Commit 879363ec authored by Ahmad Sherif's avatar Ahmad Sherif

Initial copy of gprd to gstg

parent 3ac2c7c9
......@@ -95,6 +95,8 @@ module "web" {
health_check = "tcp"
service_port = 443
vpc = "${module.network.self_link}"
service_account_email = "${var.service_account_email}"
}
##################################
......@@ -121,6 +123,8 @@ module "api" {
service_port = 443
tier = "sv"
vpc = "${module.network.self_link}"
service_account_email = "${var.service_account_email}"
}
##################################
......@@ -147,6 +151,8 @@ module "git" {
service_port = 22
tier = "sv"
vpc = "${module.network.self_link}"
service_account_email = "${var.service_account_email}"
}
##################################
......@@ -173,6 +179,8 @@ module "registry" {
service_port = 22
tier = "sv"
vpc = "${module.network.self_link}"
service_account_email = "${var.service_account_email}"
}
##################################
......@@ -199,6 +207,8 @@ module "postgres" {
source = "../../modules/google/generic-stor"
tier = "db"
vpc = "${module.network.self_link}"
service_account_email = "${var.service_account_email}"
}
module "pg-bouncer" {
......@@ -220,6 +230,8 @@ module "pg-bouncer" {
service_port = 22
tier = "db"
vpc = "${module.network.self_link}"
service_account_email = "${var.service_account_email}"
}
module "geo-postgres" {
......@@ -240,6 +252,8 @@ module "geo-postgres" {
source = "../../modules/google/generic-stor"
tier = "db"
vpc = "${module.network.self_link}"
service_account_email = "${var.service_account_email}"
}
##################################
......@@ -267,6 +281,8 @@ module "redis" {
tier = "db"
vpc = "${module.network.self_link}"
node_count = 3
service_account_email = "${var.service_account_email}"
}
module "redis-cache" {
......@@ -288,6 +304,8 @@ module "redis-cache" {
source = "../../modules/google/generic-stor"
tier = "db"
vpc = "${module.network.self_link}"
service_account_email = "${var.service_account_email}"
}
##################################
......@@ -324,6 +342,7 @@ module "sidekiq" {
sidekiq_pullmirror_instance_type = "${var.machine_types["sidekiq-pullmirror"]}"
sidekiq_realtime_count = "${var.node_count["sidekiq-realtime"]}"
sidekiq_realtime_instance_type = "${var.machine_types["sidekiq-realtime"]}"
service_account_email = "${var.service_account_email}"
source = "../../modules/google/generic-sv-sidekiq"
tier = "sv"
vpc = "${module.network.self_link}"
......@@ -353,6 +372,8 @@ module "mailroom" {
service_port = 22
tier = "sv"
vpc = "${module.network.self_link}"
service_account_email = "${var.service_account_email}"
}
##################################
......@@ -380,6 +401,8 @@ module "file" {
tier = "stor"
vpc = "${module.network.self_link}"
zone = "us-east1-c"
service_account_email = "${var.service_account_email}"
}
##################################
......@@ -422,6 +445,8 @@ module "share" {
source = "../../modules/google/generic-stor-dynamic-ip"
tier = "stor"
vpc = "${module.network.self_link}"
service_account_email = "${var.service_account_email}"
}
module "lfs" {
......@@ -443,6 +468,8 @@ module "lfs" {
source = "../../modules/google/generic-stor-dynamic-ip"
tier = "stor"
vpc = "${module.network.self_link}"
service_account_email = "${var.service_account_email}"
}
module "pages" {
......@@ -464,6 +491,8 @@ module "pages" {
source = "../../modules/google/generic-stor-dynamic-ip"
tier = "stor"
vpc = "${module.network.self_link}"
service_account_email = "${var.service_account_email}"
}
module "artifacts" {
......@@ -485,6 +514,8 @@ module "artifacts" {
source = "../../modules/google/generic-stor-dynamic-ip"
tier = "stor"
vpc = "${module.network.self_link}"
service_account_email = "${var.service_account_email}"
}
##################################
......@@ -663,6 +694,8 @@ module "consul" {
source = "../../modules/google/generic-sv-with-group"
tier = "inf"
vpc = "${module.network.self_link}"
service_account_email = "${var.service_account_email}"
}
##################################
......@@ -743,6 +776,8 @@ module "performance" {
source = "../../modules/google/monitoring-with-count"
subnetwork_name = "${google_compute_subnetwork.monitoring.name}"
tier = "inf"
service_account_email = "${var.service_account_email}"
}
module "prometheus" {
......@@ -767,6 +802,8 @@ module "prometheus" {
source = "../../modules/google/monitoring-with-count"
subnetwork_name = "${google_compute_subnetwork.monitoring.name}"
tier = "inf"
service_account_email = "${var.service_account_email}"
}
module "prometheus-app" {
......@@ -791,6 +828,8 @@ module "prometheus-app" {
source = "../../modules/google/monitoring-with-count"
subnetwork_name = "${google_compute_subnetwork.monitoring.name}"
tier = "inf"
service_account_email = "${var.service_account_email}"
}
module "kibana" {
......@@ -815,6 +854,8 @@ module "kibana" {
source = "../../modules/google/monitoring-with-count"
subnetwork_name = "${google_compute_subnetwork.monitoring.name}"
tier = "inf"
service_account_email = "${var.service_account_email}"
}
module "alerts" {
......@@ -839,6 +880,8 @@ module "alerts" {
oauth2_client_id = "${var.oauth2_client_id_prometheus}"
oauth2_client_secret = "${var.oauth2_client_secret_prometheus}"
health_check = "tcp"
service_account_email = "${var.service_account_email}"
}
##################################
......@@ -877,6 +920,8 @@ module "deploy" {
service_port = 22
tier = "sv"
vpc = "${module.network.self_link}"
service_account_email = "${var.service_account_email}"
}
##################################
......@@ -903,6 +948,8 @@ module "runner" {
service_port = 22
tier = "sv"
vpc = "${module.network.self_link}"
service_account_email = "${var.service_account_email}"
}
##################################
......@@ -950,4 +997,6 @@ module "bastion" {
service_port = 22
tier = "inf"
vpc = "${module.network.self_link}"
service_account_email = "${var.service_account_email}"
}
......@@ -151,6 +151,10 @@ variable "chef_provision" {
description = "Configuration details for chef server"
default = {
bootstrap_bucket = "gitlab-gprd-chef-boostrap"
bootstrap_key = "gitlab-gprd-bootstrap-validation"
bootstrap_keyring = "gitlab-gprd-bootstrap"
server_url = "https://chef.gitlab.com/organizations/gitlab/"
user_name = "gitlab-ci"
user_key_path = ".chef.pem"
......@@ -297,3 +301,9 @@ variable "vpn_source_subnet" {
variable "vpn_shared_secret" {
type = "string"
}
variable "service_account_email" {
type = "string"
default = "[email protected]"
}
resource "google_compute_forwarding_rule" "fe_forwarding_rule_http" {
name = "gitlab-frontend-http"
project = "${var.project}"
region = "${var.region}"
target = "${google_compute_target_pool.fe_lb_http_pool.self_link}"
load_balancing_scheme = "EXTERNAL"
port_range = "80"
ip_address = "${google_compute_address.fe_external_ip.address}"
}
resource "google_compute_target_pool" "fe_lb_http_pool" {
project = "${var.project}"
name = "gitlab-frontend-http-pool"
region = "${var.region}"
session_affinity = "NONE"
instances = ["${var.fe_http_instances}"]
health_checks = [
"${google_compute_http_health_check.fe_lb_http_health_check.self_link}",
]
}
resource "google_compute_http_health_check" "fe_lb_http_health_check" {
project = "${var.project}"
name = "fe-lb-http-health-check"
host = "gitlab.com"
port = "80"
request_path = "/help"
timeout_sec = 2
check_interval_sec = 2
healthy_threshold = 2
unhealthy_threshold = 2
}
resource "google_compute_forwarding_rule" "fe_forwarding_rule_https" {
name = "gitlab-frontend-https"
project = "${var.project}"
region = "${var.region}"
target = "${google_compute_target_pool.fe_lb_https_pool.self_link}"
load_balancing_scheme = "EXTERNAL"
port_range = "443"
ip_address = "${google_compute_address.fe_external_ip.address}"
}
resource "google_compute_target_pool" "fe_lb_https_pool" {
project = "${var.project}"
name = "gitlab-frontend-https-pool"
region = "${var.region}"
session_affinity = "NONE"
instances = ["${var.fe_https_instances}"]
health_checks = [
"${google_compute_http_health_check.fe_lb_http_health_check.self_link}",
]
}
resource "google_compute_forwarding_rule" "fe_forwarding_rule_ssh" {
name = "gitlab-frontend-ssh"
project = "${var.project}"
region = "${var.region}"
target = "${google_compute_target_pool.fe_lb_ssh_pool.self_link}"
load_balancing_scheme = "EXTERNAL"
port_range = "22"
ip_address = "${google_compute_address.fe_external_ip.address}"
}
resource "google_compute_target_pool" "fe_lb_ssh_pool" {
project = "${var.project}"
name = "gitlab-frontend-ssh-pool"
region = "${var.region}"
session_affinity = "NONE"
instances = ["${var.fe_ssh_instances}"]
health_checks = [
"${google_compute_http_health_check.fe_lb_http_health_check.self_link}",
]
}
resource "google_compute_address" "fe_external_ip" {
name = "http"
project = "${var.project}"
region = "${var.region}"
address_type = "EXTERNAL"
# subnetwork = "${var.subnetwork}"
}
variable "fe_http_instances" {
type = "list"
description = "The list of instances to add to the http backend pool"
}
variable "fe_https_instances" {
type = "list"
description = "The list of instances to add to the https backend pool"
}
variable "fe_ssh_instances" {
type = "list"
description = "The list of instances to add to the ssh backend pool"
}
variable "region" {
type = "string"
description = "The target region"
}
variable "project" {
type = "string"
description = "The target project"
}
# variable "subnetwork" {
# type = "string"
# description = "The target subnetwork"
# }
This diff is collapsed.
/* variable "oauth2_client_id_prometheus" {} */
/* variable "oauth2_client_secret_prometheus" {} */
/* variable "oauth2_client_id_performance" {} */
/* variable "oauth2_client_secret_performance" {} */
variable "base_chef_run_list" {
default = "\"role[gitlab]\",\"recipe[gitlab_users::default]\",\"recipe[gitlab_sudo::default]\",\"recipe[gitlab-server::bashrc]\""
}
variable "empty_chef_run_list" {
default = "\"\""
}
variable "dns_zone_name" {
