Grid環境構築用のChefリポジトリです。
修订版 | 537ff277da13bc4b94cd124686d3676299a97fcd (tree) |
---|---|
时间 | 2017-08-13 10:58:47 |
作者 | whitestar <whitestar@user...> |
Commiter | whitestar |
improves devops-suite roles.
@@ -50,6 +50,9 @@ attrs = { | ||
50 | 50 | 'engine' => { |
51 | 51 | 'skip_setup' => false, |
52 | 52 | 'daemon_extra_options' => dockerd_extra_opts |
53 | + #'users_allow' => [ | |
54 | + # '<your_login_name>', | |
55 | + #], | |
53 | 56 | }, |
54 | 57 | 'compose' => { |
55 | 58 | 'skip_setup' => false, |
@@ -102,6 +105,12 @@ attrs = { | ||
102 | 105 | #'time_zone' => 'Asia/Tokyo', |
103 | 106 | 'gitlab_shell_ssh_port' => gitlab_ssh_port.to_i, |
104 | 107 | }, |
108 | + 'postgresql' => { | |
109 | + 'shared_buffers' => '128MB', # default: 1975MB | |
110 | + }, | |
111 | + 'unicorn' => { | |
112 | + 'worker_processes' => 1, # default: 5 | |
113 | + }, | |
105 | 114 | }, |
106 | 115 | 'docker-compose' => { |
107 | 116 | 'config' => { |
@@ -42,6 +42,11 @@ gitlab_reg_port = '5050' | ||
42 | 42 | jenkins_cn = host_cn # e.g. 'jenkins.io.example.com' |
43 | 43 | jenkins_port = '9083' |
44 | 44 | nexus_cn = host_cn # e.g. 'nexus.io.example.com' |
45 | +dockerd_extra_opts = [ | |
46 | + '-H fd://', | |
47 | + '--bip=192.168.100.1/24 --fixed-cidr=192.168.100.0/24', | |
48 | + #"--registry-mirror=https://#{docker_reg_cn}:#{docker_reg_port}", | |
49 | +].join(' ') | |
45 | 50 | |
46 | 51 | # for debug |
47 | 52 | with_ssl = true |
@@ -56,6 +61,57 @@ common_names = [ | ||
56 | 61 | nexus_cn, |
57 | 62 | ].compact.uniq |
58 | 63 | |
64 | +# for GitLab | |
65 | +ldap_servers = <<-'EOS' | |
66 | +main: # 'main' is the GitLab 'provider ID' of this LDAP server | |
67 | + label: 'LDAP' | |
68 | + host: 'ldap.grid.example.com' | |
69 | + port: 389 | |
70 | + uid: 'uid' # 'sAMAccountName' | |
71 | + method: 'tls' # "tls" or "ssl" or "plain" | |
72 | + #bind_dn: '_the_full_dn_of_the_user_you_will_bind_with' | |
73 | + #password: '_the_password_of_the_bind_user' | |
74 | + active_directory: false | |
75 | + allow_username_or_email_login: false | |
76 | + block_auto_created_users: false | |
77 | + base: 'ou=Users,dc=grid,dc=example,dc=com' | |
78 | + #user_filter: '' | |
79 | + attributes: | |
80 | + username: ['uid', 'userid', 'sAMAccountName'] | |
81 | + email: ['mail', 'email', 'userPrincipalName'] | |
82 | + name: 'cn' | |
83 | + first_name: 'givenName' | |
84 | + last_name: 'sn' | |
85 | + ## EE only | |
86 | + #group_base: '' | |
87 | + #admin_group: '' | |
88 | + #sync_ssh_keys: false | |
89 | +# | |
90 | +#secondary: # 'secondary' is the GitLab 'provider ID' of second LDAP server | |
91 | +# label: 'LDAP' | |
92 | +# host: '_your_ldap_server' | |
93 | +# port: 389 | |
94 | +# uid: 'sAMAccountName' | |
95 | +# method: 'plain' # "tls" or "ssl" or "plain" | |
96 | +# bind_dn: '_the_full_dn_of_the_user_you_will_bind_with' | |
97 | +# password: '_the_password_of_the_bind_user' | |
98 | +# active_directory: true | |
99 | +# allow_username_or_email_login: false | |
100 | +# block_auto_created_users: false | |
101 | +# base: '' | |
102 | +# user_filter: '' | |
103 | +# attributes: | |
104 | +# username: ['uid', 'userid', 'sAMAccountName'] | |
105 | +# email: ['mail', 'email', 'userPrincipalName'] | |
106 | +# name: 'cn' | |
107 | +# first_name: 'givenName' | |
108 | +# last_name: 'sn' | |
109 | +# ## EE only | |
110 | +# group_base: '' | |
111 | +# admin_group: '' | |
112 | +# sync_ssh_keys: false | |
113 | +EOS | |
114 | + | |
59 | 115 | run_list( |
60 | 116 | 'role[devops-suite-on-docker]', |
61 | 117 | 'recipe[docker-grid::registry]', |
@@ -75,6 +131,7 @@ override_attributes( | ||
75 | 131 | 'docker-grid' => { |
76 | 132 | 'engine' => { |
77 | 133 | 'skip_setup' => false, |
134 | + 'daemon_extra_options' => dockerd_extra_opts, | |
78 | 135 | }, |
79 | 136 | 'compose' => { |
80 | 137 | 'skip_setup' => false, |
@@ -171,7 +228,14 @@ override_attributes( | ||
171 | 228 | 'external_url' => "https://#{gitlab_cn}:#{gitlab_https_port}", |
172 | 229 | 'registry_external_url' => "https://#{gitlab_cn}:#{gitlab_reg_port}", # not 5000 if same domain (common name) |
173 | 230 | 'gitlab_rails' => { |
174 | - # 'time_zone' => 'Asia/Tokyo', | |
231 | + #'ldap_enabled' => true, | |
232 | + #'ldap_servers' => YAML.load(ldap_servers), | |
233 | + }, | |
234 | + 'nginx' => { | |
235 | + 'redirect_http_to_https' => true, | |
236 | + }, | |
237 | + 'registry_nginx' => { | |
238 | + 'redirect_http_to_https' => true, | |
175 | 239 | }, |
176 | 240 | }, |
177 | 241 | 'docker-compose' => { |