add support for additional gitlab properties configuration

Author: Premdeep Saini

gitlab_config_templates/gitlab-nginx.rb.tftpl

@@ -0,0 +1,3 @@
+nginx['redirect_http_to_https'] = false
+nginx['listen_port'] = 80
+nginx['listen_https'] = false

gitlab_config_templates/gitlab-postgres.tftpl

@@ -0,0 +1 @@
+postgresql['enable'] = false

gitlab_config_templates/gitlab.rb.tftpl renamed to gitlab_config_templates/gitlab-rails.tftpl

@@ -1,27 +1,22 @@
 external_url '${gitlab_url}'
+
 gitlab_rails['monitoring_whitelist'] = ['0.0.0.0/0','127.0.0.0/8', '::1/128']
+
 gitlab_rails['db_adapter'] = "postgresql"
 gitlab_rails['db_encoding'] = "unicode"
 gitlab_rails['db_database'] = "${gitlab_db_name}"
 gitlab_rails['db_username'] = "${gitlab_db_username}"
 gitlab_rails['db_password'] = "${gitlab_db_password}"
 gitlab_rails['db_host'] = "${gitlab_db_host}"
+
 gitlab_rails['redis_host'] = "${gitlab_redis_host}"
 gitlab_rails['redis_port'] = 6379
-postgresql['enable'] = false
-redis['enable'] = false
-nginx['redirect_http_to_https'] = false
-nginx['listen_port'] = 80
-nginx['listen_https'] = false
+
 letsencrypt['enable'] = false
 
-################
-# S3 Backup
-################
 gitlab_rails['backup_upload_connection'] = {
   'provider' => 'AWS',
   'region' => '${aws_region}',
-  # If using an IAM Profile, don't configure aws_access_key_id & aws_secret_access_key
   'use_iam_profile' => true
 }
 gitlab_rails['backup_upload_remote_directory'] = '${gitlab_backup_s3_bucket_name}'

gitlab_config_templates/gitlab-redis.tftpl

@@ -0,0 +1 @@
+redis['enable'] = false

main.tf

@@ -1,9 +1,13 @@
 locals {
-  managed_by                   = "Terraform"
-  gitlab_config_template_file  = "${path.module}/gitlab_config_templates/gitlab.rb.tftpl"
-  gitlab_config_generated_file = "${path.cwd}/gitlab_config/gitlab.rb"
-  gitlab_config_playbook_file  = "${path.module}/playbooks/gitlab_setup.yaml"
-  gitlab_complete_url          = join("", tolist(["https://", values(module.records.route53_record_name)[0]]))
+  managed_by                         = "Terraform"
+  gitlab_config_file_name            = "gitlab.rb"
+  rendered_gitlab_config_file_name   = "gitlab_rendered.rb"
+  gitlab_additional_config_file_name = "gitlab_additional.rb"
+  gitlab_config_tmp_path             = "/tmp/gitlab/gitlab_config"
+  gitlab_config_template_file_path   = "${path.module}/gitlab_config_templates"
+  gitlab_config_file_path            = "${path.cwd}/gitlab_config"
+  gitlab_config_playbook_file        = "${path.module}/playbooks/gitlab_setup.yaml"
+  gitlab_complete_url                = join("", tolist(["https://", values(module.records.route53_record_name)[0]]))
 }
 
 resource "aws_instance" "gitlab" {
@@ -21,15 +25,12 @@ resource "aws_instance" "gitlab" {
     delete_on_termination = false
   }
 
-  provisioner "local-exec" {
-    command = "ansible-playbook -u ubuntu -i '${self.private_ip},' --private-key ${var.private_key} -e 'instance_ip_address=${self.private_ip} file_path=${local_file.gitlab_config_file.filename}' ${local.gitlab_config_playbook_file}"
-  }
   tags = {
     Name        = "${var.environment_prefix}-gitlab"
     Environment = var.environment_prefix
     ManagedBy   = local.managed_by
   }
-  depends_on = [local_file.gitlab_config_file]
+
 }
 
 resource "aws_key_pair" "gitlab_ssh" {
@@ -233,12 +234,6 @@ module "elb" {
     unhealthy_threshold = var.healthcheck_unhealthy_threshold
     timeout             = var.healthcheck_timeout
   }
-  #
-  #  access_logs = {
-  #    bucket = "my-access-logs-bucket"
-  #  }
-
-  // ELB attachments
   number_of_instances = length(aws_instance.gitlab)
   instances           = aws_instance.gitlab[*].id
 
@@ -459,9 +454,11 @@ resource "aws_iam_instance_profile" "gitlab" {
   role = aws_iam_role.gitlab_backup.name
 }
 
-resource "local_file" "gitlab_config_file" {
-  filename = local.gitlab_config_generated_file
-  content = templatefile(local.gitlab_config_template_file, {
+data "template_file" "gitlab_config_template" {
+  template = join("\n", [
+    for fn in fileset(".", "${local.gitlab_config_template_file_path}/**") : file(fn)
+  ])
+  vars = {
     gitlab_url                   = local.gitlab_complete_url,
     gitlab_db_name               = module.gitlab_pg.db_instance_name,
     gitlab_db_username           = module.gitlab_pg.db_instance_username,
@@ -470,5 +467,32 @@ resource "local_file" "gitlab_config_file" {
     gitlab_redis_host            = aws_elasticache_cluster.gitlab_redis.cache_nodes[0].address,
     aws_region                   = aws_s3_bucket.gitlab_backup[0].region
     gitlab_backup_s3_bucket_name = aws_s3_bucket.gitlab_backup[0].bucket
-  })
+  }
+}
+
+resource "local_sensitive_file" "rendered_gitlab_config_file" {
+  filename = "${local.gitlab_config_tmp_path}/${local.rendered_gitlab_config_file_name}"
+  content  = data.template_file.gitlab_config_template.rendered
+}
+
+data "local_sensitive_file" "gitlab_additional_config" {
+  count    = fileexists("${local.gitlab_config_file_path}/${local.gitlab_additional_config_file_name}") ? 1 : 0
+  filename = "${local.gitlab_config_file_path}/${local.gitlab_additional_config_file_name}"
+}
+
+resource "local_sensitive_file" "gitlab_config_file" {
+  filename = "${local.gitlab_config_tmp_path}/${local.gitlab_config_file_name}"
+  content = join("\n", tolist([
+    data.template_file.gitlab_config_template.rendered,
+    data.local_sensitive_file.gitlab_additional_config != [] ? data.local_sensitive_file.gitlab_additional_config[0].content : ""
+  ]))
+}
+
+resource "null_resource" "gitlab_reconfigure" {
+  triggers = {
+    timestamp = timestamp()
+  }
+  provisioner "local-exec" {
+    command = "ansible-playbook -u ubuntu -i '${aws_instance.gitlab[0].private_ip},' --private-key ${var.private_key} -e 'instance_ip_address=${aws_instance.gitlab[0].private_ip} workdir=${local.gitlab_config_tmp_path} config_file=${local_sensitive_file.gitlab_config_file.filename}' ${local.gitlab_config_playbook_file}"
+  }
 }

playbooks/gitlab_setup.yaml

@@ -4,16 +4,50 @@
   gather_facts: no
   vars:
     ansible_host_key_checking: false
+    update_gitlab_config: false
   tasks:
-    - local_action: wait_for port=22 host="{{ instance_ip_address }}" delay=10 timeout=300
+    - local_action: wait_for port=22 host="{{ instance_ip_address }}" delay=5 timeout=300
+
+    - name: stat for /etc/gitlab/gitlab.rb
+      become: true
+      stat:
+        path: "/etc/gitlab/gitlab.rb"
+      register: original_config_file
+    - name: Checksum for original gitlab.rb"
+      set_fact:
+        original_config_file_checksum: "{{ original_config_file.stat.checksum }}"
+    - name: print original original checksum
+      debug:
+        msg: "{{ original_config_file_checksum }}"
+
+    - name: stat for "{{ config_file }}"
+      local_action: stat path={{ config_file }}
+      register: new_config_file
+    - name: Checksum for new gitlab.rb"
+      set_fact:
+        new_config_file_checksum: "{{ new_config_file.stat.checksum }}"
+    - name: print new file checksum
+      debug:
+        msg: "{{ new_config_file_checksum }}"
+
+    - name: Update gitlab.rb
+      set_fact:
+        update_gitlab_config: true
+      when: original_config_file_checksum != new_config_file_checksum
+
     - name: copy gitlab.rb to /etc/gitlab/
       become: true
+      when: update_gitlab_config
       copy:
-        src: "{{ file_path }}"
+        src: "{{ config_file }}"
         dest: "/etc/gitlab/gitlab.rb"
         owner: "root"
         group: "root"
         mode: 0600
     - name: reconfigure Gitlab
       become: true
+      when: update_gitlab_config
       command: gitlab-ctl reconfigure
+
+    - name: cleanup temp files
+      local_action: command rm -rf {{ workdir }}

versions.tf

@@ -6,5 +6,9 @@ terraform {
       source  = "hashicorp/aws"
       version = ">= 4.40"
     }
+    null = {
+      source  = "hashicorp/null"
+      version = ">= 3.2.1"
+    }
   }
 }