From b3556729377e39a3e776dec952bbab59311d91de Mon Sep 17 00:00:00 2001 From: Premdeep Saini Date: Wed, 18 Jan 2023 16:41:55 +0530 Subject: [PATCH 1/2] add support for gitlab backup upload to S3 --- gitlab_config_templates/gitlab.rb.tftpl | 27 +++++++++++++++++++++++++ main.tf | 25 ++++++++++++++++++++++- outputs.tf | 4 ++++ playbooks/gitlab_setup.yaml | 19 +++++++++++++++++ variables.tf | 5 +++++ 5 files changed, 79 insertions(+), 1 deletion(-) create mode 100644 gitlab_config_templates/gitlab.rb.tftpl create mode 100644 playbooks/gitlab_setup.yaml diff --git a/gitlab_config_templates/gitlab.rb.tftpl b/gitlab_config_templates/gitlab.rb.tftpl new file mode 100644 index 0000000..100abee --- /dev/null +++ b/gitlab_config_templates/gitlab.rb.tftpl @@ -0,0 +1,27 @@ +external_url '${gitlab_url}' +gitlab_rails['monitoring_whitelist'] = ['0.0.0.0/0','127.0.0.0/8', '::1/128'] +gitlab_rails['db_adapter'] = "postgresql" +gitlab_rails['db_encoding'] = "unicode" +gitlab_rails['db_database'] = "${gitlab_db_name}" +gitlab_rails['db_username'] = "${gitlab_db_username}" +gitlab_rails['db_password'] = "${gitlab_db_password}" +gitlab_rails['db_host'] = "${gitlab_db_host}" +gitlab_rails['redis_host'] = "${gitlab_redis_host}" +gitlab_rails['redis_port'] = 6379 +postgresql['enable'] = false +redis['enable'] = false +nginx['redirect_http_to_https'] = false +nginx['listen_port'] = 80 +nginx['listen_https'] = false +letsencrypt['enable'] = false + +################ +# S3 Backup +################ +gitlab_rails['backup_upload_connection'] = { + 'provider' => 'AWS', + 'region' => '${aws_region}', + # If using an IAM Profile, don't configure aws_access_key_id & aws_secret_access_key + 'use_iam_profile' => true +} +gitlab_rails['backup_upload_remote_directory'] = '${gitlab_backup_s3_bucket_name}' diff --git a/main.tf b/main.tf index 90d5fae..4c881a6 100644 --- a/main.tf +++ b/main.tf @@ -1,5 +1,9 @@ locals { - managed_by = "Terraform" + managed_by = "Terraform" + gitlab_config_template_file = "${path.module}/gitlab_config_templates/gitlab.rb.tftpl" + gitlab_config_generated_file = "${path.cwd}/gitlab_config/gitlab.rb" + gitlab_config_playbook_file = "${path.module}/playbooks/gitlab_setup.yaml" + gitlab_complete_url = join("", tolist(["https://", values(module.records.route53_record_name)[0]])) } resource "aws_instance" "gitlab" { @@ -16,11 +20,16 @@ resource "aws_instance" "gitlab" { volume_size = var.volume_size delete_on_termination = false } + + provisioner "local-exec" { + command = "ansible-playbook -u ubuntu -i '${self.private_ip},' --private-key ${var.private_key} -e 'instance_ip_address=${self.private_ip} file_path=${local_file.gitlab_config_file.filename}' ${local.gitlab_config_playbook_file}" + } tags = { Name = "${var.environment_prefix}-gitlab" Environment = var.environment_prefix ManagedBy = local.managed_by } + depends_on = [local_file.gitlab_config_file] } resource "aws_key_pair" "gitlab_ssh" { @@ -449,3 +458,17 @@ resource "aws_iam_instance_profile" "gitlab" { name = "gitlab" role = aws_iam_role.gitlab_backup.name } + +resource "local_file" "gitlab_config_file" { + filename = local.gitlab_config_generated_file + content = templatefile(local.gitlab_config_template_file, { + gitlab_url = local.gitlab_complete_url, + gitlab_db_name = module.gitlab_pg.db_instance_name, + gitlab_db_username = module.gitlab_pg.db_instance_username, + gitlab_db_password = module.gitlab_pg.db_instance_password, + gitlab_db_host = module.gitlab_pg.db_instance_address, + gitlab_redis_host = aws_elasticache_cluster.gitlab_redis.cache_nodes[0].address, + aws_region = aws_s3_bucket.gitlab_backup[0].region + gitlab_backup_s3_bucket_name = aws_s3_bucket.gitlab_backup[0].bucket + }) +} diff --git a/outputs.tf b/outputs.tf index 132997d..6c3dbea 100644 --- a/outputs.tf +++ b/outputs.tf @@ -37,3 +37,7 @@ output "gitlab_redis_address" { value = aws_elasticache_cluster.gitlab_redis.cache_nodes[0].address description = "Gitlab Redis cluster address" } + +output "gitlab_complete_url" { + value = local.gitlab_complete_url +} diff --git a/playbooks/gitlab_setup.yaml b/playbooks/gitlab_setup.yaml new file mode 100644 index 0000000..11ba447 --- /dev/null +++ b/playbooks/gitlab_setup.yaml @@ -0,0 +1,19 @@ +--- +- name: Configure Gitlab + hosts: "{{ instance_ip_address }}" + gather_facts: no + vars: + ansible_host_key_checking: false + tasks: + - local_action: wait_for port=22 host="{{ instance_ip_address }}" delay=10 timeout=300 + - name: copy gitlab.rb to /etc/gitlab/ + become: true + copy: + src: "{{ file_path }}" + dest: "/etc/gitlab/gitlab.rb" + owner: "root" + group: "root" + mode: 0600 + - name: reconfigure Gitlab + become: true + command: gitlab-ctl reconfigure diff --git a/variables.tf b/variables.tf index 1658fbd..6d2b191 100644 --- a/variables.tf +++ b/variables.tf @@ -268,3 +268,8 @@ variable "gitlab_backup_bucket_name" { default = null description = "Name of S3 bucket to be used for Gitlab backup" } + +variable "private_key" { + type = string + description = "Private key to execute ansible playbook on Gitlab instance." +} From df9c34b5ffca226c5c0cd6a5eb1f12c2d354015b Mon Sep 17 00:00:00 2001 From: Premdeep Saini Date: Fri, 20 Jan 2023 16:15:28 +0530 Subject: [PATCH 2/2] add support for additional gitlab properties configuration --- gitlab_config_templates/gitlab-nginx.rb.tftpl | 3 + gitlab_config_templates/gitlab-postgres.tftpl | 1 + .../{gitlab.rb.tftpl => gitlab-rails.tftpl} | 13 ++-- gitlab_config_templates/gitlab-redis.tftpl | 1 + main.tf | 62 +++++++++++++------ playbooks/gitlab_setup.yaml | 38 +++++++++++- versions.tf | 4 ++ 7 files changed, 92 insertions(+), 30 deletions(-) create mode 100644 gitlab_config_templates/gitlab-nginx.rb.tftpl create mode 100644 gitlab_config_templates/gitlab-postgres.tftpl rename gitlab_config_templates/{gitlab.rb.tftpl => gitlab-rails.tftpl} (71%) create mode 100644 gitlab_config_templates/gitlab-redis.tftpl diff --git a/gitlab_config_templates/gitlab-nginx.rb.tftpl b/gitlab_config_templates/gitlab-nginx.rb.tftpl new file mode 100644 index 0000000..66b9a0c --- /dev/null +++ b/gitlab_config_templates/gitlab-nginx.rb.tftpl @@ -0,0 +1,3 @@ +nginx['redirect_http_to_https'] = false +nginx['listen_port'] = 80 +nginx['listen_https'] = false diff --git a/gitlab_config_templates/gitlab-postgres.tftpl b/gitlab_config_templates/gitlab-postgres.tftpl new file mode 100644 index 0000000..b1908e3 --- /dev/null +++ b/gitlab_config_templates/gitlab-postgres.tftpl @@ -0,0 +1 @@ +postgresql['enable'] = false diff --git a/gitlab_config_templates/gitlab.rb.tftpl b/gitlab_config_templates/gitlab-rails.tftpl similarity index 71% rename from gitlab_config_templates/gitlab.rb.tftpl rename to gitlab_config_templates/gitlab-rails.tftpl index 100abee..5dd46e6 100644 --- a/gitlab_config_templates/gitlab.rb.tftpl +++ b/gitlab_config_templates/gitlab-rails.tftpl @@ -1,27 +1,22 @@ external_url '${gitlab_url}' + gitlab_rails['monitoring_whitelist'] = ['0.0.0.0/0','127.0.0.0/8', '::1/128'] + gitlab_rails['db_adapter'] = "postgresql" gitlab_rails['db_encoding'] = "unicode" gitlab_rails['db_database'] = "${gitlab_db_name}" gitlab_rails['db_username'] = "${gitlab_db_username}" gitlab_rails['db_password'] = "${gitlab_db_password}" gitlab_rails['db_host'] = "${gitlab_db_host}" + gitlab_rails['redis_host'] = "${gitlab_redis_host}" gitlab_rails['redis_port'] = 6379 -postgresql['enable'] = false -redis['enable'] = false -nginx['redirect_http_to_https'] = false -nginx['listen_port'] = 80 -nginx['listen_https'] = false + letsencrypt['enable'] = false -################ -# S3 Backup -################ gitlab_rails['backup_upload_connection'] = { 'provider' => 'AWS', 'region' => '${aws_region}', - # If using an IAM Profile, don't configure aws_access_key_id & aws_secret_access_key 'use_iam_profile' => true } gitlab_rails['backup_upload_remote_directory'] = '${gitlab_backup_s3_bucket_name}' diff --git a/gitlab_config_templates/gitlab-redis.tftpl b/gitlab_config_templates/gitlab-redis.tftpl new file mode 100644 index 0000000..ed60013 --- /dev/null +++ b/gitlab_config_templates/gitlab-redis.tftpl @@ -0,0 +1 @@ +redis['enable'] = false diff --git a/main.tf b/main.tf index 4c881a6..0369bc0 100644 --- a/main.tf +++ b/main.tf @@ -1,9 +1,13 @@ locals { - managed_by = "Terraform" - gitlab_config_template_file = "${path.module}/gitlab_config_templates/gitlab.rb.tftpl" - gitlab_config_generated_file = "${path.cwd}/gitlab_config/gitlab.rb" - gitlab_config_playbook_file = "${path.module}/playbooks/gitlab_setup.yaml" - gitlab_complete_url = join("", tolist(["https://", values(module.records.route53_record_name)[0]])) + managed_by = "Terraform" + gitlab_config_file_name = "gitlab.rb" + rendered_gitlab_config_file_name = "gitlab_rendered.rb" + gitlab_additional_config_file_name = "gitlab_additional.rb" + gitlab_config_tmp_path = "/tmp/gitlab/gitlab_config" + gitlab_config_template_file_path = "${path.module}/gitlab_config_templates" + gitlab_config_file_path = "${path.cwd}/gitlab_config" + gitlab_config_playbook_file = "${path.module}/playbooks/gitlab_setup.yaml" + gitlab_complete_url = join("", tolist(["https://", values(module.records.route53_record_name)[0]])) } resource "aws_instance" "gitlab" { @@ -21,15 +25,12 @@ resource "aws_instance" "gitlab" { delete_on_termination = false } - provisioner "local-exec" { - command = "ansible-playbook -u ubuntu -i '${self.private_ip},' --private-key ${var.private_key} -e 'instance_ip_address=${self.private_ip} file_path=${local_file.gitlab_config_file.filename}' ${local.gitlab_config_playbook_file}" - } tags = { Name = "${var.environment_prefix}-gitlab" Environment = var.environment_prefix ManagedBy = local.managed_by } - depends_on = [local_file.gitlab_config_file] + } resource "aws_key_pair" "gitlab_ssh" { @@ -233,12 +234,6 @@ module "elb" { unhealthy_threshold = var.healthcheck_unhealthy_threshold timeout = var.healthcheck_timeout } - # - # access_logs = { - # bucket = "my-access-logs-bucket" - # } - - // ELB attachments number_of_instances = length(aws_instance.gitlab) instances = aws_instance.gitlab[*].id @@ -459,9 +454,11 @@ resource "aws_iam_instance_profile" "gitlab" { role = aws_iam_role.gitlab_backup.name } -resource "local_file" "gitlab_config_file" { - filename = local.gitlab_config_generated_file - content = templatefile(local.gitlab_config_template_file, { +data "template_file" "gitlab_config_template" { + template = join("\n", [ + for fn in fileset(".", "${local.gitlab_config_template_file_path}/**") : file(fn) + ]) + vars = { gitlab_url = local.gitlab_complete_url, gitlab_db_name = module.gitlab_pg.db_instance_name, gitlab_db_username = module.gitlab_pg.db_instance_username, @@ -470,5 +467,32 @@ resource "local_file" "gitlab_config_file" { gitlab_redis_host = aws_elasticache_cluster.gitlab_redis.cache_nodes[0].address, aws_region = aws_s3_bucket.gitlab_backup[0].region gitlab_backup_s3_bucket_name = aws_s3_bucket.gitlab_backup[0].bucket - }) + } +} + +resource "local_sensitive_file" "rendered_gitlab_config_file" { + filename = "${local.gitlab_config_tmp_path}/${local.rendered_gitlab_config_file_name}" + content = data.template_file.gitlab_config_template.rendered +} + +data "local_sensitive_file" "gitlab_additional_config" { + count = fileexists("${local.gitlab_config_file_path}/${local.gitlab_additional_config_file_name}") ? 1 : 0 + filename = "${local.gitlab_config_file_path}/${local.gitlab_additional_config_file_name}" +} + +resource "local_sensitive_file" "gitlab_config_file" { + filename = "${local.gitlab_config_tmp_path}/${local.gitlab_config_file_name}" + content = join("\n", tolist([ + data.template_file.gitlab_config_template.rendered, + data.local_sensitive_file.gitlab_additional_config != [] ? data.local_sensitive_file.gitlab_additional_config[0].content : "" + ])) +} + +resource "null_resource" "gitlab_reconfigure" { + triggers = { + timestamp = timestamp() + } + provisioner "local-exec" { + command = "ansible-playbook -u ubuntu -i '${aws_instance.gitlab[0].private_ip},' --private-key ${var.private_key} -e 'instance_ip_address=${aws_instance.gitlab[0].private_ip} workdir=${local.gitlab_config_tmp_path} config_file=${local_sensitive_file.gitlab_config_file.filename}' ${local.gitlab_config_playbook_file}" + } } diff --git a/playbooks/gitlab_setup.yaml b/playbooks/gitlab_setup.yaml index 11ba447..3b15519 100644 --- a/playbooks/gitlab_setup.yaml +++ b/playbooks/gitlab_setup.yaml @@ -4,16 +4,50 @@ gather_facts: no vars: ansible_host_key_checking: false + update_gitlab_config: false tasks: - - local_action: wait_for port=22 host="{{ instance_ip_address }}" delay=10 timeout=300 + - local_action: wait_for port=22 host="{{ instance_ip_address }}" delay=5 timeout=300 + + - name: stat for /etc/gitlab/gitlab.rb + become: true + stat: + path: "/etc/gitlab/gitlab.rb" + register: original_config_file + - name: Checksum for original gitlab.rb" + set_fact: + original_config_file_checksum: "{{ original_config_file.stat.checksum }}" + - name: print original original checksum + debug: + msg: "{{ original_config_file_checksum }}" + + - name: stat for "{{ config_file }}" + local_action: stat path={{ config_file }} + register: new_config_file + - name: Checksum for new gitlab.rb" + set_fact: + new_config_file_checksum: "{{ new_config_file.stat.checksum }}" + - name: print new file checksum + debug: + msg: "{{ new_config_file_checksum }}" + + - name: Update gitlab.rb + set_fact: + update_gitlab_config: true + when: original_config_file_checksum != new_config_file_checksum + - name: copy gitlab.rb to /etc/gitlab/ become: true + when: update_gitlab_config copy: - src: "{{ file_path }}" + src: "{{ config_file }}" dest: "/etc/gitlab/gitlab.rb" owner: "root" group: "root" mode: 0600 - name: reconfigure Gitlab become: true + when: update_gitlab_config command: gitlab-ctl reconfigure + + - name: cleanup temp files + local_action: command rm -rf {{ workdir }} diff --git a/versions.tf b/versions.tf index 2e79970..449e883 100644 --- a/versions.tf +++ b/versions.tf @@ -6,5 +6,9 @@ terraform { source = "hashicorp/aws" version = ">= 4.40" } + null = { + source = "hashicorp/null" + version = ">= 3.2.1" + } } }