diff --git a/examples/ansible/role.gitlab-omnibus-on-ec2/defaults/main.yml b/examples/ansible/role.gitlab-omnibus-on-ec2/defaults/main.yml new file mode 100644 index 0000000..290decb --- /dev/null +++ b/examples/ansible/role.gitlab-omnibus-on-ec2/defaults/main.yml @@ -0,0 +1,14 @@ +--- + +install_method: package +external_url: https://{{ ansible_fqdn }} +gitlab_version: null + +# Random but idempotent, so it will not change every time the role is applied. +# It is only used for installation anyways. +initial_password: "{{ lookup('ansible.builtin.password', '/dev/null', seed=inventory_hostname) }}" + +certificate_privatekey_type: RSA +certificate_privatekey_rsa_size: 2048 +certificate_must_be_wildcard: false +certificate_dir: /etc/gitlab/ssl diff --git a/examples/pulumi/gitlab-omnibus-on-aws-ec2/ansible-role-gitlab-omnibus-on-ec2/files/gitlab_gitlab-ee.repo b/examples/ansible/role.gitlab-omnibus-on-ec2/files/yum.gitlab_gitlab-ee.repo similarity index 100% rename from examples/pulumi/gitlab-omnibus-on-aws-ec2/ansible-role-gitlab-omnibus-on-ec2/files/gitlab_gitlab-ee.repo rename to examples/ansible/role.gitlab-omnibus-on-ec2/files/yum.gitlab_gitlab-ee.repo diff --git a/examples/ansible/role.gitlab-omnibus-on-ec2/handlers/certify/package.yml b/examples/ansible/role.gitlab-omnibus-on-ec2/handlers/certify/package.yml new file mode 100644 index 0000000..3f4758e --- /dev/null +++ b/examples/ansible/role.gitlab-omnibus-on-ec2/handlers/certify/package.yml @@ -0,0 +1,65 @@ +--- + +- name: Create the DNS TXT record for challenge validation + when: external_url_hostname in dns_challenge.challenge_data + tags: + - aws + - route53 + become: true + amazon.aws.route53: + zone: apolloagriculture.com # FIXME + record: "{{ dns_challenge.challenge_data[external_url_hostname]['dns-01'].record }}" + type: TXT + ttl: 60 + state: present + overwrite: true + wait: true + value: + # Value should be enclosed in quotation marks + >- + {{ + dns_challenge.challenge_data[external_url_hostname]['dns-01'].resource_value + | regex_replace('^(.*)$', '"\1"') + }} + notify: + - Validate the challenge and issue the certificate + - Remove the TXT record for challenge validation from the DNS + - "Restart Gitlab's nginx" + +- name: Validate the challenge and issue the certificate + become: true + community.crypto.acme_certificate: + challenge: dns-01 + acme_version: 2 + acme_directory: https://acme-v02.api.letsencrypt.org/directory + account_key_src: "{{ letsencrypt_privatekey_path }}" + account_email: "{{ acme_account_email }}" + csr: "{{ certificate_csr_path }}" + cert: "{{ certificate_path }}" + remaining_days: 29 + terms_agreed: true + data: "{{ dns_challenge }}" + force: true # required to overwrite existing certificates + register: certificate_validation + +- name: Remove the TXT record for challenge validation from the DNS + vars: + validation_record: "{{ ['_acme-challenge', external_url_hostname] | join('.') }}" + when: + - certificate_validation is not failed + - query('community.dns.lookup', validation_record, type='TXT') != [] + tags: + - aws + - route53 + become: true + amazon.aws.route53: + zone: apolloagriculture.com # FIXME + record: "{{ validation_record }}" + type: TXT + state: absent + wait: true + +- name: "Restart Gitlab's nginx" + when: certificate_validation is not failed + become: true + ansible.builtin.command: gitlab-ctl restart 'nginx' diff --git a/examples/pulumi/gitlab-omnibus-on-aws-ec2/ansible-role-gitlab-omnibus-on-ec2/handlers/main.yml b/examples/ansible/role.gitlab-omnibus-on-ec2/handlers/configure/package.yml similarity index 81% rename from examples/pulumi/gitlab-omnibus-on-aws-ec2/ansible-role-gitlab-omnibus-on-ec2/handlers/main.yml rename to examples/ansible/role.gitlab-omnibus-on-ec2/handlers/configure/package.yml index 414bb7b..6d70a86 100644 --- a/examples/pulumi/gitlab-omnibus-on-aws-ec2/ansible-role-gitlab-omnibus-on-ec2/handlers/main.yml +++ b/examples/ansible/role.gitlab-omnibus-on-ec2/handlers/configure/package.yml @@ -2,8 +2,7 @@ - name: "Validate Gitlab's configuration file" become: true - ansible.builtin.command: >- - gitlab-ctl show-config + ansible.builtin.command: gitlab-ctl show-config register: config_file_validation changed_when: false failed_when: config_file_validation.rc != 0 @@ -11,8 +10,7 @@ - name: Reconfigure Gitlab when: config_file_validation is not failed become: true - ansible.builtin.command: >- - gitlab-ctl reconfigure + ansible.builtin.command: gitlab-ctl reconfigure register: reconfiguration changed_when: - reconfiguration.rc == 0 diff --git a/examples/ansible/role.gitlab-omnibus-on-ec2/handlers/install/package.yml b/examples/ansible/role.gitlab-omnibus-on-ec2/handlers/install/package.yml new file mode 100644 index 0000000..6652a85 --- /dev/null +++ b/examples/ansible/role.gitlab-omnibus-on-ec2/handlers/install/package.yml @@ -0,0 +1,16 @@ +--- + +- name: Show the settings for initial access + tags: + - credentials + - initial + - password + ansible.builtin.debug: + msg: >- + {{ + dict([ + [ 'URL', external_url ], + [ 'Username', 'root' ], + [ 'Initial Password', initial_password ] + ]) + }} diff --git a/examples/ansible/role.gitlab-omnibus-on-ec2/handlers/main.yml b/examples/ansible/role.gitlab-omnibus-on-ec2/handlers/main.yml new file mode 100644 index 0000000..a74433e --- /dev/null +++ b/examples/ansible/role.gitlab-omnibus-on-ec2/handlers/main.yml @@ -0,0 +1,27 @@ +--- + +- name: Load installation handlers + tags: + - "{{ install_method }}" + - gitlab + - install + ansible.builtin.import_tasks: + file: "{{ role_path }}/handlers/install/{{ install_method }}.yml" + +- name: Load configuration handlers + tags: + - "{{ install_method }}" + - configuration + - configure + - gitlab + ansible.builtin.import_tasks: + file: "{{ role_path }}/handlers/configure/{{ install_method }}.yml" + +- name: Load certification handlers + tags: + - "{{ install_method }}" + - certificate + - certify + - gitlab + ansible.builtin.import_tasks: + file: "{{ role_path }}/handlers/certify/{{ install_method }}.yml" diff --git a/examples/pulumi/gitlab-omnibus-on-aws-ec2/ansible-role-gitlab-omnibus-on-ec2/meta/main.yml b/examples/ansible/role.gitlab-omnibus-on-ec2/meta/main.yml similarity index 50% rename from examples/pulumi/gitlab-omnibus-on-aws-ec2/ansible-role-gitlab-omnibus-on-ec2/meta/main.yml rename to examples/ansible/role.gitlab-omnibus-on-ec2/meta/main.yml index 1b085fc..fcbd59d 100644 --- a/examples/pulumi/gitlab-omnibus-on-aws-ec2/ansible-role-gitlab-omnibus-on-ec2/meta/main.yml +++ b/examples/ansible/role.gitlab-omnibus-on-ec2/meta/main.yml @@ -1,4 +1,6 @@ --- collections: + - amazon.aws + - community.crypto - community.dns diff --git a/examples/ansible/role.gitlab-omnibus-on-ec2/tasks/certify/package.yml b/examples/ansible/role.gitlab-omnibus-on-ec2/tasks/certify/package.yml new file mode 100644 index 0000000..416ed9b --- /dev/null +++ b/examples/ansible/role.gitlab-omnibus-on-ec2/tasks/certify/package.yml @@ -0,0 +1,52 @@ +--- + +- name: Set up the requirements + block: + - name: Install required python libraries + become: true + ansible.builtin.package: + name: python3-boto3 + - name: Ensure the destination folder exists + check_mode: false + become: true + ansible.builtin.file: + path: "{{ certificate_dir }}" + state: directory + owner: root + group: root + mode: u=rwx,g=rx,o=rx + +- name: Generate OpenSSL private keys for the account and the certificate + become: true + community.crypto.openssl_privatekey: + path: "{{ item }}" + type: "{{ certificate_privatekey_type }}" + size: "{{ (certificate_privatekey_type == 'RSA') | ternary(certificate_privatekey_rsa_size, omit) }}" + regenerate: partial_idempotence + backup: true + with_items: + - "{{ certificate_privatekey_path }}" + - "{{ letsencrypt_privatekey_path }}" + + +- name: Generate the CRS for the certificate + become: true + community.crypto.openssl_csr: + path: "{{ certificate_csr_path }}" + privatekey_path: "{{ certificate_privatekey_path }}" + common_name: "{{ certificate_csr_commonname }}" + +- name: Create the DNS challenge for '{{ external_url_hostname }}' + become: true + community.crypto.acme_certificate: + challenge: dns-01 + acme_version: 2 + acme_directory: https://acme-v02.api.letsencrypt.org/directory + account_key_src: "{{ letsencrypt_privatekey_path }}" + account_email: "{{ acme_account_email }}" + csr: "{{ certificate_csr_path }}" + cert: "{{ certificate_path }}" + terms_agreed: true + remaining_days: 29 + register: dns_challenge + notify: Create the DNS TXT record for challenge validation diff --git a/examples/ansible/role.gitlab-omnibus-on-ec2/tasks/configure/package.yml b/examples/ansible/role.gitlab-omnibus-on-ec2/tasks/configure/package.yml new file mode 100644 index 0000000..cbd2104 --- /dev/null +++ b/examples/ansible/role.gitlab-omnibus-on-ec2/tasks/configure/package.yml @@ -0,0 +1,32 @@ +--- + +- name: Ensure the destination folder exists + check_mode: false + become: true + ansible.builtin.file: + path: /etc/gitlab + state: directory + owner: root + group: root + mode: u=rwx,g=rwx,o=rx + +- name: Create the configuration file + become: true + ansible.builtin.template: + src: gitlab.rb.j2 + dest: /etc/gitlab/gitlab.rb + owner: root + group: root + mode: u=rw,g=,o= + backup: true + notify: + - "Validate Gitlab's configuration file" + - Reconfigure Gitlab + +- name: Configure settings that are unreachable from the configuration file + become: true + ansible.builtin.command: >- + gitlab-rails runner ' + ::Gitlab::CurrentSettings.update!(signup_enabled: false); + ' + changed_when: true diff --git a/examples/ansible/role.gitlab-omnibus-on-ec2/tasks/install/package.yml b/examples/ansible/role.gitlab-omnibus-on-ec2/tasks/install/package.yml new file mode 100644 index 0000000..dba5b68 --- /dev/null +++ b/examples/ansible/role.gitlab-omnibus-on-ec2/tasks/install/package.yml @@ -0,0 +1,46 @@ +--- + +# Follow 'https://about.gitlab.com/install/#amazonlinux-2023'. + +- name: Add Gitlab's repositories + tags: + - repo + - repository + - repositories + become: true + ansible.builtin.yum_repository: + # Refer 'files/yum.gitlab_gitlab-ee.repo'. + name: "{{ item.name }}" + description: "{{ item.description }}" + baseurl: "{{ item.baseurl }}" + repo_gpgcheck: true + gpgcheck: true + gpgkey: |- + https://packages.gitlab.com/gitlab/gitlab-ee/gpgkey + https://packages.gitlab.com/gitlab/gitlab-ee/gpgkey/gitlab-gitlab-ee-3D645A26AB9FBD22.pub.gpg + sslverify: true + sslcacert: /etc/pki/tls/certs/ca-bundle.crt + metadata_expire: 300 + protect: true + with_items: + - name: gitlab-ee + description: gitlab-ee + baseurl: https://packages.gitlab.com/gitlab/gitlab-ee/amazon/2023/$basearch + - name: gitlab-ee-source + description: gitlab-ee-source + baseurl: https://packages.gitlab.com/gitlab/gitlab-ee/amazon/2023/SRPMS + +- name: Install Gitlab's omnibus package + tags: + - package + environment: + EXTERNAL_URL: "{{ external_url }}" + GITLAB_ROOT_PASSWORD: "{{ initial_password }}" + become: true + ansible.builtin.package: + name: >- + {{ + (gitlab_version is ansible.builtin.version('16.9.0', '>=', version_type='semver')) + | ternary(['gitlab-ee', gitlab_version] | join('-'), 'gitlab-ee') + }} + notify: Show the settings for initial access diff --git a/examples/pulumi/gitlab-omnibus-on-aws-ec2/ansible-role-gitlab-omnibus-on-ec2/tasks/main.yml b/examples/ansible/role.gitlab-omnibus-on-ec2/tasks/main.yml similarity index 68% rename from examples/pulumi/gitlab-omnibus-on-aws-ec2/ansible-role-gitlab-omnibus-on-ec2/tasks/main.yml rename to examples/ansible/role.gitlab-omnibus-on-ec2/tasks/main.yml index 32dfa4b..6a83fff 100644 --- a/examples/pulumi/gitlab-omnibus-on-aws-ec2/ansible-role-gitlab-omnibus-on-ec2/tasks/main.yml +++ b/examples/ansible/role.gitlab-omnibus-on-ec2/tasks/main.yml @@ -23,3 +23,11 @@ - gitlab ansible.builtin.import_tasks: file: "{{ role_path }}/tasks/configure/{{ install_method }}.yml" +- name: Validate certificate for '{{ external_url_hostname }}' + tags: + - "{{ install_method }}" + - certificate + - certify + - gitlab + ansible.builtin.import_tasks: + file: "{{ role_path }}/tasks/certify/{{ install_method }}.yml" diff --git a/examples/pulumi/gitlab-omnibus-on-aws-ec2/ansible-role-gitlab-omnibus-on-ec2/tasks/pre-flight.yml b/examples/ansible/role.gitlab-omnibus-on-ec2/tasks/pre-flight.yml similarity index 74% rename from examples/pulumi/gitlab-omnibus-on-aws-ec2/ansible-role-gitlab-omnibus-on-ec2/tasks/pre-flight.yml rename to examples/ansible/role.gitlab-omnibus-on-ec2/tasks/pre-flight.yml index efec87f..1793882 100644 --- a/examples/pulumi/gitlab-omnibus-on-aws-ec2/ansible-role-gitlab-omnibus-on-ec2/tasks/pre-flight.yml +++ b/examples/ansible/role.gitlab-omnibus-on-ec2/tasks/pre-flight.yml @@ -29,21 +29,21 @@ {{ supported_external_url_schemes }} success_msg: External URL scheme '{{ external_url_scheme }}' supported by the role -- name: "Check the DNS entries required by Let's Encrypt exist" - when: letsencrypt_enabled +- name: Check the requirements for certificate validation + when: external_url_scheme == 'https' block: - - name: AAAA - tags: - - debug - - never - ansible.builtin.debug: - msg: "{{ query('community.dns.lookup', external_url_hostname) }}" + - name: Check the given acme account email is in a valid email format + ansible.builtin.assert: + that: ('mailto://' + acme_account_email) is ansible.builtin.url + fail_msg: >- + Acme account email '{{ acme_account_email }}' is not a valid email, set 'acme_account_email' to a valid one + success_msg: Acme account email '{{ acme_account_email }}' is a valid email - name: Check an A or AAAA DNS record already exists for '{{ external_url_hostname }}' ansible.builtin.assert: that: >- query('community.dns.lookup', external_url_hostname) != [] or query('community.dns.lookup', external_url_hostname, type='AAAA') != [] fail_msg: >- - Let's Encrypt feature enabled but no DNS entry of type 'A' or 'AAAA' found for '{{ external_url_hostname }}', - create one first + Certificate validation requested but no required DNS entry of type 'A' or 'AAAA' found for + '{{ external_url_hostname }}', create one first success_msg: Required DNS entry found for '{{ external_url_hostname }}' diff --git a/examples/pulumi/gitlab-omnibus-on-aws-ec2/ansible-role-gitlab-omnibus-on-ec2/templates/gitlab.16.11.1.default.rb.j2 b/examples/ansible/role.gitlab-omnibus-on-ec2/templates/gitlab.16.11.1.default.rb.j2 similarity index 100% rename from examples/pulumi/gitlab-omnibus-on-aws-ec2/ansible-role-gitlab-omnibus-on-ec2/templates/gitlab.16.11.1.default.rb.j2 rename to examples/ansible/role.gitlab-omnibus-on-ec2/templates/gitlab.16.11.1.default.rb.j2 diff --git a/examples/pulumi/gitlab-omnibus-on-aws-ec2/ansible-role-gitlab-omnibus-on-ec2/templates/gitlab.rb.j2 b/examples/ansible/role.gitlab-omnibus-on-ec2/templates/gitlab.rb.j2 similarity index 86% rename from examples/pulumi/gitlab-omnibus-on-aws-ec2/ansible-role-gitlab-omnibus-on-ec2/templates/gitlab.rb.j2 rename to examples/ansible/role.gitlab-omnibus-on-ec2/templates/gitlab.rb.j2 index dbf1749..314b57b 100644 --- a/examples/pulumi/gitlab-omnibus-on-aws-ec2/ansible-role-gitlab-omnibus-on-ec2/templates/gitlab.rb.j2 +++ b/examples/ansible/role.gitlab-omnibus-on-ec2/templates/gitlab.rb.j2 @@ -9,4 +9,4 @@ external_url '{{ external_url }}' # LetsEncrypt integration -letsencrypt['enable'] = {{ letsencrypt_enabled | bool |lower }} +letsencrypt['enable'] = false diff --git a/examples/ansible/role.gitlab-omnibus-on-ec2/vars/main.yml b/examples/ansible/role.gitlab-omnibus-on-ec2/vars/main.yml new file mode 100644 index 0000000..0648b7a --- /dev/null +++ b/examples/ansible/role.gitlab-omnibus-on-ec2/vars/main.yml @@ -0,0 +1,24 @@ +--- + +external_url_hostname: "{{ external_url | ansible.builtin.urlsplit('hostname') }}" +external_url_scheme: "{{ external_url | ansible.builtin.urlsplit('scheme') }}" +supported_external_url_schemes: + - http + - https + +supported_install_methods: + - package + +certificate_csr_commonname: >- + {{ + certificate_must_be_wildcard + | ternary(['*', external_url_hostname] | join('.'), external_url_hostname) + }} +certificate_csr_name: "{{ [external_url_hostname, 'csr'] | join('.') }}" +certificate_csr_path: "{{ [certificate_dir, certificate_csr_name] | path_join }}" +certificate_name: "{{ [external_url_hostname, 'crt'] | join('.') }}" +certificate_path: "{{ [certificate_dir, certificate_name] | path_join }}" +certificate_privatekey_name: "{{ [external_url_hostname, 'key'] | join('.') }}" +certificate_privatekey_path: "{{ [certificate_dir, certificate_privatekey_name] | path_join }}" +letsencrypt_privatekey_name: letsencrypt_account_private_key.pem +letsencrypt_privatekey_path: "{{ [certificate_dir, letsencrypt_privatekey_name] | path_join }}" diff --git a/examples/pulumi/gitlab-omnibus-on-aws-ec2/.env b/examples/pulumi/gitlab-omnibus-on-aws-ec2/.env new file mode 100644 index 0000000..aeac765 --- /dev/null +++ b/examples/pulumi/gitlab-omnibus-on-aws-ec2/.env @@ -0,0 +1 @@ +export PULUMI_CONFIG_PASSPHRASE=test123 diff --git a/examples/pulumi/gitlab-omnibus-on-aws-ec2/.env.fish b/examples/pulumi/gitlab-omnibus-on-aws-ec2/.env.fish new file mode 100644 index 0000000..4b6b65a --- /dev/null +++ b/examples/pulumi/gitlab-omnibus-on-aws-ec2/.env.fish @@ -0,0 +1 @@ +set -x 'PULUMI_CONFIG_PASSPHRASE' 'test123' diff --git a/examples/pulumi/gitlab-omnibus-on-aws-ec2/ansible-playbook.yml b/examples/pulumi/gitlab-omnibus-on-aws-ec2/ansible-playbook.yml index d1f5d62..aab5e6c 100644 --- a/examples/pulumi/gitlab-omnibus-on-aws-ec2/ansible-playbook.yml +++ b/examples/pulumi/gitlab-omnibus-on-aws-ec2/ansible-playbook.yml @@ -35,7 +35,7 @@ - vim notify: "Start AWS' SSM agent" roles: - - role: ansible-role-gitlab-omnibus-on-ec2 + - role: ../../ansible/role.gitlab-omnibus-on-ec2 vars: external_url: 'https://gitlab.company.com' # initial_password: null diff --git a/examples/pulumi/gitlab-omnibus-on-aws-ec2/ansible-role-gitlab-omnibus-on-ec2/defaults/main.yml b/examples/pulumi/gitlab-omnibus-on-aws-ec2/ansible-role-gitlab-omnibus-on-ec2/defaults/main.yml deleted file mode 100644 index 4a99305..0000000 --- a/examples/pulumi/gitlab-omnibus-on-aws-ec2/ansible-role-gitlab-omnibus-on-ec2/defaults/main.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- - -install_method: omnibus - -external_url: https://{{ ansible_fqdn }} -initial_password: null -letsencrypt_enabled: false diff --git a/examples/pulumi/gitlab-omnibus-on-aws-ec2/ansible-role-gitlab-omnibus-on-ec2/tasks/configure/omnibus.yml b/examples/pulumi/gitlab-omnibus-on-aws-ec2/ansible-role-gitlab-omnibus-on-ec2/tasks/configure/omnibus.yml deleted file mode 100644 index 7b09b76..0000000 --- a/examples/pulumi/gitlab-omnibus-on-aws-ec2/ansible-role-gitlab-omnibus-on-ec2/tasks/configure/omnibus.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- - -- name: Create the configuration file - become: true - ansible.builtin.template: - src: gitlab.rb.j2 - dest: /etc/gitlab/gitlab.rb - owner: root - group: root - mode: u=rw,g=,o= - backup: true - register: config_file - notify: - - "Validate Gitlab's configuration file" - - Reconfigure Gitlab diff --git a/examples/pulumi/gitlab-omnibus-on-aws-ec2/ansible-role-gitlab-omnibus-on-ec2/tasks/install/omnibus.yml b/examples/pulumi/gitlab-omnibus-on-aws-ec2/ansible-role-gitlab-omnibus-on-ec2/tasks/install/omnibus.yml deleted file mode 100644 index c1be69b..0000000 --- a/examples/pulumi/gitlab-omnibus-on-aws-ec2/ansible-role-gitlab-omnibus-on-ec2/tasks/install/omnibus.yml +++ /dev/null @@ -1,93 +0,0 @@ ---- - -# Follow 'https://about.gitlab.com/install/#amazonlinux-2023'. - -- name: Add Gitlab's repositories - tags: - - repo - - repository - - repositories - become: true - block: - # Refer 'files/gitlab_gitlab-ee.repo'. - - name: Add Gitlab's package repository - ansible.builtin.yum_repository: - name: gitlab-ee - description: gitlab-ee - baseurl: https://packages.gitlab.com/gitlab/gitlab-ee/amazon/2023/$basearch - repo_gpgcheck: true - gpgcheck: true - gpgkey: |- - https://packages.gitlab.com/gitlab/gitlab-ee/gpgkey - https://packages.gitlab.com/gitlab/gitlab-ee/gpgkey/gitlab-gitlab-ee-3D645A26AB9FBD22.pub.gpg - sslverify: true - sslcacert: /etc/pki/tls/certs/ca-bundle.crt - metadata_expire: 300 - - name: Add Gitlab's sources repository - ansible.builtin.yum_repository: - name: gitlab-ee-source - description: gitlab-ee-source - baseurl: https://packages.gitlab.com/gitlab/gitlab-ee/amazon/2023/SRPMS - repo_gpgcheck: true - gpgcheck: true - gpgkey: |- - https://packages.gitlab.com/gitlab/gitlab-ee/gpgkey - https://packages.gitlab.com/gitlab/gitlab-ee/gpgkey/gitlab-gitlab-ee-3D645A26AB9FBD22.pub.gpg - sslverify: true - sslcacert: /etc/pki/tls/certs/ca-bundle.crt - metadata_expire: 300 - -- name: Install Gitlab's omnibus package - tags: - - package - become: true - environment: - EXTERNAL_URL: "{{ external_url }}" - GITLAB_ROOT_PASSWORD: "{{ initial_password | ternary(initial_password, omit, omit) }}" - ansible.builtin.package: - name: gitlab-ee - -- name: Print the administrator's credentials - tags: - - credentials - - password - block: - - name: Check whether the auto-generated administrator's initial password file exists - ansible.builtin.stat: - path: /etc/gitlab/initial_root_password - register: initial_password_file_stat - - name: Recover the auto-generated administrator's initial password - block: - - name: Recover the password from the initial password file - when: initial_password_file_stat.stat.exists - block: - - name: Read the initial password file - become: true - ansible.builtin.slurp: - src: /etc/gitlab/initial_root_password - register: initial_password_file - - name: Save the initial login credentials - ansible.builtin.set_fact: - initial_password: |- - {{ - initial_password_file['content'] - | b64decode - | regex_findall('Password: .*') - | first - | split(': ') - | last - }} - - name: Report that the password is not available anymore - when: not initial_password_file_stat.stat.exists - ansible.builtin.set_fact: - initial_password: NOT_AVAILABLE_ANYMORE - - name: Print the administrator's credentials - ansible.builtin.debug: - msg: >- - {{ - dict([ - [ 'URL', external_url ], - [ 'Username', 'root' ], - [ 'Initial Password', initial_password ] - ]) - }} diff --git a/examples/pulumi/gitlab-omnibus-on-aws-ec2/ansible-role-gitlab-omnibus-on-ec2/vars/main.yml b/examples/pulumi/gitlab-omnibus-on-aws-ec2/ansible-role-gitlab-omnibus-on-ec2/vars/main.yml deleted file mode 100644 index ac33e9e..0000000 --- a/examples/pulumi/gitlab-omnibus-on-aws-ec2/ansible-role-gitlab-omnibus-on-ec2/vars/main.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- - -external_url_hostname: "{{ external_url | ansible.builtin.urlsplit('hostname') }}" -external_url_scheme: "{{ external_url | ansible.builtin.urlsplit('scheme') }}" -supported_external_url_schemes: - - http - - https - -supported_install_methods: - - omnibus