I've tried this role on CentOS 6.4, CentOS 6.5, and Ubuntu 12.04, and everything seems to work great locally... But if it runs on Travis CI, I get the following:

$ curl --insecure https://localhost/
<!DOCTYPE html>
<html>
<head>
  <title>We're sorry, but something went wrong (500)</title>
  <link href="/static.css" media="screen" rel="stylesheet" type="text/css" />
</head>
<body>
  <h1>500</h1>
  <h3>We're sorry, but something went wrong.</h3>
  <hr/>
  <p>Please contact your GitLab administrator if this problem persists.</p>
</body>
</html>

For some reason, installation isn't completing (and I had to add a failed_when: false to get the role to complete installation on Travis!).

Centos 7 needs:

libselinux-python

Could you please add that ?

The Gitlab Handlers always fails, when it is executed. Adding a | bool fixes this:

• failed_when: gitlab_restart_handler_failed_when

• failed_when: gitlab_restart_handler_failed_when | bool

Tested this ansible 2.8.1.

I've opened a PR: #125

https://gitlab.com/gitlab-org/gitlab-ci-multi-runner/blob/master/docs/install/linux-repository.md

See my Nginx role for an example: https://github.com/geerlingguy/ansible-role-nginx/blob/master/templates/vhost.j2

Basically, this would allow people to override certain sections of the gitlab config file, and I wouldn't need to manage dozens of PRs requesting one or two additions to the file (making the file and settings in general overwhelming for the 80% use case).

One task that runs is Create self-signed certificate.

This task creates {{ gitlab_ssl_certificate }}, self-signed. If I want to register a gitlab-runner on other machines, then I need to copy: it to these gitlab-runner machines. Having it available in files/ would be really convenient.

Similar to how I do the managed vhosts files for Nginx and Apache roles, I'd like to allow users who need more advanced customizations to be able to do that by simply managing their own gitlab.rb file (instead of making the configurable parameters in this role overly complicated).

See:

• #12
• #6

I'm thinking of using a new gitlab_use_managed_config variable to control whether the file will be managed or not.

I set the var like described in the readme:

# Email configuration.
gitlab_email_enabled: true

what generated the gitlab.rb:

gitlab_rails['gitlab_email_enabled'] = True

what leads to a cryptic error when restarting GitLab:

NameError
---------
uninitialized constant #<Class:Gitlab>::True

A GitLab Developer pointed out that True has to be true.

https://gitlab.com/gitlab-org/gitlab-ce/issues/23522#note_17148120

I will create a PR.

Great Ansible Role, thank you.

One request, is it possible to allow the end user to provide a specific version of gitlab to install?
It could work in its current form by supplying the correct package-version string in 'gitlab_edition' but that variable is used in vars to construct the path to the installer script (which breaks when you try to provide a version).

Thanks!

Replace:

  # Make sure GitLab is running.
  - curl --insecure https://localhost/

With:

  - >
    curl --insecure -s -o /dev/null -w "%{http_code}" https://localhost/
    | grep -q '200'
    && (echo 'Status code 200 test: pass' && exit 0)
    || (echo 'Status code 200 test: fail' && exit 1)

It'd be nice to be able to toggle Git LFS (lfs_enabled) and the storage path (lfs_storage_path). See https://docs.gitlab.com/ce/workflow/lfs/lfs_administration.html.

I think this should be changed:

As GitLab now issues certs with Let's Encrypt I think this should be set to false by default.

@geerlingguy what are your thought on this?

LDAP config is incomplete, cannot add LDAP groups to groups / projects.

Can you make this role and jenkins to integrate with drupalvm?

I'm using a relative url for Gitlab (https://docs.gitlab.com/omnibus/settings/configuration.html) for example: gitlab_external_url: "https://myhost/git"

However this settings does not work and login redirect is made to https://myhost/users/sign_in

Only manual reconfigure and restart fixes this issue

sudo gitlab-ctl reconfigure
sudo gitlab-ctl restart

I'm not sure if this Ansible role related issue, maybe restart for GitLab should be made differently?

When i tried to run this on local machine, ansible said that it cannot find var/main.yml file for variables.

i modified it to the following to make it work:

roles/geerlingguy.gitlab/defaults/main.yml

On a fresh install, I can't reset the password :

gitlab asks me to change my password, without letting me log in with default password

It results in a 422.

my config :

      gitlab_nginx_listen_port: 80
      gitlab_create_self_signed_cert: "false"
      gitlab_redirect_http_to_https: "false"
      gitlab_time_zone: "Europe/Paris"

Hello,

I use ansible for few days, i am not an expert.
I would like to install your package on a remote host from a virtual machine who contains ansible but i don't know how to do it, i tried many things but it still don't working.
Could you help me how to deploy GitLab on a remote host from a virtual machine with ansible, please?

I've noticed that there is code repeated just with the intention of having OS differentiation.

- name: Install GitLab repository (RedHat)
  command: bash /tmp/gitlab_install_repository.sh
  when: (gitlab_file.stat.exists == false) and (ansible_os_family == 'RedHat')

- name: Install GitLab (RedHat)
  yum: "name=gitlab-ce state=installed"
  when: (gitlab_file.stat.exists == false) and (ansible_os_family == 'RedHat')

 ...

- name: Install GitLab repository
  command: bash /tmp/gitlab_install_repository.sh
  when: (gitlab_file.stat.exists == false) and (ansible_os_family == 'Debian')

- name: Install GitLab
  apt: "name=gitlab-ce state=installed"
  when: (gitlab_file.stat.exists == false) and (ansible_os_family == 'Debian')

The only difference is the usage of the modules yum or apt. Ansible has a generic package manager package which is useful in this situation, making the playbook shorter and OS agnostic (at least between 'Debian' and 'RedHat' families)

I will open a PR.

BTW: Thanks for taking the time writing Ansible for DevOps it's been really useful.

It would be great to have a section in the readme on upgrading. It isn't immediately clear to me if the script will upgrade gitlab. I am not experienced with gitlab but I did read that the ppa will upgrade gitlab. I'll take a more thorough look later and maybe submit a patch. This is an enhancement.

I was able to easily upgrade from CE to EE on Ubuntu 16.04 by:

1. run the EE repo install script from here
   • curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee/script.deb.sh | sudo bash
2. Install gitlab EE: sudo apt install gitlab-ee
   • this automatically uninstalled gitlab-ce
3. Run this ansible playbook again.

Great work on this project @geerlingguy thanks for sharing it!

So it all seems to work great without trouble shooting, but I'm researching ways to set the root password during the install for 100% automated installs. It looks like gitlab supports this through setting environment variables during the sudo -u git -H bundle exec rake gitlab:setup phase of things. I'm a bit rusty with Ansible and am having trouble pulling this off, though will look through the code and see if I can manage a PR if possible. If you have any insights on this task, I'd love to hear them :)

Running your gitlab role, I'm getting the error :

*5 connect() to unix:/var/opt/gitlab/gitlab-workhorse/socket failed (13: Permission denied) while connecting to upstream

Running on Ubuntu 16.04. Permissions on socket are as follows:

srwxr-xr-x 1 git git 0 Dec 8 20:43 /var/opt/gitlab/gitlab-workhorse/socket=

I have also tried the omnibus install and manual install as well and get the same error. In those cases people suggest adding the correct user to gitlab.rb external_users variable, but that seems to be the case only if running a separate nginx binary. Any ideas on how to troubleshoot?

Hi,

I'd like to disable the integrated nginx as I want to use a custom webserver and proxy any traffic directly to gitlab socket. If you are interested in integrating this upstream I don't have to patch the configuration any time ;)

regards

Sebastian

https://gitlab.com/gitlab-org/gitlab-ci-multi-runner/blob/master/docs/install/linux-repository.md

Hi,

I'm adding a backup location variable to gitlab.rb. Should I send a PR with the updated defaults.yml variable and gitlab.rb.j2 template? I'd rather not maintain a fork and I think this will be useful for others managing the location of their backup.

Thanks!

Great Role! unfortunately I am stuck on this step:

TASK [gitlab : Reconfigure GitLab (first run).] ********************************

even after restarting it is get stuck, and one time it managed to "finish" but the installation was corrupted and i saw messages like [execute] fail: redis: runsv not running when i tried to execute /opt/gitlab/bin/gitlab-ctl start

tried to run /opt/gitlab/bin/gitlab-ctl tail to see what is going on but all i see there is

==> /var/log/gitlab/gitlab-rails/production.log <==
** [Raven] Raven 2.0.2 configured not to capture errors.

==> /var/log/gitlab/gitlab-shell/gitlab-shell.log <==
Logfile created on 2017-03-30 14:26:07 +0300 by logger.rb/56438

Do you have any suggestions how to tackle it?

Does this simply need a mkdir -p, is it something more complicated, or is this just user error (if so, how?)

Here's the error, in context at the end:

TASK [ansible-role-gitlab : Reconfigure GitLab (first run).] ************************************************************
changed: [10.0.3.16] => {"changed": true, "cmd": ["gitlab-ctl", "reconfigure"], "delta": "0:00:13.562406", "end": "2018-08-26 01:58:35.925799", "failed_when_result": false, "msg": "non-zero return code", "rc": 1, "start": "2018-08-26 01:58:22.363393", "stderr": "There was an error running gitlab-ctl reconfigure:\n\nUnable to determine node name: configure node_name or configure the system's hostname and fqdn", "stderr_lines": ["There was an error running gitlab-ctl reconfigure:", "", "Unable to determine node name: configure node_name or configure the system's hostname and fqdn"], "stdout": "Starting Chef Client, version 13.6.4\u001b[0m\n\u001b[0m\nRunning handlers:\u001b[0m\nRunning handlers complete\n\u001b[0mChef Client failed. 0 resources updated in 05 seconds\u001b[0m", "stdout_lines": ["Starting Chef Client, version 13.6.4\u001b[0m", "\u001b[0m", "Running handlers:\u001b[0m", "Running handlers complete", "\u001b[0mChef Client failed. 0 resources updated in 05 seconds\u001b[0m"]}

TASK [ansible-role-gitlab : Create GitLab SSL configuration folder.] ****************************************************
changed: [10.0.3.16] => {"changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/gitlab/ssl", "size": 4096, "state": "directory", "uid": 0}

TASK [ansible-role-gitlab : Create self-signed certificate.] ************************************************************
ok: [10.0.3.16] => ...

TASK [ansible-role-gitlab : Copy GitLab configuration file.] ************************************************************
changed: [10.0.3.16] => {"changed": true, "checksum": "ac82c3ec63e0da9d9b49c4a4db84982fd478d1de", "dest": "/etc/gitlab/gitlab.rb", "gid": 0, "group": "root", "md5sum": "9b2bc4807b8eb982c7e3ad6f33013a72", "mode": "0600", "owner": "root", "size": 2290, "src": "/home/vagrant/.ansible/tmp/ansible-tmp-1535248718.59-244650974648314/source", "state": "file", "uid": 0}

TASK [ansible-role-gitlab : Upload backup] ******************************************************************************
fatal: [10.0.3.16]: FAILED! => {"changed": false, "checksum": "492a4591db132ddb8cbbb183ad5e73d98f0fe558", "msg": "Destination directory /var/opt/gitlab does not exist"}

I tried to install Gitlab in a (Proxmox) container and ran into a filesystem read-only issue while this role wanted to change the kernel.shmall and kernel.shmmax settings in sysctl.

sysctl settings are usually not writeable within such a container.

I try to use AWS ELB SSL termination and therefore run gitlab http only. The following vars do not work:

    gitlab_external_url: "http://gitlab.example.com"
    gitlab_redirect_http_to_https: "false"
    gitlab_nginx_listen_port: 80
    gitlab_nginx_listen_https: "false"

nginx throws a 400 with "The plain HTTP request was sent to HTTPS port".

Hello!

I'm trying to set up gitlab with https redirection, I'm using the gitlab.rb.j2 template mentioned in the readme. The problem is, I'm getting an untrusted certificate error.

My question would be: Do I need to do more than just running the role with the template ? Do I need to verify the certificate somehow ? Does it even set up a certificate for me (as far as I know it does but I might be missing something) ? If it does and no further action is needed, why does it still give me an untrusted cert error ?

Thank' for the answer, and sorry if I'm asking something obvious, I just can't figure it out.

When trying to run the role, follwing task is failing:

TASK: [geerlingguy.gitlab | Install GitLab] *********************************** 
failed: [myhost.de] => {"failed": true}
msg: No package matching 'gitlab-ce' is available

When looking at

- name: Install GitLab
  apt: "name=gitlab-ce state=installed"
  when: (gitlab_file.stat.exists == false) and (ansible_os_family == 'Debian')

I first thought it might be a missing apt-get update, but checking the apt repos and actually doing an apt-get update on the server showed me:

Hit https://packages.gitlab.com vivid InRelease
Hit http://security.ubuntu.com vivid-security/universe Translation-en
Hit https://packages.gitlab.com vivid/main Sources                   
Hit https://packages.gitlab.com vivid/main amd64 Packages
Hit https://packages.gitlab.com vivid/main i386 Packages
Get:1 https://packages.gitlab.com vivid/main Translation-en
Get:2 https://packages.gitlab.com vivid/main Translation-en [162 B]
Get:3 https://packages.gitlab.com vivid/main Translation-en [162 B]
Get:4 https://packages.gitlab.com vivid/main Translation-en [162 B]
Get:5 https://packages.gitlab.com vivid/main Translation-en [162 B]
Ign https://packages.gitlab.com vivid/main Translation-en
Reading package lists... Done 

Any idea what might cause this?

The URL for the installation script is configurable, so I can use that one for the installation, but the package name is not. I haven't checked to see if it runs to completion, but can the name be made a variable so I can override it with gitlab-ee, in my case?

Right now all the tests are run within only Ubuntu 12/14 on Travis CI directly. I'd rather test in clean Docker environments like I do my other roles... but it might be a little tricky since GitLab's installation is rather complicated and kinda convoluted. At least it was last time I attempted this.

The failed_when: false line in the reconfigure handler is suppressing all errors in the gitlab-ctl reconfigure process. This isn't something that should be allowed to fail silently so I assume this was added for testing purposes and forgotten about?

I ran into this while drastically expanding the gitlab.rb.j2 template, and going back after adding 20 or 30 options only to discover that all my passing tests had in fact been failing.

With an intentionally malformed template file, here's the result of running the handler with the existing code:

NOTIFIED: [ansible-role-gitlab | restart gitlab] ****************************** 
changed: [172.16.6.189] => {"changed": true, "cmd": ["gitlab-ctl", "reconfigure"], "delta": "0:00:04.656031", "end": "2015-03-01 14:38:38.925464", "failed": false, "failed_when_result": false, "rc": 1, "start": "2015-03-01 14:38:34.269433", "stderr":  ...... snipped ..... ", "stdout": .....snipped.....", "warnings": []}

Without including the large amount of failure text in stdout, it's clear that when the return code is non-zero the role shouldn't be marking the step as changed successfully.

If there was a good reason for suppressing any warnings from gitlab-ctl please ignore.

Since Travis seems to cause issues with GitLab installation via Chef/omnibus, I need to be able to use a failed_when: false in the restart gitlab handler. Since it's best to leave that not set as false for general role usage, I need to use a variable for the failed_when value. Setting an empty string breaks the handler, so I'll need to also register the result of the command and set a default value for a new variable like gitlab_restart_handler_failed_when: 'gitlab_restart.rc != 0'.

I'll leave this new variable undocumented, since nobody should really ever be overriding it anyways, except in weird circumstances.

When trying to run tasks

- name: Install GitLab repository
  command:  bash /tmp/gitlab_install_repository.sh
  when: (gitlab_file.stat.exists == false)

- name: Define the Gitlab package name.
  set_fact:
    gitlab_package_name: "{{ gitlab_edition }}{{ gitlab_package_version_separator }}{{ gitlab_version }}"
  when: gitlab_version != ''

follwing task is failing:

- name: Install GitLab
  package:
    name: "{{ gitlab_package_name | default(gitlab_edition) }}"
    state: present
  when: (gitlab_file.stat.exists == false)

is falling:

fatal: [rs]: FAILED! => {"changed": false, "msg": "No package matching 'gitlab-ce' is available"}

but if I call

- command: apt install gitlab-ce

package is found and installed!

Hi,

when using the latest ansible version gitlab-ctl reconfigure fails. It looks like jinja is evaluating "false" to False. This is easy to fix by adding a lower pipe filter.

See https://gitlab.com/gitlab-org/omnibus-gitlab/issues/4664 and https://gitlab.com/gitlab-org/omnibus-gitlab/issues/4664#note_221509413

regards

Sebastian

I run a reverse proxy on ports 80&443. I would like to run GitLab behind it. Found no defaults to change for that.

Some people place user home directories in locations other than /home/[user]. Making the home directory location configurable would be a big help.

Hello, i'm add customization options in configuration for better tuning gitlab from playbook.
See code in PR: #132 .

Hi,

I tried using this but had the following error installing the Gitlab repository.
Not sure what to so to fix this. as quite new to ansible.

Help is appreciated.

Cheers

KArl

< TASK [geerlingguy.gitlab : Install GitLab repository] >

    \   ^__^
     \  (oo)\_______
        (__)\       )\/\
            ||----w |
            ||     ||

<52.64.147.103> ESTABLISH SSH CONNECTION FOR USER: ubuntu
<52.64.147.103> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/home/robertk/.ansible/cp/ansible-ssh-%h-%p-%r" -o Port=22 -o IdentityFile="/home/robertk/.ssh/avo-infra.pem" -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ubuntu -o ConnectTimeout=10 52.64.147.103 (umask 22 && mkdir -p "$HOME/.ansible/tmp/ansible-tmp-1442204634.57-60423092737780" && echo "$HOME/.ansible/tmp/ansible-tmp-1442204634.57-60423092737780")
<52.64.147.103> ESTABLISH SSH CONNECTION FOR USER: ubuntu
<52.64.147.103> PUT /tmp/tmpebonCK TO /home/ubuntu/.ansible/tmp/ansible-tmp-1442204634.57-60423092737780/command
<52.64.147.103> ESTABLISH SSH CONNECTION FOR USER: ubuntu
<52.64.147.103> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/home/robertk/.ansible/cp/ansible-ssh-%h-%p-%r" -o Port=22 -o IdentityFile="/home/robertk/.ssh/avo-infra.pem" -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ubuntu -o ConnectTimeout=10 52.64.147.103 /bin/sh -c 'sudo -H -n -S -u root /bin/sh -c '"'"'echo BECOME-SUCCESS-ccwwxkzhzmbeaewuovlcxjtfkdvqgecz; LANG=en_US.UTF-8 LC_MESSAGES=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/ubuntu/.ansible/tmp/ansible-tmp-1442204634.57-60423092737780/command; rm -rf "/home/ubuntu/.ansible/tmp/ansible-tmp-1442204634.57-60423092737780/" > /dev/null 2>&1'"'"''
fatal: [52.64.147.103]: FAILED! => {"changed": false, "failed": true, "msg": "BECOME-SUCCESS-ccwwxkzhzmbeaewuovlcxjtfkdvqgecz\r\nTraceback (most recent call last):\r\n File "/home/ubuntu/.ansible/tmp/ansible-tmp-1442204634.57-60423092737780/command", line 1914, in \r\n main()\r\n File "/home/ubuntu/.ansible/tmp/ansible-tmp-1442204634.57-60423092737780/command", line 91, in main\r\n module = CommandModule(argument_spec=dict())\r\n File "/home/ubuntu/.ansible/tmp/ansible-tmp-1442204634.57-60423092737780/command", line 544, in init\r\n self._check_for_check_mode()\r\n File "/home/ubuntu/.ansible/tmp/ansible-tmp-1442204634.57-60423092737780/command", line 1080, in _check_for_check_mode\r\n for (k,v) in self.params.iteritems():\r\nAttributeError: 'tuple' object has no attribute 'iteritems'\r\nOpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014\r\ndebug1: Reading configuration data /home/robertk/.ssh/config\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 19: Applying options for *\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 20769\r\ndebug3: mux_client_request_session: session request sent\r\ndebug1: mux_client_request_session: master session id: 2\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\nShared connection to 52.64.147.103 closed.\r\n", "parsed": false}

Hello Jeff,

It will probably be good to have an example of copying an existing SSL certificate to the machine that is managed by ansible, in case you want to secure your gitlab installation with real and non-self-generated certificate. What do you think?

So, I just attempted to run this on my Raspberry Pi 3, and it errored out on Install GitLab repository, and whilst parsing through the role, I noticed that the main GitLab script is not being called through any type of become options. And, your documentation does not specify including become: True in our play for your role.

Not sure if this was an omission error or what, but I just ran the script on my own, first just as bash <script> and it failed the same,

Detected operating system as raspbian/stretch.
Checking for curl...
Detected curl...
Running apt-get update... done.
Installing apt-transport-https... done.
Installing /etc/apt/sources.list.d/gitlab_gitlab-ce.list..../gitlab_install_repository.sh: line 115: /etc/apt/sources.list.d/gitlab_gitlab-ce.list: Permission denied

Unable to run:
    curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/config_file.list?os=raspbian&dist=stretch&source=script

Double check your curl installation and try again.

Once I ran with sudo, it completed without error.

Hey!
You made a good job with this role.

I have changed gitlab_git_data_dir and backup path.
This does not work. Both directories are not set in config.
It would be usefull to check if it is necessary to create both directories.

I added this in tasks/main.yml. Do you have a better idea?

- name: Check data dir and create it if necessary
   file:
     path: "{{ gitlab_git_data_dir }}"
     state: directory
  when: gitlab_git_data_dir != ""

- name: Check backup dir and create it if necessary
   file:
     path: "{{ gitlab_backup_path }}"
     state: directory
  when: gitlab_backup_path != ""

Good day.
Can you help me. i need role that includes variables and templates, also this role must depend on your gitlab role.
Thank you in advance

As it's a recommended practice, it could be nice to add a small check on the existence of a swap partition, just to warn users... https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/install/requirements.md.
Thanks anyway for this role

I have an old gitlab installed with this playbook.
Can you give an advice of how to updated it?
Is there a chance that i can loose my repositories running this playbook again?

After a fresh install, the result of the https://localhost/users/sign_in is a redirection (http 302) to
https://localhost/users/password/edit?reset_password_token=xxx

The consequence is on the travis. It checks the http 200 return code and ignores a such result "found" 302.

HI!
I try Install gitlab using this playbook using squid in Corporate NetWork.
But dont work
Please add support install using proxy (squid)
Thanks!