diff options
author | Zeger-Jan van de Weg <git@zjvandeweg.nl> | 2020-07-17 17:30:14 +0300 |
---|---|---|
committer | Zeger-Jan van de Weg <git@zjvandeweg.nl> | 2020-07-17 17:30:14 +0300 |
commit | d207f5caeb2c2eb8c04fce78db5d5d078bb7b151 (patch) | |
tree | 5dc71379095fd084041572fb39b15ca37b52ad8f | |
parent | 0a0cec89e667954bdb5153901b3aed32cf390880 (diff) |
Create ansible playbook for demo setupzj-demo-setup-ansible
I was to demo today, and didn't want to spend an hour to configure all
components. Initially the idea was to leverage the Helm charts. Given
the limited experience I had, I wanted to some results to create a set
up for future iterations.
This change is such a first iteration. There's no automation or
integration with the terraform scripts yet.
-rw-r--r-- | _support/demo-setup/README.md | 5 | ||||
-rw-r--r-- | _support/demo-setup/hosts | 18 | ||||
-rw-r--r-- | _support/demo-setup/local_env.yml | 17 | ||||
-rw-r--r-- | _support/demo-setup/roles/base/tasks/main.yml | 17 | ||||
-rw-r--r-- | _support/demo-setup/roles/gitaly/tasks/main.yml | 18 | ||||
-rw-r--r-- | _support/demo-setup/roles/gitaly/templates/gitaly-gitlab.rb.j2 | 48 | ||||
-rw-r--r-- | _support/demo-setup/roles/gitlab/tasks/main.yml | 21 | ||||
-rw-r--r-- | _support/demo-setup/roles/gitlab/templates/gitlab-gitlab.rb.j2 | 39 | ||||
-rw-r--r-- | _support/demo-setup/roles/praefect/tasks/main.yml | 34 | ||||
-rw-r--r-- | _support/demo-setup/roles/praefect/templates/praefect-gitlab.rb.j2 | 45 | ||||
-rwxr-xr-x | _support/demo-setup/setup | 4 |
11 files changed, 266 insertions, 0 deletions
diff --git a/_support/demo-setup/README.md b/_support/demo-setup/README.md new file mode 100644 index 000000000..0f89cc045 --- /dev/null +++ b/_support/demo-setup/README.md @@ -0,0 +1,5 @@ +### Disclaimer + +This is an install method for developers demos of Gitaly and Praefect. The intent +is to quickly setup GitLab, Praefect, and Gitaly. Given each install in torn down +right after use, security is sacrificed. diff --git a/_support/demo-setup/hosts b/_support/demo-setup/hosts new file mode 100644 index 000000000..432cc66d2 --- /dev/null +++ b/_support/demo-setup/hosts @@ -0,0 +1,18 @@ +[gitalies] +35.186.174.24 +35.199.7.165 +35.245.136.225 + +[praefects] +35.221.26.197 +34.86.94.216 +34.86.59.103 + +[databases] +35.245.1.128 + +[gitlabs] +35.199.51.66 + +[loadbalancers] +10.150.0.90 diff --git a/_support/demo-setup/local_env.yml b/_support/demo-setup/local_env.yml new file mode 100644 index 000000000..5caad7b57 --- /dev/null +++ b/_support/demo-setup/local_env.yml @@ -0,0 +1,17 @@ +- name: Gitaly setup + hosts: gitalies + roles: + - base + - gitaly + +- name: Praefect setup + hosts: praefects + roles: + - base + - praefect + +- name: GitLab Application server setup + hosts: gitlabs + roles: + - base + - gitlab diff --git a/_support/demo-setup/roles/base/tasks/main.yml b/_support/demo-setup/roles/base/tasks/main.yml new file mode 100644 index 000000000..62c7e9e16 --- /dev/null +++ b/_support/demo-setup/roles/base/tasks/main.yml @@ -0,0 +1,17 @@ +- name: Get GitLab-EE setup script + get_url: + url: https://packages.gitlab.com/install/repositories/gitlab/nightly-builds/script.deb.sh + dest: /tmp/gitlab-nightly-script.deb.sh + mode: '0755' + +- name: Install GitLab-EE nightly repositories + become: yes + shell: + cmd: /tmp/gitlab-nightly-script.deb.sh + +- name: Install latest GitLab-EE + become: yes + package: + name: gitlab-ee + state: latest + diff --git a/_support/demo-setup/roles/gitaly/tasks/main.yml b/_support/demo-setup/roles/gitaly/tasks/main.yml new file mode 100644 index 000000000..05be9c6d1 --- /dev/null +++ b/_support/demo-setup/roles/gitaly/tasks/main.yml @@ -0,0 +1,18 @@ +- name: Set GitLab.rb file + become: yes + template: + src: gitaly-gitlab.rb.j2 + dest: /etc/gitlab/gitlab.rb + +- name: Reconfigure GitLab + become: yes + command: + cmd: gitlab-ctl reconfigure + +# Reconfigure is not good enough to start prometheus, see: +# https://docs.gitlab.com/ee/administration/gitaly/praefect.html#gitaly +- name: Restart Gitaly for Prometheus listeners + become: yes + command: + cmd: gitlab-ctl restart + diff --git a/_support/demo-setup/roles/gitaly/templates/gitaly-gitlab.rb.j2 b/_support/demo-setup/roles/gitaly/templates/gitaly-gitlab.rb.j2 new file mode 100644 index 000000000..9be7a90a3 --- /dev/null +++ b/_support/demo-setup/roles/gitaly/templates/gitaly-gitlab.rb.j2 @@ -0,0 +1,48 @@ +# Disable all other services on the Praefect node +postgresql['enable'] = false +redis['enable'] = false +nginx['enable'] = false +grafana['enable'] = false +puma['enable'] = false +sidekiq['enable'] = false +gitlab_workhorse['enable'] = false +prometheus_monitoring['enable'] = false + +# Enable only the Gitaly service +gitaly['enable'] = true + +# Enable Prometheus if needed +prometheus['enable'] = false + +# Prevent database connections during 'gitlab-ctl reconfigure' +gitlab_rails['rake_cache_clear'] = false +gitlab_rails['auto_migrate'] = false + +# Make Gitaly accept connections on all network interfaces. +# Use firewalls to restrict access to this address/port. +gitaly['listen_addr'] = '0.0.0.0:8075' + +# Enable Prometheus metrics access to Gitaly. You must use firewalls +# to restrict access to this address/port. +gitaly['prometheus_listen_addr'] = '0.0.0.0:9236' + +gitaly['auth_token'] = 'PRAEFECT_INTERNAL_TOKEN' + +gitlab_shell['secret_token'] = 'GITLAB_SHELL_SECRET_TOKEN' + +# Configure the gitlab-shell API callback URL. Without this, `git push` will +# fail. This can be your front door GitLab URL or an internal load balancer. +# Examples: 'https://example.gitlab.com', 'http://1.2.3.4' +gitlab_rails['internal_api_url'] = 'http://{{ groups['gitlabs'][0] }}' + +# You can include the data dirs for all nodes in the same config, because +# Praefect will only route requests according to the addresses provided in the +# prior step. +git_data_dirs({ + {% for host in groups['gitalies'] %} + '{{ hostvars[host]['ansible_facts']['default_ipv4']['address'] }}' => { + "path" => "/var/opt/gitlab/git-data" + }, + {% endfor %} +}) + diff --git a/_support/demo-setup/roles/gitlab/tasks/main.yml b/_support/demo-setup/roles/gitlab/tasks/main.yml new file mode 100644 index 000000000..564e5dd1a --- /dev/null +++ b/_support/demo-setup/roles/gitlab/tasks/main.yml @@ -0,0 +1,21 @@ +- name: Set GitLab.rb file + become: yes + template: + src: gitlab-gitlab.rb.j2 + dest: /etc/gitlab/gitlab.rb + +- name: Reconfigure GitLab + become: yes + command: + cmd: gitlab-ctl reconfigure + +- name: Restart GitLab + become: yes + command: + cmd: gitlab-ctl restart + +- name: Rake Gitaly verification + become: yes + command: + cmd: gitlab-rake gitlab:gitaly:check + diff --git a/_support/demo-setup/roles/gitlab/templates/gitlab-gitlab.rb.j2 b/_support/demo-setup/roles/gitlab/templates/gitlab-gitlab.rb.j2 new file mode 100644 index 000000000..19f5273c6 --- /dev/null +++ b/_support/demo-setup/roles/gitlab/templates/gitlab-gitlab.rb.j2 @@ -0,0 +1,39 @@ +external_url 'http://{{ groups['gitlabs'][0] }}' + +gitaly['enable'] = false + +git_data_dirs({ + "default" => { + "gitaly_address" => "tcp://{{ groups['loadbalancers'][0] }}:2305", + "gitaly_token" => 'PRAEFECT_EXTERNAL_TOKEN' + } +}) + +gitlab_shell['secret_token'] = 'GITLAB_SHELL_SECRET_TOKEN' + +prometheus['scrape_configs'] = [ + { + 'job_name' => 'praefect', + 'static_configs' => [ + 'targets' => [ + {% for host in groups['praefects'] %} + '{{ host }}:9652', + {% endfor %} + ] + ] + + }, + { + 'job_name' => 'praefect-gitaly', + 'static_configs' => [ + 'targets' => [ + {% for host in groups['gitalies'] %} + '{{ host }}:9236', + {% endfor %} + ] + ] + } +] + +grafana['disable_login_form'] = false + diff --git a/_support/demo-setup/roles/praefect/tasks/main.yml b/_support/demo-setup/roles/praefect/tasks/main.yml new file mode 100644 index 000000000..0c3e9f1e5 --- /dev/null +++ b/_support/demo-setup/roles/praefect/tasks/main.yml @@ -0,0 +1,34 @@ +- name: Ensure Postgresql connection + shell: + cmd: "PGPASSWORD=PRAEFECT_SQL_PASSWORD /opt/gitlab/embedded/bin/psql -w -U praefect -d template1 -h {{ groups['databases'][0] }} --command='select 1'" + +- name: Set GitLab.rb file + become: yes + template: + src: praefect-gitlab.rb.j2 + dest: /etc/gitlab/gitlab.rb + +- name: Reconfigure GitLab + become: yes + command: + cmd: gitlab-ctl reconfigure + +# Reconfigure is not good enough to start prometheus, see: +# https://docs.gitlab.com/ee/administration/gitaly/praefect.html#gitaly +- name: Restart Praefect for Prometheus listeners + become: yes + command: + cmd: gitlab-ctl restart + +- name: SQL Ping verification + become: yes + become_user: git + command: + cmd: /opt/gitlab/embedded/bin/praefect -config /var/opt/gitlab/praefect/config.toml sql-ping + +- name: Dial nodes verification + become: yes + command: + cmd: /opt/gitlab/embedded/bin/praefect -config /var/opt/gitlab/praefect/config.toml dial-nodes + + diff --git a/_support/demo-setup/roles/praefect/templates/praefect-gitlab.rb.j2 b/_support/demo-setup/roles/praefect/templates/praefect-gitlab.rb.j2 new file mode 100644 index 000000000..2d5a88db4 --- /dev/null +++ b/_support/demo-setup/roles/praefect/templates/praefect-gitlab.rb.j2 @@ -0,0 +1,45 @@ +# Disable all other services on the Praefect node +postgresql['enable'] = false +redis['enable'] = false +nginx['enable'] = false +prometheus['enable'] = false +grafana['enable'] = false +puma['enable'] = false +sidekiq['enable'] = false +gitlab_workhorse['enable'] = false +gitaly['enable'] = false + +# Enable only the Praefect service +praefect['enable'] = true + +# Prevent database connections during 'gitlab-ctl reconfigure' +gitlab_rails['rake_cache_clear'] = false +gitlab_rails['auto_migrate'] = false + +praefect['listen_addr'] = '0.0.0.0:2305' + +# Enable Prometheus metrics access to Praefect. You must use firewalls +# to restrict access to this address/port. +praefect['prometheus_listen_addr'] = '0.0.0.0:9652' + +praefect['auth_token'] = 'PRAEFECT_EXTERNAL_TOKEN' + +praefect['database_host'] = '{{ groups['databases'][0] }}' +praefect['database_port'] = 5432 +praefect['database_user'] = 'praefect' +praefect['database_password'] = 'PRAEFECT_SQL_PASSWORD' +praefect['database_dbname'] = 'praefect_production' + +# Name of storage hash must match storage name in git_data_dirs on GitLab +# server ('praefect') and in git_data_dirs on Gitaly nodes ('gitaly-1') +praefect['virtual_storages'] = { + 'default' => { + {% for host in groups['gitalies'] %} + '{{ hostvars[host]['ansible_facts']['default_ipv4']['address'] }}' => { + 'address' => 'tcp://{{ hostvars[host]['ansible_facts']['default_ipv4']['address'] }}:8075', + 'token' => 'PRAEFECT_INTERNAL_TOKEN', + 'primary' => {{ (loop.index0 == 0)|string|lower }}, + }, + {% endfor %} + } +} diff --git a/_support/demo-setup/setup b/_support/demo-setup/setup new file mode 100755 index 000000000..d880a8468 --- /dev/null +++ b/_support/demo-setup/setup @@ -0,0 +1,4 @@ +#!/usr/bin/env sh + +ansible-playbook -i hosts local_env.yml + |