Skip to content

Instantly share code, notes, and snippets.

@sudhikan

sudhikan/gist:f05c52eab4ec66e00ef928dc3edf6669

Created November 23, 2021 06:16
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save sudhikan/f05c52eab4ec66e00ef928dc3edf6669 to your computer and use it in GitHub Desktop.
Save sudhikan/f05c52eab4ec66e00ef928dc3edf6669 to your computer and use it in GitHub Desktop.
Download ZIP
Terraform Plan (DB Upgrade)
Raw
gistfile1.txt
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
~ update in-place
<= read (data resources)
Terraform will perform the following actions:
# module.orc8r.data.aws_iam_policy_document.es-management[0] will be read during apply
# (config refers to values not yet known)
<= data "aws_iam_policy_document" "es-management" {
~ id = "295713799" -> (known after apply)
~ json = jsonencode(
{
- Statement = [
- {
- Action = "es:*"
- Effect = "Allow"
- Principal = {
- AWS = "*"
}
- Resource = "arn:aws:es:eu-west-2:007606123670:domain/orc8r-es/*"
- Sid = ""
},
]
- Version = "2012-10-17"
}
) -> (known after apply)
- version = "2012-10-17" -> null
~ statement {
- not_actions = [] -> null
- not_resources = [] -> null
# (3 unchanged attributes hidden)
# (1 unchanged block hidden)
}
}
# module.orc8r.aws_db_instance.default will be updated in-place
~ resource "aws_db_instance" "default" {
+ apply_immediately = true
~ engine_version = "10.18" -> "13.4"
id = "orc8rdb"
name = "orc8r"
tags = {}
# (47 unchanged attributes hidden)
}
# module.orc8r.aws_elasticsearch_domain.es[0] will be updated in-place
~ resource "aws_elasticsearch_domain" "es" {
~ advanced_options = {
- "override_main_response_version" = "false" -> null
# (1 unchanged element hidden)
}
id = "arn:aws:es:eu-west-2:007606123670:domain/orc8r-es"
tags = {}
# (8 unchanged attributes hidden)
# (9 unchanged blocks hidden)
}
# module.orc8r.aws_elasticsearch_domain_policy.es_management_access[0] will be updated in-place
~ resource "aws_elasticsearch_domain_policy" "es_management_access" {
~ access_policies = jsonencode(
{
- Statement = [
- {
- Action = "es:*"
- Effect = "Allow"
- Principal = {
- AWS = "*"
}
- Resource = "arn:aws:es:eu-west-2:007606123670:domain/orc8r-es/*"
- Sid = ""
},
]
- Version = "2012-10-17"
}
) -> (known after apply)
id = "esd-policy-orc8r-es"
# (1 unchanged attribute hidden)
}
# module.orc8r-app.data.template_file.orc8r_values will be read during apply
# (config refers to values not yet known)
<= data "template_file" "orc8r_values" {
~ id = "78b103d341e68919fe68a03f86a183b5fe4e94cd45b82c89f90422ff8d0c1ef7" -> (known after apply)
~ rendered = <<-EOT
################################################################################
# Copyright 2020 The Magma Authors.
# This source code is licensed under the BSD-style license found in the
# LICENSE file in the root directory of this source tree.
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
################################################################################
imagePullSecrets:
- name: artifactory
secrets:
create: false
secret:
certs: orc8r-certs
configs:
orc8r: orc8r-configs
envdir: orc8r-envdir
nginx:
create: true
podDisruptionBudget:
enabled: true
image:
repository: docker.artifactory.magmacore.org/nginx
tag: "1.6.1"
replicas: 2
service:
enabled: true
legacyEnabled: true
annotations:
service.beta.kubernetes.io/aws-load-balancer-additional-resource-tags: "magma-uuid=default"
extraAnnotations:
proxy:
external-dns.alpha.kubernetes.io/hostname: api.dbtest.fbmagma.ninja
bootstrapLagacy:
external-dns.alpha.kubernetes.io/hostname: bootstrapper-controller.dbtest.fbmagma.ninja
clientcertLegacy:
external-dns.alpha.kubernetes.io/hostname: controller.dbtest.fbmagma.ninja
name: orc8r-bootstrap-nginx
type: LoadBalancer
spec:
hostname: controller.dbtest.fbmagma.ninja
controller:
podDisruptionBudget:
enabled: true
image:
repository: docker.artifactory.magmacore.org/controller
tag: "1.6.1"
replicas: 2
spec:
database:
db: orc8r
host: orc8rdb.czay9gi9jk5o.eu-west-2.rds.amazonaws.com
port: 5432
user: orc8r
service_registry:
mode: "k8s"
metrics:
imagePullSecrets:
- name: artifactory
metrics:
volumes:
prometheusData:
volumeSpec:
persistentVolumeClaim:
claimName: promdata
prometheusConfig:
volumeSpec:
persistentVolumeClaim:
claimName: promcfg
prometheus:
create: true
includeOrc8rAlerts: true
prometheusCacheHostname: orc8r-prometheus-cache
alertmanagerHostname: orc8r-alertmanager
alertmanager:
create: true
prometheusConfigurer:
create: true
image:
repository: docker.io/facebookincubator/prometheus-configurer
tag: 1.0.4
prometheusURL: orc8r-prometheus:9090
alertmanagerConfigurer:
create: true
image:
repository: docker.io/facebookincubator/alertmanager-configurer
tag: 1.0.4
alertmanagerURL: orc8r-alertmanager:9093
prometheusCache:
create: true
image:
repository: docker.io/facebookincubator/prometheus-edge-hub
tag: 1.1.0
limit: 500000
grafana:
create: false
userGrafana:
image:
repository: docker.io/grafana/grafana
tag: 6.6.2
create: true
volumes:
datasources:
volumeSpec:
persistentVolumeClaim:
claimName: grafanadatasources
dashboardproviders:
volumeSpec:
persistentVolumeClaim:
claimName: grafanaproviders
dashboards:
volumeSpec:
persistentVolumeClaim:
claimName: grafanadashboards
grafanaData:
volumeSpec:
persistentVolumeClaim:
claimName: grafanadata
thanos:
enabled: false
compact:
nodeSelector:
{}
store:
nodeSelector:
{}
query:
nodeSelector:
compute-type: thanos
objstore:
type: S3
config:
bucket:
endpoint: s3.eu-west-2.amazonaws.com
region: eu-west-2
access_key:
secret_key:
insecure: false
signature_version2: false
put_user_metadata: {}
http_config:
idle_conn_timeout: 0s
response_header_timeout: 0s
insecure_skip_verify: false
trace:
enable: false
part_size: 0
nms:
enabled: true
imagePullSecrets:
- name: artifactory
secret:
certs: nms-certs
magmalte:
create: true
image:
repository: docker.artifactory.magmacore.org/magmalte
tag: "1.6.1"
env:
api_host: api.dbtest.fbmagma.ninja
mysql_db: orc8r
mysql_dialect: postgres
mysql_host: orc8rdb.czay9gi9jk5o.eu-west-2.rds.amazonaws.com
mysql_port: 5432
mysql_user: orc8r
mysql_pass: testpassword
grafana_address: orc8r-user-grafana:3000
nginx:
create: true
service:
type: LoadBalancer
annotations:
external-dns.alpha.kubernetes.io/hostname: "*.nms.dbtest.fbmagma.ninja"
service.beta.kubernetes.io/aws-load-balancer-additional-resource-tags: "magma-uuid=default"
deployment:
spec:
ssl_cert_name: controller.crt
ssl_cert_key_name: controller.key
logging:
enabled: false
EOT -> (known after apply)
# (2 unchanged attributes hidden)
}
# module.orc8r-app.helm_release.lte-orc8r[0] will be updated in-place
~ resource "helm_release" "lte-orc8r" {
id = "lte-orc8r"
name = "lte-orc8r"
