-
-
Save JonTheNiceGuy/14b5292a9ef6968c9fc92fd2df0c0ba3 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
- hosts: localhost | |
gather_facts: false | |
tasks: | |
- name: "Check variables are defined" | |
assert: | |
quiet: true | |
that: | |
- server is defined | |
- (token is defined and username is not defined and password is not defined) or (token is not defined and username is defined and password is defined) | |
- name: "Create Groups Variable if missing" | |
set_fact: | |
gitlab_groups: | |
default: | |
users: | |
spriggsj: | |
name: Jon Spriggs | |
projects: | |
default: | |
snippets: no | |
wiki: no | |
when: gitlab_groups is not defined | |
- name: "Create Users Variable if missing" | |
set_fact: | |
gitlab_users: {} | |
when: gitlab_users is not defined | |
- name: "Create Projects Variable if missing" | |
set_fact: | |
gitlab_projects: {} | |
when: gitlab_projects is not defined | |
- name: Manage variables | |
set_fact: | |
internal_projects: |- | |
[ | |
{%- for group in gitlab_groups | default({}) | dict2items -%} | |
{%- set group_data = {'group': group.key} -%} | |
{%- for project in group.value.projects | default({}) | dict2items -%} | |
{"key": "{{ project.key }}", "value": {{ group_data | combine(project.value) }} }, | |
{% endfor -%} | |
{%- endfor -%} | |
{%- for project in gitlab_projects | default({}) | dict2items -%} | |
{"key": "{{ project.key }}", "value": {{ project.value }} }, | |
{%- endfor -%} | |
] | |
internal_users: |- | |
[ | |
{%- for group in gitlab_groups | default({}) | dict2items -%} | |
{%- set group_data = {'group': group.key} -%} | |
{%- for guser in group.value.users | default({}) | dict2items -%} | |
{"key": "{{ guser.key }}", "value": {{ group_data | combine(guser.value) }} }, | |
{% endfor -%} | |
{%- endfor -%} | |
{%- for guser in gitlab_users | default({}) | dict2items -%} | |
{"key": "{{ guser.key }}", "value": {{ guser.value }} }, | |
{% endfor -%} | |
] | |
- name: Ensure the right version of python-gitlab is installed | |
become: true | |
pip: | |
name: python-gitlab==1.12.1 | |
- name: Create Gitlab Groups | |
gitlab_group: | |
server_url: "{{ server }}" | |
# api_url: "{{ server }}" | |
api_token: "{{ token | default(omit) }}" | |
api_username: "{{ username | default(omit) }}" | |
api_password: "{{ password | default(omit) }}" | |
name: "{{ item.key }}" | |
path: "{{ item.value.path | default(item.key) }}" | |
state: "present" | |
visibility: "{{ item.value.is | default('public') }}" | |
loop: "{{ gitlab_groups | default({}) | dict2items }}" | |
loop_control: | |
label: "{{ item.key }}" | |
- name: Create Gitlab Projects | |
gitlab_project: | |
server_url: "{{ server }}" | |
# api_url: "{{ server }}" | |
api_token: "{{ token | default(omit) }}" | |
api_username: "{{ username | default(omit) }}" | |
api_password: "{{ password | default(omit) }}" | |
name: "{{ item.key }}" | |
path: "{{ item.value.path | default(omit) }}" | |
group: "{{ item.value.group | default(omit) }}" | |
description: "{{ item.value.description | default(omit) }}" | |
issues_enabled: "{{ item.value.issues | default('yes') }}" | |
merge_requests_enabled: "{{ item.value.merge_requests | default('yes') }}" | |
snippets_enabled: "{{ item.value.snippets | default('yes') }}" | |
visibility: "{{ item.value.is | default('public') }}" | |
wiki_enabled: "{{ item.value.wiki | default('yes') }}" | |
loop: "{{ internal_projects | default([]) }}" | |
loop_control: | |
label: "{{ item.key }}" | |
- name: Create Gitlab Users | |
gitlab_user: | |
server_url: "{{ server }}" | |
# api_url: "{{ server }}" | |
api_token: "{{ token | default(omit) }}" | |
api_username: "{{ username | default(omit) }}" | |
api_password: "{{ password | default(omit) }}" | |
username: "{{ item.key }}" | |
name: "{{ item.value.name | default(item.key) }}" | |
password: "{{ item.value.password | default(lookup('password', 'pw.' + item.key + '_password chars=ascii_letters,digits length=20')) }}" | |
email: "{{ item.value.email | default(item.key + '@gitlab') }}" | |
group: "{{ item.value.group | default(omit) }}" | |
confirm: no | |
# Options are: guest,reporter,developer,master,owner | |
access_level: "{% if item.value.group is defined %}{{ item.value.group_level | default('owner') }}{% else %}{{ omit }}{% endif %}" | |
state: present | |
loop: "{{ internal_users | default([]) }}" | |
loop_control: | |
label: "{{ item.key }}" | |
- name: List Users | |
debug: | |
msg: "{% for item in internal_users | default({}) %}{{ item.key }}: {{ item.value.password | default(lookup('password', 'pw.' + item.key + '_password chars=ascii_letters,digits length=20')) }}{% endfor %}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
- name: Install Gitlab | |
hosts: localhost | |
tasks: | |
- name: Install the Docker GPG Key | |
apt_key: | |
url: https://download.docker.com/linux/ubuntu/gpg | |
id: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88 | |
- name: Install the Docker repo | |
apt_repository: | |
repo: "deb [arch=amd64] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable" | |
state: present | |
filename: docker-ce | |
- name: Install required software via Apt | |
apt: | |
update_cache: yes | |
name: ['docker-ce', 'docker-ce-cli'] | |
force_apt_get: yes | |
- name: Install required software via Pip | |
pip: | |
name: ['docker', 'python-gitlab==1.12.1'] | |
state: present | |
# Based on https://gist.github.com/mikeifomin/67e233cd461331de16707ef59a07e372 | |
- name: Check if gitlab is up | |
uri: | |
url: "https://{{ ansible_fqdn }}/users/sign_in" | |
method: GET | |
validate_certs: no | |
register: gitlab_up | |
failed_when: false | |
changed_when: false | |
- name: Create Gitlab container | |
docker_container: | |
name: gitlab | |
image: gitlab/gitlab-ce:latest | |
restart: yes | |
restart_policy: always | |
state: started | |
published_ports: | |
- 0.0.0.0:443:443 | |
- 0.0.0.0:80:80 | |
- 0.0.0.0:2222:22 | |
env: | |
GITLAB_OMNIBUS_CONFIG: "external_url 'https://{{ system_fqdn | default(ansible_fqdn) }}/'; letsencrypt['enable'] = true" | |
hostname: gitlab | |
register: gitlab | |
when: gitlab_up.status != 200 and 'users/password/edit?reset_password_token=' not in gitlab_up.url | |
- name: Create Gitlab-Runner container | |
docker_container: | |
name: gitlab-runner | |
image: gitlab/gitlab-runner:latest | |
restart: yes | |
restart_policy: always | |
state: started | |
volumes: | |
- /opt/gitlab-runner:/etc/gitlab-runner | |
- /var/run/docker.sock:/var/run/docker.sock | |
# Based on https://gist.github.com/mikeifomin/67e233cd461331de16707ef59a07e372 | |
- name: Wait for gitlab to be up | |
uri: | |
url: "https://{{ ansible_fqdn }}/users/sign_in" | |
method: GET | |
validate_certs: no | |
register: _result | |
until: _result.status == 200 or 'users/password/edit?reset_password_token=' in _result.url | |
retries: 240 # retry X times | |
delay: 5 # pause for X sec b/w each call | |
- name: Add gitlab to inventory | |
add_host: | |
name: gitlab | |
ansible_connection: docker | |
changed_when: false | |
- name: Get gitlab tokens from inside the container | |
hosts: gitlab | |
gather_facts: false | |
tasks: | |
- name: Disable sign-up | |
shell: "/opt/gitlab/bin/gitlab-rails runner 'ApplicationSetting.last.update_attributes(signup_enabled: false)'" | |
register: disable_sign_up | |
- name: Set admin password | |
shell: | | |
/opt/gitlab/bin/gitlab-rails runner -e production "u = User.first | |
u.password_automatically_set = false | |
u.password = '{{ admin_password | default('password') }}' | |
u.password_confirmation = '{{ admin_password | default('password') }}' | |
u.save!" | |
register: set_admin_password | |
- name: Create admin token | |
shell: | | |
/opt/gitlab/bin/gitlab-rails runner -e production "u = User.first | |
t = PersonalAccessToken.new({ | |
user: u, | |
name: 'python-gitlab', | |
scopes: ['api', 'read_user', 'sudo'] | |
}) | |
t.save! | |
FileUtils.mkdir_p('/tmp') | |
File.write('/tmp/gitlab-root-personal-access-token.txt', t.token)" | |
args: | |
creates: /tmp/gitlab-root-personal-access-token.txt | |
register: create_admin_token | |
- name: Create Runner Token | |
shell: /opt/gitlab/bin/gitlab-rails runner -e production "File.write('/tmp/gitlab-runner-token.txt', ApplicationSetting.last.runners_registration_token)" | |
args: | |
creates: /tmp/gitlab-runner-token.txt | |
register: create_runner_token | |
- name: Get access token | |
slurp: | |
src: /tmp/gitlab-root-personal-access-token.txt | |
register: personalaccesstoken | |
- name: Get Runner Token | |
slurp: | |
src: /tmp/gitlab-runner-token.txt | |
register: runnertoken | |
- name: Post-install configuration | |
hosts: localhost | |
gather_facts: false | |
tasks: | |
- shell: docker run --rm -v /opt/gitlab-runner:/etc/gitlab-runner gitlab/gitlab-runner register --non-interactive --executor "docker" --docker-image alpine:latest --url "https://{{ system_fqdn | default(ansible_fqdn) }}/" --registration-token "{{ hostvars['gitlab'].runnertoken.content | b64decode }}" --description "docker-runner" --tag-list "docker,aws" --run-untagged="true" --locked="false" --access-level="not_protected" | |
- name: Write python-gitlab config file | |
copy: | |
dest: /root/.python-gitlab.cfg | |
content: | | |
[global] | |
default = local | |
ssl_verify = true | |
timeout = 5 | |
[local] | |
url = https://{{ system_fqdn | default(ansible_fqdn) }} | |
private_token = {{ hostvars['gitlab'].personalaccesstoken.content | b64decode }} | |
owner: root | |
group: root | |
mode: "0600" | |
- name: Create hostvars directory | |
file: | |
path: /tmp/gitlab-install/host_vars | |
state: directory | |
- name: Create hostvar file | |
copy: | |
dest: /tmp/gitlab-install/host_vars/localhost | |
content: | | |
--- | |
server: https://{{ system_fqdn | default(ansible_fqdn) }} | |
token: {{ hostvars['gitlab'].personalaccesstoken.content | b64decode }} | |
owner: root | |
group: root | |
mode: "0600" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment