Commit 3af436f8 authored by John Jarvis's avatar John Jarvis

gprd environment.

Formatting.

GPRD updates.

pgbouncer name fix

update os image name

formatting
parent d768615b
#!/bin/bash
cd ~/workspace/chef-repo
for n in $(knife search 'chef_environment:gprd' -Fjson | jq '.rows[].name'); do echo ${n//\"/};
echo deleting $n
knife node delete -y $n
knife client delete -y $n
done
knife vault remove syslog_client gprd -S "chef_environment:gprd"
knife vault remove gitlab_omnibus_secrets gprd -S "chef_environment:gprd"
knife vault remove gitlab_consul gprd_client -S "chef_environment:gprd"
knife vault remove postgres-exporter gprd -S "name:postgres-01.db.gprd.gitlab"
knife vault remove frontend_loadbalancer gprd -S "name:ext-01.lb.gprd.gitlab"
knife vault update syslog_client gprd -S "chef_environment:gprd"
knife vault update gitlab_omnibus_secrets gprd -S "chef_environment:gprd"
knife vault update gitlab_consul gprd_client -S "chef_environment:gprd"
knife vault update postgres-exporter gprd -S "name:postgres-01.db.gprd.gitlab"
knife vault update frontend_loadbalancer gprd -S "name:ext-01.lb.gprd.gitlab"
## State storage
terraform {
backend "s3" {}
}
## AWS
provider "aws" {
region = "us-east-1"
}
variable "gitlab_com_zone_id" {}
variable "gitlab_net_zone_id" {}
## Google
provider "google" {
credentials = "${file("../../private/google-credentials/${var.environment}.json")}"
project = "${var.project}"
region = "${var.region}"
}
/*
##################################
#
# NAT gateway
#
#################################
module "nat" {
source = "GoogleCloudPlatform/nat-gateway/google"
region = "${var.region}"
network = "gprd"
}
*/
##################################
#
# Network
#
#################################
module "network" {
source = "../../modules/google/vpc"
project = "${var.project}"
environment = "${var.environment}"
}
##################################
#
# Web front-end
#
#################################
module "web" {
attach_data_disk = false
chef_provision = "${var.chef_provision}"
chef_run_list = "${var.base_chef_run_list}"
dns_zone_name = "${var.dns_zone_name}"
environment = "${var.environment}"
ip_cidr_range = "${var.subnetworks["web"]}"
machine_type = "${var.machine_types["web"]}"
name = "web"
node_count = "${var.node_count["web"]}"
project = "${var.project}"
public_ports = "${var.public_ports["web"]}"
region = "${var.region}"
source = "../../modules/google/generic-pet"
tier = "fe"
vpc = "${module.network.self_link}"
}
##################################
#
# API
#
#################################
module "api" {
attach_data_disk = false
chef_provision = "${var.chef_provision}"
chef_run_list = "${var.base_chef_run_list}"
dns_zone_name = "${var.dns_zone_name}"
environment = "${var.environment}"
ip_cidr_range = "${var.subnetworks["api"]}"
machine_type = "${var.machine_types["api"]}"
name = "api"
node_count = "${var.node_count["api"]}"
project = "${var.project}"
public_ports = "${var.public_ports["api"]}"
region = "${var.region}"
source = "../../modules/google/generic-pet"
tier = "sv"
vpc = "${module.network.self_link}"
}
##################################
#
# Git
#
##################################
module "git" {
attach_data_disk = false
chef_provision = "${var.chef_provision}"
chef_run_list = "${var.base_chef_run_list}"
dns_zone_name = "${var.dns_zone_name}"
environment = "${var.environment}"
ip_cidr_range = "${var.subnetworks["git"]}"
machine_type = "${var.machine_types["git"]}"
name = "git"
node_count = "${var.node_count["git"]}"
project = "${var.project}"
public_ports = "${var.public_ports["git"]}"
region = "${var.region}"
source = "../../modules/google/generic-pet"
tier = "sv"
vpc = "${module.network.self_link}"
}
##################################
#
# Database
#
#################################
module "postgres" {
attach_data_disk = true
data_disk_size = 5000
data_disk_type = "pd-ssd"
chef_provision = "${var.chef_provision}"
chef_run_list = "${var.base_chef_run_list}"
dns_zone_name = "${var.dns_zone_name}"
environment = "${var.environment}"
ip_cidr_range = "${var.subnetworks["db"]}"
machine_type = "${var.machine_types["db"]}"
name = "postgres"
node_count = "${var.node_count["db"]}"
project = "${var.project}"
public_ports = "${var.public_ports["db"]}"
region = "${var.region}"
source = "../../modules/google/generic-pet"
tier = "db"
vpc = "${module.network.self_link}"
}
module "pg-bouncer" {
attach_data_disk = false
chef_provision = "${var.chef_provision}"
chef_run_list = "${var.base_chef_run_list}"
dns_zone_name = "${var.dns_zone_name}"
environment = "${var.environment}"
ip_cidr_range = "${var.subnetworks["pgb"]}"
machine_type = "${var.machine_types["pgb"]}"
name = "pgbouncer"
node_count = "${var.node_count["pgb"]}"
project = "${var.project}"
public_ports = "${var.public_ports["pgb"]}"
region = "${var.region}"
source = "../../modules/google/generic-pet"
tier = "db"
vpc = "${module.network.self_link}"
}
##################################
#
# Redis
#
##################################
module "redis" {
attach_data_disk = false
chef_provision = "${var.chef_provision}"
chef_run_list = "${var.base_chef_run_list}"
dns_zone_name = "${var.dns_zone_name}"
environment = "${var.environment}"
ip_cidr_range = "${var.subnetworks["redis"]}"
machine_type = "${var.machine_types["redis"]}"
name = "redis"
node_count = "${var.node_count["redis"]}"
project = "${var.project}"
public_ports = "${var.public_ports["redis"]}"
region = "${var.region}"
source = "../../modules/google/generic-pet"
tier = "db"
vpc = "${module.network.self_link}"
}
##################################
#
# Sidekiq
#
##################################
module "sidekiq" {
attach_data_disk = false
chef_provision = "${var.chef_provision}"
chef_run_list = "${var.base_chef_run_list}"
dns_zone_name = "${var.dns_zone_name}"
environment = "${var.environment}"
ip_cidr_range = "${var.subnetworks["sidekiq"]}"
machine_type = "${var.machine_types["sidekiq-besteffort"]}"
name = "sidekiq-besteffort"
node_count = "${var.node_count["sidekiq-besteffort"]}"
project = "${var.project}"
public_ports = "${var.public_ports["sidekiq"]}"
region = "${var.region}"
source = "../../modules/google/generic-pet"
tier = "sv"
vpc = "${module.network.self_link}"
}
##################################
#
# Storage
#
##################################
module "file" {
attach_data_disk = true
data_disk_size = 16000
data_disk_type = "pd-ssd"
chef_provision = "${var.chef_provision}"
chef_run_list = "${var.base_chef_run_list}"
dns_zone_name = "${var.dns_zone_name}"
environment = "${var.environment}"
ip_cidr_range = "${var.subnetworks["stor"]}"
machine_type = "${var.machine_types["stor"]}"
name = "file"
node_count = "${var.node_count["stor"]}"
project = "${var.project}"
public_ports = "${var.public_ports["stor"]}"
region = "${var.region}"
source = "../../modules/google/generic-pet"
tier = "stor"
vpc = "${module.network.self_link}"
}
##################################
#
# External LoadBalancer
#
#################################
module "external-lb" {
attach_data_disk = false
chef_provision = "${var.chef_provision}"
chef_run_list = "${var.base_chef_run_list}"
dns_zone_name = "${var.dns_zone_name}"
environment = "${var.environment}"
ip_cidr_range = "${var.subnetworks["exlb"]}"
machine_type = "${var.machine_types["exlb"]}"
name = "ext"
node_count = "${var.node_count["exlb"]}"
project = "${var.project}"
public_ports = "${var.public_ports["exlb"]}"
region = "${var.region}"
source = "../../modules/google/generic-pet"
tier = "lb"
vpc = "${module.network.self_link}"
}
variable "base_chef_run_list" {
default = "\"role[gitlab]\",\"recipe[gitlab_users::default]\",\"recipe[gitlab_sudo::default]\",\"recipe[gitlab-server::bashrc]\""
}
variable "dns_zone_name" {
default = "gitlab"
}
variable "public_ports" {
type = "map"
default = {
"api" = [22]
"db" = [22]
"pgb" = [22]
"exlb" = [22]
"git" = [22]
"redis" = [22]
"sidekiq" = [22]
"stor" = [22]
"web" = [22]
}
}
variable "environment" {
default = "gprd"
}
variable "project" {
default = "production-193014"
}
variable "region" {
default = "us-east1"
}
variable "chef_provision" {
type = "map"
description = "Configuration details for chef server"
default = {
server_url = "https://chef.gitlab.com/organizations/gitlab/"
user_name = "gitlab-ci"
user_key_path = ".chef.pem"
version = "12.19.36"
}
}
variable "chef_version" {
default = "12.19.36"
}
variable "machine_types" {
type = "map"
default = {
"api" = "n1-standard-4"
"db" = "n1-standard-4"
"pgb" = "n1-standard-4"
"exlb" = "n1-standard-4"
"git" = "n1-standard-4"
"redis" = "n1-standard-4"
"sidekiq-besteffort" = "n1-standard-4"
"stor" = "n1-standard-4"
"web" = "n1-standard-4"
}
}
variable "node_count" {
type = "map"
default = {
"api" = 1
"db" = 1
"pgb" = 1
"exlb" = 1
"git" = 1
"redis" = 1
"sidekiq-besteffort" = 1
"stor" = 1
"web" = 1
}
}
variable "subnetworks" {
type = "map"
default = {
"api" = "10.220.2.0/23"
"db" = "10.217.1.0/24"
"pgb" = "10.217.4.0/24"
"exlb" = "10.216.1.0/24"
"git" = "10.220.4.0/23"
"redis" = "10.217.2.0/24"
"sidekiq" = "10.220.6.0/23"
"stor" = "10.221.2.0/23"
"web" = "10.220.8.0/23"
}
}
data "google_compute_zones" "available" {
region = "${var.region}"
status = "UP"
}
resource "google_compute_firewall" "public" {
count = "${length(var.public_ports) > 0 ? 1 : 0}"
name = "${format("%v-%v-%v", var.name, var.environment, var.dns_zone_name)}"
network = "${var.vpc}"
allow {
protocol = "tcp"
ports = ["${var.public_ports}"]
}
source_ranges = ["0.0.0.0/0"]
target_tags = ["${var.name}"]
}
resource "google_compute_address" "static-ip-address" {
name = "${format("%v-%02d-%v-%v-%v-static-ip", var.name, count.index + 1, var.tier, var.environment, var.dns_zone_name)}"
address_type = "INTERNAL"
// address = "${replace(var.ip_cidr_range, "/\\d+\\/\\d+$/", count.index + 2)}"
subnetwork = "${google_compute_subnetwork.subnetwork.self_link}"
}
resource "google_compute_disk" "data_disk" {
project = "${var.project}"
count = "${(var.attach_data_disk && var.node_count > 0) ? var.node_count : 0}"
name = "${format("%v-%02d-%v-%v-%v-data", var.name, count.index + 1, var.tier, var.environment, var.dns_zone_name)}"
zone = "${data.google_compute_zones.available.names[(count.index + 1) % length(data.google_compute_zones.available.names)]}"
size = "${var.data_disk_size}"
type = "${var.data_disk_type}"
labels {
environment = "${var.environment}"
pet_name = "${var.name}"
}
}
resource "google_compute_instance" "instance_with_attached_disk" {
count = "${var.attach_data_disk ? var.node_count : 0}"
name = "${format("%v-%02d-%v-%v-%v", var.name, count.index + 1, var.tier, var.environment, var.dns_zone_name)}"
machine_type = "${var.machine_type}"
metadata = {
"CHEF_URL" = "${var.chef_provision.["server_url"]}"
"CHEF_VERSION" = "${var.chef_provision.["version"]}"
"CHEF_NODE_NAME" = "${format("%v-%02d.%v.%v.%v", var.name, count.index + 1, var.tier, var.environment, var.dns_zone_name)}"
"CHEF_ENVIRONMENT" = "${var.environment}"
"CHEF_RUN_LIST" = "${var.chef_run_list}"
"CHEF_DNS_ZONE_NAME" = "${var.dns_zone_name}"
"CHEF_PROJECT" = "${var.project}"
}
metadata_startup_script = "${file("${path.module}/../../../scripts/google/generic-pet-bootstrap.sh")}"
project = "${var.project}"
zone = "${data.google_compute_zones.available.names[(count.index + 1) % length(data.google_compute_zones.available.names)]}"
service_account {
// this should be the instance under which the instance should be running, rather than the one creating it...
email = "[email protected]"
// all the defaults plus cloudkms to access kms
scopes = [
"https://www.googleapis.com/auth/cloud.useraccounts.readonly",
"https://www.googleapis.com/auth/devstorage.read_only",
"https://www.googleapis.com/auth/logging.write",
"https://www.googleapis.com/auth/monitoring.write",
"https://www.googleapis.com/auth/pubsub",
"https://www.googleapis.com/auth/service.management.readonly",
"https://www.googleapis.com/auth/servicecontrol",
"https://www.googleapis.com/auth/trace.append",
"https://www.googleapis.com/auth/cloudkms",
"https://www.googleapis.com/auth/compute.readonly",
]
}
scheduling {
preemptible = "${var.preemptible}"
}
boot_disk {
auto_delete = true
initialize_params {
image = "${var.os_boot_image}"
size = "${var.os_disk_size}"
type = "${var.os_disk_type}"
}
}
attached_disk {
source = "${google_compute_disk.data_disk.*.self_link[count.index]}"
}
network_interface {
subnetwork = "${google_compute_subnetwork.subnetwork.name}"
address = "${google_compute_address.static-ip-address.address}"
access_config = {}
}
labels {
environment = "${var.environment}"
pet_name = "${var.name}"
}
tags = [
"${var.name}",
"${var.environment}",
]
provisioner "local-exec" {
when = "destroy"
command = "knife node delete ${format("%v-%02d.%v.%v.%v", var.name, count.index + 1, var.tier, var.environment, var.dns_zone_name)} -y; knife client delete ${format("%v-%02d.%v.%v.%v", var.name, count.index + 1, var.tier, var.environment, var.dns_zone_name)} -y; exit 0"
}
}
resource "google_compute_instance" "instance_without_attached_disk" {
count = "${var.attach_data_disk ? 0 : var.node_count}"
name = "${format("%v-%02d-%v-%v-%v", var.name, count.index + 1, var.tier, var.environment, var.dns_zone_name)}"
machine_type = "${var.machine_type}"
metadata = {
"CHEF_URL" = "${var.chef_provision.["server_url"]}"
"CHEF_VERSION" = "${var.chef_provision.["version"]}"
"CHEF_NODE_NAME" = "${format("%v-%02d.%v.%v.%v", var.name, count.index + 1, var.tier, var.environment, var.dns_zone_name)}"
"CHEF_ENVIRONMENT" = "${var.environment}"
"CHEF_RUN_LIST" = "${var.chef_run_list}"
"CHEF_DNS_ZONE_NAME" = "${var.dns_zone_name}"
"CHEF_PROJECT" = "${var.project}"
}
metadata_startup_script = "${file("${path.module}/../../../scripts/google/generic-pet-bootstrap.sh")}"
project = "${var.project}"
zone = "${data.google_compute_zones.available.names[(count.index + 1) % length(data.google_compute_zones.available.names)]}"
service_account {
// this should be the instance under which the instance should be running, rather than the one creating it...
email = "[email protected]"
// all the defaults plus cloudkms to access kms
scopes = [
"https://www.googleapis.com/auth/cloud.useraccounts.readonly",
"https://www.googleapis.com/auth/devstorage.read_only",
"https://www.googleapis.com/auth/logging.write",
"https://www.googleapis.com/auth/monitoring.write",
"https://www.googleapis.com/auth/pubsub",
"https://www.googleapis.com/auth/service.management.readonly",
"https://www.googleapis.com/auth/servicecontrol",
"https://www.googleapis.com/auth/trace.append",
"https://www.googleapis.com/auth/cloudkms",
"https://www.googleapis.com/auth/compute.readonly",
]
}
scheduling {
preemptible = "${var.preemptible}"
}
boot_disk {
auto_delete = true
initialize_params {
image = "${var.os_boot_image}"
size = "${var.os_disk_size}"
type = "${var.os_disk_type}"
}
}
network_interface {
subnetwork = "${google_compute_subnetwork.subnetwork.name}"
address = "${google_compute_address.static-ip-address.address}"
access_config = {}
}
labels {
environment = "${var.environment}"
pet_name = "${var.name}"
}
tags = [
"${var.name}",
"${var.environment}",
]
provisioner "local-exec" {
when = "destroy"
command = "cd /Users/jarv/workspace/chef-repo; knife node delete ${format("%v-%02d.%v.%v.%v", var.name, count.index + 1, var.tier, var.environment, var.dns_zone_name)} -y; knife client delete ${format("%v-%02d.%v.%v.%v", var.name, count.index + 1, var.tier, var.environment, var.dns_zone_name)} -y; exit 0"
}
}
resource "google_compute_subnetwork" "subnetwork" {
count = "${var.node_count > 0 ? 1 : 0}"
name = "${format("%v-%v", var.name, var.environment)}"
network = "${var.vpc}"
project = "${var.project}"
region = "${var.region}"
ip_cidr_range = "${var.ip_cidr_range}"
private_ip_google_access = true
}
variable "attach_data_disk" {
type = "string"
description = "Attach a data disk to this machine"
default = false
}
variable "chef_provision" {
type = "map"
description = "Configuration details for chef server"
}
variable "chef_run_list" {
type = "string"
description = "run_list for the node in chef"
}
variable "data_disk_size" {
type = "string"
description = "The size of the data disk"
default = 20
}
variable "data_disk_type" {
type = "string"
description = "The type of the data disk"
default = "pd-standard"
}