gitlab ldap_servers

[cdenneen]

Tried to use common.yaml to put the gitlab::gitlab_rails ldap settings as described and they didn't work.
Not one value was populated into gitlab.rb

Is this still working as documented in README?

---
gitlab::gitlab_rails:
  ldap_enabled: true
  ldap_servers:
    myldapserver:
      label: 'Company LDAP'
      host: 'ldap.company.tld'
      port: 389
      uid: 'uid'
      method: 'plain' # "tls" or "ssl" or "plain"
      bind_dn: 'MYBINDDN'
      password: 'MYBINDPW'
      active_directory: false
      allow_username_or_email_login: false
      block_auto_created_users: false
      base: 'MYBASEDN'
      group_base: 'MYGROUPBASE'
      user_filter: ''

Also can you provide detail of how to use the puppet config where hiera doesn't work to load the ldap configuration?

[ben-foxmoore]

I'm struggling with a similar issue when trying to set up OAuth with Github. Would also appreciate a slightly more detailed example if at all possible :)

[tobru]

I'm able to look into preparing a better example next week, sorry for not having time right now

[krischblack]

you can do something like this in your hiera configuration:

gitlab::gitlab_rails:
  ldap_enabled: true
  ldap_servers:  |
     YAML.load <<-'EOS'
       main:
         label: 'Company LDAP'
         host: 'ldap.company.tld'
         port: 389
         uid: 'uid'
         method: 'plain' # "tls" or "ssl" or "plain"
         bind_dn: 'MYBINDDN'
         password: 'MYBINDPW'
         active_directory: false
         allow_username_or_email_login: false
         block_auto_created_users: false
         base: 'MYBASEDN'
         group_base: 'MYGROUPBASE'
         user_filter: ''
     EOS

hope the indentation works

[tobru]

I'm pretty sure the YAML.load is not needed. I'll check it later this week, there are some other updates pending for the module...

[cdenneen]

@krischblack do you know if this is correct syntax?

[krischblack]

@cdenneen yes, I'm currently using this in my hiera config. you can check the gitab.rb file, if it generates something like the ldap_servers parameter described here: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-config-template/gitlab.rb.template

[cdenneen]

@krischblack I just tried to put this exactly as you showed in my YAML and no luck :(

[cdenneen]

I have put this exact syntax in a node yaml and even my default common.yaml and it doesn't seem like it's being referenced. Has anything changed in this module that it's not doing hiera lookups anymore?

594d5e5

[krischblack]

@cdenneen when I add the code I mentioned in my previous comment to my common.yaml and check it using hiera -h gitlab::gitlab_rails ::environment=production, I receive the following:

{"ldap_enabled"=>true,
 "ldap_servers"=>
  "YAML.load <<-'EOS'\n  main:\n    label: 'Company LDAP'\n    host: 'ldap.company.tld'\n    port: 389\n    uid: 'uid'\n    method: 'plain' # \"tls\" or \"ssl\" or \"plain\"\n    bind_dn: 'MYBINDDN'\n    password: 'MYBINDPW'\n    active_directory: false\n    allow_username_or_email_login: false\n    block_auto_created_users: false\n    base: 'MYBASEDN'\n    group_base: 'MYGROUPBASE'\n    user_filter: ''\nEOS\n"}

In my current setup, this translates well into the /etc/gitlab/gitlab.rb in my case. Did you mind the "|" at the ldap_servers: | declaration?

[cdenneen]

@krischblack @tobru figured it out. I had some gitlab_rails parameters in the class definition and some in hiera.
It was using the parameterized class over hiera. I believe this is because need to do a hiera_hash lookup inside class itself (wouldn't even work in the class parameters because of open bug https://tickets.puppetlabs.com/browse/HI-283).
Moving the class parameters for gitlab_rails all to hiera fixed this issue but having the combination should work, so might be worth changing to do a hiera_hash inside init.pp just before the validation

[tobru]

@cdenneen if you want to enhance the init.pp or anything else, feel free to make a PR, I'm happy about every contribution.