Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Select Badges

Select Supported Platforms

Select Status

RSS

omnibus-gitlab (11) Versions 0.3.16

Installs/Configures GitLab using omnibus-gitlab

Policyfile
Berkshelf
Knife
cookbook 'omnibus-gitlab', '= 0.3.16', :supermarket
cookbook 'omnibus-gitlab', '= 0.3.16'
knife supermarket install omnibus-gitlab
knife supermarket download omnibus-gitlab
README
Dependencies
Changelog
Quality 17%

cookbook-omnibus-gitlab-cookbook

Install GitLab Community Edition or Enterprise Edition omnibus packages from
packages.gitlab.com.

Depends on: https://gitlab.com/gitlab-cookbooks/gitlab-vault

Supported versions

Latest version of this cookbook should be able to support installation of all versions of packages listed on packages.gitlab.com/gitlab/ .

Supported Platforms

See packages.gitlab.com/gitlab/gitlab-ce.

Attributes

  • node['omnibus-gitlab']['package']['repo'] defaults to gitlab/gitlab-ce. Use gitlab/gitlab-ee for GitLab Enterprise Edition
  • node['omnibus-gitlab']['package']['name'] defaults to gitlab-ce. Use gitlab-ee for GitLab Enterprise Edition

For more available attributes see attributes/default.rb.

Examples

Install GitLab Community Edition 7.11.1~omnibus-1.

{
  "omnibus-gitlab": {
    "package": {
      "version": "7.11.1~omnibus-1"
    },
    "gitlab_rb": {
      "external_url": "http://gitlab.example.com"
    }
  }
}

Install GitLab Enterprise Edition 7.11.1~ee.omnibus-1.

{
  "omnibus-gitlab": {
    "package": {
      "repo": "gitlab/gitlab-ee",
      "name": "gitlab-ee",
      "version": "7.11.1~ee.omnibus-1"
    },
    "gitlab_rb": {
      "external_url": "http://gitlab.example.com"
    }
  }
}

Usage

omnibus-gitlab::default

Installs a GitLab omnibus package, renders /etc/gitlab/gitlab.rb, manages SSL
certificates.

omnibus-gitlab::backup_cron_job

Create/remove a cron job for GitLab backups. Defaults to daily backups at 0:30.

Use 'gitlab.rb' to configure parameters like rotation and cloud uploads.

Examples

Disable backups of repositories and uploaded files:

{
  "omnibus-gitlab": {
    "backup_cron_job": {
      "skip": [
        "repositories",
        "uploads"
      ]
    }
  }
}

Run the backup script with progress messages:

{
  "omnibus-gitlab": {
    "backup_cron_job": {
      "silent": false
    }
  }
}

Secrets

Starting with version 0.3.0, this cookbook supports reading secrets from Chef Vault or Encrypted Data Bags.

Chef Vault

To get the cookbook to read a Chef Vault item, you need to specify chef_vault attribute with the name of the Vault.

Eg. In a role "gitlab-example-com" we can read secrets from Vault named gitlab-example-com:

{ "name": "gitlab-example-com",
  "default_attributes": {
    "omnibus-gitlab": {
      "chef_vault": "gitlab-example-com",
      "package": {
        "repo": "gitlab/gitlab-ce",
        "version": "7.14.1-ce.0"
      },
      "gitlab_rb": {
        "external_url": "http://gitlab.example.com"
        "gitlab_rb": {
          "gitlab-rails": {
            "secret_token": "Read from Vault."
          }
        }
      }
    }
  }
}

Chef Vault item will look similar to:

{
  "id": "_default",
  "omnibus-gitlab": {
    "gitlab_rb": {
      "gitlab-rails": {
        "secret_token": "12334qwerty"
      }
    }
  }
}

Encrypted Data Bag

To get the cookbook to read an Encrypted Data Bag item, you need to specify data_bag attribute with the name of the data bag. As a prerequisite, node needs to have the encrypted_data_bag_secret in /etc/chef/ directory in order to be able to decrypt the secrets.

Eg. In a role "gitlab-example-com" we can read secrets from Encrypted Data Bag named gitlab-example-com:

{ "name": "gitlab-example-com",
  "default_attributes": {
    "omnibus-gitlab": {
      "data_bag": "gitlab-example-com",
      "package": {
        "repo": "gitlab/gitlab-ce",
        "version": "7.14.1-ce.0"
      },
      "gitlab_rb": {
        "external_url": "http://gitlab.example.com"
        "gitlab_rb": {
          "gitlab-rails": {
            "secret_token": "Read from Data Bag."
          }
        }
      }
    }
  }
}

Encrypted data bag item will look similar to:

{
  "id": "_default",
  "omnibus-gitlab": {
    "gitlab_rb": {
      "gitlab-rails": {
        "secret_token": "12334qwerty"
      }
    }
  }
}

Contributing

  1. Fork the repository on GitLab.com
  2. Create a named feature branch (i.e. add-new-recipe)
  3. Write you change
  4. Write tests for your change (if applicable)
  5. Run the tests, ensuring they all pass
  6. Submit a Pull Request

License and Authors

Author:: Marin Jankovski (marin@gitlab.com)
Author:: Jacob Vosmaer (jacob@gitlab.com)

Dependent cookbooks

gitlab-vault >= 0.0.0
apt >= 0.0.0

Contingent cookbooks

There are no cookbooks that are contingent upon this one.

0.3.16

  • Allow disabling all prometheus services with prometheus_monitoring option
  • Fix certificate non nil checks (Evan Felix)

0.3.15

  • Remove deprecated standalone CI configuration

0.3.14

  • Add log option for cronjob

0.3.13

  • Add pre_command for backup cronjob

0.3.12

  • Add sidekiq-cluster service

0.3.11

  • Add key attribute for private repositories

0.3.10

  • Fix CHEF-3694 with apt

0.3.9

0.3.8

  • Cleanup munin recipes and files, they don't belong here

0.3.7

  • Remove the custom header added in 0.3.6.
  • Update Cronic version checksum (Evan Felix)
  • Configurable package timeout setting (Jan Skarvall)

0.3.6

  • Add custom header to the registry config to work around a docker issue.

0.3.5

  • Remove quotes around the storage information in gitlab.rb.erb

0.3.4

  • Support for multiple storage shards

0.3.3

  • Support for Container Registry config

0.3.2

  • Support for GitLab pages config

0.3.1

  • Support for mailroom service
  • Support for gitlab-workhorse(name change from gitlab-git-http-server)

0.3.0

  • Support gitlab-git-http-server config
  • Support mattermost config
  • Support for secrets stored in Chef Vault

0.2.0

  • Render omnibus-gitconfig in gitlab.rb
  • Update Vagrantfile for easier development
  • Switch from package file downloads to packages.gitlab.com

We no longer support entering a URL+SHA256 in the attributes to select the
package that gets installed. Instead, we add packages.gitlab.com as an apt/yum
repo and install the package with apt or yum. You can control which version
gets installed with the node['omnibus-gitlab']['package']['version']
attribute.

GitLab CE:

{
  "omnibus-gitlab": {
    "package": {
      "version": "INSERT VERSION"
    }
  }
}

GitLab EE:

{
  "omnibus-gitlab": {
    "package": {
      "repo": "gitlab/gitlab-ee",
      "name": "gitlab-ee",
      "version": "INSERT VERSION"
    }
  }
}

0.1.3

  • Create the SSL key and certificate for GitLab CI

  • Also render ci_external_url and git_data_dir in gitlab.rb

0.1.2

  • Prevent storing secrets in the Chef node object

Cookbook-omnibus-gitlab allows you to keep secret Omnibus-gitLab settings
(passwords, keys) in an encrypted data bag. These secrets then get decrypted
during the Chef client run on your GitLab server. Due to a programming error,
the cookbook-omnibus-gitlab would then send the plaintext secrets back to the
Chef server to be stored in the node's database record. This defeats one of the
purposes of using encrypted data bags, namely to keep plaintext secrets off of
the Chef server.

In version 0.1.2 we make sure that the secrets stored in the encrypted data bag
do not get sent back to the server.

If you have been using cookbook-omnibus-gitlab with an encrypted data bag you
should upgrade to cookbook-omnibus-gitlab 0.1.2 or newer and inspect your
GitLab nodes to look for secrets:

knife node show gitlab.example.com --format json

If some of your cookbook-omnibus-gitlab secrets got uploaded to the Chef server
you can delete them from the node object using knife node edit
gitlab.example.com
after you upgrade cookbook-omnibus-gitlab to 0.1.2 or
newer.

As an additional measure you may want to consider changing the affected
passwords and keys.

0.1.1

0.1.0

Initial release of cookbook-omnibus-gitlab

Collaborator Number Metric
            

0.3.16 failed this metric

Failure: Cookbook has 1 collaborators. A cookbook must have at least 2 collaborators to pass this metric.

Contributing File Metric
            

0.3.16 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file

Foodcritic Metric
            

0.3.16 failed this metric

FC009: Resource attribute not recognised: omnibus-gitlab/recipes/default.rb:42
FC066: Ensure chef_version is set in metadata: omnibus-gitlab/metadata.rb:1
FC067: Ensure at least one platform supported in metadata: omnibus-gitlab/metadata.rb:1
Run with Foodcritic Version 16.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any

No Binaries Metric
            

0.3.16 passed this metric

Testing File Metric
            

0.3.16 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file

Version Tag Metric
            

0.3.16 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number