Commit 48d8f774 authored by John Jarvis's avatar John Jarvis Committed by Ilya Frolov

Jarv/tf format

parent 8918545f
image: "alpine:latest"
stages:
- format
- validate
- planning
- deployment
......@@ -10,6 +11,19 @@ before_script:
# Terraform requires a key file for TF_VAR_ssh_key. We don't really use it
# but it has to be there.
- echo "This is not a real key" > /fake_user_key
- TF_VERSION="$(cat .terraform_version)" make tfinstall
tf_format:
stage: format
script: |
#!/bin/sh
fmt_diff=$(find . -name "*.tf" | xargs -I{} /terraform fmt -write=false {} | sed '/^\s*$/d')
if test -n "$fmt_diff"; then
echo "******* Terraform formatting error:"
echo ""
echo $fmt_diff
exit 1
fi
tf_validate:
stage: validate
......@@ -19,9 +33,6 @@ tf_validate:
#!/bin/sh
envs=$(ls -d environments/*)
for env in $envs; do
TF_VERSION="$(cat "${env}/.terraform_version")"
export TF_VERSION
make tfinstall
tf_opts="-check-variables=false"
(
/terraform init -backend=false
......@@ -35,7 +46,6 @@ staging_tf_plan:
environment:
name: staging
script:
- TF_VERSION="$(cat environments/staging/.terraform_version)" make tfinstall
- cd environments/staging && /terraform init -input=false -backend-config="bucket=${STATE_S3_BUCKET}" -backend-config="key=${STATE_S3_KEY}" -backend-config="region=${STATE_S3_REGION}" && /terraform plan -input=false
# NOTE: last time this was enabled the following problems were encountered:
......
......@@ -159,3 +159,7 @@ doinstall: ### Download, check sum and unpack specific doctl version
mv $([email protected]_TMP)/doctl $(DO_INSTALL_TO)/doctl.real
@# Cleanup
rm -rf "$([email protected]_TMP)"
.PHONY: tfmt
tfmt:
@find . -name "*.tf" | xargs -I{} terraform fmt {}
#!/usr/bin/env bash
set -e
# shellcheck source=/dev/null
source "$dir/tf-version-check"
_NORM="\033[0m"
_CYN="\033[0;36m"
_BRED="\033[1;31m"
......
#!/usr/bin/env bash
set -e
dir=$(dirname "$0")
# shellcheck source=/dev/null
source "$dir/tf-version-check"
terraform init -backend-config "bucket=${STATE_S3_BUCKET}" -backend-config "key=${STATE_S3_KEY}" -backend-config "region=${STATE_S3_REGION}"
#!/bin/bash
installed_version=$(terraform -version | cut -d v -f 2 | head -1)
if [[ -n $TF_VERSION ]]; then
required_version="$TF_VERSION"
else
required_version=$(cat "${dir:-.}/../.terraform_version")
fi
if [[ "$installed_version" != "$required_version" ]]; then
echo "!!! WARNING !!!"
echo "You are using the wrong version of Terraform for this environment."
echo "Please install version <(cat .terraform_version) or proceed at your own risk, press enter to continue."
read -rp ""
fi
......@@ -53,7 +53,8 @@ resource "azurerm_network_security_rule" "ssh-from-vpn1-ext" {
destination_port_range = "22"
destination_address_prefix = "*"
resource_group_name = "${azurerm_resource_group.ApiCanary.name}"
network_security_group_name = "${azurerm_network_security_group.ApiCanary.name}"}
network_security_group_name = "${azurerm_network_security_group.ApiCanary.name}"
}
resource "azurerm_network_security_rule" "ssh-from-vpn2-ext" {
name = "ssh-from-vpn2-ext"
......@@ -66,7 +67,8 @@ resource "azurerm_network_security_rule" "ssh-from-vpn2-ext" {
destination_port_range = "22"
destination_address_prefix = "*"
resource_group_name = "${azurerm_resource_group.ApiCanary.name}"
network_security_group_name = "${azurerm_network_security_group.ApiCanary.name}"}
network_security_group_name = "${azurerm_network_security_group.ApiCanary.name}"
}
resource "azurerm_network_security_rule" "ssh-from-internal" {
name = "ssh-from-internal"
......@@ -79,7 +81,8 @@ resource "azurerm_network_security_rule" "ssh-from-internal" {
destination_port_range = "22"
destination_address_prefix = "*"
resource_group_name = "${azurerm_resource_group.ApiCanary.name}"
network_security_group_name = "${azurerm_network_security_group.ApiCanary.name}"}
network_security_group_name = "${azurerm_network_security_group.ApiCanary.name}"
}
resource "azurerm_network_security_rule" "ssh-from-vpn" {
name = "ssh-from-vpn"
......
......@@ -16,14 +16,26 @@ variable "first_user_password" {}
variable "backup_aws_access_key" {}
variable "backup_aws_secret_key" {}
variable "disk_subscription" {}
variable "azure_location" {
default = "East US 2"
}
variable "gce_location" { default = "us-east1-b" }
variable "gce_machine_type" { default = "n1-standard-8" }
variable "gce_name" { default = "geo-sync" }
variable "gce_location" {
default = "us-east1-b"
}
variable "gce_machine_type" {
default = "n1-standard-8"
}
variable "gce_name" {
default = "geo-sync"
}
variable "google_credentials" {}
variable "google_project" {}
variable "vpn_ips" {
default = ["52.177.194.133", "52.177.192.239"]
}
......
......@@ -8,7 +8,10 @@ variable "disk_subscription" {}
variable "backup_aws_access_key" {}
variable "backup_aws_secret_key" {}
variable "sync_ip" {}
variable "vpn_ips" { default = ["10.0.0.1","10.0.0.2"] }
variable "vpn_ips" {
default = ["10.0.0.1", "10.0.0.2"]
}
resource "azurerm_public_ip" "single" {
name = "single-public-ip"
......@@ -23,6 +26,7 @@ resource "azurerm_virtual_network" "single" {
location = "${var.location}"
resource_group_name = "${var.resource_group_name}"
}
resource "azurerm_resource_group" "single" {
name = "acceptanceTestResourceGroup1"
location = "${var.location}"
......@@ -40,6 +44,7 @@ resource "azurerm_network_interface" "single" {
location = "${var.location}"
resource_group_name = "${var.resource_group_name}"
network_security_group_id = "${azurerm_network_security_group.single.id}"
ip_configuration {
name = "singleconfiguration1"
subnet_id = "${azurerm_subnet.single.id}"
......@@ -400,7 +405,7 @@ resource "azurerm_virtual_machine" "single-vm" {
provisioner "remote-exec" {
inline = [
"chmod 700 /tmp/bootstrap.bash",
"sudo /tmp/bootstrap.bash ${var.backup_aws_access_key} ${var.backup_aws_secret_key}"
"sudo /tmp/bootstrap.bash ${var.backup_aws_access_key} ${var.backup_aws_secret_key}",
]
}
}
......
......@@ -204,7 +204,8 @@ resource "azurerm_network_security_group" "single" {
destination_address_prefix = "${var.white_list_ips[8]}"
source_address_prefix = "*"
}
## allow ntp for time synchronization
## allow ntp for time synchronization
security_rule {
name = "packages-gitlab-Outbound164"
priority = 164
......
variable "location" {}
variable "machine_type" {}
variable "name" { default = "single" }
variable "disk_size" { default = "1024" }
variable "name" {
default = "single"
}
variable "disk_size" {
default = "1024"
}
variable "backup_aws_access_key" {}
variable "backup_aws_secret_key" {}
variable "prod_ip" {}
variable "vpn_ips" { default = ["10.0.0.1","10.0.0.2"] }
variable "vpn_ips" {
default = ["10.0.0.1", "10.0.0.2"]
}
resource "google_compute_disk" "single" {
name = "${var.name}-disk"
......@@ -20,6 +30,7 @@ resource "google_compute_instance" "single" {
machine_type = "${var.machine_type}"
zone = "${var.location}"
tags = ["${var.name}"]
boot_disk {
initialize_params {
image = "ubuntu-1604-xenial-v20170811"
......@@ -33,7 +44,9 @@ resource "google_compute_instance" "single" {
// Ephemeral IP
}
}
metadata_startup_script = "${file("${path.module}/files/bootstrap.bash")}"
attached_disk {
source = "${google_compute_disk.single.self_link}"
device_name = "gitlab_var"
......
resource "google_compute_firewall" "single" {
# egress support is not available yet
# https://github.com/terraform-providers/terraform-provider-google/pull/306
# egress support is not available yet # https://github.com/terraform-providers/terraform-provider-google/pull/306
name = "${var.name}-firewall"
network = "default"
allow {
protocol = "icmp"
}
allow {
protocol = "udp"
}
allow {
protocol = "tcp"
}
source_ranges = ["${var.vpn_ips[0]}/32", "${var.vpn_ips[1]}/32", "${var.prod_ip}/32"]
target_tags = ["${var.name}"]
}
resource "azurerm_availability_set" "api" {
name = "${format("api-%v", var.environment)}"
location = "${var.location}"
......
resource "azurerm_availability_set" "git" {
name = "${format("git-%v", var.environment)}"
location = "${var.location}"
......
resource "azurerm_availability_set" "pgbouncer" {
name = "${format("pgbouncer-%v", var.environment)}"
location = "${var.location}"
......
resource "azurerm_availability_set" "web" {
name = "${format("web-%v", var.environment)}"
location = "${var.location}"
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment