Skip to content

Commit

Permalink
Merge pull request #1540 from SvenDowideit/docker-config-and-secrets-…
Browse files Browse the repository at this point in the history
…file-env

Add Docker Swarm config file, and Swarm & compose config file support
  • Loading branch information
solidnerd authored May 26, 2018
2 parents c0efa51 + 474fe9f commit 8b638b3
Show file tree
Hide file tree
Showing 6 changed files with 199 additions and 2 deletions.
1 change: 0 additions & 1 deletion .gitignore
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
*.gem
*.tar.gz

docker-compose.yml
14 changes: 13 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -803,7 +803,8 @@ These options should contain something like:

### Available Configuration Parameters

*Please refer the docker run command options for the `--env-file` flag where you can specify all required environment variables in a single file. This will save you from writing a potentially long docker run command. Alternatively you can use docker-compose.*
*Please refer the docker run command options for the `--env-file` flag where you can specify all required environment variables in a single file. This will save you from writing a potentially long docker run command. Alternatively you can use docker-compose. docker-compose users and Docker Swarm mode users can also use the [secrets and config file options](#docker-secrets-and-configs)*


Below is the complete list of available options that can be used to customize your gitlab installation.

Expand Down Expand Up @@ -1078,6 +1079,17 @@ Below is the complete list of available options that can be used to customize yo
| `RACK_ATTACK_BANTIME` | Number of seconds an IP should be banned after too many auth attempts. Defaults to `3600`. |
| `GITLAB_WORKHORSE_TIMEOUT` | Timeout for gitlab workhorse http proxy. Defaults to `5m0s`. |

### Docker secrets and configs

All the above environment variables can be put into a [secrets](https://docs.docker.com/compose/compose-file/#secrets) or [config](https://docs.docker.com/compose/compose-file/#configs) file
and then both docker-compose and Docker Swarm can import them into your gitlab container.

On startup, the gitlab container will source env vars from a config file labeled `gitlab-config`, and then a secrets file labeled `gitlab-secrets` (both mounted in the default locations).

See the exmample `config/docker-swarm/docker-compose.yml` file, and the example `gitlab.config` and `gitlab.secrets` file.

If you're not using one of these files, then don't include its entry in the docker-compose file.

# Maintenance

## Creating backups
Expand Down
8 changes: 8 additions & 0 deletions assets/runtime/functions
Original file line number Diff line number Diff line change
@@ -1,5 +1,13 @@
#!/bin/bash
set -e

for file in /gitlab-configs /run/secrets/gitlab-secrets; do
if [[ -e "$file" ]]; then
echo "Loading $file"
source "$file"
fi
done
echo "Loading ${GITLAB_RUNTIME_DIR}/env-defaults"
source ${GITLAB_RUNTIME_DIR}/env-defaults

SYSCONF_TEMPLATES_DIR="${GITLAB_RUNTIME_DIR}/config"
Expand Down
162 changes: 162 additions & 0 deletions contrib/docker-swarm/docker-compose.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,162 @@
version: '3.4'

services:
redis:
restart: always
image: sameersbn/redis:latest
command:
- --loglevel warning
volumes:
- /srv/docker/gitlab/redis:/var/lib/redis:Z

postgresql:
restart: always
image: sameersbn/postgresql:9.6-2
volumes:
- /srv/docker/gitlab/postgresql:/var/lib/postgresql:Z
environment:
- DB_USER=gitlab
- DB_PASS=password
- DB_NAME=gitlabhq_production
- DB_EXTENSION=pg_trgm

gitlab:
restart: always
image: sameersbn/gitlab:10.7.2
depends_on:
- redis
- postgresql
ports:
- "10080:80"
- "10022:22"
volumes:
- /srv/docker/gitlab/gitlab:/home/git/data:Z
configs:
- gitlab-configs
secrets:
- gitlab-secrets
environment:
- DEBUG=false

- DB_ADAPTER=postgresql
- DB_HOST=postgresql
- DB_PORT=5432
- DB_USER=gitlab
- DB_PASS=password
- DB_NAME=gitlabhq_production

- REDIS_HOST=redis
- REDIS_PORT=6379

- TZ=Asia/Kolkata
- GITLAB_TIMEZONE=Kolkata

- GITLAB_HTTPS=false
- SSL_SELF_SIGNED=false

- GITLAB_HOST=localhost
- GITLAB_PORT=10080
- GITLAB_SSH_PORT=10022
- GITLAB_RELATIVE_URL_ROOT=
- GITLAB_SECRETS_DB_KEY_BASE=long-and-random-alphanumeric-string
- GITLAB_SECRETS_SECRET_KEY_BASE=long-and-random-alphanumeric-string
- GITLAB_SECRETS_OTP_KEY_BASE=long-and-random-alphanumeric-string

- GITLAB_ROOT_PASSWORD=
- GITLAB_ROOT_EMAIL=

- GITLAB_NOTIFY_ON_BROKEN_BUILDS=true
- GITLAB_NOTIFY_PUSHER=false

- [email protected]
- [email protected]
- [email protected]

- GITLAB_BACKUP_SCHEDULE=daily
- GITLAB_BACKUP_TIME=01:00

- SMTP_ENABLED=false
- SMTP_DOMAIN=www.example.com
- SMTP_HOST=smtp.gmail.com
- SMTP_PORT=587
- [email protected]
- SMTP_PASS=password
- SMTP_STARTTLS=true
- SMTP_AUTHENTICATION=login

- IMAP_ENABLED=false
- IMAP_HOST=imap.gmail.com
- IMAP_PORT=993
- [email protected]
- IMAP_PASS=password
- IMAP_SSL=true
- IMAP_STARTTLS=false

- OAUTH_ENABLED=false
- OAUTH_AUTO_SIGN_IN_WITH_PROVIDER=
- OAUTH_ALLOW_SSO=
- OAUTH_BLOCK_AUTO_CREATED_USERS=true
- OAUTH_AUTO_LINK_LDAP_USER=false
- OAUTH_AUTO_LINK_SAML_USER=false
- OAUTH_EXTERNAL_PROVIDERS=

- OAUTH_CAS3_LABEL=cas3
- OAUTH_CAS3_SERVER=
- OAUTH_CAS3_DISABLE_SSL_VERIFICATION=false
- OAUTH_CAS3_LOGIN_URL=/cas/login
- OAUTH_CAS3_VALIDATE_URL=/cas/p3/serviceValidate
- OAUTH_CAS3_LOGOUT_URL=/cas/logout

- OAUTH_GOOGLE_API_KEY=
- OAUTH_GOOGLE_APP_SECRET=
- OAUTH_GOOGLE_RESTRICT_DOMAIN=

- OAUTH_FACEBOOK_API_KEY=
- OAUTH_FACEBOOK_APP_SECRET=

- OAUTH_TWITTER_API_KEY=
- OAUTH_TWITTER_APP_SECRET=

- OAUTH_GITHUB_API_KEY=
- OAUTH_GITHUB_APP_SECRET=
- OAUTH_GITHUB_URL=
- OAUTH_GITHUB_VERIFY_SSL=

- OAUTH_GITLAB_API_KEY=
- OAUTH_GITLAB_APP_SECRET=

- OAUTH_BITBUCKET_API_KEY=
- OAUTH_BITBUCKET_APP_SECRET=

- OAUTH_SAML_ASSERTION_CONSUMER_SERVICE_URL=
- OAUTH_SAML_IDP_CERT_FINGERPRINT=
- OAUTH_SAML_IDP_SSO_TARGET_URL=
- OAUTH_SAML_ISSUER=
- OAUTH_SAML_LABEL="Our SAML Provider"
- OAUTH_SAML_NAME_IDENTIFIER_FORMAT=urn:oasis:names:tc:SAML:2.0:nameid-format:transient
- OAUTH_SAML_GROUPS_ATTRIBUTE=
- OAUTH_SAML_EXTERNAL_GROUPS=
- OAUTH_SAML_ATTRIBUTE_STATEMENTS_EMAIL=
- OAUTH_SAML_ATTRIBUTE_STATEMENTS_NAME=
- OAUTH_SAML_ATTRIBUTE_STATEMENTS_FIRST_NAME=
- OAUTH_SAML_ATTRIBUTE_STATEMENTS_LAST_NAME=

- OAUTH_CROWD_SERVER_URL=
- OAUTH_CROWD_APP_NAME=
- OAUTH_CROWD_APP_PASSWORD=

- OAUTH_AUTH0_CLIENT_ID=
- OAUTH_AUTH0_CLIENT_SECRET=
- OAUTH_AUTH0_DOMAIN=

- OAUTH_AZURE_API_KEY=
- OAUTH_AZURE_API_SECRET=
- OAUTH_AZURE_TENANT_ID=

configs:
gitlab-configs:
file: ./gitlab.configs

secrets:
gitlab-secrets:
file: ./gitlab.secrets
3 changes: 3 additions & 0 deletions contrib/docker-swarm/gitlab.config
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
# config file to be sourced on startup - will over-ride any env set in the docker-compose.yml

TEST=none
13 changes: 13 additions & 0 deletions contrib/docker-swarm/gitlab.secret
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
# config file to be sourced on startup - will over-ride any env set in the docker-compose.yml

LDAP_ENABLED=true
LDAP_LABEL="LDAP login"
LDAP_HOST=pool.ldap.example.com
LDAP_PORT=3268
LDAP_BIND_DN=the-ldap
LDAP_PASS=no-not-really
LDAP_BASE=ou=People,dc=example,dc=com
#LDAP_LOWERCASE_USERNAMES=true
##LDAP_USER_FILTER=uid={login}
##LDAP_UID=
#

0 comments on commit 8b638b3

Please sign in to comment.