diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md deleted file mode 100644 index b735373..0000000 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ /dev/null @@ -1,35 +0,0 @@ ---- -name: Bug report -about: Create a report to help us improve - ---- - -**Describe the bug** -A clear and concise description of what the bug is. - -**To Reproduce** -Steps to reproduce the behavior: -1. Go to '...' -2. Click on '....' -3. Scroll down to '....' -4. See error - -**Expected behavior** -A clear and concise description of what you expected to happen. - -**Screenshots** -If applicable, add screenshots to help explain your problem. - -**Desktop (please complete the following information):** - - OS: [e.g. iOS] - - Browser [e.g. chrome, safari] - - Version [e.g. 22] - -**Smartphone (please complete the following information):** - - Device: [e.g. iPhone6] - - OS: [e.g. iOS8.1] - - Browser [e.g. stock browser, safari] - - Version [e.g. 22] - -**Additional context** -Add any other context about the problem here. diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md deleted file mode 100644 index 066b2d9..0000000 --- a/.github/ISSUE_TEMPLATE/feature_request.md +++ /dev/null @@ -1,17 +0,0 @@ ---- -name: Feature request -about: Suggest an idea for this project - ---- - -**Is your feature request related to a problem? Please describe.** -A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] - -**Describe the solution you'd like** -A clear and concise description of what you want to happen. - -**Describe alternatives you've considered** -A clear and concise description of any alternative solutions or features you've considered. - -**Additional context** -Add any other context or screenshots about the feature request here. diff --git a/.gitignore b/.gitignore index ce5e518..285a475 100644 --- a/.gitignore +++ b/.gitignore @@ -1,12 +1,3 @@ -env/ List_of_groups_Lecture_*.csv __pycache__/ _build/ -.eggs/ -.pytest_cache/ -.tox/ -dist/ -input/ -results/ -solutions/ -src/abgabesystem.egg-info/ diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index ff42bc3..15ecb5b 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -8,13 +8,11 @@ variables: stages: - test - doc - - projects - deadline - plagiates before_script: ## get ssh private key from secret variable - - echo "$SSH_PUBLIC_KEY" | tr -d '\r' > deploy_key.pub - eval $(ssh-agent -s) - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add - > /dev/null - mkdir -p ~/.ssh @@ -23,8 +21,8 @@ before_script: - ssh-keyscan $CI_REPO_HOST | tee ~/.ssh/known_hosts - chmod 644 ~/.ssh/known_hosts ## get API token from secret variable - - ./tools/build-config.sh - cp python-gitlab.cfg $HOME/.python-gitlab.cfg + - echo "private_token = ${PRIVATE_API_TOKEN}" >> $HOME/.python-gitlab.cfg - python3 setup.py install deadlines: @@ -63,7 +61,7 @@ doc: - abgabesystem script: - - cd docs && make html + - cd doc && make html artifacts: paths: @@ -71,15 +69,3 @@ doc: only: - master - -create_projects: - ## create projects for all enrolled students - stage: projects - tags: - - abgabesystem - - script: - - abgabesystem projects -c $CI_PROJECT_NAMESPACE -d deploy_key.pub - - only: - - branches diff --git a/README.md b/README.md index e7ec8f2..7605968 100644 --- a/README.md +++ b/README.md @@ -1,86 +1,53 @@ # The abgabesystem -[GitHub](https://github.com/timschubert/abgabesystem) +## Setup -## About - -*Behold, the (almighty) abgabesystem!* - -The aim of this project is to automate the handling of students' homework solutions using Gitlab. -So far It can - -- import student accounts from LDAP -- import a list of users from Stud.IP -- create groups for courses in Gitlab -- set up repositories for the students -- run automated style-checks -- test for plagiarisms - -## Setup Gitlab and CI runners - -There are multiple components involved in the abgabesystem. -The CI script uses a [Docker Container](https://github.com/timschubert/docker-abgabesystem) that contains the Python module and the [JPlag](https://jplag.ipd.kit.edu/) plagiarism checker. -Another container with [Checkstyle](https://github.com/timschubert/docker-checkstyle) is optionally required for style checking of each student repository. - -If you do not already have a working Gitlab instance see [here](https://docs.gitlab.com/omnibus/README.html#installation) how to install and configure it. -Additionally you will need the [Gitlab CI runner](https://docs.gitlab.com/runner/). -For performance reasons, you might want to have the CI runner on another host than Gitlab or otherwise limit the resources available to the runner (depending on the number of students and CI jobs). - -See [here](https://docs.gitlab.com/ce/administration/auth/ldap.html#doc-nav) on how to configure LDAP authentication. - -## Install the python module - -Install the python module using +Operations 1 and 2 require super user privileges to the API. The rest don't. +1. Import the students participating in the course into Gitlab. This is required to assign projects to each student. If you have exported a list of groups and functions from Stud.IP you can use that. ``` -$ virtualenv abgabesystem -$ source abgabesystem/bin/activate -$ pip install . +# abgabesystem users -s -b -p main ``` -## Set up the course - -To proceed, you need to have an [API token](https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html) with administrative privileges. -After having configured Gitlab and the runner, continue with setting up your course. -Gitlab can only add existing users to projects, so we create pseudo-users that later will be fetched from LDAP, the first time each user logs in. - -First create your course either using the Gitlab UI or - +2. Create a group for your course using ``` -$ abgabesystem courses -c +# abgabesystem courses -c + ``` + +3. Create a fork of this project inside the namespace of the group that has been created and configure your API token (`PRIVATE_API_TOKEN`) and deploy key (`SSH_PRIVATE_KEY`) (see .gitlab-ci.yml) for the forked project. + +4. Set up the project for the example solutions and the student projects. If you have pre-existing example solutions place them in `/solutions/solutions`. +``` +# abgabesystem projects -c -d -s ``` -Next, since there is currently no API available to export a list of participants from [https://www.studip.de/](Stud.IP), we use the CSV file (encoded as latin-1 🤢) that lists all students currently enrolled in the course. -This list may of course change from time to time, so make sure to re-run the script regularly. +5. Add all administrative users (e.g. users supervising the course or checking homework solutions) to the group of the course. + +6. At the deadline of each exercise trigger the plagiarism checker using +``` +# git tag +# git push --tags +``` +It can be useful to do this from a cronjob. + +## Recommended settings for gitlab.rb ``` -$ abgabesystem users -c -s -b -p main + gitlab_rails['gitlab_default_can_create_group'] = false + + # see gitlab documentation and add your ldap config + gitlab_rails['ldap_enabled'] = true ``` -Now create a fork of this repository inside the namespace of the course. +Also, you should -This repository contains CI jobs that need their own [Docker Container](https://github.com/timschubert/docker-abgabesystem). -Build the container, push it to the container registry and create a new runner that uses the container. -You can also [automate this](https://docs.gitlab.com/ce/ci/docker/using_docker_build.html) using the CI scripts included in the Docker container projects and let your Gitlab CI build and deploy the updated containers for you. +- set the default project limit for each user to 0 +- set default settings for projects to partially protected so that developers (e.g. students) can not force push tags and commits to protected branches (master) which is important for plagiarism controls. -Proceed by creating an API token that has access to the group of the course. -Add this token as `PRIVATE_API_TOKEN` to the [secret variables](https://docs.gitlab.com/ce/ci/variables/) of the forked abgabesystem project. -Then generate an SSH deploy key and add the private part as `SSH_PRIVATE_KEY` and the public key as `SSH_PUBLIC_KEY` to the secret variables. -The key will be used by the CI script to fetch from the student projects. +## Workflow -At last, you can add everyone with permission to view all student solutions to the group of the course. - -## Permissions - -Configure Gitlab to allow developers to push on the master branch, but not force push to protected branches. An easy way to achieve this is to set Gitlab to "Partially Protected". A sane default is also to not allow students to create new projects. - -## Checking student solutions - -When you have reachd the deadline for an exercise, push a new tag to `/abgabesystem` to trigger the plagiarism checker and automatically create a tag in each student project. - -``` -$ git tag -$ git push --tags -``` - -Check the build artifacts of the CI job for the results of the plagiarism checker. +To trigger the deadline of an exercise (e.g. Sunday at 15:00), push a tag (e.g. +ex1) to the cloned abgabesystem project. +The abgabesystem's CI job creates a tag of this name inside each student's project and then creates a checkout of each project's repository and runs [JPlag](https://github.com/jplag/jplag) to check for plagiates. +The results can be found inside the job artifacts. +The results are saved for each tag and can be downloaded as an archive. diff --git a/Students.csv b/Students.csv new file mode 100644 index 0000000..e69de29 diff --git a/config.yml b/config.yml new file mode 100644 index 0000000..c6980d1 --- /dev/null +++ b/config.yml @@ -0,0 +1,9 @@ +ldap: + base: 'ou=people,dc=tu-bs,dc=de' + provider: main +course: + !!python/object:abgabesystem.Course + name: test_course + students: Students.csv + deploy_key: + 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDKl2zu3ClMIOI6EhEi0qGjwCgEaWYfRl2149T45pcggnYc3CVln0FJhjXvWbfMU984TjJMw4X8dfeZpf9p7xtieAab6yz+vB6QTW1ur9Uge0Wv/D084Sdzb3FovC+Qr90d6BAd+A6+v/vEprTLnuX8McQuB4p8l6iimFrhmv4IdrD1W/y0AUEzdz/eXpsHavlqGrpb4oQ0aAnZq0qQ9cYAltcXKQzgLi7zoKJGNWR+gz4hfRfqme87+k0ABO3hWwcIuwm/XdHm9Z+hjZrPfqmZGJF71FasE9jymP0Si4sgQLjaX+qQh3ojubBN7RwhUo3zjFFFUL5/tLEIr42SGpXF abgabesystem' diff --git a/docs/Makefile b/doc/Makefile similarity index 88% rename from docs/Makefile rename to doc/Makefile index 69fe55e..3f2faaa 100644 --- a/docs/Makefile +++ b/doc/Makefile @@ -4,8 +4,9 @@ # You can set these variables from the command line. SPHINXOPTS = SPHINXBUILD = sphinx-build -SOURCEDIR = source -BUILDDIR = build +SPHINXPROJ = abgabesystem +SOURCEDIR = . +BUILDDIR = _build # Put it first so that "make" without argument is like "make help". help: diff --git a/docs/source/conf.py b/doc/conf.py similarity index 86% rename from docs/source/conf.py rename to doc/conf.py index ad507da..085ff35 100644 --- a/docs/source/conf.py +++ b/doc/conf.py @@ -12,9 +12,9 @@ # add these directories to sys.path here. If the directory is relative to the # documentation root, use os.path.abspath to make it absolute, like shown here. # -# import os -# import sys -# sys.path.insert(0, os.path.abspath('.')) +import os +import sys +sys.path.insert(0, os.path.abspath('../src')) # -- Project information ----------------------------------------------------- @@ -26,7 +26,7 @@ author = 'Tim Schubert' # The short X.Y version version = '' # The full version, including alpha/beta/rc tags -release = '1.0' +release = '' # -- General configuration --------------------------------------------------- @@ -42,10 +42,7 @@ extensions = [ 'sphinx.ext.autodoc', 'sphinx.ext.doctest', 'sphinx.ext.intersphinx', - 'sphinx.ext.todo', 'sphinx.ext.coverage', - 'sphinx.ext.viewcode', - 'sphinx.ext.githubpages', ] # Add any paths that contain templates here, relative to this directory. @@ -69,11 +66,11 @@ language = None # List of patterns, relative to source directory, that match files and # directories to ignore when looking for source files. -# This pattern also affects html_static_path and html_extra_path. -exclude_patterns = [] +# This pattern also affects html_static_path and html_extra_path . +exclude_patterns = ['_build', 'Thumbs.db', '.DS_Store'] # The name of the Pygments (syntax highlighting) style to use. -pygments_style = None +pygments_style = 'sphinx' # -- Options for HTML output ------------------------------------------------- @@ -162,32 +159,9 @@ texinfo_documents = [ ] -# -- Options for Epub output ------------------------------------------------- - -# Bibliographic Dublin Core info. -epub_title = project - -# The unique identifier of the text. This can be a ISBN number -# or the project homepage. -# -# epub_identifier = '' - -# A unique identification for the text. -# -# epub_uid = '' - -# A list of files that should not be packed into the epub file. -epub_exclude_files = ['search.html'] - - # -- Extension configuration ------------------------------------------------- # -- Options for intersphinx extension --------------------------------------- # Example configuration for intersphinx: refer to the Python standard library. intersphinx_mapping = {'https://docs.python.org/': None} - -# -- Options for todo extension ---------------------------------------------- - -# If true, `todo` and `todoList` produce output, else they produce nothing. -todo_include_todos = True \ No newline at end of file diff --git a/docs/source/index.rst b/doc/index.rst similarity index 56% rename from docs/source/index.rst rename to doc/index.rst index ff85a24..8836464 100644 --- a/docs/source/index.rst +++ b/doc/index.rst @@ -1,5 +1,5 @@ .. abgabesystem documentation master file, created by - sphinx-quickstart on Fri Sep 28 14:59:39 2018. + sphinx-quickstart on Fri Jun 1 13:35:35 2018. You can adapt this file completely to your liking, but it should at least contain the root `toctree` directive. @@ -18,3 +18,18 @@ Indices and tables * :ref:`genindex` * :ref:`modindex` * :ref:`search` + +.. automodule:: abgabesystem + :members: + +.. automodule:: abgabesystem.projects + :members: + +.. automodule:: abgabesystem.students + :members: + +.. automodule:: abgabesystem.commands + :members: + +.. autoclass:: abgabesystem.students.Student + :members: diff --git a/docs/make.bat b/doc/make.bat similarity index 87% rename from docs/make.bat rename to doc/make.bat index 543c6b1..325fa1e 100644 --- a/docs/make.bat +++ b/doc/make.bat @@ -7,8 +7,9 @@ REM Command file for Sphinx documentation if "%SPHINXBUILD%" == "" ( set SPHINXBUILD=sphinx-build ) -set SOURCEDIR=source -set BUILDDIR=build +set SOURCEDIR=. +set BUILDDIR=_build +set SPHINXPROJ=abgabesystem if "%1" == "" goto help diff --git a/doc/notes.md b/doc/notes.md new file mode 100644 index 0000000..e4ca6bb --- /dev/null +++ b/doc/notes.md @@ -0,0 +1,63 @@ +# Programmieren [1,2] Gitlab + +- https://docs.gitlab.com/omnibus/README.html + +## Authentication + +- use GITZ LDAP for login +- not allow "create new repo" + + +## Structure + +- main repo + + publish example solutions + + CI config for checkstyle + + Protected Runner for JPlag + + restrict access to branches with example solutions + +- student repos + + forked from main repo + + one repo per student + + student has *Developer* Access + + *tutors* group has *Master* access + + students can request access (Abgabepartner) + + *tutors* can grant access + +## Checkstyle + +- GitLab CI +- [Docker](https://docs.gitlab.com/omnibus/docker/README.html)container +- [Shared Runner](https://docs.gitlab.com/ce/ci/runners/README.html) +- restrict Container to [checkstyle](http://checkstyle.sourceforge.net/) +- disable internet access for container + +## JPlag + +- Deadline [at,cron]job or schedule via gitlab +- triggers [Protected Runner](https://docs.gitlab.com/ee/ci/runners/README.html#protected-runners) +- creates automatic protected TAG in each repo +- checks out TAG from all repos into /tmp and runs [JPlag](https://jplag.ipd.kit.edu/) +- replace with MOSS? https://github.com/soachishti/moss.py +- deploy key in each repo + +## (optional) sync script + +- (one-way) sync students and groups from [Stud.IP REST API](http://docs.studip.de/develop/Entwickler/RESTAPI) to [Gitlab REST API](https://docs.gitlab.com/ce/api/) + +# Replicate (TODO: ansible playbook) + +- install gitlab +- install docker +- copy gitlab.rb +- partially protected +- default project limit = 0 +- shared runner for checkstyle + +- protected runner for + + + setting protected tags + + running jplag + +- script for creating repos and groups +- SSH deploy key diff --git a/gitlab.rb b/gitlab.rb new file mode 100644 index 0000000..261e6c1 --- /dev/null +++ b/gitlab.rb @@ -0,0 +1,1782 @@ +## GitLab configuration settings +##! This file is generated during initial installation and **is not** modified +##! during upgrades. +##! Check out the latest version of this file to know about the different +##! settings that can be configured by this file, which may be found at: +##! https://gitlab.com/gitlab-org/omnibus-gitlab/raw/master/files/gitlab-config-template/gitlab.rb.template + + +## GitLab URL +##! URL on which GitLab will be reachable. +##! For more details on configuring external_url see: +##! https://docs.gitlab.com/omnibus/settings/configuration.html#configuring-the-external-url-for-gitlab +external_url 'https://ips1.ibr.cs.tu-bs.de' + +## Roles for multi-instance GitLab +##! The default is to have no roles enabled, which results in GitLab running as an all-in-one instance. +##! Options: +##! redis_sentinel_role redis_master_role redis_slave_role geo_primary_role geo_secondary_role +##! For more deatils on each role, see: +##! https://docs.gitlab.com/omnibus/roles/README.html#roles +##! +# roles ['redis_sentinel_role', 'redis_master_role'] + +## Legend +##! The following notations at the beginning of each line may be used to +##! differentiate between components of this file and to easily select them using +##! a regex. +##! ## Titles, subtitles etc +##! ##! More information - Description, Docs, Links, Issues etc. +##! Configuration settings have a single # followed by a single space at the +##! beginning; Remove them to enable the setting. + +##! **Configuration settings below are optional.** +##! **The values currently assigned are only examples and ARE NOT the default +##! values.** + + +################################################################################ +################################################################################ +## Configuration Settings for GitLab CE and EE ## +################################################################################ +################################################################################ + +################################################################################ +## gitlab.yml configuration +##! Docs: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/gitlab.yml.md +################################################################################ +# gitlab_rails['gitlab_ssh_host'] = 'ssh.host_example.com' +# gitlab_rails['time_zone'] = 'UTC' + +### Email Settings +gitlab_rails['gitlab_email_enabled'] = false +gitlab_rails['gitlab_email_from'] = 'gitlab@ips1.ibr.cs.tu-bs.de' +gitlab_rails['gitlab_email_display_name'] = 'Gitlab' +gitlab_rails['gitlab_email_reply_to'] = 'noreply@ips1.ibr.cs.tu-bs.de' +# gitlab_rails['gitlab_email_subject_suffix'] = '' + +### GitLab user privileges + gitlab_rails['gitlab_default_can_create_group'] = false +# gitlab_rails['gitlab_username_changing_enabled'] = true + +### Default Theme +# gitlab_rails['gitlab_default_theme'] = 2 + +### Default project feature settings +# gitlab_rails['gitlab_default_projects_features_issues'] = true +# gitlab_rails['gitlab_default_projects_features_merge_requests'] = true +# gitlab_rails['gitlab_default_projects_features_wiki'] = true +# gitlab_rails['gitlab_default_projects_features_snippets'] = true +# gitlab_rails['gitlab_default_projects_features_builds'] = true +# gitlab_rails['gitlab_default_projects_features_container_registry'] = true + +### Automatic issue closing +###! See https://docs.gitlab.com/ce/customization/issue_closing.html for more +###! information about this pattern. +# gitlab_rails['gitlab_issue_closing_pattern'] = "((?:[Cc]los(?:e[sd]?|ing)|[Ff]ix(?:e[sd]|ing)?|[Rr]esolv(?:e[sd]?|ing)|[Ii]mplement(?:s|ed|ing)?)(:?) +(?:(?:issues? +)?%{issue_ref}(?:(?:, *| +and +)?)|([A-Z][A-Z0-9_]+-\d+))+)" + +### Download location +###! When a user clicks e.g. 'Download zip' on a project, a temporary zip file +###! is created in the following directory. +# gitlab_rails['gitlab_repository_downloads_path'] = 'tmp/repositories' + +### Gravatar Settings +# gitlab_rails['gravatar_plain_url'] = 'http://www.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon' +# gitlab_rails['gravatar_ssl_url'] = 'https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon' + +### Auxiliary jobs +###! Periodically executed jobs, to self-heal Gitlab, do external +###! synchronizations, etc. +###! Docs: https://github.com/ondrejbartas/sidekiq-cron#adding-cron-job +###! https://docs.gitlab.com/ce/ci/yaml/README.html#artifacts:expire_in +# gitlab_rails['stuck_ci_jobs_worker_cron'] = "0 0 * * *" +# gitlab_rails['expire_build_artifacts_worker_cron'] = "50 * * * *" +# gitlab_rails['pipeline_schedule_worker_cron'] = "41 * * * *" +# gitlab_rails['repository_check_worker_cron'] = "20 * * * *" +# gitlab_rails['admin_email_worker_cron'] = "0 0 * * 0" +# gitlab_rails['repository_archive_cache_worker_cron'] = "0 * * * *" +# gitlab_rails['pages_domain_verification_cron_worker'] = "*/15 * * * *" + +### Webhook Settings +###! Number of seconds to wait for HTTP response after sending webhook HTTP POST +###! request (default: 10) +# gitlab_rails['webhook_timeout'] = 10 + +### Trusted proxies +###! Customize if you have GitLab behind a reverse proxy which is running on a +###! different machine. +###! **Add the IP address for your reverse proxy to the list, otherwise users +###! will appear signed in from that address.** +# gitlab_rails['trusted_proxies'] = [] + +### Monitoring settings +###! IP whitelist controlling access to monitoring endpoints +# gitlab_rails['monitoring_whitelist'] = ['127.0.0.0/8'] +###! Time between sampling of unicorn socket metrics, in seconds +# gitlab_rails['monitoring_unicorn_sampler_interval'] = 10 + +### Reply by email +###! Allow users to comment on issues and merge requests by replying to +###! notification emails. +###! Docs: https://docs.gitlab.com/ce/administration/reply_by_email.html +# gitlab_rails['incoming_email_enabled'] = true + +#### Incoming Email Address +####! The email address including the `%{key}` placeholder that will be replaced +####! to reference the item being replied to. +####! **The placeholder can be omitted but if present, it must appear in the +####! "user" part of the address (before the `@`).** +# gitlab_rails['incoming_email_address'] = "gitlab-incoming+%{key}@gmail.com" + +#### Email account username +####! **With third party providers, this is usually the full email address.** +####! **With self-hosted email servers, this is usually the user part of the +####! email address.** +# gitlab_rails['incoming_email_email'] = "gitlab-incoming@gmail.com" + +#### Email account password +# gitlab_rails['incoming_email_password'] = "[REDACTED]" + +#### IMAP Settings +# gitlab_rails['incoming_email_host'] = "imap.gmail.com" +# gitlab_rails['incoming_email_port'] = 993 +# gitlab_rails['incoming_email_ssl'] = true +# gitlab_rails['incoming_email_start_tls'] = false + +#### Incoming Mailbox Settings +####! The mailbox where incoming mail will end up. Usually "inbox". +# gitlab_rails['incoming_email_mailbox_name'] = "inbox" +####! The IDLE command timeout. +# gitlab_rails['incoming_email_idle_timeout'] = 60 + +### Job Artifacts +# gitlab_rails['artifacts_enabled'] = true +# gitlab_rails['artifacts_path'] = "/var/opt/gitlab/gitlab-rails/shared/artifacts" +# gitlab_rails['artifacts_object_store_enabled'] = false # EE only +# gitlab_rails['artifacts_object_store_background_upload'] = true +# gitlab_rails['artifacts_object_store_remote_directory'] = "artifacts" +# gitlab_rails['artifacts_object_store_connection'] = { +# 'provider' => 'AWS', +# 'region' => 'eu-west-1', +# 'aws_access_key_id' => 'AWS_ACCESS_KEY_ID', +# 'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY', +# # # The below options configure an S3 compatible host instead of AWS +# # 'host' => 's3.amazonaws.com', +# # 'endpoint' => nil, +# # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object' +# } + +### Git LFS +# gitlab_rails['lfs_enabled'] = true +# gitlab_rails['lfs_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/lfs-objects" +# gitlab_rails['lfs_object_store_enabled'] = false # EE only +# gitlab_rails['lfs_object_store_background_upload'] = true +# gitlab_rails['lfs_object_store_remote_directory'] = "lfs-objects" +# gitlab_rails['lfs_object_store_connection'] = { +# 'provider' => 'AWS', +# 'region' => 'eu-west-1', +# 'aws_access_key_id' => 'AWS_ACCESS_KEY_ID', +# 'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY', +# # # The below options configure an S3 compatible host instead of AWS +# # 'host' => 's3.amazonaws.com', +# # 'endpoint' => nil, +# # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object' +# } + +### Usage Statistics +# gitlab_rails['usage_ping_enabled'] = true + +### GitLab Mattermost +###! These settings are void if Mattermost is installed on the same omnibus +###! install +# gitlab_rails['mattermost_host'] = "https://mattermost.example.com" + +### LDAP Settings +###! Docs: https://docs.gitlab.com/omnibus/settings/ldap.html +###! **Be careful not to break the indentation in the ldap_servers block. It is +###! in yaml format and the spaces must be retained. Using tabs will not work.