# Role: gitlab Set-up a Omnibus GitLab server ## Configuration variables | Name | Description | |-------------------------|-------------------------------------------------| | `server_fqdn` | [`$hostname.$domain`] | | `ssh_port` | External SSH port. [`22`] | | `ldap_server`* | LDAP server fqdn [`'ldap1.dmz.$domain'`] | | `ldap_domain` | LDAP domain, used to derive base dn [`$domain`] | | `enable_https` | Enable HTTPS. [`false`] | | `ldap_admin_dn` | DN of a LDAP user with admin privileges. | | `ldap_admin_pw` | Bind password of that user. | | `initial_root_password` | Available only before initialization. | **Note**: The Ansible controller must have OpenLDAP properly configured with root ca set in `~/.ldaprc`. ## Minimal example group_vars/all.yaml: --- domain: 'example.com' ssl_subject_prefix: '/C=IT/L=Firenze/O=LILiK' x509_suffix: 'o=LILiK,l=Firenze,st=IT' user_ca_keys: - "ssh-ed25519 ################### CA" ssl_ca_cert: | -----BEGIN CERTIFICATE----- ########################### -----END CERTIFICATE----- hosts: vm_gateway ansible_host=10.0.2.1 ansible_user=root authorities_request ansible_host=10.0.1.8 ansible_user=request host1 ansible_host=10.0.1.1 ansible_user=root ldap1 ansible_host=10.0.2.2 ansible_user=root ansible_lxc_host=host1 gitlab ansible_host=10.0.2.3 ansible_user=root ansible_lxc_host=host1 playbook.yaml: --- # Configure GitLab on a Physical Host - hosts: 'host1' roles: - role: 'dns_record' - role: 'reverse_proxy' hostname: 'projects' - role: 'gitlab' Command line: ansible-playbook -i hosts playbook.yaml \ -e ldap_admin_dn= -e \ -e ldap_amdin_pw= ## Requirements On Ansible controller: - tasks/ca-dialog.yaml