Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Need to know how to set the root password via this module #301

Closed
trevor-vaughan opened this issue Mar 18, 2019 · 3 comments
Closed

Need to know how to set the root password via this module #301

trevor-vaughan opened this issue Mar 18, 2019 · 3 comments

Comments

@trevor-vaughan
Copy link
Contributor

Affected Puppet, Ruby, OS and module versions/distributions

  • Puppet: 5+
  • Ruby: 2.4.4+
  • Distribution: EL
  • Module version: 3.0.3

Feature Request

This is a feature request to be able to set the GitLab root password prior to installation. If this is not done, then you cannot do the following security-relevant actions:

  • Prevent unauthorized people from setting the root password via the initial configuration page
  • Generate an API key immediately for automatic configuration

The easiest method for doing this is to set an environment variable prior to the initial configuration but the relevant feature never made it into Puppet even though it was ready for inclusion.

Previously, this was relatively easy using the vshn version of the module but has become impossible with this version due to the ordering of the internal resources.

Help figuring this out is appreciated.
@op-ct op-ct mentioned this issue Mar 21, 2019
Merged
@trevor-vaughan
Copy link
Contributor Author

Additional information: https://github.com/simp/pupmod-simp-simp_gitlab/blob/master/manifests/install.pp#L47-L77

@LongLiveCHIEF
Copy link
Contributor

The initial_root_password is one of the sub-keys for gitlab_rails (see README.md#usage). This module implements the major keys from the gitlab-config-template from the gitlab omnibus.

class {'gitlab':
  gitlab_rails => {
    'initial_root_password' => 'whatever_your_password'
  }
}

Keep in mind, this is only the initial password, and will not affect the password for the root user of an existing gitlab installation. This is also not a secure method of setting that password, (probably obvious but making sure it is said for the record).

@LongLiveCHIEF
Copy link
Contributor

Also, reading the information in your link, the current version of the module has a new ordering (and was completely rewritten) of resources that resolves the exec and reconfigure issues your notes talk about.

The new versions of the module lay down configuration files and directories before even installing the package and repositories, ensuring that any initial_root_password you set will be used during the omnibus's own post-install execution of the reconfigure command.

Also, the new version of the module does not by default start/restart the service or execute gitlab-ctl reconfigure... relegating that responsibility to the post-install scripts of omnibus. (see init.pp#372-L373) https://github.com/voxpupuli/puppet-gitlab/blob/master/manifests/init.pp#L372

@trevor-vaughan trevor-vaughan mentioned this issue Oct 29, 2020
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@LongLiveCHIEF @trevor-vaughan