Commit 39b45564 authored by jtevnan's avatar jtevnan Committed by Daniele Valeriani

make bootstrap vaults work

parent 79eca323
......@@ -272,20 +272,22 @@ module "virtual-machines-external-lb" {
// }
module "virtual-machines-postgres" {
address_prefix = "${module.subnet-postgres.address_prefix}"
chef_repo_dir = "${var.chef_repo_dir}"
chef_vaults = "{ \"syslog_client\": \"prd\", \"gitlab-cluster-base\": \"prd\", \"gitlab_consul\":\"client\", \"gitlab-monitor\":\"prd\", \"postgres-exporter\":\"prd\" }"
chef_version = "${var.chef_version}"
count = 4
source = "virtual-machines/postgres"
instance_type = "Standard_GS5"
tier = "db"
environment = "${var.environment}"
address_prefix = "${module.subnet-postgres.address_prefix}"
gitlab_com_zone_id = "${var.gitlab_com_zone_id}"
instance_type = "Standard_GS5"
location = "${var.location}"
resource_group_name = "${module.subnet-postgres.resource_group_name}"
source = "virtual-machines/postgres"
ssh_private_key = "${var.ssh_private_key}"
ssh_public_key = "${var.ssh_public_key}"
ssh_user = "${var.ssh_user}"
subnet_id = "${module.subnet-postgres.subnet_id}"
first_user_username = "${var.first_user_username}"
first_user_password = "${var.first_user_password}"
chef_repo_dir = "${var.chef_repo_dir}"
chef_vaults = "syslog_client gitlab-cluster-base gitlab_consul:prd_client gitlab-monitor postgres-exporter"
gitlab_com_zone_id = "${var.gitlab_com_zone_id}"
tier = "db"
}
module "virtual-machines-pgbouncer" {
......
......@@ -6,14 +6,16 @@ variable "chef_vault_env" {
default = "_default"
}
variable "chef_version" {}
variable "count" {}
variable "environment" {}
variable "first_user_password" {}
variable "first_user_username" {}
variable "gitlab_com_zone_id" {}
variable "instance_type" {}
variable "location" {}
variable "resource_group_name" {}
variable "ssh_private_key" {}
variable "ssh_public_key" {}
variable "ssh_user" {}
variable "subnet_id" {}
variable "tier" {}
......@@ -152,16 +154,18 @@ resource "azurerm_managed_disk" "postgres-datadisk-9" {
data "template_file" "chef-bootstrap-postgres" {
count = "${var.count}"
template = "${file("${path.root}/templates/chef-bootstrap.tpl")}"
template = "${file("${path.root}/../../templates/chef-bootstrap-ssh-keys.tpl")}"
vars {
ip_address = "${azurerm_network_interface.postgres.*.private_ip_address[count.index]}"
hostname = "${format("postgres-%02d.%v.%v.gitlab.com", count.index + 1, var.tier, var.environment == "prod" ? "prd" : var.environment)}"
chef_repo_dir = "${var.chef_repo_dir}"
first_user_username = "${var.first_user_username}"
first_user_password = "${var.first_user_password}"
chef_vaults = "${var.chef_vaults}"
chef_vault_env = "${var.chef_vault_env}"
chef_repo_dir = "${var.chef_repo_dir}"
chef_vaults = "${var.chef_vaults}"
chef_vault_env = "${var.chef_vault_env}"
chef_version = "${var.chef_version}"
environment = "${var.environment}"
hostname = "${format("postgres-%02d.%v.%v.gitlab.com", count.index + 1, var.tier, var.environment == "prod" ? "prd" : var.environment)}"
ip_address = "${azurerm_network_interface.postgres.*.private_ip_address[count.index]}"
ssh_private_key = "${var.ssh_private_key}"
ssh_user = "${var.ssh_user}"
}
}
......@@ -282,12 +286,17 @@ resource "azurerm_virtual_machine" "postgres" {
os_profile {
computer_name = "${format("postgres-%02d.%v.%v.gitlab.com", count.index + 1, var.tier, var.environment == "prod" ? "prd" : var.environment)}"
admin_username = "${var.first_user_username}"
admin_password = "${var.first_user_password}"
admin_username = "${var.ssh_user}"
}
os_profile_linux_config {
disable_password_authentication = false
disable_password_authentication = true
ssh_keys = {
path = "/home/${var.ssh_user}/.ssh/authorized_keys"
key_data = "${file("${var.ssh_public_key}")}"
}
}
provisioner "local-exec" {
......@@ -300,8 +309,8 @@ resource "azurerm_virtual_machine" "postgres" {
connection {
type = "ssh"
host = "${azurerm_network_interface.postgres.*.private_ip_address[count.index]}"
user = "${var.first_user_username}"
password = "${var.first_user_password}"
user = "${var.ssh_user}"
private_key = "${file("${var.ssh_private_key}")}"
timeout = "10s"
}
}
......
#!/bin/sh
set -eux
cd "${chef_repo_dir}"
cd ${chef_repo_dir}
bundle exec knife bootstrap "${ssh_user}@${ip_address}" \
--ssh-identity-file "${ssh_private_key}" \
bundle exec knife bootstrap ${ssh_user}@${ip_address} \
--ssh-identity-file ${ssh_private_key} \
--no-host-key-verify \
--sudo \
--environment "${environment == "prod" ? "prd" : environment}" \
--node-name "${hostname}" \
--environment ${environment == "prod" ? "prd" : environment} \
--node-name ${hostname} \
--bootstrap-version "${chef_version}" \
--run-list 'role[gitlab]' \
--json-attributes "{\"azure\":{\"ipaddress\":\"${ip_address}\"}}" \
--json-attributes {\"azure\":{\"ipaddress\":\"${ip_address}\"}} \
--bootstrap-vault-json '${chef_vaults}' \
--yes
bundle exec knife node from file "nodes/${hostname}.json"
bundle exec knife node from file nodes/${hostname}.json
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment