library/roles/gitblit: Setup the service script and the main properties template.

2016-03-24 19:36:26 +01:00 · 2016-03-24 19:36:26 +01:00 · 58e2b19ece
parent d8d226a5f2
commit 58e2b19ece
6 changed files with 264 additions and 2 deletions
--- a/gitblit/defaults/main.yml
+++ b/gitblit/defaults/main.yml
@ -3,12 +3,14 @@
 #
 # There is a manager app that is a desktop java application. It is available here:
 # http://dl.bintray.com/gitblit/releases/manager-1.7.1.zip
 gitblit_enabled: True
 gitblit_version: 1.7.1
 gitblit_file: 'gitblit-{{ gitblit_version }}.tar.gz'
 gitblit_url: 'http://dl.bintray.com/gitblit/releases/{{ gitblit_file }}'
 gitblit_user: gitblit
 gitblit_home: '/srv/{{ gitblit_user }}'
 gitblit_data_dir: /srv/gitblit_data
 gitblit_java_heap: 2048M
 gitblit_http_port: 8080
 gitblit_https_port: 0
 gitblit_redirect_to_https: "false"
@ -16,6 +18,7 @@ gitblit_require_client_ssl_certs: "false"
 gitblit_http_interface: "127.0.0.1"
 gitblit_https_interface: "127.0.0.1"
 gitblit_shutdown_port: 9080
 # Really, change it. And beware that all the JDK keyrings need to share the same password
 gitblit_server_storepassword: changeit
 gitblit_git_daemon_port: 9418
 gitblit_daemon_interface: ""
@ -28,9 +31,29 @@ gitblit_enable_git_servlet: "true"
 gitblit_tickets_service: ""
 gitblit_accept_new_tickets: "false"
 gitblit_allow_deleting_non_empty_repo: "false"
-gitblit_auth_providers: ldap redmine
+gitblit_auth_providers: ldap
 gitblit_web_sitename: ""
 gitblit_web_logo: "${baseFolder}/logo.png"
 gitblit_canonical_url: 'http://{{ ansible_fqdn }}'
 gitblit_windows_permitbuiltinadmin: 'false'
 gitblit_redmine_url: ''
 gitblit_ldap_server_url: 'ldap://localhost'
 gitblit_ldap_username: 'cn=Directory Manager'
 # Set the correct one in a vault encrypted file
 gitblit_ldap_password: 'password'
 gitblit_ldap_auth_bind_pattern: ''
 gitblit_ldap_maintainteams: 'false'
 gitblit_ldap_accountbase: 'OU=Users,OU=UserControl,OU=MyOrganization,DC=MyDomain'
 gitblit_ldap_accountpattern: '(&(objectClass=person)(sAMAccountName=${username}))'
 gitblit_ldap_groupbase: 'OU=Groups,OU=UserControl,OU=MyOrganization,DC=MyDomain'
 gitblit_ldap_groupmemberpattern: '(&(objectClass=group)(member=${dn}))'
 gitblit_ldap_groupemptymemberpattern: '(&(objectClass=group)(!(member=*)))'
 gitblit_ldap_git_admins: '@Git_Admins'
 gitblit_ldap_displayname: 'displayName'
 gitblit_ldap_email: 'mail'
 gitblit_ldap_uid: 'uid'
 gitblig_ldap_synchronize: 'false'
 gitblit_ldap_syncperiod: '5 MINUTES'
 gitblit_ldap_remove_deleted_users: 'false'
 gitblit_server_contextpath: '/git/'
--- a/gitblit/files/service-ubuntu.sh
+++ b/gitblit/files/service-ubuntu.sh
@ -0,0 +1,61 @@
 #!/bin/bash
 ### BEGIN INIT INFO
 # Provides:          gitblit
 # Required-Start:    $remote_fs $syslog $network
 # Required-Stop:     $remote_fs $syslog $network
 # Default-Start:     2 3 4 5
 # Default-Stop:      0 1 6
 # Short-Description: Gitblit repository server
 # Description:       Gitblit is a stand-alone service for managing, viewing and serving Git repositories.
 ### END INIT INFO
 . /lib/init/vars.sh
 . /lib/lsb/init-functions
 PATH=/sbin:/bin:/usr/bin:/usr/sbin
 # change theses values (default values)
 GITBLIT_PATH=/opt/gitblit
 GITBLIT_BASE_FOLDER=/opt/gitblit/data
 GITBLIT_USER="gitblit"
 GITBLIT_JAVA_HEAP=1024M
 #source ${GITBLIT_PATH}/java-proxy-config.sh
 if [ -f /etc/default/gitblit ] ; then
    . /etc/default/gitblit
 fi
 ARGS="-server -Xmx${GITBLIT_JAVA_HEAP} ${JAVA_PROXY_CONFIG} -Djava.awt.headless=true -jar gitblit.jar --baseFolder $GITBLIT_BASE_FOLDER --dailyLogFile"
 RETVAL=0
 case "$1" in
  start)
    if [ -f $GITBLIT_PATH/gitblit.jar ];
      then
      echo $"Starting gitblit server"
      start-stop-daemon --start --quiet --background --oknodo --make-pidfile --pidfile /var/run/gitblit.pid --exec /usr/bin/java --chuid $GITBLIT_USER --chdir $GITBLIT_PATH -- $ARGS
      exit $RETVAL
    fi
  ;;
  stop)
    if [ -f $GITBLIT_PATH/gitblit.jar ];
      then
      echo $"Stopping gitblit server"
      start-stop-daemon --stop --quiet --oknodo --pidfile /var/run/gitblit.pid
      exit $RETVAL
    fi
  ;;
  force-reload|restart)
      $0 stop
      sleep 5
      $0 start
  ;;
  *)
    echo $"Usage: /etc/init.d/gitblit {start|stop|restart|force-reload}"
    exit 1
  ;;
 esac
 exit $RETVAL
--- a/gitblit/handlers/main.yml
+++ b/gitblit/handlers/main.yml
@ -0,0 +1,4 @@
 ---
 - name: Restart gitblit
  service: name=gitblit state=restarted
  when: gitblit_enabled
--- a/gitblit/tasks/main.yml
+++ b/gitblit/tasks/main.yml
@ -30,7 +30,25 @@
  tags: gitblit
 - name: Install the customized gitblit.properties file
-  template: src=gitblit.properties.j2 dest={{ gitblit_home }}/etc owner=root group={{ gitblit_user }} mode=0440
+  template: src=gitblit.properties.j2 dest={{ gitblit_data_dir }}/gitblit.properties owner=root group={{ gitblit_user }} mode=0440
  notify: Restart gitblit
  tags: [ 'gitblit', 'gitblit_properties' ]
 - name: Install the gitblit startup script
  copy: src=service-ubuntu.sh dest=/etc/init.d/gitblit owner=root group=root mode=0755
  tags: gitblit
 - name: Install the gitblit startup defaults
  template: src=gitblit-default.j2 dest=/etc/default/gitblit owner=root group=root mode=0444
  notify: Restart gitblit
  tags: gitblit
 - name: Ensure that gitblit is started and enabled
  service: name=gitblit state=started enabled=yes
  when: gitblit_enabled
  tags: gitblit
 - name: Ensure that gitblit is stopped and disabled
  service: name=gitblit state=stopped enabled=no
  when: not gitblit_enabled
  tags: gitblit
--- a/gitblit/templates/gitblit-default.j2
+++ b/gitblit/templates/gitblit-default.j2
@ -0,0 +1,5 @@
 GITBLIT_PATH={{ gitblit_home }}/service
 GITBLIT_BASE_FOLDER={{ gitblit_data_dir }}
 GITBLIT_USER="{{ gitblit_user }}"
 GITBLIT_JAVA_HEAP={{ gitblit_java_heap }}
 ARGS="-server -Xmx${GITBLIT_JAVA_HEAP} ${JAVA_PROXY_CONFIG} -Djava.awt.headless=true -jar gitblit.jar --baseFolder $GITBLIT_BASE_FOLDER --dailyLogFile"
--- a/gitblit/templates/gitblit.properties.j2
+++ b/gitblit/templates/gitblit.properties.j2
@ -59,3 +59,154 @@ web.canonicalUrl = {{ gitblit_canonical_url }}
 realm.windows.permitBuiltInAdministrators = {{ gitblit_windows_permitbuiltinadmin }}
 # Redmine backend
 realm.redmine.url = {{ gitblit_redmine_url }}
 # URL of the LDAP server.
 # To use encrypted transport, use either ldaps:// URL for SSL or ldap+tls:// to
 # send StartTLS command.
 #
 realm.ldap.server = {{ gitblit_ldap_server_url }}
 # Login username for LDAP searches.
 # If this value is unspecified, anonymous LDAP login will be used.
 #
 # e.g. mydomain\\username
 #
 realm.ldap.username = {{ gitblit_ldap_username }}
 # Login password for LDAP searches.
 #
 realm.ldap.password = {{ gitblit_ldap_password }}
 # Bind pattern for Authentication.
 # Allow to directly authenticate an user without LDAP Searches.
 #
 # e.g. CN=${username},OU=Users,OU=UserControl,OU=MyOrganization,DC=MyDomain
 #
 realm.ldap.bindpattern = {{ gitblit_ldap_auth_bind_pattern }}
 # Delegate team membership control to LDAP.
 #
 # If true, team user memberships will be specified by LDAP groups.  This will
 # disable team selection in Edit User and user selection in Edit Team.
 #
 # If false, LDAP will only be used for authentication and Gitblit will maintain
 # team memberships with the *realm.ldap.backingUserService*.
 #
 realm.ldap.maintainTeams = {{ gitblit_ldap_maintainteams }}
 # Root node for all LDAP users
 #
 # This is the root node from which subtree user searches will begin.
 # If blank, Gitblit will search ALL nodes.
 #
 realm.ldap.accountBase = {{ gitblit_ldap_accountbase }}
 # Filter criteria for LDAP users
 #
 # Query pattern to use when searching for a user account. This may be any valid
 # LDAP query expression, including the standard (&) and (|) operators.
 #
 # Variables may be injected via the ${variableName} syntax.
 # Recognized variables are:
 #    ${username} - The text entered as the user name
 #
 realm.ldap.accountPattern = {{ gitblit_ldap_accountpattern }}
 # Root node for all LDAP groups to be used as Gitblit Teams
 #
 # This is the root node from which subtree team searches will begin.
 # If blank, Gitblit will search ALL nodes.
 #
 realm.ldap.groupBase = {{ gitblit_ldap_groupbase }}
 # Filter criteria for LDAP groups
 #
 # Query pattern to use when searching for a team. This may be any valid
 # LDAP query expression, including the standard (&) and (|) operators.
 #
 # Variables may be injected via the ${variableName} syntax.
 # Recognized variables are:
 #    ${username} - The text entered as the user name
 #    ${dn} - The Distinguished Name of the user logged in
 #
 # All attributes from the LDAP User record are available. For example, if a user
 # has an attribute "fullName" set to "John", "(fn=${fullName})" will be
 # translated to "(fn=John)".
 #
 realm.ldap.groupMemberPattern = {{ gitblit_ldap_groupmemberpattern }}
 # Filter criteria for empty LDAP groups
 #
 # Query pattern to use when searching for an empty team. This may be any valid
 # LDAP query expression, including the standard (&) and (|) operators.
 #
 # default: (&(objectClass=group)(!(member=*)))
 realm.ldap.groupEmptyMemberPattern = {{ gitblit_ldap_groupemptymemberpattern }}
 # LDAP users or groups that should be given administrator privileges.
 #
 # Teams are specified with a leading '@' character.  Groups with spaces in the
 # name can be entered as "@team name".  This setting only applies when using
 # LDAP to maintain team memberships.
 #
 # e.g. realm.ldap.admins = john @git_admins "@git admins"
 #
 # SPACE-DELIMITED
 realm.ldap.admins = {{ gitblit_ldap_git_admins }}
 # Attribute(s) on the USER record that indicate their display (or full) name.
 # Leave blank for no mapping available in LDAP.
 #
 # This may be a single attribute, or a string of multiple attributes.  Examples:
 #  displayName - Uses the attribute 'displayName' on the user record
 #  ${personalTitle}. ${givenName} ${surname} - Will concatenate the 3
 #       attributes together, with a '.' after personalTitle
 #
 realm.ldap.displayName = {{ gitblit_ldap_displayname }}
 # Attribute(s) on the USER record that indicate their email address.
 # Leave blank for no mapping available in LDAP.
 #
 # This may be a single attribute, or a string of multiple attributes.  Examples:
 #  email - Uses the attribute 'email' on the user record
 #  ${givenName}.${surname}@gitblit.com -Will concatenate the 2 attributes
 #       together with a '.' and '@' creating something like first.last@gitblit.com
 #
 realm.ldap.email = {{ gitblit_ldap_email }}
 # Attribute on the USER record that indicate their username to be used in gitblit
 # when synchronizing users from LDAP
 # if blank, Gitblit will use uid
 # For MS Active Directory this may be sAMAccountName
 #
 realm.ldap.uid = {{ gitblit_ldap_uid }}
 # Defines whether to synchronize all LDAP users and teams into the user service
 #
 # Valid values: true, false
 # If left blank, false is assumed
 #
 realm.ldap.synchronize = {{ gitblig_ldap_synchronize }}
 # Defines the period to be used when synchronizing users and teams from ldap.
 #
 # Must be of the form '<long> <TimeUnit>' where <TimeUnit> is one of 'MILLISECONDS', 'SECONDS', 'MINUTES', 'HOURS', 'DAYS'
 # default: 5 MINUTES
 #
 # RESTART REQUIRED
 realm.ldap.syncPeriod = {{ gitblit_ldap_syncperiod }}
 # Defines whether to delete non-existent LDAP users from the user service
 # during synchronization. depends on  realm.ldap.synchronize = true
 #
 # Valid values: true, false
 # If left blank, true is assumed
 #
 realm.ldap.removeDeletedUsers = {{ gitblit_ldap_remove_deleted_users }}
 # Context path for the GO application.  You might want to change the context
 # path if running Gitblit behind a proxy layer such as mod_proxy.
 #
 # SINCE 0.7.0
 # RESTART REQUIRED
 server.contextPath = {{ gitblit_server_contextpath }}