Skip to content
Snippets Groups Projects
Commit da9c46a6 authored by Rémi - Le Filament's avatar Rémi - Le Filament
Browse files

Document role

parent 2aeec57e
Branches
Tags
No related merge requests found
Show whitespace changes
Inline Side-by-side
README.md
+ 36
7
View file @ da9c46a6
Role Name
=========
docker_gitlab
==============
A brief description of the role goes here.
This role deploys GitLab on Docker
Requirements
------------
Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
None
Role Variables
--------------
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
Variables from default directory :
* domain: domain belonging to customer
* git_url: URL on which GitLab will be listening
* Mail configuration :
* real_mailserver: Whether to authorize e-mail from GitLab or not (if set to true - by default, the following variables need to be defined, otherwise a mailhog instance will be deployed for blocking e-mails)
* mailserver: SMTP server to use for sending e-mails (defaults to smtp.{{ domain }})
* smtpport: SMTP server port (defaults to 465)
* smtpuser: SMTP username (defaults to smtpuser)
* smtppass: SMTP user password (defaults to veryUnsecurePassToBeModified)
* git_mail_from: from address used in e-mail sent from GitLab (defaults to git@{{ domain }})
* default_maintenance_email: maintenance e-mail used to request Let's Encrypt certificate (defaults to maintenance@{{ domain }})
* SSO integration :
* enable_omniauth: whether or not configure SSO integration (defaults to false)
* sso_url: URL for SSO server
* sso_oidc_gitlab_id: OpenID connect identifier defined for gitlab
* sso_oidc_gitlab_secret: OpenID connect secret defined for gitlab
* Backups :
* swift parameters for 2 object storage instances where backups should be pushed daily
* git_backup_pass : Passphrase for encryption of backups
Dependencies
------------
A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
This role requires the following Ansible collection :
* community.docker
This Docker role supposes that Traefik is deployed as an inverseproxy in front of the deployed Dockers.
The following role is used by Le Filament for deploying Traefik : docker_server (https://sources.le-filament.com/lefilament/ansible-roles/docker_server)
Example Playbook
----------------
......@@ -25,7 +48,13 @@ Including an example of how to use your role (for instance, with variables passe
- hosts: servers
roles:
- { role: username.rolename, x: 42 }
- { role: docker_gitlab }
vars:
- { domain: "example.org" }
- { git_url: "git.example.org" }
- { real_mailserver: false }
- { default_maintenance_email: "maintenance@example.org" }
- { enable_omniauth: false }
License
-------
......
defaults/main.yml
+ 39
1
View file @ da9c46a6
---
# defaults file for test
domain: example.org
git_url: git.{{ domain }}
# Mail configuration
real_mailserver: true
mailserver: smtp.{{ domain }}
smtpport: 465
smtpuser: smtpuser
smtppass: veryUnsecurePassToBeModified
git_mail_from: git@{{ domain }}
# Maintenance e-mail for Let's Encrypt certificate
default_maintenance_email: maintenance@{{ domain }}
# SSO integration
enable_omniauth: false
sso_url: auth.{{ domain }}
sso_oidc_gitlab_id: gitlabid
sso_oidc_gitlab_secret: secrettobemodified
# Backups
# Parameters for pushing backups to Object Storage - Instance 1
swift_odoo_authurl: https://auth.cloud.ovh.net/v3/
swift_odoo_authversion: 3
swift_odoo_tenantid: "132e1fa"
swift_odoo_tenantname: "12312534534"
swift_odoo_username: "testuser"
swift_odoo_password: "testpassword"
swift_odoo_regionname: "GRA"
# Parameters for pushing backups to Object Storage - Instance 2
swift_odoo2_authurl: https://auth.cloud.ovh.net/v3/
swift_odoo2_authversion: 3
swift_odoo2_tenantid: "12323534ab"
swift_odoo2_tenantname: "123124235345"
swift_odoo2_username: "testuser"
swift_odoo2_password: "testpassword"
swift_odoo2_regionname: "DE"
# Passphrase for backups encryption
git_backup_pass: notSecureEnoughPasswordToBeModified
templates/gitlab.yaml.j2
+ 8
8
View file @ da9c46a6
......@@ -2,7 +2,7 @@ version: '2.1'
services:
smtp:
{% if mailname is defined %}
{% if real_mailserver is defined %}
image: tecnativa/postfix-relay
volumes:
- smtp:/var/spool/postfix
......@@ -10,13 +10,13 @@ services:
default:
public:
environment:
MAILNAME: "{{ mailname }}"
MAILNAME: "{{ domain }}"
MAIL_RELAY_HOST: "{{ mailserver }}"
MAIL_RELAY_PORT: "{{ smtpport }}"
MAIL_RELAY_USER: "{{ smtpuser }}"
MAIL_RELAY_PASS: "{{ smtppass }}"
MAIL_CANONICAL_DOMAINS: "{{ mailname }}"
MAIL_NON_CANONICAL_DEFAULT: "{{ mailname }}"
MAIL_CANONICAL_DOMAINS: "{{ domain }}"
MAIL_NON_CANONICAL_DEFAULT: "{{ domain }}"
{% else %}
image: mailhog/mailhog
networks:
......@@ -84,9 +84,9 @@ services:
{% endif %}
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = 'smtp'
{% if mailname is defined %}
{% if real_mailserver is defined %}
gitlab_rails['smtp_port'] = 25
gitlab_rails['smtp_domain'] = '{{ mailname }}'
gitlab_rails['smtp_domain'] = '{{ domain }}'
{% else %}
gitlab_rails['smtp_port'] = 1025
{% endif %}
......@@ -117,7 +117,7 @@ networks:
encrypted: 1
inverseproxy_shared:
external: true
{% if mailname is defined %}
{% if real_mailserver is defined %}
public:
{% else %}
inverseproxy_smtp:
......@@ -128,6 +128,6 @@ volumes:
config:
data:
logs:
{% if mailname is defined %}
{% if real_mailserver is defined %}
smtp:
{% endif %}
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment