From 8a860d4f09acc8a424cd06de5b711ac57a56e88c Mon Sep 17 00:00:00 2001 From: Ben Thomas Date: Tue, 17 Nov 2015 17:57:38 -0700 Subject: [PATCH 1/6] added some un-exposed options to gitlab config --- manifests/params.pp | 8 ++++++++ templates/gitlab.yml.erb | 35 ++++++++++++++++++++--------------- 2 files changed, 28 insertions(+), 15 deletions(-) diff --git a/manifests/params.pp b/manifests/params.pp index 48f875a..72d2e58 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -53,6 +53,7 @@ $gitlab_default_projects_features_wall = false $gitlab_default_projects_features_snippets = false $gitlab_default_projects_features_visibility_level = 'private' + $gitlab_default_can_create_group = true $gitlab_time_zone = false $gitlab_email_enabled = true $gitlab_email_reply_to = "noreply@${gitlab_domain}" @@ -77,6 +78,12 @@ $gitlab_ruby_version = '2.1.6' $gitlab_auth_file = "${git_home}/.ssh/authorized_keys" $gitlab_secret_file = undef + $gitlab_default_theme = '2' + $gitlab_signup_enabled = false + $gitlab_signin_enabled = true + $gitlab_upload_pack = true + $gitlab_receive_pack = true + $gitlab_ssh_host = undef $exec_path = "${git_home}/.rbenv/shims:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" $ldap_enabled = false $ldap_host = 'ldap.domain.com' @@ -93,6 +100,7 @@ $ldap_group_base = '' $ldap_sync_ssh_keys = '' $ldap_admin_group = '' + $ldap_allow_username_or_email_login = true $issues_tracker = undef $omniauth = undef $ssh_port = '22' diff --git a/templates/gitlab.yml.erb b/templates/gitlab.yml.erb index e70e44b..d9b1474 100644 --- a/templates/gitlab.yml.erb +++ b/templates/gitlab.yml.erb @@ -26,7 +26,9 @@ production: &base # (you'd obviously need to replace ssh.host_example.com with your own host). # Otherwise, ssh host will be set to the `host:` value above # ssh_host: ssh.host_example.com - + <%- if @gitlab_ssh_host %> + ssh_host: <%= @gitlab_ssh_host %> + <%- end %> # WARNING: See config/application.rb under "Relative url support" for the list of # other files that need to be changed for relative url support # relative_url_root: /gitlab @@ -35,7 +37,7 @@ production: &base <%- end %> # Uncomment and customize if you can't use the default user to run GitLab (default: 'git') - # user: git + user: <%= @git_user %> # Uncomment and customize if you want to change the default time zone of GitLab application. # To see all available zones, run `bundle exec rake time:zones:all RAILS_ENV=production` @@ -59,6 +61,7 @@ production: &base ## User settings default_projects_limit: <%= @gitlab_projects %> # default_can_create_group: false # default: true + default_can_create_group: <%= @gitlab_default_can_create_group %> # default: true - User can change her username/namespace username_changing_enabled: <%= @gitlab_username_change ? 'true' : 'false' %> ## Default theme @@ -67,20 +70,22 @@ production: &base ## MODERN = 3 ## GRAY = 4 ## COLOR = 5 - # default_theme: 2 # default: 2 + default_theme: <%= @gitlab_default_theme %> # default: 2 ## Users management # default: false - Account passwords are not sent via the email if signup is enabled. - # signup_enabled: true + # signup_enabled: false + signup_enabled: <%= @gitlab_signup_enabled ? 'true' : 'false' %> # # default: true - If set to false, standard login form won't be shown on the sign-in page - # signin_enabled: false + # signin_enabled: true + signin_enabled: <%= @gitlab_signin_enabled ? 