~ values = [
- <<-EOT
################################################################################
# Copyright 2020 The Magma Authors.
# This source code is licensed under the BSD-style license found in the
# LICENSE file in the root directory of this source tree.
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
################################################################################
imagePullSecrets:
- name: artifactory
secrets:
create: false
secret:
certs: orc8r-certs
configs:
orc8r: orc8r-configs
envdir: orc8r-envdir
nginx:
create: true
podDisruptionBudget:
enabled: true
image:
repository: docker.artifactory.magmacore.org/nginx
tag: "1.6.1"
replicas: 2
service:
enabled: true
legacyEnabled: true
annotations:
service.beta.kubernetes.io/aws-load-balancer-additional-resource-tags: "magma-uuid=default"
extraAnnotations:
proxy:
external-dns.alpha.kubernetes.io/hostname: api.dbtest.fbmagma.ninja
bootstrapLagacy:
external-dns.alpha.kubernetes.io/hostname: bootstrapper-controller.dbtest.fbmagma.ninja
clientcertLegacy:
external-dns.alpha.kubernetes.io/hostname: controller.dbtest.fbmagma.ninja
name: orc8r-bootstrap-nginx
type: LoadBalancer
spec:
hostname: controller.dbtest.fbmagma.ninja
controller:
podDisruptionBudget:
enabled: true
image:
repository: docker.artifactory.magmacore.org/controller
tag: "1.6.1"
replicas: 2
spec:
database:
db: orc8r
host: orc8rdb.czay9gi9jk5o.eu-west-2.rds.amazonaws.com
port: 5432
user: orc8r
service_registry:
mode: "k8s"
metrics:
imagePullSecrets:
- name: artifactory
metrics:
volumes:
prometheusData:
volumeSpec:
persistentVolumeClaim:
claimName: promdata
prometheusConfig:
volumeSpec:
persistentVolumeClaim:
claimName: promcfg
prometheus:
create: true
includeOrc8rAlerts: true
prometheusCacheHostname: orc8r-prometheus-cache
alertmanagerHostname: orc8r-alertmanager
alertmanager:
create: true
prometheusConfigurer:
create: true
image:
repository: docker.io/facebookincubator/prometheus-configurer
tag: 1.0.4
prometheusURL: orc8r-prometheus:9090
alertmanagerConfigurer:
create: true
image:
repository: docker.io/facebookincubator/alertmanager-configurer
tag: 1.0.4
alertmanagerURL: orc8r-alertmanager:9093
prometheusCache:
create: true
image:
repository: docker.io/facebookincubator/prometheus-edge-hub
tag: 1.1.0
limit: 500000
grafana:
create: false
userGrafana:
image:
repository: docker.io/grafana/grafana
tag: 6.6.2
create: true
volumes:
datasources:
volumeSpec:
persistentVolumeClaim:
claimName: grafanadatasources
dashboardproviders:
volumeSpec:
persistentVolumeClaim:
claimName: grafanaproviders
dashboards:
volumeSpec:
persistentVolumeClaim:
claimName: grafanadashboards
grafanaData:
volumeSpec:
persistentVolumeClaim:
claimName: grafanadata
thanos:
enabled: false
compact:
nodeSelector:
{}
store:
nodeSelector:
{}
query:
nodeSelector:
compute-type: thanos
objstore:
type: S3
config:
bucket:
endpoint: s3.eu-west-2.amazonaws.com
region: eu-west-2
access_key:
secret_key:
insecure: false
signature_version2: false
put_user_metadata: {}
http_config:
idle_conn_timeout: 0s
response_header_timeout: 0s
insecure_skip_verify: false
trace:
enable: false
part_size: 0
nms:
enabled: true
imagePullSecrets:
- name: artifactory
secret:
certs: nms-certs
magmalte:
create: true
image:
repository: docker.artifactory.magmacore.org/magmalte
tag: "1.6.1"
env:
api_host: api.dbtest.fbmagma.ninja
mysql_db: orc8r
mysql_dialect: postgres
mysql_host: orc8rdb.czay9gi9jk5o.eu-west-2.rds.amazonaws.com
mysql_port: 5432
mysql_user: orc8r
mysql_pass: testpassword
grafana_address: orc8r-user-grafana:3000
nginx:
create: true
service:
type: LoadBalancer
annotations:
external-dns.alpha.kubernetes.io/hostname: "*.nms.dbtest.fbmagma.ninja"
service.beta.kubernetes.io/aws-load-balancer-additional-resource-tags: "magma-uuid=default"
deployment:
spec:
ssl_cert_name: controller.crt
ssl_cert_key_name: controller.key
logging:
enabled: false
EOT,
] -> (known after apply)
# (28 unchanged attributes hidden)
set_sensitive {
# At least one attribute in this block is (or was) sensitive,
# so its contents will not be displayed.
}
}
# module.orc8r-app.helm_release.orc8r will be updated in-place
~ resource "helm_release" "orc8r" {
id = "orc8r"
name = "orc8r"
~ values = [
- <<-EOT
################################################################################
# Copyright 2020 The Magma Authors.
# This source code is licensed under the BSD-style license found in the
# LICENSE file in the root directory of this source tree.
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
################################################################################
imagePullSecrets:
- name: artifactory
secrets:
create: false
secret:
certs: orc8r-certs
configs:
orc8r: orc8r-configs
envdir: orc8r-envdir
nginx:
create: true
podDisruptionBudget:
enabled: true
image:
repository: docker.artifactory.magmacore.org/nginx
tag: "1.6.1"
replicas: 2
service:
enabled: true
legacyEnabled: true
annotations:
service.beta.kubernetes.io/aws-load-balancer-additional-resource-tags: "magma-uuid=default"
extraAnnotations:
proxy:
external-dns.alpha.kubernetes.io/hostname: api.dbtest.fbmagma.ninja
bootstrapLagacy:
external-dns.alpha.kubernetes.io/hostname: bootstrapper-controller.dbtest.fbmagma.ninja
clientcertLegacy:
external-dns.alpha.kubernetes.io/hostname: controller.dbtest.fbmagma.ninja
name: orc8r-bootstrap-nginx
type: LoadBalancer
spec:
hostname: controller.dbtest.fbmagma.ninja
controller:
podDisruptionBudget:
enabled: true
image:
repository: docker.artifactory.magmacore.org/controller
tag: "1.6.1"
replicas: 2
spec:
database:
db: orc8r
host: orc8rdb.czay9gi9jk5o.eu-west-2.rds.amazonaws.com
port: 5432
user: orc8r
service_registry:
mode: "k8s"
metrics:
imagePullSecrets:
- name: artifactory
metrics:
volumes:
prometheusData:
volumeSpec:
persistentVolumeClaim:
claimName: promdata
prometheusConfig:
volumeSpec:
persistentVolumeClaim:
claimName: promcfg
prometheus:
create: true
includeOrc8rAlerts: true
prometheusCacheHostname: orc8r-prometheus-cache
alertmanagerHostname: orc8r-alertmanager
alertmanager:
create: true
prometheusConfigurer:
create: true
image:
repository: docker.io/facebookincubator/prometheus-configurer
tag: 1.0.4
prometheusURL: orc8r-prometheus:9090
alertmanagerConfigurer:
create: true
image:
repository: docker.io/facebookincubator/alertmanager-configurer
tag: 1.0.4
alertmanagerURL: orc8r-alertmanager:9093
prometheusCache:
create: true
image:
repository: docker.io/facebookincubator/prometheus-edge-hub
tag: 1.1.0
limit: 500000
grafana:
create: false
userGrafana:
image:
repository: docker.io/grafana/grafana
tag: 6.6.2
create: true
volumes:
datasources:
volumeSpec:
persistentVolumeClaim:
claimName: grafanadatasources
dashboardproviders:
volumeSpec:
persistentVolumeClaim:
claimName: grafanaproviders
dashboards:
volumeSpec:
persistentVolumeClaim:
claimName: grafanadashboards
grafanaData:
volumeSpec:
persistentVolumeClaim:
claimName: grafanadata
thanos:
enabled: false
compact:
nodeSelector:
{}
store:
nodeSelector:
{}
query:
nodeSelector:
compute-type: thanos
objstore:
type: S3
config:
bucket:
endpoint: s3.eu-west-2.amazonaws.com
region: eu-west-2
access_key:
secret_key:
insecure: false
signature_version2: false
put_user_metadata: {}
http_config:
idle_conn_timeout: 0s
response_header_timeout: 0s
insecure_skip_verify: false
trace:
enable: false
part_size: 0
nms:
enabled: true
imagePullSecrets:
- name: artifactory
secret:
certs: nms-certs
magmalte:
create: true
image:
repository: docker.artifactory.magmacore.org/magmalte
tag: "1.6.1"
env:
api_host: api.dbtest.fbmagma.ninja
mysql_db: orc8r
mysql_dialect: postgres
mysql_host: orc8rdb.czay9gi9jk5o.eu-west-2.rds.amazonaws.com
mysql_port: 5432
mysql_user: orc8r
mysql_pass: testpassword
grafana_address: orc8r-user-grafana:3000
nginx:
create: true
service:
type: LoadBalancer
annotations:
external-dns.alpha.kubernetes.io/hostname: "*.nms.dbtest.fbmagma.ninja"
service.beta.kubernetes.io/aws-load-balancer-additional-resource-tags: "magma-uuid=default"
deployment:
spec:
ssl_cert_name: controller.crt
ssl_cert_key_name: controller.key
logging:
enabled: false
EOT,
] -> (known after apply)
# (28 unchanged attributes hidden)
set_sensitive {
# At least one attribute in this block is (or was) sensitive,
# so its contents will not be displayed.
}
}
Plan: 0 to add, 5 to change, 0 to destroy.
Warning: Version constraints inside provider configuration blocks are deprecated
on .terraform/modules/orc8r/orc8r/cloud/deploy/terraform/orc8r-aws/providers.tf line 19, in provider "random":
19: version = "~> 2.1"
Terraform 0.13 and earlier allowed provider version constraints inside the
provider configuration block, but that is now deprecated and will be removed
in a future version of Terraform. To silence this warning, move the provider
version constraint into the required_providers block.
------------------------------------------------------------------------
Note: You didn't specify an "-out" parameter to save this plan, so Terraform
can't guarantee that exactly these actions will be performed if
"terraform apply" is subsequently run.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment