Commit f76cfb4a authored by Jason Tevnan's avatar Jason Tevnan Committed by Ilya Frolov
Browse files

added pgbouncer node to staging

parent 1d4db0aa
......@@ -395,6 +395,23 @@ module "virtual-machines-web" {
gitlab_com_zone_id = "${var.gitlab_com_zone_id}"
}
module "virtual-machines-web-newhostname" {
count = 7
source = "../../modules/virtual-machines/web"
location = "${var.location}"
resource_group_name = "${module.subnet-web.resource_group_name}"
subnet_id = "${module.subnet-web.subnet_id}"
instance_type = "Standard_F16s"
tier = "svc"
environment = "${var.environment}"
address_prefix = "${module.subnet-web.address_prefix}"
first_user_username = "${var.first_user_username}"
first_user_password = "${var.first_user_password}"
chef_repo_dir = "${var.chef_repo_dir}"
chef_vaults = "syslog-client gitlab-cluster-base gitlab_consul:client"
gitlab_com_zone_id = "${var.gitlab_com_zone_id}"
}
module "virtual-machines-registry" {
count = 2
source = "../../modules/virtual-machines/registry"
......
......@@ -86,6 +86,14 @@ module "subnet-elasticsearch" {
vnet_resource_group = "${module.vnet.resource_group_name}"
}
module "subnet-pgbouncer" {
source = "subnets/pgbouncer"
location = "${var.location}"
subnet_cidr = "10.129.4.0/24"
vnet_name = "${module.vnet.name}"
vnet_resource_group = "${module.vnet.resource_group_name}"
}
module "subnet-consul" {
source = "subnets/consul"
location = "${var.location}"
......@@ -256,6 +264,23 @@ module "virtual-machines-elasticsearch" {
gitlab_com_zone_id = "${var.gitlab_com_zone_id}"
}
module "virtual-machines-pgbouncer" {
count = 1
source = "../../modules/virtual-machines/pgbouncer"
location = "${var.location}"
resource_group_name = "${module.subnet-pgbouncer.resource_group_name}"
instance_type = "Standard_A1_v2"
tier = "db"
environment = "${var.environment}"
address_prefix = "${module.subnet-internal-lb.address_prefix}"
subnet_id = "${module.subnet-pgbouncer.subnet_id}"
first_user_username = "${var.first_user_username}"
first_user_password = "${var.first_user_password}"
chef_repo_dir = "${var.chef_repo_dir}"
chef_vaults = "syslog-client gitlab-staging-base gitlab-monitor postgres-exporter"
gitlab_com_zone_id = "${var.gitlab_com_zone_id}"
}
module "virtual-machines-deploy" {
source = "virtual-machines/deploy"
location = "${var.location}"
......@@ -341,14 +366,18 @@ module "virtual-machines-sidekiq" {
module "virtual-machines-web" {
count = 2
source = "virtual-machines/web"
source = "../../modules/virtual-machines/web"
location = "${var.location}"
resource_group_name = "${module.subnet-web.resource_group_name}"
subnet_id = "${module.subnet-web.subnet_id}"
instance_type = "Standard_F4s"
tier = "sv"
environment = "${var.environment}"
address_prefix = "${module.subnet-web.address_prefix}"
first_user_username = "${var.first_user_username}"
first_user_password = "${var.first_user_password}"
chef_repo_dir = "${var.chef_repo_dir}"
chef_vaults = "syslog-client gitlab-staging-base"
chef_vaults = "syslog-client gitlab-staging-base gitlab_consul:stg_client"
gitlab_com_zone_id = "${var.gitlab_com_zone_id}"
}
......
variable "location" {}
variable "vnet_name" {}
variable "vnet_resource_group" {}
variable "subnet_cidr" {}
resource "azurerm_resource_group" "PgbouncerStaging" {
name = "PgbouncerStaging"
location = "${var.location}"
}
resource "azurerm_network_security_group" "PgbouncerStaging" {
name = "PgbouncerStaging"
location = "${var.location}"
resource_group_name = "${azurerm_resource_group.PgbouncerStaging.name}"
}
resource "azurerm_network_security_rule" "ssh-from-vpn1-ext" {
name = "ssh-from-vpn1-ext"
priority = 146
direction = "Inbound"
access = "Allow"
protocol = "TCP"
source_port_range = "*"
source_address_prefix = "52.177.194.133"
destination_port_range = "22"
destination_address_prefix = "*"
resource_group_name = "${azurerm_resource_group.PgbouncerStaging.name}"
network_security_group_name = "${azurerm_network_security_group.PgbouncerStaging.name}"
}
resource "azurerm_network_security_rule" "ssh-from-vpn2-ext" {
name = "ssh-from-vpn2-ext"
priority = 147
direction = "Inbound"
access = "Allow"
protocol = "TCP"
source_port_range = "*"
source_address_prefix = "52.177.192.239"
destination_port_range = "22"
destination_address_prefix = "*"
resource_group_name = "${azurerm_resource_group.PgbouncerStaging.name}"
network_security_group_name = "${azurerm_network_security_group.PgbouncerStaging.name}"
}
resource "azurerm_network_security_rule" "ssh-from-internal" {
name = "ssh-from-internal"
priority = 148
direction = "Inbound"
access = "Allow"
protocol = "TCP"
source_port_range = "*"
source_address_prefix = "10.0.0.0/8"
destination_port_range = "22"
destination_address_prefix = "*"
resource_group_name = "${azurerm_resource_group.PgbouncerStaging.name}"
network_security_group_name = "${azurerm_network_security_group.PgbouncerStaging.name}"
}
resource "azurerm_network_security_rule" "ssh-from-vpn" {
name = "ssh-from-vpn"
priority = 149
direction = "Inbound"
access = "Allow"
protocol = "TCP"
source_port_range = "*"
source_address_prefix = "10.254.4.0/23"
destination_port_range = "22"
destination_address_prefix = "*"
resource_group_name = "${azurerm_resource_group.PgbouncerStaging.name}"
network_security_group_name = "${azurerm_network_security_group.PgbouncerStaging.name}"
}
resource "azurerm_network_security_rule" "ssh" {
name = "ssh"
priority = 150
direction = "Inbound"
access = "Deny"
protocol = "TCP"
source_port_range = "*"
source_address_prefix = "Internet"
destination_port_range = "22"
destination_address_prefix = "*"
resource_group_name = "${azurerm_resource_group.PgbouncerStaging.name}"
network_security_group_name = "${azurerm_network_security_group.PgbouncerStaging.name}"
}
resource "azurerm_network_security_rule" "prometheus" {
name = "prometheus"
priority = 151
direction = "Inbound"
access = "Allow"
protocol = "TCP"
source_port_range = "*"
source_address_prefix = "10.4.1.0/24"
destination_port_range = "9100"
destination_address_prefix = "*"
resource_group_name = "${azurerm_resource_group.PgbouncerStaging.name}"
network_security_group_name = "${azurerm_network_security_group.PgbouncerStaging.name}"
}
resource "azurerm_subnet" "PgbouncerStaging" {
name = "PgbouncerStaging"
resource_group_name = "${var.vnet_resource_group}"
virtual_network_name = "${var.vnet_name}"
address_prefix = "${var.subnet_cidr}"
network_security_group_id = "${azurerm_network_security_group.PgbouncerStaging.id}"
}
output "subnet_id" {
value = "${azurerm_subnet.PgbouncerStaging.id}"
}
output "address_prefix" {
value = "${azurerm_subnet.PgbouncerStaging.address_prefix}"
}
output "resource_group_name" {
value = "PgbouncerStaging"
}
output "resource_group_id" {
value = "${azurerm_resource_group.PgbouncerStaging.id}"
}
variable "location" {}
variable "count" {}
variable "resource_group_name" {}
variable "subnet_id" {}
variable "first_user_username" {}
variable "first_user_password" {}
variable "chef_repo_dir" {}
variable "chef_vaults" {}
variable "gitlab_com_zone_id" {}
resource "azurerm_availability_set" "WebStaging" {
name = "WebStaging"
resource "azurerm_availability_set" "pgbouncer" {
name = "${format("pgbouncer-%v", var.environment)}"
location = "${var.location}"
managed = true
platform_update_domain_count = 20
......@@ -17,51 +8,37 @@ resource "azurerm_availability_set" "WebStaging" {
resource_group_name = "${var.resource_group_name}"
}
output "availability_set_id" {
value = "${azurerm_availability_set.WebStaging.id}"
}
resource "azurerm_public_ip" "web" {
count = "${var.count}"
name = "${format("web%02d-stg-public-ip", count.index + 1)}"
location = "${var.location}"
resource_group_name = "${var.resource_group_name}"
public_ip_address_allocation = "static"
domain_name_label = "${format("web%02d-stg", count.index + 1)}"
}
resource "azurerm_network_interface" "web" {
resource "azurerm_network_interface" "pgbouncer" {
count = "${var.count}"
name = "${format("web%02d-stg", count.index + 1)}"
internal_dns_name_label = "${format("web%02d-stg", count.index + 1)}"
name = "${format("pgbouncer-%02d-%v-%v", count.index + 1, var.tier, var.environment)}"
internal_dns_name_label = "${format("pgbouncer-%02d-%v-%v", count.index + 1, var.tier, var.environment)}"
location = "${var.location}"
resource_group_name = "${var.resource_group_name}"
ip_configuration {
name = "${format("web%02d-stg", count.index + 1)}"
name = "${format("pgbouncer-%02d-%v", count.index + 1, var.environment)}"
subnet_id = "${var.subnet_id}"
private_ip_address_allocation = "static"
private_ip_address = "10.132.8.${format("%02d", count.index + 101)}"
public_ip_address_id = "${azurerm_public_ip.web.*.id[count.index]}"
private_ip_address = "${join(".", slice(split(".", var.address_prefix), 0, 3))}.${count.index + 101}"
}
}
resource "aws_route53_record" "web" {
resource "aws_route53_record" "pgbouncer" {
count = "${var.count}"
zone_id = "${var.gitlab_com_zone_id}"
name = "${format("web%02d.stg.gitlab.com.", count.index + 1)}"
type = "CNAME"
name = "${format("pgbouncer-%02d.%v.%v.gitlab.com.", count.index + 1, var.tier, var.environment == "prod" ? "prd" : var.environment)}"
type = "A"
ttl = "300"
records = ["${azurerm_public_ip.web.*.fqdn[count.index]}."]
records = ["${azurerm_network_interface.pgbouncer.*.private_ip_address[count.index]}"]
}
data "template_file" "chef-bootstrap-web" {
data "template_file" "chef-bootstrap-pgbouncer" {
count = "${var.count}"
template = "${file("${path.root}/templates/chef-bootstrap.tpl")}"
vars {
ip_address = "${azurerm_public_ip.web.*.ip_address[count.index]}"
hostname = "${format("web%02d.stg.gitlab.com", count.index + 1)}"
ip_address = "${azurerm_network_interface.pgbouncer.*.private_ip_address[count.index]}"
hostname = "${format("pgbouncer-%02d.%v.%v.gitlab.com", count.index + 1, var.tier, var.environment == "prod" ? "prd" : var.environment)}"
chef_repo_dir = "${var.chef_repo_dir}"
first_user_username = "${var.first_user_username}"
first_user_password = "${var.first_user_password}"
......@@ -69,16 +46,15 @@ data "template_file" "chef-bootstrap-web" {
}
}
resource "azurerm_virtual_machine" "web" {
resource "azurerm_virtual_machine" "pgbouncer" {
count = "${var.count}"
name = "${format("web%02d.stg.gitlab.com", count.index + 1)}"
name = "${format("pgbouncer-%02d.%v.%v.gitlab.com", count.index + 1, var.tier, var.environment == "prod" ? "prd" : var.environment)}"
location = "${var.location}"
resource_group_name = "${var.resource_group_name}"
availability_set_id = "${azurerm_availability_set.WebStaging.id}"
network_interface_ids = ["${azurerm_network_interface.web.*.id[count.index]}"]
primary_network_interface_id = "${azurerm_network_interface.web.*.id[count.index]}"
vm_size = "Standard_F4s"
availability_set_id = "${azurerm_availability_set.pgbouncer.id}"
network_interface_ids = ["${azurerm_network_interface.pgbouncer.*.id[count.index]}"]
primary_network_interface_id = "${azurerm_network_interface.pgbouncer.*.id[count.index]}"
vm_size = "${var.instance_type}"
delete_os_disk_on_termination = true
storage_image_reference {
......@@ -89,14 +65,14 @@ resource "azurerm_virtual_machine" "web" {
}
storage_os_disk {
name = "${format("osdisk-web%02d", count.index + 1)}"
name = "${format("osdisk-pgbouncer-%02d-%v", count.index + 1, var.environment)}"
caching = "ReadWrite"
create_option = "FromImage"
managed_disk_type = "Standard_LRS"
}
os_profile {
computer_name = "${format("web%02d.stg.gitlab.com", count.index + 1)}"
computer_name = "${format("pgbouncer-%02d.%v.%v.gitlab.com", count.index + 1, var.tier, var.environment == "prod" ? "prd" : var.environment)}"
admin_username = "${var.first_user_username}"
admin_password = "${var.first_user_password}"
}
......@@ -106,7 +82,7 @@ resource "azurerm_virtual_machine" "web" {
}
provisioner "local-exec" {
command = "${data.template_file.chef-bootstrap-web.*.rendered[count.index]}"
command = "${data.template_file.chef-bootstrap-pgbouncer.*.rendered[count.index]}"
}
provisioner "remote-exec" {
......@@ -114,7 +90,7 @@ resource "azurerm_virtual_machine" "web" {
connection {
type = "ssh"
host = "${azurerm_public_ip.web.*.ip_address[count.index]}"
host = "${azurerm_network_interface.pgbouncer.*.private_ip_address[count.index]}"
user = "${var.first_user_username}"
password = "${var.first_user_password}"
timeout = "10s"
......
variable "address_prefix" {}
variable "chef_repo_dir" {}
variable "chef_vaults" {}
variable "count" {}
variable "environment" {}
variable "first_user_password" {}
variable "first_user_username" {}
variable "gitlab_com_zone_id" {}
variable "instance_type" {}
variable "location" {}
variable "resource_group_name" {}
variable "subnet_id" {}
variable "tier" {}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment