diff --git a/gitblit/defaults/main.yml b/gitblit/defaults/main.yml index 9160fa0..65e699a 100644 --- a/gitblit/defaults/main.yml +++ b/gitblit/defaults/main.yml @@ -3,12 +3,14 @@ # # There is a manager app that is a desktop java application. It is available here: # http://dl.bintray.com/gitblit/releases/manager-1.7.1.zip +gitblit_enabled: True gitblit_version: 1.7.1 gitblit_file: 'gitblit-{{ gitblit_version }}.tar.gz' gitblit_url: 'http://dl.bintray.com/gitblit/releases/{{ gitblit_file }}' gitblit_user: gitblit gitblit_home: '/srv/{{ gitblit_user }}' gitblit_data_dir: /srv/gitblit_data +gitblit_java_heap: 2048M gitblit_http_port: 8080 gitblit_https_port: 0 gitblit_redirect_to_https: "false" @@ -16,6 +18,7 @@ gitblit_require_client_ssl_certs: "false" gitblit_http_interface: "127.0.0.1" gitblit_https_interface: "127.0.0.1" gitblit_shutdown_port: 9080 +# Really, change it. And beware that all the JDK keyrings need to share the same password gitblit_server_storepassword: changeit gitblit_git_daemon_port: 9418 gitblit_daemon_interface: "" @@ -28,9 +31,29 @@ gitblit_enable_git_servlet: "true" gitblit_tickets_service: "" gitblit_accept_new_tickets: "false" gitblit_allow_deleting_non_empty_repo: "false" -gitblit_auth_providers: ldap redmine +gitblit_auth_providers: ldap gitblit_web_sitename: "" gitblit_web_logo: "${baseFolder}/logo.png" gitblit_canonical_url: 'http://{{ ansible_fqdn }}' gitblit_windows_permitbuiltinadmin: 'false' gitblit_redmine_url: '' +gitblit_ldap_server_url: 'ldap://localhost' +gitblit_ldap_username: 'cn=Directory Manager' +# Set the correct one in a vault encrypted file +gitblit_ldap_password: 'password' +gitblit_ldap_auth_bind_pattern: '' +gitblit_ldap_maintainteams: 'false' +gitblit_ldap_accountbase: 'OU=Users,OU=UserControl,OU=MyOrganization,DC=MyDomain' +gitblit_ldap_accountpattern: '(&(objectClass=person)(sAMAccountName=${username}))' +gitblit_ldap_groupbase: 'OU=Groups,OU=UserControl,OU=MyOrganization,DC=MyDomain' +gitblit_ldap_groupmemberpattern: '(&(objectClass=group)(member=${dn}))' +gitblit_ldap_groupemptymemberpattern: '(&(objectClass=group)(!(member=*)))' +gitblit_ldap_git_admins: '@Git_Admins' +gitblit_ldap_displayname: 'displayName' +gitblit_ldap_email: 'mail' +gitblit_ldap_uid: 'uid' +gitblig_ldap_synchronize: 'false' +gitblit_ldap_syncperiod: '5 MINUTES' +gitblit_ldap_remove_deleted_users: 'false' +gitblit_server_contextpath: '/git/' + diff --git a/gitblit/files/service-ubuntu.sh b/gitblit/files/service-ubuntu.sh new file mode 100644 index 0000000..61ed95a --- /dev/null +++ b/gitblit/files/service-ubuntu.sh @@ -0,0 +1,61 @@ +#!/bin/bash +### BEGIN INIT INFO +# Provides: gitblit +# Required-Start: $remote_fs $syslog $network +# Required-Stop: $remote_fs $syslog $network +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Gitblit repository server +# Description: Gitblit is a stand-alone service for managing, viewing and serving Git repositories. +### END INIT INFO + +. /lib/init/vars.sh +. /lib/lsb/init-functions + +PATH=/sbin:/bin:/usr/bin:/usr/sbin + +# change theses values (default values) +GITBLIT_PATH=/opt/gitblit +GITBLIT_BASE_FOLDER=/opt/gitblit/data +GITBLIT_USER="gitblit" +GITBLIT_JAVA_HEAP=1024M +#source ${GITBLIT_PATH}/java-proxy-config.sh +if [ -f /etc/default/gitblit ] ; then + . /etc/default/gitblit +fi +ARGS="-server -Xmx${GITBLIT_JAVA_HEAP} ${JAVA_PROXY_CONFIG} -Djava.awt.headless=true -jar gitblit.jar --baseFolder $GITBLIT_BASE_FOLDER --dailyLogFile" + +RETVAL=0 + +case "$1" in + start) + if [ -f $GITBLIT_PATH/gitblit.jar ]; + then + echo $"Starting gitblit server" + start-stop-daemon --start --quiet --background --oknodo --make-pidfile --pidfile /var/run/gitblit.pid --exec /usr/bin/java --chuid $GITBLIT_USER --chdir $GITBLIT_PATH -- $ARGS + exit $RETVAL + fi + ;; + + stop) + if [ -f $GITBLIT_PATH/gitblit.jar ]; + then + echo $"Stopping gitblit server" + start-stop-daemon --stop --quiet --oknodo --pidfile /var/run/gitblit.pid + exit $RETVAL + fi + ;; + + force-reload|restart) + $0 stop + sleep 5 + $0 start + ;; + + *) + echo $"Usage: /etc/init.d/gitblit {start|stop|restart|force-reload}" + exit 1 + ;; +esac + +exit $RETVAL diff --git a/gitblit/handlers/main.yml b/gitblit/handlers/main.yml new file mode 100644 index 0000000..8c37ff7 --- /dev/null +++ b/gitblit/handlers/main.yml @@ -0,0 +1,4 @@ +--- +- name: Restart gitblit + service: name=gitblit state=restarted + when: gitblit_enabled diff --git a/gitblit/tasks/main.yml b/gitblit/tasks/main.yml index 4cb9a61..1862e56 100644 --- a/gitblit/tasks/main.yml +++ b/gitblit/tasks/main.yml @@ -30,7 +30,25 @@ tags: gitblit - name: Install the customized gitblit.properties file - template: src=gitblit.properties.j2 dest={{ gitblit_home }}/etc owner=root group={{ gitblit_user }} mode=0440 + template: src=gitblit.properties.j2 dest={{ gitblit_data_dir }}/gitblit.properties owner=root group={{ gitblit_user }} mode=0440 + notify: Restart gitblit + tags: [ 'gitblit', 'gitblit_properties' ] + +- name: Install the gitblit startup script + copy: src=service-ubuntu.sh dest=/etc/init.d/gitblit owner=root group=root mode=0755 tags: gitblit +- name: Install the gitblit startup defaults + template: src=gitblit-default.j2 dest=/etc/default/gitblit owner=root group=root mode=0444 + notify: Restart gitblit + tags: gitblit +- name: Ensure that gitblit is started and enabled + service: name=gitblit state=started enabled=yes + when: gitblit_enabled + tags: gitblit + +- name: Ensure that gitblit is stopped and disabled + service: name=gitblit state=stopped enabled=no + when: not gitblit_enabled + tags: gitblit diff --git a/gitblit/templates/gitblit-default.j2 b/gitblit/templates/gitblit-default.j2 new file mode 100644 index 0000000..b6f737d --- /dev/null +++ b/gitblit/templates/gitblit-default.j2 @@ -0,0 +1,5 @@ +GITBLIT_PATH={{ gitblit_home }}/service +GITBLIT_BASE_FOLDER={{ gitblit_data_dir }} +GITBLIT_USER="{{ gitblit_user }}" +GITBLIT_JAVA_HEAP={{ gitblit_java_heap }} +ARGS="-server -Xmx${GITBLIT_JAVA_HEAP} ${JAVA_PROXY_CONFIG} -Djava.awt.headless=true -jar gitblit.jar --baseFolder $GITBLIT_BASE_FOLDER --dailyLogFile" diff --git a/gitblit/templates/gitblit.properties.j2 b/gitblit/templates/gitblit.properties.j2 index 53b3f94..0d7e047 100644 --- a/gitblit/templates/gitblit.properties.j2 +++ b/gitblit/templates/gitblit.properties.j2 @@ -59,3 +59,154 @@ web.canonicalUrl = {{ gitblit_canonical_url }} realm.windows.permitBuiltInAdministrators = {{ gitblit_windows_permitbuiltinadmin }} # Redmine backend realm.redmine.url = {{ gitblit_redmine_url }} + +# URL of the LDAP server. +# To use encrypted transport, use either ldaps:// URL for SSL or ldap+tls:// to +# send StartTLS command. +# +realm.ldap.server = {{ gitblit_ldap_server_url }} + +# Login username for LDAP searches. +# If this value is unspecified, anonymous LDAP login will be used. +# +# e.g. mydomain\\username +# +realm.ldap.username = {{ gitblit_ldap_username }} + +# Login password for LDAP searches. +# +realm.ldap.password = {{ gitblit_ldap_password }} + +# Bind pattern for Authentication. +# Allow to directly authenticate an user without LDAP Searches. +# +# e.g. CN=${username},OU=Users,OU=UserControl,OU=MyOrganization,DC=MyDomain +# +realm.ldap.bindpattern = {{ gitblit_ldap_auth_bind_pattern }} +# Delegate team membership control to LDAP. +# +# If true, team user memberships will be specified by LDAP groups. This will +# disable team selection in Edit User and user selection in Edit Team. +# +# If false, LDAP will only be used for authentication and Gitblit will maintain +# team memberships with the *realm.ldap.backingUserService*. +# +realm.ldap.maintainTeams = {{ gitblit_ldap_maintainteams }} + +# Root node for all LDAP users +# +# This is the root node from which subtree user searches will begin. +# If blank, Gitblit will search ALL nodes. +# +realm.ldap.accountBase = {{ gitblit_ldap_accountbase }} + +# Filter criteria for LDAP users +# +# Query pattern to use when searching for a user account. This may be any valid +# LDAP query expression, including the standard (&) and (|) operators. +# +# Variables may be injected via the ${variableName} syntax. +# Recognized variables are: +# ${username} - The text entered as the user name +# +realm.ldap.accountPattern = {{ gitblit_ldap_accountpattern }} + +# Root node for all LDAP groups to be used as Gitblit Teams +# +# This is the root node from which subtree team searches will begin. +# If blank, Gitblit will search ALL nodes. +# +realm.ldap.groupBase = {{ gitblit_ldap_groupbase }} + +# Filter criteria for LDAP groups +# +# Query pattern to use when searching for a team. This may be any valid +# LDAP query expression, including the standard (&) and (|) operators. +# +# Variables may be injected via the ${variableName} syntax. +# Recognized variables are: +# ${username} - The text entered as the user name +# ${dn} - The Distinguished Name of the user logged in +# +# All attributes from the LDAP User record are available. For example, if a user +# has an attribute "fullName" set to "John", "(fn=${fullName})" will be +# translated to "(fn=John)". +# +realm.ldap.groupMemberPattern = {{ gitblit_ldap_groupmemberpattern }} + +# Filter criteria for empty LDAP groups +# +# Query pattern to use when searching for an empty team. This may be any valid +# LDAP query expression, including the standard (&) and (|) operators. +# +# default: (&(objectClass=group)(!(member=*))) +realm.ldap.groupEmptyMemberPattern = {{ gitblit_ldap_groupemptymemberpattern }} + +# LDAP users or groups that should be given administrator privileges. +# +# Teams are specified with a leading '@' character. Groups with spaces in the +# name can be entered as "@team name". This setting only applies when using +# LDAP to maintain team memberships. +# +# e.g. realm.ldap.admins = john @git_admins "@git admins" +# +# SPACE-DELIMITED +realm.ldap.admins = {{ gitblit_ldap_git_admins }} + +# Attribute(s) on the USER record that indicate their display (or full) name. +# Leave blank for no mapping available in LDAP. +# +# This may be a single attribute, or a string of multiple attributes. Examples: +# displayName - Uses the attribute 'displayName' on the user record +# ${personalTitle}. ${givenName} ${surname} - Will concatenate the 3 +# attributes together, with a '.' after personalTitle +# +realm.ldap.displayName = {{ gitblit_ldap_displayname }} + +# Attribute(s) on the USER record that indicate their email address. +# Leave blank for no mapping available in LDAP. +# +# This may be a single attribute, or a string of multiple attributes. Examples: +# email - Uses the attribute 'email' on the user record +# ${givenName}.${surname}@gitblit.com -Will concatenate the 2 attributes +# together with a '.' and '@' creating something like first.last@gitblit.com +# +realm.ldap.email = {{ gitblit_ldap_email }} + +# Attribute on the USER record that indicate their username to be used in gitblit +# when synchronizing users from LDAP +# if blank, Gitblit will use uid +# For MS Active Directory this may be sAMAccountName +# +realm.ldap.uid = {{ gitblit_ldap_uid }} + +# Defines whether to synchronize all LDAP users and teams into the user service +# +# Valid values: true, false +# If left blank, false is assumed +# +realm.ldap.synchronize = {{ gitblig_ldap_synchronize }} + +# Defines the period to be used when synchronizing users and teams from ldap. +# +# Must be of the form ' ' where is one of 'MILLISECONDS', 'SECONDS', 'MINUTES', 'HOURS', 'DAYS' + +# default: 5 MINUTES +# +# RESTART REQUIRED +realm.ldap.syncPeriod = {{ gitblit_ldap_syncperiod }} + +# Defines whether to delete non-existent LDAP users from the user service +# during synchronization. depends on realm.ldap.synchronize = true +# +# Valid values: true, false +# If left blank, true is assumed +# +realm.ldap.removeDeletedUsers = {{ gitblit_ldap_remove_deleted_users }} + +# Context path for the GO application. You might want to change the context +# path if running Gitblit behind a proxy layer such as mod_proxy. +# +# SINCE 0.7.0 +# RESTART REQUIRED +server.contextPath = {{ gitblit_server_contextpath }}