An Ansible role for installing GitLab, a Ruby-based front-end to Git, on any RedHat/CentOS or Debian/Ubuntu linux system.
GitLab’s default administrator account details are below; be sure to login immediately after installation and change these credentials!
root 5iveL!fe
|
ℹ️
|
DISCLAIMER
This role is a fork of geerlingguy/ansible-role-gitlab v3.2.0 (26 November, 2021) (MIT License, Copyright 2017 Jeff Geerling), which is no longer being maintained and has been archived with the following very understandable disclaimer: Deprecated: In September 2023, I deprecated this role as I am no longer maintaining any GitLab instances, and use Gitea instead for my personal work. Please consider forking this role or use someone else’s GitLab role. The role itself is still good and working as can be seen by its
constant star rise (currently 700)
even though there’s been no commit since 2 years. |
Below you can find information on…
-
the role’s required Ansible version
-
the role’s supported platforms
-
the role’s role dependencies
link:meta/main.yml[role=include]The Ansible User needs to be able to become.
The community.general collection
must be installed on the Ansible controller.
gitlab_domain: gitlab
gitlab_external_url: "https://{{ gitlab_domain }}/"The domain and URL at which the GitLab instance will be accessible.
This is set as the external_url configuration setting in gitlab.rb,
and if you want to run GitLab on a different port (besides 80/443), you
can specify the port here (e.g. https://gitlab:8443/ for port 8443).
gitlab_git_data_dir: "/var/opt/gitlab/git-data"The gitlab_git_data_dir is the location where all the Git
repositories will be stored. You can use a shared drive or any path on
the system.
gitlab_backup_path: "/var/opt/gitlab/backups"The gitlab_backup_path is the location where Gitlab backups will be
stored.
gitlab_edition: "gitlab-ce"The edition of GitLab to install. Usually either gitlab-ce
(Community Edition) or gitlab-ee (Enterprise Edition).
gitlab_version: ''If you’d like to install a specific version, set the version here
(e.g. 11.4.0-ce.0 for Debian/Ubuntu, or 11.4.0-ce.0.el7 for RedHat/CentOS).
gitlab_install_async_timeout: 600
gitlab_install_async_poll: 5How long you want Ansible to hold ssh connection during GitLab installation task. More Information: https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_async.html
gitlab_config_template: "gitlab.rb.j2"The gitlab.rb.j2 template packaged with this role is meant to be
very generic and serve a variety of use cases. However, many people
would like to have a much more customized version, and so you can
override this role’s default template with your own, adding any
additional customizations you need. To do this:
-
Create a
templatesdirectory at the same level as your playbook. -
Create a
templates\mygitlab.rb.j2file (just choose a different name from the default template). -
Set the variable like:
gitlab_config_template: mygitlab.rb.j2(with the name of your custom template).
gitlab_redirect_http_to_https: true
gitlab_ssl_certificate: "/etc/gitlab/ssl/{{ gitlab_domain }}.crt"
gitlab_ssl_certificate_key: "/etc/gitlab/ssl/{{ gitlab_domain }}.key"GitLab SSL configuration; tells GitLab to redirect normal http requests
to https, and the path to the certificate and key (the default values
will work for automatic self-signed certificate creation, if set to
true in the variable below).
# SSL Self-signed Certificate Configuration.
gitlab_create_self_signed_cert: true
gitlab_self_signed_cert_subj: "/C=US/ST=Missouri/L=Saint Louis/O=IT/CN={{ gitlab_domain }}"Whether to create a self-signed certificate for serving GitLab over a
secure connection. Set gitlab_self_signed_cert_subj according to
your locality and organization.
gitlab_letsencrypt_enable: false
gitlab_letsencrypt_contact_emails: ["[email protected]"]
gitlab_letsencrypt_auto_renew_hour: 1
gitlab_letsencrypt_auto_renew_minute: 30
gitlab_letsencrypt_auto_renew_day_of_month: "*/7"
gitlab_letsencrypt_auto_renew: trueGitLab LetsEncrypt configuration; tells GitLab whether to request and
use a certificate from LetsEncrypt, if gitlab_letsencrypt_enable is
set to true. Multiple contact emails can be configured under
gitlab_letsencrypt_contact_emails as a list.
# LDAP Configuration.
gitlab_ldap_enabled: false
gitlab_ldap_host: "example.com"
gitlab_ldap_port: "389"
gitlab_ldap_uid: "sAMAccountName"
gitlab_ldap_method: "plain"
gitlab_ldap_bind_dn: "CN=Username,CN=Users,DC=example,DC=com"
gitlab_ldap_password: "password"
gitlab_ldap_base: "DC=example,DC=com"GitLab LDAP configuration; if gitlab_ldap_enabled is true, the
rest of the configuration will tell GitLab how to connect to an LDAP
server for centralized authentication.
gitlab_dependencies:
- openssh-server
- postfix
- curl # (Removed for RedHat_9: https://github.com/ansible/ansible/issues/82461)
- openssl
- tzdataDependencies required by GitLab for certain functionality, like timezone
support or email. You may change this list in your own playbook if, for
example, you would like to install exim instead of postfix.
gitlab_time_zone: "UTC"Gitlab timezone.
gitlab_backup_keep_time: "604800"How long to keep local backups (useful if you don’t want backups to fill up your drive!).
gitlab_download_validate_certs: trueControls whether to validate certificates when downloading the GitLab installation repository install script.
