diff --git a/README.md b/README.md index 85ae11c..5770d4d 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,20 @@ -# devops -A full process for building up a DevOps flow for outsourcing company +# DevOps + +## Jenkins +https://github.com/jenkinsci/docker +https://github.com/jenkinsci/docker/issues/263 +https://jpetazzo.github.io/2015/09/03/do-not-use-docker-in-docker-for-ci/ + +Bai rat hay de link tu JENKINS qua Gitlab +https://github.com/jenkinsci/gitlab-plugin/wiki/Setup-Example + +Bai rat hay de link tu gitlab qua JIRA + +Jenkins & Docker volume & sibbling containers +https://stackoverflow.com/questions/42946067/how-to-mount-docker-volume-with-jenkins-docker-container + +## Gitlab +https://docs.gitlab.com/omnibus/docker/README.html + +## Install Nodejs on Debian +https://github.com/nodesource/distributions \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..21f3702 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,76 @@ +version: '3' +volumes: + jenkins_home: + gitlab_data: + gitlab_log: + gitlab_config: + ocean_home: +services: + openldap: + build: + context: ./ldap + dockerfile: Dockerfile + image: nashtech/openldap:latest + restart: always + container_name: nt-openldap + tty: true + stdin_open: true + ports: + - "389:389" + - "636:636" + hostname: "ldap.nashtechglobal.com" + ldapadmin: + image: osixia/phpldapadmin:latest + container_name: nt-ldapadmin + restart: always + environment: + PHPLDAPADMIN_LDAP_HOSTS: "nt-openldap" + PHPLDAPADMIN_HTTPS: "false" + ports: + - "8082:80" + depends_on: + - openldap + gitlab: + container_name: nt-gitlab + build: + context: ./gitlab + dockerfile: Dockerfile + image: 'nashtech/gitlab' + restart: always + hostname: 'git.nashtechglobal.com' + ports: + - '80:80' + - '443:443' + - '2222:22' + volumes: + - 'gitlab_config:/etc/gitlab' + - ./gitlab/gitlab.rb:/etc/gitlab/gitlab.rb + - 'gitlab_log:/var/log/gitlab' + - 'gitlab_data:/var/opt/gitlab' + depends_on: + - openldap + jenkins: + container_name: nt-jenkins + build: + context: ./jenkins + image: stepone/jenkins:latest + restart: always + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - 'jenkins_home:/var/jenkins_home' + - /artifacts:/artifacts + ports: + - '8080:8080' + - '50000:50000' + extra_hosts: + #- 'git.nashtechglobal.com:192.168.1.107' # Home + - 'git.nashtechglobal.com:192.168.168.24' # NashTech + # - 'git.nashtechglobal.com:10.15.7.201' # MacDonald + depends_on: + - gitlab + sonarqube: + container_name: nt-sonarqube + image: sonarqube + ports: + - '9000:9000' + - '9092:9092' \ No newline at end of file diff --git a/gitlab/Dockerfile b/gitlab/Dockerfile new file mode 100644 index 0000000..891763f --- /dev/null +++ b/gitlab/Dockerfile @@ -0,0 +1,6 @@ +FROM gitlab/gitlab-ce:latest +MAINTAINER Phi Huynh + +COPY ./gitlab.rb /etc/gitlab/gitlab.rb + +RUN apt-get -y update && apt-get -y install ldap-utils && apt-get -y install iputils-ping \ No newline at end of file diff --git a/gitlab/README.md b/gitlab/README.md new file mode 100644 index 0000000..70ac936 --- /dev/null +++ b/gitlab/README.md @@ -0,0 +1,24 @@ +## Config LDAP +https://docs.gitlab.com/ce/administration/auth/ldap.html +nano /etc/gitlab/gitlab.rb + +## Check LDAP server is working +$ ldapsearch -x -H ldap://192.168.1.107 -b dc=appdynamics,dc=com -D "cn=admin,ou=admins,dc=appdynamics,dc=com" -w Harveynash@123 +$ ldapsearch -H ldap://192.168.1.107:389 -D "cn=admin,ou=admins,dc=appdynamics,dc=com" -y Harveynash@123 -b "dc=appdynamics,dc=com" sAMAccountName +## Reconfigure & Restart Gitlab +https://docs.gitlab.com/ee/administration/restart_gitlab.html +$ gitlab-ctl reconfigure +$ gitlab-ctl restart + +## Install ldapsearch util +apt-get install ldap-utils + +## Install NodeJS to fix command rake +cd ~ +curl -sL https://deb.nodesource.com/setup_7.x -o nodesource_setup.sh +bash nodesource_setup.sh +apt-get install nodejs + + +## See logs of gitlab +gitlab-ctl tail \ No newline at end of file diff --git a/gitlab/gitlab.rb b/gitlab/gitlab.rb new file mode 100644 index 0000000..2fc5a57 --- /dev/null +++ b/gitlab/gitlab.rb @@ -0,0 +1,1417 @@ +## GitLab configuration settings +##! This file is generated during initial installation and **is not** modified +##! during upgrades. +##! Check out the latest version of this file to know about the different +##! settings that can be configured by this file, which may be found at: +##! https://gitlab.com/gitlab-org/omnibus-gitlab/raw/master/files/gitlab-config-template/gitlab.rb.template + + +## GitLab URL +##! URL on which GitLab will be reachable. +##! For more details on configuring external_url see: +##! https://docs.gitlab.com/omnibus/settings/configuration.html#configuring-the-external-url-for-gitlab +# external_url 'GENERATED_EXTERNAL_URL' + +## Legend +##! The following notations at the beginning of each line may be used to +##! differentiate between components of this file and to easily select them using +##! a regex. +##! ## Titles, subtitles etc +##! ##! More information - Description, Docs, Links, Issues etc. +##! Configuration settings have a single # followed by a single space at the +##! beginning; Remove them to enable the setting. + +##! **Configuration settings below are optional.** +##! **The values currently assigned are only examples and ARE NOT the default +##! values.** + + +################################################################################ +################################################################################ +## Configuration Settings for GitLab CE and EE ## +################################################################################ +################################################################################ + +################################################################################ +## gitlab.yml configuration +##! Docs: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/gitlab.yml.md +################################################################################ +# gitlab_rails['gitlab_ssh_host'] = 'ssh.host_example.com' +# gitlab_rails['time_zone'] = 'UTC' + +### Email Settings +# gitlab_rails['gitlab_email_enabled'] = true +# gitlab_rails['gitlab_email_from'] = 'example@example.com' +# gitlab_rails['gitlab_email_display_name'] = 'Example' +# gitlab_rails['gitlab_email_reply_to'] = 'noreply@example.com' +# gitlab_rails['gitlab_email_subject_suffix'] = '' + +### GitLab user privileges +# gitlab_rails['gitlab_default_can_create_group'] = true +# gitlab_rails['gitlab_username_changing_enabled'] = true + +### Default Theme +# gitlab_rails['gitlab_default_theme'] = 2 + +### Default project feature settings +# gitlab_rails['gitlab_default_projects_features_issues'] = true +# gitlab_rails['gitlab_default_projects_features_merge_requests'] = true +# gitlab_rails['gitlab_default_projects_features_wiki'] = true +# gitlab_rails['gitlab_default_projects_features_snippets'] = false +# gitlab_rails['gitlab_default_projects_features_builds'] = true +# gitlab_rails['gitlab_default_projects_features_container_registry'] = true + +### Automatic issue closing +###! See https://docs.gitlab.com/ce/customization/issue_closing.html for more +###! information about this pattern. +# gitlab_rails['gitlab_issue_closing_pattern'] = "((?:[Cc]los(?:e[sd]?|ing)|[Ff]ix(?:e[sd]|ing)?|[Rr]esolv(?:e[sd]?|ing))(:?) +(?:(?:issues? +)?%{issue_ref}(?:(?:, *| +and +)?)|([A-Z][A-Z0-9_]+-\d+))+)" + +### Download location +###! When a user clicks e.g. 'Download zip' on a project, a temporary zip file +###! is created in the following directory. +# gitlab_rails['gitlab_repository_downloads_path'] = 'tmp/repositories' + +### Gravatar Settings +# gitlab_rails['gravatar_plain_url'] = 'http://www.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon' +# gitlab_rails['gravatar_ssl_url'] = 'https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon' + +### Auxiliary jobs +###! Periodically executed jobs, to self-heal Gitlab, do external +###! synchronizations, etc. +###! Docs: https://github.com/ondrejbartas/sidekiq-cron#adding-cron-job +###! https://docs.gitlab.com/ce/ci/yaml/README.html#artifacts:expire_in +# gitlab_rails['stuck_ci_builds_worker_cron'] = "0 0 * * *" +# gitlab_rails['expire_build_artifacts_worker_cron'] = "50 * * * *" +# gitlab_rails['repository_check_worker_cron'] = "20 * * * *" +# gitlab_rails['admin_email_worker_cron'] = "0 0 * * 0" +# gitlab_rails['repository_archive_cache_worker_cron'] = "0 * * * *" + +### Webhook Settings +###! Number of seconds to wait for HTTP response after sending webhook HTTP POST +###! request (default: 10) +# gitlab_rails['webhook_timeout'] = 10 + +### Trusted proxies +###! Customize if you have GitLab behind a reverse proxy which is running on a +###! different machine. +###! **Add the IP address for your reverse proxy to the list, otherwise users +###! will appear signed in from that address.** +# gitlab_rails['trusted_proxies'] = [] + +### Reply by email +###! Allow users to comment on issues and merge requests by replying to +###! notification emails. +###! Docs: https://docs.gitlab.com/ce/administration/reply_by_email.html +# gitlab_rails['incoming_email_enabled'] = true + +#### Incoming Email Address +####! The email address including the `%{key}` placeholder that will be replaced +####! to reference the item being replied to. +####! **The placeholder can be omitted but if present, it must appear in the +####! "user" part of the address (before the `@`).** +# gitlab_rails['incoming_email_address'] = "gitlab-incoming+%{key}@gmail.com" + +#### Email account username +####! **With third party providers, this is usually the full email address.** +####! **With self-hosted email servers, this is usually the user part of the +####! email address.** +# gitlab_rails['incoming_email_email'] = "gitlab-incoming@gmail.com" + +#### Email account password +# gitlab_rails['incoming_email_password'] = "[REDACTED]" + +#### IMAP Settings +# gitlab_rails['incoming_email_host'] = "imap.gmail.com" +# gitlab_rails['incoming_email_port'] = 993 +# gitlab_rails['incoming_email_ssl'] = true +# gitlab_rails['incoming_email_start_tls'] = false + +#### Incoming Mailbox Settings +####! The mailbox where incoming mail will end up. Usually "inbox". +# gitlab_rails['incoming_email_mailbox_name'] = "inbox" +####! The location where incoming mails will be logged. +# gitlab_rails['incoming_email_log_directory'] = "/var/log/gitlab/mailroom" + +### Build Artifacts +# gitlab_rails['artifacts_enabled'] = true +# gitlab_rails['artifacts_path'] = "/mnt/storage/artifacts" + +### Git LFS +# gitlab_rails['lfs_enabled'] = true +# gitlab_rails['lfs_storage_path'] = "/mnt/storage/lfs-objects" + +### GitLab Mattermost +###! These settings are void if Mattermost is installed on the same omnibus +###! install +# gitlab_rails['mattermost_host'] = "https://mattermost.example.com" + +### LDAP Settings +###! Docs: https://docs.gitlab.com/omnibus/settings/ldap.html +###! **Be careful not to break the indentation in the ldap_servers block. It is +###! in yaml format and the spaces must be retained. Using tabs will not work.** + +gitlab_rails['ldap_enabled'] = true + +###! **remember to close this block with 'EOS' below** +gitlab_rails['ldap_servers'] = YAML.load <<-'EOS' + main: + label: 'LDAP' + host: 'nt-openldap' # should be ipaddress / hostname of ldap server in production + port: 389 + uid: 'uid' + method: 'plain' + bind_dn: 'cn=phihuynh,ou=people,dc=nashtechglobal,dc=com' + password: 'Harveynash@123' + active_directory: false + allow_username_or_email_login: true + block_auto_created_users: false + base: 'dc=nashtechglobal,dc=com' + user_filter: '' + attributes: + username: ['uid', 'userid', 'sAMAccountName'] + email: ['mail', 'email', 'userPrincipalName'] + name: 'cn' + first_name: 'givenName' + last_name: 'sn' + gitlab_signup_enabled : 'true' +# ## EE only +# group_base: '' +# admin_group: '' +# sync_ssh_keys: false +# +# secondary: # 'secondary' is the GitLab 'provider ID' of second LDAP server +# label: 'LDAP' +# host: '_your_ldap_server' +# port: 389 +# uid: 'sAMAccountName' +# method: 'plain' # "tls" or "ssl" or "plain" +# bind_dn: '_the_full_dn_of_the_user_you_will_bind_with' +# password: '_the_password_of_the_bind_user' +# active_directory: true +# allow_username_or_email_login: false +# block_auto_created_users: false +# base: '' +# user_filter: '' +# attributes: +# username: ['uid', 'userid', 'sAMAccountName'] +# email: ['mail', 'email', 'userPrincipalName'] +# name: 'cn' +# first_name: 'givenName' +# last_name: 'sn' +# ## EE only +# group_base: '' +# admin_group: '' +# sync_ssh_keys: false +EOS + +### OmniAuth Settings +###! Docs: https://docs.gitlab.com/ce/integration/omniauth.html +# gitlab_rails['omniauth_enabled'] = false +# gitlab_rails['omniauth_allow_single_sign_on'] = ['saml'] +# gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'saml' +# gitlab_rails['omniauth_block_auto_created_users'] = true +# gitlab_rails['omniauth_auto_link_ldap_user'] = false +# gitlab_rails['omniauth_auto_link_saml_user'] = false +# gitlab_rails['omniauth_external_providers'] = ['twitter', 'google_oauth2'] +# gitlab_rails['omniauth_providers'] = [ +# { +# "name" => "google_oauth2", +# "app_id" => "YOUR APP ID", +# "app_secret" => "YOUR APP SECRET", +# "args" => { "access_type" => "offline", "approval_prompt" => "" } +# } +# ] + +###! **If you setup Bitbucket importer under omniauth providers you will need to +###! add the keys which will allow connection between Bitbucket and GitLab.** +###! Docs: https://docs.gitlab.com/ce/integration/bitbucket.html +# gitlab_rails['bitbucket'] = { +# 'known_hosts_key' => 'bitbucket.org,207.223.240.182 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw==', +# 'private_key' => '-----BEGIN RSA PRIVATE KEY----- +# MIIEowIBAAKCAQEAyXxYHwz2KjcwSjTREwlhYHqrf/8U0UM8ej3cqQ551gE4Wo3t +# -----END RSA PRIVATE KEY-----', +# 'public_key' => 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJfFgfDPYqN git@gitlab.example.com' +# } + +### Backup Settings +###! Docs: https://docs.gitlab.com/omnibus/settings/backups.html + +# gitlab_rails['manage_backup_path'] = true +# gitlab_rails['backup_path'] = "/var/opt/gitlab/backups" + +###! Docs: https://docs.gitlab.com/ce/raketasks/backup_restore.html#backup-archive-permissions +# gitlab_rails['backup_archive_permissions'] = 0644 + +# gitlab_rails['backup_pg_schema'] = 'public' +# gitlab_rails['backup_keep_time'] = 604800 +# gitlab_rails['backup_upload_connection'] = { +# 'provider' => 'AWS', +# 'region' => 'eu-west-1', +# 'aws_access_key_id' => 'AKIAKIAKI', +# 'aws_secret_access_key' => 'secret123' +# } +# gitlab_rails['backup_upload_remote_directory'] = 'my.s3.bucket' +# gitlab_rails['backup_multipart_chunk_size'] = 104857600 + +###! **Turns on AWS Server-Side Encryption with Amazon S3-Managed Keys for +###! backups** +# gitlab_rails['backup_encryption'] = 'AES256' + +### For setting up different data storing directory +###! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#storing-git-data-in-an-alternative-directory +###! **If you want to use a single non-default directory to store git data use a +###! path that doesn't contain symlinks.** +# git_data_dirs({"default" => "/var/opt/gitlab/git-data"}) + +### For storing GitLab application uploads, eg. LFS objects, build artifacts +###! Docs: https://docs.gitlab.com/ce/development/shared_files.html +# gitlab_rails['shared_path'] = '/var/opt/gitlab/gitlab-rails/shared' + + +### DEPRECATED: gitlab_rails['satellites_timeout'] = 30 + +### GitLab Shell settings for GitLab +# gitlab_rails['gitlab_shell_ssh_port'] = 22 +# gitlab_rails['git_max_size'] = 20971520 +# gitlab_rails['git_timeout'] = 10 + +### Extra customization +# gitlab_rails['extra_google_analytics_id'] = '_your_tracking_id' +# gitlab_rails['extra_piwik_url'] = '_your_piwik_url' +# gitlab_rails['extra_piwik_site_id'] = '_your_piwik_site_id' + +##! Docs: https://docs.gitlab.com/omnibus/settings/environment-variables.html +# gitlab_rails['env'] = { +# 'BUNDLE_GEMFILE' => "/opt/gitlab/embedded/service/gitlab-rails/Gemfile", +# 'PATH' => "/opt/gitlab/bin:/opt/gitlab/embedded/bin:/bin:/usr/bin" +# } + +# gitlab_rails['rack_attack_git_basic_auth'] = { +# 'enabled' => true, +# 'ip_whitelist' => ["127.0.0.1"], +# 'maxretry' => 10, +# 'findtime' => 60, +# 'bantime' => 3600 +# } + +# gitlab_rails['rack_attack_protected_paths'] = [ +# '/users/password', +# '/users/sign_in', +# '/api/#{API::API.version}/session.json', +# '/api/#{API::API.version}/session', +# '/users', +# '/users/confirmation', +# '/unsubscribes/', +# '/import/github/personal_access_token' +# ] + +###! **We do not recommend changing these directories.** +# gitlab_rails['dir'] = "/var/opt/gitlab/gitlab-rails" +# gitlab_rails['log_directory'] = "/var/log/gitlab/gitlab-rails" + +### GitLab application settings +# gitlab_rails['uploads_directory'] = "/var/opt/gitlab/gitlab-rails/uploads" +# gitlab_rails['rate_limit_requests_per_period'] = 10 +# gitlab_rails['rate_limit_period'] = 60 + +#### Change the initial default admin password and shared runner registraion tokens. +####! **Only applicable on initial setup, changing these settings after database +####! is created and seeded won't yield any change.** +# gitlab_rails['initial_root_password'] = "password" +# gitlab_rails['initial_shared_runners_registration_token'] = "token" + +#### Enable or disable automatic database migrations +# gitlab_rails['auto_migrate'] = true + +#### This is advanced feature used by large gitlab deployments where loading +#### whole RAILS env takes a lot of time. +# gitlab_rails['rake_cache_clear'] = true + +### GitLab database settings +###! Docs: https://docs.gitlab.com/omnibus/settings/database.html +###! **Only needed if you use an external database.** +# gitlab_rails['db_adapter'] = "postgresql" +# gitlab_rails['db_encoding'] = "unicode" +# gitlab_rails['db_collation'] = nil +# gitlab_rails['db_database'] = "gitlabhq_production" +# gitlab_rails['db_pool'] = 10 +# gitlab_rails['db_username'] = "gitlab" +# gitlab_rails['db_password'] = nil +# gitlab_rails['db_host'] = nil +# gitlab_rails['db_port'] = 5432 +# gitlab_rails['db_socket'] = nil +# gitlab_rails['db_sslmode'] = nil +# gitlab_rails['db_sslrootcert'] = nil + + +### GitLab Redis settings +###! Connect to your own Redis instance +###! Docs: https://docs.gitlab.com/omnibus/settings/redis.html + +#### Redis TCP connection +# gitlab_rails['redis_host'] = "127.0.0.1" +# gitlab_rails['redis_port'] = 6379 +# gitlab_rails['redis_password'] = nil +# gitlab_rails['redis_database'] = 0 + +#### Redis local UNIX socket (will be disabled if TCP method is used) +# gitlab_rails['redis_socket'] = "/var/opt/gitlab/redis/redis.socket" + +#### Sentinel support +####! To have Sentinel working, you must enable Redis TCP connection support +####! above and define a few Sentinel hosts below (to get a reliable setup +####! at least 3 hosts). +####! **You don't need to list every sentinel host, but the ones not listed will +####! not be used in a fail-over situation to query for the new master.** +# gitlab_rails['redis_sentinels'] = [ +# {'host' => '127.0.0.1', 'port' => 26379}, +# ] + +### GitLab email server settings +###! Docs: https://docs.gitlab.com/omnibus/settings/smtp.html +###! **Use smtp instead of sendmail/postfix.** + +# gitlab_rails['smtp_enable'] = true +# gitlab_rails['smtp_address'] = "smtp.server" +# gitlab_rails['smtp_port'] = 465 +# gitlab_rails['smtp_user_name'] = "smtp user" +# gitlab_rails['smtp_password'] = "smtp password" +# gitlab_rails['smtp_domain'] = "example.com" +# gitlab_rails['smtp_authentication'] = "login" +# gitlab_rails['smtp_enable_starttls_auto'] = true +# gitlab_rails['smtp_tls'] = false + +###! **Can be: 'none', 'peer', 'client_once', 'fail_if_no_peer_cert'** +###! Docs: http://api.rubyonrails.org/classes/ActionMailer/Base.html +# gitlab_rails['smtp_openssl_verify_mode'] = 'none' + +# gitlab_rails['smtp_ca_path'] = "/etc/ssl/certs" +# gitlab_rails['smtp_ca_file'] = "/etc/ssl/certs/ca-certificates.crt" + +################################################################################ +## Container Registry settings +##! Docs: https://docs.gitlab.com/ce/administration/container_registry.html +################################################################################ + +# registry_external_url 'https://registry.gitlab.example.com' + +### Settings used by GitLab application +# gitlab_rails['registry_enabled'] = true +# gitlab_rails['registry_host'] = "registry.gitlab.example.com" +# gitlab_rails['registry_port'] = "5005" +# gitlab_rails['registry_path'] = "/var/opt/gitlab/gitlab-rails/shared/registry" + +###! **Do not change the following 3 settings unless you know what you are +###! doing** +# gitlab_rails['registry_api_url'] = "http://localhost:5000" +# gitlab_rails['registry_key_path'] = "/var/opt/gitlab/gitlab-rails/certificate.key" +# gitlab_rails['registry_issuer'] = "omnibus-gitlab-issuer" + +### Settings used by Registry application +# registry['enable'] = true +# registry['username'] = "registry" +# registry['group'] = "registry" +# registry['uid'] = nil +# registry['gid'] = nil +# registry['dir'] = "/var/opt/gitlab/registry" +# registry['registry_http_addr'] = "localhost:5000" +# registry['debug_addr'] = "localhost:5001" +# registry['log_directory'] = "/var/log/gitlab/registry" +# registry['log_level'] = "info" +# registry['rootcertbundle'] = "/var/opt/gitlab/registry/certificate.crt" +# registry['storage_delete_enabled'] = true + +### Registry backend storage +###! Docs: https://docs.gitlab.com/ce/administration/container_registry.html#container-registry-storage-driver +# registry['storage'] = { +# 's3' => { +# 'accesskey' => 'AKIAKIAKI', +# 'secretkey' => 'secret123', +# 'bucket' => 'gitlab-registry-bucket-AKIAKIAKI' +# } +# } + + +################################################################################ +## GitLab Workhorse +##! Docs: https://gitlab.com/gitlab-org/gitlab-workhorse/blob/master/README.md +################################################################################ + +# gitlab_workhorse['enable'] = true +# gitlab_workhorse['ha'] = false +# gitlab_workhorse['listen_network'] = "unix" +# gitlab_workhorse['listen_umask'] = 000 +# gitlab_workhorse['listen_addr'] = "/var/opt/gitlab/gitlab-workhorse/socket" +# gitlab_workhorse['auth_backend'] = "http://localhost:8080" + +##! the empty string is the default in gitlab-workhorse option parser +# gitlab_workhorse['auth_socket'] = "''" + +##! put an empty string on the command line +# gitlab_workhorse['pprof_listen_addr'] = "''" + +##! put an empty string on the command line +# gitlab_workhorse['prometheus_listen_addr'] = "''" + +# gitlab_workhorse['dir'] = "/var/opt/gitlab/gitlab-workhorse" +# gitlab_workhorse['log_directory'] = "/var/log/gitlab/gitlab-workhorse" +# gitlab_workhorse['proxy_headers_timeout'] = "1m0s" + +##! limit number of concurrent API requests, defaults to 0 which is unlimited +# gitlab_workhorse['api_limit'] = 0 + +##! limit number of API requests allowed to be queued, defaults to 0 which +##! disables queuing +# gitlab_workhorse['api_queue_limit'] = 0 + +##! duration after which we timeout requests if they sit too long in the queue +# gitlab_workhorse['api_queue_duration'] = "30s" + +# gitlab_workhorse['env'] = { +# 'PATH' => "/opt/gitlab/bin:/opt/gitlab/embedded/bin:/bin:/usr/bin" +# } + +################################################################################ +## GitLab User Settings +##! Modify default git user. +##! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#changing-the-name-of-the-git-user-group +################################################################################ + +# user['username'] = "git" +# user['group'] = "git" +# user['uid'] = nil +# user['gid'] = nil + +##! The shell for the git user +# user['shell'] = "/bin/sh" + +##! The home directory for the git user +# user['home'] = "/var/opt/gitlab" + +# user['git_user_name'] = "GitLab" +# user['git_user_email'] = "gitlab@#{node['fqdn']}" + +################################################################################ +## GitLab Unicorn +##! Tweak unicorn settings. +##! Docs: https://docs.gitlab.com/omnibus/settings/unicorn.html +################################################################################ + +# unicorn['worker_timeout'] = 60 +###! Minimum worker_processes is 2 at this moment +###! See https://gitlab.com/gitlab-org/gitlab-ce/issues/18771 +# unicorn['worker_processes'] = 2 + +### Advanced settings +# unicorn['listen'] = '127.0.0.1' +# unicorn['port'] = 8080 +# unicorn['socket'] = '/var/opt/gitlab/gitlab-rails/sockets/gitlab.socket' +# unicorn['pidfile'] = '/opt/gitlab/var/unicorn/unicorn.pid' +# unicorn['tcp_nopush'] = true +# unicorn['backlog_socket'] = 1024 + +###! **Make sure somaxconn is equal or higher then backlog_socket** +# unicorn['somaxconn'] = 1024 + +###! **We do not recommend changing this setting** +# unicorn['log_directory'] = "/var/log/gitlab/unicorn" + +### **Only change these settings if you understand well what they mean** +###! Docs: https://about.gitlab.com/2015/06/05/how-gitlab-uses-unicorn-and-unicorn-worker-killer/ +###! https://github.com/kzk/unicorn-worker-killer +# unicorn['worker_memory_limit_min'] = "400 * 1 << 20" +# unicorn['worker_memory_limit_max'] = "650 * 1 << 20" + +################################################################################ +## GitLab Sidekiq +################################################################################ + +# sidekiq['log_directory'] = "/var/log/gitlab/sidekiq" +# sidekiq['shutdown_timeout'] = 4 +# sidekiq['concurrency'] = 25 + +################################################################################ +## gitlab-shell +################################################################################ + +# gitlab_shell['audit_usernames'] = false +# gitlab_shell['log_level'] = 'INFO' +# gitlab_shell['http_settings'] = { user: 'username', password: 'password', ca_file: '/etc/ssl/cert.pem', ca_path: '/etc/pki/tls/certs', self_signed_cert: false} +# gitlab_shell['log_directory'] = "/var/log/gitlab/gitlab-shell/" +# gitlab_shell['custom_hooks_dir'] = "/opt/gitlab/embedded/service/gitlab-shell/hooks" + +##! **If enabled, git-annex needs to be installed on the server where GitLab is +##! setup. +##! For Debian and Ubuntu systems this can be done with: +##! `sudo apt-get install git-annex`. +##! For CentOS: +##! `sudo yum install epel-release && sudo yum install git-annex`** +# gitlab_shell['git_annex_enabled'] = false + +# gitlab_shell['auth_file'] = "/var/opt/gitlab/.ssh/authorized_keys" + +### Git trace log file. +###! If set, git commands receive GIT_TRACE* environment variables +###! Docs: https://git-scm.com/book/es/v2/Git-Internals-Environment-Variables#Debugging +###! An absolute path starting with / – the trace output will be appended to +###! that file. It needs to exist so we can check permissions and avoid +###! throwing warnings to the users. +# gitlab_shell['git_trace_log_file'] = "/var/log/gitlab/gitlab-shell/gitlab-shell-git-trace.log" + +##! **We do not recommend changing this directory.** +# gitlab_shell['dir'] = "/var/opt/gitlab/gitlab-shell" + +################################################################ +## GitLab PostgreSQL +################################################################ + +# postgresql['enable'] = true +# postgresql['listen_address'] = nil +# postgresql['port'] = 5432 +# postgresql['data_dir'] = "/var/opt/gitlab/postgresql/data" + +##! **recommend value is 1/4 of total RAM, up to 14GB.** +# postgresql['shared_buffers'] = "256MB" + +### Advanced settings +# postgresql['ha'] = false +# postgresql['dir'] = "/var/opt/gitlab/postgresql" +# postgresql['log_directory'] = "/var/log/gitlab/postgresql" +# postgresql['username'] = "gitlab-psql" +# postgresql['uid'] = nil +# postgresql['gid'] = nil +# postgresql['shell'] = "/bin/sh" +# postgresql['home'] = "/var/opt/gitlab/postgresql" +# postgresql['user_path'] = "/opt/gitlab/embedded/bin:/opt/gitlab/bin:$PATH" +# postgresql['sql_user'] = "gitlab" +# postgresql['sql_ci_user'] = "gitlab_ci" +# postgresql['max_connections'] = 200 +# postgresql['md5_auth_cidr_addresses'] = [] +# postgresql['trust_auth_cidr_addresses'] = [] +# postgresql['shmmax'] = 17179869184 # or 4294967295 +# postgresql['shmall'] = 4194304 # or 1048575 +# postgresql['work_mem'] = "8MB" +# postgresql['maintenance_work_mem'] = "16MB" +# postgresql['effective_cache_size'] = "1MB" +# postgresql['checkpoint_segments'] = 10 +# postgresql['checkpoint_timeout'] = "5min" +# postgresql['checkpoint_completion_target'] = 0.9 +# postgresql['checkpoint_warning'] = "30s" +# postgresql['wal_buffers'] = "-1" +# postgresql['autovacuum'] = "on" +# postgresql['log_autovacuum_min_duration'] = "-1" +# postgresql['autovacuum_max_workers'] = "3" +# postgresql['autovacuum_naptime'] = "1min" +# postgresql['autovacuum_vacuum_threshold'] = "50" +# postgresql['autovacuum_analyze_threshold'] = "50" +# postgresql['autovacuum_vacuum_scale_factor'] = "0.02" +# postgresql['autovacuum_analyze_scale_factor'] = "0.01" +# postgresql['autovacuum_freeze_max_age'] = "200000000" +# postgresql['autovacuum_vacuum_cost_delay'] = "20ms" +# postgresql['autovacuum_vacuum_cost_limit'] = "-1" +# postgresql['statement_timeout'] = "0" +# postgresql['log_line_prefix'] = "%a" +# postgresql['track_activity_query_size'] = "1024" +# postgresql['shared_preload_libraries'] = nil + +### Replication settings +# postgresql['sql_replication_user'] = "gitlab_replicator" +# postgresql['wal_level'] = "hot_standby" +# postgresql['max_wal_senders'] = 5 +# postgresql['wal_keep_segments'] = 10 +# postgresql['hot_standby'] = "off" +# postgresql['max_standby_archive_delay'] = "30s" +# postgresql['max_standby_streaming_delay'] = "30s" +# postgresql['max_replication_slots'] = 0 +# postgresql['synchronous_commit'] = on +# postgresql['synchronous_standby_names'] = '' + +# Backup/Archive settings +# default['gitlab']['postgresql']['archive_mode'] = "off" +# default['gitlab']['postgresql']['archive_command'] = nil +# default['gitlab']['postgresql']['archive_timeout'] = "60" + +### Available in PostgreSQL 9.6 and later +# postgresql['min_wal_size'] = 80MB +# postgresql['max_wal_size'] = 1GB + +################################################################################ +## GitLab Redis +##! **Can be disabled if you are using your own Redis instance.** +##! Docs: https://docs.gitlab.com/omnibus/settings/redis.html +################################################################################ + +# redis['enable'] = true +# redis['username'] = "gitlab-redis" +# redis['maxclients'] = "10000" +# redis['tcp_timeout'] = "60" +# redis['tcp_keepalive'] = "300" +# redis['uid'] = nil +# redis['gid'] = nil + +###! **To enable only Redis service in this machine, uncomment +###! one of the lines below (choose master or slave instance types).** +###! Docs: https://docs.gitlab.com/omnibus/settings/redis.html +###! https://docs.gitlab.com/ce/administration/high_availability/redis.html +# redis_master_role['enable'] = true +# redis_slave_role['enable'] = true + +### Redis TCP support (will disable UNIX socket transport) +# redis['bind'] = '0.0.0.0' # or specify an IP to bind to a single one +# redis['port'] = 6379 +# redis['password'] = 'redis-password-goes-here' + +### Redis Sentinel support +###! **You need a master slave Redis replication to be able to do failover** +###! **Please read the documentation before enabling it to understand the +###! caveats:** +###! Docs: https://docs.gitlab.com/ce/administration/high_availability/redis.html + +### Replication support +#### Slave Redis instance +# redis['master'] = false # by default this is true + +#### Slave and Sentinel shared configuration +####! **Both need to point to the master Redis instance to get replication and +####! heartbeat monitoring** +# redis['master_name'] = 'gitlab-redis' +# redis['master_ip'] = nil +# redis['master_port'] = 6379 + +####! **Master password should have the same value defined in +####! redis['password'] to enable the instance to transition to/from +####! master/slave in a failover event.** +# redis['master_password'] = 'redis-password-goes-here' + +####! Increase these values when your slaves can't catch up with master +# redis['client_output_buffer_limit_normal'] = '0 0 0' +# redis['client_output_buffer_limit_slave'] = '256mb 64mb 60' +# redis['client_output_buffer_limit_pubsub'] = '32mb 8mb 60' + +################################################################################ +## GitLab Web server +##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#using-a-non-bundled-web-server +################################################################################ + +##! When bundled nginx is disabled we need to add the external webserver user to +##! the GitLab webserver group. +# web_server['external_users'] = [] +# web_server['username'] = 'gitlab-www' +# web_server['group'] = 'gitlab-www' +# web_server['uid'] = nil +# web_server['gid'] = nil +# web_server['shell'] = '/bin/false' +# web_server['home'] = '/var/opt/gitlab/nginx' + +################################################################################ +## GitLab Nginx +##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html +################################################################################ + +# nginx['enable'] = true +# nginx['client_max_body_size'] = '250m' +# nginx['redirect_http_to_https'] = false +# nginx['redirect_http_to_https_port'] = 80 + +##! Most root CA's are included by default +# nginx['ssl_client_certificate'] = "/etc/gitlab/ssl/ca.crt" + +##! enable/disable 2-way SSL client authentication +# nginx['ssl_verify_client'] = "off" + +##! if ssl_verify_client on, verification depth in the client certificates chain +# nginx['ssl_verify_depth'] = "1" + +# nginx['ssl_certificate'] = "/etc/gitlab/ssl/#{node['fqdn']}.crt" +# nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/#{node['fqdn']}.key" +# nginx['ssl_ciphers'] = "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256" +# nginx['ssl_prefer_server_ciphers'] = "on" + +##! **Recommended by: https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html +##! https://cipherli.st/** +# nginx['ssl_protocols'] = "TLSv1 TLSv1.1 TLSv1.2" + +##! **Recommended in: https://nginx.org/en/docs/http/ngx_http_ssl_module.html** +# nginx['ssl_session_cache'] = "builtin:1000 shared:SSL:10m" + +##! **Default according to https://nginx.org/en/docs/http/ngx_http_ssl_module.html** +# nginx['ssl_session_timeout'] = "5m" + +# nginx['ssl_dhparam'] = nil # Path to dhparams.pem, eg. /etc/gitlab/ssl/dhparams.pem +# nginx['listen_addresses'] = ['*', '[::]'] + +##! **Override only if you use a reverse proxy** +##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#setting-the-nginx-listen-port +# nginx['listen_port'] = nil + +##! **Override only if your reverse proxy internally communicates over HTTP** +##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#supporting-proxied-ssl +# nginx['listen_https'] = nil + +# nginx['custom_gitlab_server_config'] = "location ^~ /foo-namespace/bar-project/raw/ {\n deny all;\n}\n" +# nginx['custom_nginx_config'] = "include /etc/nginx/conf.d/example.conf;" +# nginx['proxy_read_timeout'] = 3600 +# nginx['proxy_connect_timeout'] = 300 +# nginx['proxy_set_headers'] = { +# "Host" => "$http_host", +# "X-Real-IP" => "$remote_addr", +# "X-Forwarded-For" => "$proxy_add_x_forwarded_for", +# "X-Forwarded-Proto" => "https", +# "X-Forwarded-Ssl" => "on", +# "Upgrade" => "$http_upgrade", +# "Connection" => "$connection_upgrade" +# } +# nginx['proxy_cache_path'] = 'proxy_cache keys_zone=gitlab:10m max_size=1g levels=1:2' +# nginx['proxy_cache'] = 'gitlab' +# nginx['http2_enabled'] = true +# nginx['real_ip_trusted_addresses'] = [] +# nginx['real_ip_header'] = nil +# nginx['real_ip_recursive'] = nil +# nginx['custom_error_pages'] = { +# '404' => { +# 'title' => 'Example title', +# 'header' => 'Example header', +# 'message' => 'Example message' +# } +# } + +### Advanced settings +# nginx['dir'] = "/var/opt/gitlab/nginx" +# nginx['log_directory'] = "/var/log/gitlab/nginx" +# nginx['worker_processes'] = 4 +# nginx['worker_connections'] = 10240 +# nginx['log_format'] = '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"' +# nginx['sendfile'] = 'on' +# nginx['tcp_nopush'] = 'on' +# nginx['tcp_nodelay'] = 'on' +# nginx['gzip'] = "on" +# nginx['gzip_http_version'] = "1.0" +# nginx['gzip_comp_level'] = "2" +# nginx['gzip_proxied'] = "any" +# nginx['gzip_types'] = [ "text/plain", "text/css", "application/x-javascript", "text/xml", "application/xml", "application/xml+rss", "text/javascript", "application/json" ] +# nginx['keepalive_timeout'] = 65 +# nginx['cache_max_size'] = '5000m' +# nginx['server_names_hash_bucket_size'] = 64 + +### Nginx status +# nginx['status'] = { +# "enable" => true, +# "listen_addresses" => ["127.0.0.1"], +# "fqdn" => "dev.example.com", +# "port" => 9999, +# "options" => { +# "stub_status" => "on", # Turn on stats +# "server_tokens" => "off", # Don't show the version of NGINX +# "access_log" => "on", # Disable logs for stats +# "allow" => "127.0.0.1", # Only allow access from localhost +# "deny" => "all" # Deny access to anyone else +# } +# } + +################################################################################ +## GitLab Logging +##! Docs: https://docs.gitlab.com/omnibus/settings/logs.html +################################################################################ + +# logging['svlogd_size'] = 200 * 1024 * 1024 # rotate after 200 MB of log data +# logging['svlogd_num'] = 30 # keep 30 rotated log files +# logging['svlogd_timeout'] = 24 * 60 * 60 # rotate after 24 hours +# logging['svlogd_filter'] = "gzip" # compress logs with gzip +# logging['svlogd_udp'] = nil # transmit log messages via UDP +# logging['svlogd_prefix'] = nil # custom prefix for log messages +# logging['logrotate_frequency'] = "daily" # rotate logs daily +# logging['logrotate_size'] = nil # do not rotate by size by default +# logging['logrotate_rotate'] = 30 # keep 30 rotated logs +# logging['logrotate_compress'] = "compress" # see 'man logrotate' +# logging['logrotate_method'] = "copytruncate" # see 'man logrotate' +# logging['logrotate_postrotate'] = nil # no postrotate command by default +# logging['logrotate_dateformat'] = nil # use date extensions for rotated files rather than numbers e.g. a value of "-%Y-%m-%d" would give rotated files like production.log-2016-03-09.gz + +################################################################################ +## Logrotate +##! Docs: https://docs.gitlab.com/omnibus/settings/logs.html#logrotate +##! You can disable built in logrotate feature. +################################################################################ +# logrotate['enable'] = true + +################################################################################ +## Users and groups accounts +##! Disable management of users and groups accounts. +##! **Set only if creating accounts manually** +##! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#disable-user-and-group-account-management +################################################################################ + +# manage_accounts['enable'] = false + +################################################################################ +## Storage directories +##! Disable managing storage directories +##! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#disable-storage-directories-management +################################################################################ + +##! **Set only if the select directories are created manually** +# manage_storage_directories['enable'] = false +# manage_storage_directories['manage_etc'] = false + +################################################################################ +## Git +##! Advanced setting for configuring git system settings for omnibus-gitlab +##! internal git +################################################################################ + +##! For multiple options under one header use array of comma separated values, +##! eg.: +##! { "receive" => ["fsckObjects = true"], "alias" => ["st = status", "co = checkout"] } + +# omnibus_gitconfig['system'] = { +# "pack" => ["threads = 1"], +# "receive" => ["fsckObjects = true"], +# "repack" => ["writeBitmaps = true"], +# "transfer" => ["hideRefs=^refs/tmp/", "hideRefs=^refs/keep-around/"], +# } + +################################################################################ +## GitLab Pages +##! Docs: https://docs.gitlab.com/ce/pages/administration.html +################################################################################ + +##! Define to enable GitLab Pages +# pages_external_url "http://pages.example.com/" +# gitlab_pages['enable'] = false + +##! Configure to expose GitLab Pages on external IP address, serving the HTTP +# gitlab_pages['external_http'] = nil + +##! Configure to expose GitLab Pages on external IP address, serving the HTTPS +# gitlab_pages['external_https'] = nil + +# gitlab_pages['listen_proxy'] = "localhost:8090" +# gitlab_pages['redirect_http'] = true +# gitlab_pages['use_http2'] = true +# gitlab_pages['dir'] = "/var/opt/gitlab/gitlab-pages" +# gitlab_pages['log_directory'] = "/var/log/gitlab/gitlab-pages" + +##! Prometheus metrics for Pages docs: https://gitlab.com/gitlab-org/gitlab-pages/#enable-prometheus-metrics +# gitlab_pages['metrics_address'] = "localhost:1234" + +################################################################################ +## GitLab Pages NGINX +################################################################################ + +# pages_nginx['enable'] = false +# pages_nginx['redirect_http_to_https'] = false +# pages_nginx['redirect_http_to_https_port'] = 80 +# pages_nginx['ssl_certificate'] = "/etc/gitlab/ssl/#{node['fqdn']}.crt" +# pages_nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/#{node['fqdn']}.key" +# pages_nginx['ssl_ciphers'] = "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256" +# pages_nginx['ssl_prefer_server_ciphers'] = "on" + +##! Recommended by : https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html +##! https://cipherli.st/ +# pages_nginx['ssl_protocols'] = "TLSv1 TLSv1.1 TLSv1.2" + +##! Recommended in https://nginx.org/en/docs/http/ngx_http_ssl_module.html +# pages_nginx['ssl_session_cache'] = "builtin:1000 shared:SSL:10m" + +##! Default according to https://nginx.org/en/docs/http/ngx_http_ssl_module.html +# pages_nginx['ssl_session_timeout'] = "5m" + +##! Path to ci_dhparams.pem, eg. /etc/gitlab/ssl/ci_dhparams.pem +# pages_nginx['ssl_dhparam'] = nil + +# pages_nginx['listen_addresses'] = ['*', '[::]'] + +##! **Override only if you use a reverse proxy** +##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#setting-the-nginx-listen-port +# pages_nginx['listen_port'] = nil + +##! **Override only if your reverse proxy internally communicates over HTTP** +##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#supporting-proxied-ssl +# pages_nginx['listen_https'] = nil + +# pages_nginx['custom_gitlab_server_config'] = "location ^~ /foo-namespace/bar-project/raw/ {\n deny all;\n}\n" + +### Advanced settings +# pages_nginx['dir'] = "/var/opt/gitlab/nginx" +# pages_nginx['log_directory'] = "/var/log/gitlab/nginx" + +# gitlab_rails['pages_path'] = "/mnt/storage/pages" + +################################################################################ +## GitLab CI +##! Docs: https://docs.gitlab.com/omnibus/gitlab-ci/README.html +################################################################################ + +# gitlab_ci['gitlab_ci_all_broken_builds'] = true +# gitlab_ci['gitlab_ci_add_pusher'] = true +# gitlab_ci['builds_directory'] = '/var/opt/gitlab/gitlab-ci/builds' + +### DEPRECATED: ci_external_url 'http://ci.example.com' + +################################################################################ +## GitLab Mattermost +##! Docs: https://docs.gitlab.com/omnibus/gitlab-mattermost +################################################################################ + +# mattermost_external_url 'http://mattermost.example.com' + +# mattermost['enable'] = false +# mattermost['username'] = 'mattermost' +# mattermost['group'] = 'mattermost' +# mattermost['uid'] = nil +# mattermost['gid'] = nil +# mattermost['home'] = '/var/opt/gitlab/mattermost' +# mattermost['database_name'] = 'mattermost_production' + +# mattermost['service_use_ssl'] = false +# mattermost['service_address'] = "127.0.0.1" +# mattermost['service_port'] = "8065" +# mattermost['service_site_url'] = nil +# mattermost['service_maximum_login_attempts'] = 10 +# mattermost['service_segment_developer_key'] = nil +# mattermost['service_google_developer_key'] = nil +# mattermost['service_enable_incoming_webhooks'] = true +# mattermost['service_enable_post_username_override'] = true +# mattermost['service_enable_post_icon_override'] = true +# mattermost['service_enable_testing'] = false +# mattermost['service_enable_security_fix_alert'] = true +# mattermost['service_enable_insecure_outgoing_connections'] = false +# mattermost['service_allow_cors_from'] = "" +# mattermost['service_enable_outgoing_webhooks'] = true +# mattermost['service_enable_commands'] = true +# mattermost['service_enable_custom_emoji'] = false +# mattermost['service_enable_only_admin_integrations'] = true +# mattermost['service_enable_oauth_service_provider'] = false +# mattermost['service_enable_developer'] = false +# mattermost['service_session_length_web_in_days'] = 30 +# mattermost['service_session_length_mobile_in_days'] = 30 +# mattermost['service_session_length_sso_in_days'] = 30 +# mattermost['service_session_cache_in_minutes'] = 10 +# mattermost['service_connection_security'] = nil +# mattermost['service_tls_cert_file'] = nil +# mattermost['service_tls_key_file'] = nil +# mattermost['service_use_lets_encrypt'] = false +# mattermost['service_lets_encrypt_cert_cache_file'] = "./config/letsencrypt.cache" +# mattermost['service_forward_80_to_443'] = false +# mattermost['service_read_timeout'] = 300 +# mattermost['service_write_timeout'] = 300 + +# mattermost['team_site_name'] = "GitLab Mattermost" +# mattermost['team_max_users_per_team'] = 150 +# mattermost['team_enable_team_creation'] = true +# mattermost['team_enable_user_creation'] = true +# mattermost['team_enable_open_server'] = false +# mattermost['team_allow_public_link'] = true +# mattermost['team_allow_valet_default'] = false +# mattermost['team_restrict_creation_to_domains'] = "gmail.com" +# mattermost['team_restrict_team_names'] = true +# mattermost['team_restrict_direct_message'] = "any" +# mattermost['team_max_channels_per_team'] = 2000 + +# mattermost['sql_driver_name'] = 'mysql' +# mattermost['sql_data_source'] = "mmuser:mostest@tcp(dockerhost:3306)/mattermost_test?charset=utf8mb4,utf8" +# mattermost['sql_data_source_replicas'] = ["mmuser:mostest@tcp(dockerhost:3306)/mattermost_test?charset=utf8mb4,utf8"] +# mattermost['sql_max_idle_conns'] = 10 +# mattermost['sql_max_open_conns'] = 10 +# mattermost['sql_trace'] = false + +# mattermost['log_file_directory'] = '/var/log/gitlab/mattermost' +# mattermost['log_console_enable'] = true +# mattermost['log_console_level'] = 'INFO' +# mattermost['log_enable_file'] = false +# mattermost['log_file_level'] = 'INFO' +# mattermost['log_file_format'] = nil +# mattermost['log_enable_diagnostics'] = true + +# mattermost['gitlab_enable'] = false +# mattermost['gitlab_id'] = "12345656" +# mattermost['gitlab_secret'] = "123456789" +# mattermost['gitlab_scope'] = "" +# mattermost['gitlab_auth_endpoint'] = "http://gitlab.example.com/oauth/authorize" +# mattermost['gitlab_token_endpoint'] = "http://gitlab.example.com/oauth/token" +# mattermost['gitlab_user_api_endpoint'] = "http://gitlab.example.com/api/v3/user" + +# mattermost['aws'] = {'S3AccessKeyId' => '123', 'S3SecretAccessKey' => '123', 'S3Bucket' => 'aa', 'S3Region' => 'bb'} + +# mattermost['email_enable_sign_up_with_email'] = true +# mattermost['email_enable_sign_in_with_email'] = true +# mattermost['email_enable_sign_in_with_username'] = false +# mattermost['email_send_email_notifications'] = false +# mattermost['email_require_email_verification'] = false +# mattermost['email_smtp_username'] = nil +# mattermost['email_smtp_password'] = nil +# mattermost['email_smtp_server'] = nil +# mattermost['email_smtp_port'] = nil +# mattermost['email_connection_security'] = nil +# mattermost['email_feedback_name'] = nil +# mattermost['email_feedback_email'] = nil +# mattermost['email_feedback_organization'] = nil +# mattermost['email_send_push_notifications'] = true +# mattermost['email_push_notification_server'] = "" +# mattermost['email_push_notification_contents'] = "generic" +# mattermost['email_enable_batching'] = false +# mattermost['email_batching_buffer_size'] = 256 +# mattermost['email_batching_interval'] = 30 + +# mattermost['file_max_file_size'] = 52428800 +# mattermost['file_driver_name'] = "local" +# mattermost['file_directory'] = "/var/opt/gitlab/mattermost/data" +# mattermost['file_enable_public_link'] = true +# mattermost['file_thumbnail_width'] = 120 +# mattermost['file_thumbnail_height'] = 100 +# mattermost['file_preview_width'] = 1024 +# mattermost['file_preview_height'] = 0 +# mattermost['file_profile_width'] = 128 +# mattermost['file_profile_height'] = 128 +# mattermost['file_initial_font'] = 'luximbi.ttf' +# mattermost['file_amazon_s3_access_key_id'] = nil +# mattermost['file_amazon_s3_bucket'] = nil +# mattermost['file_amazon_s3_secret_access_key'] = nil +# mattermost['file_amazon_s3_region'] = nil +# mattermost["file_amazon_s3_endpoint"] = nil +# mattermost["file_amazon_s3_bucket_endpoint"] = nil +# mattermost["file_amazon_s3_location_constraint"] = false +# mattermost["file_amazon_s3_lowercase_bucket"] = false +# mattermost["file_amazon_s3_ssl"] = true + +# mattermost['ratelimit_enable_rate_limiter'] = false +# mattermost['ratelimit_per_sec'] = 10 +# mattermost['ratelimit_memory_store_size'] = 10000 +# mattermost['ratelimit_vary_by_remote_addr'] = true +# mattermost['ratelimit_vary_by_header'] = nil +# mattermost['ratelimit_max_burst'] = 100 + +# mattermost['support_terms_of_service_link'] = "/static/help/terms.html" +# mattermost['support_privacy_policy_link'] = "/static/help/privacy.html" +# mattermost['support_about_link'] = "/static/help/about.html" +# mattermost['support_report_a_problem_link'] = "/static/help/report_problem.html" +# mattermost['support_email'] = "support@example.com" + +# mattermost['privacy_show_email_address'] = true +# mattermost['privacy_show_full_name'] = true + +# mattermost['localization_server_locale'] = "en" +# mattermost['localization_client_locale'] = "en" +# mattermost['localization_available_locales'] = "en,es,fr,ja,pt-BR" + +# mattermost['webrtc_enable'] = false +# mattermost['webrtc_gateway_websocket_url'] = nil +# mattermost['webrtc_gateway_admin_url'] = nil +# mattermost['webrtc_gateway_admin_secret'] = nil +# mattermost['webrtc_gateway_stun_uri'] = nil +# mattermost['webrtc_gateway_turn_uri'] = nil +# mattermost['webrtc_gateway_turn_username'] = nil +# mattermost['webrtc_gateway_turn_shared_key'] = ni + +################################################################################ +## Mattermost NGINX +################################################################################ + +# mattermost_nginx['enable'] = false +# mattermost_nginx['client_max_body_size'] = '250m' +# mattermost_nginx['redirect_http_to_https'] = false +# mattermost_nginx['redirect_http_to_https_port'] = 80 +# mattermost_nginx['ssl_certificate'] = "/etc/gitlab/ssl/#{node['fqdn']}.crt" +# mattermost_nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/#{node['fqdn']}.key" +# mattermost_nginx['ssl_ciphers'] = "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256" +# mattermost_nginx['ssl_prefer_server_ciphers'] = "on" + +##! Recommended by: https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html +##! https://cipherli.st/ +# mattermost_nginx['ssl_protocols'] = "TLSv1 TLSv1.1 TLSv1.2" + +##! Recommended in https://nginx.org/en/docs/http/ngx_http_ssl_module.html +# mattermost_nginx['ssl_session_cache'] = "builtin:1000 shared:SSL:10m" + +##! Default according to https://nginx.org/en/docs/http/ngx_http_ssl_module.html +# mattermost_nginx['ssl_session_timeout'] = "5m" + +##! Path to ci_dhparams.pem, eg. /etc/gitlab/ssl/ci_dhparams.pem +# mattermost_nginx['ssl_dhparam'] = nil + +# mattermost_nginx['listen_addresses'] = ['*', '[::]'] + +##! **Override only if you use a reverse proxy** +##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#setting-the-nginx-listen-port +# mattermost_nginx['listen_port'] = nil + +##! **Override only if your reverse proxy internally communicates over HTTP** +##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#supporting-proxied-ssl +# mattermost_nginx['listen_https'] = nil + +# mattermost_nginx['custom_gitlab_mattermost_server_config'] = "location ^~ /foo-namespace/bar-project/raw/ {\n deny all;\n}\n" +# mattermost_nginx['proxy_set_headers'] = { +# "Host" => "$http_host", +# "X-Real-IP" => "$remote_addr", +# "X-Forwarded-For" => "$proxy_add_x_forwarded_for", +# "X-Frame-Options" => "SAMEORIGIN", +# "X-Forwarded-Proto" => "https", +# "X-Forwarded-Ssl" => "on", +# "Upgrade" => "$http_upgrade", +# "Connection" => "$connection_upgrade" +# } +# mattermost_nginx['real_ip_trusted_addresses'] = [] +# mattermost_nginx['real_ip_header'] = nil +# mattermost_nginx['real_ip_recursive'] = nil + +### Advanced settings +# mattermost_nginx['dir'] = "/var/opt/gitlab/nginx" +# mattermost_nginx['log_directory'] = "/var/log/gitlab/nginx" +# mattermost_nginx['worker_processes'] = 4 +# mattermost_nginx['worker_connections'] = 10240 +# mattermost_nginx['sendfile'] = 'on' +# mattermost_nginx['tcp_nopush'] = 'on' +# mattermost_nginx['tcp_nodelay'] = 'on' +# mattermost_nginx['gzip'] = "on" +# mattermost_nginx['gzip_http_version'] = "1.0" +# mattermost_nginx['gzip_comp_level'] = "2" +# mattermost_nginx['gzip_proxied'] = "any" +# mattermost_nginx['gzip_types'] = [ "text/plain", "text/css", "application/x-javascript", "text/xml", "application/xml", "application/xml+rss", "text/javascript", "application/json" ] +# mattermost_nginx['keepalive_timeout'] = 65 +# mattermost_nginx['cache_max_size'] = '5000m' + +################################################################################ +## Registry NGINX +################################################################################ + +# registry_nginx['enable'] = false +# registry_nginx['redirect_http_to_https'] = false +# registry_nginx['redirect_http_to_https_port'] = 80 +# registry_nginx['ssl_ciphers'] = "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256" +# registry_nginx['ssl_prefer_server_ciphers'] = "on" +# registry_nginx['ssl_certificate'] = "/etc/gitlab/ssl/certificate.pem" +# registry_nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/certificate.key" + +##! **Override only if you use a reverse proxy** +##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#setting-the-nginx-listen-port +# registry_nginx['listen_port'] = nil + +##! **Override only if your reverse proxy internally communicates over HTTP** +##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#supporting-proxied-ssl +# registry_nginx['listen_https'] = nil + +# registry_nginx['proxy_set_headers'] = { +# "Host" => "$http_host", +# "X-Real-IP" => "$remote_addr", +# "X-Forwarded-For" => "$proxy_add_x_forwarded_for", +# "X-Forwarded-Proto" => "https", +# "X-Forwarded-Ssl" => "on" +# } + +##! Recommended by : https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html +##! https://cipherli.st/ +# registry_nginx['ssl_protocols'] = "TLSv1 TLSv1.1 TLSv1.2" + +##! Recommended in https://nginx.org/en/docs/http/ngx_http_ssl_module.html +# registry_nginx['ssl_session_cache'] = "builtin:1000 shared:SSL:10m" + +##! Default according to https://nginx.org/en/docs/http/ngx_http_ssl_module.html +# registry_nginx['ssl_session_timeout'] = "5m" + +##! Path to ci_dhparams.pem, eg. /etc/gitlab/ssl/ci_dhparams.pem +# registry_nginx['ssl_dhparam'] = nil + +# registry_nginx['listen_addresses'] = ['*', '[::]'] + +### Advanced settings +# registry_nginx['log_directory'] = "/var/log/gitlab/nginx" + +# registry_nginx['custom_gitlab_server_config'] = "location ^~ /foo-namespace/bar-project/raw/ {\n deny all;\n}\n" + +################################################################################ +## Prometheus +##! Docs: https://docs.gitlab.com/ce/administration/monitoring/performance/prometheus.html +################################################################################ + +# prometheus['enable'] = false +# prometheus['username'] = 'gitlab-prometheus' +# prometheus['uid'] = nil +# prometheus['gid'] = nil +# prometheus['shell'] = '/bin/sh' +# prometheus['home'] = '/var/opt/gitlab/prometheus' +# prometheus['log_directory'] = '/var/log/gitlab/prometheus' +# prometheus['scrape_interval'] = 15 +# prometheus['scrape_timeout'] = 15 +# prometheus['flags'] = { +# 'storage.local.path' => "#{node['gitlab']['prometheus']['home']}/data", +# 'storage.local.memory-chunks' => '50000', +# 'storage.local.max-chunks-to-persist' => '40000', +# 'config.file' => "#{node['gitlab']['prometheus']['home']}/prometheus.yml" +# } + +##! Advanced settings. Should be changed only if absolutely needed. +# prometheus['listen_address'] = 'localhost:9090' + +################################################################################ +## Prometheus Node Exporter +##! Docs: https://docs.gitlab.com/ce/administration/monitoring/performance/prometheus.html +################################################################################ + +# node_exporter['enable'] = false +# node_exporter['home'] = '/var/opt/gitlab/node-exporter' +# node_exporter['log_directory'] = '/var/log/gitlab/node-exporter' +# node_exporter['flags'] = { +# 'collector.textfile.directory' => "#{node['gitlab']['node-exporter']['home']}/textfile_collector" +# } + +##! Advanced settings. Should be changed only if absolutely needed. +# node_exporter['listen_address'] = 'localhost:9100' + +################################################################################ +## Prometheus Redis exporter +##! Docs: https://docs.gitlab.com/ce/administration/monitoring/performance/prometheus.html +################################################################################ + +# redis_exporter['enable'] = false +# redis_exporter['log_directory'] = "/var/log/gitlab/redis-exporter" +# redis_exporter['flags'] = { +# 'redis.addr' => "unix://#{node['gitlab']['gitlab-rails']['redis_socket']}", +# } + +##! Advanced settings. Should be changed only if absolutely needed. +# redis_exporter['listen_address'] = 'localhost:9121' + +################################################################################ +## Postgres exporter +##! Docs: https://docs.gitlab.com/ce/administration/monitoring/performance/prometheus.html +################################################################################ + +# postgres_exporter['enable'] = false +# postgres_exporter['log_directory'] = "/var/log/gitlab/postgres-exporter" +# postgres_exporter['flags'] = {} +# postgres_exporter['listen_address'] = 'localhost:9187' + +################################################################################ +## Gitlab monitor +##! Docs: https://docs.gitlab.com/ce/administration/monitoring/performance/prometheus.html +################################################################################ + + +# gitlab_monitor['enable'] = false +# gitlab_monitor['log_directory'] = "/var/log/gitlab/gitlab-monitor" +# gitlab_monitor['home'] = "/var/opt/gitlab/gitlab-monitor" + +##! Advanced settings. Should be changed only if absolutely needed. +# gitlab_monitor['listen_address'] = 'localhost:9168' + + +################################################################################ +################################################################################ +## Configuration Settings for GitLab EE only ## +################################################################################ +################################################################################ + + +################################################################################ +## Auxiliary cron jobs applicable to GitLab EE only +################################################################################ +# +# gitlab_rails['geo_bulk_notify_worker_cron'] = "*/10 * * * * *" +# gitlab_rails['ldap_sync_worker_cron'] = "30 1 * * *" +# gitlab_rails['historical_data_worker_cron'] = "0 12 * * *" + +################################################################################ +## Kerberos (EE Only) +##! Docs: https://docs.gitlab.com/ee/integration/kerberos.html#http-git-access +################################################################################ + +# gitlab_rails['kerberos_enabled'] = true +# gitlab_rails['kerberos_keytab'] = /etc/http.keytab +# gitlab_rails['kerberos_service_principal_name'] = HTTP/gitlab.example.com@EXAMPLE.COM +# gitlab_rails['kerberos_use_dedicated_port'] = true +# gitlab_rails['kerberos_port'] = 8443 +# gitlab_rails['kerberos_https'] = true + +################################################################################ +## GitLab Sentinel (EE Only) +##! Docs: http://docs.gitlab.com/ce/administration/high_availability/redis.html#high-availability-with-sentinel +################################################################################ + +##! **Make sure you configured all redis['master_*'] keys above before +##! continuing.** + +##! To enable Sentinel and disable all other services in this machine, +##! uncomment the line below (if you've enabled Redis role, it will keep it). +##! Docs: https://docs.gitlab.com/ce/administration/high_availability/redis.html +# redis_sentinel_role['enable'] = true + +# sentinel['enable'] = true + +##! Bind to all interfaces, uncomment to specify an IP and bind to a single one +# sentinel['bind'] = '0.0.0.0' + +##! Uncomment to change default port +# sentinel['port'] = 26379 + +##! Quorum must reflect the amount of voting sentinels it take to start a +##! failover. +##! **Value must NOT be greater then the amount of sentinels.** +##! The quorum can be used to tune Sentinel in two ways: +##! 1. If a the quorum is set to a value smaller than the majority of Sentinels +##! we deploy, we are basically making Sentinel more sensible to master +##! failures, triggering a failover as soon as even just a minority of +##! Sentinels is no longer able to talk with the master. +##! 2. If a quorum is set to a value greater than the majority of Sentinels, we +##! are making Sentinel able to failover only when there are a very large +##! number (larger than majority) of well connected Sentinels which agree +##! about the master being down. +# sentinel['quorum'] = 1 + +### Consider unresponsive server down after x amount of ms. +# sentinel['down_after_milliseconds'] = 10000 + +### Specifies the failover timeout in milliseconds. +##! It is used in many ways: +##! +##! - The time needed to re-start a failover after a previous failover was +##! already tried against the same master by a given Sentinel, is two +##! times the failover timeout. +##! +##! - The time needed for a slave replicating to a wrong master according +##! to a Sentinel current configuration, to be forced to replicate +##! with the right master, is exactly the failover timeout (counting since +##! the moment a Sentinel detected the misconfiguration). +##! +##! - The time needed to cancel a failover that is already in progress but +##! did not produced any configuration change (SLAVEOF NO ONE yet not +##! acknowledged by the promoted slave). +##! +##! - The maximum time a failover in progress waits for all the slaves to be +##! reconfigured as slaves of the new master. However even after this time +##! the slaves will be reconfigured by the Sentinels anyway, but not with +##! the exact parallel-syncs progression as specified. +# sentinel['failover_timeout'] = 60000 + +################################################################################ +## Logging (Additional, EE Only features) +##! Docs: http://docs.gitlab.com/omnibus/settings/logs.html#udp-log-shipping-gitlab-enterprise-edition-only- +################################################################################ + +##! remote host to ship log messages to via UDP +# logging['udp_log_shipping_host'] = nil + +##! remote port to ship log messages to via UDP +# logging['udp_log_shipping_port'] = 514 + +################################################################################ +## GitLab Sidekiq Cluster (EE only) +################################################################################ + +##! GitLab Enterprise Edition allows one to start an extra set of Sidekiq processes +##! besides the default one. These processes can be used to consume a dedicated set +##! of queues. This can be used to ensure certain queues always have dedicated +##! workers, no matter the amount of jobs that need to be processed. + +# sidekiq_cluster['enable'] = false +# sidekiq_cluster['ha'] = false +# sidekiq_cluster['log_directory'] = "/var/log/gitlab/sidekiq-cluster" +# sidekiq_cluster['interval'] = 5 # The number of seconds to wait between worker checks + +##! Each entry in the queue_groups array denotes a group of queues that have to be processed by a +##! Sidekiq process. Multiple queues can be processed by the same process by +##! separating them with a comma within the group entry + +# sidekiq_cluster['queue_groups'] = [ +# "process_commit,post_receive", +# "gitlab_shell" +# ] diff --git a/gitlab/parameters.env b/gitlab/parameters.env new file mode 100644 index 0000000..1f63a2f --- /dev/null +++ b/gitlab/parameters.env @@ -0,0 +1,12 @@ +LDAP_ENABLED=true +LDAP_LABEL="NashTech Global" +LDAP_HOST=nashtechglobal.local +LDAP_PORT=389 +LDAP_UID=sAMAccountName +LDAP_METHOD=plain +LDAP_BIND_DN="cn=admin,dc=nashtechglobal,dc=local" +LDAP_PASS=admin +LDAP_ACTIVE_DIRECTORY=false +LDAP_ALLOW_USERNAME_OR_EMAIL_LOGIN=true +LDAP_BLOCK_AUTO_CREATED_USERS=false +LDAP_BASE="dc=nashtechglobal,dc=local" \ No newline at end of file diff --git a/jenkins/.gitignore b/jenkins/.gitignore new file mode 100644 index 0000000..32858aa --- /dev/null +++ b/jenkins/.gitignore @@ -0,0 +1,12 @@ +*.class + +# Mobile Tools for Java (J2ME) +.mtj.tmp/ + +# Package Files # +*.jar +*.war +*.ear + +# virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml +hs_err_pid* diff --git a/jenkins/Dockerfile b/jenkins/Dockerfile new file mode 100644 index 0000000..9e0efe3 --- /dev/null +++ b/jenkins/Dockerfile @@ -0,0 +1,100 @@ +FROM jenkinsci/jenkins:lts + +USER root +RUN apt-get update \ + && apt-get install -y sudo curl\ + && rm -rf /var/lib/apt/lists/* +RUN echo "jenkins ALL=NOPASSWD: ALL" >> /etc/sudoers + +# getting the docker-cli +# --- Attention: docker.sock needs to be mounted as volume in docker-compose.yml +# see: https://issues.jenkins-ci.org/browse/JENKINS-35025 +# see: https://get.docker.com/builds/ +# see: https://wiki.jenkins-ci.org/display/JENKINS/CloudBees+Docker+Custom+Build+Environment+Plugin#CloudBeesDockerCustomBuildEnvironmentPlugin-DockerinDocker +RUN curl -sSL -O https://get.docker.com/builds/Linux/x86_64/docker-latest.tgz && tar -xvzf docker-latest.tgz +RUN mv docker/* /usr/bin/ + +# INSTALL DOCKER COMPOSE +RUN curl -L "https://github.com/docker/compose/releases/download/1.11.2/docker-compose-$(uname -s)-$(uname -m)" \ + -o /usr/local/bin/docker-compose +RUN chmod +x /usr/local/bin/docker-compose + +# ENABLE JENKINS TO RUN DOCKER (ON MAC) +RUN usermod -a -G staff jenkins +USER jenkins + +# installing specific list of plugins. see: https://github.com/jenkinsci/docker#preinstalling-plugins +# COPY plugins.txt /var/jenkins_home/plugins.txt +# RUN /usr/local/bin/plugins.sh /var/jenkins_home/plugins.txt +RUN /usr/local/bin/install-plugins.sh blueocean:1.0.1 +# Adding default Jenkins Jobs +# COPY jobs/1-github-seed-job.xml /usr/share/jenkins/ref/jobs/1-github-seed-job/config.xml +# COPY jobs/2-job-dsl-seed-job.xml /usr/share/jenkins/ref/jobs/2-job-dsl-seed-job/config.xml +# COPY jobs/3-conference-app-seed-job.xml /usr/share/jenkins/ref/jobs/3-conference-app-seed-job/config.xml +# COPY jobs/4-selenium2-seed-job.xml /usr/share/jenkins/ref/jobs/4-selenium2-seed-job/config.xml +# COPY jobs/5-docker-admin-seed-job.xml /usr/share/jenkins/ref/jobs/5-docker-admin-seed-job/config.xml +COPY jobs/6-stepone-dotnetcore-job.xml /usr/share/jenkins/ref/jobs/stepone-dotnetcore/config.xml +############################################ +# Configure Jenkins +############################################ +# Jenkins settings +COPY config/config.xml /usr/share/jenkins/ref/config.xml + +# Jenkins Settings, i.e. Maven, Groovy, ... +COPY config/hudson.tasks.Maven.xml /usr/share/jenkins/ref/hudson.tasks.Maven.xml +COPY config/hudson.plugins.groovy.Groovy.xml /usr/share/jenkins/ref/hudson.plugins.groovy.Groovy.xml +COPY config/maven-global-settings-files.xml /usr/share/jenkins/ref/maven-global-settings-files.xml + +# SSH Keys & Credentials +COPY config/credentials.xml /usr/share/jenkins/ref/credentials.xml +COPY config/ssh-keys/cd-demo /usr/share/jenkins/ref/.ssh/id_rsa +COPY config/ssh-keys/cd-demo.pub /usr/share/jenkins/ref/.ssh/id_rsa.pub + +# tell Jenkins that no banner prompt for pipeline plugins is needed +# see: https://github.com/jenkinsci/docker#preinstalling-plugins +RUN echo 2.0 > /usr/share/jenkins/ref/jenkins.install.UpgradeWizard.state + + +# dotnet +USER root +# Install .NET CLI dependencies +RUN apt-get update \ + && apt-get install -y --no-install-recommends \ + libc6 \ + libcurl3 \ + libgcc1 \ + libgssapi-krb5-2 \ + libicu52 \ + liblttng-ust0 \ + libssl1.0.0 \ + libstdc++6 \ + libunwind8 \ + libuuid1 \ + zlib1g \ + && rm -rf /var/lib/apt/lists/* + +# Install .NET Core SDK +ENV DOTNET_SDK_VERSION 1.0.1 +ENV DOTNET_SDK_DOWNLOAD_URL https://dotnetcli.blob.core.windows.net/dotnet/Sdk/$DOTNET_SDK_VERSION/dotnet-dev-debian-x64.$DOTNET_SDK_VERSION.tar.gz + +RUN curl -SL $DOTNET_SDK_DOWNLOAD_URL --output dotnet.tar.gz \ + && mkdir -p /usr/share/dotnet \ + && tar -zxf dotnet.tar.gz -C /usr/share/dotnet \ + && rm dotnet.tar.gz \ + && ln -s /usr/share/dotnet/dotnet /usr/bin/dotnet + +# Trigger the population of the local package cache +ENV NUGET_XMLDOC_MODE skip +RUN mkdir warmup \ + && cd warmup \ + && dotnet new \ + && cd .. \ + && rm -rf warmup \ + && rm -rf /tmp/NuGetScratch + +# Install nodejs & npm +RUN curl -sL https://deb.nodesource.com/setup_7.x | bash - +RUN apt-get -y install nodejs && npm install -g gulp-cli + + +USER jenkins \ No newline at end of file diff --git a/jenkins/LICENSE b/jenkins/LICENSE new file mode 100644 index 0000000..1127853 --- /dev/null +++ b/jenkins/LICENSE @@ -0,0 +1,22 @@ +The MIT License (MIT) + +Copyright (c) 2015 Marcel Birkner + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + diff --git a/jenkins/README.md b/jenkins/README.md new file mode 100644 index 0000000..963a58c --- /dev/null +++ b/jenkins/README.md @@ -0,0 +1,31 @@ +## Jenkins Docker Container + +Usage: +``` +$ docker build -t jenkins . +$ docker run -d -p=8080:8080 jenkins +``` + +Once Jenkins is up and running go to http://192.168.59.103:8080 + +## Update Plugins + +Install and update all plugins via the Jenkins Plugin Manager. +* http:///pluginManager/ + +After that use the Script Console to output all plugins including the version in the correct format for the **plugin.txt**. +* http:///script + +```shell +def plugins = jenkins.model.Jenkins.instance.pluginManager.plugins +plugins.sort{it} +plugins.each { + println it.shortName + ':' + it.getVersion() +} +``` + +More example scripts can be found in the **groovy** folder. + +### Links + +- Job DSL API https://jenkinsci.github.io/job-dsl-plugin/ diff --git a/jenkins/config/config.xml b/jenkins/config/config.xml new file mode 100644 index 0000000..db0e918 --- /dev/null +++ b/jenkins/config/config.xml @@ -0,0 +1,66 @@ + + + + OldData + jenkins.diagnostics.SecurityIsOffMonitor + + 1.625.3 + 2 + NORMAL + true + + + false + + ${ITEM_ROOTDIR}/workspace + ${ITEM_ROOTDIR}/builds + + + JDK 8 + /usr/lib/jvm/java-8-openjdk-amd64 + + + + + + + 5 + 0 + + + + All + false + false + + + + + Seed Jobs + + true + true + + + + + + + + + + + + + + + .*seed-job.* + false + + + All + 50000 + + + + diff --git a/jenkins/config/credentials.xml b/jenkins/config/credentials.xml new file mode 100644 index 0000000..1d421f9 --- /dev/null +++ b/jenkins/config/credentials.xml @@ -0,0 +1,27 @@ + + + + + + + + + + GLOBAL + nexus + Nexus Admin User + admin + 5EyCZAqQFDCQH2wg8s5K77WPVYSj3Xha5tunegtXnCk= + + + GLOBAL + 50ff7d29-65eb-4396-9476-f823734a25af + + admin + lMNOKgKXWKJwk6oT/wZiww== + + + + + + diff --git a/jenkins/config/hudson.plugins.groovy.Groovy.xml b/jenkins/config/hudson.plugins.groovy.Groovy.xml new file mode 100644 index 0000000..da0f2d9 --- /dev/null +++ b/jenkins/config/hudson.plugins.groovy.Groovy.xml @@ -0,0 +1,15 @@ + + + + 0 + + false + + + + Groovy 2.4.3 + /usr/share/groovy-2.4.3 + + + + diff --git a/jenkins/config/hudson.tasks.Maven.xml b/jenkins/config/hudson.tasks.Maven.xml new file mode 100644 index 0000000..26122fc --- /dev/null +++ b/jenkins/config/hudson.tasks.Maven.xml @@ -0,0 +1,17 @@ + + + + + Maven 3.3.3 + + + + + 3.3.3 + + + + + + + diff --git a/jenkins/config/maven-global-settings-files.xml b/jenkins/config/maven-global-settings-files.xml new file mode 100644 index 0000000..36e55c4 --- /dev/null +++ b/jenkins/config/maven-global-settings-files.xml @@ -0,0 +1,76 @@ + + + + + org.jenkinsci.plugins.configfiles.maven.GlobalMavenSettingsConfig1435422191538 + + org.jenkinsci.plugins.configfiles.maven.GlobalMavenSettingsConfig1435422191538 + MyGlobalSettings + global settings + <?xml version="1.0" encoding="UTF-8" standalone="no"?> +<settings xmlns="http://maven.apache.org/SETTINGS/1.1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.1.0 http://maven.apache.org/xsd/settings-1.1.0.xsd"> + <mirrors> + <mirror> + <!--This sends everything else to /public --> + <id>nexus</id> + <mirrorOf>*</mirrorOf> + <url>http://nexus:8081/content/groups/public</url> + </mirror> + </mirrors> + <servers> + <server> + <id>nexus-release-repository</id> + <username>admin</username> + <password>admin123</password> + </server> + </servers> + <profiles> + <profile> + <id>sonar</id> + <activation> + <activeByDefault>true</activeByDefault> + </activation> + <properties> + <sonar.jdbc.url> + jdbc:postgresql://sonardb:5432/sonar + </sonar.jdbc.url> + <sonar.jdbc.username>sonar</sonar.jdbc.username> + <sonar.jdbc.password>sonar</sonar.jdbc.password> + <!-- Optional URL to server. Default value is http://localhost:9000 --> + <sonar.host.url>http://sonar:9000</sonar.host.url> + </properties> + </profile> + <profile> + <id>nexus</id> + <!--Enable snapshots for the built in central repo to direct --> + <!--all requests to nexus via the mirror --> + <repositories> + <repository> + <id>central</id> + <url>http://central</url> + <releases><enabled>true</enabled></releases> + <snapshots><enabled>true</enabled></snapshots> + </repository> + </repositories> + <pluginRepositories> + <pluginRepository> + <id>central</id> + <url>http://central</url> + <releases><enabled>true</enabled></releases> + <snapshots><enabled>true</enabled></snapshots> + </pluginRepository> + </pluginRepositories> + </profile> + </profiles> + <activeProfiles> + <!--make the profile active all the time --> + <activeProfile>nexus</activeProfile> + </activeProfiles> +</settings> + + + true + + + + diff --git a/jenkins/config/settings.xml b/jenkins/config/settings.xml new file mode 100644 index 0000000..91c5f9b --- /dev/null +++ b/jenkins/config/settings.xml @@ -0,0 +1,64 @@ + + + + + + nexus-release-repository + admin + admin123 + + + + + + + nexus + * + http://nexus:8081/content/groups/public + + + + + + sonar + + true + + + + jdbc:postgresql://sonardb:5432/sonar + + sonar + sonar + org.postgresql.Driver + + http://sonar:9000 + + + + nexus + + + + + central + http://central + true + true + + + + + central + http://central + true + true + + + + + + + nexus + + diff --git a/jenkins/config/ssh-keys/cd-demo b/jenkins/config/ssh-keys/cd-demo new file mode 100644 index 0000000..81896b8 --- /dev/null +++ b/jenkins/config/ssh-keys/cd-demo @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJKQIBAAKCAgEAyTrxZw5R3GhMWjPA51RztVe9hdEuiWPXK/wjoBjaiMgvgc1M +T2lxjvEaXc1xvsZPGp4MoAK9d2dDd7rqdG1jXh4FoWkYa5JtjJPBdwavIviFSanJ +Mkt8GsQnzHGWFeZ0OXQMnlNfIW20N+jCLkvSc6qxcgYtmZ9f6SVa0wd7zQhOq5EA +ahDUDfjDEX5/bPBBjuKOlqx7bfB9ANx8QidYQ4ywCpVKgOdbhQ00ouamuxBb4wVj +3J9oANPXw221c7VMS3zwFpZTi+mY6RsGtJS3WEfhW8W7+sMcqc998RLN1qY/tPG5 +Hqd0F9sCW3MO8b7KzJielBZ905r9bM2MeNW27TXS35URW41VQrsI3Jf9onPnu06e +ysWxg36Oy+Z+HvzS7dFgR/L9SVAIduQXrvx7muzs4dRthiv9fhzo+bahecq2q4RC +fvgOfkoubVInkKmxpbyeJdBxo9bnieqS1GajBBACHR4hf6MsgPnC5qGkdPNwnE3m +U9oxzencNtppQrny13C6B4o+b5kkstTVXsxHxaJ1qlAOVDlnpZZyjBsp/b2JEfE5 +mtrRHdu6f0sCC39fQSJFY+8g7CRwzCTqtNb6TXTxt3Yh4O2uIheGgOZ869l2kIZp +trNulWSwmlM0FQsL2ZJDyuN/MJ6lKxRINofEzNTwnjo8n0zJ9GP3ucAKz0ECAwEA +AQKCAgBMKplQ7qShjoDH66rqZJbfXvSHgCPjMP0y0t8RLBcbitoggXqO3FR1TGE0 +fBy/nwQ2CPiyYBci6N0qpn8zzmu8JhTvgX4SyXvZp9ukl80WqYaZ2UAkX1n8L574 +zU2HwJDhZkGYc+ogFwwN1XYaW+yuhz9e72O3MBH3h4IXOk/rzWcpnVrQysnY9/2t +03mb3FyUHsDl2ydk94/5EXue9pF8D/ZaKyPmIqwLcnIn7rHRQGHnThT8XwHYvlZ+ +zDnQMCFOuV2OzxuUa7jLEsW4+Ellit+MAw4h3lQtGjKLWxi6VHbsoEn3hl504RrF +TomrixHr2yC64MCDpbiixDKVUh9Igcph7vwYGvWHg5zPdN3xC5aTWj3x8TtrxoE5 +vK4UorBMFtmEu+SqSrNQar1tVXaDdjmSEbdNgVMKhAuQCIZSy+VdOKTWLB2+/Rkp +x9v3FUJ1dXVN4hdlsOx04aN0xWwMlQ1SoUZrd9vyM/iSZIpB3d7BFLtnpdoc1ZSh +w0cebolPgRIhvACmZk5CD5MpDnxXaydVo6R5J8IMQzckdHTAi2eMCFbSxAfl2ScZ +oIjjyPuRgNdR/5Io/ocd5q+zztwqSZr9/SB59YemfFyn4lLnzpE9yCGrXF+35k/d +LhirSwVbaW+i73QGqeBDjs/ron2XJhhHlcIo1A7LajhqyGqlIQKCAQEA8yze1Jyv +/1AMdTtoW6uGksvPyH+5pFkOVkaVm4+OZX1Hwpc7UAjJls5W3mNpqnDDjxv/QgRR +3sZ1bNBqdKUXci4zmYN1TEi/6DWsu0DCT74bTYTWEm6L+bxQtD2Nf9TToYIOXYBZ +f4/XgR3Yy1hKiX6TAmxj8x3ikhMLrmhlk9T/iQz87if4t/6P44ZfBGrzmBLyUBp0 +E4zhJosOXfr5s5pFWGF95TXSwJLHt81JrKsHVHS98Z5cJLqRr9ophiIMXSPs/fYF +TKmDgUgaqKRgF1mu0F3bD6zvLnZqQmISvuhPoqRqy32mzJZH4MdOwqPzksjMfeQ0 +lxo1JbNzPB5JrQKCAQEA09fE7CaTvuuyJKauR3O2Rcuz3pztwvGowi97j+R/3Vtm +NLSUH+q2rJluCqOH5X9N3+vBaRiHqSlKC0iMFAmEsFWunQPIIO1HYifn8JCqN+ug +zwwROro3DESneJWmQAY/ckH5rDSdhNqU9K8kseb2dhNRr2k29CqIqlocVSFQLhtj +BAoO8VkrU5zQTRUzPYSLIEw2eQGNQStzFMi4VzApSu2BMx7geZKwC9natVbvFpif +9/QpVclPqAgAEXrbSmfA5jaF9qZDeDdqLm68cglmXRwSt6QqwMPwAAdV65D/reeT +HNrgjAO0UdT01mFnYkphYjHqZnwjj5FpVBB/4up2ZQKCAQEA575DPWt1bmLi/HX5 +JiN4xDznb7QJPs6AE0iBGxbcJWwXDyMAq200cDuEHbuv33ZHaALOaCOlwiBvl5un +WDJc/bt6ATp+dox+FtXQH0O/6i7J5j5JpJclXoJQhvSB/OjeJnTDK+g9You6XJoN +GPyzTAUMJKsXNYGtgngUEcn7w76hKALwqCX/qZk3lyVfN96U9sBXnG8ZX+hKSWkL +8BRWEwtaOrfuOpnolw1Kt6c0JxF2ks4OlkzMk1QZsvS9zc506e5q1Du5IS4K3RHS +FhVQXfBh4MERGwc7iZPgABNmufi6q8z02aiNZTtylIxcSrHkVmZ2OyNX2whmzd8O +WqSioQKCAQEArdiGPB20ZZtayAUZRH3K+SAf7fHulGpoyWLaDc3AuNFG4L3ISSD+ +5EnNKmHlJgsAx1/bivmcas/9eaEBg3gEMgk+kJAH7i2KxRxmlN7DMbzmbMNEaGNk +xWaZ4LU+h5AZBRTrZcyP7/TJBLuua2hUnbVg9YhslpdJLDNiyOHbwNqsuSXf+WPp +0GYB8yAQus1ItyqUEV2ao/6aJFZMIRDe8iRSQLd4E4yzeCZB+0rqTirWLE9slH/u +JMDb/XxK9ZaLkODxsuXivIcNVil98D+Sh5qAKcBJbYPeMsfSVMzbZcWCzs04NO7d +TcJrYnrwspLDtCeuaog5TppQS7J2oKs0mQKCAQBeSZKl95rcYFpbaDbpnMcyilkm +BjH5eOF96eL6ISyuKzyeucWGsA8wNJ0kMYTcDO/0EYaDkF2k1SYPBMhvIp/njulZ +nM/oli9drT9L0Ygymjl7XhKcIIc4T756wLHec3bngCkb5yPFLbndDSucUXfk+wdJ +MbTsAlx9FJ2Nwv6No3bDG217ez38C13PjdR0Vijzc3WFUnj86dAIatcz7RJjrFOV +Gy8VZDd8Fh+PC0FoA3t9YObpgbZoSslZl/7i9pMjq+ONfuQKsasWJIAOQJyjqU/M +WWoElOsO0pHOmrQM1LeGAoPTqYML5HmCq4hbgNMt30P0ctfPjsfQO5y14o0j +-----END RSA PRIVATE KEY----- diff --git a/jenkins/config/ssh-keys/cd-demo.pub b/jenkins/config/ssh-keys/cd-demo.pub new file mode 100644 index 0000000..2d73a83 --- /dev/null +++ b/jenkins/config/ssh-keys/cd-demo.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDJOvFnDlHcaExaM8DnVHO1V72F0S6JY9cr/COgGNqIyC+BzUxPaXGO8RpdzXG+xk8angygAr13Z0N3uup0bWNeHgWhaRhrkm2Mk8F3Bq8i+IVJqckyS3waxCfMcZYV5nQ5dAyeU18hbbQ36MIuS9JzqrFyBi2Zn1/pJVrTB3vNCE6rkQBqENQN+MMRfn9s8EGO4o6WrHtt8H0A3HxCJ1hDjLAKlUqA51uFDTSi5qa7EFvjBWPcn2gA09fDbbVztUxLfPAWllOL6ZjpGwa0lLdYR+Fbxbv6wxypz33xEs3Wpj+08bkep3QX2wJbcw7xvsrMmJ6UFn3Tmv1szYx41bbtNdLflRFbjVVCuwjcl/2ic+e7Tp7KxbGDfo7L5n4e/NLt0WBH8v1JUAh25Beu/Hua7Ozh1G2GK/1+HOj5tqF5yrarhEJ++A5+Si5tUieQqbGlvJ4l0HGj1ueJ6pLUZqMEEAIdHiF/oyyA+cLmoaR083CcTeZT2jHN6dw22mlCufLXcLoHij5vmSSy1NVezEfFonWqUA5UOWellnKMGyn9vYkR8Tma2tEd27p/SwILf19BIkVj7yDsJHDMJOq01vpNdPG3diHg7a4iF4aA5nzr2XaQhmm2s26VZLCaUzQVCwvZkkPK438wnqUrFEg2h8TM1PCeOjyfTMn0Y/e5wArPQQ== cd-demo@email.com diff --git a/jenkins/groovy/generatePluginTxt.groovy b/jenkins/groovy/generatePluginTxt.groovy new file mode 100644 index 0000000..cae19e8 --- /dev/null +++ b/jenkins/groovy/generatePluginTxt.groovy @@ -0,0 +1,22 @@ +/** + * This script prints a sorted list of all installed plugins incl. the version. + * The output can be used to update the plugins.txt + * + * 1. Update all Plugins via Jenkins UI or upgradeAllPlugins.groovy script + * 2. Run this script using the Script Console (via http:///script) + * 3. Replace plugins.txt with output from step 2 + */ + +import jenkins.model.Jenkins; + +pm = Jenkins.instance.pluginManager + +def pluginList = [] +pm.plugins.each { plugin -> + pluginList.add("${plugin.shortName}:${plugin.version}") +} + +Collections.sort(pluginList) +pluginList.each { + println it +} diff --git a/jenkins/groovy/upgradeAllPlugins.groovy b/jenkins/groovy/upgradeAllPlugins.groovy new file mode 100644 index 0000000..859b7c5 --- /dev/null +++ b/jenkins/groovy/upgradeAllPlugins.groovy @@ -0,0 +1,22 @@ +/** + * This script prints updates all installed Jenkins Plugins with the latest version. + * + * Run this script using the Script Console (via http:///script) + */ + +import jenkins.model.Jenkins; + +pm = Jenkins.instance.pluginManager + +uc = Jenkins.instance.updateCenter +updated = false +pm.plugins.each { plugin -> + if (uc.getPlugin(plugin.shortName).version != plugin.version) { + update = uc.getPlugin(plugin.shortName).deploy(true) + update.get() + updated = true + } +} +if (updated) { + Jenkins.instance.restart() +} diff --git a/jenkins/jobs/1-github-seed-job.xml b/jenkins/jobs/1-github-seed-job.xml new file mode 100644 index 0000000..ee23492 --- /dev/null +++ b/jenkins/jobs/1-github-seed-job.xml @@ -0,0 +1,57 @@ + + + + Generates for all @MarcelBirkner GitHub Repositories a Jenkins Job using Groovy JSON Slurper and GitHub REST API + + -1 + 10 + -1 + -1 + + false + + + false + false + + + + 2 + + + https://github.com/marcelbirkner/docker-ci-tool-stack + + + + + */master + + + false + + + + true + false + false + false + + + H 11 * * * + + + false + + + jenkins/seedjobs/githubSeedJobs.groovy + false + false + DELETE + DELETE + JENKINS_ROOT + + + + + + diff --git a/jenkins/jobs/2-job-dsl-seed-job.xml b/jenkins/jobs/2-job-dsl-seed-job.xml new file mode 100644 index 0000000..a1a5e2c --- /dev/null +++ b/jenkins/jobs/2-job-dsl-seed-job.xml @@ -0,0 +1,57 @@ + + + + + + -1 + 10 + -1 + -1 + + false + + + false + false + + + + 2 + + + https://github.com/marcelbirkner/docker-ci-tool-stack + + + + + */master + + + false + + + + true + false + false + false + + + H 12 * * * + + + false + + + jenkins/seedjobs/jobDslSeedJob.groovy + false + false + DELETE + DELETE + JENKINS_ROOT + + + + + + diff --git a/jenkins/jobs/3-conference-app-seed-job.xml b/jenkins/jobs/3-conference-app-seed-job.xml new file mode 100644 index 0000000..20dd561 --- /dev/null +++ b/jenkins/jobs/3-conference-app-seed-job.xml @@ -0,0 +1,60 @@ + + + + + + -1 + 10 + -1 + -1 + + false + + + https://github.com/codecentric/conference-app/ + + + false + false + + + + 2 + + + https://github.com/marcelbirkner/docker-ci-tool-stack/ + + + + + */master + + + false + + + + true + false + false + false + + + H 9 * * * + + + false + + + jenkins/seedjobs/conferenceAppSeedJob.groovy + false + false + DELETE + DELETE + JENKINS_ROOT + + + + + + diff --git a/jenkins/jobs/4-selenium2-seed-job.xml b/jenkins/jobs/4-selenium2-seed-job.xml new file mode 100644 index 0000000..18b77ca --- /dev/null +++ b/jenkins/jobs/4-selenium2-seed-job.xml @@ -0,0 +1,63 @@ + + + + + + -1 + 10 + -1 + -1 + + false + + + https://github.com/marcelbirkner/selenium2-maven-project/ + + + false + false + + + + 2 + + + https://github.com/marcelbirkner/docker-ci-tool-stack/ + + + + + */master + + + false + + + + true + false + false + false + + + H/5 * * * * + + + + + + false + + + jenkins/seedjobs/selenium2MavenProjectSeedJob.groovy + false + false + DELETE + DELETE + JENKINS_ROOT + + + + + + diff --git a/jenkins/jobs/5-docker-admin-seed-job.xml b/jenkins/jobs/5-docker-admin-seed-job.xml new file mode 100644 index 0000000..730f110 --- /dev/null +++ b/jenkins/jobs/5-docker-admin-seed-job.xml @@ -0,0 +1,60 @@ + + + + + + -1 + 10 + -1 + -1 + + false + + + https://github.com/marcelbirkner/docker-ci-tool-stack/ + + + false + false + + + + 2 + + + https://github.com/marcelbirkner/docker-ci-tool-stack/ + + + + + */master + + + false + + + + true + false + false + false + + + H 9 * * * + + + false + + + jenkins/seedjobs/dockerAdminSeedJob.groovy + false + false + DELETE + DELETE + JENKINS_ROOT + + + + + + diff --git a/jenkins/jobs/6-stepone-dotnetcore-job.xml b/jenkins/jobs/6-stepone-dotnetcore-job.xml new file mode 100644 index 0000000..3bc3ee7 --- /dev/null +++ b/jenkins/jobs/6-stepone-dotnetcore-job.xml @@ -0,0 +1,78 @@ + + + + + false + + + Gitlab connection + + + false + false + + + + 2 + + + http://git.nashtechglobal.com/stepone/dotnetcore.git + aadb3845-4420-4011-9103-a142c5e4f1b4 + + + + + */master + + + false + + + + true + false + false + false + + + + true + true + never + true + Jenkins please retry a build + true + true + true + All + + + + {AQAAABAAAAAwBCkXjPWJoopi7VtExpSOGGmBxRUHXFlRXjqWxgvXzeJbZcUmMApSqZaah+Cn8h6a3JwYQ3WP24warjsPORRO0A==} + + + false + + + # Write build info to the project + +echo { "\""buildId"\"": $BUILD_ID,"\""buildDate"\"": "\""$(date +'%Y-%m-%d %H:%M:%S')"\"","\""branch"\"": "\""$GIT_BRANCH"\"" } >> buildInfo.json + +# Deploy + +./deploy.sh + + + + + + false + true + + + jenkins + false + + + + \ No newline at end of file diff --git a/jenkins/plugins.txt b/jenkins/plugins.txt new file mode 100644 index 0000000..6f08d7c --- /dev/null +++ b/jenkins/plugins.txt @@ -0,0 +1,61 @@ +gitlab-plugin:1.4.5 +ansicolor:0.4.2 +ant:1.4 +antisamy-markup-formatter:1.5 +authentication-tokens:1.3 +build-pipeline-plugin:1.5.4 +chucknorris:1.0 +clone-workspace-scm:0.6 +cloudbees-credentials:3.3 +cloudbees-folder:5.12 +conditional-buildstep:1.3.5 +config-file-provider:2.11 +credentials:2.1.4 +dashboard-view:2.9.10 +docker-build-publish:1.3.1 +docker-commons:1.4.0 +external-monitor-job:1.6 +git:3.2.0 +git-client:1.21.0 +github:1.21.1 +github-api:1.77 +groovy:1.29 +icon-shim:2.0.3 +javadoc:1.4 +job-dsl:1.50 +jobConfigHistory:2.15 +jquery:1.11.2-0 +junit:1.18 +ldap:1.12 +mailer:1.20 +matrix-auth:1.4 +matrix-project:1.7.1 +maven-plugin:2.13 +pam-auth:1.3 +parameterized-trigger:2.32 +plain-credentials:1.2 +plugin-usage-plugin:0.3 +rebuild:1.25 +run-condition:1.0 +scm-api:1.2 +script-security:1.22 +ssh-credentials:1.12 +structs:1.4 +token-macro:1.12.1 +windows-slaves:1.2 +workflow-scm-step:2.2 +workflow-step-api:2.3 +ws-cleanup:0.30 +xunit:1.102 +xvfb:1.1.3 +blueocean:1.0.1 +pipeline-input-step:2.5 +workflow-job:2.10 +workflow-basic-steps:2.3 +workflow-durable-task-step:2.8 +workflow-api:2.13 +workflow-cps:2.24 +workflow-support:2.14 +workflow-cps-global-lib:2.5 +workflow-multibranch:2.9.2 +pipeline-stage-view:2.6 \ No newline at end of file diff --git a/jenkins/seedjobs/conferenceAppSeedJob.groovy b/jenkins/seedjobs/conferenceAppSeedJob.groovy new file mode 100644 index 0000000..c4c8a8a --- /dev/null +++ b/jenkins/seedjobs/conferenceAppSeedJob.groovy @@ -0,0 +1,221 @@ +def gitUrl = 'https://github.com/codecentric/conference-app' + +createCiJob("conference-app", gitUrl, "app/pom.xml") +createSonarJob("conference-app", gitUrl, "app/pom.xml") +createDockerBuildJob("conference-app", "app") +createDockerStartJob("conference-app", "app", "48080") +createDockerStopJob("conference-app", "app") + +createCiJob("conference-app-monitoring", gitUrl, "monitoring/pom.xml") +createSonarJob("conference-app-monitoring", gitUrl, "monitoring/pom.xml") +createDockerBuildJob("conference-app-monitoring", "monitoring") +createDockerStartJob("conference-app-monitoring", "monitoring", "58080") +createDockerStopJob("conference-app-monitoring", "monitoring") + +def createCiJob(def jobName, def gitUrl, def pomFile) { + job("${jobName}-1-ci") { + parameters { + stringParam("BRANCH", "master", "Define TAG or BRANCH to build from") + stringParam("REPOSITORY_URL", "http://nexus:8081/content/repositories/releases/", "Nexus Release Repository URL") + } + scm { + git { + remote { + url(gitUrl) + } + extensions { + cleanAfterCheckout() + } + } + } + wrappers { + colorizeOutput() + preBuildCleanup() + } + triggers { + scm('30/H * * * *') + githubPush() + } + steps { + maven { + goals('clean versions:set -DnewVersion=DEV-\${BUILD_NUMBER}') + mavenInstallation('Maven 3.3.3') + rootPOM( pomFile ) + mavenOpts('-Xms512m -Xmx1024m') + providedGlobalSettings('MyGlobalSettings') + } + maven { + goals('clean deploy') + mavenInstallation('Maven 3.3.3') + rootPOM(pomFile) + mavenOpts('-Xms512m -Xmx1024m') + providedGlobalSettings('MyGlobalSettings') + } + } + publishers { + chucknorris() + archiveXUnit { + jUnit { + pattern('**/target/surefire-reports/*.xml') + skipNoTestFiles(true) + stopProcessingIfError(true) + } + } + publishCloneWorkspace('**', '', 'Any', 'TAR', true, null) + downstreamParameterized { + trigger("${jobName}-2-sonar") { + parameters { + currentBuild() + } + } + } + } + } +} + +def createSonarJob(def jobName, def gitUrl, def pomFile) { + job("${jobName}-2-sonar") { + parameters { + stringParam("BRANCH", "master", "Define TAG or BRANCH to build from") + } + scm { + cloneWorkspace("${jobName}-1-ci") + } + wrappers { + colorizeOutput() + preBuildCleanup() + } + steps { + maven { + goals('org.jacoco:jacoco-maven-plugin:0.7.4.201502262128:prepare-agent install -Psonar') + mavenInstallation('Maven 3.3.3') + rootPOM(pomFile) + mavenOpts('-Xms512m -Xmx1024m') + providedGlobalSettings('MyGlobalSettings') + } + maven { + goals('sonar:sonar -Psonar') + mavenInstallation('Maven 3.3.3') + rootPOM(pomFile) + mavenOpts('-Xms512m -Xmx1024m') + providedGlobalSettings('MyGlobalSettings') + } + } + publishers { + chucknorris() + downstreamParameterized { + trigger("${jobName}-3-docker-build") { + parameters { + currentBuild() + } + } + } + } + } +} + +def createDockerBuildJob(def jobName, def folder) { + + println "############################################################################################################" + println "Creating Docker Build Job for ${jobName} " + println "############################################################################################################" + + job("${jobName}-3-docker-build") { + logRotator { + numToKeep(10) + } + scm { + cloneWorkspace("${jobName}-1-ci") + } + steps { + steps { + shell("cd ${folder} && sudo /usr/bin/docker build -t conference-${folder} .") + } + } + publishers { + chucknorris() + downstreamParameterized { + trigger("${jobName}-4-docker-start-container") { + parameters { + currentBuild() + } + } + } + } + } +} + +def createDockerStartJob(def jobName, def folder, def port) { + + println "############################################################################################################" + println "Creating Docker Start Job for ${jobName} " + println "############################################################################################################" + + job("${jobName}-4-docker-start-container") { + logRotator { + numToKeep(10) + } + steps { + steps { + shell('echo "Stopping Docker Container first"') + shell("sudo /usr/bin/docker stop \$(sudo /usr/bin/docker ps -a -q --filter=\"name=conference-${folder}\") | true ") + shell("sudo /usr/bin/docker rm \$(sudo /usr/bin/docker ps -a -q --filter=\"name=conference-${folder}\") | true ") + shell('echo "Starting Docker Container"') + shell("sudo /usr/bin/docker run -d --name conference-${folder} -p=${port}:8080 conference-${folder}") + } + } + publishers { + chucknorris() + } + } +} + +def createDockerStopJob(def jobName, def folder) { + + println "############################################################################################################" + println "Creating Docker Stop Job for ${jobName} " + println "############################################################################################################" + + job("${jobName}-5-docker-stop-container") { + logRotator { + numToKeep(10) + } + steps { + steps { + shell("sudo /usr/bin/docker stop \$(sudo /usr/bin/docker ps -a -q --filter=\"name=conference-${folder}\")") + shell("sudo /usr/bin/docker rm \$(sudo /usr/bin/docker ps -a -q --filter=\"name=conference-${folder}\")") + } + } + publishers { + chucknorris() + } + } +} + +buildPipelineView('Pipeline') { + filterBuildQueue() + filterExecutors() + title('Conference App CI Pipeline') + displayedBuilds(5) + selectedJob("conference-app-1-ci") + alwaysAllowManualTrigger() + refreshFrequency(60) +} + +listView('Conference App') { + description('') + filterBuildQueue() + filterExecutors() + jobs { + regex(/conference-app-.*/) + } + columns { + status() + buildButton() + weather() + name() + lastSuccess() + lastFailure() + lastDuration() + } +} diff --git a/jenkins/seedjobs/dockerAdminSeedJob.groovy b/jenkins/seedjobs/dockerAdminSeedJob.groovy new file mode 100644 index 0000000..be65bda --- /dev/null +++ b/jenkins/seedjobs/dockerAdminSeedJob.groovy @@ -0,0 +1,70 @@ +def gitUrl="https://github.com/marcelbirkner/docker-ci-tool-stack" + +createDockerJob("docker-admin-version", "sudo /usr/bin/docker version", "") +createDockerJob("docker-admin-list-running-container", "sudo /usr/bin/docker ps", "") +createDockerJob("docker-admin-list-images", "sudo /usr/bin/docker images", "") +createDockerJob("docker-admin-build-jenkins-container", "cd jenkins && sudo /usr/bin/docker build -t jenkins .", gitUrl) +createDockerJob("docker-admin-start-jenkins-container", "sudo /usr/bin/docker run -d --name did_jenkins -p=28080:8080 jenkins", gitUrl) +createDockerJob("docker-admin-stop-jenkins-container", 'sudo /usr/bin/docker stop \$(sudo /usr/bin/docker ps -a -q --filter="name=did_jenkins") && sudo /usr/bin/docker rm \$(sudo /usr/bin/docker ps -a -q --filter="name=did_jenkins")', "") + +def conferenceAppGitUrl="https://github.com/codecentric/conference-app" +createDockerJob("docker-conference-app-build-container", "cd app && sudo /usr/bin/docker build -t conferenceapp .", conferenceAppGitUrl) +createDockerJob("docker-conference-app-start-container", "sudo /usr/bin/docker run -d --name conferenceapp -p=48080:8080 conferenceapp", conferenceAppGitUrl) +createDockerJob("docker-conference-app-stop-container", 'sudo /usr/bin/docker stop \$(sudo /usr/bin/docker ps -a -q --filter="name=conferenceapp") && sudo /usr/bin/docker rm \$(sudo /usr/bin/docker ps -a -q --filter="name=conferenceapp")', " ") + +def createDockerJob(def jobName, def shellCommand, def gitRepository) { + + println "############################################################################################################" + println "Creating Docker Job ${jobName} for gitRepository=${gitRepository}" + println "############################################################################################################" + + job(jobName) { + logRotator { + numToKeep(10) + } + if( "${gitRepository}".size() > 0 ) { + if( "${jobName}".contains("conference-app") ) { + scm { + cloneWorkspace("conference-app-1-ci") + } + } else { + scm { + git { + remote { + url(gitRepository) + } + extensions { + cleanAfterCheckout() + } + } + } + } + } + steps { + steps { + shell(shellCommand) + } + } + publishers { + chucknorris() + } + } +} + +listView('admin docker') { + description('') + filterBuildQueue() + filterExecutors() + jobs { + regex(/docker-admin-.*/) + } + columns { + status() + buildButton() + weather() + name() + lastSuccess() + lastFailure() + lastDuration() + } +} diff --git a/jenkins/seedjobs/githubSeedJobs.groovy b/jenkins/seedjobs/githubSeedJobs.groovy new file mode 100644 index 0000000..d25e27a --- /dev/null +++ b/jenkins/seedjobs/githubSeedJobs.groovy @@ -0,0 +1,37 @@ +def githubApi = new URL("https://api.github.com/users/marcelbirkner/repos") +def projects = new groovy.json.JsonSlurper().parse(githubApi.newReader()) + +projects.each { + def jobName=it.name + def githubName=it.full_name + def gitUrl=it.ssh_url + println "Creating Job ${jobName} for ${gitUrl}" + + job("GitHub-${jobName}") { + logRotator(-1, 10) + scm { + github(githubName, 'master') + } + triggers { + githubPush() + } + } +} + +listView('MB GitHub Jobs') { + description('') + filterBuildQueue() + filterExecutors() + jobs { + regex(/GitHub-.*/) + } + columns { + status() + buildButton() + weather() + name() + lastSuccess() + lastFailure() + lastDuration() + } +} diff --git a/jenkins/seedjobs/jobDslSeedJob.groovy b/jenkins/seedjobs/jobDslSeedJob.groovy new file mode 100644 index 0000000..4e936c2 --- /dev/null +++ b/jenkins/seedjobs/jobDslSeedJob.groovy @@ -0,0 +1,68 @@ +// Example from https://jenkinsci.github.io/job-dsl-plugin/ + +def giturl = 'https://github.com/quidryan/aws-sdk-test.git' +for(i in 0..10) { + job("Job-DSL-Tutorial-1-Test-${i}") { + scm { + git { + remote { + url(giturl) + } + extensions { + cleanAfterCheckout() + } + } + } + triggers { + scm('15/H * * * *') + githubPush() + } + steps { + maven { + goals('clean') + goals('verify') + goals("test -Dtest.suite=${i}") + mavenOpts('-Xms256m') + mavenOpts('-Xmx512m') + properties(skipTests: true) + mavenInstallation('Maven 3.3.3') + } + } + } +} + +listView('Seed Jobs') { + description('') + filterBuildQueue() + filterExecutors() + jobs { + regex(/.*seed-job.*/) + } + columns { + status() + buildButton() + weather() + name() + lastSuccess() + lastFailure() + lastDuration() + } +} + +listView('Job DSL Tutorial') { + description('') + filterBuildQueue() + filterExecutors() + jobs { + regex(/.*Tutorial.*/) + } + columns { + status() + buildButton() + weather() + name() + lastSuccess() + lastFailure() + lastDuration() + } +} diff --git a/jenkins/seedjobs/selenium2MavenProjectSeedJob.groovy b/jenkins/seedjobs/selenium2MavenProjectSeedJob.groovy new file mode 100644 index 0000000..b24902e --- /dev/null +++ b/jenkins/seedjobs/selenium2MavenProjectSeedJob.groovy @@ -0,0 +1,46 @@ +def giturl = 'https://github.com/marcelbirkner/selenium2-maven-project' +job("selenium2-maven-project") { + scm { + git { + remote { + url(giturl) + } + extensions { + cleanAfterCheckout() + } + } + } + triggers { + scm('30/H * * * *') + githubPush() + } + steps { + maven { + goals('clean test -Dgrid.server.url=http://seleniumhub:4444/wd/hub') + mavenInstallation('Maven 3.3.3') + mavenOpts('-Xms512m -Xmx1024m') + providedGlobalSettings('MyGlobalSettings') + } + } + publishers { + chucknorris() + archiveJunit('**/target/surefire-reports/*.xml') + } +} +listView('Selenium') { + description('') + filterBuildQueue() + filterExecutors() + jobs { + regex(/selenium.*/) + } + columns { + status() + buildButton() + weather() + name() + lastSuccess() + lastFailure() + lastDuration() + } +} diff --git a/ldap/Dockerfile b/ldap/Dockerfile new file mode 100644 index 0000000..c61ce96 --- /dev/null +++ b/ldap/Dockerfile @@ -0,0 +1,17 @@ +FROM centos:centos6 +MAINTAINER Phi Huynh + +# See possible debug levels in man page (loglevel): http://linux.die.net/man/5/slapd.conf +ENV DEBUG_LEVEL=256 +EXPOSE 389 636 +VOLUME [ "/data" ] + +# Update to last version + +RUN yum -y update && \ + yum -y install openldap-servers openldap-clients && \ + yum clean all + +COPY . /root + +CMD ["/root/run.sh"] diff --git a/ldap/README.md b/ldap/README.md new file mode 100644 index 0000000..8dcf397 --- /dev/null +++ b/ldap/README.md @@ -0,0 +1,55 @@ +Be noted that this ldap server is just for testing purposes + +# Source +https://github.com/Appdynamics/extensions-docker/tree/master/openldap + +# Docker OpenLDAP server +Installs and configures OpenLDAP server with the following credentials + +``` +Bind DN: cn=admin,ou=admins,dc=nashtechglobal,dc=com +password: Harveynash@123 +``` + +### LDAP Configuration +##### Connection +``` +Bind DN: cn=admin,ou=admins,dc=nashtechglobal,dc=com +password: Harveynash@123 +``` +##### Users +``` +Base DN: ou=people,dc=nashtechglobal,dc=com +Attributes: dn, cn, uid, memberOf +``` +##### Groups +``` +Base DN: ou=groups,dc=nashtechglobal,dc=com +Attributes: dn, cn, member +``` +##### BuiltIn Users and Groups +`Harveynash@123` is the password for all Users +``` +phihuynh, phuongle: Administrators +user1, user2: Read Only +user1: Group1 +user1, user2, user3: Group2 +``` + +## A very good link here for LDAP +https://gitlab.com/chamunks/docker-ldap (BROKEN) + +https://github.com/osixia/docker-openldap + +https://docs.gitlab.com/ce/administration/auth/ldap.html + +Command to check LDAP is working +username: admin +password: admin +$ docker exec -it ldapserver +$ ldapsearch -x -H ldap://nt-openldap -b dc=nashtechglobal,dc=com -D "cn=admin,ou=admins,dc=nashtechglobal,dc=com" -w Harveynash@123 +$ ldapsearch -x -H ldap://192.168.1.107 -b dc=appdynamics,dc=com -D "cn=admin,ou=admins,dc=appdynamics,dc=com" -w Harveynash@123 + +## Login with php server +username: cn=admin,dc=nashtechglobal,dc=local +password: admin diff --git a/ldap/base.ldif b/ldap/base.ldif new file mode 100644 index 0000000..f5dbbb7 --- /dev/null +++ b/ldap/base.ldif @@ -0,0 +1,109 @@ +dn: dc=nashtechglobal,dc=com +objectClass: top +objectClass: dcObject +objectClass: organization +dc: nashtechglobal +o : nashtechglobal + +dn: ou=admins,dc=nashtechglobal,dc=com +objectClass: organizationalUnit +ou: admins + +dn: ou=people,dc=nashtechglobal,dc=com +objectClass: organizationalUnit +ou: people + +dn: ou=groups,dc=nashtechglobal,dc=com +objectClass: organizationalUnit +ou: groups + +dn: cn=admin,ou=admins,dc=nashtechglobal,dc=com +objectClass: inetOrgPerson +objectClass: organizationalPerson +objectClass: person +objectClass: top +cn: admin +sn: admin +uid: admin +description: Admin User + +dn: cn=phuongle,ou=people,dc=nashtechglobal,dc=com +objectClass: inetOrgPerson +objectClass: organizationalPerson +objectClass: person +objectClass: top +cn: phuongle +sn: phuongle +uid: phuongle +userpassword: Harveynash@123 + +dn: cn=phihuynh,ou=people,dc=nashtechglobal,dc=com +objectClass: inetOrgPerson +objectClass: organizationalPerson +objectClass: person +objectClass: top +cn: phihuynh +sn: phihuynh +uid: phihuynh +userpassword: Harveynash@123 + +dn: cn=thangchung,ou=people,dc=nashtechglobal,dc=com +objectClass: inetOrgPerson +objectClass: organizationalPerson +objectClass: person +objectClass: top +cn: thangchung +sn: thangchung +uid: thangchung +userpassword: Harveynash@123 + +dn: cn=thiennguyen,ou=people,dc=nashtechglobal,dc=com +objectClass: inetOrgPerson +objectClass: organizationalPerson +objectClass: person +objectClass: top +cn: thiennguyen +sn: thiennguyen +uid: thiennguyen +userpassword: Harveynash@123 + +dn: cn=nguyenlet,ou=people,dc=nashtechglobal,dc=com +objectClass: inetOrgPerson +objectClass: organizationalPerson +objectClass: person +objectClass: top +cn: nguyenlet +sn: nguyenlet +uid: nguyenlet +userpassword: Harveynash@123 + +dn: cn=Administrators,ou=groups,dc=nashtechglobal,dc=com +objectClass: top +objectClass: groupOfNames +cn: Administrators +member: cn=phihuynh,ou=people,dc=nashtechglobal,dc=com +member: cn=phuongle,ou=people,dc=nashtechglobal,dc=com +member: cn=thiennguyen,ou=people,dc=nashtechglobal,dc=com +member: cn=thangchung,ou=people,dc=nashtechglobal,dc=com + +dn: cn=Read Only,ou=groups,dc=nashtechglobal,dc=com +objectClass: top +objectClass: groupOfNames +cn: Read Only +member: cn=thangchung,ou=people,dc=nashtechglobal,dc=com +member: cn=thiennguyen,ou=people,dc=nashtechglobal,dc=com + +dn: cn=Group1,ou=groups,dc=nashtechglobal,dc=com +objectClass: top +objectClass: groupOfNames +cn: Group1 +member: cn=thiennguyen,ou=people,dc=nashtechglobal,dc=com + +dn: cn=Group2,ou=groups,dc=nashtechglobal,dc=com +objectClass: top +objectClass: groupOfNames +cn: Group2 +member: cn=thiennguyen,ou=people,dc=nashtechglobal,dc=com +member: cn=thangchung,ou=people,dc=nashtechglobal,dc=com +member: cn=phuongle,ou=people,dc=nashtechglobal,dc=com + diff --git a/ldap/docker-compose.yml b/ldap/docker-compose.yml new file mode 100644 index 0000000..3ba9ef4 --- /dev/null +++ b/ldap/docker-compose.yml @@ -0,0 +1,24 @@ +version: '3' +services: + openldap: + build: + context: . + dockerfile: Dockerfile + image: nashtech/openldap:latest + container_name: nt-openldap + tty: true + stdin_open: true + ports: + - "389:389" + - "636:636" + hostname: "ldap.nashtechglobal.com" + ldapadmin: + image: osixia/phpldapadmin:latest + container_name: nt-ldapadmin + environment: + PHPLDAPADMIN_LDAP_HOSTS: "nt-openldap" + PHPLDAPADMIN_HTTPS: "false" + ports: + - "8082:80" + depends_on: + - openldap \ No newline at end of file diff --git a/ldap/domain.ldif b/ldap/domain.ldif new file mode 100644 index 0000000..1223842 --- /dev/null +++ b/ldap/domain.ldif @@ -0,0 +1,27 @@ +dn: olcDatabase={1}monitor,cn=config +changetype: modify +replace: olcAccess +olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" + read by dn.base="cn=admin,ou=admins,dc=nashtechglobal,dc=com" read by * none + +dn: olcDatabase={2}bdb,cn=config +changetype: modify +replace: olcSuffix +olcSuffix: dc=nashtechglobal,dc=com + +dn: olcDatabase={2}bdb,cn=config +changetype: modify +replace: olcRootDN +olcRootDN: cn=admin,ou=admins,dc=nashtechglobal,dc=com + +dn: olcDatabase={2}bdb,cn=config +changetype: modify +add: olcRootPW +olcRootPW: Harveynash@123 + +dn: olcDatabase={2}bdb,cn=config +add: olcAccess +olcAccess: {0}to attrs=userPassword,shadowLastChange by + dn="cn=admin,ou=admins,dc=nashtechglobal,dc=com" write by anonymous auth by self write by * none +olcAccess: {1}to dn.base="" by * read +olcAccess: {2}to * by dn="cn=admin,ou=admins,dc=nashtechglobal,dc=com" write by * read diff --git a/ldap/manager.ldif b/ldap/manager.ldif new file mode 100644 index 0000000..87b5c59 --- /dev/null +++ b/ldap/manager.ldif @@ -0,0 +1,4 @@ +dn: olcDatabase={0}config,cn=config +changetype: modify +add: olcRootPW +olcRootPW: Harveynash@123 diff --git a/ldap/memberOf.ldif b/ldap/memberOf.ldif new file mode 100644 index 0000000..348841d --- /dev/null +++ b/ldap/memberOf.ldif @@ -0,0 +1,13 @@ +dn: cn=module{0},cn=config +cn: module{0} +objectclass: olcModuleList +objectclass: top +olcmoduleload: memberof.la +olcmodulepath: /usr/lib64/openldap + +dn: olcOverlay={0}memberof,olcDatabase={2}bdb,cn=config +objectClass: olcConfig +objectClass: olcMemberOf +objectClass: olcOverlayConfig +objectClass: top +olcOverlay: memberof diff --git a/ldap/run.sh b/ldap/run.sh new file mode 100755 index 0000000..0b6f66b --- /dev/null +++ b/ldap/run.sh @@ -0,0 +1,30 @@ +#!/bin/bash + +set -e + +if [ ! -f /data/lib/ldap/DB_CONFIG ]; then + + cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG + chown ldap. /var/lib/ldap/DB_CONFIG + + service slapd start + sleep 3 + + ldapmodify -Y EXTERNAL -H ldapi:/// -f /root/manager.ldif + ldapmodify -Y EXTERNAL -H ldapi:/// -f /root/domain.ldif + + ldapadd -Q -Y EXTERNAL -H ldapi:/// -f /root/memberOf.ldif + ldapadd -x -D cn=admin,ou=admins,dc=nashtechglobal,dc=com -w Harveynash@123 -f /root/base.ldif + + service slapd stop + sleep 3 + + mkdir /data/lib /data/etc + cp -ar /var/lib/ldap /data/lib + cp -ar /etc/openldap /data/etc +fi + +rm -rf /var/lib/ldap && ln -s /data/lib/ldap /var/lib/ldap +rm -rf /etc/openldap && ln -s /data/etc/openldap /etc/openldap + +exec /usr/sbin/slapd -h "ldap:/// ldaps:/// ldapi:///" -u ldap -d $DEBUG_LEVEL diff --git a/ldap/ssl.ldif b/ldap/ssl.ldif new file mode 100644 index 0000000..8496f75 --- /dev/null +++ b/ldap/ssl.ldif @@ -0,0 +1,10 @@ +dn: cn=config +changetype: modify +add: olcTLSCACertificateFile +olcTLSCACertificateFile: /etc/openldap/certs/ca-bundle.crt +- +replace: olcTLSCertificateFile +olcTLSCertificateFile: /etc/openldap/certs/server.crt +- +replace: olcTLSCertificateKeyFile +olcTLSCertificateKeyFile: /etc/openldap/certs/server.key diff --git a/sonarqube/README.md b/sonarqube/README.md new file mode 100644 index 0000000..6eae0d8 --- /dev/null +++ b/sonarqube/README.md @@ -0,0 +1,24 @@ +## Official repo +https://github.com/SonarSource/docker-sonarqube +docs: https://github.com/docker-library/docs/tree/master/sonarqube + +username: admin, password: admin + +## Visual Studio Sonarqube client? +SonarLint +http://www.dotnetcurry.com/visualstudio/1306/sonarcube-visual-studio-2015-tfs-build + +## Docker compose version +https://github.com/harbur/docker-sonarqube + +## Reference +* Official document for integrating jenkins in sonarqube +https://docs.sonarqube.org/display/SCAN/Analyzing+with+SonarQube+Scanner+for+Jenkins + +* Integrating jenkins & sonarqube: https://www.youtube.com/watch?v=jh7utASgKj4 +* https://blogs.msdn.microsoft.com/dotnet/2017/04/04/the-week-in-net-on-net-on-sonarlint-and-sonarqube-happy-birthday-net-with-dan-fernandez-nopcommerce-steve-gordon/ + +## Troubleshooting +* https://stackoverflow.com/questions/30869239/trying-to-analyze-net-project-with-sonar-using-jenkins +* Sonarqube can run for dotnetcore but only in Windows :( +https://stackoverflow.com/questions/43048060/how-can-i-use-sonarqube-to-scan-an-aspnet-core-1-1-project \ No newline at end of file