Add ansible playbook

gitlab_config_templates/gitlab-nginx.rb.tftpl

@@ -0,0 +1,3 @@
+nginx['redirect_http_to_https'] = false
+nginx['listen_port'] = 80
+nginx['listen_https'] = false

gitlab_config_templates/gitlab-postgres.tftpl

@@ -0,0 +1 @@
+postgresql['enable'] = false

gitlab_config_templates/gitlab-rails.tftpl

@@ -0,0 +1,22 @@
+external_url '${gitlab_url}'
+
+gitlab_rails['monitoring_whitelist'] = ['0.0.0.0/0','127.0.0.0/8', '::1/128']
+
+gitlab_rails['db_adapter'] = "postgresql"
+gitlab_rails['db_encoding'] = "unicode"
+gitlab_rails['db_database'] = "${gitlab_db_name}"
+gitlab_rails['db_username'] = "${gitlab_db_username}"
+gitlab_rails['db_password'] = "${gitlab_db_password}"
+gitlab_rails['db_host'] = "${gitlab_db_host}"
+
+gitlab_rails['redis_host'] = "${gitlab_redis_host}"
+gitlab_rails['redis_port'] = 6379
+
+letsencrypt['enable'] = false
+
+gitlab_rails['backup_upload_connection'] = {
+  'provider' => 'AWS',
+  'region' => '${aws_region}',
+  'use_iam_profile' => true
+}
+gitlab_rails['backup_upload_remote_directory'] = '${gitlab_backup_s3_bucket_name}'

gitlab_config_templates/gitlab-redis.tftpl

@@ -0,0 +1 @@
+redis['enable'] = false

main.tf

@@ -1,5 +1,13 @@
 locals {
-  managed_by = "Terraform"
+  managed_by                         = "Terraform"
+  gitlab_config_file_name            = "gitlab.rb"
+  rendered_gitlab_config_file_name   = "gitlab_rendered.rb"
+  gitlab_additional_config_file_name = "gitlab_additional.rb"
+  gitlab_config_tmp_path             = "/tmp/gitlab/gitlab_config"
+  gitlab_config_template_file_path   = "${path.module}/gitlab_config_templates"
+  gitlab_config_file_path            = "${path.cwd}/gitlab_config"
+  gitlab_config_playbook_file        = "${path.module}/playbooks/gitlab_setup.yaml"
+  gitlab_complete_url                = join("", tolist(["https://", values(module.records.route53_record_name)[0]]))
 }
 
 resource "aws_instance" "gitlab" {
@@ -16,11 +24,13 @@ resource "aws_instance" "gitlab" {
     volume_size           = var.volume_size
     delete_on_termination = false
   }
+
   tags = {
     Name        = "${var.environment_prefix}-gitlab"
     Environment = var.environment_prefix
     ManagedBy   = local.managed_by
   }
+
 }
 
 resource "aws_key_pair" "gitlab_ssh" {
@@ -224,12 +234,6 @@ module "elb" {
     unhealthy_threshold = var.healthcheck_unhealthy_threshold
     timeout             = var.healthcheck_timeout
   }
-  #
-  #  access_logs = {
-  #    bucket = "my-access-logs-bucket"
-  #  }
-
-  // ELB attachments
   number_of_instances = length(aws_instance.gitlab)
   instances           = aws_instance.gitlab[*].id
 
@@ -449,3 +453,46 @@ resource "aws_iam_instance_profile" "gitlab" {
   name = "gitlab"
   role = aws_iam_role.gitlab_backup.name
 }
+
+data "template_file" "gitlab_config_template" {
+  template = join("\n", [
+    for fn in fileset(".", "${local.gitlab_config_template_file_path}/**") : file(fn)
+  ])
+  vars = {
+    gitlab_url                   = local.gitlab_complete_url,
+    gitlab_db_name               = module.gitlab_pg.db_instance_name,
+    gitlab_db_username           = module.gitlab_pg.db_instance_username,
+    gitlab_db_password           = module.gitlab_pg.db_instance_password,
+    gitlab_db_host               = module.gitlab_pg.db_instance_address,
+    gitlab_redis_host            = aws_elasticache_cluster.gitlab_redis.cache_nodes[0].address,
+    aws_region                   = aws_s3_bucket.gitlab_backup[0].region
+    gitlab_backup_s3_bucket_name = aws_s3_bucket.gitlab_backup[0].bucket
+  }
+}
+
+resource "local_sensitive_file" "rendered_gitlab_config_file" {
+  filename = "${local.gitlab_config_tmp_path}/${local.rendered_gitlab_config_file_name}"
+  content  = data.template_file.gitlab_config_template.rendered
+}
+
+data "local_sensitive_file" "gitlab_additional_config" {
+  count    = fileexists("${local.gitlab_config_file_path}/${local.gitlab_additional_config_file_name}") ? 1 : 0
+  filename = "${local.gitlab_config_file_path}/${local.gitlab_additional_config_file_name}"
+}
+
+resource "local_sensitive_file" "gitlab_config_file" {
+  filename = "${local.gitlab_config_tmp_path}/${local.gitlab_config_file_name}"
+  content = join("\n", tolist([
+    data.template_file.gitlab_config_template.rendered,
+    data.local_sensitive_file.gitlab_additional_config != [] ? data.local_sensitive_file.gitlab_additional_config[0].content : ""
+  ]))
+}
+
+resource "null_resource" "gitlab_reconfigure" {
+  triggers = {
+    timestamp = timestamp()
+  }
+  provisioner "local-exec" {
+    command = "ansible-playbook -u ubuntu -i '${aws_instance.gitlab[0].private_ip},' --private-key ${var.private_key} -e 'instance_ip_address=${aws_instance.gitlab[0].private_ip} workdir=${local.gitlab_config_tmp_path} config_file=${local_sensitive_file.gitlab_config_file.filename}' ${local.gitlab_config_playbook_file}"
+  }
+}

outputs.tf

@@ -37,3 +37,7 @@ output "gitlab_redis_address" {
   value       = aws_elasticache_cluster.gitlab_redis.cache_nodes[0].address
   description = "Gitlab Redis cluster address"
 }
+
+output "gitlab_complete_url" {
+  value = local.gitlab_complete_url
+}

playbooks/gitlab_setup.yaml

@@ -0,0 +1,53 @@
+---
+- name: Configure Gitlab
+  hosts: "{{ instance_ip_address }}"
+  gather_facts: no
+  vars:
+    ansible_host_key_checking: false
+    update_gitlab_config: false
+  tasks:
+    - local_action: wait_for port=22 host="{{ instance_ip_address }}" delay=5 timeout=300
+
+    - name: stat for /etc/gitlab/gitlab.rb
+      become: true
+      stat:
+        path: "/etc/gitlab/gitlab.rb"
+      register: original_config_file
+    - name: Checksum for original gitlab.rb"
+      set_fact:
+        original_config_file_checksum: "{{ original_config_file.stat.checksum }}"
+    - name: print original original checksum
+      debug:
+        msg: "{{ original_config_file_checksum }}"
+
+    - name: stat for "{{ config_file }}"
+      local_action: stat path={{ config_file }}
+      register: new_config_file
+    - name: Checksum for new gitlab.rb"
+      set_fact:
+        new_config_file_checksum: "{{ new_config_file.stat.checksum }}"
+    - name: print new file checksum
+      debug:
+        msg: "{{ new_config_file_checksum }}"
+
+    - name: Update gitlab.rb
+      set_fact:
+        update_gitlab_config: true
+      when: original_config_file_checksum != new_config_file_checksum
+
+    - name: copy gitlab.rb to /etc/gitlab/
+      become: true
+      when: update_gitlab_config
+      copy:
+        src: "{{ config_file }}"
+        dest: "/etc/gitlab/gitlab.rb"
+        owner: "root"
+        group: "root"
+        mode: 0600
+    - name: reconfigure Gitlab
+      become: true
+      when: update_gitlab_config
+      command: gitlab-ctl reconfigure
+
+    - name: cleanup temp files
+      local_action: command rm -rf {{ workdir }}

variables.tf

@@ -268,3 +268,8 @@ variable "gitlab_backup_bucket_name" {
   default     = null
   description = "Name of S3 bucket to be used for Gitlab backup"
 }
+
+variable "private_key" {
+  type        = string
+  description = "Private key to execute ansible playbook on Gitlab instance."
+}

versions.tf

@@ -6,5 +6,9 @@ terraform {
       source  = "hashicorp/aws"
       version = ">= 4.40"
     }
+    null = {
+      source  = "hashicorp/null"
+      version = ">= 3.2.1"
+    }
   }
 }