Commit 121342ad authored by Craig Furman's avatar Craig Furman

Upgrade ops-too to Terraform 0.12

Bring in bumped modules. Major versions can be bumped with:

`perl -i -pe 's/([\w\-]+\.git\?ref=v)(\d+)\.\d+.\d+/${1}.(${2}+1).".0.0"/e' main.tf`

I then ran `tfenv use latest`, which automatically bumps
`.terraform-version`. I then ran `tf init && 0.12upgrade`, after which a
subsequent `tf init && tf plan` will display the final errors to work
through.
parent 0709b147
......@@ -24,15 +24,18 @@ provider "aws" {
region = "us-east-1"
}
variable "gitlab_com_zone_id" {}
variable "gitlab_net_zone_id" {}
variable "gitlab_com_zone_id" {
}
variable "gitlab_net_zone_id" {
}
## Google
provider "google" {
version = "~> 2.12.0"
project = "${var.project}"
region = "${var.region}"
project = var.project
region = var.region
}
##################################
......@@ -42,9 +45,10 @@ provider "google" {
#################################
module "network" {
source = "git::ssh://git@ops.gitlab.net/gitlab-com/gl-infra/terraform-modules/google/vpc.git?ref=v1.1.0"
project = "${var.project}"
environment = "${var.environment}"
# TODO Migrate this environment to v2.0.0+
source = "git::ssh://git@ops.gitlab.net/gitlab-com/gl-infra/terraform-modules/google/vpc.git?ref=craigf/v1.1.3-tf0.12"
project = var.project
environment = var.environment
global_address_name = "ops-too-service-network"
}
......@@ -56,38 +60,38 @@ module "network" {
resource "google_compute_network_peering" "peering_gprd" {
name = "peering-gprd"
network = "${var.network_ops_too}"
peer_network = "${var.network_gprd}"
network = var.network_ops_too
peer_network = var.network_gprd
}
resource "google_compute_network_peering" "peering_gstg" {
name = "peering-gstg"
network = "${var.network_ops_too}"
peer_network = "${var.network_gstg}"
network = var.network_ops_too
peer_network = var.network_gstg
}
resource "google_compute_network_peering" "peering_dr" {
name = "peering-dr"
network = "${var.network_ops_too}"
peer_network = "${var.network_dr}"
network = var.network_ops_too
peer_network = var.network_dr
}
resource "google_compute_network_peering" "peering_pre" {
name = "peering-pre"
network = "${var.network_ops_too}"
peer_network = "${var.network_pre}"
network = var.network_ops_too
peer_network = var.network_pre
}
resource "google_compute_network_peering" "peering_testbed" {
name = "peering-testbed"
network = "${var.network_ops_too}"
peer_network = "${var.network_testbed}"
network = var.network_ops_too
peer_network = var.network_testbed
}
resource "google_compute_network_peering" "peering_ops" {
name = "peering-ops"
network = "${var.network_ops_too}"
peer_network = "${var.network_ops}"
network = var.network_ops_too
peer_network = var.network_ops
}
#######################################################
......@@ -99,14 +103,14 @@ resource "google_compute_network_peering" "peering_ops" {
data "null_data_source" "ops-public-ip" {
inputs = {
name = "ops-gitlab-net"
value = "${data.terraform_remote_state.ops.ops_ip}"
value = data.terraform_remote_state.ops.outputs.ops_ip
}
}
data "null_data_source" "ops2-public-ip" {
inputs = {
name = "ops-gitlab-net-geo"
value = "${module.gitlab-ops.instance_public_ips[0]}"
value = module.gitlab-ops.instance_public_ips[0]
}
}
......@@ -117,7 +121,7 @@ resource "random_id" "db_name_suffix" {
resource "google_sql_database_instance" "ops-gitlab-net" {
name = "ops-gitlab-net-${random_id.db_name_suffix.hex}"
database_version = "POSTGRES_11"
region = "${var.region}"
region = var.region
settings {
tier = "db-custom-4-26624"
......@@ -125,12 +129,34 @@ resource "google_sql_database_instance" "ops-gitlab-net" {
ip_configuration {
ipv4_enabled = "true"
private_network = "${module.network.self_link}"
authorized_networks = [
"${data.null_data_source.ops-public-ip.outputs}",
"${data.null_data_source.ops2-public-ip.outputs}",
]
private_network = module.network.self_link
dynamic "authorized_networks" {
for_each = [data.null_data_source.ops-public-ip.outputs]
content {
# TF-UPGRADE-TODO: The automatic upgrade tool can't predict
# which keys might be set in maps assigned here, so it has
# produced a comprehensive set here. Consider simplifying
# this after confirming which keys can be set in practice.
expiration_time = lookup(authorized_networks.value, "expiration_time", null)
name = lookup(authorized_networks.value, "name", null)
value = lookup(authorized_networks.value, "value", null)
}
}
dynamic "authorized_networks" {
for_each = [data.null_data_source.ops2-public-ip.outputs]
content {
# TF-UPGRADE-TODO: The automatic upgrade tool can't predict
# which keys might be set in maps assigned here, so it has
# produced a comprehensive set here. Consider simplifying
# this after confirming which keys can be set in practice.
expiration_time = lookup(authorized_networks.value, "expiration_time", null)
name = lookup(authorized_networks.value, "name", null)
value = lookup(authorized_networks.value, "value", null)
}
}
}
maintenance_window {
......@@ -156,7 +182,7 @@ resource "google_filestore_instance" "ops-gitlab-net" {
}
networks {
network = "${module.network.name}"
network = module.network.name
modes = ["MODE_IPV4"]
}
}
......@@ -164,47 +190,56 @@ resource "google_filestore_instance" "ops-gitlab-net" {
resource "google_redis_instance" "ops-gitlab-net" {
name = "ops-gitlab-net"
memory_size_gb = 4
region = "${var.region}"
region = var.region
authorized_network = "${module.network.name}"
authorized_network = module.network.name
display_name = "ops.gitlab.net redis"
}
resource "aws_route53_record" "gitlab-ops-geo" {
zone_id = "${var.gitlab_net_zone_id}"
zone_id = var.gitlab_net_zone_id
name = "geo.ops.gitlab.net"
type = "A"
ttl = "300"
records = ["${module.gitlab-ops.instance_public_ips[0]}"]
# TF-UPGRADE-TODO: In Terraform v0.10 and earlier, it was sometimes necessary to
# force an interpolation expression to be interpreted as a list by wrapping it
# in an extra set of list brackets. That form was supported for compatibility in
# v0.11, but is no longer supported in Terraform v0.12.
#
# If the expression in the following list itself returns a list, remove the
# brackets to avoid interpretation as a list of lists. If the expression
# returns a single list item then leave it as-is and remove this TODO comment.
records = [module.gitlab-ops.instance_public_ips[0]]
}
module "gitlab-ops" {
backend_protocol = "HTTPS"
bootstrap_version = "${var.bootstrap_script_version}"
chef_provision = "${var.chef_provision}"
bootstrap_version = var.bootstrap_script_version
chef_provision = var.chef_provision
chef_run_list = "\"role[${var.environment}-infra-gitlab-secondary]\""
data_disk_size = 10
data_disk_type = "pd-standard"
dns_zone_name = "${var.dns_zone_name}"
environment = "${var.environment}"
dns_zone_name = var.dns_zone_name
environment = var.environment
health_check = "http"
health_check_port = 8887
ip_cidr_range = "${var.subnetworks["gitlab-ops"]}"
machine_type = "${var.machine_types["gitlab-ops"]}"
ip_cidr_range = var.subnetworks["gitlab-ops"]
machine_type = var.machine_types["gitlab-ops"]
name = "gitlab"
node_count = 1
oauth2_client_id = "${var.oauth2_client_id_gitlab_ops}"
oauth2_client_secret = "${var.oauth2_client_secret_gitlab_ops}"
oauth2_client_id = var.oauth2_client_id_gitlab_ops
oauth2_client_secret = var.oauth2_client_secret_gitlab_ops
persistent_disk_path = "/mnt/unused"
project = "${var.project}"
public_ports = "${var.public_ports["gitlab-ops"]}"
region = "${var.region}"
service_account_email = "${var.service_account_email}"
project = var.project
public_ports = var.public_ports["gitlab-ops"]
region = var.region
service_account_email = var.service_account_email
service_path = "/-/liveness"
service_port = 443
source = "git::ssh://git@ops.gitlab.net/gitlab-com/gl-infra/terraform-modules/google/monitoring-with-count.git?ref=v1.0.7"
source = "git::ssh://git@ops.gitlab.net/gitlab-com/gl-infra/terraform-modules/google/monitoring-with-count.git?ref=v2.0.0"
tier = "inf"
use_external_ip = true
use_new_node_name = true
vpc = "${module.network.self_link}"
vpc = module.network.self_link
}
......@@ -18,18 +18,32 @@ variable "bootstrap_script_version" {
default = 8
}
variable "oauth2_client_id_log_proxy" {}
variable "oauth2_client_secret_log_proxy" {}
variable "oauth2_client_id_dashboards" {}
variable "oauth2_client_secret_dashboards" {}
variable "oauth2_client_id_gitlab_ops" {}
variable "oauth2_client_secret_gitlab_ops" {}
variable "oauth2_client_id_log_proxy" {
}
variable "oauth2_client_secret_log_proxy" {
}
variable "oauth2_client_id_dashboards" {
}
variable "oauth2_client_secret_dashboards" {
}
variable "oauth2_client_id_gitlab_ops" {
}
variable "oauth2_client_secret_gitlab_ops" {
}
variable "oauth2_client_id_monitoring" {
}
variable "oauth2_client_id_monitoring" {}
variable "oauth2_client_secret_monitoring" {}
variable "oauth2_client_secret_monitoring" {
}
variable "machine_types" {
type = "map"
type = map(string)
default = {
"alerts" = "n1-standard-1"
......@@ -60,7 +74,7 @@ variable "machine_types" {
}
variable "monitoring_hosts" {
type = "map"
type = map(list(string))
default = {
"names" = ["alerts", "prometheus", "prometheus-app", "thanos-query"]
......@@ -69,7 +83,7 @@ variable "monitoring_hosts" {
}
variable "service_account_email" {
type = "string"
type = string
default = "terraform@gitlab-ops.iam.gserviceaccount.com"
}
......@@ -78,7 +92,7 @@ variable "service_account_email" {
# 10.251.0.0/16
variable "subnetworks" {
type = "map"
type = map(string)
default = {
"logging" = "10.251.1.0/24"
......@@ -106,7 +120,7 @@ variable "subnetworks" {
}
variable "public_ports" {
type = "map"
type = map(list(string))
default = {
"log-proxy" = []
......@@ -127,7 +141,7 @@ variable "public_ports" {
}
variable "node_count" {
type = "map"
type = map(string)
default = {
"gitlab-ops" = 1
......@@ -136,18 +150,17 @@ variable "node_count" {
}
variable "chef_provision" {
type = "map"
type = map(string)
description = "Configuration details for chef server"
default = {
bootstrap_bucket = "gitlab-ops-chef-bootstrap"
bootstrap_key = "gitlab-ops-bootstrap-validation"
bootstrap_keyring = "gitlab-ops-bootstrap"
server_url = "https://chef.gitlab.com/organizations/gitlab/"
user_name = "gitlab-ci"
user_key_path = ".chef.pem"
version = "14.13.11"
server_url = "https://chef.gitlab.com/organizations/gitlab/"
user_name = "gitlab-ci"
user_key_path = ".chef.pem"
version = "14.13.11"
}
}
......@@ -156,7 +169,7 @@ variable "monitoring_cert_link" {
}
variable "lb_fqdns_bastion" {
type = "list"
type = list(string)
default = ["lb-bastion.ops.gitlab.com"]
}
......@@ -189,7 +202,7 @@ variable "network_pre" {
}
variable "tcp_lbs_bastion" {
type = "map"
type = map(list(string))
default = {
"names" = ["ssh"]
......@@ -199,7 +212,7 @@ variable "tcp_lbs_bastion" {
}
variable "tcp_lbs_sentry" {
type = "map"
type = map(list(string))
default = {
"names" = ["http", "https"]
......@@ -210,7 +223,7 @@ variable "tcp_lbs_sentry" {
}
variable "tcp_lbs_aptly" {
type = "map"
type = map(list(string))
default = {
"names" = ["http", "https"]
......@@ -236,7 +249,7 @@ variable "dashboards_gitlab_com_cert_link" {
}
variable "gcs_service_account_email" {
type = "string"
type = string
default = "gitlab-object-storage@gitlab-ops.iam.gserviceaccount.com"
}
......@@ -244,22 +257,22 @@ variable "gcs_service_account_email" {
# in https://gitlab.com/gitlab-restore/postgres-gprd
variable "gcs_postgres_backup_service_account" {
type = "string"
type = string
default = "postgres-wal-archive@gitlab-ops.iam.gserviceaccount.com"
}
variable "gcs_postgres_restore_service_account" {
type = "string"
type = string
default = "postgres-automated-backup-test@gitlab-restore.iam.gserviceaccount.com"
}
variable "gcs_postgres_backup_kms_key_id" {
type = "string"
type = string
default = "projects/gitlab-ops/locations/global/keyRings/gitlab-secrets/cryptoKeys/ops-postgres-wal-archive"
}
variable "postgres_backup_retention_days" {
type = "string"
type = string
default = "5"
}
......@@ -268,7 +281,7 @@ variable "postgres_backup_retention_days" {
#######################
variable "pubsubbeats" {
type = "map"
type = map(list(string))
default = {
"names" = ["gitaly", "haproxy", "pages", "postgres", "production", "system", "workhorse", "rspec", "sidekiq", "api", "nginx", "gitlab-shell", "shell", "rails", "unstructured", "unicorn", "application", "registry", "redis", "consul", "runner"]
......@@ -279,41 +292,42 @@ variable "pubsubbeats" {
### Object Storage Configuration
variable "versioning" {
type = "string"
type = string
default = "true"
}
variable "artifact_age" {
type = "string"
type = string
default = "30"
}
variable "upload_age" {
type = "string"
type = string
default = "30"
}
variable "lfs_object_age" {
type = "string"
type = string
default = "30"
}
variable "package_repo_age" {
type = "string"
type = string
default = "30"
}
variable "storage_class" {
type = "string"
type = string
default = "MULTI_REGIONAL"
}
variable "storage_log_age" {
type = "string"
type = string
default = "7"
}
variable "gcs_storage_analytics_group_email" {
type = "string"
type = string
default = "cloud-storage-analytics@google.com"
}
terraform {
required_version = ">= 0.12"
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment