Commit bd4c03af authored by jtevnan's avatar jtevnan
Browse files

added first stab at production db servers in TF

parent cd80a7fe
......@@ -63,8 +63,8 @@ module "subnet-internal-lb" {
vnet_resource_group = "${module.vnet.resource_group_name}"
}
module "subnet-db" {
source = "subnets/db"
module "subnet-postgres" {
source = "subnets/postgres"
location = "${var.location}"
subnet_cidr = "10.66.1.0/24"
vnet_name = "${module.vnet.name}"
......@@ -238,6 +238,23 @@ module "virtual-machines-external-lb" {
// load_balancer_backend_address_pool_id = "${module.load-balancers-internal.backend_pool_id}"
// }
module "virtual-machines-postgres" {
count = 1
source = "virtual-machines/postgres"
instance_type = "Standard_GS5"
tier = "db"
environment = "${var.environment}"
address_prefix = "${module.subnet-postgres.address_prefix}"
location = "${var.location}"
resource_group_name = "${module.subnet-postgres.resource_group_name}"
subnet_id = "${module.subnet-postgres.subnet_id}"
first_user_username = "${var.first_user_username}"
first_user_password = "${var.first_user_password}"
chef_repo_dir = "${var.chef_repo_dir}"
chef_vaults = "syslog-client gitlab-cluster-base gitlab_consul:prd_client gitlab-monitor postgres-exporter"
gitlab_com_zone_id = "${var.gitlab_com_zone_id}"
}
module "virtual-machines-redis" {
count = 3
source = "virtual-machines/redis"
......@@ -395,22 +412,22 @@ module "virtual-machines-web" {
gitlab_com_zone_id = "${var.gitlab_com_zone_id}"
}
module "virtual-machines-web-newhostname" {
count = 7
source = "../../modules/virtual-machines/web"
location = "${var.location}"
resource_group_name = "${module.subnet-web.resource_group_name}"
subnet_id = "${module.subnet-web.subnet_id}"
instance_type = "Standard_F16s"
tier = "svc"
environment = "${var.environment}"
address_prefix = "${module.subnet-web.address_prefix}"
first_user_username = "${var.first_user_username}"
first_user_password = "${var.first_user_password}"
chef_repo_dir = "${var.chef_repo_dir}"
chef_vaults = "syslog-client gitlab-cluster-base gitlab_consul:client"
gitlab_com_zone_id = "${var.gitlab_com_zone_id}"
}
//module "virtual-machines-web-newhostname" {
// count = 7
// source = "../../modules/virtual-machines/web"
// location = "${var.location}"
// resource_group_name = "${module.subnet-web.resource_group_name}"
// subnet_id = "${module.subnet-web.subnet_id}"
// instance_type = "Standard_F16s"
// tier = "svc"
// environment = "${var.environment}"
// address_prefix = "${module.subnet-web.address_prefix}"
// first_user_username = "${var.first_user_username}"
// first_user_password = "${var.first_user_password}"
// chef_repo_dir = "${var.chef_repo_dir}"
// chef_vaults = "syslog-client gitlab-cluster-base gitlab_consul:client"
// gitlab_com_zone_id = "${var.gitlab_com_zone_id}"
//}
module "virtual-machines-registry" {
count = 2
......
variable "location" {
description = "The location"
}
variable "vnet_name" {
description = "The name of the virtual network"
}
variable "vnet_resource_group" {
description = "The name of the virtual network"
}
variable "subnet_cidr" {
description = "The CIDR of the subnet"
}
resource "azurerm_resource_group" "PostgresProd" {
name = "PostgresProd"
location = "${var.location}"
}
resource "azurerm_network_security_group" "PostgresProd" {
name = "PostgresProd"
location = "${var.location}"
resource_group_name = "${azurerm_resource_group.PostgresProd.name}"
}
resource "azurerm_network_security_rule" "ssh-from-vpn1-ext" {
name = "ssh-from-vpn1-ext"
priority = 146
direction = "Inbound"
access = "Allow"
protocol = "TCP"
source_port_range = "*"
source_address_prefix = "52.177.194.133"
destination_port_range = "22"
destination_address_prefix = "*"
resource_group_name = "${azurerm_resource_group.PostgresProd.name}"
network_security_group_name = "${azurerm_network_security_group.PostgresProd.name}"
}
resource "azurerm_network_security_rule" "ssh-from-vpn2-ext" {
name = "ssh-from-vpn2-ext"
priority = 147
direction = "Inbound"
access = "Allow"
protocol = "TCP"
source_port_range = "*"
source_address_prefix = "52.177.192.239"
destination_port_range = "22"
destination_address_prefix = "*"
resource_group_name = "${azurerm_resource_group.PostgresProd.name}"
network_security_group_name = "${azurerm_network_security_group.PostgresProd.name}"
}
resource "azurerm_network_security_rule" "ssh-from-internal" {
name = "ssh-from-internal"
priority = 148
direction = "Inbound"
access = "Allow"
protocol = "TCP"
source_port_range = "*"
source_address_prefix = "10.0.0.0/8"
destination_port_range = "22"
destination_address_prefix = "*"
resource_group_name = "${azurerm_resource_group.PostgresProd.name}"
network_security_group_name = "${azurerm_network_security_group.PostgresProd.name}"
}
resource "azurerm_network_security_rule" "ssh-from-vpn" {
name = "ssh-from-vpn"
priority = 149
direction = "Inbound"
access = "Allow"
protocol = "TCP"
source_port_range = "*"
source_address_prefix = "10.254.4.0/23"
destination_port_range = "22"
destination_address_prefix = "*"
resource_group_name = "${azurerm_resource_group.PostgresProd.name}"
network_security_group_name = "${azurerm_network_security_group.PostgresProd.name}"
}
resource "azurerm_network_security_rule" "ssh" {
name = "ssh"
priority = 150
direction = "Inbound"
access = "Deny"
protocol = "TCP"
source_port_range = "*"
source_address_prefix = "Internet"
destination_port_range = "22"
destination_address_prefix = "*"
resource_group_name = "${azurerm_resource_group.PostgresProd.name}"
network_security_group_name = "${azurerm_network_security_group.PostgresProd.name}"
}
resource "azurerm_network_security_rule" "prometheus" {
name = "prometheus"
priority = 151
direction = "Inbound"
access = "Allow"
protocol = "TCP"
source_port_range = "*"
source_address_prefix = "10.4.1.0/24"
destination_port_range = "9100"
destination_address_prefix = "*"
resource_group_name = "${azurerm_resource_group.PostgresProd.name}"
network_security_group_name = "${azurerm_network_security_group.PostgresProd.name}"
}
resource "azurerm_subnet" "PostgresProd" {
name = "PostgresProd"
resource_group_name = "${var.vnet_resource_group}"
virtual_network_name = "${var.vnet_name}"
address_prefix = "${var.subnet_cidr}"
network_security_group_id = "${azurerm_network_security_group.PostgresProd.id}"
}
output "subnet_id" {
value = "${azurerm_subnet.PostgresProd.id}"
}
output "address_prefix" {
value = "${azurerm_subnet.PostgresProd.address_prefix}"
}
output "resource_group_name" {
value = "PostgresProd"
}
output "resource_group_id" {
value = "${azurerm_resource_group.PostgresProd.id}"
}
variable "address_prefix" {}
variable "chef_repo_dir" {}
variable "chef_vaults" {}
variable "count" {}
variable "environment" {}
variable "first_user_password" {}
variable "first_user_username" {}
variable "gitlab_com_zone_id" {}
variable "instance_type" {}
variable "location" {}
variable "resource_group_name" {}
variable "subnet_id" {}
variable "tier" {}
resource "azurerm_availability_set" "postgres" {
name = "${format("postgres-%v", var.environment)}"
location = "${var.location}"
managed = true
platform_update_domain_count = 20
platform_fault_domain_count = 3
resource_group_name = "${var.resource_group_name}"
}
resource "azurerm_network_interface" "postgres" {
count = "${var.count}"
name = "${format("postgres-%02d-%v-%v", count.index + 1, var.tier, var.environment)}"
internal_dns_name_label = "${format("postgres-%02d-%v-%v", count.index + 1, var.tier, var.environment)}"
location = "${var.location}"
resource_group_name = "${var.resource_group_name}"
ip_configuration {
name = "${format("postgres-%02d-%v", count.index + 1, var.environment)}"
subnet_id = "${var.subnet_id}"
private_ip_address_allocation = "static"
private_ip_address = "${join(".", slice(split(".", var.address_prefix), 0, 3))}.${count.index + 101}"
}
}
resource "aws_route53_record" "postgres" {
count = "${var.count}"
zone_id = "${var.gitlab_com_zone_id}"
name = "${format("postgres-%02d.%v.%v.gitlab.com.", count.index + 1, var.tier, var.environment == "prod" ? "prd" : var.environment)}"
type = "A"
ttl = "300"
records = ["${azurerm_network_interface.postgres.*.private_ip_address[count.index]}"]
}
resource "azurerm_managed_disk" "postgres-datadisk-0" {
count = "${var.count}"
name = "${format("postgres-%02d-prd-datadisk-0", count.index + 1)}"
location = "East US 2"
resource_group_name = "${var.resource_group_name}"
storage_account_type = "Premium_LRS"
create_option = "Empty"
disk_size_gb = "511"
}
resource "azurerm_managed_disk" "postgres-datadisk-1" {
count = "${var.count}"
name = "${format("postgres-%02d-prd-datadisk-1", count.index + 1)}"
location = "East US 2"
resource_group_name = "${var.resource_group_name}"
storage_account_type = "Premium_LRS"
create_option = "Empty"
disk_size_gb = "511"
}
resource "azurerm_managed_disk" "postgres-datadisk-2" {
count = "${var.count}"
name = "${format("postgres-%02d-prd-datadisk-2", count.index + 1)}"
location = "East US 2"
resource_group_name = "${var.resource_group_name}"
storage_account_type = "Premium_LRS"
create_option = "Empty"
disk_size_gb = "511"
}
resource "azurerm_managed_disk" "postgres-datadisk-3" {
count = "${var.count}"
name = "${format("postgres-%02d-prd-datadisk-3", count.index + 1)}"
location = "East US 2"
resource_group_name = "${var.resource_group_name}"
storage_account_type = "Premium_LRS"
create_option = "Empty"
disk_size_gb = "511"
}
resource "azurerm_managed_disk" "postgres-datadisk-4" {
count = "${var.count}"
name = "${format("postgres-%02d-prd-datadisk-4", count.index + 1)}"
location = "East US 2"
resource_group_name = "${var.resource_group_name}"
storage_account_type = "Premium_LRS"
create_option = "Empty"
disk_size_gb = "511"
}
resource "azurerm_managed_disk" "postgres-datadisk-5" {
count = "${var.count}"
name = "${format("postgres-%02d-prd-datadisk-5", count.index + 1)}"
location = "East US 2"
resource_group_name = "${var.resource_group_name}"
storage_account_type = "Premium_LRS"
create_option = "Empty"
disk_size_gb = "511"
}
resource "azurerm_managed_disk" "postgres-datadisk-6" {
count = "${var.count}"
name = "${format("postgres-%02d-prd-datadisk-6", count.index + 1)}"
location = "East US 2"
resource_group_name = "${var.resource_group_name}"
storage_account_type = "Premium_LRS"
create_option = "Empty"
disk_size_gb = "511"
}
resource "azurerm_managed_disk" "postgres-datadisk-7" {
count = "${var.count}"
name = "${format("postgres-%02d-prd-datadisk-7", count.index + 1)}"
location = "East US 2"
resource_group_name = "${var.resource_group_name}"
storage_account_type = "Premium_LRS"
create_option = "Empty"
disk_size_gb = "511"
}
resource "azurerm_managed_disk" "postgres-datadisk-8" {
count = "${var.count}"
name = "${format("postgres-%02d-prd-datadisk-8", count.index + 1)}"
location = "East US 2"
resource_group_name = "${var.resource_group_name}"
storage_account_type = "Premium_LRS"
create_option = "Empty"
disk_size_gb = "511"
}
resource "azurerm_managed_disk" "postgres-datadisk-9" {
count = "${var.count}"
name = "${format("postgres-%02d-prd-datadisk-9", count.index + 1)}"
location = "East US 2"
resource_group_name = "${var.resource_group_name}"
storage_account_type = "Premium_LRS"
create_option = "Empty"
disk_size_gb = "511"
}
data "template_file" "chef-bootstrap-postgres" {
count = "${var.count}"
template = "${file("${path.root}/templates/chef-bootstrap.tpl")}"
vars {
ip_address = "${azurerm_network_interface.postgres.*.private_ip_address[count.index]}"
hostname = "${format("postgres-%02d.%v.%v.gitlab.com", count.index + 1, var.tier, var.environment == "prod" ? "prd" : var.environment)}"
chef_repo_dir = "${var.chef_repo_dir}"
first_user_username = "${var.first_user_username}"
first_user_password = "${var.first_user_password}"
chef_vaults = "${var.chef_vaults}"
}
}
resource "azurerm_virtual_machine" "postgres" {
count = "${var.count}"
name = "${format("postgres-%02d.%v.%v.gitlab.com", count.index + 1, var.tier, var.environment == "prod" ? "prd" : var.environment)}"
location = "${var.location}"
resource_group_name = "${var.resource_group_name}"
availability_set_id = "${azurerm_availability_set.postgres.id}"
network_interface_ids = ["${azurerm_network_interface.postgres.*.id[count.index]}"]
primary_network_interface_id = "${azurerm_network_interface.postgres.*.id[count.index]}"
vm_size = "${var.instance_type}"
delete_os_disk_on_termination = true
storage_image_reference {
publisher = "Canonical"
offer = "UbuntuServer"
sku = "16.04-LTS"
version = "latest"
}
storage_os_disk {
name = "${format("osdisk-postgres-%02d-%v", count.index + 1, var.environment)}"
caching = "ReadWrite"
create_option = "FromImage"
managed_disk_type = "Standard_LRS"
}
storage_data_disk {
name = "${azurerm_managed_disk.postgres-datadisk-0.*.name[count.index]}"
managed_disk_id = "${azurerm_managed_disk.postgres-datadisk-0.*.id[count.index]}"
disk_size_gb = "${azurerm_managed_disk.postgres-datadisk-0.*.disk_size_gb[count.index]}"
create_option = "Attach"
lun = 0
caching = "ReadWrite"
}
storage_data_disk {
name = "${azurerm_managed_disk.postgres-datadisk-1.*.name[count.index]}"
managed_disk_id = "${azurerm_managed_disk.postgres-datadisk-1.*.id[count.index]}"
disk_size_gb = "${azurerm_managed_disk.postgres-datadisk-1.*.disk_size_gb[count.index]}"
create_option = "Attach"
lun = 0
caching = "ReadWrite"
}
storage_data_disk {
name = "${azurerm_managed_disk.postgres-datadisk-2.*.name[count.index]}"
managed_disk_id = "${azurerm_managed_disk.postgres-datadisk-2.*.id[count.index]}"
disk_size_gb = "${azurerm_managed_disk.postgres-datadisk-2.*.disk_size_gb[count.index]}"
create_option = "Attach"
lun = 0
caching = "ReadWrite"
}
storage_data_disk {
name = "${azurerm_managed_disk.postgres-datadisk-3.*.name[count.index]}"
managed_disk_id = "${azurerm_managed_disk.postgres-datadisk-3.*.id[count.index]}"
disk_size_gb = "${azurerm_managed_disk.postgres-datadisk-3.*.disk_size_gb[count.index]}"
create_option = "Attach"
lun = 0
caching = "ReadWrite"
}
storage_data_disk {
name = "${azurerm_managed_disk.postgres-datadisk-4.*.name[count.index]}"
managed_disk_id = "${azurerm_managed_disk.postgres-datadisk-4.*.id[count.index]}"
disk_size_gb = "${azurerm_managed_disk.postgres-datadisk-4.*.disk_size_gb[count.index]}"
create_option = "Attach"
lun = 0
caching = "ReadWrite"
}
storage_data_disk {
name = "${azurerm_managed_disk.postgres-datadisk-5.*.name[count.index]}"
managed_disk_id = "${azurerm_managed_disk.postgres-datadisk-5.*.id[count.index]}"
disk_size_gb = "${azurerm_managed_disk.postgres-datadisk-5.*.disk_size_gb[count.index]}"
create_option = "Attach"
lun = 0
caching = "ReadWrite"
}
storage_data_disk {
name = "${azurerm_managed_disk.postgres-datadisk-6.*.name[count.index]}"
managed_disk_id = "${azurerm_managed_disk.postgres-datadisk-6.*.id[count.index]}"
disk_size_gb = "${azurerm_managed_disk.postgres-datadisk-6.*.disk_size_gb[count.index]}"
create_option = "Attach"
lun = 0
caching = "ReadWrite"
}
storage_data_disk {
name = "${azurerm_managed_disk.postgres-datadisk-7.*.name[count.index]}"
managed_disk_id = "${azurerm_managed_disk.postgres-datadisk-7.*.id[count.index]}"
disk_size_gb = "${azurerm_managed_disk.postgres-datadisk-7.*.disk_size_gb[count.index]}"
create_option = "Attach"
lun = 0
caching = "ReadWrite"
}
storage_data_disk {
name = "${azurerm_managed_disk.postgres-datadisk-8.*.name[count.index]}"
managed_disk_id = "${azurerm_managed_disk.postgres-datadisk-8.*.id[count.index]}"
disk_size_gb = "${azurerm_managed_disk.postgres-datadisk-8.*.disk_size_gb[count.index]}"
create_option = "Attach"
lun = 0
caching = "ReadWrite"
}
storage_data_disk {
name = "${azurerm_managed_disk.postgres-datadisk-9.*.name[count.index]}"
managed_disk_id = "${azurerm_managed_disk.postgres-datadisk-9.*.id[count.index]}"
disk_size_gb = "${azurerm_managed_disk.postgres-datadisk-9.*.disk_size_gb[count.index]}"
create_option = "Attach"
lun = 0
caching = "ReadWrite"
}
os_profile {
computer_name = "${format("postgres-%02d.%v.%v.gitlab.com", count.index + 1, var.tier, var.environment == "prod" ? "prd" : var.environment)}"
admin_username = "${var.first_user_username}"
admin_password = "${var.first_user_password}"
}
os_profile_linux_config {
disable_password_authentication = false
}
provisioner "local-exec" {
command = "${data.template_file.chef-bootstrap-postgres.*.rendered[count.index]}"
}
provisioner "remote-exec" {
inline = ["nohup bash -c 'sudo chef-client &'"]
connection {
type = "ssh"
host = "${azurerm_network_interface.postgres.*.private_ip_address[count.index]}"
user = "${var.first_user_username}"
password = "${var.first_user_password}"
timeout = "10s"
}
}
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment