JonTheNiceGuy/create_gitlab_objects.yml Secret

## create_gitlab_objects.yml
---
- hosts: localhost
  gather_facts: false
  tasks:
  - name: "Check variables are defined"
    assert:
      quiet: true
      that:
      - server is defined
      - (token is defined and username is not defined and password is not defined) or (token is not defined and username is defined and password is defined)

  - name: "Create Groups Variable if missing"
    set_fact:
      gitlab_groups:
        default:
          users:
            spriggsj:
              name: Jon Spriggs
          projects:
            default:
              snippets: no
              wiki: no
    when: gitlab_groups is not defined

  - name: "Create Users Variable if missing"
    set_fact:
      gitlab_users: {}
    when: gitlab_users is not defined

  - name: "Create Projects Variable if missing"
    set_fact:
      gitlab_projects: {}
    when: gitlab_projects is not defined

  - name: Manage variables
    set_fact:
      internal_projects: |-
        [
          {%- for group in gitlab_groups | default({}) | dict2items -%}
            {%- set group_data = {'group': group.key} -%}
            {%- for project in group.value.projects | default({}) | dict2items -%}
              {"key": "{{ project.key }}", "value": {{ group_data | combine(project.value) }} },
            {% endfor -%}
          {%- endfor -%}
          {%- for project in gitlab_projects | default({}) | dict2items -%}
              {"key": "{{ project.key }}", "value": {{ project.value }} },
          {%- endfor -%}
        ]
      internal_users: |-
        [
          {%- for group in gitlab_groups | default({}) | dict2items -%}
            {%- set group_data = {'group': group.key} -%}
            {%- for guser in group.value.users | default({}) | dict2items -%}
              {"key": "{{ guser.key }}", "value": {{ group_data | combine(guser.value) }} },
            {% endfor -%}
          {%- endfor -%}
          {%- for guser in gitlab_users | default({}) | dict2items -%}
            {"key": "{{ guser.key }}", "value": {{ guser.value }} },
          {% endfor -%}
        ]

  - name: Ensure the right version of python-gitlab is installed
    become: true
    pip:
      name: python-gitlab==1.12.1

  - name: Create Gitlab Groups
    gitlab_group:
      server_url: "{{ server }}"
      # api_url: "{{ server }}"
      api_token: "{{ token | default(omit) }}"
      api_username: "{{ username | default(omit) }}"
      api_password: "{{ password | default(omit) }}"
      name: "{{ item.key }}"
      path: "{{ item.value.path | default(item.key) }}"
      state: "present"
      visibility: "{{ item.value.is | default('public') }}"
    loop: "{{ gitlab_groups | default({}) | dict2items }}"
    loop_control:
      label: "{{ item.key }}"

  - name: Create Gitlab Projects
    gitlab_project:
      server_url: "{{ server }}"
      # api_url: "{{ server }}"
      api_token: "{{ token | default(omit) }}"
      api_username: "{{ username | default(omit) }}"
      api_password: "{{ password | default(omit) }}"
      name: "{{ item.key }}"
      path: "{{ item.value.path | default(omit) }}"
      group: "{{ item.value.group | default(omit) }}"
      description: "{{ item.value.description | default(omit) }}"
      issues_enabled: "{{ item.value.issues | default('yes') }}"
      merge_requests_enabled: "{{ item.value.merge_requests | default('yes') }}"
      snippets_enabled: "{{ item.value.snippets | default('yes') }}"
      visibility: "{{ item.value.is | default('public') }}"
      wiki_enabled: "{{ item.value.wiki | default('yes') }}"
    loop: "{{ internal_projects | default([]) }}"
    loop_control:
      label: "{{ item.key }}"

  - name: Create Gitlab Users
    gitlab_user:
      server_url: "{{ server }}"
      # api_url: "{{ server }}"
      api_token: "{{ token | default(omit) }}"
      api_username: "{{ username | default(omit) }}"
      api_password: "{{ password | default(omit) }}"
      username: "{{ item.key }}"
      name: "{{ item.value.name | default(item.key) }}"
      password: "{{ item.value.password | default(lookup('password', 'pw.' + item.key + '_password chars=ascii_letters,digits length=20')) }}"
      email: "{{ item.value.email | default(item.key + '@gitlab') }}"
      group: "{{ item.value.group | default(omit) }}"
      confirm: no
      # Options are: guest,reporter,developer,master,owner
      access_level: "{% if item.value.group is defined %}{{ item.value.group_level | default('owner') }}{% else %}{{ omit }}{% endif %}"
      state: present
    loop: "{{ internal_users | default([]) }}"
    loop_control:
      label: "{{ item.key }}"

  - name: List Users
    debug:
      msg: "{% for item in internal_users | default({}) %}{{ item.key }}: {{ item.value.password | default(lookup('password', 'pw.' + item.key + '_password chars=ascii_letters,digits length=20')) }}{% endfor %}"

## install.yml
---
- name: Install Gitlab
  hosts: localhost
  tasks:
  - name: Install the Docker GPG Key
    apt_key:
      url: https://download.docker.com/linux/ubuntu/gpg
      id: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88

  - name: Install the Docker repo
    apt_repository:
      repo: "deb [arch=amd64] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable"
      state: present
      filename: docker-ce

  - name: Install required software via Apt
    apt:
      update_cache: yes
      name: ['docker-ce', 'docker-ce-cli']
      force_apt_get: yes

  - name: Install required software via Pip
    pip:
      name: ['docker', 'python-gitlab==1.12.1']
      state: present

  # Based on https://gist.github.com/mikeifomin/67e233cd461331de16707ef59a07e372
  - name: Check if gitlab is up
    uri:
      url: "https://{{ ansible_fqdn }}/users/sign_in"
      method: GET
      validate_certs: no
    register: gitlab_up
    failed_when: false
    changed_when: false

  - name: Create Gitlab container
    docker_container:
      name: gitlab
      image: gitlab/gitlab-ce:latest
      restart: yes
      restart_policy: always
      state: started
      published_ports:
      - 0.0.0.0:443:443
      - 0.0.0.0:80:80
      - 0.0.0.0:2222:22
      env:
        GITLAB_OMNIBUS_CONFIG: "external_url 'https://{{ system_fqdn | default(ansible_fqdn) }}/'; letsencrypt['enable'] = true"
      hostname: gitlab
    register: gitlab
    when: gitlab_up.status != 200 and 'users/password/edit?reset_password_token=' not in gitlab_up.url

  - name: Create Gitlab-Runner container
    docker_container:
      name: gitlab-runner
      image: gitlab/gitlab-runner:latest
      restart: yes
      restart_policy: always
      state: started
      volumes:
      - /opt/gitlab-runner:/etc/gitlab-runner
      - /var/run/docker.sock:/var/run/docker.sock

  # Based on https://gist.github.com/mikeifomin/67e233cd461331de16707ef59a07e372
  - name: Wait for gitlab to be up
    uri:
      url: "https://{{ ansible_fqdn }}/users/sign_in"
      method: GET
      validate_certs: no
    register: _result
    until: _result.status == 200 or 'users/password/edit?reset_password_token=' in _result.url
    retries: 240 # retry X times
    delay: 5 # pause for X sec b/w each call

  - name: Add gitlab to inventory
    add_host:
      name: gitlab
      ansible_connection: docker
    changed_when: false

- name: Get gitlab tokens from inside the container
  hosts: gitlab
  gather_facts: false
  tasks:
  - name: Disable sign-up
    shell: "/opt/gitlab/bin/gitlab-rails runner 'ApplicationSetting.last.update_attributes(signup_enabled: false)'"
    register: disable_sign_up

  - name: Set admin password
    shell: |
      /opt/gitlab/bin/gitlab-rails runner -e production "u = User.first
        u.password_automatically_set = false
        u.password = '{{ admin_password | default('password') }}'
        u.password_confirmation = '{{ admin_password | default('password') }}'
        u.save!"
    register: set_admin_password

  - name: Create admin token
    shell: |
      /opt/gitlab/bin/gitlab-rails runner -e production "u = User.first
      t = PersonalAccessToken.new({
        user: u,
        name: 'python-gitlab',
        scopes: ['api', 'read_user', 'sudo']
      })
      t.save!
      FileUtils.mkdir_p('/tmp')
      File.write('/tmp/gitlab-root-personal-access-token.txt', t.token)"
    args:
      creates: /tmp/gitlab-root-personal-access-token.txt
    register: create_admin_token

  - name: Create Runner Token
    shell: /opt/gitlab/bin/gitlab-rails runner -e production "File.write('/tmp/gitlab-runner-token.txt', ApplicationSetting.last.runners_registration_token)"
    args:
      creates: /tmp/gitlab-runner-token.txt
    register: create_runner_token

  - name: Get access token
    slurp:
      src: /tmp/gitlab-root-personal-access-token.txt
    register: personalaccesstoken

  - name: Get Runner Token
    slurp:
      src: /tmp/gitlab-runner-token.txt
    register: runnertoken

- name: Post-install configuration
  hosts: localhost
  gather_facts: false
  tasks:
  - shell: docker run --rm -v /opt/gitlab-runner:/etc/gitlab-runner gitlab/gitlab-runner register --non-interactive --executor "docker" --docker-image alpine:latest --url "https://{{ system_fqdn | default(ansible_fqdn) }}/" --registration-token "{{ hostvars['gitlab'].runnertoken.content | b64decode }}" --description "docker-runner" --tag-list "docker,aws" --run-untagged="true" --locked="false" --access-level="not_protected"

  - name: Write python-gitlab config file
    copy:
      dest: /root/.python-gitlab.cfg
      content: |
        [global]
        default = local
        ssl_verify = true
        timeout = 5
        [local]
        url = https://{{ system_fqdn | default(ansible_fqdn) }}
        private_token = {{ hostvars['gitlab'].personalaccesstoken.content | b64decode }}
      owner: root
      group: root
      mode: "0600"

  - name: Create hostvars directory
    file:
      path: /tmp/gitlab-install/host_vars
      state: directory

  - name: Create hostvar file
    copy:
      dest: /tmp/gitlab-install/host_vars/localhost
      content: |
        ---
        server: https://{{ system_fqdn | default(ansible_fqdn) }}
        token: {{ hostvars['gitlab'].personalaccesstoken.content | b64decode }}
      owner: root
      group: root
      mode: "0600"
	---
	- hosts: localhost
	gather_facts: false
	tasks:
	- name: "Check variables are defined"
	assert:
	quiet: true
	that:
	- server is defined
	- (token is defined and username is not defined and password is not defined) or (token is not defined and username is defined and password is defined)

	- name: "Create Groups Variable if missing"
	set_fact:
	gitlab_groups:
	default:
	users:
	spriggsj:
	name: Jon Spriggs
	projects:
	default:
	snippets: no
	wiki: no
	when: gitlab_groups is not defined

	- name: "Create Users Variable if missing"
	set_fact:
	gitlab_users: {}
	when: gitlab_users is not defined

	- name: "Create Projects Variable if missing"
	set_fact:
	gitlab_projects: {}
	when: gitlab_projects is not defined

	- name: Manage variables
	set_fact:
	internal_projects: \|-
	[
	{%- for group in gitlab_groups \| default({}) \| dict2items -%}
	{%- set group_data = {'group': group.key} -%}
	{%- for project in group.value.projects \| default({}) \| dict2items -%}
	{"key": "{{ project.key }}", "value": {{ group_data \| combine(project.value) }} },
	{% endfor -%}
	{%- endfor -%}
	{%- for project in gitlab_projects \| default({}) \| dict2items -%}
	{"key": "{{ project.key }}", "value": {{ project.value }} },
	{%- endfor -%}
	]
	internal_users: \|-
	[
	{%- for group in gitlab_groups \| default({}) \| dict2items -%}
	{%- set group_data = {'group': group.key} -%}
	{%- for guser in group.value.users \| default({}) \| dict2items -%}
	{"key": "{{ guser.key }}", "value": {{ group_data \| combine(guser.value) }} },
	{% endfor -%}
	{%- endfor -%}
	{%- for guser in gitlab_users \| default({}) \| dict2items -%}
	{"key": "{{ guser.key }}", "value": {{ guser.value }} },
	{% endfor -%}
	]

	- name: Ensure the right version of python-gitlab is installed
	become: true
	pip:
	name: python-gitlab==1.12.1

	- name: Create Gitlab Groups
	gitlab_group:
	server_url: "{{ server }}"
	# api_url: "{{ server }}"
	api_token: "{{ token \| default(omit) }}"
	api_username: "{{ username \| default(omit) }}"
	api_password: "{{ password \| default(omit) }}"
	name: "{{ item.key }}"
	path: "{{ item.value.path \| default(item.key) }}"
	state: "present"
	visibility: "{{ item.value.is \| default('public') }}"
	loop: "{{ gitlab_groups \| default({}) \| dict2items }}"
	loop_control:
	label: "{{ item.key }}"

	- name: Create Gitlab Projects
	gitlab_project:
	server_url: "{{ server }}"
	# api_url: "{{ server }}"
	api_token: "{{ token \| default(omit) }}"
	api_username: "{{ username \| default(omit) }}"
	api_password: "{{ password \| default(omit) }}"
	name: "{{ item.key }}"
	path: "{{ item.value.path \| default(omit) }}"
	group: "{{ item.value.group \| default(omit) }}"
	description: "{{ item.value.description \| default(omit) }}"
	issues_enabled: "{{ item.value.issues \| default('yes') }}"
	merge_requests_enabled: "{{ item.value.merge_requests \| default('yes') }}"
	snippets_enabled: "{{ item.value.snippets \| default('yes') }}"
	visibility: "{{ item.value.is \| default('public') }}"
	wiki_enabled: "{{ item.value.wiki \| default('yes') }}"
	loop: "{{ internal_projects \| default([]) }}"
	loop_control:
	label: "{{ item.key }}"

	- name: Create Gitlab Users
	gitlab_user:
	server_url: "{{ server }}"
	# api_url: "{{ server }}"
	api_token: "{{ token \| default(omit) }}"
	api_username: "{{ username \| default(omit) }}"
	api_password: "{{ password \| default(omit) }}"
	username: "{{ item.key }}"
	name: "{{ item.value.name \| default(item.key) }}"
	password: "{{ item.value.password \| default(lookup('password', 'pw.' + item.key + '_password chars=ascii_letters,digits length=20')) }}"
	email: "{{ item.value.email \| default(item.key + '@gitlab') }}"
	group: "{{ item.value.group \| default(omit) }}"
	confirm: no
	# Options are: guest,reporter,developer,master,owner
	access_level: "{% if item.value.group is defined %}{{ item.value.group_level \| default('owner') }}{% else %}{{ omit }}{% endif %}"
	state: present
	loop: "{{ internal_users \| default([]) }}"
	loop_control:
	label: "{{ item.key }}"

	- name: List Users
	debug:
	msg: "{% for item in internal_users \| default({}) %}{{ item.key }}: {{ item.value.password \| default(lookup('password', 'pw.' + item.key + '_password chars=ascii_letters,digits length=20')) }}{% endfor %}"
	---
	- name: Install Gitlab
	hosts: localhost
	tasks:
	- name: Install the Docker GPG Key
	apt_key:
	url: https://download.docker.com/linux/ubuntu/gpg
	id: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88

	- name: Install the Docker repo
	apt_repository:
	repo: "deb [arch=amd64] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable"
	state: present
	filename: docker-ce

	- name: Install required software via Apt
	apt:
	update_cache: yes
	name: ['docker-ce', 'docker-ce-cli']
	force_apt_get: yes

	- name: Install required software via Pip
	pip:
	name: ['docker', 'python-gitlab==1.12.1']
	state: present

	# Based on https://gist.github.com/mikeifomin/67e233cd461331de16707ef59a07e372
	- name: Check if gitlab is up
	uri:
	url: "https://{{ ansible_fqdn }}/users/sign_in"
	method: GET
	validate_certs: no
	register: gitlab_up
	failed_when: false
	changed_when: false

	- name: Create Gitlab container
	docker_container:
	name: gitlab
	image: gitlab/gitlab-ce:latest
	restart: yes
	restart_policy: always
	state: started
	published_ports:
	- 0.0.0.0:443:443
	- 0.0.0.0:80:80
	- 0.0.0.0:2222:22
	env:
	GITLAB_OMNIBUS_CONFIG: "external_url 'https://{{ system_fqdn \| default(ansible_fqdn) }}/'; letsencrypt['enable'] = true"
	hostname: gitlab
	register: gitlab
	when: gitlab_up.status != 200 and 'users/password/edit?reset_password_token=' not in gitlab_up.url

	- name: Create Gitlab-Runner container
	docker_container:
	name: gitlab-runner
	image: gitlab/gitlab-runner:latest
	restart: yes
	restart_policy: always
	state: started
	volumes:
	- /opt/gitlab-runner:/etc/gitlab-runner
	- /var/run/docker.sock:/var/run/docker.sock

	# Based on https://gist.github.com/mikeifomin/67e233cd461331de16707ef59a07e372
	- name: Wait for gitlab to be up
	uri:
	url: "https://{{ ansible_fqdn }}/users/sign_in"
	method: GET
	validate_certs: no
	register: _result
	until: _result.status == 200 or 'users/password/edit?reset_password_token=' in _result.url
	retries: 240 # retry X times
	delay: 5 # pause for X sec b/w each call

	- name: Add gitlab to inventory
	add_host:
	name: gitlab
	ansible_connection: docker
	changed_when: false

	- name: Get gitlab tokens from inside the container
	hosts: gitlab
	gather_facts: false
	tasks:
	- name: Disable sign-up
	shell: "/opt/gitlab/bin/gitlab-rails runner 'ApplicationSetting.last.update_attributes(signup_enabled: false)'"
	register: disable_sign_up

	- name: Set admin password
	shell: \|
	/opt/gitlab/bin/gitlab-rails runner -e production "u = User.first
	u.password_automatically_set = false
	u.password = '{{ admin_password \| default('password') }}'
	u.password_confirmation = '{{ admin_password \| default('password') }}'
	u.save!"
	register: set_admin_password

	- name: Create admin token
	shell: \|
	/opt/gitlab/bin/gitlab-rails runner -e production "u = User.first
	t = PersonalAccessToken.new({
	user: u,
	name: 'python-gitlab',
	scopes: ['api', 'read_user', 'sudo']
	})
	t.save!
	FileUtils.mkdir_p('/tmp')
	File.write('/tmp/gitlab-root-personal-access-token.txt', t.token)"
	args:
	creates: /tmp/gitlab-root-personal-access-token.txt
	register: create_admin_token

	- name: Create Runner Token
	shell: /opt/gitlab/bin/gitlab-rails runner -e production "File.write('/tmp/gitlab-runner-token.txt', ApplicationSetting.last.runners_registration_token)"
	args:
	creates: /tmp/gitlab-runner-token.txt
	register: create_runner_token

	- name: Get access token
	slurp:
	src: /tmp/gitlab-root-personal-access-token.txt
	register: personalaccesstoken

	- name: Get Runner Token
	slurp:
	src: /tmp/gitlab-runner-token.txt
	register: runnertoken

	- name: Post-install configuration
	hosts: localhost
	gather_facts: false
	tasks:
	- shell: docker run --rm -v /opt/gitlab-runner:/etc/gitlab-runner gitlab/gitlab-runner register --non-interactive --executor "docker" --docker-image alpine:latest --url "https://{{ system_fqdn \| default(ansible_fqdn) }}/" --registration-token "{{ hostvars['gitlab'].runnertoken.content \| b64decode }}" --description "docker-runner" --tag-list "docker,aws" --run-untagged="true" --locked="false" --access-level="not_protected"

	- name: Write python-gitlab config file
	copy:
	dest: /root/.python-gitlab.cfg
	content: \|
	[global]
	default = local
	ssl_verify = true
	timeout = 5
	[local]
	url = https://{{ system_fqdn \| default(ansible_fqdn) }}
	private_token = {{ hostvars['gitlab'].personalaccesstoken.content \| b64decode }}
	owner: root
	group: root
	mode: "0600"

	- name: Create hostvars directory
	file:
	path: /tmp/gitlab-install/host_vars
	state: directory

	- name: Create hostvar file
	copy:
	dest: /tmp/gitlab-install/host_vars/localhost
	content: \|
	---
	server: https://{{ system_fqdn \| default(ansible_fqdn) }}
	token: {{ hostvars['gitlab'].personalaccesstoken.content \| b64decode }}
	owner: root
	group: root
	mode: "0600"