the package. This name will automatically be changed by the gitlab::edition parameter. Can be overridden for the purposes of installing custom compiled version of gitlab-omnibus. 122 | # @param manage_package Should the GitLab package be managed? 123 | # @param repository_configuration A hash of repository types and attributes for configuraiton the gitlab package repositories. See docs in README.md 124 | # @param manage_omnibus_repository Set to false if you wish to manage gitlab without configuring the package repository 125 | # @param pgpass_file_location Path to location of .pgpass file used by consul to authenticate with pgbouncer database 126 | # @param pgpass_file_ensure Create .pgpass file for pgbouncer authentication. When set to present requires valid value for pgbouncer_password. 127 | # @param pgbouncer_password Password for the gitlab-consul database user in the pgbouncer database 128 | class gitlab ( 129 | Hash $repository_configuration, 130 | # package configuration 131 | String $package_ensure = 'installed', 132 | Optional[String] $edition = undef, 133 | Enum['ce', 'ee', 'disabled'] $manage_upstream_edition = 'ce', 134 | Boolean $manage_omnibus_repository = true, 135 | # system service configuration 136 | Boolean $service_enable = true, 137 | Enum['stopped', 'false', 'running', 'true'] $service_ensure = 'running', # lint:ignore:quoted_booleans 138 | Boolean $service_manage = false, 139 | Boolean $service_provider_restart = false, 140 | String $service_name = 'gitlab-runsvdir', 141 | String $service_exec = '/usr/bin/gitlab-ctl', 142 | String $service_user = 'root', 143 | String $service_group = 'root', 144 | # gitlab specific 145 | String $rake_exec = '/usr/bin/gitlab-rake', 146 | Optional[Hash] $alertmanager = undef, 147 | Optional[Hash] $ci_redis = undef, 148 | Optional[Hash] $ci_unicorn = undef, 149 | Boolean $config_manage = true, 150 | Stdlib::Absolutepath $config_file = '/etc/gitlab/gitlab.rb', 151 | Optional[Hash] $consul = undef, 152 | Stdlib::Absolutepath $custom_hooks_dir = '/opt/gitlab/embedded/service/gitlab-shell/hooks', 153 | Stdlib::Absolutepath $system_hooks_dir = '/opt/gitlab/embedded/service/gitlab-rails/file_hooks', 154 | Stdlib::Httpurl $external_url = "http://${facts['networking']['fqdn']}", 155 | Optional[Integer[1, 65565]] $external_port = undef, 156 | Optional[Hash] $geo_postgresql = undef, 157 | Optional[Hash] $geo_logcursor = undef, 158 | Boolean $geo_primary_role = false, 159 | Optional[Hash] $geo_secondary = undef, 160 | Boolean $geo_secondary_role = false, 161 | Optional[Hash] $git = undef, 162 | Optional[Hash] $gitaly = undef, 163 | Optional[Hash] $git_data_dirs = undef, 164 | Optional[Hash] $gitlab_git_http_server = undef, 165 | Optional[Hash] $gitlab_ci = undef, 166 | Optional[Hash] $gitlab_kas = undef, 167 | Optional[Hash] $gitlab_pages = undef, 168 | Optional[Hash] $gitlab_rails = undef, 169 | Optional[Hash] $gitlab_sshd = undef, 170 | Optional[Hash] $grafana = undef, 171 | Optional[Hash] $high_availability = undef, 172 | Optional[Hash] $logging = undef, 173 | Optional[Hash] $letsencrypt = undef, 174 | Optional[Hash[String[1], Scalar]] $package = undef, 175 | Optional[Hash] $logrotate = undef, 176 | Optional[Hash] $manage_storage_directories = undef, 177 | Optional[Hash] $manage_accounts = undef, 178 | Boolean $manage_package = true, 179 | Optional[Hash] $mattermost = undef, 180 | Optional[String] $mattermost_external_url = undef, 181 | Optional[Hash] $mattermost_nginx = undef, 182 | Boolean $mattermost_nginx_eq_nginx = false, 183 | Optional[Hash] $nginx = undef, 184 | Optional[Hash] $node_exporter = undef, 185 | Optional[Hash] $redis_exporter = undef, 186 | Optional[String] $pgbouncer_password = undef, 187 | Enum['absent', 'present'] $pgpass_file_ensure = 'absent', 188 | Stdlib::Absolutepath $pgpass_file_location = '/home/gitlab-consul/.pgpass', 189 | Optional[Hash] $postgres_exporter = undef, 190 | Optional[Hash] $pgbouncer_exporter = undef, 191 | Optional[Hash] $gitlab_monitor = undef, 192 | Optional[Hash] $gitlab_exporter = undef, 193 | Enum['hold', 'none'] $package_hold = 'none', 194 | Optional[String] $package_name = undef, 195 | Optional[String] $pages_external_url = undef, 196 | Optional[Hash] $pages_nginx = undef, 197 | Boolean $pages_nginx_eq_nginx = false, 198 | Optional[Hash] $pgbouncer = undef, 199 | Optional[Hash] $postgresql = undef, 200 | Optional[Hash] $praefect = undef, 201 | Optional[Hash] $prometheus = undef, 202 | Optional[Boolean] $prometheus_monitoring_enable = undef, 203 | Optional[Hash] $redis = undef, 204 | Optional[Boolean] $redis_master_role = undef, 205 | Optional[Boolean] $redis_slave_role = undef, 206 | Optional[Boolean] $redis_sentinel_role = undef, 207 | Optional[Hash] $registry = undef, 208 | Optional[String] $registry_external_url = undef, 209 | Optional[Hash] $registry_nginx = undef, 210 | Boolean $registry_nginx_eq_nginx = false, 211 | Optional[Hash] $repmgr = undef, 212 | Optional[Array] $roles = undef, 213 | Optional[Hash] $sentinel = undef, 214 | Boolean $skip_post_deployment_migrations = false, 215 | Optional[Hash] $shell = undef, 216 | Optional[Hash] $sidekiq = undef, 217 | Optional[Hash] $sidekiq_cluster = undef, 218 | Enum['present', 'absent'] $skip_auto_reconfigure = 'absent', 219 | Optional $skip_auto_migrations = undef, 220 | Optional[Stdlib::Absolutepath] $source_config_file = undef, 221 | Boolean $store_git_keys_in_db = false, 222 | Optional[Hash] $unicorn = undef, 223 | Optional[Hash] $puma = undef, 224 | Optional[Hash] $gitlab_workhorse = undef, 225 | Optional[Hash] $user = undef, 226 | Optional[Hash] $web_server = undef, 227 | Boolean $backup_cron_enable = false, 228 | Integer[0,59] $backup_cron_minute = 0, 229 | Integer[0,23] $backup_cron_hour = 2, 230 | Array $backup_cron_skips = [], 231 | Hash $custom_hooks = {}, 232 | Hash $global_hooks = {}, 233 | Hash[String[1],Hash[String[1],Any]] $system_hooks = {}, 234 | ) { 235 | include gitlab::omnibus_package_repository 236 | 237 | contain gitlab::host_config 238 | contain gitlab::omnibus_config 239 | contain gitlab::install 240 | contain gitlab::service 241 | 242 | Class['gitlab::host_config'] 243 | -> Class['gitlab::omnibus_config'] 244 | -> Class['gitlab::install'] 245 | -> Class['gitlab::service'] 246 | 247 | $custom_hooks.each |$name, $options| { 248 | gitlab::custom_hook { $name: 249 | * => $options, 250 | } 251 | } 252 | 253 | $global_hooks.each |$name, $options| { 254 | gitlab::global_hook { $name: 255 | * => $options, 256 | } 257 | } 258 | 259 | $system_hooks.each |$name, $options| { 260 | gitlab::system_hook { $name: 261 | * => $options, 262 | } 263 | } 264 | } 265 | -------------------------------------------------------------------------------- /spec/classes/init_spec.rb: -------------------------------------------------------------------------------- 1 | require 'spec_helper' 2 | 3 | describe 'gitlab', type: :class do 4 | on_supported_os.each do |os, facts| 5 | context "on #{os}" do 6 | let(:facts) do 7 | facts 8 | end 9 | 10 | context 'with default params' do 11 | it { is_expected.to contain_class('gitlab::host_config').that_comes_before('Class[gitlab::install]') } 12 | it { is_expected.to contain_class('gitlab::omnibus_config').that_comes_before('Class[gitlab::install]') } 13 | it { is_expected.to contain_class('gitlab::install').that_comes_before('Class[gitlab::service]') } 14 | it { is_expected.to contain_class('gitlab::service') } 15 | it { is_expected.to contain_exec('gitlab_reconfigure').that_subscribes_to('Class[gitlab::omnibus_config]') } 16 | it { is_expected.to contain_file('/etc/gitlab/gitlab.rb') } 17 | it { is_expected.to contain_package('gitlab-omnibus').with_ensure('installed').with_name('gitlab-ce') } 18 | it { is_expected.to contain_class('gitlab') } 19 | it { is_expected.not_to raise_error } 20 | 21 | case facts[:osfamily] 22 | when 'Debian' 23 | it { is_expected.to contain_apt__source('gitlab_official_ce').with_ensure('present').with_comment(%r{.}) } 24 | it { is_expected.to contain_apt__source('gitlab_official_ee').with_ensure('absent') } 25 | it { is_expected.to contain_class('apt::update').that_comes_before('Class[gitlab::install]') } 26 | it { is_expected.not_to contain_apt__source('gitlab_official_') } 27 | it { is_expected.not_to contain_yumrepo('gitlab_official_ce') } 28 | case facts[:operatingsystem] 29 | when 'Ubuntu' 30 | it { is_expected.to contain_apt__source('gitlab_official_ce').with_location('https://packages.gitlab.com/gitlab/gitlab-ce/ubuntu') } 31 | it { is_expected.to contain_apt__source('gitlab_official_ee').with_location('https://packages.gitlab.com/gitlab/gitlab-ee/ubuntu') } 32 | else 33 | it { is_expected.to contain_apt__source('gitlab_official_ce').with_location('https://packages.gitlab.com/gitlab/gitlab-ce/debian') } 34 | it { is_expected.to contain_apt__source('gitlab_official_ee').with_location('https://packages.gitlab.com/gitlab/gitlab-ee/debian') } 35 | end 36 | when 'RedHat' 37 | it { is_expected.to contain_yumrepo('gitlab_official_ce').with_ensure('present').with_enabled(1) } 38 | it { is_expected.to contain_yumrepo('gitlab_official_ce').without_baseurl(%r{/gitlab-/}) } 39 | it { is_expected.to contain_yumrepo('gitlab_official_ce').without_gpgkey(%r{/gitlab-/}) } 40 | it { is_expected.to contain_yumrepo('gitlab_official_ce').without_gpgkey('https://packages.gitlab.com/gpg.key') } 41 | it { is_expected.to contain_yumrepo('gitlab_official_ee').with_ensure('absent') } 42 | it { is_expected.not_to contain_yumrepo('gitlab_official_') } 43 | it { is_expected.not_to contain_apt__source('gitlab_official_ce') } 44 | it { is_expected.not_to contain_class('apt::update').that_comes_before('Class[gitlab::install]') } 45 | end 46 | end 47 | 48 | context 'with class specific parameters' do 49 | describe 'edition = ee' do 50 | let(:params) { { edition: 'ee' } } 51 | 52 | it { is_expected.to contain_package('gitlab-omnibus').with_ensure('installed').with_name('gitlab-ee') } 53 | 54 | case facts[:osfamily] 55 | when 'Debian' 56 | it { is_expected.to contain_apt__source('gitlab_official_ee').with_ensure('present') } 57 | it { is_expected.to contain_apt__source('gitlab_official_ce').with_ensure('absent') } 58 | it { is_expected.to contain_class('apt::update').that_comes_before('Class[gitlab::install]') } 59 | when 'RedHat' 60 | it { is_expected.to contain_yumrepo('gitlab_official_ee').with_ensure('present') } 61 | it { is_expected.to contain_yumrepo('gitlab_official_ee').without_baseurl(%r{/gitlab-/}) } 62 | it { is_expected.to contain_yumrepo('gitlab_official_ee').without_gpgkey(%r{/gitlab-/}) } 63 | it { is_expected.to contain_yumrepo('gitlab_official_ee').without_gpgkey('https://packages.gitlab.com/gpg.key') } 64 | it { is_expected.to contain_yumrepo('gitlab_official_ce').with_ensure('absent') } 65 | end 66 | end 67 | describe 'service_manage' do 68 | let(:params) { { service_manage: true } } 69 | 70 | it { 71 | is_expected.to contain_service('gitlab-runsvdir').without_notify 72 | } 73 | end 74 | describe 'service_provider_restart' do 75 | let(:params) do 76 | { service_manage: true, 77 | service_provider_restart: true } 78 | end 79 | 80 | it { 81 | is_expected.to contain_exec('gitlab_reconfigure'). \ 82 | that_notifies('Service[gitlab-runsvdir]') 83 | } 84 | end 85 | describe 'external_url' do 86 | let(:params) { { external_url: 'http://gitlab.mycompany.com/' } } 87 | 88 | it { 89 | is_expected.to contain_file('/etc/gitlab/gitlab.rb'). \ 90 | with_content(%r{^\s*external_url 'http:\/\/gitlab\.mycompany\.com\/'$}) 91 | } 92 | end 93 | describe 'external_port' do 94 | let(:params) { { external_port: 9654 } } 95 | 96 | it { 97 | is_expected.to contain_file('/etc/gitlab/gitlab.rb'). \ 98 | with_content(%r{^\s*external_port '9654'$}) 99 | } 100 | end 101 | describe 'nginx' do 102 | let(:params) do 103 | { nginx: { 104 | 'enable' => true, 105 | 'listen_port' => 80 106 | } } 107 | end 108 | 109 | it { 110 | is_expected.to contain_file('/etc/gitlab/gitlab.rb'). \ 111 | with_content(%r{^\s*nginx\['enable'\] = true$}). 112 | with_content(%r{^\s*nginx\['listen_port'\] = ('|)80('|)$}) 113 | } 114 | end 115 | describe 'alertmanager' do 116 | let(:params) do 117 | { alertmanager: { 118 | 'enable' => true, 119 | 'flags' => { 'cluster.advertise-address' => '127.0.0.1:9093' } 120 | } } 121 | end 122 | 123 | it { 124 | is_expected.to contain_file('/etc/gitlab/gitlab.rb'). \ 125 | with_content(%r{^\s*alertmanager\['enable'\] = true$}). 126 | with_content(%r{^\s*alertmanager\['flags'\] = {\"cluster.advertise-address\"=>\"127.0.0.1:9093\"}$}) 127 | } 128 | end 129 | describe 'letsencrypt' do 130 | let(:params) do 131 | { letsencrypt: { 132 | 'enable' => true, 133 | 'contact_emails' => ['test@example.com'] 134 | } } 135 | end 136 | 137 | it { 138 | is_expected.to contain_file('/etc/gitlab/gitlab.rb'). \ 139 | with_content(%r{^\s*letsencrypt\['enable'\] = true$}). 140 | with_content(%r{^\s*letsencrypt\['contact_emails'\] = \["test@example.com"\]$}) 141 | } 142 | end 143 | describe 'package' do 144 | let(:params) do 145 | { package: { 146 | 'systemd_after' => 'foo.target', 147 | 'systemd_wanted_by' => 'bar.target', 148 | } } 149 | end 150 | 151 | it { 152 | is_expected.to contain_file('/etc/gitlab/gitlab.rb'). \ 153 | with_content(%r{^\s*package\['systemd_after'\] = "foo.target"$}). 154 | with_content(%r{^\s*package\['systemd_wanted_by'\] = "bar.target"$}) 155 | } 156 | end 157 | describe 'consul' do 158 | let(:params) do 159 | { consul: { 160 | 'enable' => true 161 | } } 162 | end 163 | 164 | it { 165 | is_expected.to contain_file('/etc/gitlab/gitlab.rb'). \ 166 | with_content(%r{^\s*consul\['enable'\] = true$}) 167 | } 168 | end 169 | describe 'pgbouncer' do 170 | let(:params) do 171 | { pgbouncer: { 172 | 'enable' => true 173 | } } 174 | end 175 | 176 | it { 177 | is_expected.to contain_file('/etc/gitlab/gitlab.rb'). \ 178 | with_content(%r{^\s*pgbouncer\['enable'\] = true$}) 179 | } 180 | end 181 | describe 'praefect' do 182 | let(:params) do 183 | { 184 | praefect: { 185 | 'enable' => true, 186 | 'listen_addr' => '0.0.0.0:2305', 187 | 'virtual_storage' => { 188 | 'default' => { 189 | 'host01' => { 'address' => 'tcp://host01:8075', 'token' => 'xxx-xxx-xxx' }, 190 | 'host02' => { 'address' => 'tcp://host02:8075', 'token' => 'xxx-xxx-xxx' }, 191 | } 192 | } 193 | } 194 | } 195 | end 196 | 197 | it { 198 | is_expected.to contain_file('/etc/gitlab/gitlab.rb'). \ 199 | with_content(%r{^\s*praefect\['enable'\] = true$}) 200 | } 201 | it { 202 | is_expected.to contain_file('/etc/gitlab/gitlab.rb'). \ 203 | with_content(%r{^\s*praefect\['listen_addr'\] = "0\.0\.0\.0:2305"$}) 204 | } 205 | it { 206 | is_expected.to contain_file('/etc/gitlab/gitlab.rb'). \ 207 | with_content(%r{^\s*praefect\['virtual_storage'\] = \{"default"=>\{"host01"=>\{"address"=>"tcp://host01:8075", "token"=>"xxx-xxx-xxx"\}, "host02"=>\{"address"=>"tcp://host02:8075", "token"=>"xxx-xxx-xxx"\}\}\}$}) 208 | } 209 | end 210 | describe 'repmgr' do 211 | let(:params) do 212 | { repmgr: { 213 | 'enable' => true 214 | } } 215 | end 216 | 217 | it { 218 | is_expected.to contain_file('/etc/gitlab/gitlab.rb'). \ 219 | with_content(%r{^\s*repmgr\['enable'\] = true$}) 220 | } 221 | end 222 | describe 'skip_auto_reconfigure' do 223 | let(:params) { { skip_auto_reconfigure: 'present' } } 224 | 225 | it { 226 | is_expected.to contain_file('/etc/gitlab/skip-auto-reconfigure').with( 227 | 'ensure' => 'present', 228 | 'owner' => 'root', 229 | 'group' => 'root', 230 | 'mode' => '0644' 231 | ) 232 | } 233 | end 234 | describe 'skip_post_deployment_migrations' do 235 | let(:params) do 236 | { skip_post_deployment_migrations: true } 237 | end 238 | 239 | it { 240 | is_expected.to contain_exec('gitlab_reconfigure').with_environment(['SKIP_POST_DEPLOYMENT_MIGRATIONS=true']) 241 | } 242 | end 243 | context 'managing pgpass_file' do 244 | describe 'with defaults' do 245 | it { is_expected.to contain_file('/home/gitlab-consul/.pgpass').with_ensure('absent') } 246 | end 247 | context "with pgpass_file_ensure => 'present'" do 248 | let(:params) do 249 | { pgpass_file_ensure: 'present' } 250 | end 251 | 252 | describe 'without a password for pgbouncer_password' do 253 | it { is_expected.to raise_error(%r{A password must be provided to pgbouncer_password}) } 254 | end 255 | describe 'with a password for pgbouncer_password' do 256 | let(:params) do 257 | super().merge('pgbouncer_password' => 'PAsswd') 258 | end 259 | 260 | it { 261 | is_expected.to contain_file('/home/gitlab-consul/.pgpass').with( 262 | 'ensure' => 'present', 263 | 'path' => '/home/gitlab-consul/.pgpass', 264 | 'owner' => 'gitlab-consul', 265 | 'group' => 'gitlab-consul' 266 | ).with_content( 267 | %r{^127.0.0.1:\*:pgbouncer:pgbouncer:PAsswd} 268 | ) 269 | } 270 | end 271 | end 272 | end 273 | describe 'gitlab_rails with hash value' do 274 | let(:params) do 275 | { gitlab_rails: { 276 | 'ldap_enabled' => true, 277 | 'ldap_servers' => { 278 | 'main' => { 279 | 'label' => 'LDAP', 280 | 'host' => '_your_ldap_server', 281 | 'port' => 389, 282 | 'uid' => 'sAMAccountName', 283 | 'method' => 'plain', 284 | 'bind_dn' => '_the_full_dn_of_the_user_you_will_bind_with', 285 | 'password' => '_the_password_of_the_bind_user', 286 | 'active_directory' => true, 287 | 'allow_username_or_email_login' => false, 288 | 'block_auto_created_users' => false, 289 | 'base' => '', 290 | 'user_filter' => '' 291 | } 292 | }, 293 | 'omniauth_providers' => [ 294 | { 295 | 'name' => 'google_oauth2', 296 | 'app_id' => 'YOUR APP ID', 297 | 'app_secret' => 'YOUR APP SECRET', 298 | 'args' => { 'access_type' => 'offline', 'approval_prompt' => '' } 299 | } 300 | ] 301 | } } 302 | end 303 | let(:expected_content) do 304 | { 305 | gitlab_rb__ldap_servers: %(gitlab_rails['ldap_servers'] = {"main"=>{"active_directory"=>true, "allow_username_or_email_login"=>false, "base"=>"", "bind_dn"=>"_the_full_dn_of_the_user_you_will_bind_with", "block_auto_created_users"=>false, "host"=>"_your_ldap_server", "label"=>"LDAP", "method"=>"plain", "password"=>"_the_password_of_the_bind_user", "port"=>389, "uid"=>"sAMAccountName", "user_filter"=>""}}\n) 306 | } 307 | end 308 | 309 | it { 310 | is_expected.to contain_file('/etc/gitlab/gitlab.rb'). \ 311 | with_content(%r{^\s*gitlab_rails\['ldap_enabled'\] = true$}). 312 | with_content(%r{\s*#{Regexp.quote(expected_content[:gitlab_rb__ldap_servers])}}m). 313 | with_content(%r{^\s*gitlab_rails\['omniauth_providers'\] = \[{\"app_id\"=>\"YOUR APP ID\", \"app_secret\"=>\"YOUR APP SECRET\", \"args\"=>{\"access_type\"=>\"offline\", \"approval_prompt\"=>\"\"}, \"name\"=>\"google_oauth2\"}\]$}) 314 | } 315 | end 316 | describe 'gitlab_git_http_server with hash value' do 317 | let(:params) do 318 | { gitlab_git_http_server: { 319 | 'enable' => true 320 | } } 321 | end 322 | 323 | it { 324 | is_expected.to contain_file('/etc/gitlab/gitlab.rb'). \ 325 | with_content(%r{^\s*gitlab_git_http_server\['enable'\] = true$}) 326 | } 327 | end 328 | describe 'gitlab_rails with string value' do 329 | let(:params) do 330 | { gitlab_rails: { 331 | 'backup_path' => '/opt/gitlab_backup' 332 | } } 333 | end 334 | 335 | it { 336 | is_expected.to contain_file('/etc/gitlab/gitlab.rb'). \ 337 | with_content(%r{^\s*gitlab_rails\['backup_path'\] = "\/opt\/gitlab_backup"$}) 338 | } 339 | end 340 | describe 'rack_attack_git_basic_auth with Numbers and Strings' do 341 | let(:params) do 342 | { 343 | gitlab_rails: { 344 | 'rack_attack_git_basic_auth' => { 345 | 'enable' => true, 346 | 'ip_whitelist' => ['127.0.0.1', '10.0.0.0'], 347 | 'maxretry' => 10, 348 | 'findtime' => 60, 349 | 'bantime' => 3600 350 | } 351 | } 352 | } 353 | end 354 | 355 | it { 356 | is_expected.to contain_file('/etc/gitlab/gitlab.rb'). \ 357 | with_content(%r{^\s*gitlab_rails\['rack_attack_git_basic_auth'\] = {\"bantime\"=>3600, \"enable\"=>true, \"findtime\"=>60, \"ip_whitelist\"=>\[\"127.0.0.1\", \"10.0.0.0\"\], \"maxretry\"=>10}$}) 358 | } 359 | end 360 | describe 'mattermost external URL' do 361 | let(:params) { { mattermost_external_url: 'https://mattermost.myserver.tld' } } 362 | 363 | it { 364 | is_expected.to contain_file('/etc/gitlab/gitlab.rb'). \ 365 | with_content(%r{^\s*mattermost_external_url 'https:\/\/mattermost\.myserver\.tld'$}) 366 | } 367 | end 368 | describe 'mattermost with hash value' do 369 | let(:params) do 370 | { mattermost: { 371 | 'enable' => true 372 | } } 373 | end 374 | 375 | it { 376 | is_expected.to contain_file('/etc/gitlab/gitlab.rb'). \ 377 | with_content(%r{^\s*mattermost\['enable'\] = true$}) 378 | } 379 | end 380 | describe 'with roles' do 381 | let(:params) do 382 | { 383 | 'roles' => %w[redis_sentinel_role redis_master_role] 384 | } 385 | end 386 | 387 | let(:expected_content) do 388 | { 389 | roles: %(roles ["redis_sentinel_role", "redis_master_role"]) 390 | } 391 | end 392 | 393 | it { 394 | is_expected.to contain_file('/etc/gitlab/gitlab.rb'). 395 | with_content(%r{\s*#{Regexp.quote(expected_content[:roles])}}m) 396 | } 397 | end 398 | describe 'with data_dirs' do 399 | let(:params) do 400 | { 401 | 'git_data_dirs' => { 402 | 'default' => { 403 | 'path' => '/git-data/data' 404 | } 405 | } 406 | } 407 | end 408 | let(:expected_content) do 409 | { 410 | datadirs: %(git_data_dirs({"default"=>{"path"=>"/git-data/data"}})\n) 411 | } 412 | end 413 | 414 | it do 415 | is_expected.to contain_file('/etc/gitlab/gitlab.rb'). 416 | with_content(%r{\s*#{Regexp.quote(expected_content[:datadirs])}}m) 417 | end 418 | end 419 | describe 'with store_git_keys_in_db' do 420 | let(:params) { { store_git_keys_in_db: true } } 421 | 422 | it do 423 | is_expected.to contain_file('/opt/gitlab-shell/authorized_keys') 424 | end 425 | end 426 | describe 'gitlab_monitor' do 427 | let(:params) do 428 | { gitlab_monitor: { 429 | 'enable' => true 430 | } } 431 | end 432 | 433 | it { 434 | is_expected.to contain_file('/etc/gitlab/gitlab.rb'). \ 435 | with_content(%r{^\s*gitlab_monitor\['enable'\] = true$}) 436 | } 437 | it { 438 | is_expected.to contain_notify("DEPRECTATION: 'gitlab_monitor' is deprecated if using GitLab 12.3 or greater. Set 'gitlab_exporter' instead") 439 | } 440 | end 441 | describe 'gitlab_exporter' do 442 | let(:params) do 443 | { gitlab_exporter: { 444 | 'enable' => true 445 | } } 446 | end 447 | 448 | it { 449 | is_expected.to contain_file('/etc/gitlab/gitlab.rb'). \ 450 | with_content(%r{^\s*gitlab_exporter\['enable'\] = true$}) 451 | } 452 | end 453 | describe 'puma' do 454 | let(:params) do 455 | { puma: { 456 | 'enable' => true, 457 | 'worker_processes' => 3, 458 | 'worker_timeout' => 60 459 | } } 460 | end 461 | 462 | it { 463 | is_expected.to contain_file('/etc/gitlab/gitlab.rb'). 464 | with_content(%r{^\s*puma\['enable'\] = true$}). 465 | with_content(%r{^\s*puma\['worker_processes'\] = 3$}). 466 | with_content(%r{^\s*puma\['worker_timeout'\] = 60$}) 467 | } 468 | end 469 | describe 'pgbouncer_exporter' do 470 | let(:params) do 471 | { pgbouncer_exporter: { 472 | 'enable' => true 473 | } } 474 | end 475 | 476 | it { 477 | is_expected.to contain_file('/etc/gitlab/gitlab.rb'). \ 478 | with_content(%r{^\s*pgbouncer_exporter\['enable'\] = true$}) 479 | } 480 | end 481 | describe 'geo_logcursor' do 482 | let(:params) do 483 | { geo_logcursor: { 484 | 'enable' => true 485 | } } 486 | end 487 | 488 | it { 489 | is_expected.to contain_file('/etc/gitlab/gitlab.rb'). \ 490 | with_content(%r{^\s*geo_logcursor\['enable'\] = true$}) 491 | } 492 | end 493 | describe 'gitlab_sshd' do 494 | let(:params) do 495 | { gitlab_sshd: { 496 | 'enable' => true 497 | } } 498 | end 499 | 500 | it { 501 | is_expected.to contain_file('/etc/gitlab/gitlab.rb'). \ 502 | with_content(%r{^\s*gitlab_sshd\['enable'\] = true$}) 503 | } 504 | end 505 | describe 'package_hold' do 506 | let(:params) do 507 | { package_ensure: '16.10.3-ce.0', package_hold: 'hold' } 508 | end 509 | 510 | it { 511 | is_expected.to contain_package('gitlab-omnibus').with('ensure' => '16.10.3-ce.0', 'name' => 'gitlab-ce', 'mark' => 'hold') 512 | } 513 | end 514 | end 515 | end 516 | end 517 | 518 | context 'on usupported os' do 519 | let(:facts) do 520 | { 521 | 'os' => { 522 | 'family' => 'Solaris' 523 | } 524 | } 525 | end 526 | 527 | describe 'gitlab class without any parameters on Solaris/Nexenta' do 528 | it { is_expected.not_to compile } 529 | end 530 | end 531 | end 532 | -------------------------------------------------------------------------------- /templates/gitlab.rb.erb: -------------------------------------------------------------------------------- 1 | ## THIS CONFIGURATION IS MANAGED BY PUPPET 2 | # for all possible parameters, see: 3 | # https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-config-template/gitlab.rb.template 4 | <%- 5 | # As this template is writing a config file based on some hashes and hashes are not meant to be in a certain order, 6 | # We need to ensure that the order of the keys are always outputed in the same order. 7 | # Otherwise puppet will always update(change) the config file. 8 | 9 | def sort_hash_by_key(hash, deep=true, &block) 10 | if hash.kind_of?(Hash) 11 | hash.keys.sort(&block).reduce({}) do |memo, key| 12 | memo[key] = hash[key] 13 | if deep && memo[key].kind_of?(Hash) 14 | memo[key] = sort_hash_by_key(memo[key], true, &block) 15 | end 16 | memo 17 | end 18 | end 19 | end 20 | 21 | def numify(obj) 22 | if obj.is_a?(String) 23 | Integer(obj) rescue Float(obj) rescue obj 24 | elsif obj.is_a?(Array) 25 | obj.map { |item| numify(item) } 26 | elsif obj.is_a?(Hash) 27 | sort_hash_by_key(obj.merge(obj) { |_, v| numify(v) }) 28 | else 29 | obj 30 | end 31 | end 32 | 33 | def decorate(v) 34 | numify(v).inspect 35 | end 36 | -%> 37 | 38 | ## Url on which GitLab will be reachable. 39 | ## For more details on configuring external_url see: 40 | ## https://gitlab.com/gitlab-org/omnibus-gitlab/blob/629def0a7a26e7c2326566f0758d4a27857b52a3/README.md#configuring-the-external-url-for-gitlab 41 | external_url '<%= @external_url %>' 42 | <%- if @external_port -%> 43 | external_port '<%= @external_port %>' 44 | <%- end -%> 45 | 46 | <%- if @roles -%> 47 | 48 | ## Roles for multi-instance GitLab 49 | ##! The default is to have no roles enabled, which results in GitLab running as an all-in-one instance. 50 | ##! Options: 51 | ##! redis_sentinel_role redis_master_role redis_slave_role geo_primary_role geo_secondary_role 52 | ##! For more deatils on each role, see: 53 | ##! https://docs.gitlab.com/omnibus/roles/README.html#roles 54 | 55 | roles <%= decorate(@roles) %> 56 | <%- end -%> 57 | <%- if @git_data_dirs -%> 58 | 59 | ### For setting up different data storing directory 60 | ###! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#storing-git-data-in-an-alternative-directory 61 | ###! **If you want to use a single non-default directory to store git data use a 62 | ###! path that doesn't contain symlinks.** 63 | git_data_dirs(<%= decorate(@git_data_dirs) %>) 64 | 65 | <%- end -%> 66 | <%- if @gitlab_rails -%> 67 | 68 | ############################ 69 | # gitlab.yml configuration # 70 | ############################ 71 | 72 | <%- @gitlab_rails.keys.sort.each do |k| -%> 73 | gitlab_rails['<%= k -%>'] = <%= decorate(@gitlab_rails[k]) %> 74 | <%- end end -%> 75 | <%- if @user -%> 76 | 77 | ############### 78 | # GitLab user # 79 | ############### 80 | ## see https://gitlab.com/gitlab-org/omnibus-gitlab/tree/629def0a7a26e7c2326566f0758d4a27857b52a3/README.md#changing-the-name-of-the-git-user-group 81 | ## Modify default git user. 82 | 83 | <%- @user.keys.sort.each do |k| -%> 84 | user['<%= k -%>'] = <%= decorate(@user[k]) %> 85 | <%- end end -%> 86 | <%- if @unicorn -%> 87 | 88 | ################## 89 | # GitLab Unicorn # 90 | ################## 91 | ## Tweak unicorn settings. 92 | 93 | <%- @unicorn.keys.sort.each do |k| -%> 94 | unicorn['<%= k -%>'] = <%= decorate(@unicorn[k]) %> 95 | <%- end end -%> 96 | <%- if @puma -%> 97 | 98 | ################## 99 | # GitLab Puma # 100 | ################## 101 | 102 | <%- @puma.keys.sort.each do |k| -%> 103 | puma['<%= k -%>'] = <%= decorate(@puma[k]) %> 104 | <%- end end -%> 105 | <%- if @sidekiq -%> 106 | 107 | ################## 108 | # GitLab Sidekiq # 109 | ################## 110 | 111 | <%- @sidekiq.keys.sort.each do |k| -%> 112 | sidekiq['<%= k -%>'] = <%= decorate(@sidekiq[k]) %> 113 | <%- end end -%> 114 | <%- if @sidekiq_cluster -%> 115 | 116 | ########################## 117 | # GitLab Sidekiq Cluster # 118 | ########################## 119 | 120 | <%- @sidekiq_cluster.keys.sort.each do |k| -%> 121 | sidekiq_cluster['<%= k -%>'] = <%= decorate(@sidekiq_cluster[k]) %> 122 | <%- end end -%> 123 | <%- if @shell -%> 124 | 125 | ################ 126 | # gitlab-shell # 127 | ################ 128 | 129 | <%- @shell.keys.sort.each do |k| -%> 130 | gitlab_shell['<%= k -%>'] = <%= decorate(@shell[k]) %> 131 | <%- end end -%> 132 | <%- if @gitlab_sshd -%> 133 | 134 | ############### 135 | # gitlab-sshd # 136 | ############### 137 | 138 | <%- @gitlab_sshd.keys.sort.each do |k| -%> 139 | gitlab_sshd['<%= k -%>'] = <%= decorate(@gitlab_sshd[k]) %> 140 | <%- end end -%> 141 | <%- if @postgresql -%> 142 | 143 | ##################### 144 | # GitLab PostgreSQL # 145 | ##################### 146 | 147 | <%- @postgresql.keys.sort.each do |k| -%> 148 | postgresql['<%= k -%>'] = <%= decorate(@postgresql[k]) %> 149 | <%- end end -%> 150 | <%- if @praefect -%> 151 | 152 | ################################################################################ 153 | # Praefect 154 | ################################################################################ 155 | # See [Gitlab Praefect documentation](https://docs.gitlab.com/ee/administration/gitaly/praefect.html) 156 | 157 | <%- @praefect.keys.sort.each do |k| -%> 158 | praefect['<%= k -%>'] = <%= decorate(@praefect[k]) %> 159 | <%- end end -%> 160 | <%- if @redis -%> 161 | 162 | ################ 163 | # GitLab Redis # 164 | ################ 165 | ## Can be disabled if you are using your own redis instance. 166 | 167 | <%- @redis.keys.sort.each do |k| -%> 168 | redis['<%= k -%>'] = <%= decorate(@redis[k]) %> 169 | <%- end end -%> 170 | <%- if @redis_master_role -%> 171 | 172 | ####################### 173 | # Gitlab Redis Master # 174 | ####################### 175 | ## see https://docs.gitlab.com/omnibus/settings/redis.html 176 | ## see https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-config-template/gitlab.rb.template#L667 177 | 178 | redis_master_role['enable'] = true 179 | <%- end -%> 180 | <%- if @redis_slave_role -%> 181 | 182 | ####################### 183 | # Gitlab Redis Slave # 184 | ####################### 185 | ## see https://docs.gitlab.com/omnibus/settings/redis.html 186 | ## see https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-config-template/gitlab.rb.template#L668 187 | 188 | redis_slave_role['enable'] = true 189 | <%- end -%> 190 | <%- if @web_server -%> 191 | 192 | ##################### 193 | # GitLab Web server # 194 | ##################### 195 | ## see: https://gitlab.com/gitlab-org/omnibus-gitlab/tree/629def0a7a26e7c2326566f0758d4a27857b52a3/doc/settings/nginx.md#using-a-non-bundled-web-server 196 | ## When bundled nginx is disabled we need to add the external webserver user to the GitLab webserver group. 197 | 198 | <%- @web_server.keys.sort.each do |k| -%> 199 | web_server['<%= k -%>'] = <%= decorate(@web_server[k]) %> 200 | <%- end end -%> 201 | <%- if @gitlab_git_http_server -%> 202 | 203 | ########################## 204 | # GitLab Git HTTP server # 205 | ########################## 206 | ## see: https://about.gitlab.com/2015/08/22/gitlab-7-14-released/ 207 | 208 | <%- @gitlab_git_http_server.keys.sort.each do |k| -%> 209 | gitlab_git_http_server['<%= k -%>'] = <%= decorate(@gitlab_git_http_server[k]) %> 210 | <%- end end -%> 211 | <%- if @nginx -%> 212 | 213 | ################ 214 | # GitLab Nginx # 215 | ################ 216 | ## see: https://gitlab.com/gitlab-org/omnibus-gitlab/tree/629def0a7a26e7c2326566f0758d4a27857b52a3/doc/settings/nginx.md 217 | 218 | <%- @nginx.keys.sort.each do |k| -%> 219 | nginx['<%= k -%>'] = <%= decorate(@nginx[k]) %> 220 | <%- end end -%> 221 | <%- if @gitlab_workhorse -%> 222 | 223 | #################### 224 | # GitLab Workhorse # 225 | #################### 226 | 227 | <%- @gitlab_workhorse.keys.sort.each do |k| -%> 228 | gitlab_workhorse['<%= k -%>'] = <%= decorate(@gitlab_workhorse[k]) %> 229 | <%- end end -%> 230 | <%- if @letsencrypt -%> 231 | 232 | ###################### 233 | # GitLab Letsencrypt # 234 | ###################### 235 | ## see: https://docs.gitlab.com/omnibus/settings/ssl.html#let-39-s-encrypt-integration 236 | 237 | <%- @letsencrypt.keys.sort.each do |k| -%> 238 | letsencrypt['<%= k -%>'] = <%= decorate(@letsencrypt[k]) %> 239 | <%- end end -%> 240 | <%- if @package -%> 241 | 242 | ################## 243 | # GitLab Package # 244 | ################## 245 | ## see: https://docs.gitlab.com/omnibus/common_installation_problems/#gitlab-ctl-reconfigure-hangs-while-using-aws-cloudformation 246 | 247 | <%- @package.keys.sort.each do |k| -%> 248 | package['<%= k -%>'] = <%= decorate(@package[k]) %> 249 | <%- end end -%> 250 | <%- if @logging -%> 251 | 252 | 253 | ################## 254 | # GitLab Logging # 255 | ################## 256 | ## see: https://gitlab.com/gitlab-org/omnibus-gitlab/tree/629def0a7a26e7c2326566f0758d4a27857b52a3/README.md#logs 257 | 258 | <%- @logging.keys.sort.each do |k| -%> 259 | logging['<%= k -%>'] = <%= decorate(@logging[k]) %> 260 | <%- end end -%> 261 | <%- if @logrotate -%> 262 | 263 | ############# 264 | # Logrotate # 265 | ############# 266 | ## see: https://gitlab.com/gitlab-org/omnibus-gitlab/tree/629def0a7a26e7c2326566f0758d4a27857b52a3/README.md#logrotate 267 | ## You can disable built in logrotate feature. 268 | 269 | <%- @logrotate.keys.sort.each do |k| -%> 270 | logrotate['<%= k -%>'] = <%= decorate(@logrotate[k]) %> 271 | <%- end end -%> 272 | <%- if @manage_storage_directories -%> 273 | 274 | ####################### 275 | # Storage directories # 276 | ####################### 277 | ## Disable managing storage directories 278 | ## Set only if the select directories are created manually 279 | ## See: http://doc.gitlab.com/omnibus/settings/configuration.html#disable-storage-directories-management 280 | # manage_storage_directories['enable'] = false 281 | 282 | <%- @manage_storage_directories.keys.sort.each do |k| -%> 283 | manage_storage_directories['<%= k -%>'] = <%= decorate(@manage_storage_directories[k]) %> 284 | <%- end end -%> 285 | <%- if @git -%> 286 | 287 | ####### 288 | # Git # 289 | ####### 290 | ## Advanced setting for configuring git system settings for omnibus-gitlab internal git 291 | ## For multiple options under one header use array of comma separated values, eg. 292 | ## { "receive" => ["fsckObjects = true"], "alias" => ["st = status", "co = checkout"] } 293 | 294 | <%- @git.keys.sort.each do |k| -%> 295 | omnibus_gitconfig['<%= k -%>'] = <%= decorate(@git[k]) %> 296 | <%- end end -%> 297 | <%- if @registry -%> 298 | 299 | ############################ 300 | # registry configuration # 301 | ############################ 302 | 303 | <%- @registry.keys.sort.each do |k| -%> 304 | registry['<%= k -%>'] = <%= decorate(@registry[k]) %> 305 | <%- end end -%> 306 | <%- if @gitlab_ci -%> 307 | 308 | ################################# 309 | # application.yml configuration # 310 | ################################# 311 | 312 | <%- @gitlab_ci.keys.sort.each do |k| -%> 313 | gitlab_ci['<%= k -%>'] = <%= decorate(@gitlab_ci[k]) %> 314 | <%- end end -%> 315 | <%- if @gitlab_kas -%> 316 | 317 | ############## 318 | # GitLab KAS # 319 | ############## 320 | ## see: gitlab kubernetes-agent settings 321 | 322 | <%- @gitlab_kas.keys.sort.each do |k| -%> 323 | gitlab_kas['<%= k -%>'] = <%= decorate(@gitlab_kas[k]) %> 324 | <%- end end -%> 325 | <%- if @ci_unicorn -%> 326 | 327 | ##################### 328 | # GitLab CI Unicorn # 329 | ##################### 330 | ## Tweak unicorn settings. 331 | 332 | <%- @ci_unicorn.keys.sort.each do |k| -%> 333 | ci_unicorn['<%= k -%>'] = <%= decorate(@ci_unicorn[k]) %> 334 | <%- end end -%> 335 | <%- if @ci_redis -%> 336 | 337 | ################### 338 | # GitLab CI Redis # 339 | ################### 340 | ## see https://gitlab.com/gitlab-org/omnibus-gitlab/tree/629def0a7a26e7c2326566f0758d4a27857b52a3/doc/settings/redis.md 341 | ## You can turn off bundled redis if you want to use your own redis instanance 342 | 343 | <%- @ci_redis.keys.sort.each do |k| -%> 344 | ci_redis['<%= k -%>'] = <%= decorate(@ci_redis[k]) %> 345 | <%- end end -%> 346 | <%- if @prometheus or defined?(@prometheus_monitoring_enable) -%> 347 | 348 | ############## 349 | # Prometheus # 350 | ############## 351 | ##! Docs: https://docs.gitlab.com/ce/administration/monitoring/performance/prometheus.html 352 | 353 | <%- if defined?(@prometheus_monitoring_enable) -%>prometheus_monitoring['enable'] = <%= @prometheus_monitoring_enable %> 354 | <%- end -%> 355 | <%- if @prometheus %> 356 | <%- @prometheus.keys.sort.each do |k| -%> 357 | prometheus['<%= k -%>'] = <%= decorate(@prometheus[k]) %> 358 | <%- end end end -%> 359 | <%- if @node_exporter -%> 360 | 361 | ############################ 362 | # Prometheus Node Exporter # 363 | ############################ 364 | ##! Docs: https://docs.gitlab.com/ce/administration/monitoring/performance/prometheus.html 365 | 366 | <%- @node_exporter.keys.sort.each do |k| -%> 367 | node_exporter['<%= k -%>'] = <%= decorate(@node_exporter[k]) %> 368 | <%- end end -%> 369 | <%- if @redis_exporter -%> 370 | 371 | ################################################################################ 372 | ## Prometheus Redis exporter 373 | ##! Docs: https://docs.gitlab.com/ce/administration/monitoring/performance/prometheus.html 374 | 375 | <%- @redis_exporter.keys.sort.each do |k| -%> 376 | redis_exporter['<%= k -%>'] = <%= decorate(@redis_exporter[k]) %> 377 | <%- end end -%> 378 | <%- if @postgres_exporter -%> 379 | 380 | ################################################################################ 381 | ## Postgres exporter 382 | ##! Docs: https://docs.gitlab.com/ce/administration/monitoring/performance/prometheus.html 383 | 384 | <%- @postgres_exporter.keys.sort.each do |k| -%> 385 | postgres_exporter['<%= k -%>'] = <%= decorate(@postgres_exporter[k]) %> 386 | <%- end end -%> 387 | <%- if @pgbouncer_exporter -%> 388 | 389 | ################################################################################ 390 | ## Prometheus PgBouncer exporter (EE only) 391 | ##! Docs: https://docs.gitlab.com/ee/administration/monitoring/prometheus/pgbouncer_exporter.html 392 | 393 | <%- @pgbouncer_exporter.keys.sort.each do |k| -%> 394 | pgbouncer_exporter['<%= k -%>'] = <%= decorate(@pgbouncer_exporter[k]) %> 395 | <%- end end -%> 396 | <%- if @alertmanager -%> 397 | 398 | ################################################################################ 399 | ## Alertmanager 400 | ##! Docs: https://prometheus.io/docs/alerting/alertmanager/ 401 | 402 | <%- @alertmanager.keys.sort.each do |k| -%> 403 | alertmanager['<%= k -%>'] = <%= decorate(@alertmanager[k]) %> 404 | <%- end end -%> 405 | <%- if @gitlab_monitor -%> 406 | 407 | ################################################################################ 408 | ## Gitlab monitor 409 | ##! Docs: https://docs.gitlab.com/ce/administration/monitoring/performance/prometheus.html 410 | 411 | <%- @gitlab_monitor.keys.sort.each do |k| -%> 412 | gitlab_monitor['<%= k -%>'] = <%= decorate(@gitlab_monitor[k]) %> 413 | <%- end end -%> 414 | <%- if @gitlab_exporter -%> 415 | 416 | ################################################################################ 417 | ## Prometheus Gitlab exporter 418 | ##! Docs: https://docs.gitlab.com/ce/administration/monitoring/prometheus/gitlab_exporter.html 419 | 420 | <%- @gitlab_exporter.keys.sort.each do |k| -%> 421 | gitlab_exporter['<%= k -%>'] = <%= decorate(@gitlab_exporter[k]) %> 422 | <%- end end -%> 423 | <%- if @high_availability -%> 424 | 425 | 426 | ##################### 427 | # High Availability # 428 | ##################### 429 | ## see: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/629def0a7a26e7c2326566f0758d4a27857b52a3/README.md#only-start-omnibus-gitlab-services-after-a-given-filesystem-is-mounted 430 | 431 | <%- @high_availability.keys.sort.each do |k| -%> 432 | high_availability['<%= k -%>'] = <%= decorate(@high_availability[k]) %> 433 | <%- end end -%> 434 | <%- if @mattermost_external_url -%> 435 | 436 | ############################################# 437 | # Url on which Mattermost will be reachable # 438 | ############################################# 439 | ## see http://doc.gitlab.com/omnibus/gitlab-mattermost/ 440 | 441 | mattermost_external_url '<%= @mattermost_external_url %>' 442 | <%- end -%> 443 | <%- if @mattermost -%> 444 | 445 | ##################### 446 | # GitLab Mattermost # 447 | ##################### 448 | ## see: http://doc.gitlab.com/omnibus/gitlab-mattermost/ 449 | 450 | <%- @mattermost.keys.sort.each do |k| -%> 451 | mattermost['<%= k -%>'] = <%= decorate(@mattermost[k]) %> 452 | <%- end end -%> 453 | <%- if @_real_mattermost_nginx -%> 454 | 455 | ##################### 456 | # Mattermost NGINX # 457 | ##################### 458 | ## see: http://doc.gitlab.com/omnibus/gitlab-mattermost/ 459 | 460 | <%- @_real_mattermost_nginx.keys.sort.each do |k| -%> 461 | mattermost_nginx['<%= k -%>'] = <%= decorate(@_real_mattermost_nginx[k]) %> 462 | <%- end end -%> 463 | <%- if @grafana -%> 464 | 465 | ################## 466 | # GitLab Grafana # 467 | ################## 468 | ## see: https://docs.gitlab.com/omnibus/settings/grafana/ 469 | 470 | <%- @grafana.keys.sort.each do |k| -%> 471 | grafana['<%= k -%>'] = <%= decorate(@grafana[k]) %> 472 | <%- end end -%> 473 | <%- if @pages_external_url -%> 474 | 475 | #################### 476 | # GitLab Pages 477 | #################### 478 | 479 | ## Define to enable GitLab Pages 480 | pages_external_url '<%= @pages_external_url %>' 481 | <%- end -%> 482 | <%- if @gitlab_pages -%> 483 | 484 | <%- @gitlab_pages.keys.sort.each do |k| -%> 485 | gitlab_pages['<%= k -%>'] = <%= decorate(@gitlab_pages[k]) %> 486 | <%- end end -%> 487 | <%- if @_real_pages_nginx -%> 488 | 489 | ###################### 490 | # GitLab Pages NGINX # 491 | ###################### 492 | ## see: http://doc.gitlab.com/ee/pages/administration.html 493 | 494 | <%- @_real_pages_nginx.keys.sort.each do |k| -%> 495 | pages_nginx['<%= k -%>'] = <%= decorate(@_real_pages_nginx[k]) %> 496 | <%- end end -%> 497 | <%- if @registry_external_url -%> 498 | 499 | ############ 500 | # Registry # 501 | ############ 502 | 503 | registry_external_url '<%= @registry_external_url %>' 504 | <%- end -%> 505 | <%- if @_real_registry_nginx -%> 506 | 507 | ################## 508 | # Registry NGINX # 509 | ################## 510 | 511 | <%- @_real_registry_nginx.keys.sort.each do |k| -%> 512 | registry_nginx['<%= k -%>'] = <%= decorate(@_real_registry_nginx[k]) %> 513 | <%- end end -%> 514 | <%- if @manage_accounts -%> 515 | 516 | ################### 517 | # Manage Accounts # 518 | ################### 519 | ## see: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/configuration.md#disable-user-and-group-account-management 520 | 521 | <%- @manage_accounts.keys.sort.each do |k| -%> 522 | manage_accounts['<%= k -%>'] = <%= decorate(@manage_accounts[k]) %> 523 | <%- end end -%> 524 | <%- if @redis_sentinel_role -%> 525 | 526 | ################## 527 | # Redis Sentinel # 528 | ################## 529 | 530 | redis_sentinel_role['enable'] = true 531 | <%- end -%> 532 | <%- if @sentinel -%> 533 | 534 | ################### 535 | # GitLab Sentinel # 536 | ################### 537 | ## To enable Sentinel and disable all other services in this machine, enable below section. 