Clean up terraform runs on gstg/gprd
Right now our tf plan
runs from master return several changes to apply. This has caused some issues recently (e.g. production#816 (closed)) because it forces us to do only targeted runs. It will also be troublesome moving forward with our k8s plans and efforts.
Following are the current changes in the output of tf plan
that we need to address
-
Update metadata.GL_KERNEL_VERSION
on allgoogle_compute_instance
s. This was caused by the work to update to Bionic https://gitlab.com/gitlab-com/gl-infra/infrastructure/issues/6539. It should be harmless to apply all these changes since the only place that metadata value is used is by the bootstrap script. Only new instances care about these value, existing ones will not attempt to update the kernel version. -
Non-changes like
~ module.postgres-zfs.google_compute_instance.instance_with_attached_disk
metadata.block-project-ssh-keys: "true" => "TRUE"
... which should be fine to apply as well
-
Shrink prometheus disks, which forces new resources. E.g.:
-/+ module.prometheus-app.google_compute_disk.default[0] (new resource required)
id: "prometheus-app-01-inf-gprd-data" => <computed> (forces new resource)
creation_timestamp: "2018-07-05T04:37:48.972-07:00" => <computed>
disk_encryption_key_sha256: "" => <computed>
label_fingerprint: "LCTWFBEFgPA=" => <computed>
labels.%: "3" => "3"
labels.do_snapshots: "true" => "true"
labels.environment: "gprd" => "gprd"
labels.pet_name: "prometheus-app" => "prometheus-app"
last_attach_timestamp: "2018-07-05T04:38:02.436-07:00" => <computed>
last_detach_timestamp: "" => <computed>
name: "prometheus-app-01-inf-gprd-data" => "prometheus-app-01-inf-gprd-data"
project: "gitlab-production" => "gitlab-production"
self_link: "https://www.googleapis.com/compute/v1/projects/gitlab-production/zones/us-east1-c/disks/prometheus-app-01-inf-gprd-data" => <computed>
size: "4000" => "100" (forces new resource)
source_image_id: "" => <computed>
source_snapshot_id: "" => <computed>
type: "pd-standard" => "pd-ssd" (forces new resource)
users.#: "1" => <computed>
zone: "us-east1-c" => "us-east1-c
-
There's a lot of shuffling around ports on prometheus instances for some reason. E.g.:
~ module.prometheus-app.google_compute_instance_group.default[0]
named_port.0.name: "http" => "prometheus-app"
named_port.0.port: "80" => "9090"
named_port.1.name: "https" => "http"
named_port.1.port: "443" => "80"
named_port.2.name: "prometheus-app" => "https"
named_port.2.port: "9090" => "443"
These should be fine as well, since the behavior is the same
-
Another set of apparent non-changes for attached disks from prometheus instances, e.g.:
~ module.prometheus-db.google_compute_instance.default[1]
attached_disk.0.source: "https://www.googleapis.com/compute/v1/projects/gitlab-production/zones/us-east1-d/disks/prometheus-db-02-inf-gprd-data" => "${google_compute_disk.default.*.self_link[count.index]}"
-
Pubsubbeat instance and topic to be recreated:
-/+ module.pubsubbeat.google_pubsub_topic.mytopic[7] (new resource required)
id: "projects/gitlab-production/topics/pubsub-geo-inf-gprd" => <computed> (forces new resource)
name: "pubsub-geo-inf-gprd" => "pubsub-rspec-inf-gprd" (forces new resource)
project: "gitlab-production" => <computed>
-/+ module.pubsubbeat.google_compute_instance.default[7] (new resource required)
id: "pubsub-geo-inf-gprd" => <computed> (forces new resource)
-
metadata.CHEF_VERSION
on pubsubbeat instances ("12.19.36" => "12.22.5") -
allow_stopping_for_update
"false" => "true", andmachine_type
changes onmodule.sidekiq.google_compute_instance
s -
module.postgres-zfs.google_compute_firewall.public
to be deleted
/cc @gitlab-com/gl-infra for whoever has more specific info about each of those changes.
Edited by Craig Barrett