diff --git a/terraform/README.md b/terraform/README.md index 564884a53..72bec143b 100644 --- a/terraform/README.md +++ b/terraform/README.md @@ -153,7 +153,35 @@ These instructions describe the creation of a new S3 bucket to hold Terraform's ```bash cf service-key tdp-tf-states tdp-tf-key ``` - + +### Update terraform remote state with the changes done outside of terraform + +If there are changes that are done directly in cloud.gov or using cf commands, then the remote config will be different from both config file and from the state config file. +Below, we will use an example change that has been done on cloud.gov UI. Assume we have created a new elastic service in dev environment called "es-dev". To be able to sync everything with the remote changes follow the blow steps: + +1. update the config file with the resource/changes. + E.g: add the following lines to config file: + ``` + data "cloudfoundry_service" "elasticsearch" { + name = "aws-elasticsearch" + } + + resource "cloudfoundry_service_instance" "elasticsearch" { + name = "es-dev" + space = data.cloudfoundry_space.space.id + service_plan = data.cloudfoundry_service.elasticsearch.service_plans["es-dev"] + } + ``` + +If we try to run plan or deploy at this point, then it will fail since the state doesn't have new "es-dev" elastic search service, so it assumes this is a new deployment and tries to deploy the new instance, which will fail since the name is already taken. + +2. grab the id of remote change (in this case elastic service) by running ```cf``` commands. + for the case of our example, we can run ```cf services```, and then run ```cf service es-dev --guid ``` which will show guid of newly created elasticsearch service instance, which is required for updating state with ES instance. + +3. run this command to update state: ```terraform import cloudfoundry_service_instance.elasticsearch ``` + +You should change ```cloudfoundry_service_instance.elasticsearch``` to your instance/service you added and trying to update the state file with. + #### Security The Terraform State S3 instance is set to be encrypted (see `main.tf#backend`). Amazon S3 [protects data at rest][s3] using 256-bit Advanced Encryption Standard. diff --git a/terraform/dev/main.tf b/terraform/dev/main.tf index e65d8e8c7..30640641c 100644 --- a/terraform/dev/main.tf +++ b/terraform/dev/main.tf @@ -11,7 +11,6 @@ terraform { } backend "s3" { - key = "terraform.tfstate.dev" prefix = var.cf_app_name encrypt = true @@ -92,3 +91,17 @@ resource "cloudfoundry_service_instance" "redis" { space = data.cloudfoundry_space.space.id service_plan = data.cloudfoundry_service.redis.service_plans["redis-dev"] } + +### +# Provision elasticsearch +### + +data "cloudfoundry_service" "elasticsearch" { + name = "aws-elasticsearch" +} + +resource "cloudfoundry_service_instance" "elasticsearch" { + name = "es-dev" + space = data.cloudfoundry_space.space.id + service_plan = data.cloudfoundry_service.elasticsearch.service_plans["es-dev"] +} diff --git a/terraform/production/main.tf b/terraform/production/main.tf index 9fb0e16ca..a49a6c93d 100644 --- a/terraform/production/main.tf +++ b/terraform/production/main.tf @@ -76,3 +76,13 @@ resource "cloudfoundry_service_instance" "datafiles" { service_plan = data.cloudfoundry_service.s3.service_plans["basic"] recursive_delete = true } + +data "cloudfoundry_service" "elasticsearch" { + name = "aws-elasticsearch" +} + +resource "cloudfoundry_service_instance" "elasticsearch" { + name = "es-prod" + space = data.cloudfoundry_space.space.id + service_plan = data.cloudfoundry_service.elasticsearch.service_plans["es-medium"] +} diff --git a/terraform/staging/main.tf b/terraform/staging/main.tf index 00186bb34..6ef04eadb 100644 --- a/terraform/staging/main.tf +++ b/terraform/staging/main.tf @@ -76,3 +76,13 @@ resource "cloudfoundry_service_instance" "datafiles" { service_plan = data.cloudfoundry_service.s3.service_plans["basic-sandbox"] recursive_delete = true } + +data "cloudfoundry_service" "elasticsearch" { + name = "aws-elasticsearch" +} + +resource "cloudfoundry_service_instance" "elasticsearch" { + name = "es-staging" + space = data.cloudfoundry_space.space.id + service_plan = data.cloudfoundry_service.elasticsearch.service_plans["es-dev"] +}