538 | ## https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-config-template/gitlab.rb.template#L1406-1453 539 | <%- @sentinel.keys.sort.each do |k| -%> 540 | sentinel['<%= k -%>'] = <%= decorate(@sentinel[k]) %> 541 | <%- end end -%> 542 | <%- if @gitaly -%> 543 | 544 | ########## 545 | # Gitaly # 546 | ########## 547 | ## To configure Gitaly, refer below section 548 | ## https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-config-template/gitlab.rb.template#L1352-1363 549 | <%- @gitaly.keys.sort.each do |k| -%> 550 | gitaly['<%= k -%>'] = <%= decorate(@gitaly[k]) %> 551 | <%- end end -%> 552 | <%- if @geo_primary_role -%> 553 | 554 | ##################### 555 | # Gitlab Geo Primary# 556 | ##################### 557 | ## To configure Gitlab Geo, refer below section. 558 | ## https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-config-template/gitlab.rb.template#L1459 559 | 560 | geo_primary_role['enable'] = true 561 | <%- end -%> 562 | <%- if @geo_secondary_role -%> 563 | 564 | ####################### 565 | # Gitlab Geo Secondary# 566 | ####################### 567 | ## To configure Gitlab Geo, refer below section. 568 | ## https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-config-template/gitlab.rb.template#1463-L1481 569 | 570 | geo_secondary_role['enable'] = true 571 | <%- if @geo_secondary -%> 572 | <%- @geo_secondary.keys.sort.each do |k| -%> 573 | geo_secondary['<%= k -%>'] = <%= decorate(@geo_secondary[k]) %> 574 | <%- end end -%> 575 | <%- end -%> 576 | <%- if @geo_postgresql -%> 577 | 578 | ######################## 579 | # Gitlab Geo Postgresql# 580 | ######################## 581 | ## To configure GitLab Geo Secondary Tracking Database (EE only). 582 | 583 | <%- @geo_postgresql.keys.sort.each do |k| -%> 584 | geo_postgresql['<%= k -%>'] = <%= decorate(@geo_postgresql[k]) %> 585 | <%- end end -%> 586 | <%- if @geo_logcursor -%> 587 | 588 | ######################## 589 | # Gitlab Geo Log Cursor# 590 | ######################## 591 | ## To configure GitLab Geo Log Cursor. 592 | ## https://docs.gitlab.com/ee/development/geo.html#geo-log-cursor-daemon 593 | ## https://docs.gitlab.com/ee/administration/geo/replication/multiple_servers.html#step-3-configure-the-tracking-database-on-the-secondary-node 594 | 595 | <%- @geo_logcursor.keys.sort.each do |k| -%> 596 | geo_logcursor['<%= k -%>'] = <%= decorate(@geo_logcursor[k]) %> 597 | <%- end end -%> 598 | <%- if @pgbouncer -%> 599 | ################################################################################ 600 | # Pgbouncer (EE only) 601 | # See [GitLab PgBouncer documentation](http://docs.gitlab.com/omnibus/settings/database.html#enabling-pgbouncer-ee-only) 602 | # See the [PgBouncer page](https://pgbouncer.github.io/config.html) for details 603 | ################################################################################ 604 | 605 | 606 | <%- @pgbouncer.keys.sort.each do |k| -%> 607 | pgbouncer['<%= k -%>'] = <%= decorate(@pgbouncer[k]) %> 608 | <%- end end -%> 609 | <%- if @repmgr -%> 610 | ################################################################################ 611 | # repmgr (EE only) 612 | ################################################################################ 613 | 614 | 615 | <%- @repmgr.keys.sort.each do |k| -%> 616 | repmgr['<%= k -%>'] = <%= decorate(@repmgr[k]) %> 617 | <%- end end -%> 618 | <%- if @consul -%> 619 | ################################################################################ 620 | # consul (EEP only) 621 | ################################################################################ 622 | 623 | 624 | <%- @consul.keys.sort.each do |k| -%> 625 | consul['<%= k -%>'] = <%= decorate(@consul[k]) %> 626 | <%- end end -%> 627 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # GitLab module for Puppet 2 | 3 | [![Build Status](https://github.com/voxpupuli/puppet-gitlab/actions/workflows/ci.yml/badge.svg)](https://github.com/voxpupuli/puppet-gitlab/actions/workflows/ci.yml) 4 | [![Release](https://github.com/voxpupuli/puppet-gitlab/actions/workflows/release.yml/badge.svg)](https://github.com/voxpupuli/puppet-gitlab/actions/workflows/release.yml) 5 | [![Puppet Forge](https://img.shields.io/puppetforge/v/puppet/gitlab.svg)](https://forge.puppetlabs.com/puppet/gitlab) 6 | [![Puppet Forge - downloads](https://img.shields.io/puppetforge/dt/puppet/gitlab.svg)](https://forge.puppetlabs.com/puppet/gitlab) 7 | [![Puppet Forge - endorsement](https://img.shields.io/puppetforge/e/puppet/gitlab.svg)](https://forge.puppetlabs.com/puppet/gitlab) 8 | [![Puppet Forge - scores](https://img.shields.io/puppetforge/f/puppet/gitlab.svg)](https://forge.puppetlabs.com/puppet/gitlab) 9 | 10 | ## Table of Contents 11 | 12 | 1. [Overview](#overview) 13 | 1. [Module Description - What the module does and why it is useful](#module-description) 14 | 1. [Setup - The basics of getting started with GitLab](#setup) 15 | * [What GitLab affects](#what-gitlab-affects) 16 | * [Setup requirements](#setup-requirements) 17 | * [Beginning with GitLab](#beginning-with-gitlab) 18 | 1. [Usage - Configuration options and additional functionality](#usage) 19 | 1. [Reference - An under-the-hood peek at what the module is doing and how](#reference) 20 | 1. [Limitations - OS compatibility, etc.](#limitations) 21 | 1. [Development - Guide for contributing to the module](#development) 22 | 23 | ## Overview 24 | 25 | This Puppet module installs and manages [GitLab][1]. It makes use of the 26 | provided [Omnibus][2] packages and the [packagecloud][3] package repositories. 27 | 28 | Please note: The module [vshn/gitlab][4] has been deprecated and is now 29 | available under Vox Pupuli [puppet/gitlab][5]. 30 | 31 | ## Module Description 32 | 33 | The module installs the GitLab package from the provided repositories and 34 | creates the configuration file which is then used by `gitlab-ctl reconfigure` to 35 | configure all the services. *Fun fact: This really uses Chef to configure all 36 | the services.* 37 | 38 | Supported are Debian based (Ubuntu, Debian) and RedHat based (CentOS, RHEL) 39 | operating systems. 40 | 41 | Beaker acceptance tests are run in Travis for supported versions of CentOS and 42 | Ubuntu. 43 | 44 | This module is designed to support the most recent versions of the 45 | gitlab-omnibus package (both ce and ee). GitLab will support and release patches 46 | for the last 3 releases. This module can typically support the most recent major 47 | version, as well as the previous major version, but is currently only tested in 48 | the gitlab-supported versions of the module. 49 | 50 | If you find configurations or features in gitlab-omnibus that are not supported 51 | by this module, please open an issue or submit a pull request. 52 | 53 | Current Support Status 54 | 55 | | gitlab-omnibus version | support of gitlab.rb configurations | 56 | | --- | --- | 57 | | 11.x | Mostly implemented, supported configs are stable | will implement any needed enhancements | 58 | | 10.x | All configs implemented and stable | Will implement any enhancements that aren't deprecated or breaking for gitlab 11+ | 59 | 60 | For older versions of GitLab, you may find an older version of this module to 61 | work better for you, as this module changes over time to support the valid 62 | configuration of versions of the gitlab-omnibus supported by the gitlab 63 | engineering team. The oldest versions of this puppet module were designed to 64 | support gitlab-omnibus 7.10, and may be unstable even then. 65 | 66 | ## Setup 67 | 68 | ### What GitLab affects 69 | 70 | * Package repository (APT or YUM) 71 | * Omnibus gitlab package, typically `gitlab-ce` or `gitlab-ee` 72 | * Configuration file `/etc/gitlab/gitlab.rb` 73 | * System service `gitlab-runsvdir` 74 | * GitLab configuration using `gitlab-ctl reconfigure` 75 | 76 | ### Setup Requirements 77 | 78 | Have a look at the official [download page][6] for the required prerequisits 79 | (f.e. Postfix). This module doesn't handle them, that's the job of the specific 80 | modules. 81 | 82 | It requires only the [puppetlabs/apt][7] module when using it under a Debian 83 | based OS and the parameter `manage_package_repo` is not false. Furthermore the 84 | `stdlib` module is required. 85 | 86 | At least on RedHat based OS versions, it's required that Puppet is configured 87 | with the [`stringify_facts`][8] setting set to `false` (Puppet < 4.0), otherwise 88 | the `$::os` fact used in `install.pp` doesn't work as expected. 89 | 90 | ### Beginning with GitLab 91 | 92 | Just include the class and specify at least `external_url`. If `external_url` is 93 | not specified it will default to the FQDN fact of the system. 94 | 95 | ```puppet 96 | class { 'gitlab': 97 | external_url => 'http://gitlab.mydomain.tld', 98 | } 99 | ``` 100 | 101 | The module also supports Hiera, here comes an example: 102 | 103 | ```yaml 104 | gitlab::external_url: 'http://gitlab.mydomain.tld' 105 | gitlab::gitlab_rails: 106 | time_zone: 'UTC' 107 | gitlab_email_enabled: false 108 | gitlab_default_theme: 4 109 | gitlab_email_display_name: 'GitLab' 110 | gitlab::sidekiq: 111 | shutdown_timeout: 5 112 | ``` 113 | 114 | If one wants to install GitLab Enterprise Edition, just define the parameter 115 | `manage_upstream_edition` with the value `ee`: 116 | 117 | ```puppet 118 | class { 'gitlab': 119 | external_url => 'http://gitlab.mydomain.tld', 120 | manage_upstream_edition => 'ee', 121 | } 122 | ``` 123 | 124 | *Note*: This works only for GitLab version 7.11 and greater. See this blog 125 | entry: [GitLab 7.11 released with Two-factor Authentication and a publicly 126 | viewable Enterprise Edition][9] 127 | 128 | ## Usage 129 | 130 | The main class (`init.pp`) exposes the configuration sections from the 131 | `gitlab.rb` configuration file as hashes. So if there are any parameter changes 132 | in future versions of GitLab, the module should support them right out of the 133 | box. Only if there would be bigger changes to sections, the module would need 134 | some updates. 135 | 136 | All possible parameters for `gitlab.rb` can be found here: [gitlab.rb.template][10] 137 | 138 | Some examples: 139 | 140 | ```puppet 141 | class { 'gitlab': 142 | external_url => 'http://gitlab.mydomain.tld', 143 | gitlab_rails => { 144 | 'webhook_timeout' => 10, 145 | 'gitlab_default_theme' => 2, 146 | }, 147 | logging => { 148 | 'svlogd_size' => '200 * 1024 * 1024', 149 | }, 150 | } 151 | ``` 152 | 153 | ### Service management 154 | 155 | GitLab Omnibus is designed to manage it's own services internally. The 156 | `gitlab-runsvdir` service isn't a typical service that you would manage with 157 | puppet, it is a monitoring service for the other services gitlab will create 158 | based on your selected configuration. Starting, stopping and restarting the 159 | `gitlab-runsvdir` service should only be done by `gitlab-ctl` commands. Service 160 | restart is also handled implicitly during installation and upgrades, and does 161 | not normally need to be triggered by puppet. 162 | 163 | If you find yourself needing to modify this behavior, you can set 164 | `service_manage => true` to have puppet ensure the service is running. 165 | 166 | Setting `service_provider_restart => true` will cause puppet to trigger a 167 | `gitlab-ctl restart` command to be issued following any configuration change 168 | managed by puppet. 169 | 170 | ### Package & Repository Configuration 171 | 172 | #### Repository Resource Configuration 173 | 174 | This module allows you a great range of options when configuring the repository 175 | and package sources on your host. By default, the gitlab repository will be 176 | configured to use the upstream source from [packagecloud][3]. However, if you 177 | wish to use a different repository source, you can provide your own `yumrepo`, 178 | `apt` or any other package/repository configuration you wish. 179 | 180 | This module does this by iterating through configurations provided to 181 | `gitlab::omnibus_package_repository::repository_configuration`. You can provide 182 | any number of repository resource types and configurations you want, as long as 183 | the dependent modules are installed on your basemodulepath. 184 | 185 | This approach provides the following advantages: 186 | 187 | * means any and all parameters supported by your repository manager module are 188 | inherently supported by the `gitlab` module 189 | * you aren't required to use a version of a dependency we specify, supporting a 190 | wide range of versions for modules like `apt` 191 | * you can easily add more required repositories and packages as needed by your 192 | infrastructure, and ensure ordering is managed within the `gitlab` module 193 | before any GitLab related packages are installed 194 | 195 | In order to provide your own repository configurations, you are required to set 196 | `manage_upstream_edition => disabled`, and provide a hash of repository resource 197 | type configurations in the following format: 198 | 199 | ```yaml 200 | gitlab::repository_configuration: 201 | repository_resource_type: #ex... 'apt::source` or `apt::pin` or `yumrepo` 202 | repository_resource_title: 203 | repository_resource_attribute1: 'value' 204 | repository_resource_attribute2: 'value' 205 | ``` 206 | 207 | Examples/defaults for `yumrepo` can be found at `data/RedHat.yaml`, and for 208 | `apt` at `data/Debian.yaml`. 209 | 210 | You could also do things like: 211 | 212 | * add an additional repository at the same level as 213 | `internal_mirror_of_gitlab_official_ce` (for example if you wanted to use your 214 | own package `nginx` instead of the one provided in omnibus-gitlab) 215 | * add any other high level resource types from the `apt` module at the level of 216 | `apt:source`. (`apt::pin`, `apt::key`, etc...) 217 | 218 | Each unique resource provided to the `repository_configuration` setup: 219 | 220 | * gets tagged with `gitlab_omnibus_package_resource` 221 | * gets the `before => Class['gitlab::install']` metaparameter. 222 | 223 | You can use these tags to further customize ordering within your own catalogs. 224 | 225 | #### Selecting Version, edition, package name and holding 226 | 227 | The `package_ensure` parameter is used to control which version of the package 228 | installed. It expects either a version string, or one of the `ensure` values for 229 | the `Package` resource type. Default is `installed`. This value works with the 230 | `package_name` parameter to install the correct package. 231 | 232 | If you are using upstream package source, the package name automatically 233 | switches between `gitlab-ce` and `gitlab-ee` depending on the value you have 234 | provided to `manage_upstream_edition`. If `manage_upstream_edition` is set to 235 | `disabled`, you will need to provide the appropriate value to `package_name` 236 | yourself. 237 | 238 | This approach of package management has the following advantages: 239 | 240 | * more easily adaptable if GitLab changes package naming based on editions 241 | (won't require you to install new puppet-gitlab module if you're not ready) 242 | * allows you to install custom built packages for gitlab-omnibus that have 243 | different package name on your host 244 | 245 | The `package_hold` parameter allows you to hold the package version in the APT 246 | package manager. This is useful when you intend to update the host with 247 | 'apt upgrade' (or the bolt task `apt action=upgrade` from puppetlabs-apt) and 248 | keep your gitlab instance at the intended version. This prevents unintended 249 | upgrading gitlab and perhaps skipping important upgrade path steps. 250 | To learn more about gitlab upgrading please visit the [upgrade path page.](https://gitlab-com.gitlab.io/support/toolbox/upgrade-path/) 251 | 252 | #### Custom Repository & Package configuration example 253 | 254 | As an expanded example of repository and package configuration, let's assume you're: 255 | 256 | * using a private mirror of the upstream GitLab‚ package channel 257 | * hosted inside your organizations firewall 258 | * installing gitlab-omnibus enterprise edition 259 | 260 | ```puppet 261 | class { 'gitlab': 262 | external_url => 'http://gitlab.mydomain.tld', 263 | manage_upstream_edition => 'disabled', 264 | package_name => 'gitlab-ee', 265 | repository_configuration => { 266 | 'apt::source' => { 267 | 'internal_mirror_of_gitlab_official_ce' => { 268 | 'comment' => 'Internal mirror of upstream GitLab package repository', 269 | 'location' => 'https://my.internal.url/repository/packages.gitlab.com/gitlab/gitlab-ce/debian', 270 | 'key' => { 271 | 'id' => 'F6403F6544A38863DAA0B6E03F01618A51312F3F', 272 | 'source' => 'https://my.internal.url/repository/package.gitlab.com/gpg.key' 273 | } 274 | }, 275 | } 276 | } 277 | } 278 | ``` 279 | 280 | ### GitLab secrets 281 | 282 | *Note:* `gitlab::secrets` parameter was removed in v3.0.0. See: [Issues#213 - 283 | Remove support for setting content of `gitlab-secrets.json`][11] 284 | 285 | When using HA role `application_role`, make sure to add the [appropriate shared 286 | secrets][12] to your `gitlab_rails` and `gitlab_shell` hashes to ensure 287 | front-end nodes are configured to access all backend data-sources and 288 | repositories. If you receive 500 errors on your HA setup, this is one of the 289 | primary causes. 290 | 291 | ### LDAP configuration example 292 | 293 | Here is an example how to configure LDAP using Hiera: 294 | 295 | ```yaml 296 | gitlab::gitlab_rails: 297 | ldap_enabled: true 298 | ldap_servers: 299 | myldapserver: 300 | label: 'Company LDAP' 301 | host: 'ldap.company.tld' 302 | port: 389 303 | uid: 'uid' 304 | method: 'plain' # "tls" or "ssl" or "plain" 305 | bind_dn: 'MYBINDDN' 306 | password: 'MYBINDPW' 307 | active_directory: false 308 | allow_username_or_email_login: false 309 | block_auto_created_users: false 310 | base: 'MYBASEDN' 311 | group_base: 'MYGROUPBASE' 312 | user_filter: '' 313 | ``` 314 | 315 | ### NGINX Configuration 316 | 317 | Configuration of the embedded NGINX instance is handled by the 318 | `/etc/gitlab/gitlab.rb` file. Details on available configuration options are 319 | available at [https://docs.gitlab.com/omnibus/settings/nginx.html][NGINX settings]. 320 | Options listed there can be passed in to the `nginx` parameter as a hash. 321 | For example, to enable redirection from HTTP to HTTPS: 322 | 323 | ```puppet 324 | class { 'gitlab': 325 | external_url => 'https://gitlab.mydomain.tld', 326 | nginx => { 327 | redirect_http_to_https => true, 328 | }, 329 | } 330 | ``` 331 | 332 | Similarly, the certificate and key location can be configured as follows: 333 | 334 | ```puppet 335 | class { 'gitlab': 336 | external_url => 'https://gitlab.mydomain.tld', 337 | nginx => { 338 | ssl_certificate => '/etc/gitlab/ssl/gitlab.example.com.crt', 339 | ssl_certificate_key => '/etc/gitlab/ssl/gitlab.example.com.key' 340 | }, 341 | } 342 | ``` 343 | 344 | ### Skip Auto Reconfigure (formerly Skip Auto Migrations) 345 | 346 | In order to achieve [Zero Downtime Upgrades][14] of your GitLab instance, GitLab 347 | will need to skip the post-install step of the omnibus package that 348 | automatically calls `gitlab-ctl reconfigure` for you. In GitLab < 10.5, GitLab 349 | check for the presence of a file at `/etc/gitlab/skip-auto-migrations`. As of 350 | GitLab `10.6`, this is deprecated, and you are warned to use 351 | `/etc/gitlab/skip-auto-reconfigure` going forward. 352 | 353 | Both of these are currently supported in this module, and you should be aware of 354 | which option is right for you based on the version of GitLab Omnibus you are 355 | running. You will be presented with a deprecation notice in you puppet client 356 | if using the deprecated form. 357 | 358 | ```puppet 359 | # use 'absent' or 'present' for the skip_auto_reconfigure param 360 | class { 'gitlab': 361 | skip_auto_reconfigure => 'present' 362 | } 363 | 364 | # use true/false for the skip_auto_migrations param 365 | class { 'gitlab': 366 | skip_auto_migrations => true 367 | } 368 | ``` 369 | 370 | ### GitLab Custom Hooks 371 | 372 | Manage custom hook files within a GitLab project. Custom hooks can be created as 373 | a pre-receive, post-receive, or update hook. It's possible to create different 374 | custom hook types for the same project - one each for pre-receive, post-receive 375 | and update. 376 | 377 | ```puppet 378 | gitlab::custom_hook { 'my_custom_hook': 379 | namespace => 'my_group', 380 | project => 'my_project', 381 | type => 'post-receive', 382 | source => 'puppet:///modules/my_module/post-receive', 383 | } 384 | ``` 385 | 386 | or via hiera 387 | 388 | ```yaml 389 | gitlab::custom_hooks: 390 | my_custom_hook: 391 | namespace: my_group 392 | project: my_project 393 | type: post-receive 394 | source: 'puppet:///modules/my_module/post-receive' 395 | ``` 396 | 397 | Since GitLab Shell 4.1.0 and GitLab 8.15 Chained hooks are supported. You can 398 | create global hooks which will run for each repository on your server. Global 399 | hooks can be created as a pre-receive, post-receive, or update hook. 400 | 401 | ```puppet 402 | gitlab::global_hook { 'my_custom_hook': 403 | type => 'post-receive', 404 | source => 'puppet:///modules/my_module/post-receive', 405 | } 406 | ``` 407 | 408 | or via hiera 409 | 410 | ```yaml 411 | gitlab::global_hooks: 412 | my_custom_hook: 413 | type: post-receive 414 | source: 'puppet:///modules/my_module/post-receive' 415 | ``` 416 | 417 | ### Gitlab System Hooks 418 | 419 | A [file hook][22] will run on each event so it's up to you to filter events or 420 | projects within a file hook code. You can have as many file hooks as you want. 421 | Each file hook will be triggered by GitLab asynchronously in case of an event. 422 | For a list of events see the [system hooks documentation][21]. 423 | 424 | ```puppet 425 | gitlab::system_hook { 'my_custom_hook': 426 | source => 'puppet:///modules/my_module/file-hook', 427 | } 428 | ``` 429 | 430 | or via hiera 431 | 432 | ```yaml 433 | gitlab::system_hooks: 434 | my_custom_hook: 435 | source: 'puppet:///modules/my_module/file-hook' 436 | ``` 437 | 438 | ### Fast Lookup of SSH keys 439 | 440 | GitLab instances with a large number of users may notice slowdowns when making 441 | initial connections for ssh operations. GitLab has created a feature that allows 442 | authorized ssh keys to be stored in the db (instead of the `authorized_keys` 443 | file for the `git` user) 444 | 445 | You can enable this feature in GitLab using the `store_git_keys_in_db` parameter, 446 | or by enabling `gitlab-sshd` as it is configured to use fast lookup automatically. 447 | 448 | Please note, while you can manage [gitlab-sshd][23] (Gitlab's standalone SSH server) 449 | with this module, you can not manage openssh and the sshd service as it is outside 450 | the scope of the module. You will need to configure the AuthorizedKeysCommand 451 | for the `git` user in sshd.server yourself. Instructions for this are provided by 452 | GitLab at [Fast lookup of authorized SSH keys in the databasse][15] 453 | 454 | ### Setting up GitLab HA 455 | 456 | #### pgbouncer Authentication 457 | 458 | For use in HA configurations, or when using postgres replication in a 459 | single-node setup, this module supports automated configuration of pgbouncer 460 | authentication. To set this up, set `pgpass_file_ensure => 'present'` and 461 | provide a valid value for `pgbouncer_password`. 462 | 463 | ```puppet 464 | class {'gitlab': 465 | pgpass_file_ensure => 'present', 466 | pgbouncer_password => 'YourPassword' 467 | } 468 | ``` 469 | 470 | By default, this creates a file at `/home/gitlab-consul/.pgpass`, which gitlab 471 | uses to authenticate to the pgbouncer database as the `gitlab-consul` _database_ 472 | user. This _does not_ refer to the `gitlab-consul` system user. The location of 473 | the `.pgpass` file can be changed based on how you manage homedirs or based on 474 | your utilization of NFS. This location should be set to be the home directory 475 | you have configured for the `gitlab-consul` system user. 476 | 477 | ```puppet 478 | class {'gitlab': 479 | pgpass_file_location => '/homedir/for/gitlab-consul-system-user/.pgpass' 480 | } 481 | ``` 482 | 483 | ## Tasks 484 | 485 | The GitLab module has a task that allows a user to upgrade the pgsql database 486 | GitLab uses if upgrading from version 9.2.18, which is required to upgrade 487 | GitLab past 10. When running the tasks on the command line, you will need to 488 | use the `--sudo`, `--run-as-root`, and `--tty` flags to execute the commands as 489 | needed for your environment. 490 | 491 | Please refer to to the [PE documentation][16] or [Bolt documentation][17] on how 492 | to execute a task. 493 | 494 | ## Development 495 | 496 | 1. Fork on [Github][18] 497 | 1. Create your feature branch (`git checkout -b my-new-feature`) 498 | 1. Commit your changes (`git commit -am 'Add some feature'`) 499 | 1. Push to the branch (`git push origin my-new-feature`) 500 | 1. Create a new Pull Request 501 | 502 | Make sure your PR passes the Rspec tests. 503 | 504 | ## Contributors 505 | 506 | Have a look at [Github contributors][19] to see a list of all the awesome 507 | contributors to this Puppet module. <3 This module was created and maintained by 508 | [VSHN AG][20] until the end of 2017. It was then donated to Voxpupuli so that a 509 | broader community is able to maintain the module.‚ 510 | 511 | [1]: https://about.gitlab.com 512 | [2]: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/README.md 513 | [3]: https://packages.gitlab.com/gitlab 514 | [4]: https://forge.puppet.com/vshn/gitlab 515 | [5]: https://forge.puppet.com/puppet/gitlab 516 | [6]: https://about.gitlab.com/downloads 517 | [7]: https://forge.puppetlabs.com/puppetlabs/apt 518 | [8]: https://docs.puppetlabs.com/references/3.stable/configuration.html#stringifyfacts 519 | [9]: https://about.gitlab.com/2015/05/22/gitlab-7-11-released 520 | [10]: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-config-template/gitlab.rb.template 521 | [11]: https://github.com/voxpupuli/puppet-gitlab/issues/213 522 | [12]: https://docs.gitlab.com/ee/administration/high_availability/gitlab.html#extra-configuration-for-additional-gitlab-application-servers 523 | [13]: https://docs.gitlab.com/omnibus/settings/nginx.html 524 | [14]: https://docs.gitlab.com/omnibus/update/README.html#zero-downtime-updates 525 | [15]: https://docs.gitlab.com/ee/administration/operations/fast_ssh_key_lookup.html 526 | [16]: https://puppet.com/docs/pe/2017.3/orchestrator/running_tasks.html 527 | [17]: https://puppet.com/docs/bolt/latest/bolt.html 528 | [18]: https://github.com/voxpupuli/puppet-gitlab/fork 529 | [19]: https://github.com/voxpupuli/puppet-gitlab/graphs/contributors 530 | [20]: https://vshn.ch 531 | [21]: https://docs.gitlab.com/ee/system_hooks/system_hooks.html 532 | [22]: https://docs.gitlab.com/ee/administration/file_hooks.html 533 | [23]: https://docs.gitlab.com/ee/administration/operations/gitlab_sshd.html 534 | -------------------------------------------------------------------------------- /REFERENCE.md: -------------------------------------------------------------------------------- 1 | # Reference 2 | 3 | 4 | 5 | ## Table of Contents 6 | 7 | ### Classes 8 | 9 | * [`gitlab`](#gitlab): This module installs and configures Gitlab with the Omnibus package. 10 | * [`gitlab::backup`](#gitlab--backup): This class is called from gitlab for backup config. 11 | * [`gitlab::host_config`](#gitlab--host_config): This class is for setting host configurations required for gitlab installation. 12 | * [`gitlab::install`](#gitlab--install): This class is called from gitlab for install. 13 | * [`gitlab::omnibus_config`](#gitlab--omnibus_config): This class is used to configure the gitlab omnibus package on a node 14 | * [`gitlab::omnibus_package_repository`](#gitlab--omnibus_package_repository): This class is used to configure gitlab repositories 15 | * [`gitlab::service`](#gitlab--service): This class is meant to be called from gitlab. It ensure the service is running. 16 | 17 | ### Defined types 18 | 19 | * [`gitlab::custom_hook`](#gitlab--custom_hook): Manage custom hook files within a GitLab project. 20 | * [`gitlab::global_hook`](#gitlab--global_hook): Manage global chain loaded hook files for all GitLab projects. 21 | * [`gitlab::system_hook`](#gitlab--system_hook): A file hook will run on each event so it's up to you to filter events or projects 22 | 23 | ### Tasks 24 | 25 | * [`post_upgrade`](#post_upgrade): Cleans up old postgres database after upgrade 26 | * [`postgres_upgrade`](#postgres_upgrade): Upgrades the postgres database if needed 27 | 28 | ## Classes 29 | 30 | ### `gitlab` 31 | 32 | This module installs and configures Gitlab with the Omnibus package. 33 | 34 | #### Parameters 35 | 36 | The following parameters are available in the `gitlab` class: 37 | 38 | * [`package_ensure`](#-gitlab--package_ensure) 39 | * [`service_name`](#-gitlab--service_name) 40 | * [`service_enable`](#-gitlab--service_enable) 41 | * [`service_exec`](#-gitlab--service_exec) 42 | * [`service_ensure`](#-gitlab--service_ensure) 43 | * [`service_manage`](#-gitlab--service_manage) 44 | * [`service_provider_restart`](#-gitlab--service_provider_restart) 45 | * [`service_user`](#-gitlab--service_user) 46 | * [`service_group`](#-gitlab--service_group) 47 | * [`rake_exec`](#-gitlab--rake_exec) 48 | * [`edition`](#-gitlab--edition) 49 | * [`manage_upstream_edition`](#-gitlab--manage_upstream_edition) 50 | * [`config_manage`](#-gitlab--config_manage) 51 | * [`config_file`](#-gitlab--config_file) 52 | * [`alertmanager`](#-gitlab--alertmanager) 53 | * [`ci_redis`](#-gitlab--ci_redis) 54 | * [`ci_unicorn`](#-gitlab--ci_unicorn) 55 | * [`external_url`](#-gitlab--external_url) 56 | * [`external_port`](#-gitlab--external_port) 57 | * [`geo_postgresql`](#-gitlab--geo_postgresql) 58 | * [`geo_logcursor`](#-gitlab--geo_logcursor) 59 | * [`geo_primary_role`](#-gitlab--geo_primary_role) 60 | * [`geo_secondary`](#-gitlab--geo_secondary) 61 | * [`geo_secondary_role`](#-gitlab--geo_secondary_role) 62 | * [`git`](#-gitlab--git) 63 | * [`gitaly`](#-gitlab--gitaly) 64 | * [`git_data_dirs`](#-gitlab--git_data_dirs) 65 | * [`gitlab_git_http_server`](#-gitlab--gitlab_git_http_server) 66 | * [`gitlab_ci`](#-gitlab--gitlab_ci) 67 | * [`gitlab_kas`](#-gitlab--gitlab_kas) 68 | * [`gitlab_pages`](#-gitlab--gitlab_pages) 69 | * [`gitlab_rails`](#-gitlab--gitlab_rails) 70 | * [`gitlab_sshd`](#-gitlab--gitlab_sshd) 71 | * [`gitlab_workhorse`](#-gitlab--gitlab_workhorse) 72 | * [`grafana`](#-gitlab--grafana) 73 | * [`logging`](#-gitlab--logging) 74 | * [`letsencrypt`](#-gitlab--letsencrypt) 75 | * [`package`](#-gitlab--package) 76 | * [`logrotate`](#-gitlab--logrotate) 77 | * [`manage_storage_directories`](#-gitlab--manage_storage_directories) 78 | * [`manage_accounts`](#-gitlab--manage_accounts) 79 | * [`mattermost_external_url`](#-gitlab--mattermost_external_url) 80 | * [`mattermost`](#-gitlab--mattermost) 81 | * [`mattermost_nginx`](#-gitlab--mattermost_nginx) 82 | * [`mattermost_nginx_eq_nginx`](#-gitlab--mattermost_nginx_eq_nginx) 83 | * [`nginx`](#-gitlab--nginx) 84 | * [`node_exporter`](#-gitlab--node_exporter) 85 | * [`redis_exporter`](#-gitlab--redis_exporter) 86 | * [`postgres_exporter`](#-gitlab--postgres_exporter) 87 | * [`pgbouncer_exporter`](#-gitlab--pgbouncer_exporter) 88 | * [`gitlab_monitor`](#-gitlab--gitlab_monitor) 89 | * [`gitlab_exporter`](#-gitlab--gitlab_exporter) 90 | * [`pages_external_url`](#-gitlab--pages_external_url) 91 | * [`pages_nginx`](#-gitlab--pages_nginx) 92 | * [`pages_nginx_eq_nginx`](#-gitlab--pages_nginx_eq_nginx) 93 | * [`praefect`](#-gitlab--praefect) 94 | * [`postgresql`](#-gitlab--postgresql) 95 | * [`prometheus`](#-gitlab--prometheus) 96 | * [`prometheus_monitoring_enable`](#-gitlab--prometheus_monitoring_enable) 97 | * [`redis`](#-gitlab--redis) 98 | * [`redis_master_role`](#-gitlab--redis_master_role) 99 | * [`redis_slave_role`](#-gitlab--redis_slave_role) 100 | * [`redis_sentinel_role`](#-gitlab--redis_sentinel_role) 101 | * [`registry`](#-gitlab--registry) 102 | * [`registry_external_url`](#-gitlab--registry_external_url) 103 | * [`registry_nginx`](#-gitlab--registry_nginx) 104 | * [`registry_nginx_eq_nginx`](#-gitlab--registry_nginx_eq_nginx) 105 | * [`roles`](#-gitlab--roles) 106 | * [`sentinel`](#-gitlab--sentinel) 107 | * [`shell`](#-gitlab--shell) 108 | * [`sidekiq`](#-gitlab--sidekiq) 109 | * [`sidekiq_cluster`](#-gitlab--sidekiq_cluster) 110 | * [`skip_auto_migrations`](#-gitlab--skip_auto_migrations) 111 | * [`skip_auto_reconfigure`](#-gitlab--skip_auto_reconfigure) 112 | * [`skip_post_deployment_migrations`](#-gitlab--skip_post_deployment_migrations) 113 | * [`store_git_keys_in_db`](#-gitlab--store_git_keys_in_db) 114 | * [`source_config_file`](#-gitlab--source_config_file) 115 | * [`unicorn`](#-gitlab--unicorn) 116 | * [`puma`](#-gitlab--puma) 117 | * [`user`](#-gitlab--user) 118 | * [`web_server`](#-gitlab--web_server) 119 | * [`high_availability`](#-gitlab--high_availability) 120 | * [`backup_cron_enable`](#-gitlab--backup_cron_enable) 121 | * [`backup_cron_minute`](#-gitlab--backup_cron_minute) 122 | * [`backup_cron_hour`](#-gitlab--backup_cron_hour) 123 | * [`backup_cron_skips`](#-gitlab--backup_cron_skips) 124 | * [`package_hold`](#-gitlab--package_hold) 125 | * [`package_name`](#-gitlab--package_name) 126 | * [`manage_package`](#-gitlab--manage_package) 127 | * [`repository_configuration`](#-gitlab--repository_configuration) 128 | * [`manage_omnibus_repository`](#-gitlab--manage_omnibus_repository) 129 | * [`pgpass_file_location`](#-gitlab--pgpass_file_location) 130 | * [`pgpass_file_ensure`](#-gitlab--pgpass_file_ensure) 131 | * [`pgbouncer_password`](#-gitlab--pgbouncer_password) 132 | * [`consul`](#-gitlab--consul) 133 | * [`custom_hooks_dir`](#-gitlab--custom_hooks_dir) 134 | * [`system_hooks_dir`](#-gitlab--system_hooks_dir) 135 | * [`pgbouncer`](#-gitlab--pgbouncer) 136 | * [`repmgr`](#-gitlab--repmgr) 137 | * [`custom_hooks`](#-gitlab--custom_hooks) 138 | * [`global_hooks`](#-gitlab--global_hooks) 139 | * [`system_hooks`](#-gitlab--system_hooks) 140 | 141 | ##### `package_ensure` 142 | 143 | Data type: `String` 144 | 145 | Can be used to choose exact package version to install. 146 | 147 | Default value: `'installed'` 148 | 149 | ##### `service_name` 150 | 151 | Data type: `String` 152 | 153 | Name of the system service. 154 | 155 | Default value: `'gitlab-runsvdir'` 156 | 157 | ##### `service_enable` 158 | 159 | Data type: `Boolean` 160 | 161 | Run the system service on boot. 162 | 163 | Default value: `true` 164 | 165 | ##### `service_exec` 166 | 167 | Data type: `String` 168 | 169 | The service executable path. Provide this variable value only if the service executable path would be a subject of change in future GitLab versions for any reason. 170 | 171 | Default value: `'/usr/bin/gitlab-ctl'` 172 | 173 | ##### `service_ensure` 174 | 175 | Data type: `Enum['stopped', 'false', 'running', 'true']` 176 | 177 | Should Puppet start the service? 178 | 179 | Default value: `'running'` 180 | 181 | ##### `service_manage` 182 | 183 | Data type: `Boolean` 184 | 185 | Should Puppet manage the service? 186 | 187 | Default value: `false` 188 | 189 | ##### `service_provider_restart` 190 | 191 | Data type: `Boolean` 192 | 193 | Should Puppet restart the gitlab systemd service? 194 | 195 | Default value: `false` 196 | 197 | ##### `service_user` 198 | 199 | Data type: `String` 200 | 201 | Owner of the config file. 202 | 203 | Default value: `'root'` 204 | 205 | ##### `service_group` 206 | 207 | Data type: `String` 208 | 209 | Group of the config file. 210 | 211 | Default value: `'root'` 212 | 213 | ##### `rake_exec` 214 | 215 | Data type: `String` 216 | 217 | The gitlab-rake executable path. You should not need to change this path. 218 | 219 | Default value: `'/usr/bin/gitlab-rake'` 220 | 221 | ##### `edition` 222 | 223 | Data type: `Optional[String]` 224 | 225 | **Deprecated**: See `manage_upstream_edition` 226 | 227 | Default value: `undef` 228 | 229 | ##### `manage_upstream_edition` 230 | 231 | Data type: `Enum['ce', 'ee', 'disabled']` 232 | 233 | One of [ 'ce', 'ee', 'disabled' ]. Manage the installation of an upstream Gitlab Omnibus edition to install. 234 | 235 | Default value: `'ce'` 236 | 237 | ##### `config_manage` 238 | 239 | Data type: `Boolean` 240 | 241 | Should Puppet manage the config? 242 | 243 | Default value: `true` 244 | 245 | ##### `config_file` 246 | 247 | Data type: `Stdlib::Absolutepath` 248 | 249 | Path of the Gitlab Omnibus config file. 250 | 251 | Default value: `'/etc/gitlab/gitlab.rb'` 252 | 253 | ##### `alertmanager` 254 | 255 | Data type: `Optional[Hash]` 256 | 257 | Hash of 'alertmanager' config parameters. 258 | 259 | Default value: `undef` 260 | 261 | ##### `ci_redis` 262 | 263 | Data type: `Optional[Hash]` 264 | 265 | Hash of 'ci_redis' config parameters. 266 | 267 | Default value: `undef` 268 | 269 | ##### `ci_unicorn` 270 | 271 | Data type: `Optional[Hash]` 272 | 273 | Hash of 'ci_unicorn' config parameters. 274 | 275 | Default value: `undef` 276 | 277 | ##### `external_url` 278 | 279 | Data type: `Stdlib::Httpurl` 280 | 281 | External URL of Gitlab. 282 | 283 | Default value: `"http://${facts['networking']['fqdn']}"` 284 | 285 | ##### `external_port` 286 | 287 | Data type: `Optional[Integer[1, 65565]]` 288 | 289 | External PORT of Gitlab. 290 | 291 | Default value: `undef` 292 | 293 | ##### `geo_postgresql` 294 | 295 | Data type: `Optional[Hash]` 296 | 297 | Hash of 'geo_postgresql' config parameters. 298 | 299 | Default value: `undef` 300 | 301 | ##### `geo_logcursor` 302 | 303 | Data type: `Optional[Hash]` 304 | 305 | Hash of 'geo_logcursor' config parameters. 306 | 307 | Default value: `undef` 308 | 309 | ##### `geo_primary_role` 310 | 311 | Data type: `Boolean` 312 | 313 | Boolean to enable Geo primary role 314 | 315 | Default value: `false` 316 | 317 | ##### `geo_secondary` 318 | 319 | Data type: `Optional[Hash]` 320 | 321 | Hash of 'geo_secondary' config parameters. 322 | 323 | Default value: `undef` 324 | 325 | ##### `geo_secondary_role` 326 | 327 | Data type: `Boolean` 328 | 329 | Boolean to enable Geo secondary role 330 | 331 | Default value: `false` 332 | 333 | ##### `git` 334 | 335 | Data type: `Optional[Hash]` 336 | 337 | Hash of 'omnibus_gitconfig' config parameters. 338 | 339 | Default value: `undef` 340 | 341 | ##### `gitaly` 342 | 343 | Data type: `Optional[Hash]` 344 | 345 | Hash of 'omnibus_gitconfig' config parameters. 346 | 347 | Default value: `undef` 348 | 349 | ##### `git_data_dirs` 350 | 351 | Data type: `Optional[Hash]` 352 | 353 | Hash of git data directories 354 | 355 | **Deprecated**: This option was removed in Gitlab 18. 356 | 357 | To configure the storage location for a Gitaly node: 358 | ```patch 359 | - git_data_dirs => { 360 | - 'default' => { 'path' => '/mnt/example/git-data'}, 361 | - }, 362 | + gitaly => { 363 | + configuration => { 364 | + 'storage' => [ 365 | + { 366 | + 'name' => 'default', 367 | + 'path' => '/mnt/example/git-data/repositories', 368 | + }, 369 | + ], 370 | + }, 371 | + }, 372 | ``` 373 | 374 | To configure the storage location for other nodes: 375 | ```patch 376 | - git_data_dirs => { 377 | - 'default' => { 'gitaly_address' => 'tcp://gitaly1.internal:8075'}, 378 | - }, 379 | + gitlab_rails => { 380 | + repositories_storages => { 381 | + 'default' => { 'gitaly_address' => 'tcp://gitaly1.internal:8075'}, 382 | + }, 383 | + }, 384 | ``` 385 | 386 | Default value: `undef` 387 | 388 | ##### `gitlab_git_http_server` 389 | 390 | Data type: `Optional[Hash]` 391 | 392 | Hash of 'gitlab_git_http_server' config parameters. 393 | 394 | Default value: `undef` 395 | 396 | ##### `gitlab_ci` 397 | 398 | Data type: `Optional[Hash]` 399 | 400 | Hash of 'gitlab_ci' config parameters. 401 | 402 | Default value: `undef` 403 | 404 | ##### `gitlab_kas` 405 | 406 | Data type: `Optional[Hash]` 407 | 408 | Hash of 'gitlab_kas' config parameters. 409 | 410 | Default value: `undef` 411 | 412 | ##### `gitlab_pages` 413 | 414 | Data type: `Optional[Hash]` 415 | 416 | Hash of 'gitlab_pages' config parameters. 417 | 418 | Default value: `undef` 419 | 420 | ##### `gitlab_rails` 421 | 422 | Data type: `Optional[Hash]` 423 | 424 | Hash of 'gitlab_pages' config parameters. 425 | 426 | Default value: `undef` 427 | 428 | ##### `gitlab_sshd` 429 | 430 | Data type: `Optional[Hash]` 431 | 432 | Hash of 'gitlab_sshd' config parameters. 433 | 434 | Default value: `undef` 435 | 436 | ##### `gitlab_workhorse` 437 | 438 | Data type: `Optional[Hash]` 439 | 440 | Hash of 'gitlab_workhorse' config parameters. 441 | 442 | Default value: `undef` 443 | 444 | ##### `grafana` 445 | 446 | Data type: `Optional[Hash]` 447 | 448 | Hash of 'grafana' config parameters. 449 | 450 | Default value: `undef` 451 | 452 | ##### `logging` 453 | 454 | Data type: `Optional[Hash]` 455 | 456 | Hash of 'logging' config parameters. 457 | 458 | Default value: `undef` 459 | 460 | ##### `letsencrypt` 461 | 462 | Data type: `Optional[Hash]` 463 | 464 | Hash of 'letsencrypt' config parameters. 465 | 466 | Default value: `undef` 467 | 468 | ##### `package` 469 | 470 | Data type: `Optional[Hash[String[1], Scalar]]` 471 | 472 | Hash of 'package' config parameters. 473 | 474 | Default value: `undef` 475 | 476 | ##### `logrotate` 477 | 478 | Data type: `Optional[Hash]` 479 | 480 | Hash of 'logrotate' config parameters. 481 | 482 | Default value: `undef` 483 | 484 | ##### `manage_storage_directories` 485 | 486 | Data type: `Optional[Hash]` 487 | 488 | Hash of 'manage_storage_directories' config parameters. 489 | 490 | Default value: `undef` 491 | 492 | ##### `manage_accounts` 493 | 494 | Data type: `Optional[Hash]` 495 | 496 | Hash of 'manage_accounts' config parameters. 497 | 498 | Default value: `undef` 499 | 500 | ##### `mattermost_external_url` 501 | 502 | Data type: `Optional[String]` 503 | 504 | External URL of Mattermost. 505 | 506 | Default value: `undef` 507 | 508 | ##### `mattermost` 509 | 510 | Data type: `Optional[Hash]` 511 | 512 | Hash of 'mattmost' config parameters. 513 | 514 | Default value: `undef` 515 | 516 | ##### `mattermost_nginx` 517 | 518 | Data type: `Optional[Hash]` 519 | 520 | Hash of 'mattmost_nginx' config parameters. 521 | 522 | Default value: `undef` 523 | 524 | ##### `mattermost_nginx_eq_nginx` 525 | 526 | Data type: `Boolean` 527 | 528 | Replicate the Mattermost Nginx config from the Gitlab Nginx config. 529 | 530 | Default value: `false` 531 | 532 | ##### `nginx` 533 | 534 | Data type: `Optional[Hash]` 535 | 536 | Hash of 'nginx' config parameters. 537 | 538 | Default value: `undef` 539 | 540 | ##### `node_exporter` 541 | 542 | Data type: `Optional[Hash]` 543 | 544 | Hash of 'node_exporter' config parameters. 545 | 546 | Default value: `undef` 547 | 548 | ##### `redis_exporter` 549 | 550 | Data type: `Optional[Hash]` 551 | 552 | Hash of 'redis_exporter' config parameters. 553 | 554 | Default value: `undef` 555 | 556 | ##### `postgres_exporter` 557 | 558 | Data type: `Optional[Hash]` 559 | 560 | Hash of 'postgres_exporter' config parameters. 561 | 562 | Default value: `undef` 563 | 564 | ##### `pgbouncer_exporter` 565 | 566 | Data type: `Optional[Hash]` 567 | 568 | Hash of 'pgbouncer_exporter' config parameters. 569 | 570 | Default value: `undef` 571 | 572 | ##### `gitlab_monitor` 573 | 574 | Data type: `Optional[Hash]` 575 | 576 | Deprecated if using Gitlab > 12.3 and < 13.0, unsupported by gitlab omnibus using Gitlab 13+. Hash of 'gitlab_monitor' config parameters. 577 | 578 | Default value: `undef` 579 | 580 | ##### `gitlab_exporter` 581 | 582 | Data type: `Optional[Hash]` 583 | 584 | Hash of 'gitlab_exporter' config parameters. 585 | 586 | Default value: `undef` 587 | 588 | ##### `pages_external_url` 589 | 590 | Data type: `Optional[String]` 591 | 592 | External URL of Gitlab Pages. 593 | 594 | Default value: `undef` 595 | 596 | ##### `pages_nginx` 597 | 598 | Data type: `Optional[Hash]` 599 | 600 | Hash of 'pages_nginx' config parameters. 601 | 602 | Default value: `undef` 603 | 604 | ##### `pages_nginx_eq_nginx` 605 | 606 | Data type: `Boolean` 607 | 608 | Replicate the Pages Nginx config from the Gitlab Nginx config. 609 | 610 | Default value: `false` 611 | 612 | ##### `praefect` 613 | 614 | Data type: `Optional[Hash]` 615 | 616 | Hash of 'praefect' config parameters. 617 | 618 | Default value: `undef` 619 | 620 | ##### `postgresql` 621 | 622 | Data type: `Optional[Hash]` 623 | 624 | Hash of 'postgresql' config parameters. 625 | 626 | Default value: `undef` 627 | 628 | ##### `prometheus` 629 | 630 | Data type: `Optional[Hash]` 631 | 632 | Hash of 'prometheus' config parameters. 633 | 634 | Default value: `undef` 635 | 636 | ##### `prometheus_monitoring_enable` 637 | 638 | Data type: `Optional[Boolean]` 639 | 640 | Enable/disable prometheus support. 641 | 642 | Default value: `undef` 643 | 644 | ##### `redis` 645 | 646 | Data type: `Optional[Hash]` 647 | 648 | Hash of 'redis' config parameters. 649 | 650 | Default value: `undef` 651 | 652 | ##### `redis_master_role` 653 | 654 | Data type: `Optional[Boolean]` 655 | 656 | To enable Redis master role for the node. 657 | 658 | Default value: `undef` 659 | 660 | ##### `redis_slave_role` 661 | 662 | Data type: `Optional[Boolean]` 663 | 664 | To enable Redis slave role for the node. 665 | 666 | Default value: `undef` 667 | 668 | ##### `redis_sentinel_role` 669 | 670 | Data type: `Optional[Boolean]` 671 | 672 | To enable sentinel role for the node. 673 | 674 | Default value: `undef` 675 | 676 | ##### `registry` 677 | 678 | Data type: `Optional[Hash]` 679 | 680 | Hash of 'registry' config parameters. 681 | 682 | Default value: `undef` 683 | 684 | ##### `registry_external_url` 685 | 686 | Data type: `Optional[String]` 687 | 688 | External URL of Registry 689 | 690 | Default value: `undef` 691 | 692 | ##### `registry_nginx` 693 | 694 | Data type: `Optional[Hash]` 695 | 696 | Hash of 'registry_nginx' config parameters. 697 | 698 | Default value: `undef` 699 | 700 | ##### `registry_nginx_eq_nginx` 701 | 702 | Data type: `Boolean` 703 | 704 | Replicate the registry Nginx config from the Gitlab Nginx config. 705 | 706 | Default value: `false` 707 | 708 | ##### `roles` 709 | 710 | Data type: `Optional[Array]` 711 | 712 | Array of roles when using a HA or Geo enabled GitLab configuration. See: https://docs.gitlab.com/omnibus/roles/README.html for acceptable values 713 | 714 | Default value: `undef` 715 | 716 | ##### `sentinel` 717 | 718 | Data type: `Optional[Hash]` 719 | 720 | Hash of 'sentinel' config parameters. 721 | 722 | Default value: `undef` 723 | 724 | ##### `shell` 725 | 726 | Data type: `Optional[Hash]` 727 | 728 | Hash of 'gitlab_shell' config parameters. 729 | 730 | Default value: `undef` 731 | 732 | ##### `sidekiq` 733 | 734 | Data type: `Optional[Hash]` 735 | 736 | Hash of 'sidekiq' config parameters 737 | 738 | Default value: `undef` 739 | 740 | ##### `sidekiq_cluster` 741 | 742 | Data type: `Optional[Hash]` 743 | 744 | Hash of 'sidekiq_cluster' config parameters. 745 | 746 | Default value: `undef` 747 | 748 | ##### `skip_auto_migrations` 749 | 750 | Data type: `Optional` 751 | 752 | Deprecated if using Gitlab > 10.6.4 and < 11.0.0, unsupported by gitlab omnibus using gitlab 11+. Use skip_auto_reconfigure 753 | 754 | Default value: `undef` 755 | 756 | ##### `skip_auto_reconfigure` 757 | 758 | Data type: `Enum['present', 'absent']` 759 | 760 | Utilized for Zero Downtime Updates, See: https://docs.gitlab.com/omnibus/update/README.html#zero-downtime-updates 761 | 762 | Default value: `'absent'` 763 | 764 | ##### `skip_post_deployment_migrations` 765 | 766 | Data type: `Boolean` 767 | 768 | Adds SKIP_POST_DEPLOYMENT_MIGRATIONS=true to the execution of gitlab-ctl reconfigure. Used for zero-downtime updates 769 | 770 | Default value: `false` 771 | 772 | ##### `store_git_keys_in_db` 773 | 774 | Data type: `Boolean` 775 | 776 | Enable or disable Fast Lookup of authorized SSH keys in the database. See: https://docs.gitlab.com/ee/administration/operations/fast_ssh_key_lookup.html 777 | 778 | Default value: `false` 779 | 780 | ##### `source_config_file` 781 | 782 | Data type: `Optional[Stdlib::Absolutepath]` 783 | 784 | Override Hiera config with path to gitlab.rb config file 785 | 786 | Default value: `undef` 787 | 788 | ##### `unicorn` 789 | 790 | Data type: `Optional[Hash]` 791 | 792 | Hash of 'unicorn' config parameters. 793 | 794 | Default value: `undef` 795 | 796 | ##### `puma` 797 | 798 | Data type: `Optional[Hash]` 799 | 800 | Hash of 'puma' config parameters. 801 | 802 | Default value: `undef` 803 | 804 | ##### `user` 805 | 806 | Data type: `Optional[Hash]` 807 | 808 | Hash of 'user' config parameters. 809 | 810 | Default value: `undef` 811 | 812 | ##### `web_server` 813 | 814 | Data type: `Optional[Hash]` 815 | 816 | Hash of 'web_server' config parameters. 817 | 818 | Default value: `undef` 819 | 820 | ##### `high_availability` 821 | 822 | Data type: `Optional[Hash]` 823 | 824 | Hash of 'high_availability' config parameters. 825 | 826 | Default value: `undef` 827 | 828 | ##### `backup_cron_enable` 829 | 830 | Data type: `Boolean` 831 | 832 | Boolean to enable the daily backup cron job 833 | 834 | Default value: `false` 835 | 836 | ##### `backup_cron_minute` 837 | 838 | Data type: `Integer[0,59]` 839 | 840 | The minute when to run the daily backup cron job 841 | 842 | Default value: `0` 843 | 844 | ##### `backup_cron_hour` 845 | 846 | Data type: `Integer[0,23]` 847 | 848 | The hour when to run the daily backup cron job 849 | 850 | Default value: `2` 851 | 852 | ##### `backup_cron_skips` 853 | 854 | Data type: `Array` 855 | 856 | Array of items to skip valid values: db, uploads, repositories, builds, artifacts, lfs, registry, pages 857 | 858 | Default value: `[]` 859 | 860 | ##### `package_hold` 861 | 862 | Data type: `Enum['hold', 'none']` 863 | 864 | Wether to hold the specified package version. Available options are 'hold' or 'none'. Defaults to 'none'. Available only for Debian/Solaris package managers. 865 | 866 | Default value: `'none'` 867 | 868 | ##### `package_name` 869 | 870 | Data type: `Optional[String]` 871 | 872 | The internal packaging system's name for the package. This name will automatically be changed by the gitlab::edition parameter. Can be overridden for the purposes of installing custom compiled version of gitlab-omnibus. 873 | 874 | Default value: `undef` 875 | 876 | ##### `manage_package` 877 | 878 | Data type: `Boolean` 879 | 880 | Should the GitLab package be managed? 881 | 882 | Default value: `true` 883 | 884 | ##### `repository_configuration` 885 | 886 | Data type: `Hash` 887 | 888 | A hash of repository types and attributes for configuraiton the gitlab package repositories. See docs in README.md 889 | 890 | ##### `manage_omnibus_repository` 891 | 892 | Data type: `Boolean` 893 | 894 | Set to false if you wish to manage gitlab without configuring the package repository 895 | 896 | Default value: `true` 897 | 898 | ##### `pgpass_file_location` 899 | 900 | Data type: `Stdlib::Absolutepath` 901 | 902 | Path to location of .pgpass file used by consul to authenticate with pgbouncer database 903 | 904 | Default value: `'/home/gitlab-consul/.pgpass'` 905 | 906 | ##### `pgpass_file_ensure` 907 | 908 | Data type: `Enum['absent', 'present']` 909 | 910 | Create .pgpass file for pgbouncer authentication. When set to present requires valid value for pgbouncer_password. 911 | 912 | Default value: `'absent'` 913 | 914 | ##### `pgbouncer_password` 915 | 916 | Data type: `Optional[String]` 917 | 918 | Password for the gitlab-consul database user in the pgbouncer database 919 | 920 | Default value: `undef` 921 | 922 | ##### `consul` 923 | 924 | Data type: `Optional[Hash]` 925 | 926 | 927 | 928 | Default value: `undef` 929 | 930 | ##### `custom_hooks_dir` 931 | 932 | Data type: `Stdlib::Absolutepath` 933 | 934 | 935 | 936 | Default value: `'/opt/gitlab/embedded/service/gitlab-shell/hooks'` 937 | 938 | ##### `system_hooks_dir` 939 | 940 | Data type: `Stdlib::Absolutepath` 941 | 942 | 943 | 944 | Default value: `'/opt/gitlab/embedded/service/gitlab-rails/file_hooks'` 945 | 946 | ##### `pgbouncer` 947 | 948 | Data type: `Optional[Hash]` 949 | 950 | 951 | 952 | Default value: `undef` 953 | 954 | ##### `repmgr` 955 | 956 | Data type: `Optional[Hash]` 957 | 958 | 959 | 960 | Default value: `undef` 961 | 962 | ##### `custom_hooks` 963 | 964 | Data type: `Hash` 965 | 966 | 967 | 968 | Default value: `{}` 969 | 970 | ##### `global_hooks` 971 | 972 | Data type: `Hash` 973 | 974 | 975 | 976 | Default value: `{}` 977 | 978 | ##### `system_hooks` 979 | 980 | Data type: `Hash[String[1],Hash[String[1],Any]]` 981 | 982 | 983 | 984 | Default value: `{}` 985 | 986 | ### `gitlab::backup` 987 | 988 | This class is called from gitlab for backup config. 989 | 990 | ### `gitlab::host_config` 991 | 992 | This class is for setting host configurations required for gitlab installation. 993 | 994 | #### Parameters 995 | 996 | The following parameters are available in the `gitlab::host_config` class: 997 | 998 | * [`config_dir`](#-gitlab--host_config--config_dir) 999 | * [`skip_auto_migrations`](#-gitlab--host_config--skip_auto_migrations) 1000 | * [`skip_auto_reconfigure`](#-gitlab--host_config--skip_auto_reconfigure) 1001 | * [`store_git_keys_in_db`](#-gitlab--host_config--store_git_keys_in_db) 1002 | * [`pgpass_file_ensure`](#-gitlab--host_config--pgpass_file_ensure) 1003 | * [`pgpass_file_location`](#-gitlab--host_config--pgpass_file_location) 1004 | * [`pgbouncer_password`](#-gitlab--host_config--pgbouncer_password) 1005 | 1006 | ##### `config_dir` 1007 | 1008 | Data type: `Any` 1009 | 1010 | The service executable path. Provide this variable value only if the service executable path would be a subject of change in future GitLab versions for any reason. 