'true' : 'false' %> # Restrict setting visibility levels for non-admin users. # The default is to allow all levels. <% if @restricted_visibility_levels %> - restricted_visibility_levels: + restricted_visibility_levels: <% @restricted_visibility_levels.each do |level| %> - <%= level %> <% end %> @@ -95,7 +100,7 @@ production: &base # issue_closing_pattern: '([Cc]lose[sd]|[Ff]ixe[sd]) #(\d+)' <% if @gitlab_issue_closing_pattern -%> issue_closing_pattern: '<%= @gitlab_issue_closing_pattern.gsub("'","''") %>' -<% end -%> +<% end -%> ## Default project features settings default_projects_features: @@ -106,7 +111,7 @@ production: &base snippets: <%= @gitlab_default_projects_features_snippets %> # can be "private" | "internal" | "public" visibility_level: <%= @gitlab_default_projects_features_visibility_level %> - + ## Webhook settings # Number of seconds to wait for HTTP response after sending webhook HTTP POST request (default: 10) webhook_timeout: <%= @gitlab_webhook_timeout %> @@ -194,11 +199,11 @@ production: &base # # If you are using "uid: 'userPrincipalName'" on ActiveDirectory you need to # disable this setting, because the userPrincipalName contains an '@'. - allow_username_or_email_login: true + allow_username_or_email_login: <%= @ldap_allow_username_or_email_login ? 'true' : 'false' %> # To maintain tight control over the number of active users on your GitLab installation, - # enable this setting to keep new users blocked until they have been cleared by the admin + # enable this setting to keep new users blocked until they have been cleared by the admin # (default: false). block_auto_created_users: <%= @ldap_block_auto_created_users %> @@ -214,7 +219,7 @@ production: &base # Ex. (employeeType=developer) # user_filter: '<%= @ldap_user_filter -%>' - + # EE settings <% if @ldap_sync_time!= '' -%> sync_time: <%=@ldap_sync_time%> @@ -307,11 +312,11 @@ production: &base secret_file: <%= @gitlab_secret_file %> <% else -%> # secret_file: /home/git/gitlab/.gitlab_shell_secret -<% end -%> - +<% end -%> + # Git over HTTP - upload_pack: true - receive_pack: true + upload_pack: <%= @gitlab_upload_pack ? 'true' : 'false' %> + receive_pack: <%= @gitlab_receive_pack ? 'true' : 'false' %> # If you use non-standard ssh port you need to specify it ssh_port: <%= @ssh_port %> From b46206bf27459e821f65465ccfc8879616d1b201 Mon Sep 17 00:00:00 2001 From: Ben Thomas Date: Tue, 17 Nov 2015 17:57:58 -0700 Subject: [PATCH 2/6] added log dir to .gitignore (from beaker tests) --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index 7da0e1f..903b2ed 100644 --- a/.gitignore +++ b/.gitignore @@ -9,3 +9,4 @@ spec/fixtures/ .bundle/ coverage/ *.sw* +log/ From 7de3f1e4bba5c7067719bbdbb8316c6ab59f2b3b Mon Sep 17 00:00:00 2001 From: Ben Thomas Date: Tue, 17 Nov 2015 20:29:57 -0700 Subject: [PATCH 3/6] added new options to init --- manifests/init.pp | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/manifests/init.pp b/manifests/init.pp index 5456ca1..e16b181 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -511,6 +511,7 @@ $gitlab_default_projects_features_wall = $gitlab::params::gitlab_default_projects_features_wall, $gitlab_default_projects_features_snippets = $gitlab::params::gitlab_default_projects_features_snippets, $gitlab_default_projects_features_visibility_level = $gitlab::params::gitlab_default_projects_features_visibility_level, + $gitlab_default_can_create_group = $gitlab::params::gitlab_default_can_create_group, $gitlab_time_zone = $gitlab::params::gitlab_time_zone, $gitlab_email_enabled = $gitlab::params::gitlab_email_enabled, $gitlab_email_reply_to = "noreply@${gitlab_domain}", @@ -534,6 +535,12 @@ $gitlab_manage_rbenv = $gitlab::params::gitlab_manage_rbenv, $gitlab_ruby_version = $gitlab::params::gitlab_ruby_version, $gitlab_secret_file = $gitlab::params::gitlab_secret_file, + $gitlab_default_theme = $gitlab::params::gitlab_default_theme, + $gitlab_signup_enabled = $gitlab::params::gitlab_signup_enabled, + $gitlab_signin_enabled = $gitlab::params::gitlab_signin_enabled, + $gitlab_upload_pack = $gitlab::params::gitlab_upload_pack, + $gitlab_receive_pack = $gitlab::params::gitlab_receive_pack, + $gitlab_ssh_host = $gitlab::params::gitlab_ssh_host, $gitlab_auth_file = "${git_home}/.ssh/authorized_keys", $exec_path = $gitlab::params::exec_path, $ldap_enabled = $gitlab::params::ldap_enabled, @@ -551,6 +558,7 @@ $ldap_group_base = $gitlab::params::ldap_group_base, $ldap_sync_ssh_keys = $gitlab::params::ldap_sync_ssh_keys, $ldap_admin_group = $gitlab::params::ldap_admin_group, + $ldap_allow_username_or_email_login = $gitlab::params::ldap_allow_username_or_email_login, $issues_tracker = $gitlab::params::issues_tracker, $omniauth = $gitlab::params::omniauth, $ssh_port = $gitlab::params::ssh_port, From 41ac6663159a76f1e7f4354b2fb0d553462ed80d Mon Sep 17 00:00:00 2001 From: Ben Thomas Date: Tue, 17 Nov 2015 20:53:56 -0700 Subject: [PATCH 4/6] added validations and docs on settings --- manifests/init.pp | 51 ++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 50 insertions(+), 1 deletion(-) diff --git a/manifests/init.pp b/manifests/init.pp index e16b181..9305c8d 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -206,6 +206,10 @@ # Default project features settings for visibility level. ("private" | "internal" | "public") # default: private # +# [*gitlab_default_can_create_group*] +# Default bool for group creation permission. +# default: true +# # [*gitlab_email_enabled*] # Set to false if you need to disable email sending from GitLab # default: true @@ -300,6 +304,36 @@ # File that contains the secret key for verifying access for gitlab-shell. # default: '.gitlab_shell_secret' relative to Rails.root (i.e. root of the GitLab app). # +# [*gitlab_default_theme*] +# Numeric selector for default theme setting. +# default: 2 +# Choices +# BASIC = 1 +# MARS = 2 +# MODERN = 3 +# GRAY = 4 +# COLOR = 5 +# +# [*gitlab_signup_enabled*] +# Account passwords are not sent via the email if signup is enabled. +# default: false +# +# [*gitlab_signin_enabled*] +# If set to false, standard login form won't be shown on the sign-in page +# default: true +# +# [*gitlab_upload_pack*] +# Setting for Git over HTTP +# default: true +# +# [*gitlab_receive_pack *] +# Setting for Git over HTTP +# default: true +# +# [*gitlab_ssh_host*] +# Configuration option if ssh host is different from HTTP/HTTPS one +# default: undef +# # [*gitlab_auth_file*] # File used as authorized_keys for gitlab user # default: ${git_home}/.ssh/authorized_keys @@ -386,6 +420,11 @@ # LDAP group of users who should be admins in GitLab. # default: nil # +# [*ldap_allow_username_or_email_login*] +# If allow_username_or_email_login is enabled, GitLab will ignore everything +# after the first '@' in the LDAP username submitted by the user on login. +# default: true +# # [*issues_tracker*] # External issues trackers. Provide a hash with all issues_tracker configuration as would # appear in gitlab.yaml. E.g. { redmine => { title => "Redmine", project_url => ... } } @@ -590,6 +629,9 @@ validate_absolute_path($gitlab_ssl_cert) validate_absolute_path($gitlab_ssl_key) + + validate_numeric($gitlab_default_theme) + validate_bool($gitlab_ssl) validate_bool($gitlab_ssl_self_signed) validate_bool($gitlab_username_change) @@ -599,6 +641,12 @@ validate_bool($gitlab_default_projects_features_wiki) validate_bool($gitlab_default_projects_features_wall) validate_bool($gitlab_default_projects_features_snippets) + validate_bool($gitlab_default_can_create_group) + validate_bool($gitlab_signup_enabled) + validate_bool($gitlab_signin_enabled) + validate_bool($gitlab_upload_pack ) + validate_bool($gitlab_receive_pack ) + validate_bool($ldap_allow_username_or_email_login) validate_re($gitlab_dbtype, '(mysql|pgsql)', 'gitlab_dbtype is not supported') validate_re("${gitlab_dbport}", '^\d+$', 'gitlab_dbport is not a valid port') @@ -615,7 +663,7 @@ validate_re($ensure, '(present|latest)', 'ensure is not valid (present|latest)') validate_re("${ssh_port}", '^\d+$', 'ssh_port is not a valid port') validate_re($gitlab_default_projects_features_visibility_level, 'private|internal|public','gitlab_default_projects_features_visibility_level is not valid') - + validate_re() if !is_ip_address($gitlab_unicorn_listen){ fail("${gitlab_unicorn_listen} is not a valid IP address") } @@ -649,6 +697,7 @@ validate_string($company_logo_url) validate_string($company_link) validate_string($company_name) + validate_string($gitlab_ssh_host) anchor { 'gitlab::begin': } -> class { '::gitlab::setup': } -> From 49b46352e56c114809ab09ea9170a6c86809be46 Mon Sep 17 00:00:00 2001 From: Ben Thomas Date: Tue, 17 Nov 2015 20:57:01 -0700 Subject: [PATCH 5/6] errant space causing tests to fail --- manifests/init.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/init.pp b/manifests/init.pp index 9305c8d..51a58bb 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -326,7 +326,7 @@ # Setting for Git over HTTP # default: true # -# [*gitlab_receive_pack *] +# [*gitlab_receive_pack*] # Setting for Git over HTTP # default: true # From 99398ac2af9e187292e11dd0d1980e47f8fd720b Mon Sep 17 00:00:00 2001 From: Ben Thomas Date: Tue, 17 Nov 2015 21:17:30 -0700 Subject: [PATCH 6/6] copy pasta issue, last one I swear --- manifests/init.pp | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index 51a58bb..1e2de63 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -644,8 +644,8 @@ validate_bool($gitlab_default_can_create_group) validate_bool($gitlab_signup_enabled) validate_bool($gitlab_signin_enabled) - validate_bool($gitlab_upload_pack ) - validate_bool($gitlab_receive_pack ) + validate_bool($gitlab_upload_pack) + validate_bool($gitlab_receive_pack) validate_bool($ldap_allow_username_or_email_login) validate_re($gitlab_dbtype, '(mysql|pgsql)', 'gitlab_dbtype is not supported') @@ -663,7 +663,7 @@ validate_re($ensure, '(present|latest)', 'ensure is not valid (present|latest)') validate_re("${ssh_port}", '^\d+$', 'ssh_port is not a valid port') validate_re($gitlab_default_projects_features_visibility_level, 'private|internal|public','gitlab_default_projects_features_visibility_level is not valid') - validate_re() + if !is_ip_address($gitlab_unicorn_listen){ fail("${gitlab_unicorn_listen} is not a valid IP address") } @@ -697,7 +697,9 @@ validate_string($company_logo_url) validate_string($company_link) validate_string($company_name) - validate_string($gitlab_ssh_host) + if $gitlab_ssh_host { + validate_string($gitlab_ssh_host) + } anchor { 'gitlab::begin': } -> class { '::gitlab::setup': } ->