secrets per slurp lesen und konfiguration als template erstellen

roles/docker_gitlab/files/generate.sh

-sleep 10
-secret=`openssl rand -hex 600 | sha256sum | head -c 64`
-
-uid=`docker exec gitlab sudo -u gitlab-psql /opt/gitlab/embedded/bin/psql -h /var/opt/gitlab/postgresql -d gitlabhq_production -c "SELECT uid FROM oauth_applications WHERE name = 'Mattermost'" | sed -nr 's/ ([a-f0-9]{64})/\1/p'`
-docker exec gitlab sudo -u gitlab-psql /opt/gitlab/embedded/bin/psql -h /var/opt/gitlab/postgresql -d gitlabhq_production -c "UPDATE oauth_applications SET secret='$secret' WHERE name = 'Mattermost'"
-
-sed -i "s/mattermost\['gitlab_secret'\] = \".*\"/mattermost\['gitlab_secret'\] = \"$secret\"/" /srv/gitlab/conf/gitlab.rb
-sed -i "s/mattermost\['gitlab_id'\] = \".*\"/mattermost\['gitlab_id'\] = \"$uid\"/" /srv/gitlab/conf/gitlab.rb
-
-mattermost_email_pass=`cat /srv/gitlab/secret/mattermost_email_pass`
-gitlab_email_pass=`cat /srv/gitlab/secret/gitlab_email_pass`
-sed -i "s/gitlab_rails\['incoming_email_password'\] = \".*\"/gitlab_rails\['incoming_email_password'\] = \"$gitlab_email_pass\"/" /srv/gitlab/conf/gitlab.rb
-sed -i "s/gitlab_rails\['smtp_password'\] = \".*\"/gitlab_rails\['smtp_password'\] = \"$gitlab_email_pass\"/" /srv/gitlab/conf/gitlab.rb
-
-sed -i "s/mattermost\['email_smtp_password'\] = \".*\"/mattermost\['email_smtp_password'\] = \"$mattermost_email_pass\"/" /srv/gitlab/conf/gitlab.rb
-
-
-docker restart gitlab > /dev/null

roles/docker_gitlab/tasks/main.yml

 ---
+
+# Einige Secrets sind auf dem Server lokal gespeichert und werden von dort gelesen 
+# Auslesen der Dateien vom Server, zwischengespeicert wird in der Variable gitlab_secrets 
+# Anschließend müssen die entsprechenden Einträge aus gitlab_secrets extrahiert werden  
+# Die Daten, die von Slurp gelesen werden sind Base64 codiert 
+# Zur Sicherheit werden Whitespace-Zeichen entfert, damit z.B. Zeilenumbrüche nicht übernommen werden 
+
+- name: get secrets from server 2
+  slurp: src={{ item }}
+  with_items:
+    - /srv/gitlab/secret/gitlab_email_pass
+    - /srv/gitlab/secret/mattermost_email_pass
+    - /srv/gitlab/secret/mattermost_api_id 
+    - /srv/gitlab/secret/mattermost_api_secret
+  register: gitlab_secrets
+
+- name: get secrets from server 2
+  set_fact: 
+    gitlab_email_pass: "{{ gitlab_secrets.results | selectattr('item', 'equalto', '/srv/gitlab/secret/gitlab_email_pass') | map(attribute='content') | list | first | b64decode | regex_replace('\\s', '') }}" 
+    mattermost_email_pass: "{{ gitlab_secrets.results | selectattr('item', 'equalto', '/srv/gitlab/secret/mattermost_email_pass') | map(attribute='content') | list | first | b64decode | regex_replace('\\s', '') }}"
+    mattermost_api_id: "{{ gitlab_secrets.results | selectattr('item', 'equalto', '/srv/gitlab/secret/mattermost_api_id') | map(attribute='content') | list | first | b64decode | regex_replace('\\s', '') }}"
+    mattermost_api_secret: "{{ gitlab_secrets.results | selectattr('item', 'equalto', '/srv/gitlab/secret/mattermost_api_secret') | map(attribute='content') | list | first | b64decode | regex_replace('\\s', '') }}"
+
+
+# Benötigte Verzeichnisstrukturen erstellen 
+
 - name: create folder struct for gitlab 1
   file: path=/srv/gitlab/ state=directory
 
 - name: create folder struct for gitlab 2
   file: path=/srv/gitlab/conf/ state=directory
-  
+
+
+# Konfigurationsdateien erstellen      
+
 - name: Konfig-Datei Gitlab
-  copy: src=gitlab.rb dest=/srv/gitlab/conf/gitlab.rb
+  template: src=gitlab.rb dest=/srv/gitlab/conf/gitlab.rb
   
-#- name: Skript zur Generierung der Secrets kopieren
-#  copy: src=generate.sh dest=/tmp/generate.sh mode="u=rwx,g=rx,o=rx"
 
-#- name: Skript zur Generierung der Secrets ausführen
-#  shell: sed -i "s/\r//" /tmp/generate.sh; /tmp/generate.sh > /dev/null 2>&1
-  
-- name: Set Email Password and API Key for Mattermost
-  replace: dest=/srv/gitlab/conf/gitlab.rb regexp='GITLAB_EMAIL_PASSWORD' replace='{{ lookup('ini', 'gitlab.password section=email file=/srv/gitlab/secrets.ini') }}'
-  replace: dest=/srv/gitlab/conf/gitlab.rb regexp='MATTERMOST_EMAIL_PASSWORD' replace='{{ lookup('ini', 'mattermost.password section=email file=/srv/gitlab/secrets.ini') }}'
-  replace: dest=/srv/gitlab/conf/gitlab.rb regexp='MATTERMOST_API_ID' replace='{{ lookup('ini', 'api.id section=mattermost file=/srv/gitlab/secrets.ini') }}'
-  replace: dest=/srv/gitlab/conf/gitlab.rb regexp='MATTERMOST_API_SECRET' replace='{{ lookup('ini', 'api.secret section=mattermost file=/srv/gitlab/secrets.ini') }}'
+# Docker Container erstellen und starten
+# Mittels Expose muss der Port 8065 zusätzlich zur verwendung freigegeben werden
 
 - name: start docker image 
   docker: 

roles/docker_gitlab/files/gitlab.rb → roles/docker_gitlab/templates/gitlab.rb

@@ -291,7 +291,7 @@ gitlab_rails['smtp_enable'] = true
 gitlab_rails['smtp_address'] = "mail.warpzone.ms"
 gitlab_rails['smtp_port'] = 25
 gitlab_rails['smtp_user_name'] = "gitlab@warpzone.ms"
-gitlab_rails['smtp_password'] = "GITLAB_EMAIL_PASSWORD"
+gitlab_rails['smtp_password'] = "{{ gitlab_email_pass }}"
 gitlab_rails['smtp_domain'] = "warpzone.ms"
 gitlab_rails['smtp_authentication'] = "plain"
 gitlab_rails['smtp_enable_starttls_auto'] = true
@@ -619,8 +619,8 @@ mattermost['team_site_name'] = "Warpzone Mattermost"
 # mattermost['log_file_format'] = nil
 
 mattermost['gitlab_enable'] = true
-mattermost['gitlab_secret'] = "MATTERMOST_API_SECRET"
-mattermost['gitlab_id'] = "MATTERMOST_API_ID"
+mattermost['gitlab_secret'] = "{{ mattermost_api_secret }}"
+mattermost['gitlab_id'] = "{{ mattermost_api_id }}"
 mattermost['gitlab_scope'] = ""
 mattermost['gitlab_auth_endpoint'] = "https://gitlab.warpzone.ms/oauth/authorize"
 mattermost['gitlab_token_endpoint'] = "https://gitlab.warpzone.ms/oauth/token"
@@ -634,7 +634,7 @@ mattermost['email_enable_sign_in_with_email'] = false
 mattermost['email_send_email_notifications'] = true
 # mattermost['email_require_email_verification'] = false
 mattermost['email_smtp_username'] = "mattermost@warpzone.ms"
-mattermost['email_smtp_password'] = "MATTERMOST_EMAIL_PASSWORD"
+mattermost['email_smtp_password'] = "{{ mattermost_email_pass }}"
 mattermost['email_smtp_server'] = "mail.warpzone.ms"
 mattermost['email_smtp_port'] = 25
 mattermost['email_connection_security'] = "STARTTLS"