add support for gitlab backup upload to S3

Premdeep Saini · Premdeep Saini · commit b3556729377e · 2023-01-22T18:47:06.000+05:30
diff --git a/gitlab_config_templates/gitlab.rb.tftpl b/gitlab_config_templates/gitlab.rb.tftpl
@@ -0,0 +1,27 @@
+external_url '${gitlab_url}'
+gitlab_rails['monitoring_whitelist'] = ['0.0.0.0/0','127.0.0.0/8', '::1/128']
+gitlab_rails['db_adapter'] = "postgresql"
+gitlab_rails['db_encoding'] = "unicode"
+gitlab_rails['db_database'] = "${gitlab_db_name}"
+gitlab_rails['db_username'] = "${gitlab_db_username}"
+gitlab_rails['db_password'] = "${gitlab_db_password}"
+gitlab_rails['db_host'] = "${gitlab_db_host}"
+gitlab_rails['redis_host'] = "${gitlab_redis_host}"
+gitlab_rails['redis_port'] = 6379
+postgresql['enable'] = false
+redis['enable'] = false
+nginx['redirect_http_to_https'] = false
+nginx['listen_port'] = 80
+nginx['listen_https'] = false
+letsencrypt['enable'] = false
+
+################
+# S3 Backup
+################
+gitlab_rails['backup_upload_connection'] = {
+  'provider' => 'AWS',
+  'region' => '${aws_region}',
+  # If using an IAM Profile, don't configure aws_access_key_id & aws_secret_access_key
+  'use_iam_profile' => true
+}
+gitlab_rails['backup_upload_remote_directory'] = '${gitlab_backup_s3_bucket_name}'
diff --git a/main.tf b/main.tf
@@ -1,5 +1,9 @@
 locals {
-  managed_by = "Terraform"
+  managed_by                   = "Terraform"
+  gitlab_config_template_file  = "${path.module}/gitlab_config_templates/gitlab.rb.tftpl"
+  gitlab_config_generated_file = "${path.cwd}/gitlab_config/gitlab.rb"
+  gitlab_config_playbook_file  = "${path.module}/playbooks/gitlab_setup.yaml"
+  gitlab_complete_url          = join("", tolist(["https://", values(module.records.route53_record_name)[0]]))
 }
 
 resource "aws_instance" "gitlab" {
@@ -16,11 +20,16 @@ resource "aws_instance" "gitlab" {
     volume_size           = var.volume_size
     delete_on_termination = false
   }
+
+  provisioner "local-exec" {
+    command = "ansible-playbook -u ubuntu -i '${self.private_ip},' --private-key ${var.private_key} -e 'instance_ip_address=${self.private_ip} file_path=${local_file.gitlab_config_file.filename}' ${local.gitlab_config_playbook_file}"
+  }
   tags = {
     Name        = "${var.environment_prefix}-gitlab"
     Environment = var.environment_prefix
     ManagedBy   = local.managed_by
   }
+  depends_on = [local_file.gitlab_config_file]
 }
 
 resource "aws_key_pair" "gitlab_ssh" {
@@ -449,3 +458,17 @@ resource "aws_iam_instance_profile" "gitlab" {
   name = "gitlab"
   role = aws_iam_role.gitlab_backup.name
 }
+
+resource "local_file" "gitlab_config_file" {
+  filename = local.gitlab_config_generated_file
+  content = templatefile(local.gitlab_config_template_file, {
+    gitlab_url                   = local.gitlab_complete_url,
+    gitlab_db_name               = module.gitlab_pg.db_instance_name,
+    gitlab_db_username           = module.gitlab_pg.db_instance_username,
+    gitlab_db_password           = module.gitlab_pg.db_instance_password,
+    gitlab_db_host               = module.gitlab_pg.db_instance_address,
+    gitlab_redis_host            = aws_elasticache_cluster.gitlab_redis.cache_nodes[0].address,
+    aws_region                   = aws_s3_bucket.gitlab_backup[0].region
+    gitlab_backup_s3_bucket_name = aws_s3_bucket.gitlab_backup[0].bucket
+  })
+}
diff --git a/outputs.tf b/outputs.tf
@@ -37,3 +37,7 @@ output "gitlab_redis_address" {
   value       = aws_elasticache_cluster.gitlab_redis.cache_nodes[0].address
   description = "Gitlab Redis cluster address"
 }
+
+output "gitlab_complete_url" {
+  value = local.gitlab_complete_url
+}
diff --git a/playbooks/gitlab_setup.yaml b/playbooks/gitlab_setup.yaml
@@ -0,0 +1,19 @@
+---
+- name: Configure Gitlab
+  hosts: "{{ instance_ip_address }}"
+  gather_facts: no
+  vars:
+    ansible_host_key_checking: false
+  tasks:
+    - local_action: wait_for port=22 host="{{ instance_ip_address }}" delay=10 timeout=300
+    - name: copy gitlab.rb to /etc/gitlab/
+      become: true
+      copy:
+        src: "{{ file_path }}"
+        dest: "/etc/gitlab/gitlab.rb"
+        owner: "root"
+        group: "root"
+        mode: 0600
+    - name: reconfigure Gitlab
+      become: true
+      command: gitlab-ctl reconfigure
diff --git a/variables.tf b/variables.tf
@@ -268,3 +268,8 @@ variable "gitlab_backup_bucket_name" {
   default     = null
   description = "Name of S3 bucket to be used for Gitlab backup"
 }
+
+variable "private_key" {
+  type        = string
+  description = "Private key to execute ansible playbook on Gitlab instance."
+}

Original file line number	Diff line number	Diff line change
`@@ -37,3 +37,7 @@ output "gitlab_redis_address" {`
`37`	`37`	`value = aws_elasticache_cluster.gitlab_redis.cache_nodes[0].address`
`38`	`38`	`description = "Gitlab Redis cluster address"`
`39`	`39`	`}`
	`40`	`+`
	`41`	`+output "gitlab_complete_url" {`
	`42`	`+ value = local.gitlab_complete_url`
	`43`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -268,3 +268,8 @@ variable "gitlab_backup_bucket_name" {`
`268`	`268`	`default = null`
`269`	`269`	`description = "Name of S3 bucket to be used for Gitlab backup"`
`270`	`270`	`}`
	`271`	`+`
	`272`	`+variable "private_key" {`
	`273`	`+ type = string`
	`274`	`+ description = "Private key to execute ansible playbook on Gitlab instance."`
	`275`	`+}`