Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Production Deploy #994

Merged
merged 25 commits into from
Nov 22, 2024
Merged

Production Deploy #994

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
25 commits
Select commit Hold shift + click to select a range
0508ad7
upgrade aws provider to version 5.x
avrohomgottlieb Nov 22, 2024
449a9fd
change db attribute name to db_name as per deprecation warning
avrohomgottlieb Nov 22, 2024
da0ae95
update acl private handling on s3 buckets with new acl resources
avrohomgottlieb Nov 22, 2024
2b4e7f5
Merge pull request #983 from AlexsLemonade/avrohom/upgrade-aws-provid…
avrohomgottlieb Nov 22, 2024
54bb259
rollback aws provider version to 4.x, before terraform upgrade
avrohomgottlieb Nov 22, 2024
4f42368
Merge pull request #984 from AlexsLemonade/avrohom/rollback-aws-provi…
avrohomgottlieb Nov 22, 2024
3ca3c7b
upgrade terraform version to from 0.13.x 1.0.x
avrohomgottlieb Nov 22, 2024
f68bcf9
upgrade tf version from 1.0.0 to 1.0.8
avrohomgottlieb Nov 22, 2024
2c77de2
Merge pull request #985 from AlexsLemonade/avrohom/upgrade-tf-version…
avrohomgottlieb Nov 22, 2024
d019520
downgrade to tf 0.14
avrohomgottlieb Nov 22, 2024
1fa9de9
Merge pull request #986 from AlexsLemonade/avrohom/downgrade-tf-versi…
avrohomgottlieb Nov 22, 2024
7b37c74
downgrade from tf version 0.14.8 to 0.14.0
avrohomgottlieb Nov 22, 2024
e1c0809
Merge pull request #987 from AlexsLemonade/avrohom/downgrade-tf-versi…
avrohomgottlieb Nov 22, 2024
a66f456
downgrade to tf version 13.0.0
avrohomgottlieb Nov 22, 2024
74d8b62
Merge pull request #988 from AlexsLemonade/avrohom/downgrade-tf-versi…
avrohomgottlieb Nov 22, 2024
46b0868
add replace_provider command and call after init_terraform in deploy …
avrohomgottlieb Nov 22, 2024
97c37b6
Merge pull request #989 from AlexsLemonade/avrohom/add-replace-provid…
avrohomgottlieb Nov 22, 2024
cf11724
add auto-approve to replace_provider command
avrohomgottlieb Nov 22, 2024
d5ce4a7
Merge pull request #990 from AlexsLemonade/avrohom/add-auto-approve-t…
avrohomgottlieb Nov 22, 2024
4b8de15
add unlock_state and use it to unlock failed command
davidsmejia Nov 22, 2024
ff98201
rename unlock_state
davidsmejia Nov 22, 2024
e1be89f
linting
davidsmejia Nov 22, 2024
19828c7
Merge pull request #992 from AlexsLemonade/davidsmejia/temp-ignore-lock
davidsmejia Nov 22, 2024
06bf640
remove calling unlock in deploy
davidsmejia Nov 22, 2024
4dea7a9
Merge pull request #993 from AlexsLemonade/davidsmejia/remove-unlock
davidsmejia Nov 22, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 1 addition & 3 deletions infrastructure/api.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,9 +50,7 @@ resource "aws_instance" "api_server_1" {
database_host = aws_db_instance.postgres_db.address
database_port = aws_db_instance.postgres_db.port
database_user = aws_db_instance.postgres_db.username
database_name = aws_db_instance.postgres_db.name
# TODO: enable after upgrade
# database_name = aws_db_instance.postgres_db.db_name
database_name = aws_db_instance.postgres_db.db_name
database_password = var.database_password
# TODO: enable batch
# aws_batch_job_queue_name = module.batch.job_queue_name
Expand Down
4 changes: 1 addition & 3 deletions infrastructure/database.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,9 +35,7 @@ resource "aws_db_instance" "postgres_db" {
engine_version = "12.19"
auto_minor_version_upgrade = false
instance_class = var.database_instance_type
name = "scpca_portal"
# TODO: replace db_name with name after upgrade
# db_name = "scpca_portal"
db_name = "scpca_portal"
port = "5432"
username = "scpcapostgresuser"
password = var.database_password
Expand Down
6 changes: 6 additions & 0 deletions infrastructure/deploy.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
import time

from init_terraform import init_terraform
from replace_provider import replace_provider

PRIVATE_KEY_FILE_PATH = "scpca-portal-key.pem"
PUBLIC_KEY_FILE_PATH = "scpca-portal-key.pub"
Expand Down Expand Up @@ -240,6 +241,11 @@ def restart_api_if_still_running(args, api_ip_address):
if init_code != 0:
exit(init_code)

replace_provider_code = replace_provider("hashicorp", "aws")

if replace_provider_code != 0:
exit(replace_provider_code)

terraform_code, terraform_output = run_terraform(args)
if terraform_code != 0:
exit(terraform_code)
Expand Down
3 changes: 2 additions & 1 deletion infrastructure/provider.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,9 @@
terraform {
required_providers {
aws = {
source = "-/aws"
source = "hashicorp/aws"
version = ">= 4.9.0, < 5.0.0"
# version = "~> 5.0.0"
}
}
required_version = "0.13.0"
Expand Down
28 changes: 28 additions & 0 deletions infrastructure/replace_provider.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
import signal
import subprocess


def replace_provider(org, provider):
"""
Replaces the aws provider.
Takes an org name, and a provider,
and changes the terraform state to use the new qualified provider.
"""

# Make sure that Terraform is allowed to shut down gracefully.
try:
command = [
"terraform",
"state",
"replace-provider",
"-auto-approve",
f"registry.terraform.io/-/{provider}",
f"registry.terraform.io/{org}/{provider}",
]
terraform_process = subprocess.Popen(command)
terraform_process.wait()
except KeyboardInterrupt:
terraform_process.send_signal(signal.SIGINT)
terraform_process.wait()

return terraform_process.returncode
53 changes: 23 additions & 30 deletions infrastructure/s3.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,5 @@
resource "aws_s3_bucket" "scpca_portal_bucket" {
bucket = "scpca-portal-${var.user}-${var.stage}"
# TODO: remove this when upgrading aws_provider version
acl = "private"
force_destroy = var.stage == "prod" ? false : true

tags = merge(
Expand All @@ -13,21 +11,19 @@ resource "aws_s3_bucket" "scpca_portal_bucket" {
)
}

# TODO: enable after upgrade
# resource "aws_s3_bucket_ownership_controls" "scpca_portal_bucket" {
# bucket = aws_s3_bucket.scpca_portal_bucket.id
# rule {
# object_ownership = "BucketOwnerPreferred"
# }
#}
resource "aws_s3_bucket_ownership_controls" "scpca_portal_bucket" {
bucket = aws_s3_bucket.scpca_portal_bucket.id
rule {
object_ownership = "BucketOwnerPreferred"
}
}

# TODO: enable after upgrade
# resource "aws_s3_bucket_acl" "scpca_portal_bucket" {
# depends_on = [aws_s3_bucket_ownership_controls.scpca_portal_bucket]
#
# bucket = aws_s3_bucket.scpca_portal_bucket.id
# acl = "private"
#}
resource "aws_s3_bucket_acl" "scpca_portal_bucket" {
depends_on = [aws_s3_bucket_ownership_controls.scpca_portal_bucket]

bucket = aws_s3_bucket.scpca_portal_bucket.id
acl = "private"
}

resource "aws_s3_bucket_public_access_block" "scpca_portal_bucket" {
bucket = aws_s3_bucket.scpca_portal_bucket.id
Expand All @@ -38,8 +34,6 @@ resource "aws_s3_bucket_public_access_block" "scpca_portal_bucket" {

resource "aws_s3_bucket" "scpca_portal_cert_bucket" {
bucket = "scpca-portal-cert-${var.user}-${var.stage}"
# TODO: remove this when upgrading aws_provider version
acl = "private"
force_destroy = var.stage == "prod" ? false : true

# TODO: remove lifecycle rule when we upgrade aws_provider version
Expand All @@ -63,19 +57,18 @@ resource "aws_s3_bucket" "scpca_portal_cert_bucket" {
)
}

# TODO: enable after upgrade
# resource "aws_s3_bucket_ownership_controls" "scpca_portal_cert_bucket" {
# bucket = aws_s3_bucket.scpca_portal_cert_bucket.id
# rule {
# object_ownership = "BucketOwnerPreferred"
# }
#}
resource "aws_s3_bucket_ownership_controls" "scpca_portal_cert_bucket" {
bucket = aws_s3_bucket.scpca_portal_cert_bucket.id
rule {
object_ownership = "BucketOwnerPreferred"
}
}

# resource "aws_s3_bucket_acl" "scpca_portal_cert_bucket" {
# depends_on = [aws_s3_bucket_ownership_controls.scpca_portal_cert_bucket]
# bucket = aws_s3_bucket.scpca_portal_cert_bucket.id
# acl = "private"
#}
resource "aws_s3_bucket_acl" "scpca_portal_cert_bucket" {
depends_on = [aws_s3_bucket_ownership_controls.scpca_portal_cert_bucket]
bucket = aws_s3_bucket.scpca_portal_cert_bucket.id
acl = "private"
}

# resource "aws_s3_bucket_lifecycle_configuration" "scpca_portal_cert_bucket" {
# bucket = aws_s3_bucket.scpca_portal_cert_bucket.id
Expand Down
22 changes: 22 additions & 0 deletions infrastructure/unlock_state.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
import signal
import subprocess


def unlock_state(lock_id):
"""
Replaces the aws provider.
Takes an org name, and a provider,
and changes the terraform state to use the new qualified provider.
"""

# Make sure that Terraform is allowed to shut down gracefully.
try:
command = ["terraform", "force-unlock", "-force", lock_id]
terraform_process = subprocess.Popen(command)
terraform_process.wait()
except KeyboardInterrupt:
terraform_process.send_signal(signal.SIGINT)
terraform_process.wait()

# ignore error
return 1
4 changes: 1 addition & 3 deletions infrastructure/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -71,9 +71,7 @@ variable "ssh_public_key" {
output "environment_variables" {
value = [
{name = "DATABASE_NAME"
value = aws_db_instance.postgres_db.name},
# TODO: replace db_name with name after upgrade
# value = aws_db_instance.postgres_db.db_name},
value = aws_db_instance.postgres_db.db_name},
{name = "DATABASE_HOST"
value = aws_db_instance.postgres_db.address},
{name = "DATABASE_USER"
Expand Down
Loading