1011 | 1012 | Default value: `'/etc/gitlab'` 1013 | 1014 | ##### `skip_auto_migrations` 1015 | 1016 | Data type: `Any` 1017 | 1018 | Deprecated if using Gitlab > 10.6.4 and < 11.0.0, unsupported by gitlab omnibus using gitlab 11+. Use skip_auto_reconfigure 1019 | 1020 | Default value: `$gitlab::skip_auto_migrations` 1021 | 1022 | ##### `skip_auto_reconfigure` 1023 | 1024 | Data type: `Any` 1025 | 1026 | Utilized for Zero Downtime Updates, See: https://docs.gitlab.com/omnibus/update/README.html#zero-downtime-updates 1027 | 1028 | Default value: `$gitlab::skip_auto_reconfigure` 1029 | 1030 | ##### `store_git_keys_in_db` 1031 | 1032 | Data type: `Any` 1033 | 1034 | Enable or disable Fast Lookup of authorized SSH keys in the database. See: https://docs.gitlab.com/ee/administration/operations/fast_ssh_key_lookup.html 1035 | 1036 | Default value: `$gitlab::store_git_keys_in_db` 1037 | 1038 | ##### `pgpass_file_ensure` 1039 | 1040 | Data type: `Any` 1041 | 1042 | Create .pgpass file for pgbouncer authentication. When set to present requires valid value for pgbouncer_password. 1043 | 1044 | Default value: `$gitlab::pgpass_file_ensure` 1045 | 1046 | ##### `pgpass_file_location` 1047 | 1048 | Data type: `Any` 1049 | 1050 | Path to location of .pgpass file used by consul to authenticate with pgbouncer database 1051 | 1052 | Default value: `$gitlab::pgpass_file_location` 1053 | 1054 | ##### `pgbouncer_password` 1055 | 1056 | Data type: `Any` 1057 | 1058 | Password for the gitlab-consul database user in the pgbouncer database 1059 | 1060 | Default value: `$gitlab::pgbouncer_password` 1061 | 1062 | ### `gitlab::install` 1063 | 1064 | This class is called from gitlab for install. 1065 | 1066 | #### Parameters 1067 | 1068 | The following parameters are available in the `gitlab::install` class: 1069 | 1070 | * [`package_name`](#-gitlab--install--package_name) 1071 | * [`package_ensure`](#-gitlab--install--package_ensure) 1072 | * [`package_hold`](#-gitlab--install--package_hold) 1073 | * [`manage_package`](#-gitlab--install--manage_package) 1074 | 1075 | ##### `package_name` 1076 | 1077 | Data type: `Any` 1078 | 1079 | 1080 | 1081 | Default value: `$gitlab::package_name` 1082 | 1083 | ##### `package_ensure` 1084 | 1085 | Data type: `Any` 1086 | 1087 | 1088 | 1089 | Default value: `$gitlab::package_ensure` 1090 | 1091 | ##### `package_hold` 1092 | 1093 | Data type: `Any` 1094 | 1095 | 1096 | 1097 | Default value: `$gitlab::package_hold` 1098 | 1099 | ##### `manage_package` 1100 | 1101 | Data type: `Any` 1102 | 1103 | 1104 | 1105 | Default value: `$gitlab::manage_package` 1106 | 1107 | ### `gitlab::omnibus_config` 1108 | 1109 | This class is used to configure the gitlab omnibus package on a node 1110 | 1111 | #### Parameters 1112 | 1113 | The following parameters are available in the `gitlab::omnibus_config` class: 1114 | 1115 | * [`config_manage`](#-gitlab--omnibus_config--config_manage) 1116 | * [`config_file`](#-gitlab--omnibus_config--config_file) 1117 | 1118 | ##### `config_manage` 1119 | 1120 | Data type: `Any` 1121 | 1122 | Should Puppet manage the config? 1123 | 1124 | Default value: `$gitlab::config_manage` 1125 | 1126 | ##### `config_file` 1127 | 1128 | Data type: `Any` 1129 | 1130 | Path of the Gitlab Omnibus config file. 1131 | 1132 | Default value: `$gitlab::config_file` 1133 | 1134 | ### `gitlab::omnibus_package_repository` 1135 | 1136 | This class is used to configure gitlab repositories 1137 | 1138 | #### Parameters 1139 | 1140 | The following parameters are available in the `gitlab::omnibus_package_repository` class: 1141 | 1142 | * [`repository_configuration`](#-gitlab--omnibus_package_repository--repository_configuration) 1143 | * [`manage_omnibus_repository`](#-gitlab--omnibus_package_repository--manage_omnibus_repository) 1144 | * [`manage_upstream_edition`](#-gitlab--omnibus_package_repository--manage_upstream_edition) 1145 | 1146 | ##### `repository_configuration` 1147 | 1148 | Data type: `Any` 1149 | 1150 | A hash of repository types and attributes for configuraiton the gitlab package repositories. See docs in README.md 1151 | 1152 | Default value: `$gitlab::repository_configuration` 1153 | 1154 | ##### `manage_omnibus_repository` 1155 | 1156 | Data type: `Any` 1157 | 1158 | Set to false if you wish to manage gitlab without configuring the package repository 1159 | 1160 | Default value: `$gitlab::manage_omnibus_repository` 1161 | 1162 | ##### `manage_upstream_edition` 1163 | 1164 | Data type: `Any` 1165 | 1166 | One of [ 'ce', 'ee', 'disabled' ]. Manage the installation of an upstream Gitlab Omnibus edition to install. 1167 | 1168 | Default value: `$gitlab::manage_upstream_edition` 1169 | 1170 | ### `gitlab::service` 1171 | 1172 | This class is meant to be called from gitlab. It ensure the service is running. 1173 | 1174 | #### Parameters 1175 | 1176 | The following parameters are available in the `gitlab::service` class: 1177 | 1178 | * [`service_ensure`](#-gitlab--service--service_ensure) 1179 | * [`service_enable`](#-gitlab--service--service_enable) 1180 | * [`service_name`](#-gitlab--service--service_name) 1181 | * [`service_exec`](#-gitlab--service--service_exec) 1182 | * [`service_manage`](#-gitlab--service--service_manage) 1183 | * [`service_provider_restart`](#-gitlab--service--service_provider_restart) 1184 | * [`skip_post_deployment_migrations`](#-gitlab--service--skip_post_deployment_migrations) 1185 | 1186 | ##### `service_ensure` 1187 | 1188 | Data type: `Any` 1189 | 1190 | Should Puppet start the service? 1191 | 1192 | Default value: `$gitlab::service_ensure` 1193 | 1194 | ##### `service_enable` 1195 | 1196 | Data type: `Any` 1197 | 1198 | Run the system service on boot. 1199 | 1200 | Default value: `$gitlab::service_enable` 1201 | 1202 | ##### `service_name` 1203 | 1204 | Data type: `Any` 1205 | 1206 | Name of the system service. 1207 | 1208 | Default value: `$gitlab::service_name` 1209 | 1210 | ##### `service_exec` 1211 | 1212 | Data type: `Any` 1213 | 1214 | The service executable path. Provide this variable value only if the service executable path would be a subject of change in future GitLab versions for any reason. 1215 | 1216 | Default value: `$gitlab::service_exec` 1217 | 1218 | ##### `service_manage` 1219 | 1220 | Data type: `Any` 1221 | 1222 | Should Puppet manage the service? 1223 | 1224 | Default value: `$gitlab::service_manage` 1225 | 1226 | ##### `service_provider_restart` 1227 | 1228 | Data type: `Any` 1229 | 1230 | Should Puppet restart the gitlab systemd service? 1231 | 1232 | Default value: `$gitlab::service_provider_restart` 1233 | 1234 | ##### `skip_post_deployment_migrations` 1235 | 1236 | Data type: `Any` 1237 | 1238 | Adds SKIP_POST_DEPLOYMENT_MIGRATIONS=true to the execution of gitlab-ctl reconfigure. Used for zero-downtime updates 1239 | 1240 | Default value: `$gitlab::skip_post_deployment_migrations` 1241 | 1242 | ## Defined types 1243 | 1244 | ### `gitlab::custom_hook` 1245 | 1246 | Custom hooks can be created as a pre-receive, post-receive, or update hook. 1247 | Only one of each is currently supported by this module. 1248 | 1249 | #### Examples 1250 | 1251 | ##### Custom hook usage 1252 | 1253 | ```puppet 1254 | gitlab::custom_hook { 'my_custom_hook': 1255 | namespace => 'my_group', 1256 | project => 'my_project', 1257 | type => 'post-receive', 1258 | source => 'puppet:///modules/my_module/post-receive', 1259 | } 1260 | ``` 1261 | 1262 | ##### Calculate hashed storage path 1263 | 1264 | ```puppet 1265 | gitlab::custom_hook { 'my_custom_hook': 1266 | project => 93, 1267 | hashed_storage => true, 1268 | type => 'post-receive', 1269 | source => 'puppet:///modules/my_module/post-receive', 1270 | } 1271 | # Hook path will be `@hashed/6e/40/6e4001871c0cf27c7634ef1dc478408f642410fd3a444e2a88e301f5c4a35a4d` 1272 | ``` 1273 | 1274 | #### Parameters 1275 | 1276 | The following parameters are available in the `gitlab::custom_hook` defined type: 1277 | 1278 | * [`project`](#-gitlab--custom_hook--project) 1279 | * [`namespace`](#-gitlab--custom_hook--namespace) 1280 | * [`type`](#-gitlab--custom_hook--type) 1281 | * [`content`](#-gitlab--custom_hook--content) 1282 | * [`source`](#-gitlab--custom_hook--source) 1283 | * [`repos_path`](#-gitlab--custom_hook--repos_path) 1284 | * [`hashed_storage`](#-gitlab--custom_hook--hashed_storage) 1285 | 1286 | ##### `project` 1287 | 1288 | Data type: `Variant[String,Integer]` 1289 | 1290 | The GitLab project name, or the hashed directory name or project ID number 1291 | 1292 | ##### `namespace` 1293 | 1294 | Data type: `Optional[String]` 1295 | 1296 | The GitLab group namespace for the project. 1297 | 1298 | Default value: `undef` 1299 | 1300 | ##### `type` 1301 | 1302 | Data type: `Enum['update', 'post-receive', 'pre-receive']` 1303 | 1304 | The custom hook type. Should be one of pre-receive, post-receive, or update. 1305 | 1306 | ##### `content` 1307 | 1308 | Data type: `Optional[String]` 1309 | 1310 | Specify the custom hook contents either as a string or using the template function. If this paramter is specified source parameter must not be present. 1311 | 1312 | Default value: `undef` 1313 | 1314 | ##### `source` 1315 | 1316 | Data type: `Optional[String]` 1317 | 1318 | Specify a file source path to populate the custom hook contents. If this paramter is specified content parameter must not be present. 1319 | 1320 | Default value: `undef` 1321 | 1322 | ##### `repos_path` 1323 | 1324 | Data type: `Optional[Stdlib::Absolutepath]` 1325 | 1326 | The GitLab shell repos path. This defaults to '/var/opt/gitlab/git-data/repositories' if not present. 1327 | 1328 | Default value: `undef` 1329 | 1330 | ##### `hashed_storage` 1331 | 1332 | Data type: `Boolean` 1333 | 1334 | Whether to treat the project name as a hashed storage directory name or ID number 1335 | 1336 | Default value: `false` 1337 | 1338 | ### `gitlab::global_hook` 1339 | 1340 | Hooks can be created as a pre-receive, post-receive, or update hook. 1341 | It's possible to create multipe hooks per type as long as their names are unique. 1342 | Support for chained (global) hooks is introduced in GitLab Shell 4.1.0 and GitLab 8.15. 1343 | 1344 | #### Examples 1345 | 1346 | ##### Global hook usage 1347 | 1348 | ```puppet 1349 | gitlab::custom_hook { 'my_custom_hook': 1350 | type => 'post-receive', 1351 | source => 'puppet:///modules/my_module/post-receive', 1352 | } 1353 | ``` 1354 | 1355 | #### Parameters 1356 | 1357 | The following parameters are available in the `gitlab::global_hook` defined type: 1358 | 1359 | * [`type`](#-gitlab--global_hook--type) 1360 | * [`custom_hooks_dir`](#-gitlab--global_hook--custom_hooks_dir) 1361 | * [`content`](#-gitlab--global_hook--content) 1362 | * [`source`](#-gitlab--global_hook--source) 1363 | 1364 | ##### `type` 1365 | 1366 | Data type: `Enum['post-receive', 'pre-receive', 'update']` 1367 | 1368 | The custom hook type. Should be one of pre-receive, post-receive, or update. 1369 | 1370 | ##### `custom_hooks_dir` 1371 | 1372 | Data type: `Stdlib::Absolutepath` 1373 | 1374 | The GitLab shell repos path. This defaults to '/opt/gitlab/embedded/service/gitlab-shell/hooks' if not present. 1375 | 1376 | Default value: `$gitlab::custom_hooks_dir` 1377 | 1378 | ##### `content` 1379 | 1380 | Data type: `Optional[String[1]]` 1381 | 1382 | Specify the custom hook contents either as a string or using the template function. If this paramter is specified source parameter must not be present. 1383 | 1384 | Default value: `undef` 1385 | 1386 | ##### `source` 1387 | 1388 | Data type: `Optional[Pattern[/^puppet:/]]` 1389 | 1390 | Specify a file source path to populate the custom hook contents. If this paramter is specified content parameter must not be present. 1391 | 1392 | Default value: `undef` 1393 | 1394 | ### `gitlab::system_hook` 1395 | 1396 | within a file hook code. You can have as many file hooks as you want. Each file hook will 1397 | be triggered by GitLab asynchronously in case of an event. For a list of events 1398 | see the system hooks documentation. 1399 | 1400 | #### Examples 1401 | 1402 | ##### System hook usage 1403 | 1404 | ```puppet 1405 | gitlab::system_hook { 'my_system_hook': 1406 | type => 'post-receive', 1407 | source => 'puppet:///modules/my_module/post-receive', 1408 | } 1409 | ``` 1410 | 1411 | #### Parameters 1412 | 1413 | The following parameters are available in the `gitlab::system_hook` defined type: 1414 | 1415 | * [`system_hooks_dir`](#-gitlab--system_hook--system_hooks_dir) 1416 | * [`content`](#-gitlab--system_hook--content) 1417 | * [`source`](#-gitlab--system_hook--source) 1418 | 1419 | ##### `system_hooks_dir` 1420 | 1421 | Data type: `Stdlib::Absolutepath` 1422 | 1423 | The GitLab shell repos path. This defaults to '/opt/gitlab/embedded/service/gitlab-rails/file_hooks' if not present. 1424 | 1425 | Default value: `$gitlab::system_hooks_dir` 1426 | 1427 | ##### `content` 1428 | 1429 | Data type: `Optional[String[1]]` 1430 | 1431 | Specify the system hook contents either as a string or using the template function. If this paramter is specified source parameter must not be present. 1432 | 1433 | Default value: `undef` 1434 | 1435 | ##### `source` 1436 | 1437 | Data type: `Optional[Pattern[/^puppet:/]]` 1438 | 1439 | Specify a file source path to populate the system hook contents. If this paramter is specified content parameter must not be present. 1440 | 1441 | Default value: `undef` 1442 | 1443 | ## Tasks 1444 | 1445 | ### `post_upgrade` 1446 | 1447 | Cleans up old postgres database after upgrade 1448 | 1449 | **Supports noop?** false 1450 | 1451 | ### `postgres_upgrade` 1452 | 1453 | Upgrades the postgres database if needed 1454 | 1455 | **Supports noop?** false 1456 | 1457 | --------------------------------------------------------------------------------