# Email configuration.
gitlab_email_enabled: false
gitlab_email_from: "[email protected]"
gitlab_email_display_name: "Gitlab"
gitlab_email_reply_to: "[email protected]"Gitlab system mail configuration. Disabled by default; set
gitlab_email_enabled to true to enable, and make sure you enter
valid from/reply-to values.
# SMTP Configuration
gitlab_smtp_enable: false
gitlab_smtp_address: "smtp.server"
gitlab_smtp_port: "465"
gitlab_smtp_user_name: "smtp user"
gitlab_smtp_password: "smtp password"
gitlab_smtp_domain: "example.com"
gitlab_smtp_authentication: "login"
gitlab_smtp_enable_starttls_auto: true
gitlab_smtp_tls: false
gitlab_smtp_openssl_verify_mode: "none"
gitlab_smtp_ca_path: "/etc/ssl/certs"
gitlab_smtp_ca_file: "/etc/ssl/certs/ca-certificates.crt"Gitlab SMTP configuration; of gitlab_smtp_enable is true, the
rest of the configuration will tell GitLab how to send mails using an
smtp server.
gitlab_nginx_listen_port: 8080If you are running GitLab behind a reverse proxy, you may want to override the listen port to something else.
gitlab_nginx_listen_https: falseIf you are running GitLab behind a reverse proxy, you may wish to terminate SSL at another proxy server or load balancer.
gitlab_nginx_ssl_verify_client: ""
gitlab_nginx_ssl_client_certificate: ""If you want to enable
2-way
SSL Client Authentication, set gitlab_nginx_ssl_verify_client and
add a path to the client certificate in
gitlab_nginx_ssl_client_certificate.
gitlab_default_theme: 2GitLab includes a number of themes, and you can set the default for all users with this variable. See the included GitLab themes to choose a default.
gitlab_extra_settings:
- gitlab_rails:
- key: "trusted_proxies"
value: "['foo', 'bar']"
- key: "env"
type: "plain"
value: |
{
"http_proxy" => "https://my_http_proxy.company.com:3128",
"https_proxy" => "https://my_http_proxy.company.com:3128",
"no_proxy" => "localhost, 127.0.0.1, company.com"
}
- unicorn:
- key: "worker_processes"
value: 5
- key: "pidfile"
value: "/opt/gitlab/var/unicorn/unicorn.pid"Gitlab have many other settings
(see
official documentation), and you can add them with this special
variable gitlab_extra_settings with the concerned setting and the
key and value keywords.
Each variable listed in this section
is dynamically defined when executing this role (and can only be overwritten using ansible.builtin.set_facts) and
is meant to be used not just internally.
Tasks are tagged with the following tags:
| Tag | Purpose |
|---|---|
This role does not have officially documented tags yet. |
|
You can use Ansible to skip tasks, or only run certain tasks by using these tags. By default, all tasks are run when no tags are specified.
|
ℹ️
|
This role is part of many compatible purpose-specific roles of mine. The machine needs to be prepared.
In CI, this is done in link:molecule/resources/prepare.yml[role=include]The following diagram is a compilation of the "soft dependencies" of this role as well as the recursive tree of their soft dependencies.
|
roles:
- role: jonaspammer.gitlab
vars:
gitlab_external_url: "https://gitlab.example.com/"A role may work on different distributions, like Red Hat Enterprise Linux (RHEL), even though there is no test for this exact distribution.
| OS Family | Distribution | Distribution Release Date | Distribution End of Life | Accompanying Docker Image |
|---|---|---|---|---|
Rocky |
Rocky Linux 8 (RHEL/CentOS 8 in disguise) |
2021-06 |
2029-05 |
|
Rocky |
Rocky Linux 9 |
2022-07 |
2032-05 |
|
Debian |
Ubuntu 20.04 LTS |
2021-04 |
2025-04 |
|
Debian |
Ubuntu 22.04 LTS |
2022-04 |
2027-04 |
|
Debian |
Debian 11 |
2021-08 |
2024-06 (2026-06 LTS) |
|
Debian |
Debian 12 |
2023-06 |
2026-06 (2028-06 LTS) |
|
The tested ansible versions try to stay equivalent with the
support pattern of Ansible’s community.general collection.
As of writing this is:
-
2.16 (Ansible 9)
Please refer to the Release Page of this Repository for a human changelog of the corresponding Tags (Versions) of this Project.
Note that this Project adheres to Semantic Versioning. Please report any accidental breaking changes of a minor version update.
link:LICENSE[role=include]