From da9c46a61f0552ef72d3bf9bfd7ebc82e5d10722 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A9mi=20-=20Le=20Filament?= <remi@le-filament.com>
Date: Fri, 11 Jun 2021 15:55:40 +0200
Subject: [PATCH] Document role
---
README.md | 43 +++++++++++++++++++++++++++++++++-------
defaults/main.yml | 40 ++++++++++++++++++++++++++++++++++++-
templates/gitlab.yaml.j2 | 16 +++++++--------
3 files changed, 83 insertions(+), 16 deletions(-)
diff --git a/README.md b/README.md
index a3d0bdb..4c6ece0 100644
--- a/README.md
+++ b/README.md
@@ -1,22 +1,45 @@
-Role Name
-=========
+docker_gitlab
+==============
-A brief description of the role goes here.
+This role deploys GitLab on Docker
Requirements
------------
-Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+None
Role Variables
--------------
-A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+Variables from default directory :
+* domain: domain belonging to customer
+* git_url: URL on which GitLab will be listening
+* Mail configuration :
+ * real_mailserver: Whether to authorize e-mail from GitLab or not (if set to true - by default, the following variables need to be defined, otherwise a mailhog instance will be deployed for blocking e-mails)
+ * mailserver: SMTP server to use for sending e-mails (defaults to smtp.{{ domain }})
+ * smtpport: SMTP server port (defaults to 465)
+ * smtpuser: SMTP username (defaults to smtpuser)
+ * smtppass: SMTP user password (defaults to veryUnsecurePassToBeModified)
+ * git_mail_from: from address used in e-mail sent from GitLab (defaults to git@{{ domain }})
+* default_maintenance_email: maintenance e-mail used to request Let's Encrypt certificate (defaults to maintenance@{{ domain }})
+* SSO integration :
+ * enable_omniauth: whether or not configure SSO integration (defaults to false)
+ * sso_url: URL for SSO server
+ * sso_oidc_gitlab_id: OpenID connect identifier defined for gitlab
+ * sso_oidc_gitlab_secret: OpenID connect secret defined for gitlab
+* Backups :
+ * swift parameters for 2 object storage instances where backups should be pushed daily
+ * git_backup_pass : Passphrase for encryption of backups
+
Dependencies
------------
-A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+This role requires the following Ansible collection :
+* community.docker
+
+This Docker role supposes that Traefik is deployed as an inverseproxy in front of the deployed Dockers.
+The following role is used by Le Filament for deploying Traefik : docker_server (https://sources.le-filament.com/lefilament/ansible-roles/docker_server)
Example Playbook
----------------
@@ -25,7 +48,13 @@ Including an example of how to use your role (for instance, with variables passe
- hosts: servers
roles:
- - { role: username.rolename, x: 42 }
+ - { role: docker_gitlab }
+ vars:
+ - { domain: "example.org" }
+ - { git_url: "git.example.org" }
+ - { real_mailserver: false }
+ - { default_maintenance_email: "maintenance@example.org" }
+ - { enable_omniauth: false }
License
-------
diff --git a/defaults/main.yml b/defaults/main.yml
index 9457e0c..3101b1a 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,2 +1,40 @@
---
-# defaults file for test
+domain: example.org
+git_url: git.{{ domain }}
+
+# Mail configuration
+real_mailserver: true
+mailserver: smtp.{{ domain }}
+smtpport: 465
+smtpuser: smtpuser
+smtppass: veryUnsecurePassToBeModified
+git_mail_from: git@{{ domain }}
+
+# Maintenance e-mail for Let's Encrypt certificate
+default_maintenance_email: maintenance@{{ domain }}
+
+# SSO integration
+enable_omniauth: false
+sso_url: auth.{{ domain }}
+sso_oidc_gitlab_id: gitlabid
+sso_oidc_gitlab_secret: secrettobemodified
+
+# Backups
+# Parameters for pushing backups to Object Storage - Instance 1
+swift_odoo_authurl: https://auth.cloud.ovh.net/v3/
+swift_odoo_authversion: 3
+swift_odoo_tenantid: "132e1fa"
+swift_odoo_tenantname: "12312534534"
+swift_odoo_username: "testuser"
+swift_odoo_password: "testpassword"
+swift_odoo_regionname: "GRA"
+# Parameters for pushing backups to Object Storage - Instance 2
+swift_odoo2_authurl: https://auth.cloud.ovh.net/v3/
+swift_odoo2_authversion: 3
+swift_odoo2_tenantid: "12323534ab"
+swift_odoo2_tenantname: "123124235345"
+swift_odoo2_username: "testuser"
+swift_odoo2_password: "testpassword"
+swift_odoo2_regionname: "DE"
+# Passphrase for backups encryption
+git_backup_pass: notSecureEnoughPasswordToBeModified
diff --git a/templates/gitlab.yaml.j2 b/templates/gitlab.yaml.j2
index 8bf3045..e472f23 100644
--- a/templates/gitlab.yaml.j2
+++ b/templates/gitlab.yaml.j2
@@ -2,7 +2,7 @@ version: '2.1'
services:
smtp:
-{% if mailname is defined %}
+{% if real_mailserver is defined %}
image: tecnativa/postfix-relay
volumes:
- smtp:/var/spool/postfix
@@ -10,13 +10,13 @@ services:
default:
public:
environment:
- MAILNAME: "{{ mailname }}"
+ MAILNAME: "{{ domain }}"
MAIL_RELAY_HOST: "{{ mailserver }}"
MAIL_RELAY_PORT: "{{ smtpport }}"
MAIL_RELAY_USER: "{{ smtpuser }}"
MAIL_RELAY_PASS: "{{ smtppass }}"
- MAIL_CANONICAL_DOMAINS: "{{ mailname }}"
- MAIL_NON_CANONICAL_DEFAULT: "{{ mailname }}"
+ MAIL_CANONICAL_DOMAINS: "{{ domain }}"
+ MAIL_NON_CANONICAL_DEFAULT: "{{ domain }}"
{% else %}
image: mailhog/mailhog
networks:
@@ -84,9 +84,9 @@ services:
{% endif %}
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = 'smtp'
-{% if mailname is defined %}
+{% if real_mailserver is defined %}
gitlab_rails['smtp_port'] = 25
- gitlab_rails['smtp_domain'] = '{{ mailname }}'
+ gitlab_rails['smtp_domain'] = '{{ domain }}'
{% else %}
gitlab_rails['smtp_port'] = 1025
{% endif %}
@@ -117,7 +117,7 @@ networks:
encrypted: 1
inverseproxy_shared:
external: true
-{% if mailname is defined %}
+{% if real_mailserver is defined %}
public:
{% else %}
inverseproxy_smtp:
@@ -128,6 +128,6 @@ volumes:
config:
data:
logs:
-{% if mailname is defined %}
+{% if real_mailserver is defined %}
smtp:
{% endif %}
--
GitLab