diff --git a/gitlab_config_templates/gitlab-nginx.rb.tftpl b/gitlab_config_templates/gitlab-nginx.rb.tftpl new file mode 100644 index 0000000..66b9a0c --- /dev/null +++ b/gitlab_config_templates/gitlab-nginx.rb.tftpl @@ -0,0 +1,3 @@ +nginx['redirect_http_to_https'] = false +nginx['listen_port'] = 80 +nginx['listen_https'] = false diff --git a/gitlab_config_templates/gitlab-postgres.tftpl b/gitlab_config_templates/gitlab-postgres.tftpl new file mode 100644 index 0000000..b1908e3 --- /dev/null +++ b/gitlab_config_templates/gitlab-postgres.tftpl @@ -0,0 +1 @@ +postgresql['enable'] = false diff --git a/gitlab_config_templates/gitlab-rails.tftpl b/gitlab_config_templates/gitlab-rails.tftpl new file mode 100644 index 0000000..5dd46e6 --- /dev/null +++ b/gitlab_config_templates/gitlab-rails.tftpl @@ -0,0 +1,22 @@ +external_url '${gitlab_url}' + +gitlab_rails['monitoring_whitelist'] = ['0.0.0.0/0','127.0.0.0/8', '::1/128'] + +gitlab_rails['db_adapter'] = "postgresql" +gitlab_rails['db_encoding'] = "unicode" +gitlab_rails['db_database'] = "${gitlab_db_name}" +gitlab_rails['db_username'] = "${gitlab_db_username}" +gitlab_rails['db_password'] = "${gitlab_db_password}" +gitlab_rails['db_host'] = "${gitlab_db_host}" + +gitlab_rails['redis_host'] = "${gitlab_redis_host}" +gitlab_rails['redis_port'] = 6379 + +letsencrypt['enable'] = false + +gitlab_rails['backup_upload_connection'] = { + 'provider' => 'AWS', + 'region' => '${aws_region}', + 'use_iam_profile' => true +} +gitlab_rails['backup_upload_remote_directory'] = '${gitlab_backup_s3_bucket_name}' diff --git a/gitlab_config_templates/gitlab-redis.tftpl b/gitlab_config_templates/gitlab-redis.tftpl new file mode 100644 index 0000000..ed60013 --- /dev/null +++ b/gitlab_config_templates/gitlab-redis.tftpl @@ -0,0 +1 @@ +redis['enable'] = false diff --git a/main.tf b/main.tf index 90d5fae..0369bc0 100644 --- a/main.tf +++ b/main.tf @@ -1,5 +1,13 @@ locals { - managed_by = "Terraform" + managed_by = "Terraform" + gitlab_config_file_name = "gitlab.rb" + rendered_gitlab_config_file_name = "gitlab_rendered.rb" + gitlab_additional_config_file_name = "gitlab_additional.rb" + gitlab_config_tmp_path = "/tmp/gitlab/gitlab_config" + gitlab_config_template_file_path = "${path.module}/gitlab_config_templates" + gitlab_config_file_path = "${path.cwd}/gitlab_config" + gitlab_config_playbook_file = "${path.module}/playbooks/gitlab_setup.yaml" + gitlab_complete_url = join("", tolist(["https://", values(module.records.route53_record_name)[0]])) } resource "aws_instance" "gitlab" { @@ -16,11 +24,13 @@ resource "aws_instance" "gitlab" { volume_size = var.volume_size delete_on_termination = false } + tags = { Name = "${var.environment_prefix}-gitlab" Environment = var.environment_prefix ManagedBy = local.managed_by } + } resource "aws_key_pair" "gitlab_ssh" { @@ -224,12 +234,6 @@ module "elb" { unhealthy_threshold = var.healthcheck_unhealthy_threshold timeout = var.healthcheck_timeout } - # - # access_logs = { - # bucket = "my-access-logs-bucket" - # } - - // ELB attachments number_of_instances = length(aws_instance.gitlab) instances = aws_instance.gitlab[*].id @@ -449,3 +453,46 @@ resource "aws_iam_instance_profile" "gitlab" { name = "gitlab" role = aws_iam_role.gitlab_backup.name } + +data "template_file" "gitlab_config_template" { + template = join("\n", [ + for fn in fileset(".", "${local.gitlab_config_template_file_path}/**") : file(fn) + ]) + vars = { + gitlab_url = local.gitlab_complete_url, + gitlab_db_name = module.gitlab_pg.db_instance_name, + gitlab_db_username = module.gitlab_pg.db_instance_username, + gitlab_db_password = module.gitlab_pg.db_instance_password, + gitlab_db_host = module.gitlab_pg.db_instance_address, + gitlab_redis_host = aws_elasticache_cluster.gitlab_redis.cache_nodes[0].address, + aws_region = aws_s3_bucket.gitlab_backup[0].region + gitlab_backup_s3_bucket_name = aws_s3_bucket.gitlab_backup[0].bucket + } +} + +resource "local_sensitive_file" "rendered_gitlab_config_file" { + filename = "${local.gitlab_config_tmp_path}/${local.rendered_gitlab_config_file_name}" + content = data.template_file.gitlab_config_template.rendered +} + +data "local_sensitive_file" "gitlab_additional_config" { + count = fileexists("${local.gitlab_config_file_path}/${local.gitlab_additional_config_file_name}") ? 1 : 0 + filename = "${local.gitlab_config_file_path}/${local.gitlab_additional_config_file_name}" +} + +resource "local_sensitive_file" "gitlab_config_file" { + filename = "${local.gitlab_config_tmp_path}/${local.gitlab_config_file_name}" + content = join("\n", tolist([ + data.template_file.gitlab_config_template.rendered, + data.local_sensitive_file.gitlab_additional_config != [] ? data.local_sensitive_file.gitlab_additional_config[0].content : "" + ])) +} + +resource "null_resource" "gitlab_reconfigure" { + triggers = { + timestamp = timestamp() + } + provisioner "local-exec" { + command = "ansible-playbook -u ubuntu -i '${aws_instance.gitlab[0].private_ip},' --private-key ${var.private_key} -e 'instance_ip_address=${aws_instance.gitlab[0].private_ip} workdir=${local.gitlab_config_tmp_path} config_file=${local_sensitive_file.gitlab_config_file.filename}' ${local.gitlab_config_playbook_file}" + } +} diff --git a/outputs.tf b/outputs.tf index 132997d..6c3dbea 100644 --- a/outputs.tf +++ b/outputs.tf @@ -37,3 +37,7 @@ output "gitlab_redis_address" { value = aws_elasticache_cluster.gitlab_redis.cache_nodes[0].address description = "Gitlab Redis cluster address" } + +output "gitlab_complete_url" { + value = local.gitlab_complete_url +} diff --git a/playbooks/gitlab_setup.yaml b/playbooks/gitlab_setup.yaml new file mode 100644 index 0000000..3b15519 --- /dev/null +++ b/playbooks/gitlab_setup.yaml @@ -0,0 +1,53 @@ +--- +- name: Configure Gitlab + hosts: "{{ instance_ip_address }}" + gather_facts: no + vars: + ansible_host_key_checking: false + update_gitlab_config: false + tasks: + - local_action: wait_for port=22 host="{{ instance_ip_address }}" delay=5 timeout=300 + + - name: stat for /etc/gitlab/gitlab.rb + become: true + stat: + path: "/etc/gitlab/gitlab.rb" + register: original_config_file + - name: Checksum for original gitlab.rb" + set_fact: + original_config_file_checksum: "{{ original_config_file.stat.checksum }}" + - name: print original original checksum + debug: + msg: "{{ original_config_file_checksum }}" + + - name: stat for "{{ config_file }}" + local_action: stat path={{ config_file }} + register: new_config_file + - name: Checksum for new gitlab.rb" + set_fact: + new_config_file_checksum: "{{ new_config_file.stat.checksum }}" + - name: print new file checksum + debug: + msg: "{{ new_config_file_checksum }}" + + - name: Update gitlab.rb + set_fact: + update_gitlab_config: true + when: original_config_file_checksum != new_config_file_checksum + + - name: copy gitlab.rb to /etc/gitlab/ + become: true + when: update_gitlab_config + copy: + src: "{{ config_file }}" + dest: "/etc/gitlab/gitlab.rb" + owner: "root" + group: "root" + mode: 0600 + - name: reconfigure Gitlab + become: true + when: update_gitlab_config + command: gitlab-ctl reconfigure + + - name: cleanup temp files + local_action: command rm -rf {{ workdir }} diff --git a/variables.tf b/variables.tf index 1658fbd..6d2b191 100644 --- a/variables.tf +++ b/variables.tf @@ -268,3 +268,8 @@ variable "gitlab_backup_bucket_name" { default = null description = "Name of S3 bucket to be used for Gitlab backup" } + +variable "private_key" { + type = string + description = "Private key to execute ansible playbook on Gitlab instance." +} diff --git a/versions.tf b/versions.tf index 2e79970..449e883 100644 --- a/versions.tf +++ b/versions.tf @@ -6,5 +6,9 @@ terraform { source = "hashicorp/aws" version = ">= 4.40" } + null = { + source = "hashicorp/null" + version = ">= 3.2.1" + } } }