From f49c6141be0650f5dbb8bc6b6ed944262ecd9d57 Mon Sep 17 00:00:00 2001
From: jurgenhaas <juergen@paragon-es.de>
Date: Tue, 21 Jul 2015 13:01:40 +0200
Subject: [PATCH] Capture files and links from first manual installation
---
README.md | 21 ++++-
defaults/main.yml | 4 +
meta/main.yml | 6 ++
tasks/main.yml | 210 ++++++++++++++++++++++++++++++++++++++++++
templates/default | 45 +++++++++
templates/default-ssl | 83 +++++++++++++++++
6 files changed, 368 insertions(+), 1 deletion(-)
create mode 100644 defaults/main.yml
create mode 100644 meta/main.yml
create mode 100644 tasks/main.yml
create mode 100644 templates/default
create mode 100644 templates/default-ssl
diff --git a/README.md b/README.md
index 081ce6c..66c4ade 100644
--- a/README.md
+++ b/README.md
@@ -1 +1,20 @@
-Installs GitLab Community Edition
\ No newline at end of file
+Installs GitLab Community Edition
+
+Links:
+
+- GitLab Install on Ubuntu 12.04: https://about.gitlab.com/downloads
+-- sudo apt-get install curl openssh-server ca-certificates postfix
+-- curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.deb.sh | sudo bash
+-- sudo apt-get install gitlab-ce
+-- sudo nano /etc/gitlab/gitlab.rb
+-- sudo gitlab-ctl restart
+-- Configure Apache
+-- sudo gitlab-ctl reconfigure
+-- sudo service apache2 restart
+--- Username: root
+--- Password: 5iveL!fe
+- Trouble Shooting: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/README.md
+- Blog Install GitLab: http://paulshipley.id.au/blog/coding-tips/install-gitlab-on-ubuntu-14-04-using-apache2
+- GitLab / SSL / Apache: https://gitlab.com/gitlab-org/gitlab-recipes/blob/master/web-server/apache/gitlab-ssl.conf
+- GitLab other webserver: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/nginx.md
+- Ansible Sample: https://gitlab.xarif.de/thomass/ansible_roles/tree/master/thomass.gitlab
diff --git a/defaults/main.yml b/defaults/main.yml
new file mode 100644
index 0000000..89968b0
--- /dev/null
+++ b/defaults/main.yml
@@ -0,0 +1,4 @@
+gitlab_config_host: localhost
+gitlab_config_email_from: example@example.com
+gitlab_config_email_display_name: GitLab
+gitlab_config_email_reply_to: noreply@example.com
diff --git a/meta/main.yml b/meta/main.yml
new file mode 100644
index 0000000..ef91fba
--- /dev/null
+++ b/meta/main.yml
@@ -0,0 +1,6 @@
+---
+dependencies:
+ - { role: common }
+ - { role: ruby }
+ - { role: redis, redis_config_portListening: false, redis_config_socketListening: true }
+ - { role: postgresql }
diff --git a/tasks/main.yml b/tasks/main.yml
new file mode 100644
index 0000000..6b3fb55
--- /dev/null
+++ b/tasks/main.yml
@@ -0,0 +1,210 @@
+---
+- name: install prerequisites
+ sudo: yes
+ apt:
+ name: "{{ item}}"
+ state: present
+ with_items:
+ - libgdbm-dev
+ - libncurses5-dev
+ - openssh-server
+ - checkinstall
+ - libxslt-dev
+ - libicu-dev
+ - logrotate
+ - python-docutils
+ - pkg-config
+ - cmake
+ - libkrb5-dev
+ - nodejs
+ - git-core
+ - postfix
+ - postgresql
+ - postgresql-client
+ - libpq-dev
+ - nginx
+
+- name: create git user
+ sudo: yes
+ user:
+ name: git
+ comment: "GitLab"
+ groups: redis
+ state: present
+
+- name: configure git
+ sudo: yes
+ copy:
+ src: gitconfig
+ dest: /home/git/.gitconfig
+ owner: git
+ group: git
+ mode: 0664
+
+- name: create database user
+ sudo: yes
+ sudo_user: postgres
+ postgresql_user:
+ name: git
+ role_attr_flags: CREATEDB
+ state: present
+
+- name: create database table
+ sudo: yes
+ sudo_user: postgres
+ postgresql_db:
+ name: gitlabhq_production
+ owner: git
+ state: present
+
+- name: clone gitlab source
+ sudo: yes
+ sudo_user: git
+ git:
+ repo: https://gitlab.com/gitlab-org/gitlab-ce.git
+ version: 7-12-stable
+ dest: /home/git/gitlab
+ register: result
+
+- name: update config files
+ command: "cp {{ item }}.example {{ item }}"
+ args:
+ chdir: /home/git/gitlab/config
+ with_items:
+ - gitlab.yml
+ - unicorn.rb
+ - initializers/rack_attack.rb
+ - resque.yml
+ when: result | changed
+
+- name: copy database config file
+ copy:
+ src: database.yml
+ dest: /home/git/gitlab/config/database.yml
+ owner: git
+ group: git
+
+- name: configure gitlab.yml
+ replace:
+ dest: /home/git/gitlab/config/gitlab.yml
+ regexp: '(\s*{{ item.key }}{{":"}}).*'
+ replace: '\1 {{ item.value }}'
+ with_items:
+ - { key: "host" , value: "{{ gitlab_config_host }}" }
+ - { key: "email_from" , value: "{{ gitlab_config_email_from }}" }
+ - { key: "email_display_name" , value: "{{ gitlab_config_email_display_name }}" }
+ - { key: "email_reply_to" , value: "{{ gitlab_config_email_reply_to }}" }
+
+- name: setup folder permissions
+ sudo: yes
+ file:
+ path: "{{ item }}"
+ state: directory
+ owner: git
+ mode: u+rwX
+ recurse: yes
+ with_items:
+ - /home/git/gitlab/log
+ - /home/git/gitlab/tmp
+ - /home/git/gitlab/public/uploads
+ - /home/git/gitlab-satellites
+
+- name: reduce permissions for log directory
+ sudo: yes
+ file:
+ path: /home/git/gitlab/log
+ mode: go-w
+
+- name: reduce permissions for database config
+ sudo: yes
+ file:
+ path: /home/git/gitlab/config/database.yml
+ mode: o-rwx
+
+- name: reduce permissions for gitlab-satellites directory
+ sudo: yes
+ file:
+ path: /home/git/gitlab-satellites
+ mode: g=rx,o-rwx
+
+- name: install gems
+ sudo: yes
+ sudo_user: git
+ command: bundle install -j8 --deployment --without development test mysql aws kerberos
+ args:
+ chdir: /home/git/gitlab
+ when: result | changed
+
+- name: install gitlab shell
+ sudo: yes
+ sudo_user: git
+ command: bundle exec rake gitlab:shell:install[v2.6.3] REDIS_URL=unix:/var/run/redis/redis.sock RAILS_ENV=production
+ args:
+ chdir: /home/git/gitlab
+ when: result | changed
+
+- name: initialize database
+ sudo: yes
+ sudo_user: git
+ command: echo yes | bundle exec rake gitlab:setup RAILS_ENV=production
+ args:
+ chdir: /home/git/gitlab
+ when: result | changed
+
+- name: install the init script
+ command: cp /home/git/gitlab/lib/support/init.d/gitlab /etc/init.d/gitlab
+ args:
+ creates: /etc/init.d/gitlab
+
+- name: make gitlab start on boot
+ service:
+ name: gitlab
+ enabled: yes
+
+- name: setup logrotate
+ sudo: yes
+ command: cp /home/git/gitlab/lib/support/logrotate/gitlab /etc/logrotate.d/gitlab
+ args:
+ creates: /etc/logrotate.d/gitlab
+
+- name: compile assets
+ sudo: yes
+ sudo_user: git
+ command: bundle exec rake assets:precompile RAILS_ENV=production
+ args:
+ chdir: /home/git/gitlab
+ when: result | changed
+
+- name: start gitlab instance
+ sudo: yes
+ service:
+ name: gitlab
+ state: running
+
+- name: copy nginx configuration from gitlab
+ sudo: yes
+ command: cp /home/git/gitlab/lib/support/nginx/gitlab /etc/nginx/sites-available/gitlab
+ args:
+ creates: /etc/nginx/sites-available/gitlab
+
+- name: activate nginx gitlab site
+ sudo: yes
+ command: ln -s /etc/nginx/sites-available/gitlab /etc/nginx/sites-enabled/gitlab
+ args:
+ creates: /etc/nginx/sites-enabled/gitlab
+
+- name: deactivate nginx default site
+ sudo: yes
+ command: rm -f /etc/nginx/sites-enabled/default
+
+- name: set FQND in gitlab config
+ replace:
+ dest: /etc/nginx/sites-enabled/gitlab
+ regexp: YOUR_SERVER_FQDN
+ replace: "{{ gitlab_config_host }}"
+
+- name: restart nginx
+ sudo: yes
+ service:
+ name: nginx
+ state: restarted
diff --git a/templates/default b/templates/default
new file mode 100644
index 0000000..6e6eca1
--- /dev/null
+++ b/templates/default
@@ -0,0 +1,45 @@
+<VirtualHost *:80>
+ ServerAdmin admin@paragon-es.de
+ DocumentRoot /var/www
+
+ <Directory /var/www>
+ Allow from all
+ Options -MultiViews
+ </Directory>
+
+ ErrorLog /var/log/apache2/error.log
+ LogLevel warn
+ CustomLog /var/log/apache2/access.log combined
+</VirtualHost>
+
+<VirtualHost *:80>
+ ServerName gitlab.paragon-es.de
+ ServerSignature Off
+
+ RewriteEngine on
+ RewriteCond %{HTTPS} !=on
+ RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [NE,R,L]
+</VirtualHost>
+
+<VirtualHost *:80>
+ ServerName xyoutrack.paragon-es.de
+ ServerSignature Off
+
+ RewriteEngine on
+ RewriteCond %{HTTPS} !=on
+ RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [NE,R,L]
+</VirtualHost>
+
+<VirtualHost *:80>
+ ServerName youtrack.paragon-es.de
+ ServerSignature Off
+
+ ProxyRequests Off
+ <Proxy *:80>
+ Order deny,allow
+ Allow from all
+ </Proxy>
+ ProxyPass / http://127.0.0.1:8085/
+ ProxyPassReverse / http://127.0.0.1:8085/
+</VirtualHost>
+
diff --git a/templates/default-ssl b/templates/default-ssl
new file mode 100644
index 0000000..cc4d3e1
--- /dev/null
+++ b/templates/default-ssl
@@ -0,0 +1,83 @@
+NameVirtualHost *:443
+
+<VirtualHost _default_:443>
+ ServerName gitlab.paragon-es.de
+ ServerAdmin admin@paragon-es.de
+ ServerSignature Off
+ DocumentRoot /var/opt/gitlab
+
+ ProxyPreserveHost On
+ AllowEncodedSlashes NoDecode
+ RequestHeader set X_FORWARDED_PROTO 'https'
+
+ ProxyPass / http://127.0.0.1:8888/
+ ProxyPassReverse / http://127.0.0.1:8888/
+
+ ErrorLog ${APACHE_LOG_DIR}/gitlab-error.log
+ LogLevel warn
+ LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
+ SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
+ CustomLog ${APACHE_LOG_DIR}/gitlab_ssl_access.log combined env=!forwarded
+ CustomLog ${APACHE_LOG_DIR}/gitlab_ssl_access.log proxy env=forwarded
+
+ SSLEngine on
+ SSLCertificateChainFile /etc/ssl/private/Intermediate_CA_Bundle.crt
+ SSLCertificateFile /etc/ssl/private/paragon-es.de.crt
+ SSLCertificateKeyFile /etc/ssl/private/paragon-es.de.key
+
+ <FilesMatch "\.(cgi|shtml|phtml|php)$">
+ SSLOptions +StdEnvVars
+ </FilesMatch>
+ <Directory /usr/lib/cgi-bin>
+ SSLOptions +StdEnvVars
+ </Directory>
+ BrowserMatch "MSIE [2-6]" \
+ nokeepalive ssl-unclean-shutdown \
+ downgrade-1.0 force-response-1.0
+ # MSIE 7 and newer should be able to use keepalive
+ BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
+</VirtualHost>
+
+<VirtualHost _default_:443>
+ ServerName youtrack.paragon-es.de
+ ServerAdmin admin@paragon-es.de
+ ServerSignature Off
+
+ ProxyPreserveHost On
+ AllowEncodedSlashes NoDecode
+ RequestHeader set X_FORWARDED_PROTO 'https'
+
+ ProxyRequests Off
+ <Proxy *:80>
+ Order deny,allow
+ Allow from all
+ </Proxy>
+ ProxyPass /~socket.io/1/websocket ws://127.0.0.1:8085/~socket.io/1/websocket
+ ProxyPass / http://127.0.0.1:8085/
+ ProxyPassReverse / http://127.0.0.1:8085/
+
+ ErrorLog ${APACHE_LOG_DIR}/youtrack-error.log
+ LogLevel warn
+ LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
+ SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
+ CustomLog ${APACHE_LOG_DIR}/youtrack_ssl_access.log combined env=!forwarded
+ CustomLog ${APACHE_LOG_DIR}/youtrack_ssl_access.log proxy env=forwarded
+
+ SSLEngine on
+ SSLCertificateChainFile /etc/ssl/private/Intermediate_CA_Bundle.crt
+ SSLCertificateFile /etc/ssl/private/paragon-es.de.crt
+ SSLCertificateKeyFile /etc/ssl/private/paragon-es.de.key
+
+ <FilesMatch "\.(cgi|shtml|phtml|php)$">
+ SSLOptions +StdEnvVars
+ </FilesMatch>
+ <Directory /usr/lib/cgi-bin>
+ SSLOptions +StdEnvVars
+ </Directory>
+ BrowserMatch "MSIE [2-6]" \
+ nokeepalive ssl-unclean-shutdown \
+ downgrade-1.0 force-response-1.0
+ # MSIE 7 and newer should be able to use keepalive
+ BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
+</VirtualHost>
+
--
GitLab