Deploy gitea with docker-compose

This deploys a shared-nothing gitea server using docker-compose.
It includes a mariadb server.

Change-Id: I58aff016c7108c69dfc5f2ebd46667c4117ba5da
This commit is contained in:
James E. Blair 2019-02-15 15:18:15 -08:00
parent 232f739e5d
commit 67cda2c7df
11 changed files with 378 additions and 5 deletions

View File

@ -500,6 +500,30 @@
- playbooks/roles/registry/
- testinfra/test_registry.py
- job:
name: system-config-run-gitea
parent: system-config-run
description: |
Run the playbook for the gitea servers.
nodeset:
nodes:
- name: bridge.openstack.org
label: ubuntu-bionic
- name: gitea01.opendev.org
label: ubuntu-bionic
host-vars:
gitea01.opendev.org:
host_copy_output:
'/var/gitea/conf': logs
'/var/gitea/certs': logs
'/var/gitea/logs': logs
files:
- .zuul.yaml
- playbooks/group_vars/gitea.yaml
- playbooks/zuul/templates/group_vars/gitea.yaml.j2
- playbooks/roles/gitea/
- testinfra/test_gitea.py
- job:
name: infra-prod-playbook
description: |
@ -549,6 +573,7 @@
- system-config-run-nodepool
- system-config-run-docker
- system-config-run-docker-registry
- system-config-run-gitea
- system-config-build-image-jinja-init
- system-config-build-image-gitea-init
- system-config-build-image-gitea
@ -568,6 +593,7 @@
- system-config-run-nodepool
- system-config-run-docker
- system-config-run-docker-registry
- system-config-run-gitea
- system-config-upload-image-jinja-init
- system-config-upload-image-gitea-init
- system-config-upload-image-gitea

View File

@ -44,8 +44,8 @@ groups:
- etherpad[0-9]*.open*.org
- files[0-9]*.open*.org
- firehose[0-9]*.open*.org
- git.open*.org
- git[0-9]*.open*.org
- git.openstack.org
- git[0-9]*.openstack.org
- grafana[0-9]*.open*.org
- graphite[0-9]*.open*.org
- groups-dev[0-9]*.open*.org
@ -83,9 +83,11 @@ groups:
- review-dev[0-9]*.open*.org
- review[0-9]*.open*.org
git-loadbalancer:
- git.open*.org
- git.openstack.org
git-server:
- git[0-9]*.open*.org
- git[0-9]*.openstack.org
gitea:
- gitea[0-9]*.opendev.org
grafana:
- grafana[0-9]*.open*.org
graphite:
@ -140,7 +142,8 @@ groups:
- etherpad[0-9]*.open*.org
- files[0-9]*.open*.org
- firehose[0-9]*.open*.org
- git*.open*.org
- git[0-9]*.openstack.org
- git.openstack.org
- grafana[0-9]*.open*.org
- graphite*.open*.org
- groups-dev*.open*.org

View File

@ -73,3 +73,9 @@
roles:
- install-docker
- registry
- hosts: "gitea:!disabled"
name: "Base: configure gitea"
roles:
- install-docker
- gitea

View File

@ -0,0 +1,2 @@
gitea_root_email: infra-root@openstack.org
gitea_gerrit_public_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVuhTMAz1H2Jr9AC3py9A0vlNna6Sdt4yrvZOayxukPqQ7GPZd+Mo7MVyypxLD479N2mA09JAdsbq1eTiPP8ksEkB+dNxZzw8mY1653R/IXSW6J9xPcoDa88HF2s/xHN24IWzgiDjNNe79AQ+sKleByEQZ++xXny3MRpy258hKUvAtjjOLOnM1PBs8JNOzBL+UPgWRgSX6GG0qywJZqjD1Qx5kvH9RTRLi+tcMhEi4laN7BYvn4csY0sYzTzPG4ZTu3ootIJoRlQGtQ0LmoFO1vSwyEJUags6/ZZGjgy3jl3kwcU/b8ZnFlF4MDw1OB1QqMb4r6bMHbXNIupp4zJbz gerrit-replication-2014-04-25

View File

@ -0,0 +1 @@
Install, configure, and run Gitea.

View File

@ -0,0 +1,121 @@
- name: Ensure docker-compose directory exists
file:
state: directory
path: /etc/gitea-docker
mode: 0700
- name: Write docker-compose file
template:
src: docker-compose.yaml.j2
dest: /etc/gitea-docker/docker-compose.yaml
mode: 0600
- name: Ensure gitea volume directories exists
file:
state: directory
path: "/var/gitea/{{ item }}"
owner: 1000
group: 1000
loop:
- conf
- data
- logs
- certs
- db
- name: Write TLS private key
copy:
content: "{{ gitea_tls_key }}"
dest: /var/gitea/certs/key.pem
- name: Write TLS certificate
copy:
content: "{{ gitea_tls_cert }}"
dest: /var/gitea/certs/cert.pem
- name: Write app.ini
template:
src: app.ini.j2
dest: /var/gitea/conf/app.ini
- name: Install docker-compose
package:
name:
- docker-compose
state: present
- name: Run docker-compose up
shell:
cmd: docker-compose up -d
chdir: /etc/gitea-docker/
- name: Check if root user exists
uri:
url: "https://localhost/api/v1/users/root"
validate_certs: false
status_code: 200, 404
register: root_user_check
delay: 1
retries: 300
until: root_user_check and root_user_check.status in (200, 404)
- name: Create root user
when: root_user_check.status==404
block:
- name: Create root user
command: "docker exec -t giteadocker_gitea-web_1 gitea admin create-user --name root --password {{ gitea_root_password }} --email {{ gitea_root_email }} --admin"
no_log: true
- name: Check if gerrit user exists
uri:
url: "https://localhost/api/v1/users/gerrit"
validate_certs: false
status_code: 200, 404
register: gerrit_user_check
- name: Create gerrit user
when: gerrit_user_check.status==404
no_log: true
uri:
url: "https://localhost/api/v1/admin/users"
validate_certs: false
method: POST
user: root
password: "{{ gitea_root_password }}"
force_basic_auth: true
status_code: 201
body_format: json
body:
email: "gerrit@review.opendev.org"
full_name: Gerrit
login_name: gerrit
password: "{{ gitea_gerrit_password }}"
send_notify: false
source_id: 0
username: gerrit
- name: Check if gerrit ssh key exists
uri:
user: root
password: "{{ gitea_root_password }}"
force_basic_auth: true
url: "https://localhost/api/v1/users/gerrit/keys"
validate_certs: false
status_code: 200
register: gerrit_key_check
no_log: true
- name: Delete old gerrit ssh key
when: gerrit_key_check.json | length > 0 and gerrit_key_check.json[0].key != gitea_gerrit_public_key
no_log: true
uri:
user: root
password: "{{ gitea_root_password }}"
force_basic_auth: true
url: "https://localhost/api/v1/user/keys/{{ gerrit_key_check.json[0].id }}"
validate_certs: false
method: DELETE
status_code: 204
- name: Add gerrit ssh key
when: gerrit_key_check.json | length == 0
no_log: true
uri:
user: root
password: "{{ gitea_root_password }}"
force_basic_auth: true
url: "https://localhost/api/v1/admin/users/gerrit/keys"
validate_certs: false
method: POST
status_code: 201
body_format: json
body:
key: "{{ gitea_gerrit_public_key }}"
read_only: false
title: "Gerrit replication key"

View File

@ -0,0 +1,87 @@
APP_NAME = OpenDev: Free Software Needs Free Tools
RUN_MODE = prod
RUN_USER = git
[server]
APP_DATA_PATH = /data/gitea
SSH_DOMAIN = localhost
PROTOCOL = https
HTTP_PORT = 3000
ROOT_URL = https://opendev.org/
DISABLE_SSH = false
SSH_PORT = 22
LFS_CONTENT_PATH = /data/git/lfs
DOMAIN = localhost
LFS_START_SERVER = true
LFS_JWT_SECRET = {{ gitea_lfs_jwt_secret }}
OFFLINE_MODE = false
CERT_FILE = /certs/cert.pem
KEY_FILE = /certs/key.pem
REDIRECT_OTHER_PORT = true
PORT_TO_REDIRECT = 3080
LOCAL_ROOT_URL = https://gitea-web:3000/
[database]
DB_TYPE = mysql
HOST = mariadb:3306
NAME = gitea
USER = {{ gitea_db_username }}
PASSWD = {{ gitea_db_password }}
SSL_MODE = disable
LOG_SQL = false
[repository]
ROOT = /data/git/repositories
[indexer]
ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve
REPO_INDEXER_ENABLED = true
[session]
PROVIDER_CONFIG = /data/gitea/sessions
PROVIDER = file
[picture]
AVATAR_UPLOAD_PATH = /data/gitea/avatars
DISABLE_GRAVATAR = false
ENABLE_FEDERATED_AVATAR = true
[attachment]
PATH = /data/gitea/attachments
[log]
ROOT_PATH = /logs
LEVEL = Info
[security]
INSTALL_LOCK = true
SECRET_KEY = {{ gitea_secret_key }}
INTERNAL_TOKEN = {{ gitea_internal_token }}
[service]
DISABLE_REGISTRATION = true
REQUIRE_SIGNIN_VIEW = false
REGISTER_EMAIL_CONFIRM = false
ENABLE_NOTIFY_MAIL = false
ALLOW_ONLY_EXTERNAL_REGISTRATION = false
ENABLE_CAPTCHA = false
DEFAULT_KEEP_EMAIL_PRIVATE = false
DEFAULT_ALLOW_CREATE_ORGANIZATION = true
DEFAULT_ENABLE_TIMETRACKING = true
NO_REPLY_ADDRESS = noreply.example.org
[mailer]
ENABLED = false
[openid]
ENABLE_OPENID_SIGNIN = true
ENABLE_OPENID_SIGNUP = true
[markup.pandoc]
ENABLED = true
; List of file extensions that should be rendered by an external command
FILE_EXTENSIONS = .rst
; External command to render all matching extensions
RENDER_COMMAND = "/usr/bin/pandoc -f rst"
; Input is not a standard input but a file
IS_INPUT_FILE = false

View File

@ -0,0 +1,42 @@
# Version 2 is the latest that is supported by docker-compose in
# Ubuntu Xenial.
version: '2'
services:
mariadb:
image: mariadb
restart: always
environment:
MYSQL_ROOT_PASSWORD: "{{ gitea_root_db_password }}"
MYSQL_DATABASE: gitea
MYSQL_USER: "{{ gitea_db_username }}"
MYSQL_PASSWORD: "{{ gitea_db_password }}"
volumes:
- /var/gitea/db:/var/lib/mysql
gitea-web:
depends_on:
- mariadb
image: opendevorg/gitea:latest
restart: always
environment:
- USER_UID=1000
- USER_GID=1000
volumes:
- /var/gitea/data:/data
- /var/gitea/conf:/custom/conf
- /var/gitea/logs:/logs
- /var/gitea/certs:/certs
ports:
- "443:3000"
- "80:3080"
gitea-ssh:
depends_on:
- mariadb
image: opendevorg/gitea-openssh
restart: always
ports:
- "222:22"
volumes:
- /var/gitea/data:/data
- /var/gitea/conf:/custom/conf
- /var/gitea/logs:/logs

View File

@ -62,6 +62,7 @@
- group_vars/nodepool.yaml
- group_vars/ns.yaml
- group_vars/registry.yaml
- group_vars/gitea.yaml
- host_vars/bridge.openstack.org.yaml
- name: Display group membership
command: ansible localhost -m debug -a 'var=groups'

View File

@ -0,0 +1,59 @@
gitea_secret_key: zcHsCZsYrOUrQd24nlJS9xRCwek3uzp8X5OFQGJox4jkEbuIyeJoxtv7n00uV6Tp
gitea_internal_token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE1NTAyNjk3ODV9.QaommLldgEJr9E26VrPp7l7gKo3zpywTM9botpVoyqc
gitea_lfs_jwt_secret: qzeNfUus9JJ15eJZwpSlU3P5Ca62Oei3NrjVbb97mdI
gitea_root_db_password: TlG1lNXKLfruXN0j
gitea_db_username: gitea
gitea_db_password: 5bfuOBKtltff0XZX
gitea_root_password: BUbBcpToMwR05ZCB
gitea_gerrit_password: yVpMWIUIvT7f6NwA
gitea_tls_cert: |
-----BEGIN CERTIFICATE-----
MIIDXTCCAkWgAwIBAgIJANOV6XqCusL0MA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV
BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
aWRnaXRzIFB0eSBMdGQwHhcNMTkwMjE1MjIwNjI0WhcNMTkwMzE3MjIwNjI0WjBF
MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50
ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAvXpjO7ViMSG5IuSi7Y76wGUML2WpVyjGKeJur2BQkQQwy+5daUAwM0sr
sSa31IDya9hlDetQpLFE1QPFrwkNe2MT9+V/vIJJDoRbt2Tgrzj1ZL/DSws1FikF
L7vI8Je0Hb4Ylhd66xeuoz3jQW6ky9huJi8ZEkc4DNa1ehkyZd2nUXsu5DizQEU6
b+I5LneikWPrMSNOMSw3BrC9P6j9X8/j2Txpmkww3sC+TegsQKQSNTBvz8HUM6m6
OlT/yezjkNCDd/HHR49veMiOgvwJK6ZVGXl7Pg/tb+piXlI4lrXD0tjzEY+4jPJW
6m55r3l+yFvVoomStAjc7mDDnYul+wIDAQABo1AwTjAdBgNVHQ4EFgQUbVQz03pc
RO167fYlsXNtSFPP7oYwHwYDVR0jBBgwFoAUbVQz03pcRO167fYlsXNtSFPP7oYw
DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAQV+91n6+Wb4kj3byEJL9
X75geYQ7oz2HgWyJ8EB/cfxhZDxe4AqaTOnTsz2hf+QLh46wnc1Kkwn6REtq2izn
uLRYQJ1RklhGFMNEanweMwwVOcqsclFzX/u5dDl6jGaVaz2G/chvhPScmqoZGc9u
4K0DE5kQTHwYwyBSuOmZ0K+zlEzTaXt5Uadc8OpQ8Axx8sR9yhb5mDq2To6jBjU3
aT8Nwcpc2QchAA/dlJFfqm9YHCjcqtPdBuNrsRHP3FABr8OlmNTx3hm6ox7Zhijx
ROGRUmwjV78T87Z1gF5cpBEUj5BgiyMyoaK5HjWg9HJfPolul20PN88o+n17hkK8
lw==
-----END CERTIFICATE-----
gitea_tls_key: |
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC9emM7tWIxIbki
5KLtjvrAZQwvZalXKMYp4m6vYFCRBDDL7l1pQDAzSyuxJrfUgPJr2GUN61CksUTV
A8WvCQ17YxP35X+8gkkOhFu3ZOCvOPVkv8NLCzUWKQUvu8jwl7QdvhiWF3rrF66j
PeNBbqTL2G4mLxkSRzgM1rV6GTJl3adRey7kOLNARTpv4jkud6KRY+sxI04xLDcG
sL0/qP1fz+PZPGmaTDDewL5N6CxApBI1MG/PwdQzqbo6VP/J7OOQ0IN38cdHj294
yI6C/AkrplUZeXs+D+1v6mJeUjiWtcPS2PMRj7iM8lbqbnmveX7IW9WiiZK0CNzu
YMOdi6X7AgMBAAECggEBAJcQLnF6KTD2q/3vvx4a8jvV1CMtsBb3QRY/mvNjnJgh
eS39eqfhLwyWD92K+uEHdT8aJWc1hvPnCPOzsDXex8rpsQ/g/zgxv0E9sUnDuYa5
qJuMb40zAD4Msj/ePVPj/wv/dOalDbDFDszDGJ4gMm76vMbgoeJ6uWsy+zi/QfkH
oI36pUnk165oGQtLVljKhclVpFcdno+E1LhrGpTgkHHNgx7P3J0mpsmjhIuQy9qk
Ugp9sPdvevgiduLW3qAWurn0lbQ1xcXt+BrGsqEU9m5wY6r4RLdqvHqfwgRCNOAC
blfXLacvh48Hpic4/LzXZmif83F6ntK4gierOp7aq+ECgYEA7ieBsvG5Dz2IasSu
n/1cNv7OtGn0cRuaW4zChraR4gKwOt93TL8jB0vjFr2Dp7SQsLdKfzuWMgnuI5wG
GZzx6nKM9hboCnh8p7jTF08HdAcXp5Bmfq8e9TUz2OUuU88PPcZDFwBL7Pk/lSn+
L7U3zLnjzqkbcqiyH4khWef22JkCgYEAy60g/Nnc+AWFhJToKEbd1JRwDDyYa6Ub
7zmcR0C1e3sUXfZf67qBEeXVNPV7mOwQ94ff/A7InzckAIAeWPT95idZ2MTdC097
NWC81IAvJODK/Y69AuPcyz69QYnRLKUfPwE4iTl77iev8tIwXDbkdhiW6dq4O93z
843PGEnkq7MCgYEAkr9XRSt7q+9votKlA8K70st6FWOAkz2+BJGcwCO5irm7W9ud
CHZyoClbugR3Hpy915Zp2jKeXyENU3XtsFSsIJoLUAxXWTRbI4JY2HEDF7TTF5Z8
Aa3o9pGc7BZ0UIIzUw5bAs5U+qWvTzu7/Cu/QXB99jbvydw3PgVivqKX0WkCgYAn
jZSFZe2igLgAGkbHY5O6r6Tey3myFdtJ5r8xmyBjPXCkGq9gANUF28M+yJlbBiT5
XPqjYV+Wg8fLDRZXoiQYaPXqwbhHdQTxRbsF7Wq6V6kz+l88S3HaSnHIY3IqoFpk
CuGmzHIDutNRbX4Uulg9kuLjwSTcA2tXledsyRTOPwKBgHHRUWkzf2GHHOcla9td
TEUmEM3gpXQmtjec976VjSnD7N8aitTfknLUtyq7f3VfPA/Oj/eug2lNX9+cCKMG
0nN3kZLVaUvxJ5YPiaQ9EzGqRoDOMto+CRksuSnBUGDcvpBX6Z+09qZgzqP3En1K
eZ6Mi1Y0bWwKXCyd8tbbqi9p
-----END PRIVATE KEY-----

25
testinfra/test_gitea.py Normal file
View File

@ -0,0 +1,25 @@
# Copyright 2018 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
testinfra_hosts = ['gitea01.opendev.org']
def test_gitea_listening(host):
gitea_https = host.socket("tcp://0.0.0.0:443")
assert gitea_https.is_listening
gitea_http = host.socket("tcp://0.0.0.0:80")
assert gitea_http.is_listening
gitea_ssh = host.socket("tcp://0.0.0.0:222")
assert gitea_ssh.is_listening