From 04c07fa3a4479f4989d3da0a79072e74e07cc8d3 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Wed, 23 Mar 2016 14:48:59 +0100 Subject: [PATCH] infrastructure-services/roles/nginx-frontend/templates/code-repo.d4science.org-virtualhost.j2: Virtualhost to proxy gitblit and gerrit. library/roles/gitblit: More gitblit configuration setup. library/roles/postgresql/tasks/manage_pg_db.yml: disable the task that manages extensions. The conditional cannot work. --- couchdb/defaults/main.yml | 1 - gitblit/defaults/main.yml | 36 +++++++++++++++ gitblit/tasks/main.yml | 36 +++++++++++++++ gitblit/templates/gitblit.properties.j2 | 61 +++++++++++++++++++++++++ postgresql/tasks/manage_pg_db.yml | 17 ++++--- 5 files changed, 141 insertions(+), 10 deletions(-) create mode 100644 gitblit/defaults/main.yml create mode 100644 gitblit/tasks/main.yml create mode 100644 gitblit/templates/gitblit.properties.j2 diff --git a/couchdb/defaults/main.yml b/couchdb/defaults/main.yml index 197b1d83..ea66d809 100644 --- a/couchdb/defaults/main.yml +++ b/couchdb/defaults/main.yml @@ -67,7 +67,6 @@ couchdb_replicator_options: # - { section: 'httpd', option: 'bind_address', value: '{{ couchdb_bind_address }}', state: 'present' } # - { section: 'httpd', option: 'config_whitelist', value: '[{httpd,config_whitelist}, {log,level}]', state: 'present' } -ganglia_enabled: False couchdb_ganglia_url: http://localhost:5984/_stats # If set, http basic auth is used for the connection #couchdb_ganglia_url_username: '{{ couchdb_ganglia_user}}' diff --git a/gitblit/defaults/main.yml b/gitblit/defaults/main.yml new file mode 100644 index 00000000..9160fa0a --- /dev/null +++ b/gitblit/defaults/main.yml @@ -0,0 +1,36 @@ +--- +# http://gitblit.com/ +# +# There is a manager app that is a desktop java application. It is available here: +# http://dl.bintray.com/gitblit/releases/manager-1.7.1.zip +gitblit_version: 1.7.1 +gitblit_file: 'gitblit-{{ gitblit_version }}.tar.gz' +gitblit_url: 'http://dl.bintray.com/gitblit/releases/{{ gitblit_file }}' +gitblit_user: gitblit +gitblit_home: '/srv/{{ gitblit_user }}' +gitblit_data_dir: /srv/gitblit_data +gitblit_http_port: 8080 +gitblit_https_port: 0 +gitblit_redirect_to_https: "false" +gitblit_require_client_ssl_certs: "false" +gitblit_http_interface: "127.0.0.1" +gitblit_https_interface: "127.0.0.1" +gitblit_shutdown_port: 9080 +gitblit_server_storepassword: changeit +gitblit_git_daemon_port: 9418 +gitblit_daemon_interface: "" +gitblit_ssh_port: 29418 +gitblit_ssh_interface: "" +gitblit_git_accepted_push_transport: HTTP HTTPS SSH +gitblit_default_auth_control: NAMED +gitblit_creates_repo_shared: "true" +gitblit_enable_git_servlet: "true" +gitblit_tickets_service: "" +gitblit_accept_new_tickets: "false" +gitblit_allow_deleting_non_empty_repo: "false" +gitblit_auth_providers: ldap redmine +gitblit_web_sitename: "" +gitblit_web_logo: "${baseFolder}/logo.png" +gitblit_canonical_url: 'http://{{ ansible_fqdn }}' +gitblit_windows_permitbuiltinadmin: 'false' +gitblit_redmine_url: '' diff --git a/gitblit/tasks/main.yml b/gitblit/tasks/main.yml new file mode 100644 index 00000000..4cb9a61d --- /dev/null +++ b/gitblit/tasks/main.yml @@ -0,0 +1,36 @@ +--- +- name: Create the gitblit user + user: name={{ gitblit_user }} comment="Gitblit GIT server" home={{ gitblit_home }} createhome=True + tags: gitblit + +- name: Create a data directory for gitblit + file: dest={{ gitblit_data_dir }} state=directory owner={{ gitblit_user }} group={{ gitblit_user }} mode=0750 + register: gitblit_data_dir_setup + tags: gitblit + +- name: Create a properties directory for gitblit + file: dest={{ gitblit_home }}/etc state=directory owner=root group={{ gitblit_user }} mode=0750 + tags: gitblit + +- name: Get gitblit software + get_url: url={{ gitblit_url }} dest=/srv/{{ gitblit_file }} + tags: gitblit + +- name: Unpack the gitblit archive + unarchive: src=/srv/{{ gitblit_file }} dest=/srv/ creates=/srv/gitblit-{{ gitblit_version }}/gitblit.jar copy=no owner=root group=root + tags: gitblit + +- name: Set up a link to the latest gitblit version + file: src=/srv/gitblit-{{ gitblit_version }} dest=/srv/gitblit/service state=link + tags: gitblit + +- name: Initialize the data directory + shell: cp -rp /srv/gitblit-{{ gitblit_version }}/data/* {{ gitblit_data_dir }} ; chown -R {{ gitblit_user }}:{{ gitblit_user }} {{ gitblit_data_dir }} + when: ( gitblit_data_dir_setup | changed ) + tags: gitblit + +- name: Install the customized gitblit.properties file + template: src=gitblit.properties.j2 dest={{ gitblit_home }}/etc owner=root group={{ gitblit_user }} mode=0440 + tags: gitblit + + diff --git a/gitblit/templates/gitblit.properties.j2 b/gitblit/templates/gitblit.properties.j2 new file mode 100644 index 00000000..53b3f947 --- /dev/null +++ b/gitblit/templates/gitblit.properties.j2 @@ -0,0 +1,61 @@ +# +# GITBLIT.PROPERTIES +# +# Define your custom settings in this file and/or include settings defined in +# other properties files. +# + +# Include Gitblit's 'defaults.properties' within your configuration. +# +# NOTE: Gitblit will not automatically reload "included" properties. Gitblit +# only watches the 'gitblit.properties' file for modifications. +# +# Paths may be relative to the ${baseFolder} or they may be absolute. +# +# COMMA-DELIMITED +# SINCE 1.7.0 +include = {{ gitblit_data_dir }}/defaults.properties + +# +# Define your overrides or custom settings below +# +server.httpPort = {{ gitblit_http_port }} +server.httpsPort = {{ gitblit_https_port }} +server.redirectToHttpsPort = {{ gitblit_redirect_to_https }} +server.httpBindInterface = {{ gitblit_http_interface }} +server.httpsBindInterface = {{ gitblit_https_interface }} +server.shutdownPort = {{ gitblit_shutdown_port }} +server.storePassword = {{ gitblit_server_storepassword }} +git.daemonPort = {{ gitblit_git_daemon_port }} +git.daemonBindInterface = {{ gitblit_daemon_interface }} +git.sshPort = {{ gitblit_ssh_port }} +git.sshBindInterface = {{ gitblit_ssh_interface }} +git.requiresClientCertificate = {{ gitblit_require_client_ssl_certs }} +git.acceptedPushTransports = {{ gitblit_git_accepted_push_transport }} +git.defaultAuthorizationControl = {{ gitblit_default_auth_control }} +git.createRepositoriesShared = {{ gitblit_creates_repo_shared }} +git.enableGitServlet = {{ gitblit_enable_git_servlet }} +# NOTE: +# This requires git.enableGitServlet = true AND it requires an authenticated +# git transport connection (http/https) when pushing from a client. +# +# Valid services include: +# com.gitblit.tickets.FileTicketService +# com.gitblit.tickets.BranchTicketService +# com.gitblit.tickets.RedisTicketService +# +# SINCE 1.4.0 +# RESTART REQUIRED +tickets.service = {{ gitblit_tickets_service }} +tickets.acceptNewTickets = {{ gitblit_accept_new_tickets }} + +web.allowDeletingNonEmptyRepositories = {{ gitblit_allow_deleting_non_empty_repo }} +realm.authenticationProviders = {{ gitblit_auth_providers }} +web.siteName = {{ gitblit_web_sitename }} +web.headerLogo = {{ gitblit_web_logo }} +web.canonicalUrl = {{ gitblit_canonical_url }} +# +# Auth +realm.windows.permitBuiltInAdministrators = {{ gitblit_windows_permitbuiltinadmin }} +# Redmine backend +realm.redmine.url = {{ gitblit_redmine_url }} diff --git a/postgresql/tasks/manage_pg_db.yml b/postgresql/tasks/manage_pg_db.yml index 59125733..5b2cffef 100644 --- a/postgresql/tasks/manage_pg_db.yml +++ b/postgresql/tasks/manage_pg_db.yml @@ -19,12 +19,11 @@ - ( item.createdb is not defined or item.createdb ) tags: [ 'postgresql', 'postgres', 'pg_db' ] -- name: Add postgres extensions to the databases, if needed - become: True - become_user: postgres - postgresql_ext: name={{ item.1 }} db={{ item.0.name }} port={{ psql_db_port }} - with_subelements: - - '{{ psql_db_data | default ([]) }}' - - extensions - when: item.1 is defined - tags: [ 'postgresql', 'postgres', 'pg_extensions' ] +# - name: Add postgres extensions to the databases, if needed +# become: True +# become_user: postgres +# postgresql_ext: name={{ item.1 }} db={{ item.0.name }} port={{ psql_db_port }} +# with_subelements: +# - '{{ psql_db_data | default([]) }}' +# - extensions +# tags: [ 'postgresql', 'postgres', 'pg_extensions' ]