default = "gitlab.com"
}
/* variable "run_lists" { */
/* type = "map" */
/* default = { */
/* "prometheus" = "\"role[gitlab]\",\"recipe[gitlab_users::default]\",\"recipe[gitlab_sudo::default]\",\"recipe[gitlab-server::bashrc]\"" */
/* "performance" = "\"role[gitlab]\",\"recipe[gitlab_users::default]\",\"recipe[gitlab_sudo::default]\",\"recipe[gitlab-server::bashrc]\"" */
/* } */
/* } */
variable "public_ports" {
type = "map"
default = {
"api" = [22]
"consul" = [22]
"deploy" = [22]
"runner" = [22]
"db" = [22]
"pgb" = [22]
"fe-lb" = [22, 80, 443, 2222]
"geodb" = [22]
"git" = [22]
"mailroom" = [22]
"redis" = [22]
"redis-cache" = [22]
"registry" = [22]
"sidekiq" = [22]
"stor" = [22]
"web" = [22]
"monitoring" = [22]
}
}
variable "environment" {
default = "gstg"
}
variable "format_data_disk" {
default = "true"
}
variable "project" {
default = "gitlab-staging-1"
}
variable "region" {
default = "us-east1"
}
variable "chef_provision" {
type = "map"
description = "Configuration details for chef server"
default = {
bootstrap_bucket = "gitlab-gstg-chef-boostrap"
bootstrap_key = "gitlab-gstg-bootstrap-validation"
bootstrap_keyring = "gitlab-gstg-bootstrap"
server_url = "https://chef.gitlab.com/organizations/gitlab/"
user_name = "gitlab-ci"
user_key_path = ".chef.pem"
version = "12.19.36"
}
}
variable "chef_version" {
default = "12.19.36"
}
variable "machine_types" {
type = "map"
default = {
"api" = "n1-standard-4"
"consul" = "n1-standard-4"
"deploy" = "n1-standard-2"
"runner" = "n1-standard-2"
"db" = "n1-standard-8"
"fe-lb" = "n1-standard-4"
"geodb" = "n1-standard-8"
"git" = "n1-standard-8"
"pgb" = "n1-standard-4"
"mailroom" = "n1-standard-2"
"monitoring" = "n1-standard-4"
"redis" = "n1-standard-8"
"redis-cache" = "n1-standard-4"
"registry" = "n1-standard-2"
"sidekiq-asap" = "n1-standard-8"
"sidekiq-besteffort" = "n1-standard-8"
"sidekiq-elasticsearch" = "n1-standard-8"
"sidekiq-pages" = "n1-standard-8"
"sidekiq-pipeline" = "n1-standard-8"
"sidekiq-pullmirror" = "n1-standard-8"
"sidekiq-realtime" = "n1-standard-8"
"sidekiq-traces" = "n1-standard-8"
"stor" = "n1-standard-4"
"web" = "n1-standard-8"
}
}
variable "node_count" {
type = "map"
default = {
"api" = 1
"deploy" = 1
"runner" = 0
"artifacts" = 1
"consul" = 3
"db" = 1
"fe-lb" = 2
"geodb" = 1
"git" = 1
"lfs" = 1
"mailroom" = 1
"pages" = 1
"pgb" = 1
"redis" = 1
"redis-cache" = 1
"registry" = 1
"share" = 1
"sidekiq-asap" = 1
"sidekiq-besteffort" = 1
"sidekiq-elasticsearch" = 1
"sidekiq-pages" = 1
"sidekiq-pipeline" = 0
"sidekiq-pullmirror" = 1
"sidekiq-realtime" = 1
"sidekiq-traces" = 1
"stor" = 2
"web" = 1
}
}
variable "subnetworks" {
type = "map"
default = {
"api" = "10.224.12.0/24"
"db" = "10.224.6.0/24"
"consul" = "10.224.4.0/24"
"fe-lb" = "10.224.14.0/24"
"git" = "10.224.13.0/24"
"redis" = "10.224.7.0/24"
"redis-cache" = "10.224.8.0/24"
"stor" = "10.224.2.0/23"
"web" = "10.224.1.0/24"
"db" = "10.224.6.0/24"
"pgb" = "10.224.9.0/24"
"sidekiq" = "10.225.1.0/24"
"registry" = "10.224.10.0/24"
"mailroom" = "10.224.11.0/24"
"deploy" = "10.224.15.0/24"
"runner" = "10.224.16.0/24"
"geodb" = "10.224.17.0/24"
/* "monitoring" = "10.219.1.0/24" */
###############################
# These will eventually (tm) be
# moved to object storage
"artifacts" = "10.224.5.96/27"
"lfs" = "10.224.5.32/27"
"pages" = "10.224.5.64/27"
"share" = "10.224.5.0/27"
#############################
}
}
/* variable "vpn_peer_address" { */
/* type = "string" */
/* default = "40.70.42.69" */
/* } */
/* variable "vpn_dest_subnet" { */
/* type = "string" */
/* // 10.66.1.0/24 PostgresProd */
/* // 10.67.3.0/24 deploy prod, for testing */
/* default = "10.66.1.0/24" */
/* } */
/* variable "vpn_source_subnet" { */
/* type = "string" */
/* // 10.216.0.0/13 for all of GitLabGeoPrd */
/* // 10.217.1.0/24 for DBGPrd */
/* default = "10.216.0.0/13" */
/* } */
/* variable "vpn_shared_secret" { */
/* type = "string" */
/* } */
variable "service_account_email" {
type = "string"
default = "[email protected]"
}
......@@ -27,6 +27,10 @@ resource "google_compute_instance" "instance_with_attached_disk" {
"CHEF_PROJECT" = "${var.project}"
"GL_FORMAT_DATA_DISK" = "${var.format_data_disk}"
"shutdown-script" = "${file("${path.module}/../../../scripts/google/teardown-v1.sh")}"
"CHEF_BOOTSTRAP_BUCKET" = "${var.chef_provision.["bootstrap_bucket"]}"
"CHEF_BOOTSTRAP_KEYRING" = "${var.chef_provision.["bootstrap_keyring"]}"
"CHEF_BOOTSTRAP_KEY" = "${var.chef_provision.["bootstrap_key"]}"
}
metadata_startup_script = "${file("${path.module}/../../../scripts/google/bootstrap-v${var.bootstrap_version}.sh")}"
......@@ -35,7 +39,7 @@ resource "google_compute_instance" "instance_with_attached_disk" {
service_account {
// this should be the instance under which the instance should be running, rather than the one creating it...
email = "[email protected]"
email = "${var.service_account_email}"
// all the defaults plus cloudkms to access kms
scopes = [
......@@ -108,7 +112,7 @@ resource "google_compute_instance" "instance_without_attached_disk" {
service_account {
// this should be the instance under which the instance should be running, rather than the one creating it...
email = "[email protected]"
email = "${var.service_account_email}"
// all the defaults plus cloudkms to access kms
scopes = [
......
......@@ -107,6 +107,11 @@ variable "region" {
description = "The target region"
}
variable "service_account_email" {
type = "string"
description = "Service account emails under which the instance is running"
}
variable "tier" {
type = "string"
description = "The tier for this service"
......
......@@ -26,6 +26,9 @@ resource "google_compute_instance" "instance_with_attached_disk" {
"CHEF_RUN_LIST" = "${var.chef_run_list}"
"CHEF_DNS_ZONE_NAME" = "${var.dns_zone_name}"
"CHEF_PROJECT" = "${var.project}"
"CHEF_BOOTSTRAP_BUCKET" = "${var.chef_provision.["bootstrap_bucket"]}"
"CHEF_BOOTSTRAP_KEYRING" = "${var.chef_provision.["bootstrap_keyring"]}"
"CHEF_BOOTSTRAP_KEY" = "${var.chef_provision.["bootstrap_key"]}"
"GL_PERSISTENT_DISK_PATH" = "${var.persistent_disk_path}"
"GL_FORMAT_DATA_DISK" = "${var.format_data_disk}"
"block-project-ssh-keys" = "${var.block_project_ssh_keys}"
......@@ -39,7 +42,7 @@ resource "google_compute_instance" "instance_with_attached_disk" {
service_account {
// this should be the instance under which the instance should be running, rather than the one creating it...
email = "[email protected]"
email = "${var.service_account_email}"
// all the defaults plus cloudkms to access kms
scopes = [
......
......@@ -122,6 +122,11 @@ variable "region" {
description = "The target region"