Project:Infrastructure/Gitlab

Gitlab
Gitlab is currently deployed in a testing capacity on gitlab.gentoo.org (noddie) and is not yet publicly available.

Gitlab Runner
Gitlab runner is configured via gitlab::runner puppet class. Currently there is 1 node configured so we can test. Gitlab runner uses the upstream gitlab runner container to manage the runner software. We currently use the docker executor but we are considering other executors (such as libvirt) for better security protection from runner jobs.

Gitlab server
We currently use the upstream omnibus container for gitlab; this nominally includes a bunch of stuff (redis, postgres, unicorn, etc.) We may consider a more fragmented approach for future production deployments.

Gitlab Authentication
Gitlab supports 'native' gitlab accounts (e.g. accounts created in gitlab.gentoo.org) but also supports Gentoo's LDAP environment for gentoo developers.

LDAP
Gentoo developers can sign in by entering their LDAP username (email address without the @gentoo.org bits) and their LDAP password. Don't sign in with your Gentoo email address; that will not work.

What about Gitolite?
Currently we plan to keep gentoo repos mastered in gitolite. We can set up automatic pushes to gitlab in gitolite configs. We will consider migrating repos to gitlab in the future.

TODOs for gitlab setup
* antarus: This does not look fixable without patches.
 * The LDAP integration has bad email integration, we need to tune the email attributes.
 * Backup /var/lib/gitlab to amazon s3.
 * Add Icinga monitoring for https.
 * Add infra-status.gentoo.org lines for gitlab.
 * Enable LDAP server verification (Done).

Future items (after prod launch.)

 * Set up a gitolite config attribute to auto-push to gitlab.gentoo.org