Commit a9c2bad7 authored by John Jarvis's avatar John Jarvis

Merge branch 'jarv/geo-env-single-box-restore' into 'master'

Adds a new environment for geo, module for single server restore.

See merge request !97
parents 13c3dff6 c2781e9d
variable "environment" {
default = "geo"
}
variable "arm_subscription_id" {}
variable "arm_client_id" {}
variable "arm_client_secret" {}
variable "arm_tenant_id" {}
variable "chef_repo_dir" {}
variable "gitlab_com_zone_id" {}
variable "gitlab_net_zone_id" {}
variable "first_user_username" {}
variable "first_user_password" {}
variable "backup_aws_access_key" {}
variable "backup_aws_secret_key" {}
variable "disk_subscription" {}
variable "location" {
default = "East US 2"
}
provider "azurerm" {
subscription_id = "${var.arm_subscription_id}"
client_id = "${var.arm_client_id}"
client_secret = "${var.arm_client_secret}"
tenant_id = "${var.arm_tenant_id}"
}
provider "aws" {
region = "us-east-1"
}
terraform {
backend "s3" {}
}
## Resource Group
resource "azurerm_resource_group" "GeoTestbed" {
name = "GeoTestbed"
location = "${var.location}"
}
module "gitlab-restore-single" {
source = "../../modules/gitlab-restore-single"
disk_snapshot_date = "2017-08-09"
restore_machine = "file-08"
location = "${var.location}"
resource_group_name = "${azurerm_resource_group.GeoTestbed.name}"
first_user_username = "${var.first_user_username}"
first_user_password = "${var.first_user_password}"
backup_aws_access_key = "${var.backup_aws_access_key}"
backup_aws_secret_key = "${var.backup_aws_secret_key}"
disk_subscription = "${var.disk_subscription}"
}
resource "aws_route53_record" "single" {
zone_id = "${var.gitlab_com_zone_id}"
name = "prod.geo.gitlab.com."
type = "A"
ttl = "300"
records = ["${module.gitlab-restore-single.public_ip}"]
}
#!/bin/bash
set -ex
exec &> >(tee -a "/tmp/bootstrap.log")
AWS_ACCESS_KEY=$1
AWS_SECRET_KEY=$2
useradd -u 1100 git # this uid is used for the restore
export DEBIAN_FRONTEND=noninteractive
mkdir -p /var/opt/gitlab
mount /dev/gitlab_vg/gitlab_var /var/opt/gitlab
# Set apt config, update repos and disable postfix prompt
curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee/script.deb.sh | sudo bash
debconf-set-selections <<< "postfix postfix/main_mailer_type string 'No configuration'"
# install everything in one go
apt-get -y install daemontools lzop gcc make python3 virtualenv python3-dev libssl-dev gitlab-ee ca-certificates postfix
gitlab-ctl reconfigure
# stop postgres just after reconfig
gitlab-ctl stop postgresql
sed -i 's/^max_replication_slots = 0/max_replication_slots = 100/' /var/opt/gitlab/postgresql/data/postgresql.conf
# Configure wal-e
mkdir -p /opt/wal-e /etc/wal-e.d/env
virtualenv --python=python3 /opt/wal-e
/opt/wal-e/bin/pip3 install boto azure wal-e
echo "$AWS_ACCESS_KEY" > /etc/wal-e.d/env/AWS_ACCESS_KEY_ID
echo "$AWS_SECRET_KEY" > /etc/wal-e.d/env/AWS_SECRET_ACCESS_KEY
echo 's3://gitlab-dbprod-backups/db1' > /etc/wal-e.d/env/WALE_S3_PREFIX
chmod 600 /etc/wal-e.d/env/AWS_SECRET_ACCESS_KEY
chown gitlab-psql /etc/wal-e.d/env/AWS_SECRET_ACCESS_KEY
echo 'us-east-1' > /etc/wal-e.d/env/AWS_REGION
# most recent backup
last_backup_line=$(/usr/bin/envdir /etc/wal-e.d/env /opt/wal-e/bin/wal-e backup-list 2>/dev/null | tail -1)
last_backup=$(echo "$last_backup_line" | cut -f1)
last_backup_date=$(echo "$last_backup_line" | cut -f2 | sed -e 's/T.*/ 05:30:00/')
# pre-create recovery.conf
cat > /var/opt/gitlab/postgresql/data/recovery.conf.create <<RECOVERY
restore_command = '/usr/bin/envdir /etc/wal-e.d/env /opt/wal-e/bin/wal-e wal-fetch "%f" "%p"'
recovery_target_action = 'promote'
recovery_target_time = '$last_backup_date'
RECOVERY
chown gitlab-psql:gitlab-psql /var/opt/gitlab/postgresql/data/recovery.conf
# create a db-restore script
cat > /tmp/start-restore.sh <<RESTORE
#!/usr/bin/env bash
gitlab-ctl stop postgresql
cp /var/opt/gitlab/postgresql/data/recovery.conf.create /var/opt/gitlab/postgresql/data/recovery.conf
/usr/bin/envdir /etc/wal-e.d/env /opt/wal-e/bin/wal-e backup-fetch /var/opt/gitlab/postgresql/data "$last_backup"
gitlab-ctl start posgresql
RESTORE
chmod 755 /tmp/start-restore.sh
This diff is collapsed.
resource "azurerm_network_security_group" "single" {
name = "singleSecurityGroup"
location = "${var.location}"
resource_group_name = "${var.resource_group_name}"
security_rule {
name = "vpn1"
priority = 100
direction = "Inbound"
access = "Allow"
protocol = "*"
source_port_range = "*"
destination_port_range = "*"
source_address_prefix = "52.177.194.133"
destination_address_prefix = "*"
}
security_rule {
name = "vpn2"
priority = 101
direction = "Inbound"
access = "Allow"
protocol = "*"
source_port_range = "*"
destination_port_range = "*"
source_address_prefix = "52.177.192.239"
destination_address_prefix = "*"
}
security_rule {
name = "DenyAll"
priority = 500
direction = "Inbound"
access = "Deny"
protocol = "*"
source_port_range = "*"
destination_port_range = "*"
source_address_prefix = "*"
destination_address_prefix = "*"
}
security_rule {
name = "vpn1-OutBound"
priority = 100
direction = "Outbound"
access = "Allow"
protocol = "*"
source_port_range = "*"
destination_port_range = "*"
source_address_prefix = "52.177.194.133"
destination_address_prefix = "*"
}
security_rule {
name = "vpn2-OutBound"
priority = 101
direction = "Outbound"
access = "Allow"
protocol = "*"
source_port_range = "*"
destination_port_range = "*"
source_address_prefix = "52.177.192.239"
destination_address_prefix = "*"
}
security_rule {
name = "DenyAll-OutBound"
priority = 500
direction = "Outbound"
access = "Deny"
protocol = "*"
source_port_range = "*"
destination_port_range = "*"
source_address_prefix = "*"
destination_address_prefix = "*"
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment