search

ooni / devops

0 stars 1 forks source link

feat: add oohelperd service #31

Closed DecFox closed 3 months ago

DecFox commented 3 months ago

This diff creates the oonith_service and oonith_service_deployer and makes use of these to deploy the oohelperd service. Final step in #29

hellais commented 3 months ago

This looks good. I left two small comments. I guess my only question is if we want to do something to improve the amount of code re-used between the oonith-service and the ooniapi-service modules.

There are tradeoffs to each. On the one hand if we reuse some of the code it's less code to maintain, OTOH, we compromise some flexibility in being able to independently tweak the building and deployment configs of each without worrying about interdependencies.

For this reason I think the approach of just duplicating most of the code as a starting point is more reasonable. We can at some point in the future do some refactoring to maximise code re-use, but it would be wise to do that only once we have more clear how to generalize in a way that we aren't tying our hands too much.

github-actions[bot] commented 3 months ago

Terraform Run Output 🤖

Format and Style 🖌failure

Initialization ⚙️success

Validation 🤖success

Validation Output ``` $ terraform validate Success! The configuration is valid. ```

Plan 📖success

Show Plan ``` $ terraform plan Acquiring state lock. This may take a few moments... module.ansible_inventory.local_file.ansible_inventory: Refreshing state... [id=b6de844ed8d384f890fa6f467502390de843f758] random_id.artifact_id: Refreshing state... [id=8Ujqew] random_password.prometheus_metrics_password: Refreshing state... [id=none] random_password.jwt_secret: Refreshing state... [id=none] module.adm_iam_roles.tls_private_key.oonidevops: Refreshing state... [id=b49a9fdb9f720320340226016efe24808dd68203] module.ansible_inventory.null_resource.ansible_update_known_hosts: Refreshing state... [id=236461505953331670] module.oonith_oohelperd_deployer.data.aws_caller_identity.current: Reading... module.ooniapi_oonirun.aws_iam_role.ooniapi_service_task: Refreshing state... [id=ooniapi-service-oonirun-task-role] module.ooniapi_ooniauth_deployer.aws_iam_policy.codepipeline: Refreshing state... [id=arn:aws:iam::905418398257:policy/service-role/codepipeline-ooniapi-ooniauth] module.ooniapi_oonirun.aws_acm_certificate.ooniapi_service: Refreshing state... [id=arn:aws:acm:eu-central-1:905418398257:certificate/879f6ecd-9260-489a-a120-a578677fe254] module.ooni_backendproxy.data.aws_ssm_parameter.ubuntu_22_ami: Reading... module.oonith_cluster.aws_iam_role.container_host: Refreshing state... [id=oonith-ecs-cluster-container-host-role] data.aws_availability_zones.available: Reading... module.ooniapi_ooniauth_deployer.data.aws_caller_identity.current: Reading... module.oonith_oohelperd.aws_alb_target_group.oonith_service_mapped: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:targetgroup/oonith-service-oohelperd-mapped/e81d75653b65d1ee] aws_s3_bucket.ooniapi_codepipeline_bucket: Refreshing state... [id=codepipeline-ooniapi-eu-central-1-f148ea7b] module.ooniapi_ooniauth_deployer.data.aws_caller_identity.current: Read complete after 0s [id=905418398257] module.ooniapi_oonirun.data.aws_ecs_task_definition.ooniapi_service_current: Reading... module.oonith_oohelperd_deployer.data.aws_caller_identity.current: Read complete after 1s [id=905418398257] module.ooniapi_cluster.aws_iam_role.container_host: Refreshing state... [id=ooniapi-ecs-cluster-container-host-role] module.adm_iam_roles.data.aws_iam_policy_document.assume_role: Reading... module.adm_iam_roles.data.aws_iam_policy_document.assume_role: Read complete after 0s [id=2785224313] module.ooniapi_user.aws_ses_email_identity.ooniapi: Refreshing state... [id=admin+dev@ooni.org] module.ooni_backendproxy.data.aws_ssm_parameter.ubuntu_22_ami: Read complete after 1s [id=/aws/service/canonical/ubuntu/server/22.04/stable/current/amd64/hvm/ebs-gp2/ami-id] module.oonidevops_github_user.aws_secretsmanager_secret.oonidevops_github: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/github_user/access_key_json-9JTJgd] module.ooniapi_ooniauth.aws_iam_role.ooniapi_service_task: Refreshing state... [id=ooniapi-service-ooniauth-task-role] data.aws_availability_zones.available: Read complete after 1s [id=eu-central-1] module.adm_iam_roles.aws_key_pair.oonidevops: Refreshing state... [id=oonidevops] module.ooniapi_ooniauth.aws_acm_certificate.ooniapi_service: Refreshing state... [id=arn:aws:acm:eu-central-1:905418398257:certificate/2202d88a-dd01-478d-af5c-e71ed70817c3] module.ooniapi_user.aws_secretsmanager_secret.aws_secret_access_key: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooniapi_user/aws_secret_access_key-L0DQDr] module.ooniapi_oonirun.data.aws_ecs_task_definition.ooniapi_service_current: Read complete after 1s [id=arn:aws:ecs:eu-central-1:905418398257:task-definition/ooniapi-service-oonirun-td:17] module.oonith_cluster.aws_cloudwatch_log_group.ooniapi_services: Refreshing state... [id=ooni-ecs-group/oonith-ecs-cluster] module.adm_iam_roles.aws_iam_policy.oonidevops: Refreshing state... [id=arn:aws:iam::905418398257:policy/OONIDevopsPolicy] module.ooniapi_ooniauth.data.aws_ecs_task_definition.ooniapi_service_current: Reading... module.oonith_oohelperd_deployer.aws_iam_policy.codepipeline: Refreshing state... [id=arn:aws:iam::905418398257:policy/service-role/codepipeline-oonith-oohelperd] module.ooniapi_ooniauth.data.aws_ecs_task_definition.ooniapi_service_current: Read complete after 0s [id=arn:aws:ecs:eu-central-1:905418398257:task-definition/ooniapi-service-ooniauth-td:14] module.oonith_cluster.data.aws_ssm_parameter.ecs_optimized_ami: Reading... aws_secretsmanager_secret.prometheus_metrics_password: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooni_services/prometheus_metrics_password-M8BbRw] module.ooniapi_user.aws_secretsmanager_secret.aws_access_key_id: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooniapi_user/aws_access_key_id-EcXOBx] module.oonidevops_github_user.aws_iam_policy.oonidevops_github: Refreshing state... [id=arn:aws:iam::905418398257:policy/oonidevops-github-policy] aws_secretsmanager_secret.oonipg_url: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooni-tier0-postgres/postgresql_url-w62CTZ] module.oonith_cluster.data.aws_ssm_parameter.ecs_optimized_ami: Read complete after 1s [id=/aws/service/ecs/optimized-ami/amazon-linux-2/recommended] module.oonith_oohelperd.aws_acm_certificate.oonith_service: Refreshing state... [id=arn:aws:acm:eu-central-1:905418398257:certificate/5786273f-3324-46ac-a179-4e4d75d465c8] module.oonith_oohelperd.aws_iam_role.oonith_service_task: Refreshing state... [id=oonith-service-oohelperd-task-role] module.ooniapi_user.aws_iam_user.ooniapi: Refreshing state... [id=oonidevops-ooniapi] module.ooniapi_cluster.aws_cloudwatch_log_group.ooniapi_services: Refreshing state... [id=ooni-ecs-group/ooniapi-ecs-cluster] module.ooniapi_cluster.data.aws_ssm_parameter.ecs_optimized_ami: Reading... module.ooniapi_oonirun.aws_cloudwatch_log_group.ooniapi_service: Refreshing state... [id=ooni-ecs-group/ooniapi-service-oonirun] module.ooniapi_oonirun_deployer.data.aws_caller_identity.current: Reading... module.ooniapi_ooniauth.aws_cloudwatch_log_group.ooniapi_service: Refreshing state... [id=ooni-ecs-group/ooniapi-service-ooniauth] module.ooniapi_cluster.data.aws_ssm_parameter.ecs_optimized_ami: Read complete after 0s [id=/aws/service/ecs/optimized-ami/amazon-linux-2/recommended] aws_secretsmanager_secret.jwt_secret: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooni_services/jwt_secret-NUESvS] aws_s3_bucket.oonith_codepipeline_bucket: Refreshing state... [id=codepipeline-oonith-eu-central-1-f148ea7b] module.adm_iam_roles.aws_secretsmanager_secret.oonidevops_deploy_key: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/deploy_key/ssh_key_private-J5OsZt] module.oonidevops_github_user.aws_iam_user.oonidevops_github: Refreshing state... [id=oonidevops-github] module.ooniapi_oonirun_deployer.data.aws_caller_identity.current: Read complete after 0s [id=905418398257] module.ooniapi_frontend.aws_acm_certificate.ooniapi: Refreshing state... [id=arn:aws:acm:eu-central-1:905418398257:certificate/c5a662a8-8373-46ed-b2f6-73582b0f01c2] module.ooniapi_oonirun_deployer.aws_iam_policy.codepipeline: Refreshing state... [id=arn:aws:iam::905418398257:policy/service-role/codepipeline-ooniapi-oonirun] module.oonith_oohelperd.aws_cloudwatch_log_group.oonith_service: Refreshing state... [id=ooni-ecs-group/oonith-service-oohelperd] module.ooniapi_ooniauth_deployer.aws_iam_role.codepipeline: Refreshing state... [id=codepipeline-ooniapi-ooniauth] module.ooniapi_oonirun.aws_iam_role_policy.ooniapi_service_task: Refreshing state... [id=ooniapi-service-oonirun-task-role:ooniapi-service-oonirun-task-role] module.oonith_cluster.aws_iam_instance_profile.container_host: Refreshing state... [id=oonith-ecs-cluster] module.oonith_cluster.aws_iam_role_policy.container_host: Refreshing state... [id=oonith-ecs-cluster-container-host-role:oonith-ecs-cluster-instance-role-policy] module.ooniapi_cluster.aws_iam_instance_profile.container_host: Refreshing state... [id=ooniapi-ecs-cluster] module.ooniapi_cluster.aws_iam_role_policy.container_host: Refreshing state... [id=ooniapi-ecs-cluster-container-host-role:ooniapi-ecs-cluster-instance-role-policy] module.ooniapi_oonirun.aws_route53_record.ooniapi_service_validation["oonirun.api.dev.ooni.io"]: Refreshing state... [id=Z055356431RGCLK3JXZDL__2eedf4cd60d6661d37cc36317849f2a4.oonirun.api.dev.ooni.io._CNAME] module.adm_iam_roles.aws_iam_role.oonidevops: Refreshing state... [id=oonidevops] module.ooniapi_ooniauth.aws_iam_role_policy.ooniapi_service_task: Refreshing state... [id=ooniapi-service-ooniauth-task-role:ooniapi-service-ooniauth-task-role] module.oonith_oohelperd_deployer.aws_iam_role.codepipeline: Refreshing state... [id=codepipeline-oonith-oohelperd] module.ooniapi_ooniauth.aws_route53_record.ooniapi_service_validation["ooniauth.api.dev.ooni.io"]: Refreshing state... [id=Z055356431RGCLK3JXZDL__e8e7f4bd29329533805dd684fb3c1cf5.ooniauth.api.dev.ooni.io._CNAME] module.ooniapi_user.aws_iam_access_key.ooniapi: Refreshing state... [id=AKIA5FTZELIYSK2XEVOT] module.ooniapi_user.aws_iam_user_policy.ooniapi: Refreshing state... [id=oonidevops-ooniapi:oonidevops-ooniapi-policy] aws_secretsmanager_secret_version.prometheus_metrics_password: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooni_services/prometheus_metrics_password-M8BbRw|terraform-20240314200140936700000008] module.oonith_oohelperd.aws_route53_record.oonith_service_validation["oohelperd.api.dev.ooni.io"]: Refreshing state... [id=Z055356431RGCLK3JXZDL__bbe4c91d213e97a7e8d509db22ee4d83.oohelperd.api.dev.ooni.io._CNAME] module.oonith_oohelperd.aws_iam_role_policy.oonith_service_task: Refreshing state... [id=oonith-service-oohelperd-task-role:oonith-service-oohelperd-task-role] module.oonidevops_github_user.aws_iam_user_policy_attachment.oonidevops_github: Refreshing state... [id=oonidevops-github-20240313195612421500000001] module.oonidevops_github_user.aws_iam_access_key.oonidevops_github: Refreshing state... [id=AKIA5FTZELIY7OIFEQBN] module.oonith_cluster.aws_ecs_cluster.main: Refreshing state... [id=arn:aws:ecs:eu-central-1:905418398257:cluster/oonith-ecs-cluster] aws_secretsmanager_secret_version.jwt_secret: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooni_services/jwt_secret-NUESvS|terraform-20240310182536838400000005] module.adm_iam_roles.aws_secretsmanager_secret_version.oonidevops_deploy_key: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/deploy_key/ssh_key_private-J5OsZt|terraform-20240310164138349500000001] module.ooniapi_oonirun_deployer.aws_iam_role.codepipeline: Refreshing state... [id=codepipeline-ooniapi-oonirun] module.ooniapi_cluster.aws_ecs_cluster.main: Refreshing state... [id=arn:aws:ecs:eu-central-1:905418398257:cluster/ooniapi-ecs-cluster] module.ooniapi_frontend.aws_route53_record.ooniapi_cert_validation["api.dev.ooni.io"]: Refreshing state... [id=Z055356431RGCLK3JXZDL__cd4729fc0c282e771d056e719a7bdf4f.api.dev.ooni.io._CNAME] module.oonith_oohelperd.aws_ecs_task_definition.oonith_service: Refreshing state... [id=oonith-service-oohelperd-td] module.ooniapi_user.aws_secretsmanager_secret_version.aws_access_key_id: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooniapi_user/aws_access_key_id-EcXOBx|terraform-20240314200140918400000007] module.ooniapi_user.aws_secretsmanager_secret_version.aws_secret_access_key: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooniapi_user/aws_secret_access_key-L0DQDr|terraform-20240314200140914600000006] module.oonidevops_github_user.aws_secretsmanager_secret_version.oonidevops_github: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/github_user/access_key_json-9JTJgd|terraform-20240313203054132800000001] aws_codestarconnections_connection.oonidevops: Refreshing state... [id=arn:aws:codestar-connections:eu-central-1:905418398257:connection/6bd492f6-c11d-43ec-92b0-24c47700d528] module.terraform_state_backend.data.aws_region.current: Reading... module.terraform_state_backend.data.aws_region.current: Read complete after 0s [id=eu-central-1] module.oonipg.random_password.pg_password: Refreshing state... [id=none] module.oonipg.aws_secretsmanager_secret.pg_password: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooni-tier0-postgres/pg_password-OjzOJC] module.network.aws_vpc.main: Refreshing state... [id=vpc-0e382f3ad89286de9] module.terraform_state_backend.aws_s3_bucket.default[0]: Refreshing state... [id=oonidevops-dev-terraform-state] module.terraform_state_backend.data.aws_iam_policy_document.bucket_policy[0]: Reading... module.terraform_state_backend.data.aws_iam_policy_document.bucket_policy[0]: Read complete after 0s [id=2666303363] module.terraform_state_backend.data.aws_iam_policy_document.aggregated_policy[0]: Reading... module.terraform_state_backend.data.aws_iam_policy_document.aggregated_policy[0]: Read complete after 0s [id=2666303363] module.ooniapi_frontend.aws_acm_certificate_validation.ooniapi: Refreshing state... [id=2024-03-10 17:19:18.261 +0000 UTC] module.terraform_state_backend.aws_dynamodb_table.with_server_side_encryption[0]: Refreshing state... [id=oonidevops-dev-terraform-state-lock] module.oonipg.aws_secretsmanager_secret_version.pg_password: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooni-tier0-postgres/pg_password-OjzOJC|terraform-20240310155428358300000002] module.ooniapi_ooniauth_deployer.aws_iam_policy.codebuild: Refreshing state... [id=arn:aws:iam::905418398257:policy/service-role/codebuild-ooniauth-eu-central-1] module.oonith_oohelperd_deployer.aws_iam_policy.codebuild: Refreshing state... [id=arn:aws:iam::905418398257:policy/service-role/codebuild-oohelperd-eu-central-1] module.ooniapi_oonirun_deployer.aws_iam_policy.codebuild: Refreshing state... [id=arn:aws:iam::905418398257:policy/service-role/codebuild-oonirun-eu-central-1] module.oonith_oohelperd_deployer.aws_iam_role.codebuild: Refreshing state... [id=codebuild-oonith-oohelperd] module.ooniapi_ooniauth_deployer.aws_iam_role.codebuild: Refreshing state... [id=codebuild-ooniapi-ooniauth] module.ooniapi_oonirun_deployer.aws_iam_role.codebuild: Refreshing state... [id=codebuild-ooniapi-oonirun] module.oonith_oohelperd_deployer.aws_codebuild_project.oonith: Refreshing state... [id=arn:aws:codebuild:eu-central-1:905418398257:project/oonith-oohelperd] module.ooniapi_ooniauth_deployer.aws_codebuild_project.ooniapi: Refreshing state... [id=arn:aws:codebuild:eu-central-1:905418398257:project/ooniapi-ooniauth] module.ooniapi_oonirun_deployer.aws_codebuild_project.ooniapi: Refreshing state... [id=arn:aws:codebuild:eu-central-1:905418398257:project/ooniapi-oonirun] module.network.aws_internet_gateway.gw: Refreshing state... [id=igw-0c080e9b235ed29d1] module.network.aws_subnet.main[0]: Refreshing state... [id=subnet-0e7a4478be988463f] module.oonith_oohelperd.aws_alb_target_group.oonith_service_direct: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:targetgroup/oonith-service-oohelperd-direct/95d803cb77bc1052] module.ooni_backendproxy.aws_security_group.nginx_sg: Refreshing state... [id=sg-0a06ff444314a32ea] module.oonith_cluster.aws_security_group.web: Refreshing state... [id=sg-06138176945addb53] module.oonipg.aws_security_group.pg: Refreshing state... [id=sg-0a9cdefae27025e5d] module.ooniapi_cluster.aws_security_group.web: Refreshing state... [id=sg-067fbf5952f79c6d0] module.network.aws_subnet.main[1]: Refreshing state... [id=subnet-0b18966cccfc9d5ef] module.ooniapi_oonirun.aws_alb_target_group.ooniapi_service_direct: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:targetgroup/ooniapi-service-oonirun-direct/d9d4c36932007629] module.ooniapi_ooniauth.aws_alb_target_group.ooniapi_service_mapped: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:targetgroup/ooniapi-service-ooniauth-mapped/1d4e4c4789864cd3] module.ooni_backendproxy.aws_alb_target_group.oonibackend_proxy: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:targetgroup/ooni-backendproxy/f8ec3c5af20fff6f] module.ooniapi_oonirun.aws_alb_target_group.ooniapi_service_mapped: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:targetgroup/ooniapi-service-oonirun-mapped/11f47c7ba02ce5b5] module.ooniapi_ooniauth.aws_alb_target_group.ooniapi_service_direct: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:targetgroup/ooniapi-service-ooniauth-direct/930ce65884ee161e] module.network.aws_route_table.r: Refreshing state... [id=rtb-0bbf2b9ab4843cb17] module.ooni_backendproxy.aws_launch_template.ooni_backendproxy: Refreshing state... [id=lt-02ae2b46369a252fe] module.oonith_cluster.aws_security_group.container_host: Refreshing state... [id=sg-021df55770ed1fb73] module.ooniapi_cluster.aws_security_group.container_host: Refreshing state... [id=sg-0ba21672c9ad75937] module.network.aws_route_table_association.a[1]: Refreshing state... [id=rtbassoc-06b1cb607df775424] module.network.aws_route_table_association.a[0]: Refreshing state... [id=rtbassoc-042ec84b0762fc826] module.oonith_cluster.aws_launch_template.container_host: Refreshing state... [id=lt-0cc1023af38e0c608] module.terraform_state_backend.aws_s3_bucket_server_side_encryption_configuration.default[0]: Refreshing state... [id=oonidevops-dev-terraform-state] module.terraform_state_backend.aws_s3_bucket_public_access_block.default[0]: Refreshing state... [id=oonidevops-dev-terraform-state] module.terraform_state_backend.aws_s3_bucket_versioning.default[0]: Refreshing state... [id=oonidevops-dev-terraform-state] module.ooniapi_frontend.aws_alb.ooniapi: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:loadbalancer/app/ooni-tier0-api-frontend/52df1e7ac0eb1ea6] module.oonith_oohelperd.aws_alb.oonith_service: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:loadbalancer/app/oonith-service-oohelperd/998330cb5dcb034d] module.ooniapi_oonirun.aws_alb.ooniapi_service: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:loadbalancer/app/ooniapi-service-oonirun/b9f74ff75fec23f6] module.oonipg.aws_db_subnet_group.pg: Refreshing state... [id=ooni-tier0-postgres-dbsng] module.ooniapi_ooniauth.aws_alb.ooniapi_service: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:loadbalancer/app/ooniapi-service-ooniauth/b23b435019fd8ab3] module.ooni_backendproxy.aws_autoscaling_group.oonibackend_proxy: Refreshing state... [id=ooni-backendproxy-asg-20240310162930616000000001] module.ooniapi_cluster.aws_launch_template.container_host: Refreshing state... [id=lt-0e328a8671f870c64] module.terraform_state_backend.aws_s3_bucket_policy.default[0]: Refreshing state... [id=oonidevops-dev-terraform-state] module.oonith_cluster.aws_autoscaling_group.container_host: Refreshing state... [id=oonith-ecs-cluster20240402135340671300000005] module.terraform_state_backend.time_sleep.wait_for_aws_s3_bucket_settings[0]: Refreshing state... [id=2024-03-10T15:06:17Z] module.terraform_state_backend.aws_s3_bucket_ownership_controls.default[0]: Refreshing state... [id=oonidevops-dev-terraform-state] module.ooniapi_frontend.aws_route53_record.ooniapi: Refreshing state... [id=Z055356431RGCLK3JXZDL_api.dev.ooni.io_A] module.ooniapi_frontend.aws_alb_listener.ooniapi_listener_http: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener/app/ooni-tier0-api-frontend/52df1e7ac0eb1ea6/d9b2448464179cd1] module.ooniapi_frontend.aws_alb_listener.ooniapi_listener_https: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener/app/ooni-tier0-api-frontend/52df1e7ac0eb1ea6/2f500e01e10ba5cd] module.oonith_oohelperd.aws_route53_record.oonith_service: Refreshing state... [id=Z055356431RGCLK3JXZDL_oohelperd.api.dev.ooni.io_A] module.oonith_oohelperd.aws_alb_listener.front_end_https: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener/app/oonith-service-oohelperd/998330cb5dcb034d/0f2a5c25858eb6f5] module.oonith_oohelperd.aws_alb_listener.oonith_service_http: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener/app/oonith-service-oohelperd/998330cb5dcb034d/c15e502940e39e70] module.ooniapi_cluster.aws_autoscaling_group.container_host: Refreshing state... [id=ooniapi-ecs-cluster20240310192644083800000003] module.ooniapi_oonirun.aws_alb_listener.ooniapi_service_http: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener/app/ooniapi-service-oonirun/b9f74ff75fec23f6/f8565f9258861bb5] module.ooniapi_oonirun.aws_alb_listener.front_end_https: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener/app/ooniapi-service-oonirun/b9f74ff75fec23f6/b7c2581f2b3ac357] module.ooniapi_oonirun.aws_route53_record.ooniapi_service: Refreshing state... [id=Z055356431RGCLK3JXZDL_oonirun.api.dev.ooni.io_A] module.ooniapi_ooniauth.aws_alb_listener.ooniapi_service_http: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener/app/ooniapi-service-ooniauth/b23b435019fd8ab3/6a4847ad88d80668] module.ooniapi_ooniauth.aws_route53_record.ooniapi_service: Refreshing state... [id=Z055356431RGCLK3JXZDL_ooniauth.api.dev.ooni.io_A] module.ooniapi_ooniauth.aws_alb_listener.front_end_https: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener/app/ooniapi-service-ooniauth/b23b435019fd8ab3/65afb2dc6b055829] module.oonith_oohelperd.aws_acm_certificate_validation.oonith_service: Refreshing state... [id=2024-04-02 14:25:13.295 +0000 UTC] module.ooni_backendproxy.aws_autoscaling_attachment.oonibackend_proxy: Refreshing state... [id=ooni-backendproxy-asg-20240310162930616000000001-20240310171855273500000002] module.ooniapi_oonirun.aws_acm_certificate_validation.ooniapi_service: Refreshing state... [id=2024-03-14 17:00:38.999 +0000 UTC] module.ooniapi_ooniauth.aws_acm_certificate_validation.ooniapi_service: Refreshing state... [id=2024-03-14 19:35:39.331 +0000 UTC] module.ooniapi_frontend.aws_lb_listener_rule.ooniapi_oonirun_rule: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener-rule/app/ooni-tier0-api-frontend/52df1e7ac0eb1ea6/2f500e01e10ba5cd/65e6f5e3aca0a4e5] module.ooniapi_frontend.aws_lb_listener_rule.ooniapi_ooniauth_rule: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener-rule/app/ooni-tier0-api-frontend/52df1e7ac0eb1ea6/2f500e01e10ba5cd/128c53ea760208fc] module.oonipg.aws_db_instance.pg: Refreshing state... [id=db-27N7Q6XIBNASFCOXN4N7C762L4] aws_secretsmanager_secret_version.oonipg_url: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooni-tier0-postgres/postgresql_url-w62CTZ|terraform-20240310182536837800000004] aws_route53_record.postgres_dns: Refreshing state... [id=Z091407123AEJO90Z3H6D_postgres.dev.ooni.nu_CNAME] module.ooniapi_oonirun.aws_ecs_task_definition.ooniapi_service: Refreshing state... [id=ooniapi-service-oonirun-td] module.ooniapi_oonirun.aws_ecs_service.ooniapi_service: Refreshing state... [id=arn:aws:ecs:eu-central-1:905418398257:service/ooniapi-ecs-cluster/ooniapi-service-oonirun] module.ooniapi_oonirun_deployer.aws_codepipeline.ooniapi: Refreshing state... [id=ooniapi-oonirun] Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: + create ~ update in-place - destroy -/+ destroy and then create replacement +/- create replacement and then destroy Terraform planned the following actions, but then encountered a problem: # module.oonith_oohelperd.aws_acm_certificate.oonith_service must be replaced +/- resource "aws_acm_certificate" "oonith_service" { ~ arn = "arn:aws:acm:eu-central-1:905418398257:certificate/5786273f-3324-46ac-a179-4e4d75d465c8" -> (known after apply) ~ domain_name = "oohelperd.api.dev.ooni.io" -> "oohelperd.th.dev.ooni.io" # forces replacement ~ domain_validation_options = [ - { - domain_name = "oohelperd.api.dev.ooni.io" - resource_record_name = "_bbe4c91d213e97a7e8d509db22ee4d83.oohelperd.api.dev.ooni.io." - resource_record_type = "CNAME" - resource_record_value = "_1653f85907de06ccd4e0da840d1766ce.mhbtsbpdnt.acm-validations.aws." }, + { + domain_name = "oohelperd.th.dev.ooni.io" + resource_record_name = (known after apply) + resource_record_type = (known after apply) + resource_record_value = (known after apply) }, ] ~ id = "arn:aws:acm:eu-central-1:905418398257:certificate/5786273f-3324-46ac-a179-4e4d75d465c8" -> (known after apply) ~ key_algorithm = "RSA_2048" -> (known after apply) ~ not_after = "2025-05-01T23:59:59Z" -> (known after apply) ~ not_before = "2024-04-02T00:00:00Z" -> (known after apply) ~ pending_renewal = false -> (known after apply) ~ renewal_eligibility = "ELIGIBLE" -> (known after apply) ~ renewal_summary = [] -> (known after apply) ~ status = "ISSUED" -> (known after apply) ~ subject_alternative_names = [ # forces replacement - "oohelperd.api.dev.ooni.io", + "oohelperd.th.dev.ooni.io", ] tags = { "Environment" = "dev" "Name" = "ooni-tier0-oohelperd" "Repository" = "https://github.com/ooni/devops" } ~ type = "AMAZON_ISSUED" -> (known after apply) ~ validation_emails = [] -> (known after apply) # (2 unchanged attributes hidden) - options { - certificate_transparency_logging_preference = "ENABLED" -> null } } # module.oonith_oohelperd.aws_acm_certificate_validation.oonith_service must be replaced -/+ resource "aws_acm_certificate_validation" "oonith_service" { ~ certificate_arn = "arn:aws:acm:eu-central-1:905418398257:certificate/5786273f-3324-46ac-a179-4e4d75d465c8" # forces replacement -> (known after apply) # forces replacement ~ id = "2024-04-02 14:25:13.295 +0000 UTC" -> (known after apply) ~ validation_record_fqdns = [ # forces replacement - "_bbe4c91d213e97a7e8d509db22ee4d83.oohelperd.api.dev.ooni.io", ] -> (known after apply) # forces replacement } # module.oonith_oohelperd.aws_alb_listener.front_end_https will be updated in-place ~ resource "aws_alb_listener" "front_end_https" { ~ certificate_arn = "arn:aws:acm:eu-central-1:905418398257:certificate/5786273f-3324-46ac-a179-4e4d75d465c8" -> (known after apply) id = "arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener/app/oonith-service-oohelperd/998330cb5dcb034d/0f2a5c25858eb6f5" tags = { "Environment" = "dev" "Name" = "ooni-tier0-oohelperd" "Repository" = "https://github.com/ooni/devops" } # (6 unchanged attributes hidden) # (2 unchanged blocks hidden) } # module.oonith_oohelperd.aws_alb_target_group.oonith_service_mapped will be destroyed # (because aws_alb_target_group.oonith_service_mapped is not in configuration) - resource "aws_alb_target_group" "oonith_service_mapped" { - arn = "arn:aws:elasticloadbalancing:eu-central-1:905418398257:targetgroup/oonith-service-oohelperd-mapped/e81d75653b65d1ee" -> null - arn_suffix = "targetgroup/oonith-service-oohelperd-mapped/e81d75653b65d1ee" -> null - deregistration_delay = "300" -> null - id = "arn:aws:elasticloadbalancing:eu-central-1:905418398257:targetgroup/oonith-service-oohelperd-mapped/e81d75653b65d1ee" -> null - ip_address_type = "ipv4" -> null - lambda_multi_value_headers_enabled = false -> null - load_balancer_arns = [] -> null - load_balancing_algorithm_type = "round_robin" -> null - load_balancing_anomaly_mitigation = "off" -> null - load_balancing_cross_zone_enabled = "use_load_balancer_configuration" -> null - name = "oonith-service-oohelperd-mapped" -> null - port = 80 -> null - protocol = "HTTP" -> null - protocol_version = "HTTP1" -> null - proxy_protocol_v2 = false -> null - slow_start = 0 -> null - tags = { - "Environment" = "dev" - "Name" = "ooni-tier0-oohelperd" - "Repository" = "https://github.com/ooni/devops" } -> null - tags_all = { - "Environment" = "dev" - "Name" = "ooni-tier0-oohelperd" - "Repository" = "https://github.com/ooni/devops" } -> null - target_type = "instance" -> null - vpc_id = "vpc-0e382f3ad89286de9" -> null - health_check { - enabled = true -> null - healthy_threshold = 5 -> null - interval = 30 -> null - matcher = "200" -> null - path = "/" -> null - port = "traffic-port" -> null - protocol = "HTTP" -> null - timeout = 5 -> null - unhealthy_threshold = 2 -> null } - stickiness { - cookie_duration = 86400 -> null - enabled = false -> null - type = "lb_cookie" -> null } - target_failover {} - target_health_state {} } # module.oonith_oohelperd.aws_ecs_service.oonith_service will be created + resource "aws_ecs_service" "oonith_service" { + cluster = "arn:aws:ecs:eu-central-1:905418398257:cluster/oonith-ecs-cluster" + deployment_maximum_percent = 100 + deployment_minimum_healthy_percent = 50 + desired_count = 2 + enable_ecs_managed_tags = false + enable_execute_command = false + force_new_deployment = true + iam_role = (known after apply) + id = (known after apply) + launch_type = (known after apply) + name = "oonith-service-oohelperd" + platform_version = (known after apply) + scheduling_strategy = "REPLICA" + tags = { + "Environment" = "dev" + "Name" = "ooni-tier0-oohelperd" + "Repository" = "https://github.com/ooni/devops" } + tags_all = { + "Environment" = "dev" + "Name" = "ooni-tier0-oohelperd" + "Repository" = "https://github.com/ooni/devops" } + task_definition = "arn:aws:ecs:eu-central-1:905418398257:task-definition/oonith-service-oohelperd-td:1" + triggers = (known after apply) + wait_for_steady_state = false + load_balancer { + container_name = "oonith-service-oohelperd" + container_port = 80 + target_group_arn = "arn:aws:elasticloadbalancing:eu-central-1:905418398257:targetgroup/oonith-service-oohelperd-direct/95d803cb77bc1052" } } # module.oonith_oohelperd.aws_route53_record.oonith_service must be replaced -/+ resource "aws_route53_record" "oonith_service" { + allow_overwrite = (known after apply) ~ fqdn = "oohelperd.api.dev.ooni.io" -> (known after apply) ~ id = "Z055356431RGCLK3JXZDL_oohelperd.api.dev.ooni.io_A" -> (known after apply) - multivalue_answer_routing_policy = false -> null ~ name = "oohelperd.api.dev.ooni.io" -> "oohelperd.th.dev.ooni.io" # forces replacement - records = [] -> null - ttl = 0 -> null # (2 unchanged attributes hidden) # (1 unchanged block hidden) } # module.oonith_oohelperd.aws_route53_record.oonith_service_validation["oohelperd.api.dev.ooni.io"] will be destroyed # (because key ["oohelperd.api.dev.ooni.io"] is not in for_each map) - resource "aws_route53_record" "oonith_service_validation" { - allow_overwrite = true -> null - fqdn = "_bbe4c91d213e97a7e8d509db22ee4d83.oohelperd.api.dev.ooni.io" -> null - id = "Z055356431RGCLK3JXZDL__bbe4c91d213e97a7e8d509db22ee4d83.oohelperd.api.dev.ooni.io._CNAME" -> null - multivalue_answer_routing_policy = false -> null - name = "_bbe4c91d213e97a7e8d509db22ee4d83.oohelperd.api.dev.ooni.io" -> null - records = [ - "_1653f85907de06ccd4e0da840d1766ce.mhbtsbpdnt.acm-validations.aws.", ] -> null - ttl = 60 -> null - type = "CNAME" -> null - zone_id = "Z055356431RGCLK3JXZDL" -> null } # module.oonith_oohelperd.aws_route53_record.oonith_service_validation["oohelperd.th.dev.ooni.io"] will be created + resource "aws_route53_record" "oonith_service_validation" { + allow_overwrite = true + fqdn = (known after apply) + id = (known after apply) + name = (known after apply) + records = (known after apply) + ttl = 60 + type = (known after apply) + zone_id = "Z055356431RGCLK3JXZDL" } # module.oonith_oohelperd_deployer.aws_codepipeline.oonith will be created + resource "aws_codepipeline" "oonith" { + arn = (known after apply) + execution_mode = "SUPERSEDED" + id = (known after apply) + name = "oonith-oohelperd" + pipeline_type = "V2" + role_arn = "arn:aws:iam::905418398257:role/service-role/codepipeline-oonith-oohelperd" + tags_all = (known after apply) + artifact_store { + location = "codepipeline-oonith-eu-central-1-f148ea7b" + type = "S3" } + stage { + name = "Source" + action { + category = "Source" + configuration = { + "BranchName" = "master" + "ConnectionArn" = "arn:aws:codestar-connections:eu-central-1:905418398257:connection/6bd492f6-c11d-43ec-92b0-24c47700d528" + "DetectChanges" = "true" + "FullRepositoryId" = "ooni/probe-cli" + "OutputArtifactFormat" = "CODEBUILD_CLONE_REF" } + name = "Source" + namespace = "SourceVariables" + output_artifacts = [ + "SourceArtifact", ] + owner = "AWS" + provider = "CodeStarSourceConnection" + region = "eu-central-1" + run_order = 1 + version = "1" } } + stage { + name = "Build" + action { + category = "Build" + configuration = { + "ProjectName" = "oonith-oohelperd" } + input_artifacts = [ + "SourceArtifact", ] + name = "Build" + namespace = "BuildVariables" + output_artifacts = [ + "BuildArtifact", ] + owner = "AWS" + provider = "CodeBuild" + region = "eu-central-1" + run_order = 1 + version = "1" } } + stage { + name = "Deploy" + action { + category = "Deploy" + configuration = { + "ClusterName" = "oonith-ecs-cluster" + "ServiceName" = "oonith-service-oohelperd" } + input_artifacts = [ + "BuildArtifact", ] + name = "Deploy" + namespace = "DeployVariables" + owner = "AWS" + provider = "ECS" + region = "eu-central-1" + run_order = 1 + version = "1" } } } Plan: 6 to add, 1 to change, 5 to destroy. ```
Pusher @DecFox
Action pull_request
Environment dev
Workflow .github/workflows/check_terraform.yml
Last updated Tue, 02 Apr 2024 20:46:42 GMT