Gitlab
Assumptions
- There is a reverse proxy in front of this gitlab.
- There is a firewall active wich blocks all ports except those needed by the reverse proxy and SSH.
Ports
If enabled, different parts of gitlab are exposed at different ports.
- gitlab web ui: 443
- gitlab pages: 1443
- gitlab container registry: 2443
If you use the nginx role on the same host, you can instead access the internal upstreams via
internal-gitlabinternal-gitlab-pagesinternal-gitlab-registry
Configuration
All configuration is to be placed in a dict called gitlab.
# configures a backup using gitlab-rake
backup:
enable: True
disable_repositories: False
keep_days: 9
# external url for the webfronted, musst be set
external_url: 'https://localhost'
# external url for gitlab pages, set to Null to disable
pages_external_url: ~
# listen settings for gitlab pages
pages_listen: ['[::1]:11181', '127.0.0.1:11181']
pages_listen_ssl: []
# listen_proxy only supports a single bind like 'localhost:8080'
pages_listen_proxy: ''
# external url for the container registry, set to Null to disable
registry_external_url: ~
# alternative storage path for registry, only considere when registry_external_url is set. Set to Null to use defaults
registry_path: ~
# alternative storage path for artifacts. Set to Null to use defaults
artifacts_path: ~
# external ssh host, can be different from external_url
gitlab_ssh_host: 'localhost'
# set if you use a non default port
gitlab_shell_ssh_port: 22
# set the initial root password, only used on creation and not updated
initial_root_password: "{{ lookup('password', '/dev/null length=64') }}"
# setup ldap auth, see https://docs.gitlab.com/omnibus/settings/ldap.html
ldap:
enabled: 'false'
servers: {}
# array of groups to create
groups: []