From d44c630c9e753f6acb5e99bd766dbfdfb9b06521 Mon Sep 17 00:00:00 2001
From: Zolfa <zolfa@lilik.it>
Date: Wed, 22 Apr 2020 03:49:24 +0200
Subject: [PATCH] roles/gitlab: initial_root_password

---
 roles/gitlab/README.md              | 19 ++++++++++---------
 roles/gitlab/templates/gitlab.rb.j2 |  4 ++++
 2 files changed, 14 insertions(+), 9 deletions(-)

diff --git a/roles/gitlab/README.md b/roles/gitlab/README.md
index 4325cc5..8f7cb7c 100644
--- a/roles/gitlab/README.md
+++ b/roles/gitlab/README.md
@@ -4,15 +4,16 @@ Set-up a Omnibus GitLab server
 
 ## Configuration variables
 
-| Name            | Description                                     |
-|-----------------|-------------------------------------------------|
-| `server_fqdn`   | [`$hostname.$domain`]                           |
-| `ssh_port`      | External SSH port. [`22`]                       |
-| `ldap_server`*  | LDAP server fqdn [`'ldap1.dmz.$domain'`]        |
-| `ldap_domain`   | LDAP domain, used to derive base dn [`$domain`] |
-| `enable_https`  | Enable HTTPS. [`false`]                         |
-| `ldap_admin_dn` | DN of a LDAP user with admin privileges.        |
-| `ldap_admin_pw` | Bind password of that user.                     |
+| Name                    | Description                                     |
+|-------------------------|-------------------------------------------------|
+| `server_fqdn`           | [`$hostname.$domain`]                           |
+| `ssh_port`              | External SSH port. [`22`]                       |
+| `ldap_server`*          | LDAP server fqdn [`'ldap1.dmz.$domain'`]        |
+| `ldap_domain`           | LDAP domain, used to derive base dn [`$domain`] |
+| `enable_https`          | Enable HTTPS. [`false`]                         |
+| `ldap_admin_dn`         | DN of a LDAP user with admin privileges.        |
+| `ldap_admin_pw`         | Bind password of that user.                     |
+| `initial_root_password` | Available only before initialization.           |
 
 **Note**: The Ansible controller must have OpenLDAP properly configured
 with root ca set in `~/.ldaprc`.
diff --git a/roles/gitlab/templates/gitlab.rb.j2 b/roles/gitlab/templates/gitlab.rb.j2
index 86f4e5e..fe384da 100644
--- a/roles/gitlab/templates/gitlab.rb.j2
+++ b/roles/gitlab/templates/gitlab.rb.j2
@@ -529,7 +529,11 @@ external_url 'http://{{ server_fqdn }}'
 #### Change the initial default admin password and shared runner registration tokens.
 ####! **Only applicable on initial setup, changing these settings after database
 ####!   is created and seeded won't yield any change.**
+{% if initial_root_password is defined %}
+ gitlab_rails['initial_root_password'] = "{{ initial_root_password }}"
+{% else %}
 # gitlab_rails['initial_root_password'] = "password"
+{% endif %}
 # gitlab_rails['initial_shared_runners_registration_token'] = "token"
 
 #### Set path to an initial license to be used while bootstrapping GitLab.