Puppet Class: psick::gitlab

Defined in:
manifests/gitlab.pp

Overview

This class installs GitLab Community Edition using Tiny Puppet

Parameters:

  • ensure (String) (defaults to: 'present')

    Define if to install or remove gitlab, and eventually the package version to use

  • template (Variant[Undef,String]) (defaults to: undef)

    Path (as used in template()) of the Erb template to use to manage GitLab configuration file.

  • options_hash (Hash) (defaults to: { })

    An hash of options to eventually use in the provided template

  • manage_installation (Boolean) (defaults to: true)

    Set to true to atually install GitLab. Default, false, just manages symlink in /etc/ssh/auth_keys

  • use_https (Boolean) (defaults to: true)

    Define if you want gitlab services to use ssl.

  • server_name (String) (defaults to: $::fqdn)

    The name to use for the GitLab website. Default: $::fqdn, If you set a name different from the local machine fqdn, provide custom cert files via *_file_source params

  • ca_file_source (String) (defaults to: 'file:///etc/puppetlabs/puppet/ssl/certs/ca.pem')

    Puppet source for the ca certificate. By default Puppet CA is used (valid if server_name is not customised)

  • cert_file_source (String) (defaults to: "file:///etc/puppetlabs/puppet/ssl/certs/${trusted['certname']}.pem")

    Puppet source for the https server certificate. By default local Puppet cert is used (valid if server_name is not customised)

  • key_file_source (String) (defaults to: "file:///etc/puppetlabs/puppet/ssl/private_keys/${trusted['certname']}.pem")

    Puppet source for the https server key. By default local Puppet key is used (valid if server_name is not customised)

  • users (Hash) (defaults to: { })

    An hash used to create psick::gitlab::user resources

  • groups (Hash) (defaults to: { })

    An hash used to create psick::gitlab::group resources

  • projects (Hash) (defaults to: { })

    An hash used to create psick::gitlab::project resources

  • tp_install_options (Hash) (defaults to: { }) 


24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
 
# File 'manifests/gitlab.pp', line 24

class psick::gitlab (
  String                $ensure      = 'present',

  Variant[Undef,String] $template    = undef,
  Hash $options_hash                 = { },

  Boolean $manage_installation       = true,

  Boolean $use_https                 = true,
  String $server_name                = $::fqdn,
  String $ca_file_source             = 'file:///etc/puppetlabs/puppet/ssl/certs/ca.pem',
  String $key_file_source            = "file:///etc/puppetlabs/puppet/ssl/private_keys/${trusted['certname']}.pem",
  String $cert_file_source           = "file:///etc/puppetlabs/puppet/ssl/certs/${trusted['certname']}.pem",

  Hash     $tp_install_options       = { },
  Hash                  $users       = { },
  Hash                  $groups      = { },
  Hash                  $projects    = { },
) {

  if $manage_installation {
    $options_default = {
      external_url => $use_https ? {
        true  => "https://${server_name}",
        false => "http://${server_name}",
      },
      "nginx['ssl_certificate']" => "/etc/gitlab/ssl/${server_name}.crt",
      "nginx['ssl_certificate_key']" => "/etc/gitlab/ssl/${server_name}.key",
    }
    $options = $options_default + $options_hash
    tp::install { 'gitlab-ce' :
      ensure      => $ensure,
      auto_prereq => true,
      *           => $tp_install_options,
    }

    if $template {
      ::tp::conf { 'gitlab-ce':
        ensure  => $ensure,
        content => template($template),
        notify  => Exec['gitlab-ctl reconfigure'],
      }
    }

    exec { 'gitlab-ctl reconfigure':
      refreshonly => true,
      timeout     => '600',
      subscribe   => Package['gitlab-ce'],
    }

    if $use_https {
      file { '/etc/gitlab/ssl':
        ensure  => directory, # tp::ensure2dir($ensure),
        require => Package['gitlab-ce'],
      }
      file { '/etc/gitlab/trusted-certs':
        ensure  => directory, # tp::ensure2dir($ensure),
        require => Package['gitlab-ce'],
      }
      file { "/etc/gitlab/ssl/${server_name}.crt":
        ensure => $ensure,
        source => $cert_file_source,
        notify => Exec['gitlab-ctl reconfigure'],
      }
      file { "/etc/gitlab/ssl/${server_name}.key":
        ensure => $ensure,
        source => $key_file_source,
        mode   => '0400',
        notify => Exec['gitlab-ctl reconfigure'],
      }
      file { '/etc/gitlab/trusted-certs/ca_bundle.crt':
        ensure => $ensure,
        source => $ca_file_source,
        notify => Exec['gitlab-ctl reconfigure'],
      }
    }
  }

  # Create GitLab resources, if defined
  if $groups != {} {
    $groups.each |$k,$v| {
      psick::gitlab::group { $k:
        * => $v,
      }
    }
  }
  if $users != {} {
    $users.each |$k,$v| {
      psick::gitlab::user { $k:
        * => $v,
      }
    }
  }
  if $projects != {} {
    $projects.each |$k,$v| {
      psick::gitlab::project { $k:
        * => $v,
      }
    }
  }

  # Add tp test if cli enabled
  if any2bool($::psick::tp['cli_enable']) {
    tp::test { 'gitlab-ce':
      content => 'gitlab-ctl status',
    }
  }
}