Commit dbc5f6df authored by Alex Hanselka's avatar Alex Hanselka Committed by Daniele Valeriani

change staging web image

parent 5dc02e0e
...@@ -7,6 +7,9 @@ stages: ...@@ -7,6 +7,9 @@ stages:
before_script: before_script:
- apk add --no-cache unzip wget ca-certificates make gnupg && update-ca-certificates - apk add --no-cache unzip wget ca-certificates make gnupg && update-ca-certificates
# Terraform requires a key file for TF_VAR_ssh_key. We don't really use it
# but it has to be there.
- echo "This is not a real key" > /fake_user_key
tf_validate: tf_validate:
stage: validate stage: validate
......
variable "images" {
type = "map"
default = {
web = "web-stg-24087-88-2424_08-24-05"
}
}
...@@ -2,13 +2,12 @@ variable "environment" { ...@@ -2,13 +2,12 @@ variable "environment" {
default = "stg" default = "stg"
} }
## Azure
variable "arm_subscription_id" {} variable "arm_subscription_id" {}
variable "arm_client_id" {} variable "arm_client_id" {}
variable "arm_client_secret" {} variable "arm_client_secret" {}
variable "arm_tenant_id" {} variable "arm_tenant_id" {}
variable "chef_repo_dir" {}
variable "gitlab_com_zone_id" {}
variable "gitlab_net_zone_id" {}
# We need these variables as part of the virtual machine creation. # We need these variables as part of the virtual machine creation.
# These will go away as soon as we switch to pre-baked server images. # These will go away as soon as we switch to pre-baked server images.
...@@ -17,6 +16,12 @@ variable "first_user_username" {} ...@@ -17,6 +16,12 @@ variable "first_user_username" {}
variable "first_user_password" {} variable "first_user_password" {}
# These are the new variables to connect to the newly created instance, which
# replace the two above.
variable "ssh_user" {}
variable "ssh_key" {}
variable "location" { variable "location" {
default = "East US 2" default = "East US 2"
} }
...@@ -28,10 +33,22 @@ provider "azurerm" { ...@@ -28,10 +33,22 @@ provider "azurerm" {
tenant_id = "${var.arm_tenant_id}" tenant_id = "${var.arm_tenant_id}"
} }
## Chef
variable "chef_version" {
default = "12.19.36"
}
variable "chef_repo_dir" {}
## AWS
provider "aws" { provider "aws" {
region = "us-east-1" region = "us-east-1"
} }
variable "gitlab_com_zone_id" {}
variable "gitlab_net_zone_id" {}
## State storage
terraform { terraform {
backend "s3" {} backend "s3" {}
} }
...@@ -365,8 +382,8 @@ module "virtual-machines-sidekiq" { ...@@ -365,8 +382,8 @@ module "virtual-machines-sidekiq" {
} }
module "virtual-machines-web" { module "virtual-machines-web" {
count = 2 count = 3
source = "../../modules/virtual-machines/web" source = "../../modules/virtual-machines/web-packer-images"
location = "${var.location}" location = "${var.location}"
resource_group_name = "${module.subnet-web.resource_group_name}" resource_group_name = "${module.subnet-web.resource_group_name}"
subnet_id = "${module.subnet-web.subnet_id}" subnet_id = "${module.subnet-web.subnet_id}"
...@@ -374,11 +391,13 @@ module "virtual-machines-web" { ...@@ -374,11 +391,13 @@ module "virtual-machines-web" {
tier = "sv" tier = "sv"
environment = "${var.environment}" environment = "${var.environment}"
address_prefix = "${module.subnet-web.address_prefix}" address_prefix = "${module.subnet-web.address_prefix}"
first_user_username = "${var.first_user_username}" ssh_user = "${var.ssh_user}"
first_user_password = "${var.first_user_password}" ssh_key = "${var.ssh_key}"
chef_repo_dir = "${var.chef_repo_dir}" chef_repo_dir = "${var.chef_repo_dir}"
chef_vaults = "syslog_client gitlab-staging-base gitlab_consul:stg_client" chef_vaults = "syslog_client gitlab-staging-base gitlab_consul:stg_client"
chef_version = "${var.chef_version}"
gitlab_com_zone_id = "${var.gitlab_com_zone_id}" gitlab_com_zone_id = "${var.gitlab_com_zone_id}"
source_image = "/subscriptions/${var.arm_subscription_id}/resourceGroups/Packer/providers/Microsoft.Compute/images/${lookup(var.images, "web")}"
} }
module "virtual-machines-registry" { module "virtual-machines-registry" {
......
