Make AWS AMI builder fetch package from artifact instead of S3 bucket

Signed-off-by: Balasankar "Balu" C <balasankar@gitlab.com>

gitlab-ci-config/gitlab-com.yml

@@ -713,12 +713,12 @@ validate_packer_changes:
   image: "${PUBLIC_BUILDER_IMAGE_REGISTRY}/debian_packer:${BUILDER_IMAGE_REVISION}"
   stage: check
   script:
-    - cd "${CI_PROJECT_DIR}/support/packer" && packer validate -var aws_access_key=XXX -var aws_secret_key=XXX -var download_url=XXX ce-arm64.pkr.hcl
-    - cd "${CI_PROJECT_DIR}/support/packer" && packer validate -var aws_access_key=XXX -var aws_secret_key=XXX -var download_url=XXX ce.pkr.hcl
-    - cd "${CI_PROJECT_DIR}/support/packer" && packer validate -var aws_access_key=XXX -var aws_secret_key=XXX -var download_url=XXX ee-arm64.pkr.hcl
-    - cd "${CI_PROJECT_DIR}/support/packer" && packer validate -var aws_access_key=XXX -var aws_secret_key=XXX -var download_url=XXX ee-premium.pkr.hcl
-    - cd "${CI_PROJECT_DIR}/support/packer" && packer validate -var aws_access_key=XXX -var aws_secret_key=XXX -var download_url=XXX ee-ultimate.pkr.hcl
-    - cd "${CI_PROJECT_DIR}/support/packer" && packer validate -var aws_access_key=XXX -var aws_secret_key=XXX -var download_url=XXX ee.pkr.hcl
+    - cd "${CI_PROJECT_DIR}/support/packer" && packer validate -var ci_job_token=XXX -var aws_access_key=XXX -var aws_secret_key=XXX -var download_url=XXX ce-arm64.pkr.hcl
+    - cd "${CI_PROJECT_DIR}/support/packer" && packer validate -var ci_job_token=XXX -var aws_access_key=XXX -var aws_secret_key=XXX -var download_url=XXX ce.pkr.hcl
+    - cd "${CI_PROJECT_DIR}/support/packer" && packer validate -var ci_job_token=XXX -var aws_access_key=XXX -var aws_secret_key=XXX -var download_url=XXX ee-arm64.pkr.hcl
+    - cd "${CI_PROJECT_DIR}/support/packer" && packer validate -var ci_job_token=XXX -var aws_access_key=XXX -var aws_secret_key=XXX -var download_url=XXX ee-premium.pkr.hcl
+    - cd "${CI_PROJECT_DIR}/support/packer" && packer validate -var ci_job_token=XXX -var aws_access_key=XXX -var aws_secret_key=XXX -var download_url=XXX ee-ultimate.pkr.hcl
+    - cd "${CI_PROJECT_DIR}/support/packer" && packer validate -var ci_job_token=XXX -var aws_access_key=XXX -var aws_secret_key=XXX -var download_url=XXX ee.pkr.hcl
   rules:
     - if: '$PIPELINE_TYPE == "_TEST_PIPELINE"'
       changes:

lib/gitlab/aws_helper.rb

@@ -14,7 +14,7 @@ class AWSHelper
     @type = type || 'ce'
   end
 
-  def create_ami
+  def create_ami_old
     release_type = Gitlab::Util.get_env('AWS_RELEASE_TYPE')
     architecture = Gitlab::Util.get_env('AWS_ARCHITECTURE')
     args = {}
@@ -31,7 +31,27 @@ class AWSHelper
 
     @download_url = Build::Info.ami_deb_package_download_url(**args)
 
-    system(*%W[support/packer/packer_ami.sh #{@version} #{@type} #{@download_url} #{@license_file}])
+    system(*%W[support/packer_old/packer_ami.sh #{@version} #{@type} #{@download_url} #{@license_file}])
+  end
+
+  def create_ami
+    release_type = Gitlab::Util.get_env('AWS_RELEASE_TYPE')
+    architecture = Gitlab::Util.get_env('AWS_ARCHITECTURE')
+
+    if (@type == 'ee') && release_type
+      @type = "ee-#{release_type}"
+      @license_file = "AWS_#{release_type}_LICENSE_FILE".upcase
+    end
+
+    if architecture
+      @type = "#{@type}-#{architecture}"
+    else
+      architecture = 'amd64'
+    end
+
+    @download_url = Build::Info::CI.package_download_url(job_name: "Ubuntu-20.04", arch: architecture)
+
+    system(*%W[support/packer/packer_ami.sh #{@version} #{@type} #{@download_url} #{Build::Info::CI.job_token} #{@license_file}])
   end
 
   def set_marketplace_details

lib/gitlab/tasks/aws.rake

@@ -12,7 +12,11 @@ namespace :aws do
       next if Build::Check.is_auto_deploy? || Build::Check.is_rc_tag?
 
       Omnibus.load_configuration('omnibus.rb')
-      AWSHelper.new(Omnibus::BuildVersion.semver, Build::Info.edition).create_ami
+      if Gitlab::Util.get_env('AMI_USE_OLD_BUILD_PROCESS') == "true"
+        AWSHelper.new(Omnibus::BuildVersion.semver, Build::Info.edition).create_ami_old
+      else
+        AWSHelper.new(Omnibus::BuildVersion.semver, Build::Info.edition).create_ami
+      end
     end
   end
 

spec/lib/gitlab/tasks/aws_spec.rb

@@ -40,6 +40,27 @@ RSpec.describe 'aws:ami:create', type: :rake do
   before do
     Rake::Task['aws:ami:create'].reenable
     allow_any_instance_of(Kernel).to receive(:system).and_return(true)
+    allow(ENV).to receive(:[]).and_call_original
+    stub_env_var('CI_JOB_TOKEN', 'CI-NO-JOB-TOKEN')
+  end
+
+  context 'when using `AMI_USE_OLD_BUILD_PROCESS` environment variable' do
+    before do
+      stub_env_var('AMI_USE_OLD_BUILD_PROCESS', 'true')
+      allow(Build::Check).to receive(:on_tag?).and_return(true)
+      allow(Build::Check).to receive(:is_auto_deploy?).and_return(false)
+      allow(Build::Check).to receive(:is_rc_tag?).and_return(false)
+      allow(Build::Info).to receive(:ami_deb_package_download_url).and_return('http://example.com')
+    end
+
+    it 'should call the old script' do
+      allow(Build::Info).to receive(:edition).and_return('ce')
+      allow(Omnibus::BuildVersion).to receive(:semver).and_return('9.3.0')
+
+      expect_any_instance_of(Kernel).to receive(:system).with(*["support/packer_old/packer_ami.sh", "9.3.0", "ce", "http://example.com", ""])
+
+      Rake::Task['aws:ami:create'].invoke
+    end
   end
 
   describe 'on a regular tag' do
@@ -47,14 +68,14 @@ RSpec.describe 'aws:ami:create', type: :rake do
       allow(Build::Check).to receive(:on_tag?).and_return(true)
       allow(Build::Check).to receive(:is_auto_deploy?).and_return(false)
       allow(Build::Check).to receive(:is_rc_tag?).and_return(false)
-      allow(Build::Info).to receive(:ami_deb_package_download_url).and_return('http://example.com')
+      allow(Build::Info::CI).to receive(:package_download_url).and_return('http://example.com')
     end
 
     it 'should identify ce category correctly, if specified' do
       allow(Build::Info).to receive(:edition).and_return('ce')
       allow(Omnibus::BuildVersion).to receive(:semver).and_return('9.3.0')
 
-      expect_any_instance_of(Kernel).to receive(:system).with(*["support/packer/packer_ami.sh", "9.3.0", "ce", "http://example.com", ""])
+      expect_any_instance_of(Kernel).to receive(:system).with(*["support/packer/packer_ami.sh", "9.3.0", "ce", "http://example.com", "CI-NO-JOB-TOKEN", ""])
 
       Rake::Task['aws:ami:create'].invoke
     end
@@ -63,7 +84,7 @@ RSpec.describe 'aws:ami:create', type: :rake do
       allow(Build::Info).to receive(:edition).and_return(nil)
       allow(Omnibus::BuildVersion).to receive(:semver).and_return('9.3.0')
 
-      expect_any_instance_of(Kernel).to receive(:system).with(*["support/packer/packer_ami.sh", "9.3.0", "ce", "http://example.com", ""])
+      expect_any_instance_of(Kernel).to receive(:system).with(*["support/packer/packer_ami.sh", "9.3.0", "ce", "http://example.com", "CI-NO-JOB-TOKEN", ""])
 
       Rake::Task['aws:ami:create'].invoke
     end
@@ -72,7 +93,7 @@ RSpec.describe 'aws:ami:create', type: :rake do
       allow(Build::Info).to receive(:edition).and_return('ee')
       allow(Omnibus::BuildVersion).to receive(:semver).and_return('9.3.0')
 
-      expect_any_instance_of(Kernel).to receive(:system).with(*["support/packer/packer_ami.sh", "9.3.0", "ee", "http://example.com", ""])
+      expect_any_instance_of(Kernel).to receive(:system).with(*["support/packer/packer_ami.sh", "9.3.0", "ee", "http://example.com", "CI-NO-JOB-TOKEN", ""])
 
       Rake::Task['aws:ami:create'].invoke
     end
@@ -83,7 +104,7 @@ RSpec.describe 'aws:ami:create', type: :rake do
       allow(Build::Info).to receive(:edition).and_return(nil)
       allow(Omnibus::BuildVersion).to receive(:semver).and_return('9.3.0')
 
-      expect_any_instance_of(Kernel).to receive(:system).with(*["support/packer/packer_ami.sh", "9.3.0", "ce-arm64", "http://example.com", ""])
+      expect_any_instance_of(Kernel).to receive(:system).with(*["support/packer/packer_ami.sh", "9.3.0", "ce-arm64", "http://example.com", "CI-NO-JOB-TOKEN", ""])
 
       Rake::Task['aws:ami:create'].invoke
     end
@@ -94,7 +115,7 @@ RSpec.describe 'aws:ami:create', type: :rake do
       allow(Build::Info).to receive(:edition).and_return('ee')
       allow(Omnibus::BuildVersion).to receive(:semver).and_return('9.3.0')
 
-      expect_any_instance_of(Kernel).to receive(:system).with(*["support/packer/packer_ami.sh", "9.3.0", "ee-arm64", "http://example.com", ""])
+      expect_any_instance_of(Kernel).to receive(:system).with(*["support/packer/packer_ami.sh", "9.3.0", "ee-arm64", "http://example.com", "CI-NO-JOB-TOKEN", ""])
 
       Rake::Task['aws:ami:create'].invoke
     end
@@ -105,7 +126,7 @@ RSpec.describe 'aws:ami:create', type: :rake do
       allow(Gitlab::Util).to receive(:get_env).with("AWS_RELEASE_TYPE").and_return('ultimate')
       allow(Omnibus::BuildVersion).to receive(:semver).and_return('9.3.0')
 
-      expect_any_instance_of(Kernel).to receive(:system).with(*["support/packer/packer_ami.sh", "9.3.0", "ee-ultimate", "http://example.com", "AWS_ULTIMATE_LICENSE_FILE"])
+      expect_any_instance_of(Kernel).to receive(:system).with(*["support/packer/packer_ami.sh", "9.3.0", "ee-ultimate", "http://example.com", "CI-NO-JOB-TOKEN", "AWS_ULTIMATE_LICENSE_FILE"])
 
       Rake::Task['aws:ami:create'].invoke
     end
@@ -116,7 +137,7 @@ RSpec.describe 'aws:ami:create', type: :rake do
       allow(Gitlab::Util).to receive(:get_env).with("AWS_RELEASE_TYPE").and_return('premium')
       allow(Omnibus::BuildVersion).to receive(:semver).and_return('9.3.0')
 
-      expect_any_instance_of(Kernel).to receive(:system).with(*["support/packer/packer_ami.sh", "9.3.0", "ee-premium", "http://example.com", "AWS_PREMIUM_LICENSE_FILE"])
+      expect_any_instance_of(Kernel).to receive(:system).with(*["support/packer/packer_ami.sh", "9.3.0", "ee-premium", "http://example.com", "CI-NO-JOB-TOKEN", "AWS_PREMIUM_LICENSE_FILE"])
 
       Rake::Task['aws:ami:create'].invoke
     end
@@ -127,7 +148,7 @@ RSpec.describe 'aws:ami:create', type: :rake do
       allow(Build::Check).to receive(:on_tag?).and_return(true)
       allow(Build::Check).to receive(:is_auto_deploy?).and_return(false)
       allow(Build::Check).to receive(:is_rc_tag?).and_return(true)
-      allow(Build::Info).to receive(:ami_deb_package_download_url).and_return('http://example.com')
+      allow(Build::Info::CI).to receive(:package_download_url).and_return('http://example.com')
     end
 
     it 'does not do anything' do
@@ -142,7 +163,7 @@ RSpec.describe 'aws:ami:create', type: :rake do
       allow(Build::Check).to receive(:on_tag?).and_return(true)
       allow(Build::Check).to receive(:is_auto_deploy?).and_return(true)
       allow(Build::Check).to receive(:is_rc_tag?).and_return(false)
-      allow(Build::Info).to receive(:ami_deb_package_download_url).and_return('http://example.com')
+      allow(Build::Info::CI).to receive(:package_download_url).and_return('http://example.com')
     end
 
     it 'does not do anything' do

support/packer/ce-arm64.pkr.hcl

@@ -14,6 +14,11 @@ variable "download_url" {
   type = string
 }
 
+# ci_job_token is the token used to download the package from CI artifacts
+variable "ci_job_token" {
+  type = string
+}
+
 # license_file, somewhat of a misnomer, is the contents of the license to
 # install on the image. Due to the size of the license contents, it is usually
 # better to use a shell variable to hold the contents and then use the variable
@@ -121,7 +126,7 @@ build {
   }
 
   provisioner "shell" {
-    environment_vars = ["DOWNLOAD_URL=${var.download_url}"]
+    environment_vars = ["DOWNLOAD_URL=${var.download_url}", "CI_JOB_TOKEN=${var.ci_job_token}"]
     script           = "update-script-ce.sh"
   }
 

support/packer/ce.pkr.hcl

@@ -14,6 +14,11 @@ variable "download_url" {
   type = string
 }
 
+# ci_job_token is the token used to download the package from CI artifacts
+variable "ci_job_token" {
+  type = string
+}
+
 # license_file, somewhat of a misnomer, is the contents of the license to
 # install on the image. Due to the size of the license contents, it is usually
 # better to use a shell variable to hold the contents and then use the variable
@@ -121,7 +126,7 @@ build {
   }
 
   provisioner "shell" {
-    environment_vars = ["DOWNLOAD_URL=${var.download_url}"]
+    environment_vars = ["DOWNLOAD_URL=${var.download_url}", "CI_JOB_TOKEN=${var.ci_job_token}"]
     script           = "update-script-ce.sh"
   }
 

support/packer/ee-arm64.pkr.hcl

@@ -14,6 +14,11 @@ variable "download_url" {
   type = string
 }
 
+# ci_job_token is the token used to download the package from CI artifacts
+variable "ci_job_token" {
+  type = string
+}
+
 # license_file, somewhat of a misnomer, is the contents of the license to
 # install on the image. Due to the size of the license contents, it is usually
 # better to use a shell variable to hold the contents and then use the variable
@@ -118,7 +123,7 @@ build {
   }
 
   provisioner "shell" {
-    environment_vars = ["DOWNLOAD_URL=${var.download_url}"]
+    environment_vars = ["DOWNLOAD_URL=${var.download_url}", "CI_JOB_TOKEN=${var.ci_job_token}"]
     script           = "update-script-ee.sh"
   }
 

support/packer/ee-premium.pkr.hcl

@@ -14,6 +14,11 @@ variable "download_url" {
   type = string
 }
 
+# ci_job_token is the token used to download the package from CI artifacts
+variable "ci_job_token" {
+  type = string
+}
+
 # license_file, somewhat of a misnomer, is the contents of the license to
 # install on the image. Due to the size of the license contents, it is usually
 # better to use a shell variable to hold the contents and then use the variable
@@ -117,7 +122,7 @@ build {
   }
 
   provisioner "shell" {
-    environment_vars = ["DOWNLOAD_URL=${var.download_url}", "GITLAB_LICENSE_FILE=${var.license_file}"]
+    environment_vars = ["DOWNLOAD_URL=${var.download_url}", "GITLAB_LICENSE_FILE=${var.license_file}", "CI_JOB_TOKEN=${var.ci_job_token}"]
     script           = "update-script-ee-premium.sh"
   }
 

support/packer/ee-ultimate.pkr.hcl

@@ -14,6 +14,11 @@ variable "download_url" {
   type = string
 }
 
+# ci_job_token is the token used to download the package from CI artifacts
+variable "ci_job_token" {
+  type = string
+}
+
 # license_file, somewhat of a misnomer, is the contents of the license to
 # install on the image. Due to the size of the license contents, it is usually
 # better to use a shell variable to hold the contents and then use the variable
@@ -117,7 +122,7 @@ build {
   }
 
   provisioner "shell" {
-    environment_vars = ["DOWNLOAD_URL=${var.download_url}", "GITLAB_LICENSE_FILE=${var.license_file}"]
+    environment_vars = ["DOWNLOAD_URL=${var.download_url}", "GITLAB_LICENSE_FILE=${var.license_file}", "CI_JOB_TOKEN=${var.ci_job_token}"]
     script           = "update-script-ee-ultimate.sh"
   }
 

support/packer/ee.pkr.hcl

@@ -14,6 +14,11 @@ variable "download_url" {
   type = string
 }
 
+# ci_job_token is the token used to download the package from CI artifacts
+variable "ci_job_token" {
+  type = string
+}
+
 # license_file, somewhat of a misnomer, is the contents of the license to
 # install on the image. Due to the size of the license contents, it is usually
 # better to use a shell variable to hold the contents and then use the variable
@@ -118,7 +123,7 @@ build {
   }
 
   provisioner "shell" {
-    environment_vars = ["DOWNLOAD_URL=${var.download_url}"]
+    environment_vars = ["DOWNLOAD_URL=${var.download_url}", "CI_JOB_TOKEN=${var.ci_job_token}"]
     script           = "update-script-ee.sh"
   }
 

support/packer/packer_ami.sh

@@ -3,10 +3,11 @@
 VERSION=$1
 TYPE=$2
 DOWNLOAD_URL=$3
+CI_JOB_TOKEN=$4
 
 # Expanding the variable to get actual license file contents
-if [ -n "$4" ]; then
-  EE_LICENSE_FILE=${!4}
+if [ -n "$5" ]; then
+  EE_LICENSE_FILE=${!5}
 fi
 
 PACKER_PATH=$(pwd)/support/packer
@@ -16,4 +17,4 @@ cd $PACKER_PATH
 # To store the post processor manifest file
 mkdir -p manifests
 
-packer build -var "aws_access_key=$AWS_AMI_ACCESS_KEY_ID" -var "aws_secret_key=$AWS_AMI_SECRET_ACCESS_KEY" -var "version=$VERSION" -var "download_url=$DOWNLOAD_URL" -var "license_file=$EE_LICENSE_FILE" $PACKER_PATH/$TYPE.pkr.hcl
+packer build -var "ci_job_token=$CI_JOB_TOKEN" -var "aws_access_key=$AWS_AMI_ACCESS_KEY_ID" -var "aws_secret_key=$AWS_AMI_SECRET_ACCESS_KEY" -var "version=$VERSION" -var "download_url=$DOWNLOAD_URL" -var "license_file=$EE_LICENSE_FILE" $PACKER_PATH/$TYPE.pkr.hcl

support/packer/update-script-ce.sh

@@ -8,11 +8,11 @@ sudo debconf-set-selections <<< 'postfix postfix/main_mailer_type string "Intern
 sudo apt-get install -y curl openssh-server ca-certificates postfix libatomic1
 curl -sS https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.deb.sh | sudo bash
 
-# Downloading package from S3 bucket
-curl -o gitlab.deb "$DOWNLOAD_URL"
+# Downloading package from CI artifact
+wget --quiet --header "JOB-TOKEN: ${CI_JOB_TOKEN}" ${DOWNLOAD_URL} -O /tmp/gitlab.deb
 # Explicitly passing EXTERNAL_URL to prevent automatic EC2 IP detection.
-sudo EXTERNAL_URL="http://gitlab.example.com" dpkg -i gitlab.deb
-sudo rm gitlab.deb
+sudo EXTERNAL_URL="http://gitlab.example.com" dpkg -i /tmp/gitlab.deb
+sudo rm /tmp/gitlab.deb
 
 # Set install type to aws
 echo "gitlab-aws-ami" | sudo tee /opt/gitlab/embedded/service/gitlab-rails/INSTALLATION_TYPE > /dev/null

support/packer/update-script-ee-premium.sh

@@ -12,11 +12,11 @@ curl -sS https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee/scrip
 sudo mkdir -p /etc/gitlab
 echo "$GITLAB_LICENSE_FILE" | sudo tee /etc/gitlab/predefined.gitlab-license > /dev/null
 
-# Downloading package from S3 bucket
-curl -o gitlab.deb "$DOWNLOAD_URL"
+# Downloading package from CI artifact
+wget --quiet --header "JOB-TOKEN: ${CI_JOB_TOKEN}" ${DOWNLOAD_URL} -O /tmp/gitlab.deb
 # Explicitly passing EXTERNAL_URL to prevent automatic EC2 IP detection.
-sudo EXTERNAL_URL="http://gitlab.example.com" dpkg -i gitlab.deb
-sudo rm gitlab.deb
+sudo EXTERNAL_URL="http://gitlab.example.com" dpkg -i /tmp/gitlab.deb
+sudo rm /tmp/gitlab.deb
 
 # Set install type to aws
 echo "gitlab-aws-marketplace-ami" | sudo tee /opt/gitlab/embedded/service/gitlab-rails/INSTALLATION_TYPE > /dev/null

support/packer/update-script-ee-ultimate.sh

@@ -12,11 +12,11 @@ curl -sS https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee/scrip
 sudo mkdir -p /etc/gitlab
 echo "$GITLAB_LICENSE_FILE" | sudo tee /etc/gitlab/predefined.gitlab-license > /dev/null
 
-# Downloading package from S3 bucket
-curl -o gitlab.deb "$DOWNLOAD_URL"
+# Downloading package from CI artifact
+wget --quiet --header "JOB-TOKEN: ${CI_JOB_TOKEN}" ${DOWNLOAD_URL} -O /tmp/gitlab.deb
 # Explicitly passing EXTERNAL_URL to prevent automatic EC2 IP detection.
-sudo EXTERNAL_URL="http://gitlab.example.com" dpkg -i gitlab.deb
-sudo rm gitlab.deb
+sudo EXTERNAL_URL="http://gitlab.example.com" dpkg -i /tmp/gitlab.deb
+sudo rm /tmp/gitlab.deb
 
 # Set install type to aws
 echo "gitlab-aws-marketplace-ami" | sudo tee /opt/gitlab/embedded/service/gitlab-rails/INSTALLATION_TYPE > /dev/null

support/packer/update-script-ee.sh

@@ -8,11 +8,11 @@ sudo debconf-set-selections <<< 'postfix postfix/main_mailer_type string "Intern
 sudo apt-get install -y curl openssh-server ca-certificates postfix libatomic1
 curl -sS https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee/script.deb.sh | sudo bash
 
-# Downloading package from S3 bucket
-curl -o gitlab.deb "$DOWNLOAD_URL"
+# Downloading package from CI artifact
+wget --quiet --header "JOB-TOKEN: ${CI_JOB_TOKEN}" ${DOWNLOAD_URL} -O /tmp/gitlab.deb
 # Explicitly passing EXTERNAL_URL to prevent automatic EC2 IP detection.
-sudo EXTERNAL_URL="http://gitlab.example.com" dpkg -i gitlab.deb
-sudo rm gitlab.deb
+sudo EXTERNAL_URL="http://gitlab.example.com" dpkg -i /tmp/gitlab.deb
+sudo rm /tmp/gitlab.deb
 
 # Set install type to aws
 echo "gitlab-aws-ami" | sudo tee /opt/gitlab/embedded/service/gitlab-rails/INSTALLATION_TYPE > /dev/null

support/packer_old/ami-startup-script.sh

@@ -0,0 +1,38 @@
+#!/bin/bash
+
+get_ec2_address()
+{
+  url=$1
+  # Try collecting fqdn if it is set correctly
+  fqdn=$(/opt/gitlab/embedded/bin/curl -s ${url})
+  if [ -n "${fqdn}" ]; then
+    # Checking if curl returned an XML message
+    word="<?xml"
+    if ! $(test "${fqdn#*$word}" != "$fqdn"); then
+        EXTERNAL_URL="http://${fqdn}"
+    fi
+  fi
+}
+
+# Attempting to get public hostname. If that is not available, we get public
+# IPv4
+get_ec2_address "http://169.254.169.254/latest/meta-data/public-hostname"
+if [ -z "${EXTERNAL_URL}" ]; then
+  get_ec2_address "http://169.254.169.254/latest/meta-data/public-ipv4"
+fi
+
+# Replace external URL in gitlab.rb if user hasn't changed it by some other
+# means.
+EXISTING_EXTERNAL_URL=$(sudo awk '/^external_url/ { print $2 }' /etc/gitlab/gitlab.rb | xargs)
+if [ "$EXISTING_EXTERNAL_URL" = "http://gitlab.example.com" ]; then
+  sudo sed -i 's!^external_url .*!external_url "'$EXTERNAL_URL'"!g' /etc/gitlab/gitlab.rb
+fi
+
+# Setting initial root password to instance ID if user hasn't changed it by
+# some other means.
+EXISTING_ROOT_PASSWORD=$(sudo grep "^gitlab_rails.*initial_root_password.*" /etc/gitlab/gitlab.rb | cut -d '=' -f2- | xargs)
+if [ -z "${EXISTING_ROOT_PASSWORD}" ] && [ -z "${GITLAB_ROOT_PASSWORD}" ]; then
+  GITLAB_ROOT_PASSWORD=$(curl http://169.254.169.254/latest/meta-data/instance-id)
+fi
+
+sudo GITLAB_ROOT_PASSWORD=${GITLAB_ROOT_PASSWORD} gitlab-ctl reconfigure

support/packer_old/ce-arm64.pkr.hcl

@@ -0,0 +1,134 @@
+# aws_access_key is the AWS PAT public key.
+variable "aws_access_key" {
+  type = string
+}
+
+# aws_access_key is the AWS PAT private key.
+variable "aws_secret_key" {
+  type = string
+}
+
+# download_url is the URL used to download the Ubuntu Focal GitLab Omnibus
+# debian package.
+variable "download_url" {
+  type = string
+}
+
+# license_file, somewhat of a misnomer, is the contents of the license to
+# install on the image. Due to the size of the license contents, it is usually
+# better to use a shell variable to hold the contents and then use the variable
+# reference on the command line, e.g.,
+#
+# GITLAB_LICENSE="eyJkYXRhIjoicEoy..."
+# packer build ... -var "license_file=$GITLAB_LICENSE" ...
+#
+# Note: Licenses are not needed for the Community Edition. Leave this variable
+# set to the default.
+variable "license_file" {
+  type    = string
+  default = ""
+}
+
+# version is the version to use in the image name, description, and tag. It does
+# not affect the installed version which is determined by the downloaded GitLab
+# Omnibus deb).
+variable "version" {
+  type    = string
+  default = "99.99.99"
+}
+
+# ami_regions are a list of regions to copy the resulting AMI to (copied from
+# the 'us-east-1' region). For local develoment builds use -var "ami_regions=[]"
+# so no copying is done.
+variable "ami_regions" {
+  type = list(string)
+  default = [
+    "af-south-1",
+    "ap-northeast-1",
+    "ap-northeast-2",
+    "ap-northeast-3",
+    "ap-south-1",
+    "ap-southeast-1",
+    "ap-southeast-2",
+    "ca-central-1",
+    "eu-central-1",
+    "eu-north-1",
+    "eu-south-1",
+    "eu-west-1",
+    "eu-west-2",
+    "eu-west-3",
+    "me-south-1",
+    "sa-east-1",
+    "us-east-2",
+    "us-west-1",
+    "us-west-2",
+  ]
+}
+
+# ami_prefix is used to preface the the AMI description and name with something
+# useful to differentiate a local development build image from a production
+# build. Set it to something useful when doing local build testing. Example:
+#
+#    -var "ami_prefix=Sally G Test".
+#
+# would create an image with the AMI name and description of "Sally G Test
+# <version> ...".
+variable "ami_prefix" {
+  type    = string
+  default = ""
+}
+
+data "amazon-ami" "base_ami" {
+  access_key = "${var.aws_access_key}"
+  filters = {
+    name                = "ubuntu/images/*ubuntu-focal-20.04-arm64-server-*"
+    root-device-type    = "ebs"
+    virtualization-type = "hvm"
+  }
+  most_recent = true
+  owners      = ["099720109477"]
+  region      = "us-east-1"
+  secret_key  = "${var.aws_secret_key}"
+}
+
+source "amazon-ebs" "base_ami" {
+  access_key      = "${var.aws_access_key}"
+  ami_description = "${var.ami_prefix}GitLab CE ${var.version} (ARM64) AMI. https://about.gitlab.com/"
+  ami_name        = "${var.ami_prefix}GitLab CE ${var.version} (ARM64)"
+  ami_groups      = ["all"]
+  ami_users       = ["684062674729", "679593333241"]
+  ena_support     = true
+  instance_type   = "m6g.medium"
+  region          = "us-east-1"
+  secret_key      = "${var.aws_secret_key}"
+  snapshot_users  = ["684062674729", "679593333241"]
+  source_ami      = "${data.amazon-ami.base_ami.id}"
+  sriov_support   = true
+  ssh_username    = "ubuntu"
+  tags = {
+    Type    = "GitLab Community Edition (ARM64)"
+    Version = "${var.version}"
+  }
+  ami_regions = "${var.ami_regions}"
+}
+
+build {
+  sources = ["source.amazon-ebs.base_ami"]
+
+  provisioner "file" {
+    destination = "/home/ubuntu/ami-startup-script.sh"
+    source      = "./ami-startup-script.sh"
+  }
+
+  provisioner "shell" {
+    environment_vars = ["DOWNLOAD_URL=${var.download_url}"]
+    script           = "update-script-ce.sh"
+  }
+
+  post-processor "manifest" {
+    output = "manifests/ce-arm64-manifest.json"
+    custom_data = {
+      name: "${var.ami_prefix}GitLab CE ${var.version} (ARM64)"
+    }
+  }
+}

support/packer_old/ce.pkr.hcl

@@ -0,0 +1,134 @@
+# aws_access_key is the AWS PAT public key.
+variable "aws_access_key" {
+  type = string
+}
+
+# aws_access_key is the AWS PAT private key.
+variable "aws_secret_key" {
+  type = string
+}
+
+# download_url is the URL used to download the Ubuntu Focal GitLab Omnibus
+# debian package.
+variable "download_url" {
+  type = string
+}
+
+# license_file, somewhat of a misnomer, is the contents of the license to
+# install on the image. Due to the size of the license contents, it is usually
+# better to use a shell variable to hold the contents and then use the variable
+# reference on the command line, e.g.,
+#
+# GITLAB_LICENSE="eyJkYXRhIjoicEoy..." packer build ... -var
+# "license_file=$GITLAB_LICENSE" ...
+#
+# Note: Licenses are not needed for the Community Edition. Leave this variable
+# set to the default.
+variable "license_file" {
+  type    = string
+  default = ""
+}
+
+# version is the version to use in the image name, description, and tag. It does
+# not affect the installed version which is determined by the downloaded GitLab
+# Omnibus deb).
+variable "version" {
+  type    = string
+  default = "99.99.99"
+}
+
+# ami_regions are a list of regions to copy the resulting AMI to (copied from
+# the 'us-east-1' region). For local develoment builds use -var "ami_regions=[]"
+# so no copying is done.
+variable "ami_regions" {
+  type = list(string)
+  default = [
+    "af-south-1",
+    "ap-northeast-1",
+    "ap-northeast-2",
+    "ap-northeast-3",
+    "ap-south-1",
+    "ap-southeast-1",
+    "ap-southeast-2",
+    "ca-central-1",
+    "eu-central-1",
+    "eu-north-1",
+    "eu-south-1",
+    "eu-west-1",
+    "eu-west-2",
+    "eu-west-3",
+    "me-south-1",
+    "sa-east-1",
+    "us-east-2",
+    "us-west-1",
+    "us-west-2",
+  ]
+}
+
+# ami_prefix is used to preface the the AMI description and name with something
+# useful to differentiate a local development build image from a production
+# build. Set it to something useful when doing local build testing. Example:
+#
+#    -var "ami_prefix=Sally G Test".
+#
+# would create an image with the AMI name and description of "Sally G Test
+# <version> ...".
+variable "ami_prefix" {
+  type    = string
+  default = ""
+}
+
+data "amazon-ami" "base_ami" {
+  access_key = "${var.aws_access_key}"
+  filters = {
+    name                = "ubuntu/images/*ubuntu-focal-20.04-amd64-server-*"
+    root-device-type    = "ebs"
+    virtualization-type = "hvm"
+  }
+  most_recent = true
+  owners      = ["099720109477"]
+  region      = "us-east-1"
+  secret_key  = "${var.aws_secret_key}"
+}
+
+source "amazon-ebs" "base_ami" {
+  access_key      = "${var.aws_access_key}"
+  ami_description = "${var.ami_prefix}GitLab CE ${var.version} AMI. https://about.gitlab.com/"
+  ami_name        = "${var.ami_prefix}GitLab CE ${var.version}"
+  ami_groups      = ["all"]
+  ami_users       = ["684062674729", "679593333241"]
+  ena_support     = true
+  instance_type   = "m3.medium"
+  region          = "us-east-1"
+  secret_key      = "${var.aws_secret_key}"
+  snapshot_users  = ["684062674729", "679593333241"]
+  source_ami      = "${data.amazon-ami.base_ami.id}"
+  sriov_support   = true
+  ssh_username    = "ubuntu"
+  tags = {
+    Type    = "GitLab Community Edition"
+    Version = "${var.version}"
+  }
+  ami_regions = "${var.ami_regions}"
+}
+
+build {
+  sources = ["source.amazon-ebs.base_ami"]
+
+  provisioner "file" {
+    destination = "/home/ubuntu/ami-startup-script.sh"
+    source      = "./ami-startup-script.sh"
+  }
+
+  provisioner "shell" {
+    environment_vars = ["DOWNLOAD_URL=${var.download_url}"]
+    script           = "update-script-ce.sh"
+  }
+
+  post-processor "manifest" {
+    output = "manifests/ce-manifest.json"
+    custom_data = {
+      name: "${var.ami_prefix}GitLab CE ${var.version}"
+    }
+  }
+}

support/packer_old/ee-arm64.pkr.hcl

@@ -0,0 +1,131 @@
+# aws_access_key is the AWS PAT public key.
+variable "aws_access_key" {
+  type = string
+}
+
+# aws_access_key is the AWS PAT private key.
+variable "aws_secret_key" {
+  type = string
+}
+
+# download_url is the URL used to download the Ubuntu Focal GitLab Omnibus
+# debian package.
+variable "download_url" {
+  type = string
+}
+
+# license_file, somewhat of a misnomer, is the contents of the license to
+# install on the image. Due to the size of the license contents, it is usually
+# better to use a shell variable to hold the contents and then use the variable
+# reference on the command line, e.g.,
+#
+# GITLAB_LICENSE="eyJkYXRhIjoicEoy..."
+# packer build ... -var "license_file=$GITLAB_LICENSE" ...
+variable "license_file" {
+  type    = string
+  default = ""
+}
+
+# version is the version to use in the image name, description, and tag. It does
+# not affect the installed version which is determined by the downloaded GitLab
+# Omnibus deb).
+variable "version" {
+  type    = string
+  default = "99.99.99"
+}
+
+# ami_regions are a list of regions to copy the resulting AMI to (copied from
+# the 'us-east-1' region). For local develoment builds use -var "ami_regions=[]"
+# so no copying is done.
+variable "ami_regions" {
+  type = list(string)
+  default = [
+    "af-south-1",
+    "ap-northeast-1",
+    "ap-northeast-2",
+    "ap-northeast-3",
+    "ap-south-1",
+    "ap-southeast-1",
+    "ap-southeast-2",
+    "ca-central-1",
+    "eu-central-1",
+    "eu-north-1",
+    "eu-south-1",
+    "eu-west-1",
+    "eu-west-2",
+    "eu-west-3",
+    "me-south-1",
+    "sa-east-1",
+    "us-east-2",
+    "us-west-1",
+    "us-west-2",
+  ]
+}
+
+# ami_prefix is used to preface the the AMI description and name with something
+# useful to differentiate a local development build image from a production
+# build. Set it to something useful when doing local build testing. Example:
+#
+#    -var "ami_prefix=Sally G Test".
+#
+# would create an image with the AMI name and description of "Sally G Test
+# <version> ...".
+variable "ami_prefix" {
+  type    = string
+  default = ""
+}
+
+data "amazon-ami" "base_ami" {
+  access_key = "${var.aws_access_key}"
+  filters = {
+    name                = "ubuntu/images/*ubuntu-focal-20.04-arm64-server-*"
+    root-device-type    = "ebs"
+    virtualization-type = "hvm"
+  }
+  most_recent = true
+  owners      = ["099720109477"]
+  region      = "us-east-1"
+  secret_key  = "${var.aws_secret_key}"
+}
+
+source "amazon-ebs" "base_ami" {
+  access_key      = "${var.aws_access_key}"
+  ami_description = "${var.ami_prefix}GitLab EE ${var.version} (ARM64) AMI. https://about.gitlab.com/"
+  ami_name        = "${var.ami_prefix}GitLab EE ${var.version} (ARM64)"
+  ami_groups      = ["all"]
+  ami_users       = ["684062674729", "679593333241"]
+  ena_support     = true
+  instance_type   = "m6g.medium"
+  region          = "us-east-1"
+  secret_key      = "${var.aws_secret_key}"
+  snapshot_users  = ["684062674729", "679593333241"]
+  source_ami      = "${data.amazon-ami.base_ami.id}"
+  sriov_support   = true
+  ssh_username    = "ubuntu"
+  tags = {
+    Type    = "GitLab Enterprise Edition (ARM64)"
+    Version = "${var.version}"
+  }
+  ami_regions = "${var.ami_regions}"
+}
+
+build {
+  sources = ["source.amazon-ebs.base_ami"]
+
+  provisioner "file" {
+    destination = "/home/ubuntu/ami-startup-script.sh"
+    source      = "./ami-startup-script.sh"
+  }
+
+  provisioner "shell" {
+    environment_vars = ["DOWNLOAD_URL=${var.download_url}"]
+    script           = "update-script-ee.sh"
+  }
+
+  post-processor "manifest" {
+    output = "manifests/ee-arm64-manifest.json"
+    custom_data = {
+      name: "${var.ami_prefix}GitLab EE ${var.version} (ARM64)"
+    }
+  }
+}

support/packer_old/ee-premium.pkr.hcl

@@ -0,0 +1,130 @@
+# aws_access_key is the AWS PAT public key.
+variable "aws_access_key" {
+  type = string
+}
+
+# aws_access_key is the AWS PAT private key.
+variable "aws_secret_key" {
+  type = string
+}
+
+# download_url is the URL used to download the Ubuntu Focal GitLab Omnibus
+# debian package.
+variable "download_url" {
+  type = string
+}
+
+# license_file, somewhat of a misnomer, is the contents of the license to
+# install on the image. Due to the size of the license contents, it is usually
+# better to use a shell variable to hold the contents and then use the variable
+# reference on the command line, e.g.,
+#
+# GITLAB_LICENSE="eyJkYXRhIjoicEoy..."
+# packer build ... -var "license_file=$GITLAB_LICENSE" ...
+variable "license_file" {
+  type    = string
+  default = ""
+}
+
+# version is the version to use in the image name, description, and tag. It does
+# not affect the installed version which is determined by the downloaded GitLab
+# Omnibus deb).
+variable "version" {
+  type    = string
+  default = "99.99.99"
+}
+
+# ami_regions are a list of regions to copy the resulting AMI to (copied from
+# the 'us-east-1' region). For local develoment builds use -var "ami_regions=[]"
+# so no copying is done.
+variable "ami_regions" {
+  type = list(string)
+  default = [
+    "af-south-1",
+    "ap-northeast-1",
+    "ap-northeast-2",
+    "ap-northeast-3",
+    "ap-south-1",
+    "ap-southeast-1",
+    "ap-southeast-2",
+    "ca-central-1",
+    "eu-central-1",
+    "eu-north-1",
+    "eu-south-1",
+    "eu-west-1",
+    "eu-west-2",
+    "eu-west-3",
+    "me-south-1",
+    "sa-east-1",
+    "us-east-2",
+    "us-west-1",
+    "us-west-2",
+  ]
+}
+
+# ami_prefix is used to preface the the AMI description and name with something
+# useful to differentiate a local development build image from a production
+# build. Set it to something useful when doing local build testing. Example:
+#
+#    -var "ami_prefix=Sally G Test".
+#
+# would create an image with the AMI name and description of "Sally G Test
+# <version> ...".
+variable "ami_prefix" {
+  type    = string
+  default = ""
+}
+
+data "amazon-ami" "base_ami" {
+  access_key = "${var.aws_access_key}"
+  filters = {
+    name                = "ubuntu/images/*ubuntu-focal-20.04-amd64-server-*"
+    root-device-type    = "ebs"
+    virtualization-type = "hvm"
+  }
+  most_recent = true
+  owners      = ["099720109477"]
+  region      = "us-east-1"
+  secret_key  = "${var.aws_secret_key}"
+}
+
+source "amazon-ebs" "base_ami" {
+  access_key      = "${var.aws_access_key}"
+  ami_description = "${var.ami_prefix}GitLab EE ${var.version} AMI with Premium license. https://about.gitlab.com/"
+  ami_name        = "${var.ami_prefix}GitLab EE ${var.version} Premium"
+  ami_users       = ["684062674729", "679593333241"]
+  ena_support     = true
+  instance_type   = "m3.medium"
+  region          = "us-east-1"
+  secret_key      = "${var.aws_secret_key}"
+  snapshot_users  = ["684062674729", "679593333241"]
+  source_ami      = "${data.amazon-ami.base_ami.id}"
+  sriov_support   = true
+  ssh_username    = "ubuntu"
+  tags = {
+    Type    = "GitLab Enterprise Edition Premium"
+    Version = "${var.version}"
+  }
+  ami_regions = "${var.ami_regions}"
+}
+
+build {
+  sources = ["source.amazon-ebs.base_ami"]
+
+  provisioner "file" {
+    destination = "/home/ubuntu/ami-startup-script.sh"
+    source      = "./ami-startup-script.sh"
+  }
+
+  provisioner "shell" {
+    environment_vars = ["DOWNLOAD_URL=${var.download_url}", "GITLAB_LICENSE_FILE=${var.license_file}"]
+    script           = "update-script-ee-premium.sh"
+  }
+
+  post-processor "manifest" {
+    output = "manifests/ee-premium-manifest.json"
+    custom_data = {
+      name: "${var.ami_prefix}GitLab EE ${var.version} Premium"
+    }
+  }
+}

support/packer_old/ee-ultimate.pkr.hcl

@@ -0,0 +1,130 @@
+# aws_access_key is the AWS PAT public key.
+variable "aws_access_key" {
+  type = string
+}
+
+# aws_access_key is the AWS PAT private key.
+variable "aws_secret_key" {
+  type = string
+}
+
+# download_url is the URL used to download the Ubuntu Focal GitLab Omnibus
+# debian package.
+variable "download_url" {
+  type = string
+}
+
+# license_file, somewhat of a misnomer, is the contents of the license to
+# install on the image. Due to the size of the license contents, it is usually
+# better to use a shell variable to hold the contents and then use the variable
+# reference on the command line, e.g.,
+#
+# GITLAB_LICENSE="eyJkYXRhIjoicEoy..."
+# packer build ... -var "license_file=$GITLAB_LICENSE" ...
+variable "license_file" {
+  type    = string
+  default = ""
+}
+
+# version is the version to use in the image name, description, and tag. It does
+# not affect the installed version which is determined by the downloaded GitLab
+# Omnibus deb).
+variable "version" {
+  type    = string
+  default = "99.99.99"
+}
+
+# ami_regions are a list of regions to copy the resulting AMI to (copied from
+# the 'us-east-1' region). For local develoment builds use -var "ami_regions=[]"
+# so no copying is done.
+variable "ami_regions" {
+  type = list(string)
+  default = [
+    "af-south-1",
+    "ap-northeast-1",
+    "ap-northeast-2",
+    "ap-northeast-3",
+    "ap-south-1",
+    "ap-southeast-1",
+    "ap-southeast-2",
+    "ca-central-1",
+    "eu-central-1",
+    "eu-north-1",
+    "eu-south-1",
+    "eu-west-1",
+    "eu-west-2",
+    "eu-west-3",
+    "me-south-1",
+    "sa-east-1",
+    "us-east-2",
+    "us-west-1",
+    "us-west-2",
+  ]
+}
+
+# ami_prefix is used to preface the the AMI description and name with something
+# useful to differentiate a local development build image from a production
+# build. Set it to something useful when doing local build testing. Example:
+#
+#    -var "ami_prefix=Sally G Test".
+#
+# would create an image with the AMI name and description of "Sally G Test
+# <version> ...".
+variable "ami_prefix" {
+  type    = string
+  default = ""
+}
+
+data "amazon-ami" "base_ami" {
+  access_key = "${var.aws_access_key}"
+  filters = {
+    name                = "ubuntu/images/*ubuntu-focal-20.04-amd64-server-*"
+    root-device-type    = "ebs"
+    virtualization-type = "hvm"
+  }
+  most_recent = true
+  owners      = ["099720109477"]
+  region      = "us-east-1"
+  secret_key  = "${var.aws_secret_key}"
+}
+
+source "amazon-ebs" "base_ami" {
+  access_key      = "${var.aws_access_key}"
+  ami_description = "${var.ami_prefix}GitLab EE ${var.version} AMI with Ultimate license. https://about.gitlab.com/"
+  ami_name        = "${var.ami_prefix}GitLab EE ${var.version} Ultimate"
+  ami_users       = ["684062674729", "679593333241"]
+  ena_support     = true
+  instance_type   = "m3.medium"
+  region          = "us-east-1"
+  secret_key      = "${var.aws_secret_key}"
+  snapshot_users  = ["684062674729", "679593333241"]
+  source_ami      = "${data.amazon-ami.base_ami.id}"
+  sriov_support   = true
+  ssh_username    = "ubuntu"
+  tags = {
+    Type    = "GitLab Enterprise Edition Ultimate"
+    Version = "${var.version}"
+  }
+  ami_regions = "${var.ami_regions}"
+}
+
+build {
+  sources = ["source.amazon-ebs.base_ami"]
+
+  provisioner "file" {
+    destination = "/home/ubuntu/ami-startup-script.sh"
+    source      = "./ami-startup-script.sh"
+  }
+
+  provisioner "shell" {
+    environment_vars = ["DOWNLOAD_URL=${var.download_url}", "GITLAB_LICENSE_FILE=${var.license_file}"]
+    script           = "update-script-ee-ultimate.sh"
+  }
+
+  post-processor "manifest" {
+    output = "manifests/ee-ultimate-manifest.json"
+    custom_data = {
+      name: "${var.ami_prefix}GitLab EE ${var.version} Ultimate"
+    }
+  }
+}

support/packer_old/ee.pkr.hcl

@@ -0,0 +1,131 @@
+# aws_access_key is the AWS PAT public key.
+variable "aws_access_key" {
+  type = string
+}
+
+# aws_access_key is the AWS PAT private key.
+variable "aws_secret_key" {
+  type = string
+}
+
+# download_url is the URL used to download the Ubuntu Focal GitLab Omnibus
+# debian package.
+variable "download_url" {
+  type = string
+}
+
+# license_file, somewhat of a misnomer, is the contents of the license to
+# install on the image. Due to the size of the license contents, it is usually
+# better to use a shell variable to hold the contents and then use the variable
+# reference on the command line, e.g.,
+#
+# GITLAB_LICENSE="eyJkYXRhIjoicEoy..."
+# packer build ... -var "license_file=$GITLAB_LICENSE" ...
+variable "license_file" {
+  type    = string
+  default = ""
+}
+
+# version is the version to use in the image name, description, and tag. It does
+# not affect the installed version which is determined by the downloaded GitLab
+# Omnibus deb).
+variable "version" {
+  type    = string
+  default = "99.99.99"
+}
+
+# ami_regions are a list of regions to copy the resulting AMI to (copied from
+# the 'us-east-1' region). For local develoment builds use -var "ami_regions=[]"
+# so no copying is done.
+variable "ami_regions" {
+  type = list(string)
+  default = [
+    "af-south-1",
+    "ap-northeast-1",
+    "ap-northeast-2",
+    "ap-northeast-3",
+    "ap-south-1",
+    "ap-southeast-1",
+    "ap-southeast-2",
+    "ca-central-1",
+    "eu-central-1",
+    "eu-north-1",
+    "eu-south-1",
+    "eu-west-1",
+    "eu-west-2",
+    "eu-west-3",
+    "me-south-1",
+    "sa-east-1",
+    "us-east-2",
+    "us-west-1",
+    "us-west-2",
+  ]
+}
+
+# ami_prefix is used to preface the the AMI description and name with something
+# useful to differentiate a local development build image from a production
+# build. Set it to something useful when doing local build testing. Example:
+#
+#    -var "ami_prefix=Sally G Test".
+#
+# would create an image with the AMI name and description of "Sally G Test
+# <version> ...".
+variable "ami_prefix" {
+  type    = string
+  default = ""
+}
+
+data "amazon-ami" "base_ami" {
+  access_key = "${var.aws_access_key}"
+  filters = {
+    name                = "ubuntu/images/*ubuntu-focal-20.04-amd64-server-*"
+    root-device-type    = "ebs"
+    virtualization-type = "hvm"
+  }
+  most_recent = true
+  owners      = ["099720109477"]
+  region      = "us-east-1"
+  secret_key  = "${var.aws_secret_key}"
+}
+
+source "amazon-ebs" "base_ami" {
+  access_key      = "${var.aws_access_key}"
+  ami_description = "${var.ami_prefix}GitLab EE ${var.version} AMI. https://about.gitlab.com/"
+  ami_name        = "${var.ami_prefix}GitLab EE ${var.version}"
+  ami_groups      = ["all"]
+  ami_users       = ["684062674729", "679593333241"]
+  ena_support     = true
+  instance_type   = "m3.medium"
+  region          = "us-east-1"
+  secret_key      = "${var.aws_secret_key}"
+  snapshot_users  = ["684062674729", "679593333241"]
+  source_ami      = "${data.amazon-ami.base_ami.id}"
+  sriov_support   = true
+  ssh_username    = "ubuntu"
+  tags = {
+    Type    = "GitLab Enterprise Edition"
+    Version = "${var.version}"
+  }
+  ami_regions = "${var.ami_regions}"
+}
+
+build {
+  sources = ["source.amazon-ebs.base_ami"]
+
+  provisioner "file" {
+    destination = "/home/ubuntu/ami-startup-script.sh"
+    source      = "./ami-startup-script.sh"
+  }
+
+  provisioner "shell" {
+    environment_vars = ["DOWNLOAD_URL=${var.download_url}"]
+    script           = "update-script-ee.sh"
+  }
+
+  post-processor "manifest" {
+    output = "manifests/ee-manifest.json"
+    custom_data = {
+      name: "${var.ami_prefix}GitLab EE ${var.version}"
+    }
+  }
+}

support/packer_old/packer_ami.sh

@@ -0,0 +1,19 @@
+#!/bin/bash
+
+VERSION=$1
+TYPE=$2
+DOWNLOAD_URL=$3
+
+# Expanding the variable to get actual license file contents
+if [ -n "$4" ]; then
+  EE_LICENSE_FILE=${!4}
+fi
+
+PACKER_PATH=$(pwd)/support/packer
+
+cd $PACKER_PATH
+
+# To store the post processor manifest file
+mkdir -p manifests
+
+packer build -var "aws_access_key=$AWS_AMI_ACCESS_KEY_ID" -var "aws_secret_key=$AWS_AMI_SECRET_ACCESS_KEY" -var "version=$VERSION" -var "download_url=$DOWNLOAD_URL" -var "license_file=$EE_LICENSE_FILE" $PACKER_PATH/$TYPE.pkr.hcl

support/packer_old/update-script-ce.sh

@@ -0,0 +1,26 @@
+#!/bin/bash -x
+sleep 30
+
+# Configuring repo for future updates
+sudo apt-get update
+sudo debconf-set-selections <<< 'postfix postfix/mailname string your.hostname.com'
+sudo debconf-set-selections <<< 'postfix postfix/main_mailer_type string "Internet Site"'
+sudo apt-get install -y curl openssh-server ca-certificates postfix libatomic1
+curl -sS https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.deb.sh | sudo bash
+
+# Downloading package from S3 bucket
+curl -o gitlab.deb "$DOWNLOAD_URL"
+# Explicitly passing EXTERNAL_URL to prevent automatic EC2 IP detection.
+sudo EXTERNAL_URL="http://gitlab.example.com" dpkg -i gitlab.deb
+sudo rm gitlab.deb
+
+# Set install type to aws
+echo "gitlab-aws-ami" | sudo tee /opt/gitlab/embedded/service/gitlab-rails/INSTALLATION_TYPE > /dev/null
+
+# Cleanup
+sudo rm -rf /var/lib/apt/lists/*
+sudo find /root/.*history /home/*/.*history -exec rm -f {} \;
+sudo rm -f /home/ubuntu/.ssh/authorized_keys /root/.ssh/authorized_keys
+
+sudo mv ~/ami-startup-script.sh /var/lib/cloud/scripts/per-instance/gitlab
+sudo chmod +x /var/lib/cloud/scripts/per-instance/gitlab

support/packer_old/update-script-ee-premium.sh

@@ -0,0 +1,30 @@
+#!/bin/bash -x
+sleep 30
+
+# Configuring repo for future updates
+sudo apt-get update
+sudo debconf-set-selections <<< 'postfix postfix/mailname string your.hostname.com'
+sudo debconf-set-selections <<< 'postfix postfix/main_mailer_type string "Internet Site"'
+sudo apt-get install -y curl openssh-server ca-certificates postfix
+curl -sS https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee/script.deb.sh | sudo bash
+
+# Placing license file to be used during installation
+sudo mkdir -p /etc/gitlab
+echo "$GITLAB_LICENSE_FILE" | sudo tee /etc/gitlab/predefined.gitlab-license > /dev/null
+
+# Downloading package from S3 bucket
+curl -o gitlab.deb "$DOWNLOAD_URL"
+# Explicitly passing EXTERNAL_URL to prevent automatic EC2 IP detection.
+sudo EXTERNAL_URL="http://gitlab.example.com" dpkg -i gitlab.deb
+sudo rm gitlab.deb
+
+# Set install type to aws
+echo "gitlab-aws-marketplace-ami" | sudo tee /opt/gitlab/embedded/service/gitlab-rails/INSTALLATION_TYPE > /dev/null
+
+# Cleanup
+sudo rm -rf /var/lib/apt/lists/*
+sudo find /root/.*history /home/*/.*history -exec rm -f {} \;
+sudo rm -f /home/ubuntu/.ssh/authorized_keys /root/.ssh/authorized_keys
+
+sudo mv ~/ami-startup-script.sh /var/lib/cloud/scripts/per-instance/gitlab
+sudo chmod +x /var/lib/cloud/scripts/per-instance/gitlab

support/packer_old/update-script-ee-ultimate.sh

@@ -0,0 +1,30 @@
+#!/bin/bash -x
+sleep 30
+
+# Configuring repo for future updates
+sudo apt-get update
+sudo debconf-set-selections <<< 'postfix postfix/mailname string your.hostname.com'
+sudo debconf-set-selections <<< 'postfix postfix/main_mailer_type string "Internet Site"'
+sudo apt-get install -y curl openssh-server ca-certificates postfix
+curl -sS https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee/script.deb.sh | sudo bash
+
+# Placing license file to be used during installation
+sudo mkdir -p /etc/gitlab
+echo "$GITLAB_LICENSE_FILE" | sudo tee /etc/gitlab/predefined.gitlab-license > /dev/null
+
+# Downloading package from S3 bucket
+curl -o gitlab.deb "$DOWNLOAD_URL"
+# Explicitly passing EXTERNAL_URL to prevent automatic EC2 IP detection.
+sudo EXTERNAL_URL="http://gitlab.example.com" dpkg -i gitlab.deb
+sudo rm gitlab.deb
+
+# Set install type to aws
+echo "gitlab-aws-marketplace-ami" | sudo tee /opt/gitlab/embedded/service/gitlab-rails/INSTALLATION_TYPE > /dev/null
+
+# Cleanup
+sudo rm -rf /var/lib/apt/lists/*
+sudo find /root/.*history /home/*/.*history -exec rm -f {} \;
+sudo rm -f /home/ubuntu/.ssh/authorized_keys /root/.ssh/authorized_keys
+
+sudo mv ~/ami-startup-script.sh /var/lib/cloud/scripts/per-instance/gitlab
+sudo chmod +x /var/lib/cloud/scripts/per-instance/gitlab

support/packer_old/update-script-ee.sh

@@ -0,0 +1,26 @@
+#!/bin/bash -x
+sleep 30
+
+# Configuring repo for future updates
+sudo apt-get update
+sudo debconf-set-selections <<< 'postfix postfix/mailname string your.hostname.com'
+sudo debconf-set-selections <<< 'postfix postfix/main_mailer_type string "Internet Site"'
+sudo apt-get install -y curl openssh-server ca-certificates postfix libatomic1
+curl -sS https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee/script.deb.sh | sudo bash
+
+# Downloading package from S3 bucket
+curl -o gitlab.deb "$DOWNLOAD_URL"
+# Explicitly passing EXTERNAL_URL to prevent automatic EC2 IP detection.
+sudo EXTERNAL_URL="http://gitlab.example.com" dpkg -i gitlab.deb
+sudo rm gitlab.deb
+
+# Set install type to aws
+echo "gitlab-aws-ami" | sudo tee /opt/gitlab/embedded/service/gitlab-rails/INSTALLATION_TYPE > /dev/null
+
+# Cleanup
+sudo rm -rf /var/lib/apt/lists/*
+sudo find /root/.*history /home/*/.*history -exec rm -f {} \;
+sudo rm -f /home/ubuntu/.ssh/authorized_keys /root/.ssh/authorized_keys
+
+sudo mv ~/ami-startup-script.sh /var/lib/cloud/scripts/per-instance/gitlab
+sudo chmod +x /var/lib/cloud/scripts/per-instance/gitlab