GitHub is an excellent tool for code-sharing, but it has the major disadvantage of being fully public. You probably don’t want to put your confidential stuff and shared secrets in there! You can pay for private repositories, but the issue still stands that we shouldn’t be putting confidential UoB things in a non-approved cloud provider.
I briefly investigated several self-hosted pointy-clicky Git interfaces, including Gitorious, Gitolite, GitLab, Phabricator and Stash. They all have their relative merits but they all seem to be a total pain to install and run in a production environment, often requiring that we randomly git clone something into the webroot and then not providing a sane upgrade mechanism. Many of them have dependencies on modules not included with the enterprise Linux distributions
In the end, the easiest-to-deploy option seemed to be to use the GitLab Omnibus installer. This bundles the GitLab application with all its dependencies in a single RPM for ease of deployment. There’s also a Puppet Forge module called spuder/gitlab which makes it nice and easy to install on a Puppet-managed node.
After fiddling, my final solution invokes the Forge module like this:
class { 'gitlab' :
puppet_manage_config => true,
puppet_manage_backups => true,
puppet_manage_packages => false,
gitlab_branch => '7.4.3',
external_url => "https://${::fqdn}",
ssl_certificate => '/etc/gitlab/ssl/gitlab.crt',
ssl_certificate_key => '/etc/gitlab/ssl/gitlab.key',
redirect_http_to_https => true,
backup_keep_time => 5184000, # 5184000 = 60 days
gitlab_default_projects_limit => 100,
gitlab_download_link => 'https://downloads-packages.s3.amazonaws.com/centos-6.5/gitlab-7.4.3_omnibus.5.1.0.ci-1.el6.x86_64.rpm',
gitlab_email_from => 'gitlab@example.com',
ldap_enabled => true,
ldap_host => 'ldap.example.com',
ldap_base => 'CN=Users,DC=example,DC=com',
ldap_port => '636',
ldap_uid => 'uid',
ldap_method => 'ssl',
ldap_bind_dn => 'uid=ldapuser,ou=system,dc=example,dc=com',
ldap_password => '*********',
}
I also added a couple of resources to install the certificates and create a firewall exception, to make a complete working deployment.
The upgrade path requires manual intervention, but is mostly automatic. You just need to change gitlab_download_link
to point to a newer RPM and change gitlab_branch
to match.
If anyone is interested, I’d be happy to write something about the experience of using GitLab after a while, when I’ve found out some of the quirks.
Update by DaveG! (in lieu of comments currently on this site)
Gitlab have changed their install process to require use of their repo, so this module doesn’t like it very much. They’ve also changed the package name to ‘gitlab-ce’ rather than just ‘gitlab’.
To work around this I needed to:
- Add
name => 'gitlab-ce'
to the package { 'gitlab': ... }
params in gitlab/manifests/install.pp
- Find the package RPM for a new shiny version of Gitlab. 7.11.4 in this case, via https://packages.gitlab.com/gitlab/gitlab-ce?filter=rpms
- Copy the RPM to a local web-accessible location as a mirror, and use this as the location for the
gitlab_download_link
class parameter
This seems to have allowed it to work fine!
(Caveat: I had some strange behaviour with whether it would run the gitlab instance correctly, but I’m not sure if that’s because of left-overs from a previous install attempt. Needs more testing!)