Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Select Badges

Select Supported Platforms

RSS

omnibus-gitlab (9) Versions 0.3.0

Installs/Configures GitLab using omnibus-gitlab

Berkshelf/Librarian
Policyfile
Knife
cookbook 'omnibus-gitlab', '= 0.3.0'
cookbook 'omnibus-gitlab', '= 0.3.0', :supermarket
knife cookbook site install omnibus-gitlab
knife cookbook site download omnibus-gitlab
README
Dependencies
Changelog
Quality 0%

cookbook-omnibus-gitlab-cookbook

Install GitLab Community Edition or Enterprise Edition omnibus packages from packages.gitlab.com.

Supported Platforms

See packages.gitlab.com/gitlab/gitlab-ce.

Attributes

  • node['omnibus-gitlab']['package']['repo'] defaults to gitlab/gitlab-ce. Use gitlab/gitlab-ee for GitLab Enterprise Edition
  • node['omnibus-gitlab']['package']['name'] defaults to gitlab-ce. Use gitlab-ee for GitLab Enterprise Edition

For more available attributes see attributes/default.rb.

Examples

Install GitLab Community Edition 7.11.1~omnibus-1.

{
  "omnibus-gitlab": {
    "package": {
      "version": "7.11.1~omnibus-1"
    },
    "gitlab_rb": {
      "external_url": "http://gitlab.example.com"
    }
  }
}

Install GitLab Enterprise Edition 7.11.1~ee.omnibus-1.

{
  "omnibus-gitlab": {
    "package": {
      "repo": "gitlab/gitlab-ee",
      "name": "gitlab-ee",
      "version": "7.11.1~ee.omnibus-1"
    },
    "gitlab_rb": {
      "external_url": "http://gitlab.example.com"
    }
  }
}

Usage

omnibus-gitlab::default

Installs a GitLab omnibus package, renders /etc/gitlab/gitlab.rb, manages SSL certificates.

omnibus-gitlab::backup_cron_job

Create/remove a cron job for GitLab backups. Defaults to daily backups at 0:45.

Use 'gitlab.rb' to configure parameters like rotation and cloud uploads.

Examples

Disable backups of repositories and uploaded files:

{
  "omnibus-gitlab": {
    "backup_cron_job": {
      "skip": [
        "repositories",
        "uploads"
      ]
    }
  }
}

Run the backup script with progress messages:

{
  "omnibus-gitlab": {
    "backup_cron_job": {
      "silent": false
    }
  }
}

Secrets

Starting with version 0.3.0, this cookbook supports reading secrets from Chef Vault or Encrypted Data Bags.

Chef Vault

To get the cookbook to read a Chef Vault item, you need to specify chef_vault attribute with the name of the Vault.

Eg. In a role "gitlab-example-com" we can read secrets from Vault named gitlab-example-com:

{ "name": "gitlab-example-com",
  "default_attributes": {
    "omnibus-gitlab": {
      "chef_vault": "gitlab-example-com",
      "package": {
        "repo": "gitlab/gitlab-ce",
        "version": "7.14.1-ce.0"
      },
      "gitlab_rb": {
        "external_url": "http://gitlab.example.com"
        "gitlab_rb": {
          "gitlab-rails": {
            "secret_token": "Read from Vault."
          }
        }
      }
    }
  }
}

Chef Vault item will look similar to:

{
  "id": "_default",
  "omnibus-gitlab": {
    "gitlab_rb": {
      "gitlab-rails": {
        "secret_token": "12334qwerty"
      }
    }
  }
}

Encrypted Data Bag

To get the cookbook to read an Encrypted Data Bag item, you need to specify data_bag attribute with the name of the data bag. As a prerequisite, node needs to have the encrypted_data_bag_secret in /etc/chef/ directory in order to be able to decrypt the secrets.

Eg. In a role "gitlab-example-com" we can read secrets from Encrypted Data Bag named gitlab-example-com:

{ "name": "gitlab-example-com",
  "default_attributes": {
    "omnibus-gitlab": {
      "data_bag": "gitlab-example-com",
      "package": {
        "repo": "gitlab/gitlab-ce",
        "version": "7.14.1-ce.0"
      },
      "gitlab_rb": {
        "external_url": "http://gitlab.example.com"
        "gitlab_rb": {
          "gitlab-rails": {
            "secret_token": "Read from Data Bag."
          }
        }
      }
    }
  }
}

Encrypted data bag item will look similar to:

{
  "id": "_default",
  "omnibus-gitlab": {
    "gitlab_rb": {
      "gitlab-rails": {
        "secret_token": "12334qwerty"
      }
    }
  }
}

Contributing

  1. Fork the repository on GitLab.com
  2. Create a named feature branch (i.e. add-new-recipe)
  3. Write you change
  4. Write tests for your change (if applicable)
  5. Run the tests, ensuring they all pass
  6. Submit a Pull Request

License and Authors

Author:: Marin Jankovski (marin@gitlab.com) Author:: Jacob Vosmaer (jacob@gitlab.com)

Dependent cookbooks

gitlab-attributes-with-secrets >= 0.0.0

Contingent cookbooks

There are no cookbooks that are contingent upon this one.

0.2.0

  • Render omnibus-gitconfig in gitlab.rb
  • Update Vagrantfile for easier development
  • Switch from package file downloads to packages.gitlab.com

We no longer support entering a URL+SHA256 in the attributes to select the package that gets installed. Instead, we add packages.gitlab.com as an apt/yum repo and install the package with apt or yum. You can control which version gets installed with the node['omnibus-gitlab']['package']['version'] attribute.

GitLab CE:

{
  "omnibus-gitlab": {
    "package": {
      "version": "INSERT VERSION"
    }
  }
}

GitLab EE:

{
  "omnibus-gitlab": {
    "package": {
      "repo": "gitlab/gitlab-ee",
      "name": "gitlab-ee",
      "version": "INSERT VERSION"
    }
  }
}

0.1.3

  • Create the SSL key and certificate for GitLab CI

  • Also render ci_external_url and git_data_dir in gitlab.rb

0.1.2

  • Prevent storing secrets in the Chef node object

Cookbook-omnibus-gitlab allows you to keep secret Omnibus-gitLab settings (passwords, keys) in an encrypted data bag. These secrets then get decrypted during the Chef client run on your GitLab server. Due to a programming error, the cookbook-omnibus-gitlab would then send the plaintext secrets back to the Chef server to be stored in the node's database record. This defeats one of the purposes of using encrypted data bags, namely to keep plaintext secrets off of the Chef server.

In version 0.1.2 we make sure that the secrets stored in the encrypted data bag do not get sent back to the server.

If you have been using cookbook-omnibus-gitlab with an encrypted data bag you should upgrade to cookbook-omnibus-gitlab 0.1.2 or newer and inspect your GitLab nodes to look for secrets:

knife node show gitlab.example.com --format json

If some of your cookbook-omnibus-gitlab secrets got uploaded to the Chef server you can delete them from the node object using knife node edit gitlab.example.com after you upgrade cookbook-omnibus-gitlab to 0.1.2 or newer.

As an additional measure you may want to consider changing the affected passwords and keys.

0.1.1

0.1.0

Initial release of cookbook-omnibus-gitlab

Foodcritic Metric
            

0.3.0 failed this metric

FC009: Resource attribute not recognised: /tmp/cook/e86ee18c6f3bd3c82db89be4/omnibus-gitlab/recipes/default.rb:40
FC041: Execute resource used to run curl or wget commands: /tmp/cook/e86ee18c6f3bd3c82db89be4/omnibus-gitlab/recipes/default.rb:24
FC041: Execute resource used to run curl or wget commands: /tmp/cook/e86ee18c6f3bd3c82db89be4/omnibus-gitlab/recipes/default.rb:35