** + +gitlab_rails['ldap_enabled'] = true + +###! **remember to close this block with 'EOS' below** +gitlab_rails['ldap_servers'] = YAML.load <<-'EOS' +main: # 'main' is the GitLab 'provider ID' of this LDAP server + label: 'GITZ LDAP' + host: 'ldapk5.tu-bs.de' + port: 389 + uid: 'uid' +# bind_dn: 'ou=people,dc=tu-bs,dc=de' +# password: '_the_password_of_the_bind_user' + encryption: 'plain' # "start_tls" or "simple_tls" or "plain" + verify_certificates: true + active_directory: false +# allow_username_or_email_login: false +# lowercase_usernames: false +# block_auto_created_users: false + base: 'ou=people,dc=tu-bs,dc=de' + #user_filter: '(ou=Student TU Braunschweig)' +# ## EE only +# group_base: '' +# admin_group: '' +# sync_ssh_keys: false +# +# secondary: # 'secondary' is the GitLab 'provider ID' of second LDAP server +# label: 'LDAP' +# host: '_your_ldap_server' +# port: 389 +# uid: 'sAMAccountName' +# bind_dn: '_the_full_dn_of_the_user_you_will_bind_with' +# password: '_the_password_of_the_bind_user' +# encryption: 'plain' # "start_tls" or "simple_tls" or "plain" +# verify_certificates: true +# active_directory: true +# allow_username_or_email_login: false +# lowercase_usernames: false +# block_auto_created_users: false +# base: '' +# user_filter: '' +# ## EE only +# group_base: '' +# admin_group: '' +# sync_ssh_keys: false +EOS + +### OmniAuth Settings +###! Docs: https://docs.gitlab.com/ce/integration/omniauth.html +# gitlab_rails['omniauth_enabled'] = false +# gitlab_rails['omniauth_allow_single_sign_on'] = ['saml'] +# gitlab_rails['omniauth_sync_email_from_provider'] = 'saml' +# gitlab_rails['omniauth_sync_profile_from_provider'] = ['saml'] +# gitlab_rails['omniauth_sync_profile_attributes'] = ['email'] +# gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'saml' +# gitlab_rails['omniauth_block_auto_created_users'] = true +# gitlab_rails['omniauth_auto_link_ldap_user'] = false +# gitlab_rails['omniauth_auto_link_saml_user'] = false +# gitlab_rails['omniauth_external_providers'] = ['twitter', 'google_oauth2'] +# gitlab_rails['omniauth_providers'] = [ +# { +# "name" => "google_oauth2", +# "app_id" => "YOUR APP ID", +# "app_secret" => "YOUR APP SECRET", +# "args" => { "access_type" => "offline", "approval_prompt" => "" } +# } +# ] + +### Backup Settings +###! Docs: https://docs.gitlab.com/omnibus/settings/backups.html + +# gitlab_rails['manage_backup_path'] = true +# gitlab_rails['backup_path'] = "/var/opt/gitlab/backups" + +###! Docs: https://docs.gitlab.com/ce/raketasks/backup_restore.html#backup-archive-permissions +# gitlab_rails['backup_archive_permissions'] = 0644 + +# gitlab_rails['backup_pg_schema'] = 'public' + +###! The duration in seconds to keep backups before they are allowed to be deleted +# gitlab_rails['backup_keep_time'] = 604800 + +# gitlab_rails['backup_upload_connection'] = { +# 'provider' => 'AWS', +# 'region' => 'eu-west-1', +# 'aws_access_key_id' => 'AKIAKIAKI', +# 'aws_secret_access_key' => 'secret123' +# } +# gitlab_rails['backup_upload_remote_directory'] = 'my.s3.bucket' +# gitlab_rails['backup_multipart_chunk_size'] = 104857600 + +###! **Turns on AWS Server-Side Encryption with Amazon S3-Managed Keys for +###! backups** +# gitlab_rails['backup_encryption'] = 'AES256' + +###! **Specifies Amazon S3 storage class to use for backups. Valid values +###! include 'STANDARD', 'STANDARD_IA', 'GLACIER', and +###! 'REDUCED_REDUNDANCY'** +# gitlab_rails['backup_storage_class'] = 'STANDARD' + +### For setting up different data storing directory +###! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#storing-git-data-in-an-alternative-directory +###! **If you want to use a single non-default directory to store git data use a +###! path that doesn't contain symlinks.** +# git_data_dirs({ +# "default" => { +# "path" => "/mnt/nfs-01/git-data" +# } +# }) + +### Gitaly settings +# gitlab_rails['gitaly_token'] = 'secret token' + +### For storing GitLab application uploads, eg. LFS objects, build artifacts +###! Docs: https://docs.gitlab.com/ce/development/shared_files.html +# gitlab_rails['shared_path'] = '/var/opt/gitlab/gitlab-rails/shared' + +### Wait for file system to be mounted +###! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#only-start-omnibus-gitlab-services-after-a-given-filesystem-is-mounted +# high_availability['mountpoint'] = ["/var/opt/gitlab/git-data", "/var/opt/gitlab/gitlab-rails/shared"] + +### GitLab Shell settings for GitLab +# gitlab_rails['gitlab_shell_ssh_port'] = 22 +# gitlab_rails['gitlab_shell_git_timeout'] = 800 + +### Extra customization +# gitlab_rails['extra_google_analytics_id'] = '_your_tracking_id' +# gitlab_rails['extra_piwik_url'] = '_your_piwik_url' +# gitlab_rails['extra_piwik_site_id'] = '_your_piwik_site_id' + +##! Docs: https://docs.gitlab.com/omnibus/settings/environment-variables.html +# gitlab_rails['env'] = { +# 'BUNDLE_GEMFILE' => "/opt/gitlab/embedded/service/gitlab-rails/Gemfile", +# 'PATH' => "/opt/gitlab/bin:/opt/gitlab/embedded/bin:/bin:/usr/bin" +# } + +# gitlab_rails['rack_attack_git_basic_auth'] = { +# 'enabled' => true, +# 'ip_whitelist' => ["127.0.0.1"], +# 'maxretry' => 10, +# 'findtime' => 60, +# 'bantime' => 3600 +# } + +# gitlab_rails['rack_attack_protected_paths'] = [ +# '/users/password', +# '/users/sign_in', +# '/api/#{API::API.version}/session.json', +# '/api/#{API::API.version}/session', +# '/users', +# '/users/confirmation', +# '/unsubscribes/', +# '/import/github/personal_access_token' +# ] + +###! **We do not recommend changing these directories.** +# gitlab_rails['dir'] = "/var/opt/gitlab/gitlab-rails" +# gitlab_rails['log_directory'] = "/var/log/gitlab/gitlab-rails" + +### GitLab application settings +# gitlab_rails['uploads_directory'] = "/var/opt/gitlab/gitlab-rails/uploads" +# gitlab_rails['rate_limit_requests_per_period'] = 10 +# gitlab_rails['rate_limit_period'] = 60 + +#### Change the initial default admin password and shared runner registraion tokens. +####! **Only applicable on initial setup, changing these settings after database +####! is created and seeded won't yield any change.** +# gitlab_rails['initial_root_password'] = "password" +# gitlab_rails['initial_shared_runners_registration_token'] = "token" + +#### Enable or disable automatic database migrations +# gitlab_rails['auto_migrate'] = true + +#### This is advanced feature used by large gitlab deployments where loading +#### whole RAILS env takes a lot of time. +# gitlab_rails['rake_cache_clear'] = true + +### GitLab database settings +###! Docs: https://docs.gitlab.com/omnibus/settings/database.html +###! **Only needed if you use an external database.** +# gitlab_rails['db_adapter'] = "postgresql" +# gitlab_rails['db_encoding'] = "unicode" +# gitlab_rails['db_collation'] = nil +# gitlab_rails['db_database'] = "gitlabhq_production" +# gitlab_rails['db_pool'] = 10 +# gitlab_rails['db_username'] = "gitlab" +# gitlab_rails['db_password'] = nil +# gitlab_rails['db_host'] = nil +# gitlab_rails['db_port'] = 5432 +# gitlab_rails['db_socket'] = nil +# gitlab_rails['db_sslmode'] = nil +# gitlab_rails['db_sslrootcert'] = nil +# gitlab_rails['db_prepared_statements'] = false +# gitlab_rails['db_statements_limit'] = 1000 + + +### GitLab Redis settings +###! Connect to your own Redis instance +###! Docs: https://docs.gitlab.com/omnibus/settings/redis.html + +#### Redis TCP connection +# gitlab_rails['redis_host'] = "127.0.0.1" +# gitlab_rails['redis_port'] = 6379 +# gitlab_rails['redis_password'] = nil +# gitlab_rails['redis_database'] = 0 + +#### Redis local UNIX socket (will be disabled if TCP method is used) +# gitlab_rails['redis_socket'] = "/var/opt/gitlab/redis/redis.socket" + +#### Sentinel support +####! To have Sentinel working, you must enable Redis TCP connection support +####! above and define a few Sentinel hosts below (to get a reliable setup +####! at least 3 hosts). +####! **You don't need to list every sentinel host, but the ones not listed will +####! not be used in a fail-over situation to query for the new master.** +# gitlab_rails['redis_sentinels'] = [ +# {'host' => '127.0.0.1', 'port' => 26379}, +# ] + +#### Separate instances support +###! Docs: https://docs.gitlab.com/omnibus/settings/redis.html#running-with-multiple-redis-instances +# gitlab_rails['redis_cache_instance'] = nil +# gitlab_rails['redis_cache_sentinels'] = nil +# gitlab_rails['redis_queues_instance'] = nil +# gitlab_rails['redis_queues_sentinels'] = nil +# gitlab_rails['redis_shared_state_instance'] = nil +# gitlab_rails['redis_shared_sentinels'] = nil + +### GitLab email server settings +###! Docs: https://docs.gitlab.com/omnibus/settings/smtp.html +###! **Use smtp instead of sendmail/postfix.** + +# gitlab_rails['smtp_enable'] = true +# gitlab_rails['smtp_address'] = "smtp.server" +# gitlab_rails['smtp_port'] = 465 +# gitlab_rails['smtp_user_name'] = "smtp user" +# gitlab_rails['smtp_password'] = "smtp password" +# gitlab_rails['smtp_domain'] = "example.com" +# gitlab_rails['smtp_authentication'] = "login" +# gitlab_rails['smtp_enable_starttls_auto'] = true +# gitlab_rails['smtp_tls'] = false + +###! **Can be: 'none', 'peer', 'client_once', 'fail_if_no_peer_cert'** +###! Docs: http://api.rubyonrails.org/classes/ActionMailer/Base.html +# gitlab_rails['smtp_openssl_verify_mode'] = 'none' + +# gitlab_rails['smtp_ca_path'] = "/etc/ssl/certs" +# gitlab_rails['smtp_ca_file'] = "/etc/ssl/certs/ca-certificates.crt" + +################################################################################ +## Container Registry settings +##! Docs: https://docs.gitlab.com/ce/administration/container_registry.html +################################################################################ + +registry_external_url 'https://ips1.ibr.cs.tu-bs.de:5005' + +### Settings used by GitLab application +# gitlab_rails['registry_enabled'] = true +# gitlab_rails['registry_host'] = "registry.gitlab.example.com" +# gitlab_rails['registry_port'] = "5005" +# gitlab_rails['registry_path'] = "/var/opt/gitlab/gitlab-rails/shared/registry" + +###! **Do not change the following 3 settings unless you know what you are +###! doing** +# gitlab_rails['registry_api_url'] = "http://localhost:5000" +# gitlab_rails['registry_key_path'] = "/var/opt/gitlab/gitlab-rails/certificate.key" +# gitlab_rails['registry_issuer'] = "omnibus-gitlab-issuer" + +### Settings used by Registry application +# registry['enable'] = true +# registry['username'] = "registry" +# registry['group'] = "registry" +# registry['uid'] = nil +# registry['gid'] = nil +# registry['dir'] = "/var/opt/gitlab/registry" +# registry['registry_http_addr'] = "localhost:5000" +# registry['debug_addr'] = "localhost:5001" +# registry['log_directory'] = "/var/log/gitlab/registry" +# registry['env_directory'] = "/opt/gitlab/etc/registry/env" +# registry['env'] = {} +# registry['log_level'] = "info" +# registry['rootcertbundle'] = "/var/opt/gitlab/registry/certificate.crt" +# registry['storage_delete_enabled'] = true + +### Registry backend storage +###! Docs: https://docs.gitlab.com/ce/administration/container_registry.html#container-registry-storage-driver +# registry['storage'] = { +# 's3' => { +# 'accesskey' => 'AKIAKIAKI', +# 'secretkey' => 'secret123', +# 'bucket' => 'gitlab-registry-bucket-AKIAKIAKI' +# } +# } + +### Registry notifications endpoints +# registry['notifications'] = [ +# { +# 'name' => 'test_endpoint', +# 'url' => 'https://gitlab.example.com/notify2', +# 'timeout' => '500ms', +# 'threshold' => 5, +# 'backoff' => '1s', +# 'headers' => { +# "Authorization" => ["AUTHORIZATION_EXAMPLE_TOKEN"] +# } +# } +# ] +### Default registry notifications +# registry['default_notifications_timeout'] = "500ms" +# registry['default_notifications_threshold'] = 5 +# registry['default_notifications_backoff'] = "1s" +# registry['default_notifications_headers'] = {} + + + +################################################################################ +## GitLab Workhorse +##! Docs: https://gitlab.com/gitlab-org/gitlab-workhorse/blob/master/README.md +################################################################################ + +# gitlab_workhorse['enable'] = true +# gitlab_workhorse['ha'] = false +# gitlab_workhorse['listen_network'] = "unix" +# gitlab_workhorse['listen_umask'] = 000 +# gitlab_workhorse['listen_addr'] = "/var/opt/gitlab/gitlab-workhorse/socket" +# gitlab_workhorse['auth_backend'] = "http://localhost:8080" + +##! the empty string is the default in gitlab-workhorse option parser +# gitlab_workhorse['auth_socket'] = "''" + +##! put an empty string on the command line +# gitlab_workhorse['pprof_listen_addr'] = "''" + +# gitlab_workhorse['prometheus_listen_addr'] = "localhost:9229" + +# gitlab_workhorse['dir'] = "/var/opt/gitlab/gitlab-workhorse" +# gitlab_workhorse['log_directory'] = "/var/log/gitlab/gitlab-workhorse" +# gitlab_workhorse['proxy_headers_timeout'] = "1m0s" + +##! limit number of concurrent API requests, defaults to 0 which is unlimited +# gitlab_workhorse['api_limit'] = 0 + +##! limit number of API requests allowed to be queued, defaults to 0 which +##! disables queuing +# gitlab_workhorse['api_queue_limit'] = 0 + +##! duration after which we timeout requests if they sit too long in the queue +# gitlab_workhorse['api_queue_duration'] = "30s" + +##! Long polling duration for job requesting for runners +# gitlab_workhorse['api_ci_long_polling_duration'] = "60s" + +# gitlab_workhorse['env'] = { +# 'PATH' => "/opt/gitlab/bin:/opt/gitlab/embedded/bin:/bin:/usr/bin" +# } + +################################################################################ +## GitLab User Settings +##! Modify default git user. +##! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#changing-the-name-of-the-git-user-group +################################################################################ + +# user['username'] = "git" +# user['group'] = "git" +# user['uid'] = nil +# user['gid'] = nil + +##! The shell for the git user +# user['shell'] = "/bin/sh" + +##! The home directory for the git user +# user['home'] = "/var/opt/gitlab" + +# user['git_user_name'] = "GitLab" +# user['git_user_email'] = "gitlab@#{node['fqdn']}" + +################################################################################ +## GitLab Unicorn +##! Tweak unicorn settings. +##! Docs: https://docs.gitlab.com/omnibus/settings/unicorn.html +################################################################################ + +# unicorn['worker_timeout'] = 60 +###! Minimum worker_processes is 2 at this moment +###! See https://gitlab.com/gitlab-org/gitlab-ce/issues/18771 +# unicorn['worker_processes'] = 2 + +### Advanced settings +# unicorn['listen'] = '127.0.0.1' +# unicorn['port'] = 8080 +# unicorn['socket'] = '/var/opt/gitlab/gitlab-rails/sockets/gitlab.socket' +# unicorn['pidfile'] = '/opt/gitlab/var/unicorn/unicorn.pid' +# unicorn['tcp_nopush'] = true +# unicorn['backlog_socket'] = 1024 + +###! **Make sure somaxconn is equal or higher then backlog_socket** +# unicorn['somaxconn'] = 1024 + +###! **We do not recommend changing this setting** +# unicorn['log_directory'] = "/var/log/gitlab/unicorn" + +### **Only change these settings if you understand well what they mean** +###! Docs: https://about.gitlab.com/2015/06/05/how-gitlab-uses-unicorn-and-unicorn-worker-killer/ +###! https://github.com/kzk/unicorn-worker-killer +# unicorn['worker_memory_limit_min'] = "400 * 1 << 20" +# unicorn['worker_memory_limit_max'] = "650 * 1 << 20" + +################################################################################ +## GitLab Sidekiq +################################################################################ + +# sidekiq['log_directory'] = "/var/log/gitlab/sidekiq" +# sidekiq['shutdown_timeout'] = 4 +# sidekiq['concurrency'] = 25 +# sidekiq['metrics_enabled'] = true +# sidekiq['listen_address'] = 127.0.0.1 +# sidekiq['listen_port'] = 8082 + +################################################################################ +## gitlab-shell +################################################################################ + +# gitlab_shell['audit_usernames'] = false +# gitlab_shell['log_level'] = 'INFO' +# gitlab_shell['http_settings'] = { user: 'username', password: 'password', ca_file: '/etc/ssl/cert.pem', ca_path: '/etc/pki/tls/certs', self_signed_cert: false} +# gitlab_shell['log_directory'] = "/var/log/gitlab/gitlab-shell/" +# gitlab_shell['custom_hooks_dir'] = "/opt/gitlab/embedded/service/gitlab-shell/hooks" + +# gitlab_shell['auth_file'] = "/var/opt/gitlab/.ssh/authorized_keys" + +### Git trace log file. +###! If set, git commands receive GIT_TRACE* environment variables +###! Docs: https://git-scm.com/book/es/v2/Git-Internals-Environment-Variables#Debugging +###! An absolute path starting with / – the trace output will be appended to +###! that file. It needs to exist so we can check permissions and avoid +###! throwing warnings to the users. +# gitlab_shell['git_trace_log_file'] = "/var/log/gitlab/gitlab-shell/gitlab-shell-git-trace.log" + +##! **We do not recommend changing this directory.** +# gitlab_shell['dir'] = "/var/opt/gitlab/gitlab-shell" + +################################################################ +## GitLab PostgreSQL +################################################################ + +###! Changing any of these settings requires a restart of postgresql. +###! By default, reconfigure reloads postgresql if it is running. If you +###! change any of these settings, be sure to run `gitlab-ctl restart postgresql` +###! after reconfigure in order for the changes to take effect. +# postgresql['enable'] = true +# postgresql['listen_address'] = nil +# postgresql['port'] = 5432 +# postgresql['data_dir'] = "/var/opt/gitlab/postgresql/data" + +##! **recommend value is 1/4 of total RAM, up to 14GB.** +# postgresql['shared_buffers'] = "256MB" + +### Advanced settings +# postgresql['ha'] = false +# postgresql['dir'] = "/var/opt/gitlab/postgresql" +# postgresql['log_directory'] = "/var/log/gitlab/postgresql" +# postgresql['username'] = "gitlab-psql" +# postgresql['uid'] = nil +# postgresql['gid'] = nil +# postgresql['shell'] = "/bin/sh" +# postgresql['home'] = "/var/opt/gitlab/postgresql" +# postgresql['user_path'] = "/opt/gitlab/embedded/bin:/opt/gitlab/bin:$PATH" +# postgresql['sql_user'] = "gitlab" +# postgresql['max_connections'] = 200 +# postgresql['md5_auth_cidr_addresses'] = [] +# postgresql['trust_auth_cidr_addresses'] = [] +# postgresql['wal_buffers'] = "-1" +# postgresql['autovacuum_max_workers'] = "3" +# postgresql['autovacuum_freeze_max_age'] = "200000000" +# postgresql['track_activity_query_size'] = "1024" +# postgresql['shared_preload_libraries'] = nil +# postgresql['dynamic_shared_memory_type'] = nil +# postgresql['hot_standby'] = "off" + +### SSL settings +# See https://www.postgresql.org/docs/9.6/static/runtime-config-connection.html#GUC-SSL-CERT-FILE for more details +# postgresql['ssl'] = 'on' +# postgresql['ssl_ciphers'] = 'HIGH:MEDIUM:+3DES:!aNULL:!SSLv3:!TLSv1' +# postgresql['ssl_cert_file'] = 'server.crt' +# postgresql['ssl_key_file'] = 'server.key' +# postgresql['ssl_ca_file'] = '/opt/gitlab/embedded/ssl/certs/cacert.pem' +# postgresql['ssl_crl_file'] = nil + +### Replication settings +###! Note, some replication settings do not require a full restart. They are documented below. +# postgresql['wal_level'] = "hot_standby" +# postgresql['max_wal_senders'] = 5 +# postgresql['max_replication_slots'] = 0 +# postgresql['max_locks_per_transaction'] = 128 + +# Backup/Archive settings +# default['gitlab']['postgresql']['archive_mode'] = "off" + +###! Changing any of these settings only requires a reload of postgresql. You do not need to +###! restart postgresql if you change any of these and run reconfigure. +# postgresql['work_mem'] = "16MB" +# postgresql['maintenance_work_mem'] = "16MB" +# postgresql['checkpoint_segments'] = 10 +# postgresql['checkpoint_timeout'] = "5min" +# postgresql['checkpoint_completion_target'] = 0.9 +# postgresql['effective_io_concurrency'] = 1 +# postgresql['checkpoint_warning'] = "30s" +# postgresql['effective_cache_size'] = "1MB" +# postgresql['shmmax'] = 17179869184 # or 4294967295 +# postgresql['shmall'] = 4194304 # or 1048575 +# postgresql['autovacuum'] = "on" +# postgresql['log_autovacuum_min_duration'] = "-1" +# postgresql['autovacuum_naptime'] = "1min" +# postgresql['autovacuum_vacuum_threshold'] = "50" +# postgresql['autovacuum_analyze_threshold'] = "50" +# postgresql['autovacuum_vacuum_scale_factor'] = "0.02" +# postgresql['autovacuum_analyze_scale_factor'] = "0.01" +# postgresql['autovacuum_vacuum_cost_delay'] = "20ms" +# postgresql['autovacuum_vacuum_cost_limit'] = "-1" +# postgresql['statement_timeout'] = "60000" +# postgresql['idle_in_transaction_session_timeout'] = "60000" +# postgresql['log_line_prefix'] = "%a" +# postgresql['max_worker_processes'] = 8 +# postgreslq['max_parallel_workers_per_gather'] = 0 +# postgresql['log_lock_waits'] = 1 +# postgresql['deadlock_timeout'] = '5s' +# postgresql['track_io_timing'] = 0 + +### Available in PostgreSQL 9.6 and later +# postgresql['min_wal_size'] = 80MB +# postgresql['max_wal_size'] = 1GB + +# Backup/Archive settings +# default['gitlab']['postgresql']['archive_command'] = nil +# default['gitlab']['postgresql']['archive_timeout'] = "0" + +### Replication settings +# postgresql['sql_replication_user'] = "gitlab_replicator" +# postgresql['sql_replication_password'] = "md5 hash of postgresql password" # You can generate with `gitlab-ctl pg-password-md5 ` +# postgresql['wal_keep_segments'] = 10 +# postgresql['max_standby_archive_delay'] = "30s" +# postgresql['max_standby_streaming_delay'] = "30s" +# postgresql['synchronous_commit'] = on +# postgresql['synchronous_standby_names'] = '' +# postgresql['hot_standby_feedback'] = 'off' +# postgresql['random_page_cost'] = 2.0 +# postgresql['log_temp_files'] = -1 +# postgresql['log_checkpoints'] = 'off' +# To add custom entries to pg_hba.conf use the following +# postgresql['custom_pg_hba_entries'] = { +# APPLICATION: { # APPLICATION should identify what the settings are used for +# type: example, +# database: example, +# user: example, +# cidr: example, +# method: example, +# option: exmple +# } +# } +# See https://www.postgresql.org/docs/9.6/static/auth-pg-hba-conf.html for an explanation +# of the values + + +################################################################################ +## GitLab Redis +##! **Can be disabled if you are using your own Redis instance.** +##! Docs: https://docs.gitlab.com/omnibus/settings/redis.html +################################################################################ + +# redis['enable'] = true +# redis['username'] = "gitlab-redis" +# redis['maxclients'] = "10000" +# redis['maxmemory'] = "0" +# redis['maxmemory_policy'] = "noeviction" +# redis['maxmemory_samples'] = "5" +# redis['tcp_timeout'] = "60" +# redis['tcp_keepalive'] = "300" +# redis['uid'] = nil +# redis['gid'] = nil + +###! **To enable only Redis service in this machine, uncomment +###! one of the lines below (choose master or slave instance types).** +###! Docs: https://docs.gitlab.com/omnibus/settings/redis.html +###! https://docs.gitlab.com/ce/administration/high_availability/redis.html +# redis_master_role['enable'] = true +# redis_slave_role['enable'] = true + +### Redis TCP support (will disable UNIX socket transport) +# redis['bind'] = '0.0.0.0' # or specify an IP to bind to a single one +# redis['port'] = 6379 +# redis['password'] = 'redis-password-goes-here' + +### Redis Sentinel support +###! **You need a master slave Redis replication to be able to do failover** +###! **Please read the documentation before enabling it to understand the +###! caveats:** +###! Docs: https://docs.gitlab.com/ce/administration/high_availability/redis.html + +### Replication support +#### Slave Redis instance +# redis['master'] = false # by default this is true + +#### Slave and Sentinel shared configuration +####! **Both need to point to the master Redis instance to get replication and +####! heartbeat monitoring** +# redis['master_name'] = 'gitlab-redis' +# redis['master_ip'] = nil +# redis['master_port'] = 6379 + +####! **Master password should have the same value defined in +####! redis['password'] to enable the instance to transition to/from +####! master/slave in a failover event.** +# redis['master_password'] = 'redis-password-goes-here' + +####! Increase these values when your slaves can't catch up with master +# redis['client_output_buffer_limit_normal'] = '0 0 0' +# redis['client_output_buffer_limit_slave'] = '256mb 64mb 60' +# redis['client_output_buffer_limit_pubsub'] = '32mb 8mb 60' + +#####! Redis snapshotting frequency +#####! Set to [] to disable +#####! Set to [''] to clear previously set values +# redis['save'] = [ '900 1', '300 10', '60 10000' ] + +################################################################################ +## GitLab Web server +##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#using-a-non-bundled-web-server +################################################################################ + +##! When bundled nginx is disabled we need to add the external webserver user to +##! the GitLab webserver group. +# web_server['external_users'] = [] +# web_server['username'] = 'gitlab-www' +# web_server['group'] = 'gitlab-www' +# web_server['uid'] = nil +# web_server['gid'] = nil +# web_server['shell'] = '/bin/false' +# web_server['home'] = '/var/opt/gitlab/nginx' + +################################################################################ +## GitLab NGINX +##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html +################################################################################ + +# nginx['enable'] = true +# nginx['client_max_body_size'] = '250m' +# nginx['redirect_http_to_https'] = false +# nginx['redirect_http_to_https_port'] = 80 + +##! Most root CA's are included by default +# nginx['ssl_client_certificate'] = "/etc/gitlab/ssl/ca.crt" + +##! enable/disable 2-way SSL client authentication +# nginx['ssl_verify_client'] = "off" + +##! if ssl_verify_client on, verification depth in the client certificates chain +# nginx['ssl_verify_depth'] = "1" + +# nginx['ssl_certificate'] = "/etc/gitlab/ssl/#{node['fqdn']}.crt" +# nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/#{node['fqdn']}.key" +# nginx['ssl_ciphers'] = "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256" +# nginx['ssl_prefer_server_ciphers'] = "on" + +##! **Recommended by: https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html +##! https://cipherli.st/** +# nginx['ssl_protocols'] = "TLSv1.1 TLSv1.2" + +##! **Recommended in: https://nginx.org/en/docs/http/ngx_http_ssl_module.html** +# nginx['ssl_session_cache'] = "builtin:1000 shared:SSL:10m" + +##! **Default according to https://nginx.org/en/docs/http/ngx_http_ssl_module.html** +# nginx['ssl_session_timeout'] = "5m" + +# nginx['ssl_dhparam'] = nil # Path to dhparams.pem, eg. /etc/gitlab/ssl/dhparams.pem +# nginx['listen_addresses'] = ['*', '[::]'] + +##! **Defaults to forcing web browsers to always communicate using only HTTPS** +##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#setting-http-strict-transport-security +# nginx['hsts_max_age'] = 31536000 +# nginx['hsts_include_subdomains'] = false + +##! **Override only if you use a reverse proxy** +##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#setting-the-nginx-listen-port +# nginx['listen_port'] = nil + +##! **Override only if your reverse proxy internally communicates over HTTP** +##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#supporting-proxied-ssl +# nginx['listen_https'] = nil + +# nginx['custom_gitlab_server_config'] = "location ^~ /foo-namespace/bar-project/raw/ {\n deny all;\n}\n" +# nginx['custom_nginx_config'] = "include /etc/nginx/conf.d/example.conf;" +# nginx['proxy_read_timeout'] = 3600 +# nginx['proxy_connect_timeout'] = 300 +# nginx['proxy_set_headers'] = { +# "Host" => "$http_host_with_default", +# "X-Real-IP" => "$remote_addr", +# "X-Forwarded-For" => "$proxy_add_x_forwarded_for", +# "X-Forwarded-Proto" => "https", +# "X-Forwarded-Ssl" => "on", +# "Upgrade" => "$http_upgrade", +# "Connection" => "$connection_upgrade" +# } +# nginx['proxy_cache_path'] = 'proxy_cache keys_zone=gitlab:10m max_size=1g levels=1:2' +# nginx['proxy_cache'] = 'gitlab' +# nginx['http2_enabled'] = true +# nginx['real_ip_trusted_addresses'] = [] +# nginx['real_ip_header'] = nil +# nginx['real_ip_recursive'] = nil +# nginx['custom_error_pages'] = { +# '404' => { +# 'title' => 'Example title', +# 'header' => 'Example header', +# 'message' => 'Example message' +# } +# } + +### Advanced settings +# nginx['dir'] = "/var/opt/gitlab/nginx" +# nginx['log_directory'] = "/var/log/gitlab/nginx" +# nginx['worker_processes'] = 4 +# nginx['worker_connections'] = 10240 +# nginx['log_format'] = '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"' +# nginx['sendfile'] = 'on' +# nginx['tcp_nopush'] = 'on' +# nginx['tcp_nodelay'] = 'on' +# nginx['gzip'] = "on" +# nginx['gzip_http_version'] = "1.0" +# nginx['gzip_comp_level'] = "2" +# nginx['gzip_proxied'] = "any" +# nginx['gzip_types'] = [ "text/plain", "text/css", "application/x-javascript", "text/xml", "application/xml", "application/xml+rss", "text/javascript", "application/json" ] +# nginx['keepalive_timeout'] = 65 +# nginx['cache_max_size'] = '5000m' +# nginx['server_names_hash_bucket_size'] = 64 + +### Nginx status +# nginx['status'] = { +# "enable" => true, +# "listen_addresses" => ["127.0.0.1"], +# "fqdn" => "dev.example.com", +# "port" => 9999, +# "options" => { +# "stub_status" => "on", # Turn on stats +# "server_tokens" => "off", # Don't show the version of NGINX +# "access_log" => "off", # Disable logs for stats +# "allow" => "127.0.0.1", # Only allow access from localhost +# "deny" => "all" # Deny access to anyone else +# } +# } + +################################################################################ +## GitLab Logging +##! Docs: https://docs.gitlab.com/omnibus/settings/logs.html +################################################################################ + +# logging['svlogd_size'] = 200 * 1024 * 1024 # rotate after 200 MB of log data +# logging['svlogd_num'] = 30 # keep 30 rotated log files +# logging['svlogd_timeout'] = 24 * 60 * 60 # rotate after 24 hours +# logging['svlogd_filter'] = "gzip" # compress logs with gzip +# logging['svlogd_udp'] = nil # transmit log messages via UDP +# logging['svlogd_prefix'] = nil # custom prefix for log messages +# logging['logrotate_frequency'] = "daily" # rotate logs daily +# logging['logrotate_size'] = nil # do not rotate by size by default +# logging['logrotate_rotate'] = 30 # keep 30 rotated logs +# logging['logrotate_compress'] = "compress" # see 'man logrotate' +# logging['logrotate_method'] = "copytruncate" # see 'man logrotate' +# logging['logrotate_postrotate'] = nil # no postrotate command by default +# logging['logrotate_dateformat'] = nil # use date extensions for rotated files rather than numbers e.g. a value of "-%Y-%m-%d" would give rotated files like production.log-2016-03-09.gz + +### UDP log forwarding +##! Docs: http://docs.gitlab.com/omnibus/settings/logs.html#udp-log-forwarding + +##! remote host to ship log messages to via UDP +# logging['udp_log_shipping_host'] = nil + +##! override the hostname used when logs are shipped via UDP, +## by default the system hostname will be used. +# logging['udp_log_shipping_hostname'] = nil + +##! remote port to ship log messages to via UDP +# logging['udp_log_shipping_port'] = 514 + +################################################################################ +## Logrotate +##! Docs: https://docs.gitlab.com/omnibus/settings/logs.html#logrotate +##! You can disable built in logrotate feature. +################################################################################ +# logrotate['enable'] = true + +################################################################################ +## Users and groups accounts +##! Disable management of users and groups accounts. +##! **Set only if creating accounts manually** +##! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#disable-user-and-group-account-management +################################################################################ + +# manage_accounts['enable'] = false + +################################################################################ +## Storage directories +##! Disable managing storage directories +##! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#disable-storage-directories-management +################################################################################ + +##! **Set only if the select directories are created manually** +# manage_storage_directories['enable'] = false +# manage_storage_directories['manage_etc'] = false + +################################################################################ +## Runtime directory +##! Docs: https://docs.gitlab.com//omnibus/settings/configuration.html#configuring-runtime-directory +################################################################################ + +# runtime_dir '/run' + +################################################################################ +## Git +##! Advanced setting for configuring git system settings for omnibus-gitlab +##! internal git +################################################################################ + +##! For multiple options under one header use array of comma separated values, +##! eg.: +##! { "receive" => ["fsckObjects = true"], "alias" => ["st = status", "co = checkout"] } + +# omnibus_gitconfig['system'] = { +# "pack" => ["threads = 1"], +# "receive" => ["fsckObjects = true", "advertisePushOptions = true"], +# "repack" => ["writeBitmaps = true"], +# "transfer" => ["hideRefs=^refs/tmp/", "hideRefs=^refs/keep-around/"], +# } + +################################################################################ +## GitLab Pages +##! Docs: https://docs.gitlab.com/ce/pages/administration.html +################################################################################ + +##! Define to enable GitLab Pages +# pages_external_url "http://pages.example.com/" +# gitlab_pages['enable'] = false + +##! Configure to expose GitLab Pages on external IP address, serving the HTTP +# gitlab_pages['external_http'] = [] + +##! Configure to expose GitLab Pages on external IP address, serving the HTTPS +# gitlab_pages['external_https'] = [] + +##! Configure to enable health check endpoint on GitLab Pages +# gitlab_pages['status_uri'] = "/@status" + +# gitlab_pages['listen_proxy'] = "localhost:8090" +# gitlab_pages['redirect_http'] = true +# gitlab_pages['use_http2'] = true +# gitlab_pages['dir'] = "/var/opt/gitlab/gitlab-pages" +# gitlab_pages['log_directory'] = "/var/log/gitlab/gitlab-pages" + +# gitlab_pages['artifacts_server'] = true +# gitlab_pages['artifacts_server_url'] = nil # Defaults to external_url + '/api/v4' +# gitlab_pages['artifacts_server_timeout'] = 10 + +##! Prometheus metrics for Pages docs: https://gitlab.com/gitlab-org/gitlab-pages/#enable-prometheus-metrics +# gitlab_pages['metrics_address'] = ":9235" + +################################################################################ +## GitLab Pages NGINX +################################################################################ + +# All the settings defined in the "GitLab Nginx" section are also available in this "GitLab Pages NGINX" section +# You just have to change the key "nginx['some_settings']" with "pages_nginx['some_settings']" + +# Below you can find settings that are exclusive to "GitLab Pages NGINX" +# pages_nginx['enable'] = false + +# gitlab_rails['pages_path'] = "/var/opt/gitlab/gitlab-rails/shared/pages" + +################################################################################ +## GitLab CI +##! Docs: https://docs.gitlab.com/ce/ci/quick_start/README.html +################################################################################ + +# gitlab_ci['gitlab_ci_all_broken_builds'] = true +# gitlab_ci['gitlab_ci_add_pusher'] = true +# gitlab_ci['builds_directory'] = '/var/opt/gitlab/gitlab-ci/builds' + +################################################################################ +## GitLab Mattermost +##! Docs: https://docs.gitlab.com/omnibus/gitlab-mattermost +################################################################################ + +# mattermost_external_url 'http://mattermost.example.com' + +# mattermost['enable'] = false +# mattermost['username'] = 'mattermost' +# mattermost['group'] = 'mattermost' +# mattermost['uid'] = nil +# mattermost['gid'] = nil +# mattermost['home'] = '/var/opt/gitlab/mattermost' +# mattermost['database_name'] = 'mattermost_production' +# mattermost['env'] = {} + +# mattermost['service_use_ssl'] = false +# mattermost['service_address'] = "127.0.0.1" +# mattermost['service_port'] = "8065" +# mattermost['service_site_url'] = nil +# mattermost['service_maximum_login_attempts'] = 10 +# mattermost['service_google_developer_key'] = nil +# mattermost['service_enable_incoming_webhooks'] = true +# mattermost['service_enable_post_username_override'] = true +# mattermost['service_enable_post_icon_override'] = true +# mattermost['service_enable_testing'] = false +# mattermost['service_enable_security_fix_alert'] = true +# mattermost['service_enable_insecure_outgoing_connections'] = false +# mattermost['service_allowed_untrusted_internal_connections'] = "" +# mattermost['service_allow_cors_from'] = "" +# mattermost['service_enable_outgoing_webhooks'] = true +# mattermost['service_enable_commands'] = true +# mattermost['service_enable_custom_emoji'] = false +# mattermost['service_enable_only_admin_integrations'] = true +# mattermost['service_enable_oauth_service_provider'] = false +# mattermost['service_enable_developer'] = false +# mattermost['service_session_length_web_in_days'] = 30 +# mattermost['service_session_length_mobile_in_days'] = 30 +# mattermost['service_session_length_sso_in_days'] = 30 +# mattermost['service_session_cache_in_minutes'] = 10 +# mattermost['service_connection_security'] = nil +# mattermost['service_tls_cert_file'] = nil +# mattermost['service_tls_key_file'] = nil +# mattermost['service_use_lets_encrypt'] = false +# mattermost['service_lets_encrypt_cert_cache_file'] = "./config/letsencrypt.cache" +# mattermost['service_forward_80_to_443'] = false +# mattermost['service_read_timeout'] = 300 +# mattermost['service_write_timeout'] = 300 +# mattermost['service_time_between_user_typing_updates_milliseconds'] = 5000 +# mattermost['service_enable_link_previews'] = false +# mattermost['service_enable_user_typing_messages'] = true +# mattermost['service_enable_post_search'] = true +# mattermost['service_enable_user_statuses'] = true +# mattermost['service_enable_emoji_picker'] = true +# mattermost['service_enable_channel_viewed_messages'] = true +# mattermost['service_enable_apiv3'] = true +# mattermost['service_goroutine_health_threshold'] = -1 +# mattermost['service_user_access_tokens'] = false +# mattermost['service_enable_preview_features'] = true +# mattermost['service_close_unused_direct_messages'] = false + +# mattermost['team_site_name'] = "GitLab Mattermost" +# mattermost['team_max_users_per_team'] = 150 +# mattermost['team_enable_team_creation'] = true +# mattermost['team_enable_user_creation'] = true +# mattermost['team_enable_open_server'] = false +# mattermost['team_allow_public_link'] = true +# mattermost['team_allow_valet_default'] = false +# mattermost['team_restrict_creation_to_domains'] = "gmail.com" +# mattermost['team_restrict_team_names'] = true +# mattermost['team_restrict_direct_message'] = "any" +# mattermost['team_max_channels_per_team'] = 2000 +# mattermost['team_enable_x_to_leave_channels_from_lhs'] = false +# mattermost['team_user_status_away_timeout'] = 300 +# mattermost['team_enable_confirm_notifications_to_channel'] = true +# mattermost['team_teammate_name_display'] = "full_name" + +# mattermost['sql_driver_name'] = 'mysql' +# mattermost['sql_data_source'] = "mmuser:mostest@tcp(dockerhost:3306)/mattermost_test?charset=utf8mb4,utf8" +# mattermost['sql_data_source_replicas'] = ["mmuser:mostest@tcp(dockerhost:3306)/mattermost_test?charset=utf8mb4,utf8"] +# mattermost['sql_max_idle_conns'] = 10 +# mattermost['sql_max_open_conns'] = 10 +# mattermost['sql_trace'] = false +# mattermost['sql_data_source_search_replicas'] = [] +# mattermost['sql_query_timeout'] = 30 + +# mattermost['log_file_directory'] = '/var/log/gitlab/mattermost/' +# mattermost['log_console_enable'] = true +# mattermost['log_console_level'] = 'INFO' +# mattermost['log_enable_file'] = false +# mattermost['log_file_level'] = 'INFO' +# mattermost['log_file_format'] = nil +# mattermost['log_enable_diagnostics'] = true + +# mattermost['gitlab_enable'] = false +# mattermost['gitlab_id'] = "12345656" +# mattermost['gitlab_secret'] = "123456789" +# mattermost['gitlab_scope'] = "" +# mattermost['gitlab_auth_endpoint'] = "http://gitlab.example.com/oauth/authorize" +# mattermost['gitlab_token_endpoint'] = "http://gitlab.example.com/oauth/token" +# mattermost['gitlab_user_api_endpoint'] = "http://gitlab.example.com/api/v4/user" + +# mattermost['aws'] = {'S3AccessKeyId' => '123', 'S3SecretAccessKey' => '123', 'S3Bucket' => 'aa', 'S3Region' => 'bb'} + +# mattermost['email_enable_sign_up_with_email'] = true +# mattermost['email_enable_sign_in_with_email'] = true +# mattermost['email_enable_sign_in_with_username'] = false +# mattermost['email_send_email_notifications'] = false +# mattermost['email_use_channel_in_email_notifications'] = true +# mattermost['email_require_email_verification'] = false +# mattermost['email_smtp_username'] = nil +# mattermost['email_smtp_password'] = nil +# mattermost['email_smtp_server'] = nil +# mattermost['email_smtp_port'] = nil +# mattermost['email_connection_security'] = nil +# mattermost['email_feedback_name'] = nil +# mattermost['email_feedback_email'] = nil +# mattermost['email_feedback_organization'] = nil +# mattermost['email_send_push_notifications'] = true +# mattermost['email_push_notification_server'] = "" +# mattermost['email_push_notification_contents'] = "generic" +# mattermost['email_enable_batching'] = false +# mattermost['email_batching_buffer_size'] = 256 +# mattermost['email_batching_interval'] = 30 +# mattermost['email_skip_server_certificate_verification'] = false +# mattermost['email_smtp_auth'] = false +# mattermost['email_notification_content_type'] = "full" +# mattermost['email_login_button_color'] = "" +# mattermost['email_login_button_border_color'] = "" +# mattermost['email_login_button_text_color'] = "" + +# mattermost['file_max_file_size'] = 52428800 +# mattermost['file_driver_name'] = "local" +# mattermost['file_directory'] = "/var/opt/gitlab/mattermost/data" +# mattermost['file_enable_public_link'] = true +# mattermost['file_initial_font'] = 'luximbi.ttf' +# mattermost['file_amazon_s3_access_key_id'] = nil +# mattermost['file_amazon_s3_bucket'] = nil +# mattermost['file_amazon_s3_secret_access_key'] = nil +# mattermost['file_amazon_s3_region'] = nil +# mattermost["file_amazon_s3_endpoint"] = nil +# mattermost["file_amazon_s3_bucket_endpoint"] = nil +# mattermost["file_amazon_s3_location_constraint"] = false +# mattermost["file_amazon_s3_lowercase_bucket"] = false +# mattermost["file_amazon_s3_ssl"] = true +# mattermost["file_amazon_s3_sign_v2"] = false +# mattermost['file_enable_file_attachments'] = true +# mattermost["file_amazon_s3_trace"] = false + +# mattermost['ratelimit_enable_rate_limiter'] = false +# mattermost['ratelimit_per_sec'] = 10 +# mattermost['ratelimit_memory_store_size'] = 10000 +# mattermost['ratelimit_vary_by_remote_addr'] = true +# mattermost['ratelimit_vary_by_header'] = nil +# mattermost['ratelimit_max_burst'] = 100 + +# mattermost['support_terms_of_service_link'] = "https://about.mattermost.com/default-terms/" +# mattermost['support_privacy_policy_link'] = "https://about.mattermost.com/default-privacy-policy/" +# mattermost['support_about_link'] = "https://about.mattermost.com/default-about/" +# mattermost['support_help_link'] = "https://about.mattermost.com/default-help/" +# mattermost['support_report_a_problem_link'] = "https://about.mattermost.com/default-report-a-problem/" +# mattermost['support_email'] = "support@example.com" + +# mattermost['privacy_show_email_address'] = true +# mattermost['privacy_show_full_name'] = true + +# mattermost['localization_server_locale'] = "en" +# mattermost['localization_client_locale'] = "en" +# mattermost['localization_available_locales'] = "en,es,fr,ja,pt-BR" + +# mattermost['webrtc_enable'] = false +# mattermost['webrtc_gateway_websocket_url'] = nil +# mattermost['webrtc_gateway_admin_url'] = nil +# mattermost['webrtc_gateway_admin_secret'] = nil +# mattermost['webrtc_gateway_stun_uri'] = nil +# mattermost['webrtc_gateway_turn_uri'] = nil +# mattermost['webrtc_gateway_turn_username'] = nil +# mattermost['webrtc_gateway_turn_shared_key'] = nil + +# mattermost['job_run_jobs'] = true +# mattermost['job_run_scheduler'] = true + +# mattermost['plugin_enable'] = true +# mattermost['plugin_enable_uploads'] = false +# mattermost['plugin_directory'] = "/var/opt/gitlab/mattermost/plugins" +# mattermost['plugin_client_directory'] = "/var/opt/gitlab/mattermost/client-plugins" +# mattermost['plugin_plugins'] = {} +# mattermost['plugin_plugin_states'] = {} + +################################################################################ +## Mattermost NGINX +################################################################################ + +# All the settings defined in the "GitLab NGINX" section are also available in this "Mattermost NGINX" section +# You just have to change the key "nginx['some_settings']" with "mattermost_nginx['some_settings']" + +# Below you can find settings that are exclusive to "Mattermost NGINX" +# mattermost_nginx['enable'] = false + +# mattermost_nginx['custom_gitlab_mattermost_server_config'] = "location ^~ /foo-namespace/bar-project/raw/ {\n deny all;\n}\n" +# mattermost_nginx['proxy_set_headers'] = { +# "Host" => "$http_host", +# "X-Real-IP" => "$remote_addr", +# "X-Forwarded-For" => "$proxy_add_x_forwarded_for", +# "X-Frame-Options" => "SAMEORIGIN", +# "X-Forwarded-Proto" => "https", +# "X-Forwarded-Ssl" => "on", +# "Upgrade" => "$http_upgrade", +# "Connection" => "$connection_upgrade" +# } + + +################################################################################ +## Registry NGINX +################################################################################ + +# All the settings defined in the "GitLab NGINX" section are also available in this "Registry NGINX" section +# You just have to change the key "nginx['some_settings']" with "registry_nginx['some_settings']" + +# Below you can find settings that are exclusive to "Registry NGINX" +# registry_nginx['enable'] = false + +# registry_nginx['proxy_set_headers'] = { +# "Host" => "$http_host", +# "X-Real-IP" => "$remote_addr", +# "X-Forwarded-For" => "$proxy_add_x_forwarded_for", +# "X-Forwarded-Proto" => "https", +# "X-Forwarded-Ssl" => "on" +# } + +################################################################################ +## Prometheus +##! Docs: https://docs.gitlab.com/ce/administration/monitoring/prometheus/ +################################################################################ + +# prometheus['enable'] = true +# prometheus['monitor_kubernetes'] = true +# prometheus['username'] = 'gitlab-prometheus' +# prometheus['uid'] = nil +# prometheus['gid'] = nil +# prometheus['shell'] = '/bin/sh' +# prometheus['home'] = '/var/opt/gitlab/prometheus' +# prometheus['log_directory'] = '/var/log/gitlab/prometheus' +# prometheus['scrape_interval'] = 15 +# prometheus['scrape_timeout'] = 15 +# prometheus['chunk_encoding_version'] = 2 +# +### Custom scrape configs +# +# Prometheus can scrape additional jobs via scrape_configs. The default automatically +# includes all of the exporters supported by the omnibus config. +# +# See: https://prometheus.io/docs/operating/configuration/# +# +# Example: +# +# prometheus['scrape_configs'] = [ +# { +# 'job_name': 'example', +# 'static_configs' => [ +# 'targets' => ['hostname:port'], +# ], +# }, +# ] +# +### Prometheus Memory Management +# +# Prometheus needs to be configured for how much memory is used. +# * This sets the target heap size. +# * This value accounts for approximately 2/3 of the memory used by the server. +# * The recommended memory is 4kb per unique metrics time-series. +# See: https://prometheus.io/docs/operating/storage/#memory-usage +# +# prometheus['target_heap_size'] = ( +# # Use 25mb + 2% of total memory for Prometheus memory. +# 26_214_400 + (node['memory']['total'].to_i * 1024 * 0.02 ) +# ).to_i +# +# prometheus['flags'] = { +# 'storage.local.path' => "#{node['gitlab']['prometheus']['home']}/data", +# 'storage.local.chunk-encoding-version' => user_config['chunk-encoding-version'], +# 'storage.local.target-heap-size' => node['gitlab']['prometheus']['target-heap-size'], +# 'config.file' => "#{node['gitlab']['prometheus']['home']}/prometheus.yml" +# } + +##! Advanced settings. Should be changed only if absolutely needed. +# prometheus['listen_address'] = 'localhost:9090' + +################################################################################ +## Prometheus Node Exporter +##! Docs: https://docs.gitlab.com/ce/administration/monitoring/prometheus/node_exporter.html +################################################################################ + +# node_exporter['enable'] = true +# node_exporter['home'] = '/var/opt/gitlab/node-exporter' +# node_exporter['log_directory'] = '/var/log/gitlab/node-exporter' +# node_exporter['flags'] = { +# 'collector.textfile.directory' => "#{node['gitlab']['node-exporter']['home']}/textfile_collector" +# } + +##! Advanced settings. Should be changed only if absolutely needed. +# node_exporter['listen_address'] = 'localhost:9100' + +################################################################################ +## Prometheus Redis exporter +##! Docs: https://docs.gitlab.com/ce/administration/monitoring/prometheus/redis_exporter.html +################################################################################ + +# redis_exporter['enable'] = true +# redis_exporter['log_directory'] = '/var/log/gitlab/redis-exporter' +# redis_exporter['flags'] = { +# 'redis.addr' => "unix://#{node['gitlab']['gitlab-rails']['redis_socket']}", +# } + +##! Advanced settings. Should be changed only if absolutely needed. +# redis_exporter['listen_address'] = 'localhost:9121' + +################################################################################ +## Prometheus Postgres exporter +##! Docs: https://docs.gitlab.com/ce/administration/monitoring/prometheus/postgres_exporter.html +################################################################################ + +# postgres_exporter['enable'] = true +# postgres_exporter['home'] = '/var/opt/gitlab/postgres-exporter' +# postgres_exporter['log_directory'] = '/var/log/gitlab/postgres-exporter' +# postgres_exporter['flags'] = {} +# postgres_exporter['listen_address'] = 'localhost:9187' + +################################################################################ +## Prometheus Gitlab monitor +##! Docs: https://docs.gitlab.com/ce/administration/monitoring/prometheus/gitlab_monitor_exporter.html +################################################################################ + + +# gitlab_monitor['enable'] = true +# gitlab_monitor['log_directory'] = "/var/log/gitlab/gitlab-monitor" +# gitlab_monitor['home'] = "/var/opt/gitlab/gitlab-monitor" + +##! Advanced settings. Should be changed only if absolutely needed. +# gitlab_monitor['listen_address'] = 'localhost' +# gitlab_monitor['listen_port'] = '9168' + +# To completely disable prometheus, and all of it's exporters, set to false +# prometheus_monitoring['enable'] = true + +################################################################################ +## Gitaly +##! Docs: +################################################################################ + + +# gitaly['enable'] = false +# gitaly['dir'] = "/var/opt/gitlab/gitaly" +# gitaly['log_directory'] = "/var/log/gitlab/gitaly" +# gitaly['bin_path'] = "/opt/gitlab/embedded/bin/gitaly" +# gitaly['env_directory'] = "/opt/gitlab/etc/gitaly" +# gitaly['env'] = { +# 'PATH' => "/opt/gitlab/bin:/opt/gitlab/embedded/bin:/bin:/usr/bin", +# 'HOME' => '/var/opt/gitlab' +# } +# gitaly['socket_path'] = "/var/opt/gitlab/gitaly/gitaly.socket" +# gitaly['listen_addr'] = "localhost:8075" +# gitaly['prometheus_listen_addr'] = "localhost:9236" +# gitaly['logging_format'] = "json" +# gitaly['logging_sentry_dsn'] = "https://:@sentry.io/" +# gitaly['prometheus_grpc_latency_buckets'] = "[0.001, 0.005, 0.025, 0.1, 0.5, 1.0, 10.0, 30.0, 60.0, 300.0, 1500.0]" +# gitaly['auth_token'] = '' +# gitaly['auth_transitioning'] = false # When true, auth is logged to Prometheus but NOT enforced +# gitaly['ruby_max_rss'] = 300000000 # RSS threshold in bytes for triggering a gitaly-ruby restart +# gitaly['ruby_graceful_restart_timeout'] = '10m' # Grace time for a gitaly-ruby process to finish ongoing requests +# gitaly['ruby_restart_delay'] = '5m' # Period of sustained high RSS that needs to be observed before restarting gitaly-ruby +# gitaly['storage'] = [ +# { +# 'name' => 'default', +# 'path' => '/tmp/path-1' +# }, +# { +# 'name' => 'nfs1', +# 'path' => '/mnt/nfs1' +# } +# ] +# gitaly['concurrency'] = [ +# { +# 'rpc' => "/gitaly.SmartHTTPService/PostReceivePack", +# 'max_per_repo' => 20 +# }, { +# 'rpc' => "/gitaly.SSHService/SSHUploadPack", +# 'max_per_repo' => 5 +# } +# ] + +################################################################################ +# Storage check +################################################################################ +# storage_check['enable'] = false +# storage_check['target'] = 'unix:///var/opt/gitlab/gitlab-rails/sockets/gitlab.socket' +# storage_check['log_directory'] = '/var/log/gitlab/storage-check' + +################################################################################ +# Let's Encrypt integration +################################################################################ +letsencrypt['enable'] = true +letsencrypt['contact_emails'] = ['ips@timschubert.net'] # This should be an array of email addresses to add as contacts +# letsencrypt['group'] = 'root' +# letsencrypt['key_size'] = 2048 +# letsencrypt['owner'] = 'root' +# letsencrypt['wwwroot'] = '/var/opt/gitlab/nginx/www' + +################################################################################ +################################################################################ +## Configuration Settings for GitLab EE only ## +################################################################################ +################################################################################ + + +################################################################################ +## Auxiliary cron jobs applicable to GitLab EE only +################################################################################ +# +# gitlab_rails['geo_file_download_dispatch_worker_cron'] = "*/10 * * * *" +# gitlab_rails['geo_repository_sync_worker_cron'] = "*/5 * * * *" +# gitlab_rails['ldap_sync_worker_cron'] = "30 1 * * *" +# gitlab_rails['ldap_group_sync_worker_cron'] = "0 * * * *" +# gitlab_rails['historical_data_worker_cron'] = "0 12 * * *" + +################################################################################ +## Kerberos (EE Only) +##! Docs: https://docs.gitlab.com/ee/integration/kerberos.html#http-git-access +################################################################################ + +# gitlab_rails['kerberos_enabled'] = true +# gitlab_rails['kerberos_keytab'] = /etc/http.keytab +# gitlab_rails['kerberos_service_principal_name'] = HTTP/gitlab.example.com@EXAMPLE.COM +# gitlab_rails['kerberos_use_dedicated_port'] = true +# gitlab_rails['kerberos_port'] = 8443 +# gitlab_rails['kerberos_https'] = true + +################################################################################ +## GitLab Sentinel (EE Only) +##! Docs: http://docs.gitlab.com/ce/administration/high_availability/redis.html#high-availability-with-sentinel +################################################################################ + +##! **Make sure you configured all redis['master_*'] keys above before +##! continuing.** + +##! To enable Sentinel and disable all other services in this machine, +##! uncomment the line below (if you've enabled Redis role, it will keep it). +##! Docs: https://docs.gitlab.com/ce/administration/high_availability/redis.html +# redis_sentinel_role['enable'] = true + +# sentinel['enable'] = true + +##! Bind to all interfaces, uncomment to specify an IP and bind to a single one +# sentinel['bind'] = '0.0.0.0' + +##! Uncomment to change default port +# sentinel['port'] = 26379 + +##! Quorum must reflect the amount of voting sentinels it take to start a +##! failover. +##! **Value must NOT be greater then the amount of sentinels.** +##! The quorum can be used to tune Sentinel in two ways: +##! 1. If a the quorum is set to a value smaller than the majority of Sentinels +##! we deploy, we are basically making Sentinel more sensible to master +##! failures, triggering a failover as soon as even just a minority of +##! Sentinels is no longer able to talk with the master. +##! 2. If a quorum is set to a value greater than the majority of Sentinels, we +##! are making Sentinel able to failover only when there are a very large +##! number (larger than majority) of well connected Sentinels which agree +##! about the master being down. +# sentinel['quorum'] = 1 + +### Consider unresponsive server down after x amount of ms. +# sentinel['down_after_milliseconds'] = 10000 + +### Specifies the failover timeout in milliseconds. +##! It is used in many ways: +##! +##! - The time needed to re-start a failover after a previous failover was +##! already tried against the same master by a given Sentinel, is two +##! times the failover timeout. +##! +##! - The time needed for a slave replicating to a wrong master according +##! to a Sentinel current configuration, to be forced to replicate +##! with the right master, is exactly the failover timeout (counting since +##! the moment a Sentinel detected the misconfiguration). +##! +##! - The time needed to cancel a failover that is already in progress but +##! did not produced any configuration change (SLAVEOF NO ONE yet not +##! acknowledged by the promoted slave). +##! +##! - The maximum time a failover in progress waits for all the slaves to be +##! reconfigured as slaves of the new master. However even after this time +##! the slaves will be reconfigured by the Sentinels anyway, but not with +##! the exact parallel-syncs progression as specified. +# sentinel['failover_timeout'] = 60000 + +################################################################################ +## GitLab Sidekiq Cluster (EE only) +################################################################################ + +##! GitLab Enterprise Edition allows one to start an extra set of Sidekiq processes +##! besides the default one. These processes can be used to consume a dedicated set +##! of queues. This can be used to ensure certain queues always have dedicated +##! workers, no matter the amount of jobs that need to be processed. + +# sidekiq_cluster['enable'] = false +# sidekiq_cluster['ha'] = false +# sidekiq_cluster['log_directory'] = "/var/log/gitlab/sidekiq-cluster" +# sidekiq_cluster['interval'] = 5 # The number of seconds to wait between worker checks + +##! Each entry in the queue_groups array denotes a group of queues that have to be processed by a +##! Sidekiq process. Multiple queues can be processed by the same process by +##! separating them with a comma within the group entry + +# sidekiq_cluster['queue_groups'] = [ +# "process_commit,post_receive", +# "gitlab_shell" +# ] +# + +##! If negate is enabled then sidekiq-cluster will process all the queues that +##! don't match those in queue_groups. + +# sidekiq_cluster['negate'] = false + +################################################################################ +## Additional Database Settings (EE only) +##! Docs: https://docs.gitlab.com/ee/administration/database_load_balancing.html +################################################################################ +# gitlab_rails['db_load_balancing'] = { 'hosts' => ['secondary1.example.com'] } + +################################################################################ +## GitLab Geo +##! Docs: https://docs.gitlab.com/ee/gitlab-geo +################################################################################ +# geo_primary_role['enable'] = false +# geo_secondary_role['enable'] = false + +################################################################################ +## GitLab Geo Secondary (EE only) +################################################################################ +# geo_secondary['auto_migrate'] = true +# geo_secondary['db_adapter'] = "postgresql" +# geo_secondary['db_encoding'] = "unicode" +# geo_secondary['db_collation'] = nil +# geo_secondary['db_database'] = "gitlabhq_geo_production" +# geo_secondary['db_pool'] = 10 +# geo_secondary['db_username'] = "gitlab_geo" +# geo_secondary['db_password'] = nil +# geo_secondary['db_host'] = "/var/opt/gitlab/geo-postgresql" +# geo_secondary['db_port'] = 5431 +# geo_secondary['db_socket'] = nil +# geo_secondary['db_sslmode'] = nil +# geo_secondary['db_sslrootcert'] = nil +# geo_secondary['db_sslca'] = nil +# geo_secondary['db_fdw'] = nil + +################################################################################ +## GitLab Geo Secondary Tracking Database (EE only) +################################################################################ + +# geo_postgresql['enable'] = false +# geo_postgresql['ha'] = false +# geo_postgresql['dir'] = '/var/opt/gitlab/geo-postgresql' +# geo_postgresql['data_dir'] = '/var/opt/gitlab/geo-postgresql/data' + +################################################################################ +# Pgbouncer (EE only) +# See [GitLab PgBouncer documentation](http://docs.gitlab.com/omnibus/settings/database.html#enabling-pgbouncer-ee-only) +# See the [PgBouncer page](https://pgbouncer.github.io/config.html) for details +################################################################################ +# pgbouncer['enable'] = false +# pgbouncer['log_directory'] = '/var/log/gitlab/pgbouncer' +# pgbouncer['data_directory'] = '/var/opt/gitlab/pgbouncer' +# pgbouncer['listen_addr'] = '0.0.0.0' +# pgbouncer['listen_port'] = '6432' +# pgbouncer['pool_mode'] = 'transaction' +# pgbouncer['server_reset_query'] = 'DISCARD ALL' +# pgbouncer['application_name_add_host'] = '1' +# pgbouncer['max_client_conn'] = '2048' +# pgbouncer['default_pool_size'] = '100' +# pgbouncer['min_pool_size'] = '0' +# pgbouncer['reserve_pool_size'] = '5' +# pgbouncer['reserve_pool_timeout'] = '5.0' +# pgbouncer['server_round_robin'] = '0' +# pgbouncer['log_connections'] = '0' +# pgbouncer['server_idle_timeout'] = '30' +# pgbouncer['dns_max_ttl'] = '15.0' +# pgbouncer['dns_zone_check_period'] = '0' +# pgbouncer['dns_nxdomain_ttl'] = '15.0' +# pgbouncer['admin_users'] = %w(gitlab-psql postgres pgbouncer) +# pgbouncer['stats_users'] = %w(gitlab-psql postgres pgbouncer) +# pgbouncer['ignore_startup_parameters'] = 'extra_float_digits' +# pgbouncer['databases'] = { +# DATABASE_NAME: { +# host: HOSTNAME, +# port: PORT +# user: USERNAME, +# password: PASSWORD +###! generate this with `echo -n '$password + $username' | md5sum` +# } +# ... +# } +# pgbouncer['logfile'] = nil +# pgbouncer['auth_type'] = 'md5' +# pgbouncer['auth_hba_file'] = nil +# pgbouncer['auth_query'] = 'SELECT username, password FROM public.pg_shadow_lookup($1)' +# pgbouncer['users'] = { +# { +# name: USERNAME, +# password: MD5_PASSWORD_HASH +# } +# } +# postgresql['pgbouncer_user'] = nil +# postgresql['pgbouncer_user_password'] = nil +# + +################################################################################ +# Repmgr (EE only) +################################################################################ +# repmgr['enable'] = false +# repmgr['cluster'] = 'gitlab_cluster' +# repmgr['database'] = 'gitlab_repmgr' +# repmgr['host'] = nil +# repmgr['node_number'] = nil +# repmgr['port'] = 5432 +# repmgr['trust_auth_cidr_addresses'] = [] +# repmgr['user'] = 'gitlab_repmgr' +# repmgr['failover'] = 'automatic' +# repmgr['log_directory'] = '/var/log/gitlab/repmgrd' +# repmgr['node_name'] = nil +# repmgr['pg_bindir'] = '/opt/gitlab/embedded/bin' +# repmgr['service_start_command'] = '/opt/gitlab/bin/gitlab-ctl start postgresql' +# repmgr['service_stop_command'] = '/opt/gitlab/bin/gitlab-ctl stop postgresql' +# repmgr['service_reload_command'] = '/opt/gitlab/bin/gitlab-ctl hup postgresql' +# repmgr['service_restart_command'] = '/opt/gitlab/bin/gitlab-ctl restart postgresql' +# repmgr['service_promote_command'] = nil +# repmgr['promote_command'] = '/opt/gitlab/embedded/bin/repmgr standby promote -f /var/opt/gitlab/postgresql/repmgr.conf' +# repmgr['follow_command'] = '/opt/gitlab/embedded/bin/repmgr standby follow -f /var/opt/gitlab/postgresql/repmgr.conf' + +# repmgr['upstream_node'] = nil +# repmgr['use_replication_slots'] = false +# repmgr['loglevel'] = 'INFO' +# repmgr['logfacility'] = 'STDERR' +# repmgr['logfile'] = nil + +# repmgr['event_notification_command'] = nil +# repmgr['event_notifications'] = nil + +# repmgr['rsync_options'] = nil +# repmgr['ssh_options'] = nil +# repmgr['priority'] = nil + +# repmgr['retry_promote_interval_secs'] = 300 +# repmgr['witness_repl_nodes_sync_interval_secs'] = 15 +# repmgr['reconnect_attempts'] = 6 +# repmgr['reconnect_interval'] = 10 +# repmgr['monitor_interval_secs'] = 2 +# repmgr['master_response_timeout'] = 60 +# repmgr['daemon'] = true +# repmgrd['enable'] = true + +################################################################################ +# Consul (EEP only) +################################################################################ +# consul['enable'] = false +# consul['dir'] = '/var/opt/gitlab/consul' +# consul['user'] = 'gitlab-consul' +# consul['config_file'] = '/var/opt/gitlab/consul/config.json' +# consul['config_dir'] = '/var/opt/gitlab/consul/config.d' +# consul['data_dir'] = '/var/opt/gitlab/consul/data' +# consul['log_directory'] = '/var/log/gitlab/consul' +# consul['node_name'] = nil +# consul['script_directory'] = '/var/opt/gitlab/consul/scripts' +# consul['configuration'] = { +# 'client_addr' => nil, +# 'datacenter' => 'gitlab_consul', +# 'enable_script_checks' => true, +# 'server' => false +# } +# consul['services'] = [] +# consul['service_config'] = { +# 'postgresql' => { +# 'service' => { +# 'name' => "postgresql", +# 'address' => '', +# 'port' => 5432, +# 'checks' => [ +# { +# 'script' => "/var/opt/gitlab/consul/scripts/check_postgresql", +# 'interval' => "10s" +# } +# ] +# } +# } +# } +# consul['watchers'] = { +# 'postgresql' => { +# enable: false, +# handler: 'failover_pgbouncer' +# } +# } diff --git a/python-gitlab.cfg b/python-gitlab.cfg new file mode 100644 index 0000000..50b7e1b --- /dev/null +++ b/python-gitlab.cfg @@ -0,0 +1,7 @@ +[global] +default = ips +ssl_verify = true + +[ips] +url = https://ips1.ibr.cs.tu-bs.de +api_version = 4 diff --git a/src/abgabesystem/commands.py b/src/abgabesystem/commands.py index b5fa625..3406c3d 100644 --- a/src/abgabesystem/commands.py +++ b/src/abgabesystem/commands.py @@ -1,58 +1,38 @@ import os import subprocess -import logging as log +import subprocess -from .students import Student, create_user, enroll_student, get_student_group -from .projects import create_tag, setup_projects +from .students import Student, create_user, get_students +from .projects import create_tag, setup_course from gitlab.exceptions import GitlabCreateError, GitlabGetError -def enroll_students(gl, args): +def create_users(gl, args): """Creates Gitlab users from exported students list - - Args: - gl: API - args: command line arguments """ - - student_group = get_student_group(gl, args.course) - with open(args.students, encoding='iso8859') as students_csv: for student in Student.from_csv(students_csv): try: - user = create_user(gl, student, args.ldap_base, args.ldap_provider) - # TODO this is ugly, should be group of course, but python-gitlab does not cache the query - enroll_student(gl, user, student_group) + create_user(gl, student, args.ldap_base, args.ldap_provider) except GitlabCreateError: log.warn('Failed to create user: %s' % student.user) def projects(gl, args): """Creates the projects for all course participants - - Args: - gl: API - args: command line arguments """ - course = None - for g in gl.groups.list(search=args.course): - if g.name == args.course: - course = g - if course is None: - log.warn('The course does not exist') + groups = gl.groups.list(search=args.course) + if len(groups) == 0 and groups[0].name == args.course: + log.warn('This group does not exist') else: - with open(args.deploy_key, 'r') as key: + group = groups[0] + with open(args.deploy_key, 'r') as key, open(args.students, encoding='iso8859') as students_csv: key = key.read() - setup_projects(gl, course, key) + setup_course(gl, group, students_csv, key) def deadline(gl, args): - """Checks deadlines for course and triggers deadline if it is reached - - Args: - gl: API - args: command line arguments - """ + """Checks deadlines for course and triggers deadline if it is reached""" deadline_name = args.tag_name try: @@ -76,10 +56,6 @@ def deadline(gl, args): def plagiates(gl, args): """Runs the plagiarism checker (JPlag) for the solutions with a certain tag - - Args: - gl: API - args: command line arguments """ solutions_dir = 'input' @@ -107,13 +83,9 @@ def plagiates(gl, args): def course(gl, args): """Creates the group for the course - - Args: - gl: API - args: command line arguments """ try: - gl.groups.create({ + group = gl.groups.create({ 'name': args.course, 'path': args.course, 'visibility': 'internal', diff --git a/src/abgabesystem/course.py b/src/abgabesystem/course.py deleted file mode 100644 index e42493c..0000000 --- a/src/abgabesystem/course.py +++ /dev/null @@ -1,55 +0,0 @@ -import logging as log - - -class InvalidCourse(Exception): - """Raised if the selected course is invalid. - """ - - pass - - -def create_subgroup(gl, name, parent_group): - """Creates a group with `parent_group` as its parent. - - Args: - gl: gitlab API object - name: name of the group to be created - parent_group: parent group of the created group - """ - - log.info("Creating subgroup %s in group %s" % (name, parent_group.name)) - return gl.groups.create({ - "name": name, - "path": name, - "parent_id": parent_group.id - }) - - -def create_students_group(gl, parent_group): - return create_subgroup(gl, "students", parent_group) - - -def create_solutions_group(gl, parent_group): - return create_subgroup(gl, "solutions", parent_group) - - -def create_course(gl, course_name): - """Creates a complete course as required by the `abgabesystem` including - the students and solutions groups. - - Args: - gl: gitlab API object - course_name: name of the course, may contain any characters from - [0-9,a-z,A-Z,_, ] - """ - - group = gl.groups.create({ - "name": course_name, - "path": course_name.lower().replace(" ", "_"), - "visibility": "internal", - }) - log.info("Created group %s" % course_name) - create_students_group(gl, group) - create_solutions_group(gl, group) - - return group diff --git a/src/abgabesystem/projects.py b/src/abgabesystem/projects.py index 2bbed26..4537dc3 100644 --- a/src/abgabesystem/projects.py +++ b/src/abgabesystem/projects.py @@ -1,21 +1,10 @@ -import logging as log - -from gitlab import DEVELOPER_ACCESS from gitlab.exceptions import GitlabError, GitlabCreateError -from .students import enrolled_students -from .course import InvalidCourse, create_solutions_group - def create_tag(project, tag, ref): """Creates protected tag on ref The tag is used by the abgabesystem to mark the state of a solution at the - deadline. - - Args: - project: GIT repository to create the tag in - tag: name of the tag to be created - ref: name of the red (branch / commit) to create the new tag on + deadline """ print('Project %s. Creating tag %s' % (project.path, tag)) @@ -26,17 +15,9 @@ def create_tag(project, tag, ref): }) + def fork_reference(gl, reference, namespace, deploy_key): """Create fork of solutions for student. - - Returns the created project. - - Args: - gl: gitlab API object - reference: project to fork from - namespace: namespace to place the created project into - deploy_key: will be used by the abgabesystem to access the created - project """ fork = reference.forks.create({ @@ -59,14 +40,6 @@ def fork_reference(gl, reference, namespace, deploy_key): def create_project(gl, group, user, reference, deploy_key): """Creates a namespace (subgroup) and forks the project with the reference solutions into that namespace - - Args: - gl: Gitlab API object - group: project will be created in the namespace of this group - user: user to add to the project as a developer - reference: project to fork the new project from - deploy_key: deploy key used by the `abgabesystem` to access the new - project """ subgroup = None @@ -77,18 +50,17 @@ def create_project(gl, group, user, reference, deploy_key): 'path': user.username, 'parent_id': group.id }) - except GitlabCreateError as e: - for g in group.subgroups.list(search=user.username): - if g.name == user.username: - subgroup = gl.groups.get(g.id, lazy=True) - - if subgroup is None: + except GitlabError as e: + subgroups = group.subgroups.list(search=user.username) + if len(subgroups) > 0 and subgroup[0].name == user.username: + subgroup = subgroups[0] + subgroup = gl.groups.get(subgroup.id, lazy=True) + else: raise(e) - try: subgroup.members.create({ 'user_id': user.id, - 'access_level': DEVELOPER_ACCESS, + 'access_level': gitlab.DEVELOPER_ACCESS, }) except GitlabError: log.warning('Failed to add student %s to its own group' % user.username) @@ -99,61 +71,55 @@ def create_project(gl, group, user, reference, deploy_key): log.warning(e.error_message) -def create_reference_solution(gl, namespace): - """Creates a new project for the reference solutions. - - Args: - gl: gitlab API object - namespace: namespace to create the project in (that of the solutions for the course) +def setup_course(gl, group, students_csv, deploy_key): + """Sets up the internal structure for the group for use with the course """ - - - reference_project = gl.projects.create({ - 'name': 'solutions', - 'namespace_id': namespace, - 'visibility': 'internal', - }) - reference_project.commits.create({ - 'branch': 'master', - 'commit_message': 'Initial commit', - 'actions': [ - { - 'action': 'create', - 'file_path': 'README.md', - 'content': 'Example solutions go here', - }, - ] - }) - - return reference_project - - -def setup_projects(gl, course, deploy_key): - """Sets up the internal structure for the group for use with the course. - - Args: - gl: gitlab API object - course: course to set up projects for - deploy_key: will be used to access the solutions from the abgabesystem - """ - - solutions = None - solutions_groups = course.subgroups.list(search='solutions') - for group in solutions_groups: - if group.name == 'solutions': - solutions = gl.groups.get(group.id) - - if solutions is None: - solutions = create_solutions_group(gl, course) - + solution = None reference_project = None - reference_projects = solutions.projects.list(search='solutions') - for project in reference_projects: - if project.name == 'solutions': - reference_project = gl.projects.get(project.id) - if reference_project is None: - reference_project = create_reference_solution(gl, solutions.id) + try: + solution = gl.groups.create({ + 'name': 'solutions', + 'path': 'solutions', + 'parent_id': group.id, + 'visibility': 'internal', + }) + except GitlabCreateError as e: + log.info('Failed to create solutions group. %s' % e.error_message) + solutions = group.subgroups.list(search='solutions') + if len(solutions) > 0 and solutions[0].name == 'solutions': + solution = gl.groups.get(solutions[0].id, lazy=True) + else: + raise(GitlabCreateError(error_message='Failed to setup solutions subgroup')) + + try: + reference_project = gl.projects.create({ + 'name': 'solutions', + 'namespace_id': solution.id, + 'visibility': 'internal', + }) + reference_project.commits.create({ + 'branch': 'master', + 'commit_message': 'Initial commit', + 'actions': [ + { + 'action': 'create', + 'file_path': 'README.md', + 'content': 'Example solutions go here', + }, + ] + }) + except GitlabCreateError as e: + log.info('Failed to setup group structure. %s' % e.error_message) + projects = solution.projects.list(search='solutions') + if len(projects) > 0 and projects[0].name == 'solutions': + reference_project = gl.projects.get(projects[0].id) + else: + raise(GitlabCreateError(error_message='Failed to setup reference solutions')) + + if solution is None or reference_project is None: + raise(GitlabCreateError(error_message='Failed to setup course')) + + for user in get_students(gl, students_csv): + create_project(gl, solution, user, reference_project, deploy_key) - for user in enrolled_students(gl, course): - create_project(gl, solutions, user, reference_project, deploy_key) diff --git a/src/abgabesystem/students.py b/src/abgabesystem/students.py index e25a534..6c8e43c 100644 --- a/src/abgabesystem/students.py +++ b/src/abgabesystem/students.py @@ -1,22 +1,4 @@ import csv -import secrets - -from gitlab import GUEST_ACCESS - - -class MissingStudentsGroup(Exception): - """Raised if a the group for the students has not already been created - inside the course. - """ - - pass - - -class MissingCourseGroup(Exception): - """Raised if the group for the course is missing. - """ - - pass class Student(): @@ -25,12 +7,6 @@ class Student(): Students are read from the CSV file that was exported from Stud.IP. For each user, a dummy LDAP user is created in Gitlab. Upon the first login Gitlab fetches the complete user using LDAP. - - Args: - user: user name - mail: mail address of the user - name: full name of the user - group: tutorial group of the user """ def __init__(self, user, mail, name, group): @@ -40,11 +16,7 @@ class Student(): self.group = group def from_csv(csvfile): - """Creates an iterable containing the users - - Args: - csvfile: CSV file from Stud.IP (latin-1) - """ + """Creates an iterable containing the users""" reader = csv.DictReader(csvfile, delimiter=';', quotechar='"') for line in reader: @@ -52,13 +24,8 @@ class Student(): + ' ' + line['Nachname'], line['Gruppe']) -def get_students_csv(gl, students_csv): - """Returns already existing GitLab users for students from provided CSV - file that have an account. - - Args: - gl: Gitlab API object - students_csv: CSV file from Stud.IP +def get_students(gl, students_csv): + """Returns already existing GitLab users for students from provided CSV file that have an account. """ for student in Student.from_csv(students_csv): @@ -67,37 +34,9 @@ def get_students_csv(gl, students_csv): yield users[0] -def enrolled_students(gl, course): - """Returns the students enrolled in the course - - Args: - gl: Gitlab API object - course: course the students are enrolled in - """ - - students = None - for group in course.subgroups.list(search='students'): - if group.name == 'students': - students = group - - if students is None: - raise MissingStudentsGroup() - - # get all members excluding inherited members - students = gl.groups.get(students.id) - for member in students.members.list(): - yield gl.users.get(member.id) - - def create_user(gl, student, ldap_base, ldap_provider): """Creates a GitLab user account student. Requires admin privileges. - - Args: - gl: Gitlab API object - student: student to create user for - ldap_base: the search base string for the LDAP query - ldap_provider: LDAP provider configured for Gitlab (usually `main`) """ user = gl.users.create({ @@ -113,45 +52,3 @@ def create_user(gl, student, ldap_base, ldap_provider): return user - -def get_student_group(gl, course_name): - """Gets the `students` subgroup for the course - - Args: - gl: Gitlab API objects - course_name: name of the course - """ - - course = None - for g in gl.groups.list(search=course_name): - if g.name == course_name: - course = g - - if course is None: - raise MissingCourseGroup() - - students_group = None - - for g in course.subgroups.list(search='students'): - if g.name == 'students': - students_group = gl.groups.get(g.id) - - if students_group is None: - students_group = create_students_group(gl, course) - - return students_group - - -def enroll_student(gl, user, subgroup): - """Adds a student to the course - - Args: - gl: Gitlab API object - user: user to add to the course - subgroup: student will become member of this group - """ - - subgroup.members.create({ - 'user_id': user.id, - 'access_level': GUEST_ACCESS, - }) diff --git a/src/bin/abgabesystem b/src/bin/abgabesystem index 59abf7d..315e882 100755 --- a/src/bin/abgabesystem +++ b/src/bin/abgabesystem @@ -4,7 +4,7 @@ import gitlab import argparse import logging as log -from abgabesystem.commands import enroll_students, projects, deadline, plagiates, course +from abgabesystem.commands import create_users, projects, deadline, plagiates, course if __name__ == '__main__': @@ -17,10 +17,9 @@ if __name__ == '__main__': user_parser = subparsers.add_parser( 'users', - help='Creates users and enrolls them in the course') - user_parser.set_defaults(func=enroll_students) + help='Creates users from LDAP') + user_parser.set_defaults(func=create_users) user_parser.add_argument('-s', '--students', dest='students') - user_parser.add_argument('-c', '--course', dest='course') user_parser.add_argument('-b', '--ldap-base', dest='ldap_base') user_parser.add_argument('-p', '--ldap-provider', dest='ldap_provider') @@ -36,6 +35,7 @@ if __name__ == '__main__': projects_parser.set_defaults(func=projects) projects_parser.add_argument('-c', '--course', dest='course') projects_parser.add_argument('-d', '--deploy-key', dest='deploy_key') + projects_parser.add_argument('-s', '--students', dest='students') deadline_parser = subparsers.add_parser( 'deadline', diff --git a/tests/.#test_students.py b/tests/.#test_students.py new file mode 120000 index 0000000..466da6a --- /dev/null +++ b/tests/.#test_students.py @@ -0,0 +1 @@ +tim@metis.680:1534753335 \ No newline at end of file diff --git a/tools/build-config.sh b/tools/build-config.sh deleted file mode 100755 index b1b1d05..0000000 --- a/tools/build-config.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/sh - -cat > python-gitlab.cfg <