cookbook 'omnibus-gitlab', '= 0.3.16'
omnibus-gitlab (11) Versions 0.3.16 Follow8
Installs/Configures GitLab using omnibus-gitlab
cookbook 'omnibus-gitlab', '= 0.3.16', :supermarket
knife supermarket install omnibus-gitlab
knife supermarket download omnibus-gitlab
cookbook-omnibus-gitlab-cookbook
Install GitLab Community Edition or Enterprise Edition omnibus packages from
packages.gitlab.com.
Depends on: https://gitlab.com/gitlab-cookbooks/gitlab-vault
Supported versions
Latest version of this cookbook should be able to support installation of all versions of packages listed on packages.gitlab.com/gitlab/ .
Supported Platforms
See packages.gitlab.com/gitlab/gitlab-ce.
Attributes
-
node['omnibus-gitlab']['package']['repo']
defaults togitlab/gitlab-ce
. Usegitlab/gitlab-ee
for GitLab Enterprise Edition -
node['omnibus-gitlab']['package']['name']
defaults togitlab-ce
. Usegitlab-ee
for GitLab Enterprise Edition
For more available attributes see attributes/default.rb
.
Examples
Install GitLab Community Edition 7.11.1~omnibus-1
.
{
"omnibus-gitlab": {
"package": {
"version": "7.11.1~omnibus-1"
},
"gitlab_rb": {
"external_url": "http://gitlab.example.com"
}
}
}
Install GitLab Enterprise Edition 7.11.1~ee.omnibus-1
.
{
"omnibus-gitlab": {
"package": {
"repo": "gitlab/gitlab-ee",
"name": "gitlab-ee",
"version": "7.11.1~ee.omnibus-1"
},
"gitlab_rb": {
"external_url": "http://gitlab.example.com"
}
}
}
Usage
omnibus-gitlab::default
Installs a GitLab omnibus package, renders /etc/gitlab/gitlab.rb
, manages SSL
certificates.
omnibus-gitlab::backup_cron_job
Create/remove a cron job for GitLab backups. Defaults to daily backups at 0:30.
Use 'gitlab.rb' to configure parameters like rotation and cloud uploads.
Examples
Disable backups of repositories and uploaded files:
{
"omnibus-gitlab": {
"backup_cron_job": {
"skip": [
"repositories",
"uploads"
]
}
}
}
Run the backup script with progress messages:
{
"omnibus-gitlab": {
"backup_cron_job": {
"silent": false
}
}
}
Secrets
Starting with version 0.3.0, this cookbook supports reading secrets from Chef Vault or Encrypted Data Bags.
Chef Vault
To get the cookbook to read a Chef Vault item, you need to specify chef_vault
attribute with the name of the Vault.
Eg. In a role "gitlab-example-com" we can read secrets from Vault named gitlab-example-com
:
{ "name": "gitlab-example-com", "default_attributes": { "omnibus-gitlab": { "chef_vault": "gitlab-example-com", "package": { "repo": "gitlab/gitlab-ce", "version": "7.14.1-ce.0" }, "gitlab_rb": { "external_url": "http://gitlab.example.com" "gitlab_rb": { "gitlab-rails": { "secret_token": "Read from Vault." } } } } } }
Chef Vault item will look similar to:
{ "id": "_default", "omnibus-gitlab": { "gitlab_rb": { "gitlab-rails": { "secret_token": "12334qwerty" } } } }
Encrypted Data Bag
To get the cookbook to read an Encrypted Data Bag item, you need to specify data_bag
attribute with the name of the data bag. As a prerequisite, node needs to have the encrypted_data_bag_secret
in /etc/chef/
directory in order to be able to decrypt the secrets.
Eg. In a role "gitlab-example-com" we can read secrets from Encrypted Data Bag named gitlab-example-com
:
{ "name": "gitlab-example-com", "default_attributes": { "omnibus-gitlab": { "data_bag": "gitlab-example-com", "package": { "repo": "gitlab/gitlab-ce", "version": "7.14.1-ce.0" }, "gitlab_rb": { "external_url": "http://gitlab.example.com" "gitlab_rb": { "gitlab-rails": { "secret_token": "Read from Data Bag." } } } } } }
Encrypted data bag item will look similar to:
{ "id": "_default", "omnibus-gitlab": { "gitlab_rb": { "gitlab-rails": { "secret_token": "12334qwerty" } } } }
Contributing
- Fork the repository on GitLab.com
- Create a named feature branch (i.e.
add-new-recipe
) - Write you change
- Write tests for your change (if applicable)
- Run the tests, ensuring they all pass
- Submit a Pull Request
License and Authors
Author:: Marin Jankovski (marin@gitlab.com)
Author:: Jacob Vosmaer (jacob@gitlab.com)
Dependent cookbooks
gitlab-vault >= 0.0.0 |
apt >= 0.0.0 |
Contingent cookbooks
There are no cookbooks that are contingent upon this one.
0.3.16
- Allow disabling all prometheus services with prometheus_monitoring option
- Fix certificate non nil checks (Evan Felix)
0.3.15
- Remove deprecated standalone CI configuration
0.3.14
- Add log option for cronjob
0.3.13
- Add pre_command for backup cronjob
0.3.12
- Add sidekiq-cluster service
0.3.11
- Add key attribute for private repositories
0.3.10
- Fix CHEF-3694 with apt
0.3.9
0.3.8
- Cleanup munin recipes and files, they don't belong here
0.3.7
- Remove the custom header added in 0.3.6.
- Update Cronic version checksum (Evan Felix)
- Configurable package timeout setting (Jan Skarvall)
0.3.6
- Add custom header to the registry config to work around a docker issue.
0.3.5
- Remove quotes around the storage information in gitlab.rb.erb
0.3.4
- Support for multiple storage shards
0.3.3
- Support for Container Registry config
0.3.2
- Support for GitLab pages config
0.3.1
- Support for mailroom service
- Support for gitlab-workhorse(name change from gitlab-git-http-server)
0.3.0
- Support gitlab-git-http-server config
- Support mattermost config
- Support for secrets stored in Chef Vault
0.2.0
- Render omnibus-gitconfig in gitlab.rb
- Update Vagrantfile for easier development
- Switch from package file downloads to packages.gitlab.com
We no longer support entering a URL+SHA256 in the attributes to select the
package that gets installed. Instead, we add packages.gitlab.com as an apt/yum
repo and install the package with apt or yum. You can control which version
gets installed with the node['omnibus-gitlab']['package']['version']
attribute.
GitLab CE:
{
"omnibus-gitlab": {
"package": {
"version": "INSERT VERSION"
}
}
}
GitLab EE:
{
"omnibus-gitlab": {
"package": {
"repo": "gitlab/gitlab-ee",
"name": "gitlab-ee",
"version": "INSERT VERSION"
}
}
}
0.1.3
Create the SSL key and certificate for GitLab CI
Also render ci_external_url and git_data_dir in gitlab.rb
0.1.2
- Prevent storing secrets in the Chef node object
Cookbook-omnibus-gitlab allows you to keep secret Omnibus-gitLab settings
(passwords, keys) in an encrypted data bag. These secrets then get decrypted
during the Chef client run on your GitLab server. Due to a programming error,
the cookbook-omnibus-gitlab would then send the plaintext secrets back to the
Chef server to be stored in the node's database record. This defeats one of the
purposes of using encrypted data bags, namely to keep plaintext secrets off of
the Chef server.
In version 0.1.2 we make sure that the secrets stored in the encrypted data bag
do not get sent back to the server.
If you have been using cookbook-omnibus-gitlab with an encrypted data bag you
should upgrade to cookbook-omnibus-gitlab 0.1.2 or newer and inspect your
GitLab nodes to look for secrets:
knife node show gitlab.example.com --format json
If some of your cookbook-omnibus-gitlab secrets got uploaded to the Chef server
you can delete them from the node object using knife node edit
after you upgrade cookbook-omnibus-gitlab to 0.1.2 or
gitlab.example.com
newer.
As an additional measure you may want to consider changing the affected
passwords and keys.
0.1.1
0.1.0
Initial release of cookbook-omnibus-gitlab
Collaborator Number Metric
0.3.16 failed this metric
Failure: Cookbook has 1 collaborators. A cookbook must have at least 2 collaborators to pass this metric.
Contributing File Metric
0.3.16 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
Foodcritic Metric
0.3.16 failed this metric
FC009: Resource attribute not recognised: omnibus-gitlab/recipes/default.rb:42
FC066: Ensure chef_version is set in metadata: omnibus-gitlab/metadata.rb:1
FC067: Ensure at least one platform supported in metadata: omnibus-gitlab/metadata.rb:1
Run with Foodcritic Version 16.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
No Binaries Metric
0.3.16 passed this metric
Testing File Metric
0.3.16 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
0.3.16 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
0.3.16 failed this metric
0.3.16 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
Foodcritic Metric
0.3.16 failed this metric
FC009: Resource attribute not recognised: omnibus-gitlab/recipes/default.rb:42
FC066: Ensure chef_version is set in metadata: omnibus-gitlab/metadata.rb:1
FC067: Ensure at least one platform supported in metadata: omnibus-gitlab/metadata.rb:1
Run with Foodcritic Version 16.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
No Binaries Metric
0.3.16 passed this metric
Testing File Metric
0.3.16 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
0.3.16 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
0.3.16 failed this metric
FC066: Ensure chef_version is set in metadata: omnibus-gitlab/metadata.rb:1
FC067: Ensure at least one platform supported in metadata: omnibus-gitlab/metadata.rb:1
Run with Foodcritic Version 16.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
0.3.16 passed this metric
Testing File Metric
0.3.16 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
0.3.16 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
0.3.16 failed this metric
0.3.16 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number