From 6f5b0fb21dff8bbaba377de064ca0e21af07bbd6 Mon Sep 17 00:00:00 2001 From: jonnybravo Date: Wed, 18 Oct 2023 17:45:48 +0200 Subject: [PATCH] commit message from python script --- gitlab/group_vars/all/main.yml | 9 +-- .../docker_gitlab/files/jenkins_keystore.jks | Bin 4400 -> 0 bytes gitlab/roles/docker_gitlab/files/traefik.yml | 53 ++++++++++++++++++ gitlab/roles/docker_gitlab/tasks/main.yml | 31 ++++++++++ .../templates/docker-compose.yml.j2 | 39 ++++++++++++- 5 files changed, 127 insertions(+), 5 deletions(-) delete mode 100755 gitlab/roles/docker_gitlab/files/jenkins_keystore.jks create mode 100755 gitlab/roles/docker_gitlab/files/traefik.yml diff --git a/gitlab/group_vars/all/main.yml b/gitlab/group_vars/all/main.yml index 878a02c..1b49f28 100755 --- a/gitlab/group_vars/all/main.yml +++ b/gitlab/group_vars/all/main.yml @@ -1,6 +1,7 @@ gitlab_dir: - - "/home/{{ansible_user}}/.gitlab" - - "/home/{{ansible_user}}/.gitlab/config" - - "/home/{{ansible_user}}/.gitlab/log" - - "/home/{{ansible_user}}/.gitlab/data" + - "/home/{{ansible_user}}/.gitlab2" + - "/home/{{ansible_user}}/.gitlab2/config" + - "/home/{{ansible_user}}/.gitlab2/log" + - "/home/{{ansible_user}}/.gitlab2/data" + - "/home/{{ansible_user}}/.gitlab2/cert" diff --git a/gitlab/roles/docker_gitlab/files/jenkins_keystore.jks b/gitlab/roles/docker_gitlab/files/jenkins_keystore.jks deleted file mode 100755 index bc9d81ccfca23b5a19e8ab11ccc5717a31eaa96f..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 4400 zcma)AS2P?9w>6`SGBSGa#vn$Co~WZlbOsr{*AZQGqjwU~q9%+o(W6BRqa}JLL=c4N zLAfDc21=7>n4u^O=#6aZpCF&Z>TfCl0I z(%mpLndJYH$oL7+WZZvg_P@nUbmxDj$jJb}Vl?Ro7@D*L=J?M9AqC6~CjDaApB-ava{~=P`j7u7f#O8Qef%cjFg#nc-Jv# zvy;aMw@7F*7D!=tQq$(}B8)r5LJW_Xvl{eDAViJDYBLm5o1-JZcRQ7Q?*1Gn8tB~@ zHrLKz(EagVZ(sJK%FYjhG8^%VGn(DHzLC{cyUgID|Zv4rK!n)W+$>3Pi1&cEgw0A*qyv$hQ%6(m-ot;E zf{2*ik1OSWkRMm2vGX$Fy}|Bx{lc0WC$~6yVap)JCn(~RX?bV7%XCYwU#adUU(eaY16xE?>M?_6!E8h_lsD>)WDXWZnI z&%+$FFWAh6>@*xMvMsmu7+uUHHw#h4CbXNO6zKhlJy{`=zvn)!Qmmh(5HTno^z$@# z89K`w#W0L>vNly%<^!81=#oTuX?3jthPf5JVxd_=#Bb3;=fT~8aum_dDE?czz{1T8 zobb#TdBfmDJKlWijz}0$68ISEA@!%fN0)Z9IT#yKzf&S!R=}dXgd6A0r<@Zswt4p` zzrB-R)Kj+IES|)fv+eZ;tkQ#uSwXxfsLAvhkw0$NcGD~vDokt8zptf7HNBm@M&`s? z%k(+0rAy&X$HI6{AN9=&^nTyVcXr}{)0LQ7!x&CQyxE`$_TFnGQg19B>G3IaKl`MK z2?SG;4B#?qU}gTW0C+rI{oQ2m9D?~2&_u~m2qLtOTws$8;-oXs!D7$g;x>VYX&*-o%U(owdFV61t%x`Vg_Zq;VS;BQ);6zAe?l>$wRuqmA zTaTrM7>7KwKFMSnwqr;`&M&cSsKzr-6jWo_DwsxGolhP z7O}fm&$#Eso=^s7wD@OL^^EoSU@TMBjolbEBCDj6Ic+Tmf^F7>I3c-2^4Ype>~H0Z zWoN?qE=^(zlEW-nJ?O`yiW^QfV2CY&YwSCa(hP-RO%B$oQLOX&y~Qc<+bL+3%#Vf3 z{)gVbg9Qmc2r&QAw~5bP7uhga%aW5d)*o_iWztBmx(XGq>$V+w>m# zeIaD|YdkY43Q0tRoO)whD!5;DcD-LCk4;z8$iy@j>U64e1Z}8|p{6`gkUGnEvRYYG zSzM&vXEiMnX829E8X=T2(L`^rUg)Vk(jyNOCd|@?7M1ui%u07J@Xo0y?aGO zoyYwPXC98SlFU7i;`X~W&t}-cFYjrA>0+?%H(xv0{WmsVtGwUZdW@F04(raA`RvP{ zxW`u|J;VU7`n>upsk1tkXPEeF%6Qt|m1}XG;V-Rs;Y;x>sX@E!gEM$<{5Pn0G zd2V(~Ekd=JflyIZOX#1C`Lto=0??Gw3EF3Nx3)Yi+ffr7P`AR8FeFKNW857-=)}~2 zmhlN%;D6+plQJ+4F6_P1Hy-fa(He3Za*8OWH1D&tOc<@7u50bYp=2dq_CV^|mgGzF zgjR)GF#N-_>}U6!7roEYLO$;Y;8&t7w!BQ^?>~@_b1S77Mo<;Kmt^YM(b{n^@qE}a z9EG^!qAeAG@7_c|ZvNt+po~hSE2Oqpn0lcQR5;m$z5&yr(;weIl##gQAxF-lx9W^e z7bm|OaR?yi0J@s5lPai~dbpBuRYjy;i1_j$ON-=(vs^2hv>reY@WTZRb2T(JRITEs zp9(OD(Z8O$vC;kAvOz2hxk!@Ja(VrI=8fDmvt8}@ZdK^{FQEcM8{pS#8n9?PYwrBbG(29D#dLgmfp&YL+x4cA6G=uJ_h-tCVpOpK-!gB;Tt{VHwo30w&F zni3@jLWdr|k=&#S55|0^p{0e+65x*l5Kf=nj<^Z(jaSnLBXzs z>yd~*S%>pw)kI8HCS3sBe}Xd@{;c4bsDIc`GPhg$?g^_v0qU?3&@xq%xKl#uN$>Q; zN*@7HEee0(#IL~e6r275_QhpNA0+fNxA?TcQBRK{df98aSYGy+R(mo>fos99eCLk~Q#)+CZsX`(YgQIToWST+$A5 z8xaCX_EDj2aQTt8zWsMOjjU)@%pA*m)g~yx!B;9-8Phxp-ftO_(Rp*%xbUZXT+AJ& z>Hu~nR}CYhj4Inc*ZPyIYn&}<3%T(R5hjKqJ^w6bcBy`wLG0DuDkhE|PR#Z>v;Ou}UpH zT)q+ckjhf~l;Zyr7vGvjYFZQ@fCCd8E3C1~@CY>FQMF}}xR_FQTHY%8g*B;~uckj( ztSmIUJ-O=sJowwZyOtltaaabc>{?yPg8C`s8 zO5TDtm;RzJAB2^T-RCQNC}!yhEvQxOAr@425>?IbJ)_)C&wZw}`tE@hnv?cx;vR+Y zCtN=~$*vo&SY=&*-L>$RoEv%O29J#D`0PIh=YV@vi2_;hWtiTi_`e~p#48(9wHXF`Q=+M3COX$wZ-0*kG@XxX zBG<2)i8WZ*d_cW>$Z4^`5#-06!_5M2|DggnU3=pT^{@5;p|7fiLO$7gbG*-?%~~IS z;d6MP_#uNZoV&3g&;TCuZ4<+9BEgJe0NA}2Iw1zqb|E!2=Jn`p$755|I;GD6{ZP81SiH;R1A~aeC$R$0m+>O~&gmafXXiXP=$F zu&@$ISXcW;^B6y4p)*VyGPTLiLVVB@)xUV#!P-!+y z@Zc#~$9#ov7406Jj9WhmZz{a=lh}fe{yqNBkidwYn$uWlp%5_JG{fHsM#+s*w`=C=A4*=_sJGs@$ZLM@YwR!F2coAOhYOEGRR#Q}`<;jd(8 zbDAHPD`xquWr1ttNos|N1#0vjB{O^N!h5*nYU$T41f&5L;`F`|*66N*I4rdN518E?z0JnvXwZ=ok_9;F zTQuN3ebs{i7K3Ld*xe_A%SU||ozVe|$-h4p4h2x zwms9&#F@*UPp|w+F}P{{gKXb|#`K-b6l;o`R}hmeciqc(F*v2tarzdr&-|WEKk8Kr z(yWEqn?zl_bem&0JtZ{FRE+4Jg~3g9Ci3Hb9qEUIZ9SAV>8~bs4erE$shfeJjFWG^ zg%{rat_P1!h;HUn&^P{KU1`r3)g~i+9zUTG*4X73K;HO<2!08psjXSy#QX?d=dEGD zJcZY*P@bfMl-@+L`yONo4QUNYFa*A|cjyyv1;f4Tdr1Z=e#jNb>k?!5x;(h7xL-~l z7O?FQ%=N{+jDI-!t@6pnV~?f1qf8@w#jBO$vLvd>F}<~>Ko9ax;%JTXJC?MV*}iCc zVl#g>OwE8|$Vf#qY1Yqb-SM-6rtKQnKsx?uq=f28601p-f7upocx6Ze33MaXh!5T( zv{BbZGjMz!qswuy7tZ8=st#p-y=i^Gffs0QQH&p4#1V8iY7T2!$|R)KmKsEZ*fNb+ zm|Pcuu`s3JE_%ob&73Kou&s-q8lG12<28g^1T%dTBGj2rmSJ6+QBfuQ_ED2CB1%2- z{%htGDI!tPz%uy&KeEcj&ZSdL^?+$>Si%Q={Ixw)iq*lRHF5JZKo(J4 zfi}ozBxu;psN;c6SHmX*cOOTp;zscNU^aQ92*ft5j586{4_ZZvVCOeR&{Qc?lkR+8 z5{x5{hZdU%^WR1N3@}HP`(uV%x7G5^cu@6YhDsxjx90RXLj{6!I-#WuqcQ8nD!sUw zaRx1@0fWUxZtT`2_H$t`I2yr`T<71Itp0PSSgpDwU58*bW&0t|5-;N7Nl~2nagKwg zGcApm^1PuF|Lm}GtWb!DS6c(VB|!=Eluaz8`-qSXnSLf0f-OQ>4x?uvSUZj*y7OdBQ& zqxk2G00a=?5pbwUU$NZ?HJI4bG006^vybn#cHBqd_73KEF3?sglFS4&&WpL8h*ujV U&#~Qx%qyV2u<~=6|2jGU0n#-JMF0Q* diff --git a/gitlab/roles/docker_gitlab/files/traefik.yml b/gitlab/roles/docker_gitlab/files/traefik.yml new file mode 100755 index 0000000..6afdd52 --- /dev/null +++ b/gitlab/roles/docker_gitlab/files/traefik.yml @@ -0,0 +1,53 @@ +global: + checkNewVersion: true + sendAnonymousUsage: false + +log: + level: DEBUG + +accessLog: + filePath: "/certs/access.log" + format: json + +entryPoints: + web: + address: ":80" + websecure: + address: ":443" +providers: + docker: + endpoint: "unix:///var/run/docker.sock" + exposedByDefault: false + file: + filename: /etc/traefik/traefik.yml # THIS IS THE IMPORTANT PART + watch: true + +api: + dashboard: true +# insecure: true + +http: + routers: + middlewares: + redirect: + redirectScheme: + scheme: https + +tls: + stores: + default: + defaultCertificate: + certFile: "/certs/gitlab.cer" + keyFile: "/certs/gitlab.key" + certificates: + - certFile: "/certs/gitlab.cer" + keyFile: "/certs/gitlab.key" + options: + myTLSOptions: + minVersion: versionTLS13 + cipherSuites: + - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 + - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 + - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 + - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 diff --git a/gitlab/roles/docker_gitlab/tasks/main.yml b/gitlab/roles/docker_gitlab/tasks/main.yml index 77aa4e3..e33e5d9 100755 --- a/gitlab/roles/docker_gitlab/tasks/main.yml +++ b/gitlab/roles/docker_gitlab/tasks/main.yml @@ -7,6 +7,37 @@ group: "{{ansible_user}}" mode: 0777 +- name: Copy traefik Config + copy: + src: traefik.yml + dest: "{{gitlab_dir[0]}}/traefik.yml" + owner: "{{ansible_user}}" + group: "{{ansible_user}}" + mode: 0777 + +- name: Generate an OpenSSL private key with the default values (4096 bits, RSA) + openssl_privatekey: + path: "{{gitlab_dir[4]}}/gitlab.key" + +- name: Generate an OpenSSL Certificate Signing Request + openssl_csr: + path: "{{gitlab_dir[4]}}/gitlab.csr" + privatekey_path: "{{gitlab_dir[4]}}/gitlab.key" + common_name: gitlab.man-dan-03 + subject_alt_name: "{{ item.value | map('regex_replace', '^', 'DNS:') | list }}" + with_dict: + dns_server: + #- j337114.servers.jiffybox.net + #- "{{ansible_hostname}}" + - "man-dan-03" + +- name: Generate a Self Signed OpenSSL certificate + openssl_certificate: + path: "{{gitlab_dir[4]}}/gitlab.cer" + privatekey_path: "{{gitlab_dir[4]}}/gitlab.key" + csr_path: "{{gitlab_dir[4]}}/gitlab.csr" + provider: selfsigned + #- name: deploy Docker Compose stack # docker_compose: # project_src: "{{jenkins_dir[0]}}" diff --git a/gitlab/roles/docker_gitlab/templates/docker-compose.yml.j2 b/gitlab/roles/docker_gitlab/templates/docker-compose.yml.j2 index d49c1a2..423b536 100755 --- a/gitlab/roles/docker_gitlab/templates/docker-compose.yml.j2 +++ b/gitlab/roles/docker_gitlab/templates/docker-compose.yml.j2 @@ -1,5 +1,37 @@ version: '3.8' services: + traefik: + image: traefik:latest + command: + - "--api=true" + - "--api.dashboard=true" + - "--log.level=DEBUG" + - "--providers.docker=true" + - "--providers.docker.exposedbydefault=false" + - "--providers.docker.network=web" + - "--entrypoints.web.address=:80" + - "--entrypoints.websecure.address=:443" + # - "--certificatesresolvers.myresolver.acme.httpchallenge=true" + # - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web" + # für Testzwecke geeignet, da Let's Encrypt "rate limiting" einsetzt + # - "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory" + # - "--certificatesresolvers.myresolver.acme.email=webmaster@example.net" + # - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json" + labels: + - "traefik.enable=true" + - traefik.http.routers.api.rule=Host("traefik.{{ansible_hostname}}") + - "traefik.http.routers.api.service=api@internal" + - "traefik.http.routers.api.middlewares=auth" + - "traefik.http.middlewares.auth.basicauth.users=JonnyBravo:$$apr1$$sl3.va5H$$DwEAtzKda4XA6lypIZ/271" + - "traefik.http.routers.api.entrypoints=websecure" + - "traefik.http.routers.api.tls=true" + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - {{gitlab_dir[0]}}/traefik.yml:/etc/traefik/traefik.yml + - {{gitlab_dir[4]}}:/certs + ports: + - 80:80 + - 443:443 web: image: 'gitlab/gitlab-ce:latest' restart: always @@ -9,11 +41,16 @@ services: GITLAB_OMNIBUS_CONFIG: | external_url 'http://{{ansible_host}}:{{web_port}}' gitlab_rails['gitlab_shell_ssh_port'] = {{ssh_port}} + nginx['listen_port'] = 80 ports: - - '{{web_port}}:8929' - '{{ssh_port}}:22' volumes: - '{{gitlab_dir[1]}}:/etc/gitlab' - '{{gitlab_dir[2]}}:/var/log/gitlab' - '{{gitlab_dir[3]}}:/var/opt/gitlab' + labels: + - "traefik.enable=true" + - traefik.http.routers.wordpress.rule=Host("gitlab.{{ansible_hostname}}") + - "traefik.http.routers.wordpress.entrypoints=websecure" + - "traefik.http.routers.wordpress.tls=true" shm_size: '{{shm_size}}' \ No newline at end of file