diff options
author | Patrick Steinhardt <ps@pks.im> | 2020-08-10 12:03:02 +0300 |
---|---|---|
committer | Patrick Steinhardt <psteinhardt@gitlab.com> | 2020-09-14 10:52:13 +0300 |
commit | 32b978e3dad2daf71e3cd26595c7b84a9104727e (patch) | |
tree | 63b0c542576d7b0d358008e44ea60c02db1ec3bb /_support/terraform | |
parent | 0930cec1601daf56eac43f291839849e5d1fc40a (diff) |
terraform: Convert cluster creation to use Ansible
Right now, creation of the demo cluster is performed via a set of Ruby
scripts. Let's convert them to use Ansible, too, so tasks become
idempotent and we have less of a mixture between Ansible and custom Ruby
logic.
Diffstat (limited to '_support/terraform')
-rw-r--r-- | _support/terraform/.gitignore | 5 | ||||
-rw-r--r-- | _support/terraform/README.md | 5 | ||||
-rwxr-xr-x | _support/terraform/create-demo-cluster | 97 | ||||
-rw-r--r-- | _support/terraform/create.yml | 22 | ||||
-rw-r--r-- | _support/terraform/helper.rb | 12 | ||||
-rw-r--r-- | _support/terraform/hosts.ini.erb | 22 | ||||
-rw-r--r-- | _support/terraform/roles/deploy/tasks/main.yml | 25 | ||||
-rw-r--r-- | _support/terraform/roles/deploy/templates/hosts.ini.j2 | 26 | ||||
-rw-r--r-- | _support/terraform/roles/deploy/templates/terraform.tfvars.j2 | 7 | ||||
-rw-r--r-- | _support/terraform/roles/praefect/templates/praefect-gitlab.rb.j2 | 2 | ||||
-rw-r--r-- | _support/terraform/terraform.tfvars.erb | 7 | ||||
-rw-r--r-- | _support/terraform/terraform/main.tf (renamed from _support/terraform/main.tf) | 0 |
12 files changed, 87 insertions, 143 deletions
diff --git a/_support/terraform/.gitignore b/_support/terraform/.gitignore index 5102a820f..ac6ff6fd8 100644 --- a/_support/terraform/.gitignore +++ b/_support/terraform/.gitignore @@ -1,4 +1,3 @@ -/*.tfstate* -/.terraform* /hosts.ini -/terraform.tfvars +/terraform/* +!/terraform/main.tf diff --git a/_support/terraform/README.md b/_support/terraform/README.md index 50b00455b..b6cdb2efd 100644 --- a/_support/terraform/README.md +++ b/_support/terraform/README.md @@ -21,9 +21,8 @@ page](https://www.terraform.io/downloads.html). ./create-demo-cluster ``` -This will open a browser to sign into GCP if necessary. Terraform will -print a plan and ask you to confirm it before it creates anything in -GCP. +This will open a browser to sign into GCP if necessary. Ansible will then ask +you a set of questions before it performs the deplyoment. When the script is done, `apt-get install gitlab-ee` is still busy running in the background on your new VM's. diff --git a/_support/terraform/create-demo-cluster b/_support/terraform/create-demo-cluster index a9aaa974c..0173ac095 100755 --- a/_support/terraform/create-demo-cluster +++ b/_support/terraform/create-demo-cluster @@ -1,95 +1,2 @@ -#!/usr/bin/env ruby -# frozen_string_literal: true - -require 'erb' -require 'etc' -require 'io/console' -require 'json' - -require_relative 'helper.rb' - -TFVARS = 'terraform.tfvars' -HOSTS = 'hosts.ini' - -def main - unless gcloud_appliction_default_logged_in? - run!(%w[gcloud auth application-default login]) - end - - unless terraform_initialized? - run!(%w[terraform init]) - end - - unless File.exist?(TFVARS) - render!(TFVARS, 'terraform.tfvars.erb') - end - - run!(%w[terraform apply]) - - @tfstate = JSON.parse(File.read("terraform.tfstate")) - - unless File.exist?(HOSTS) - render!(HOSTS, 'hosts.ini.erb') - end -end - -def praefect_demo_cluster_name - default_name = "#{username}-#{Time.now.utc.strftime('%Y%m%d')}" - get_input('Enter a name for your demo cluster', default_name) -end - -def praefect_sql_password - @praefect_sql_password ||= get_input( - 'Enter a password for the praefect PostgreSQL user', - 'PRAEFECT_SQL_PASSWORD', - echo: false - ) -end - -def gitlab_root_password - get_input( - 'Enter a password for the root GitLab user', - 'GITLAB_ROOT_PASSWORD', - echo: false - ) -end - -def username - Etc.getlogin -end - -def ssh_pubkey - default_path = File.join(Etc.getpwnam(username).dir, '.ssh/id_rsa.pub') - pubkey_path = get_input('Enter the path to your SSH public key', default_path) - pubkey = File.read(pubkey_path).chomp - - unless pubkey.start_with?('ssh-') - # Protect against accidentally using the private key - abort "contents of #{path} do not look like an SSH pubkey" - end - - pubkey -end - -def get_input(prompt, default, echo: true) - puts "#{prompt} (default: #{default})." - print "> " - - input = echo ? gets.chomp : STDIN.noecho(&:gets).chomp - - input.empty? ? default : input -end - -def render!(file, template_path) - IO.write(file, ERB.new(File.read(template_path)).result(binding)) -end - -def gcloud_appliction_default_logged_in? - system( - *%w[gcloud auth application-default print-access-token], - out: '/dev/null', - err: '/dev/null' - ) -end - -main +#!/bin/sh +exec ansible-playbook -l localhost create.yml "$@" diff --git a/_support/terraform/create.yml b/_support/terraform/create.yml new file mode 100644 index 000000000..f68feec95 --- /dev/null +++ b/_support/terraform/create.yml @@ -0,0 +1,22 @@ +- hosts: localhost + vars_prompt: + - name: praefect_demo_cluster_name + prompt: "Enter a name for your demo cluster" + default: "{{ lookup('env', 'USER') }}-{{ lookup('pipe', 'date +%Y-%m-%d') }}" + private: false + - name: praefect_sql_password + prompt: "Enter a password for the Praefect PostgreSQL user" + default: "PRAEFECT_SQL_PASSWORD" + - name: gitlab_root_password + prompt: "Enter a password for the root GitLab user" + default: "GITLAB_ROOT_PASSWORD" + - name: ssh_username + prompt: "Enter the user name you want to use to connect to remote hosts via SSH" + default: "{{ lookup('env', 'USER') }}" + private: false + - name: ssh_pubkey + prompt: "Enter the path to your SSH public key" + default: "{{ lookup('env', 'HOME') }}/.ssh/id_rsa.pub" + private: false + roles: + - deploy diff --git a/_support/terraform/helper.rb b/_support/terraform/helper.rb deleted file mode 100644 index eddccbf33..000000000 --- a/_support/terraform/helper.rb +++ /dev/null @@ -1,12 +0,0 @@ -require 'json' - -require_relative '../run.rb' - -def terraform_initialized? - File.exist?('.terraform') -end - -def terraform_any_machines? - state = JSON.parse(capture!(%w[terraform show -json])) - state.has_key?('values') -end diff --git a/_support/terraform/hosts.ini.erb b/_support/terraform/hosts.ini.erb deleted file mode 100644 index 74307ca63..000000000 --- a/_support/terraform/hosts.ini.erb +++ /dev/null @@ -1,22 +0,0 @@ -[gitalies]<% @tfstate["outputs"]["gitaly_ssh_ip"]["value"].each do |gitaly, address| %> -<%= address %> internal=<%= @tfstate["outputs"]["gitaly_internal_ip"]["value"][gitaly] %><% end %> - -[praefects]<% @tfstate["outputs"]["praefect_ssh_ip"]["value"].each do |praefect, address| %> -<%= address %> internal=<%= @tfstate["outputs"]["praefect_internal_ip"]["value"][praefect] %><% end %> - -[databases] -<%= @tfstate["outputs"]["praefect_pgbouncer_ip"]["value"] %> - -[gitlabs] -<%= @tfstate["outputs"]["gitlab_external_ip"]["value"] %> internal=<%= @tfstate["outputs"]["gitlab_internal_ip"]["value"] %> - -[loadbalancers] -<%= @tfstate["outputs"]["praefect_loadbalancer_ip"]["value"] %> - -[all:vars] -ansible_become=yes -praefect_database_password=<%= praefect_sql_password %> -praefect_external_token=PRAEFECT_EXTERNAL_TOKEN -praefect_internal_token=PRAEFECT_INTERNAL_TOKEN -gitlab_shell_secret_token=GITLAB_SHELL_SECRET_TOKEN -grafana_password=GRAFANA_PASSWORD diff --git a/_support/terraform/roles/deploy/tasks/main.yml b/_support/terraform/roles/deploy/tasks/main.yml new file mode 100644 index 000000000..bb9ac2268 --- /dev/null +++ b/_support/terraform/roles/deploy/tasks/main.yml @@ -0,0 +1,25 @@ +- name: GCloud login + block: + - name: GCloud login status + command: gcloud auth application-default print-access-token + changed_when: false + rescue: + - name: GCloud login + command: gcloud auth application-default login + +- name: terraform.tfvars + template: + src: terraform.tfvars.j2 + dest: "{{ playbook_dir }}/terraform/terraform.tfvars" + +- name: terraform apply + terraform: + project_path: "{{ playbook_dir }}/terraform" + variables_file: terraform.tfvars + force_init: true + register: tfstate + +- name: hosts.ini + template: + src: hosts.ini.j2 + dest: "{{ playbook_dir }}/hosts.ini" diff --git a/_support/terraform/roles/deploy/templates/hosts.ini.j2 b/_support/terraform/roles/deploy/templates/hosts.ini.j2 new file mode 100644 index 000000000..dbce0ae1c --- /dev/null +++ b/_support/terraform/roles/deploy/templates/hosts.ini.j2 @@ -0,0 +1,26 @@ +[gitalies] +{% for gitaly, address in tfstate.outputs.gitaly_ssh_ip.value.items() %} +{{ address }} internal={{ tfstate.outputs.gitaly_internal_ip.value[gitaly] }} +{% endfor %} + +[praefects] +{% for praefect, address in tfstate.outputs.praefect_ssh_ip.value.items() %} +{{ address }} internal={{ tfstate.outputs.praefect_internal_ip.value[praefect] }} +{% endfor %} + +[databases] +{{ tfstate.outputs.praefect_pgbouncer_ip.value }} + +[gitlabs] +{{ tfstate.outputs.gitlab_external_ip.value }} internal={{ tfstate.outputs.gitlab_internal_ip.value }} + +[loadbalancers] +{{ tfstate.outputs.praefect_loadbalancer_ip.value }} + +[all:vars] +ansible_become=yes +praefect_sql_password={{ praefect_sql_password }} +praefect_external_token=PRAEFECT_EXTERNAL_TOKEN +praefect_internal_token=PRAEFECT_INTERNAL_TOKEN +gitlab_shell_secret_token=GITLAB_SHELL_SECRET_TOKEN +grafana_password=GRAFANA_PASSWORD diff --git a/_support/terraform/roles/deploy/templates/terraform.tfvars.j2 b/_support/terraform/roles/deploy/templates/terraform.tfvars.j2 new file mode 100644 index 000000000..83573a841 --- /dev/null +++ b/_support/terraform/roles/deploy/templates/terraform.tfvars.j2 @@ -0,0 +1,7 @@ +# This variable will be prefixed to all machines created by terraform +praefect_demo_cluster_name = "{{ praefect_demo_cluster_name }}" + +ssh_user = "{{ ssh_username }}" +ssh_pubkey = "{{ lookup('file', ssh_pubkey) }}" +praefect_sql_password = "{{ praefect_sql_password }}" +gitlab_root_password = "{{ gitlab_root_password }}" diff --git a/_support/terraform/roles/praefect/templates/praefect-gitlab.rb.j2 b/_support/terraform/roles/praefect/templates/praefect-gitlab.rb.j2 index 9eb2a11a3..6a06d1322 100644 --- a/_support/terraform/roles/praefect/templates/praefect-gitlab.rb.j2 +++ b/_support/terraform/roles/praefect/templates/praefect-gitlab.rb.j2 @@ -28,7 +28,7 @@ praefect['auth_token'] = '{{ praefect_external_token }}' praefect['database_host'] = '{{ groups['databases'][0] }}' praefect['database_port'] = 5432 praefect['database_user'] = 'praefect' -praefect['database_password'] = '{{ praefect_database_password }}' +praefect['database_password'] = '{{ praefect_sql_password }}' praefect['database_dbname'] = 'praefect_production' praefect['database_sslmode'] = 'disable' diff --git a/_support/terraform/terraform.tfvars.erb b/_support/terraform/terraform.tfvars.erb deleted file mode 100644 index ab231506a..000000000 --- a/_support/terraform/terraform.tfvars.erb +++ /dev/null @@ -1,7 +0,0 @@ -# This variable will be prefixed to all machines created by terraform -praefect_demo_cluster_name = "<%= praefect_demo_cluster_name %>" - -ssh_user = "<%= username %>" -ssh_pubkey = "<%= ssh_pubkey %>" -praefect_sql_password = "<%= praefect_sql_password %>" -gitlab_root_password = "<%= gitlab_root_password %>" diff --git a/_support/terraform/main.tf b/_support/terraform/terraform/main.tf index 5482359fb..5482359fb 100644 --- a/_support/terraform/main.tf +++ b/_support/terraform/terraform/main.tf |