resource "azurerm_availability_set" "web" {
name = "${format("web-%v", var.environment)}"
location = "${var.location}"
managed = true
platform_update_domain_count = 20
platform_fault_domain_count = 3
resource_group_name = "${var.resource_group_name}"
}
resource "azurerm_network_interface" "web" {
count = "${var.count}"
name = "${format("web-%02d-%v-%v", count.index + 1, var.tier, var.environment)}"
internal_dns_name_label = "${format("web-%02d-%v-%v", count.index + 1, var.tier, var.environment)}"
location = "${var.location}"
resource_group_name = "${var.resource_group_name}"
ip_configuration {
name = "${format("web-%02d-%v", count.index + 1, var.environment)}"
subnet_id = "${var.subnet_id}"
private_ip_address_allocation = "static"
private_ip_address = "${join(".", slice(split(".", var.address_prefix), 0, 3))}.${count.index + 101}"
}
}
resource "aws_route53_record" "web" {
count = "${var.count}"
zone_id = "${var.gitlab_com_zone_id}"
name = "${format("web-%02d.%v.%v.gitlab.com.", count.index + 1, var.tier, var.environment == "prod" ? "prd" : var.environment)}"
type = "A"
ttl = "300"
records = ["${azurerm_network_interface.web.*.private_ip_address[count.index]}"]
}
data "template_file" "chef-bootstrap-web" {
count = "${var.count}"
template = "${file("${path.root}/../../templates/chef-bootstrap-packer.tpl")}"
vars {
ip_address = "${azurerm_network_interface.web.*.private_ip_address[count.index]}"
hostname = "${format("web-%02d.%v.%v.gitlab.com", count.index + 1, var.tier, var.environment == "prod" ? "prd" : var.environment)}"
chef_version = "${var.chef_version}"
chef_repo_dir = "${var.chef_repo_dir}"
ssh_user = "${var.ssh_user}"
ssh_key = "${var.ssh_key}"
chef_vaults = "${var.chef_vaults}"
}
}
resource "azurerm_virtual_machine" "web" {
count = "${var.count}"
name = "${format("web-%02d.%v.%v.gitlab.com", count.index + 1, var.tier, var.environment == "prod" ? "prd" : var.environment)}"
location = "${var.location}"
resource_group_name = "${var.resource_group_name}"
availability_set_id = "${azurerm_availability_set.web.id}"
network_interface_ids = ["${azurerm_network_interface.web.*.id[count.index]}"]
primary_network_interface_id = "${azurerm_network_interface.web.*.id[count.index]}"
vm_size = "${var.instance_type}"
delete_os_disk_on_termination = true
storage_image_reference {
id = "${var.source_image}"
}
storage_os_disk {
name = "${format("osdisk-web-%02d-%v", count.index + 1, var.environment)}"
caching = "ReadWrite"
create_option = "FromImage"
managed_disk_type = "Standard_LRS"
}
os_profile {
computer_name = "${format("web-%02d.%v.%v.gitlab.com", count.index + 1, var.tier, var.environment == "prod" ? "prd" : var.environment)}"
admin_username = "${var.ssh_user}"
admin_password = "${var.ssh_key}"
}
os_profile_linux_config {
disable_password_authentication = false
}
provisioner "local-exec" {
command = "${data.template_file.chef-bootstrap-web.*.rendered[count.index]}"
}
provisioner "remote-exec" {
inline = ["nohup bash -c 'sudo chef-client &'"]
connection {
type = "ssh"
host = "${azurerm_network_interface.web.*.private_ip_address[count.index]}"
user = "${var.ssh_user}"
private_key = "${file("${var.ssh_key}")}"
timeout = "10s"
}
}
}
variable "address_prefix" {}
variable "chef_repo_dir" {}
variable "chef_vaults" {}
variable "chef_version" {}
variable "count" {}
variable "environment" {}
variable "ssh_key" {}
variable "ssh_user" {}
variable "gitlab_com_zone_id" {}
variable "instance_type" {}
variable "location" {}
variable "resource_group_name" {}
variable "subnet_id" {}
variable "tier" {}
variable "source_image" {}
set -eu
cd ${chef_repo_dir}
bundle exec knife bootstrap ${ssh_user}@${ip_address} \
--ssh-identity-file ${ssh_key} \
--no-host-key-verify \
--sudo \
--node-name ${hostname} \
--bootstrap-version "${chef_version}" \
--run-list 'role[gitlab]' \
--json-attributes {\"azure\":{\"ipaddress\":\"${ip_address}\"}} \
--yes
for i in ${chef_vaults}
do
vault="`echo $i | cut -d : -f 1`"
if [[ $i == *':'* ]]
then
item="`echo $i | cut -d : -f 2`"
else
item="_default"
fi
bundle exec rake 'add_node_secrets[${hostname}, '$vault', '$item']'
done
bundle exec knife node from file nodes/${hostname}.json
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment