Change branch to 7-4-stable. Add multiple ldap servers support.

e59ae3e5 · Marin Jankovski · 8cee7b44 · e59ae3e5 · e59ae3e5 · e59ae3e5
Commit e59ae3e5 authored 10 years ago by Marin Jankovski
--- a/attributes/default.rb
+++ b/attributes/default.rb
@@ -74,7 +74,7 @@ if node['gitlab']['env'] == "development"
  default['gitlab']['shell_revision'] = "master"
 else
  default['gitlab']['environments'] = %w{production}
-  default['gitlab']['revision'] = "7-3-stable" # Must be branch, otherwise GitLab update will run on each chef run
+  default['gitlab']['revision'] = "7-4-stable" # Must be branch, otherwise GitLab update will run on each chef run
  default['gitlab']['url'] = "http://localhost:80/"
  default['gitlab']['port'] = "80"
  default['gitlab']['ssh_port'] = "22"
@@ -117,6 +117,12 @@ default['gitlab']['ldap']['bind_dn'] = "_the_full_dn_of_the_user_you_will_bind_w
 default['gitlab']['ldap']['password'] = "_the_password_of_the_bind_user"
 default['gitlab']['ldap']['allow_username_or_email_login'] = true
  
+# Supply hash of one or more LDAP servers, eg:
+# { main => {"label"=>"ldap","host"=>"127.0.0.1","port":3890,"uid"=>"uid","method"=>"plain","base"=>"dc=example,dc=com","user_filter"=>"","group_base"=>"ou=groups,dc=example,dc=com","admin_group"=>"","sync_ssh_keys":false},
+#  secondary => {"label"=>"ldap","host"=>"127.0.0.1","port":3890,"uid"=>"uid","method"=>"plain","base"=>"dc=example,dc=com","user_filter"=>"","group_base"=>"ou=groups,dc=example,dc=com","admin_group"=>"","sync_ssh_keys":false}
+# }
+default['gitlab']['ldap_servers'] = {}
+
 # LDAP Filter Example: Recursive query of group membership
 # default['gitlab']['ldap']['user_filter'] = '(&(objectcategory=person)(objectclass=user)(memberOf:1.2.840.113556.1.4.1941:=CN=Gitlab Users,OU=USA,DC=int,DC=contoso,DC=com))'
 default['gitlab']['ldap']['user_filter'] = ''

--- a/recipes/install.rb
+++ b/recipes/install.rb
@@ -41,6 +41,7 @@ template File.join(gitlab['path'], 'config', 'gitlab.yml') do
    :gravatar_plain_url => gitlab['gravatar_plain_url'],
    :gravatar_ssl_url => gitlab['gravatar_ssl_url'],
    :ldap_config => gitlab['ldap'],
+    :ldap_servers => gitlab['ldap_servers'],
    :ssh_port => gitlab['ssh_port'],
    :backup => gitlab['backup'],
  })

--- a/spec/clone_spec.rb
+++ b/spec/clone_spec.rb
@@ -15,7 +15,7 @@ describe "gitlab::clone" do
      it "clones the gitlab repository" do
        expect(chef_run).to sync_git('/home/git/gitlab').with(
          repository: 'https://github.com/gitlabhq/gitlabhq.git',
-          revision: '7-3-stable',
+          revision: '7-4-stable',
          user: 'git',
          group: 'git'
        )
@@ -49,7 +49,7 @@ describe "gitlab::clone" do
        it "clones the gitlab repository" do
          expect(chef_run).to sync_git('/data/git/gitlab').with(
            repository: 'https://github.com/gitlabhq/gitlabhq.git',
-            revision: '7-3-stable',
+            revision: '7-4-stable',
            user: 'git',
            group: 'git'
          )
@@ -69,7 +69,7 @@ describe "gitlab::clone" do
      it "clones the gitlab repository" do
        expect(chef_run).to sync_git('/home/git/gitlab').with(
          repository: 'https://github.com/gitlabhq/gitlabhq.git',
-          revision: '7-3-stable',
+          revision: '7-4-stable',
          user: 'git',
          group: 'git'
        )
@@ -103,7 +103,7 @@ describe "gitlab::clone" do
        it "clones the gitlab repository" do
          expect(chef_run).to sync_git('/data/git/gitlab').with(
            repository: 'https://github.com/gitlabhq/gitlabhq.git',
-            revision: '7-3-stable',
+            revision: '7-4-stable',
            user: 'git',
            group: 'git'
          )

--- a/templates/default/gitlab.yml.erb
+++ b/templates/default/gitlab.yml.erb
@@ -132,63 +132,69 @@ production: &base
  #   bundle exec rake gitlab:ldap:check RAILS_ENV=production
  ldap:
    enabled: <%= @ldap_config["enabled"] %>
-    host: '<%= @ldap_config["host"] %>'
-    port: <%= @ldap_config["port"] %>
-    uid: '<%= @ldap_config["uid"] %>'
-    method: '<%= @ldap_config["method"] %>' # "ssl" or "plain"
-    bind_dn: '<%= @ldap_config["bind_dn"] %>'
-    password: '<%= @ldap_config["password"] %>'
-
-    # This setting controls the amount of time between LDAP permission checks for each user.
-    # After this time has expired for a given user, their next interaction with GitLab (a click in the web UI, a git pull etc.) will be slower because the LDAP permission check is being performed.
-    # How much slower depends on your LDAP setup, but it is not uncommon for this check to add seconds of waiting time.
-    # The default value is to have a 'slow click' once every 3600 seconds, i.e. once per hour.
-    #
-    # Warning: if you set this value too low, every click in GitLab will be a 'slow click' for all of your LDAP users.
-    sync_time: <%= @ldap_config["sync_time"] %>
-
-    # If allow_username_or_email_login is enabled, GitLab will ignore everything
-    # after the first '@' in the LDAP username submitted by the user on login.
-    #
-    # Example:
-    # - the user enters 'jane.doe@example.com' and 'p@ssw0rd' as LDAP credentials;
-    # - GitLab queries the LDAP server with 'jane.doe' and 'p@ssw0rd'.
-    #
-    # If you are using "uid: 'userPrincipalName'" on ActiveDirectory you need to
-    # disable this setting, because the userPrincipalName contains an '@'.
-    allow_username_or_email_login: <%= @ldap_config["allow_username_or_email_login"] %>
-
-    # Base where we can search for users
-    #
-    #   Ex. ou=People,dc=gitlab,dc=example
-    #
-    base: '<%= @ldap_config["base"] %>'
-
-    # Filter LDAP users
-    #
-    #   Format: RFC 4515
-    #   Ex. (employeeType=developer)
-    #
-    user_filter: '<%= @ldap_config["user_filter"] %>'
-
-    # Base where we can search for groups
-    #
-    #   Ex. ou=Groups,dc=gitlab,dc=example
-    #
-    group_base: <%= @ldap_config['group_base'] %>
-
-    # LDAP group of users who should be admins in GitLab
-    #
-    #   Ex. GLAdmins
-    #
-    admin_group: <%= @ldap_config['admin_group'] %>
-
-    # Name of attribute which holds a ssh public key of the user object.
-    # If false or nil, SSH key syncronisation will be disabled.
-    #
-    #   Ex. sshpublickey
-    #
-    sync_ssh_keys: <%= @ldap_config['sync_ssh_keys'] %>
+    <% if @ldap_servers.any? %>
+      <% @ldap_servers.each do |provider_id, settings| %>
+        <%= provider_id %>: <%= settings.to_json %>
+      <% end %>
+    <% else %>
+      host: '<%= @ldap_config["host"] %>'
+      port: <%= @ldap_config["port"] %>
+      uid: '<%= @ldap_config["uid"] %>'
+      method: '<%= @ldap_config["method"] %>' # "ssl" or "plain"
+      bind_dn: '<%= @ldap_config["bind_dn"] %>'
+      password: '<%= @ldap_config["password"] %>'
+
+      # This setting controls the amount of time between LDAP permission checks for each user.
+      # After this time has expired for a given user, their next interaction with GitLab (a click in the web UI, a git pull etc.) will be slower because the LDAP permission check is being performed.
+      # How much slower depends on your LDAP setup, but it is not uncommon for this check to add seconds of waiting time.
+      # The default value is to have a 'slow click' once every 3600 seconds, i.e. once per hour.
+      #
+      # Warning: if you set this value too low, every click in GitLab will be a 'slow click' for all of your LDAP users.
+      sync_time: <%= @ldap_config["sync_time"] %>
+
+      # If allow_username_or_email_login is enabled, GitLab will ignore everything
+      # after the first '@' in the LDAP username submitted by the user on login.
+      #
+      # Example:
+      # - the user enters 'jane.doe@example.com' and 'p@ssw0rd' as LDAP credentials;
+      # - GitLab queries the LDAP server with 'jane.doe' and 'p@ssw0rd'.
+      #
+      # If you are using "uid: 'userPrincipalName'" on ActiveDirectory you need to
+      # disable this setting, because the userPrincipalName contains an '@'.
+      allow_username_or_email_login: <%= @ldap_config["allow_username_or_email_login"] %>
+
+      # Base where we can search for users
+      #
+      #   Ex. ou=People,dc=gitlab,dc=example
+      #
+      base: '<%= @ldap_config["base"] %>'
+
+      # Filter LDAP users
+      #
+      #   Format: RFC 4515
+      #   Ex. (employeeType=developer)
+      #
+      user_filter: '<%= @ldap_config["user_filter"] %>'
+
+      # Base where we can search for groups
+      #
+      #   Ex. ou=Groups,dc=gitlab,dc=example
+      #
+      group_base: <%= @ldap_config['group_base'] %>
+
+      # LDAP group of users who should be admins in GitLab
+      #
+      #   Ex. GLAdmins
+      #
+      admin_group: <%= @ldap_config['admin_group'] %>
+
+      # Name of attribute which holds a ssh public key of the user object.
+      # If false or nil, SSH key syncronisation will be disabled.
+      #
+      #   Ex. sshpublickey
+      #
+      sync_ssh_keys: <%= @ldap_config['sync_ssh_keys'] %>
+    <% end %>
  
  ## OmniAuth settings
  omniauth: