Merged in upstream

Author: williampiv

README.md

@@ -17,9 +17,10 @@ None.
 
 Available variables are listed below, along with default values (see `defaults/main.yml`):
 
-    gitlab_external_url: "https://gitlab/"
+    gitlab_domain: gitlab
+    gitlab_external_url: "https://{{ gitlab_domain }}/"
 
-The URL at which the GitLab instance will be accessible. This is set as the `external_url` configuration setting in `gitlab.rb`, and if you want to run GitLab on a different port (besides 80/443), you can specify the port here (e.g. `https://gitlab:8443/` for port 8443).
+The domain and URL at which the GitLab instance will be accessible. This is set as the `external_url` configuration setting in `gitlab.rb`, and if you want to run GitLab on a different port (besides 80/443), you can specify the port here (e.g. `https://gitlab:8443/` for port 8443).
 
     gitlab_git_data_dir: "/var/opt/gitlab/git-data"
 
@@ -48,14 +49,14 @@ The `gitlab.rb.j2` template packaged with this role is meant to be very generic
 ### SSL Configuration.
 
     gitlab_redirect_http_to_https: "true"
-    gitlab_ssl_certificate: "/etc/gitlab/ssl/gitlab.crt"
-    gitlab_ssl_certificate_key: "/etc/gitlab/ssl/gitlab.key"
+    gitlab_ssl_certificate: "/etc/gitlab/ssl/{{ gitlab_domain }}.crt"
+    gitlab_ssl_certificate_key: "/etc/gitlab/ssl/{{ gitlab_domain }}.key"
 
 GitLab SSL configuration; tells GitLab to redirect normal http requests to https, and the path to the certificate and key (the default values will work for automatic self-signed certificate creation, if set to `true` in the variable below).
 
     # SSL Self-signed Certificate Configuration.
     gitlab_create_self_signed_cert: "true"
-    gitlab_self_signed_cert_subj: "/C=US/ST=Missouri/L=Saint Louis/O=IT/CN=gitlab"
+    gitlab_self_signed_cert_subj: "/C=US/ST=Missouri/L=Saint Louis/O=IT/CN={{ gitlab_domain }}"
 
 Whether to create a self-signed certificate for serving GitLab over a secure connection. Set `gitlab_self_signed_cert_subj` according to your locality and organization.
 
@@ -71,6 +72,15 @@ Whether to create a self-signed certificate for serving GitLab over a secure con
 
 GitLab LDAP configuration; if `gitlab_ldap_enabled` is `true`, the rest of the configuration will tell GitLab how to connect to an LDAP server for centralized authentication.
 
+    gitlab_dependencies:
+      - openssh-server
+      - postfix
+      - curl
+      - openssl
+      - tzdata
+
+Dependencies required by GitLab for certain functionality, like timezone support or email. You may change this list in your own playbook if, for example, you would like to install `exim` instead of `postfix`.
+
     gitlab_time_zone: "UTC"
 
 Gitlab timezone.
@@ -124,6 +134,26 @@ If you want to enable [2-way SSL Client Authentication](https://docs.gitlab.com/
 
 GitLab includes a number of themes, and you can set the default for all users with this variable. See [the included GitLab themes to choose a default](https://github.com/gitlabhq/gitlabhq/blob/master/config/gitlab.yml.example#L79-L85).
 
+    gitlab_extra_settings:
+      - gitlab_rails:
+          - key: "trusted_proxies"
+            value: "['foo', 'bar']"
+          - key: "env"
+            type: "plain"
+            value: |
+              {
+              "http_proxy" => "https://my_http_proxy.company.com:3128",
+              "https_proxy" => "https://my_http_proxy.company.com:3128",
+              "no_proxy" => "localhost, 127.0.0.1, company.com"
+              }
+      - unicorn:
+          - key: "worker_processes"
+            value: 5
+          - key: "pidfile"
+            value: "/opt/gitlab/var/unicorn/unicorn.pid"
+
+Gitlab have many other settings ([see official documentation](https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-config-template/gitlab.rb.template)), and you can add them with this special variable `gitlab_extra_settings` with the concerned setting and the `key` and `value` keywords.
+
 ## Dependencies
 
 None.

defaults/main.yml

@@ -1,6 +1,7 @@
 ---
 # General config.
-gitlab_external_url: "https://gitlab/"
+gitlab_domain: gitlab
+gitlab_external_url: "https://{{ gitlab_domain }}/"
 gitlab_git_data_dir: "/var/opt/gitlab/git-data"
 gitlab_edition: "gitlab-ce"
 gitlab_version: ''
@@ -9,12 +10,12 @@ gitlab_config_template: "gitlab.rb.j2"
 
 # SSL Configuration.
 gitlab_redirect_http_to_https: "true"
-gitlab_ssl_certificate: "/etc/gitlab/ssl/gitlab.crt"
-gitlab_ssl_certificate_key: "/etc/gitlab/ssl/gitlab.key"
+gitlab_ssl_certificate: "/etc/gitlab/ssl/{{ gitlab_domain }}.crt"
+gitlab_ssl_certificate_key: "/etc/gitlab/ssl/{{ gitlab_domain }}.key"
 
 # SSL Self-signed Certificate Configuration.
 gitlab_create_self_signed_cert: "true"
-gitlab_self_signed_cert_subj: "/C=US/ST=Missouri/L=Saint Louis/O=IT/CN=gitlab"
+gitlab_self_signed_cert_subj: "/C=US/ST=Missouri/L=Saint Louis/O=IT/CN={{ gitlab_domain }}"
 
 # LDAP Configuration.
 gitlab_ldap_enabled: "false"
@@ -47,6 +48,14 @@ gitlab_nginx_ssl_client_certificate: ""
 # Probably best to leave this as the default, unless doing testing.
 gitlab_restart_handler_failed_when: 'gitlab_restart.rc != 0'
 
+# Dependencies.
+gitlab_dependencies:
+  - openssh-server
+  - postfix
+  - curl
+  - openssl
+  - tzdata
+
 # Optional settings.
 gitlab_time_zone: "UTC"
 gitlab_backup_keep_time: "604800"
@@ -59,11 +68,17 @@ gitlab_email_from: "[email protected]"
 gitlab_email_display_name: "Gitlab"
 gitlab_email_reply_to: "[email protected]"
 
+# Registry configuration.
+gitlab_registry_enable: "false"
+gitlab_registry_external_url: "https://gitlab.example.com:4567"
+gitlab_registry_nginx_ssl_certificate: "/etc/gitlab/ssl/gitlab.crt"
+gitlab_registry_nginx_ssl_certificate_key: "/etc/gitlab/ssl/gitlab.key"
+
 # LetsEncrypt configuration.
 gitlab_letsencrypt_enable: "false"
 gitlab_letsencrypt_contact_emails:
   - "[email protected]"
 gitlab_letsencrypt_auto_renew_hour: 1
 gitlab_letsencrypt_auto_renew_minute: 30
 gitlab_letsencrypt_auto_renew_day_of_month: "*/7"
-gitlab_letsencrypt_auto_renew: true
+gitlab_letsencrypt_auto_renew: true

handlers/main.yml

@@ -2,4 +2,4 @@
 - name: restart gitlab
   command: gitlab-ctl reconfigure
   register: gitlab_restart
-  failed_when: gitlab_restart_handler_failed_when
+  failed_when: gitlab_restart_handler_failed_when | bool

meta/main.yml

@@ -2,6 +2,7 @@
 dependencies: []
 
 galaxy_info:
+  role_name: gitlab
   author: geerlingguy
   description: GitLab Git web interface
   company: "Midwestern Mac, LLC"

tasks/main.yml

@@ -13,12 +13,7 @@
 # Install GitLab and its dependencies.
 - name: Install GitLab dependencies.
   package:
-    name:
-      - openssh-server
-      - postfix
-      - curl
-      - openssl
-      - tzdata
+    name: "{{ gitlab_dependencies }}"
     state: present
 
 - name: Install GitLab dependencies (Debian).
@@ -48,6 +43,8 @@
   package:
     name: "{{ gitlab_package_name | default(gitlab_edition) }}"
     state: present
+  async: 300
+  poll: 5
   when: not gitlab_file.stat.exists
 
 # Start and configure GitLab. Sometimes the first run fails, but after that,

templates/gitlab.rb.j2

@@ -37,6 +37,7 @@ gitlab_rails['backup_path'] = "{{ gitlab_backup_path }}"
 # These settings are documented in more detail at
 # https://gitlab.com/gitlab-org/gitlab-ce/blob/master/config/gitlab.yml.example#L118
 gitlab_rails['ldap_enabled'] = {{ gitlab_ldap_enabled }}
+{% if gitlab_ldap_enabled == "true" %}
 gitlab_rails['ldap_host'] = '{{ gitlab_ldap_host }}'
 gitlab_rails['ldap_port'] = {{ gitlab_ldap_port }}
 gitlab_rails['ldap_uid'] = '{{ gitlab_ldap_uid }}'
@@ -45,6 +46,7 @@ gitlab_rails['ldap_bind_dn'] = '{{ gitlab_ldap_bind_dn }}'
 gitlab_rails['ldap_password'] = '{{ gitlab_ldap_password }}'
 gitlab_rails['ldap_allow_username_or_email_login'] = true
 gitlab_rails['ldap_base'] = '{{ gitlab_ldap_base }}'
+{% endif %}
 
 # GitLab Nginx
 ## See https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/nginx.md
@@ -59,17 +61,25 @@ nginx['listen_https'] = {{ gitlab_nginx_listen_https }}
 # More details and example configuration at
 # https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/smtp.md
 gitlab_rails['smtp_enable'] = {{ gitlab_smtp_enable }}
+{% if gitlab_smtp_enable == "true" %}
 gitlab_rails['smtp_address'] = '{{ gitlab_smtp_address }}'
 gitlab_rails['smtp_port'] = {{ gitlab_smtp_port }}
+{% if gitlab_smtp_user_name %}
 gitlab_rails['smtp_user_name'] = '{{ gitlab_smtp_user_name }}'
+{% endif %}
+{% if gitlab_smtp_password %}
 gitlab_rails['smtp_password'] = '{{ gitlab_smtp_password }}'
+{% endif %}
 gitlab_rails['smtp_domain'] = '{{ gitlab_smtp_domain }}'
+{% if gitlab_smtp_authentication %}
 gitlab_rails['smtp_authentication'] = '{{ gitlab_smtp_authentication }}'
+{% endif %}
 gitlab_rails['smtp_enable_starttls_auto'] = {{ gitlab_smtp_enable_starttls_auto }}
 gitlab_rails['smtp_tls'] = {{ gitlab_smtp_tls }}
 gitlab_rails['smtp_openssl_verify_mode'] = '{{ gitlab_smtp_openssl_verify_mode }}'
 gitlab_rails['smtp_ca_path'] = '{{ gitlab_smtp_ca_path }}'
 gitlab_rails['smtp_ca_file'] = '{{ gitlab_smtp_ca_file }}'
+{% endif %}
 
 # 2-way SSL Client Authentication.
 {% if gitlab_nginx_ssl_verify_client %}
@@ -79,5 +89,29 @@ nginx['ssl_verify_client'] = "{{ gitlab_nginx_ssl_verify_client }}"
 nginx['ssl_client_certificate'] = "{{ gitlab_nginx_ssl_client_certificate }}"
 {% endif %}
 
+# GitLab registry.
+registry['enable'] = {{ gitlab_registry_enable }}
+{% if gitlab_registry_enable %}
+registry_external_url "{{ gitlab_registry_external_url }}"
+registry_nginx['ssl_certificate'] = "{{ gitlab_registry_nginx_ssl_certificate }}"
+registry_nginx['ssl_certificate_key'] = "{{ gitlab_registry_nginx_ssl_certificate_key }}"
+{% endif %}
+
+{% if gitlab_extra_settings is defined %}
+# Extra configuration
+{% for extra in gitlab_extra_settings %}
+{% for setting in extra %}
+{% for kv in extra[setting] %}
+{% if (kv.type is defined and kv.type == 'plain') or (kv.value is not string) %}
+{{ setting }}['{{ kv.key }}'] = {{ kv.value }}
+{% else %}
+{{ setting }}['{{ kv.key }}'] = '{{ kv.value }}'
+{% endif %}
+{% endfor %}
+{% endfor %}
+
+{% endfor %}
+{% endif %}
+
 # To change other settings, see:
 # https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/README.md#changing-gitlab-yml-settings