Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for deploying airflow #132

Merged
merged 12 commits into from
Dec 20, 2024
Merged

Add support for deploying airflow #132

merged 12 commits into from
Dec 20, 2024

Conversation

hellais
Copy link
Member

@hellais hellais commented Dec 19, 2024

It's using our own fork of this idealista role available here: https://github.com/ooni/airflow-role.

We should probably at some point upstream the changes.

@hellais hellais mentioned this pull request Dec 19, 2024
Closed
@github-actions GitHub Actions
Copy link

github-actions bot commented Dec 19, 2024
edited
Loading

Ansible Run Output 🤖

Ansible Playbook Recap 🔍

Ansible playbook output 📖success

Show Execution 

$ ansible-playbook playbook.yml --check --diff -i ../tf/modules/ansible_inventory/inventories/inventory-dev.ini
[WARNING]: provided hosts list is empty, only localhost is available. Note that
the implicit localhost does not match 'all'
ERROR! the role 'adm' was not found in ansible.legacy:/home/runner/work/devops/devops/ansible/roles:/home/runner/.ansible/roles:/usr/share/ansible/roles:/etc/ansible/roles:/home/runner/work/devops/devops/ansible/roles:/home/runner/work/devops/devops/ansible

The error appears to be in '/home/runner/work/devops/devops/ansible/roles/base-backend/meta/main.yml': line 3, column 5, but may
be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:

dependencies:
  - role: adm
    ^ here
Pusher @hellais
Action pull_request
Working Directory
Workflow .github/workflows/check_ansible.yml
Last updated Fri, 20 Dec 2024 16:59:16 GMT

@github-actions GitHub Actions
Copy link

Terraform Run Output 🤖

Format and Style 🖌failure

Initialization ⚙️success

Validation 🤖success

Validation Output 

$ terraform validate
Success! The configuration is valid.

Plan 📖success

  • Plan: 6 to add, 3 to change, 11 to destroy.
Show Plan 

$ terraform plan
module.ansible_inventory.local_file.ansible_inventory: Refreshing state... [id=b6de844ed8d384f890fa6f467502390de843f758]
random_password.jwt_secret: Refreshing state... [id=none]
module.adm_iam_roles.tls_private_key.oonidevops: Refreshing state... [id=b49a9fdb9f720320340226016efe24808dd68203]
random_id.artifact_id: Refreshing state... [id=8Ujqew]
random_password.prometheus_metrics_password: Refreshing state... [id=none]
module.ansible_inventory.null_resource.ansible_update_known_hosts: Refreshing state... [id=236461505953331670]
aws_route53_record.clickhouse_proxy_alias: Refreshing state... [id=Z055356431RGCLK3JXZDL_clickhouseproxy.dev.ooni.io_CNAME]
module.ooni_clickhouse_proxy.aws_security_group_rule.ec2_sg_egress[0]: Refreshing state... [id=sgrule-433404543]
module.ooni_clickhouse_proxy.aws_security_group_rule.ec2_sg_egress[1]: Refreshing state... [id=sgrule-2829644169]
module.ooni_clickhouse_proxy.aws_security_group_rule.ec2_sg_ingress[0]: Refreshing state... [id=sgrule-455678145]
module.adm_iam_roles.aws_iam_policy.oonidevops: Refreshing state... [id=arn:aws:iam::905418398257:policy/OONIDevopsPolicy]
module.ooni_clickhouse_proxy.aws_lb_target_group_attachment.oonibackend_proxy: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:targetgroup/oockpr20241218072459118600000002/9f9687f9704cf431-20241218072519078800000007]
module.ooni_clickhouse_proxy.aws_instance.ooni_ec2: Refreshing state... [id=i-074dea1cc0bb3e3f3]
module.ooni_clickhouse_proxy.aws_security_group.ec2_sg: Refreshing state... [id=sg-0962cbf749373f339]
module.ooni_clickhouse_proxy.aws_launch_template.ooni_ec2: Refreshing state... [id=lt-0d34141cf8256e7e4]
module.ooni_clickhouse_proxy.aws_alb_target_group.ooni_ec2: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:targetgroup/oockpr20241218072459118600000002/9f9687f9704cf431]
module.ooni_clickhouse_proxy.aws_security_group_rule.ec2_sg_ingress[2]: Refreshing state... [id=sgrule-3780622166]
module.ooni_clickhouse_proxy.aws_security_group_rule.ec2_sg_ingress[1]: Refreshing state... [id=sgrule-2913158516]
module.oonidevops_github_user.aws_iam_policy.oonidevops_github: Refreshing state... [id=arn:aws:iam::905418398257:policy/oonidevops-github-policy]
aws_secretsmanager_secret.prometheus_metrics_password: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooni_services/prometheus_metrics_password-M8BbRw]
aws_s3_bucket.oonith_codepipeline_bucket: Refreshing state... [id=codepipeline-oonith-eu-central-1-f148ea7b]
module.ooniapi_ooniauth_deployer.data.aws_caller_identity.current: Reading...
module.adm_iam_roles.aws_secretsmanager_secret.oonidevops_deploy_key: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/deploy_key-2ebqSe]
module.ooniapi_ooniauth_deployer.data.aws_caller_identity.current: Read complete after 0s [id=905418398257]
module.ooniapi_oonirun.data.aws_ecs_container_definition.ooniapi_service_current[0]: Reading...
module.ooniapi_ooniprobe_deployer.aws_iam_policy.codepipeline: Refreshing state... [id=arn:aws:iam::905418398257:policy/service-role/codepipeline-ooniapi-ooniprobe]
module.ooniapi_oonifindings_deployer.data.aws_caller_identity.current: Reading...
module.ooniapi_ooniauth_deployer.aws_iam_policy.codepipeline: Refreshing state... [id=arn:aws:iam::905418398257:policy/service-role/codepipeline-ooniapi-ooniauth]
module.ooniapi_cluster.data.aws_ssm_parameter.ecs_optimized_ami: Reading...
module.ooniapi_oonirun_deployer.aws_iam_policy.codepipeline: Refreshing state... [id=arn:aws:iam::905418398257:policy/service-role/codepipeline-ooniapi-oonirun]
module.ooniapi_oonifindings_deployer.data.aws_caller_identity.current: Read complete after 0s [id=905418398257]
module.ooniapi_oonifindings.aws_iam_role.ooniapi_service_task: Refreshing state... [id=ooniapi-service-oonifindings-task-role]
data.aws_ssm_parameter.do_token: Reading...
module.ooniapi_ooniauth.data.aws_ecs_container_definition.ooniapi_service_current[0]: Reading...
module.ooniapi_oonifindings.data.aws_ecs_container_definition.ooniapi_service_current[0]: Reading...
aws_s3_bucket.ooniapi_codepipeline_bucket: Refreshing state... [id=codepipeline-ooniapi-eu-central-1-f148ea7b]
module.ooniapi_ooniprobe.data.aws_ecs_container_definition.ooniapi_service_current[0]: Reading...
module.ooniapi_reverseproxy.data.aws_ecs_container_definition.ooniapi_service_current[0]: Reading...
module.ooniapi_oonirun.data.aws_ecs_container_definition.ooniapi_service_current[0]: Read complete after 1s [id=arn:aws:ecs:eu-central-1:905418398257:task-definition/ooniapi-service-oonirun-td:67/ooniapi-service-oonirun]
module.adm_iam_roles.data.aws_iam_policy_document.assume_role: Reading...
module.adm_iam_roles.data.aws_iam_policy_document.assume_role: Read complete after 0s [id=4022892340]
module.ooniapi_reverseproxy.aws_cloudwatch_log_group.ooniapi_service: Refreshing state... [id=ooni-ecs-group/ooniapi-service-reverseproxy]
module.ooniapi_cluster.data.aws_ssm_parameter.ecs_optimized_ami: Read complete after 1s [id=/aws/service/ecs/optimized-ami/amazon-linux-2/recommended]
module.adm_iam_roles.aws_key_pair.oonidevops: Refreshing state... [id=oonidevops]
module.ooniapi_ooniauth.data.aws_ecs_container_definition.ooniapi_service_current[0]: Read complete after 1s [id=arn:aws:ecs:eu-central-1:905418398257:task-definition/ooniapi-service-ooniauth-td:72/ooniapi-service-ooniauth]
module.ooniapi_reverseproxy.aws_iam_role.ooniapi_service_task: Refreshing state... [id=ooniapi-service-reverseproxy-task-role]
module.ooniapi_oonifindings.data.aws_ecs_container_definition.ooniapi_service_current[0]: Read complete after 1s [id=arn:aws:ecs:eu-central-1:905418398257:task-definition/ooniapi-service-oonifindings-td:27/ooniapi-service-oonifindings]
module.oonidevops_github_user.aws_iam_user.oonidevops_github: Refreshing state... [id=oonidevops-github]
module.ooniapi_ooniprobe.data.aws_ecs_container_definition.ooniapi_service_current[0]: Read complete after 0s [id=arn:aws:ecs:eu-central-1:905418398257:task-definition/ooniapi-service-ooniprobe-td:50/ooniapi-service-ooniprobe]
module.ooniapi_ooniauth.aws_iam_role.ooniapi_service_task: Refreshing state... [id=ooniapi-service-ooniauth-task-role]
data.aws_ssm_parameter.do_token: Read complete after 1s [id=/oonidevops/secrets/digitalocean_access_token]
module.ooniapi_user.aws_secretsmanager_secret.aws_secret_access_key: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooniapi_user/aws_secret_access_key-L0DQDr]
aws_acm_certificate.ooniapi_frontend: Refreshing state... [id=arn:aws:acm:eu-central-1:905418398257:certificate/190205f1-392d-425c-a059-7006ca8c8c46]
module.ooniapi_ooniprobe.aws_iam_role.ooniapi_service_task: Refreshing state... [id=ooniapi-service-ooniprobe-task-role]
module.ooniapi_reverseproxy.data.aws_ecs_container_definition.ooniapi_service_current[0]: Read complete after 0s [id=arn:aws:ecs:eu-central-1:905418398257:task-definition/ooniapi-service-reverseproxy-td:10/ooniapi-service-reverseproxy]
module.ooniapi_reverseproxy_deployer.data.aws_caller_identity.current: Reading...
module.ooniapi_cluster.aws_iam_role.container_host: Refreshing state... [id=ooniapi-ecs-cluster-container-host-role]
module.ooniapi_ooniprobe_deployer.data.aws_caller_identity.current: Reading...
module.ooniapi_reverseproxy_deployer.data.aws_caller_identity.current: Read complete after 0s [id=905418398257]
module.ooniapi_oonifindings.aws_cloudwatch_log_group.ooniapi_service: Refreshing state... [id=ooni-ecs-group/ooniapi-service-oonifindings]
module.ooniapi_oonifindings_deployer.aws_iam_policy.codepipeline: Refreshing state... [id=arn:aws:iam::905418398257:policy/service-role/codepipeline-ooniapi-oonifindings]
module.oonidevops_github_user.aws_secretsmanager_secret.oonidevops_github: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/github_user/access_key_json-9JTJgd]
module.ooniapi_oonirun.aws_cloudwatch_log_group.ooniapi_service: Refreshing state... [id=ooni-ecs-group/ooniapi-service-oonirun]
module.ooniapi_ooniprobe_deployer.data.aws_caller_identity.current: Read complete after 0s [id=905418398257]
module.ooniapi_cluster.aws_cloudwatch_log_group.ooniapi_services: Refreshing state... [id=ooni-ecs-group/ooniapi-ecs-cluster]
aws_secretsmanager_secret.jwt_secret: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooni_services/jwt_secret-NUESvS]
module.ooni_backendproxy.data.aws_ssm_parameter.ubuntu_22_ami: Reading...
module.ooniapi_ooniauth.aws_cloudwatch_log_group.ooniapi_service: Refreshing state... [id=ooni-ecs-group/ooniapi-service-ooniauth]
module.ooni_backendproxy.data.aws_ssm_parameter.ubuntu_22_ami: Read complete after 0s [id=/aws/service/canonical/ubuntu/server/22.04/stable/current/amd64/hvm/ebs-gp2/ami-id]
module.ooniapi_reverseproxy_deployer.aws_iam_policy.codepipeline: Refreshing state... [id=arn:aws:iam::905418398257:policy/service-role/codepipeline-ooniapi-reverseproxy]
module.ooniapi_user.aws_ses_email_identity.ooniapi: Refreshing state... [[email protected]]
module.ooniapi_user.aws_iam_user.ooniapi: Refreshing state... [id=oonidevops-ooniapi]
module.ooniapi_user.aws_secretsmanager_secret.aws_access_key_id: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooniapi_user/aws_access_key_id-EcXOBx]
module.ooniapi_ooniprobe.aws_cloudwatch_log_group.ooniapi_service: Refreshing state... [id=ooni-ecs-group/ooniapi-service-ooniprobe]
data.aws_ssm_parameter.clickhouse_readonly_url: Reading...
data.aws_availability_zones.available: Reading...
aws_secretsmanager_secret.oonipg_url: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooni-tier0-postgres/postgresql_url-w62CTZ]
module.ooniapi_oonirun_deployer.data.aws_caller_identity.current: Reading...
module.ooniapi_oonirun.aws_iam_role.ooniapi_service_task: Refreshing state... [id=ooniapi-service-oonirun-task-role]
data.aws_availability_zones.available: Read complete after 0s [id=eu-central-1]
module.ooniapi_ooniauth_deployer.aws_iam_role.codepipeline: Refreshing state... [id=codepipeline-ooniapi-ooniauth]
data.aws_ssm_parameter.clickhouse_readonly_url: Read complete after 0s [id=/oonidevops/secrets/clickhouse_readonly_url]
module.ooniapi_ooniprobe_deployer.aws_iam_role.codepipeline: Refreshing state... [id=codepipeline-ooniapi-ooniprobe]
module.ooniapi_oonirun_deployer.aws_iam_role.codepipeline: Refreshing state... [id=codepipeline-ooniapi-oonirun]
module.ooniapi_oonirun_deployer.data.aws_caller_identity.current: Read complete after 0s [id=905418398257]
module.ooniapi_oonifindings.aws_iam_role_policy.ooniapi_service_task: Refreshing state... [id=ooniapi-service-oonifindings-task-role:ooniapi-service-oonifindings-task-role]
data.aws_secretsmanager_secret_version.prometheus_metrics_password: Reading...
aws_secretsmanager_secret_version.prometheus_metrics_password: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooni_services/prometheus_metrics_password-M8BbRw|terraform-20240314200140936700000008]
module.adm_iam_roles.aws_secretsmanager_secret_version.oonidevops_deploy_key: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/deploy_key-2ebqSe|terraform-20240925140131946100000002]
module.adm_iam_roles.aws_iam_role.oonidevops: Refreshing state... [id=oonidevops]
module.oonidevops_github_user.aws_iam_user_policy_attachment.oonidevops_github: Refreshing state... [id=oonidevops-github-20240313195612421500000001]
data.aws_secretsmanager_secret_version.prometheus_metrics_password: Read complete after 0s [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooni_services/prometheus_metrics_password-M8BbRw|AWSCURRENT]
module.oonidevops_github_user.aws_iam_access_key.oonidevops_github: Refreshing state... [id=AKIA5FTZELIYXDN55SMS]
module.ooniapi_reverseproxy.aws_iam_role_policy.ooniapi_service_task: Refreshing state... [id=ooniapi-service-reverseproxy-task-role:ooniapi-service-reverseproxy-task-role]
module.ooniapi_ooniauth.aws_iam_role_policy.ooniapi_service_task: Refreshing state... [id=ooniapi-service-ooniauth-task-role:ooniapi-service-ooniauth-task-role]
module.ooniapi_ooniprobe.aws_iam_role_policy.ooniapi_service_task: Refreshing state... [id=ooniapi-service-ooniprobe-task-role:ooniapi-service-ooniprobe-task-role]
module.ooniapi_cluster.aws_iam_role_policy.container_host: Refreshing state... [id=ooniapi-ecs-cluster-container-host-role:ooniapi-ecs-cluster-instance-role-policy]
module.ooniapi_cluster.aws_iam_instance_profile.container_host: Refreshing state... [id=ooniapi-ecs-cluster]
module.ooniapi_oonifindings_deployer.aws_iam_role.codepipeline: Refreshing state... [id=codepipeline-ooniapi-oonifindings]
aws_secretsmanager_secret_version.jwt_secret: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooni_services/jwt_secret-NUESvS|terraform-20240310182536838400000005]
aws_route53_record.ooniapi_frontend_cert_validation["8.th.dev.ooni.io"]: Refreshing state... [id=Z055356431RGCLK3JXZDL__ef17825e5fd9713f596344bdd9626f5e.8.th.dev.ooni.io._CNAME]
aws_route53_record.ooniapi_frontend_cert_validation["ooniauth.dev.ooni.io"]: Refreshing state... [id=Z055356431RGCLK3JXZDL__48cd4e71cee9930614228176b7deefb9.ooniauth.dev.ooni.io._CNAME]
aws_route53_record.ooniapi_frontend_cert_validation["oonirun.dev.ooni.io"]: Refreshing state... [id=Z055356431RGCLK3JXZDL__05c891caeb4509d4cd7f9c24d8b6dbd0.oonirun.dev.ooni.io._CNAME]
aws_route53_record.ooniapi_frontend_cert_validation["ooniprobe.dev.ooni.io"]: Refreshing state... [id=Z055356431RGCLK3JXZDL__a064be8aa084a037ff9fa5e3e541c87d.ooniprobe.dev.ooni.io._CNAME]
aws_route53_record.ooniapi_frontend_cert_validation["api.dev.ooni.io"]: Refreshing state... [id=Z055356431RGCLK3JXZDL__cd4729fc0c282e771d056e719a7bdf4f.api.dev.ooni.io._CNAME]
module.ooniapi_reverseproxy_deployer.aws_iam_role.codepipeline: Refreshing state... [id=codepipeline-ooniapi-reverseproxy]
module.ooniapi_user.aws_iam_user_policy.ooniapi: Refreshing state... [id=oonidevops-ooniapi:oonidevops-ooniapi-policy]
module.ooniapi_user.aws_iam_access_key.ooniapi: Refreshing state... [id=AKIA5FTZELIYSK2XEVOT]
module.ooniapi_cluster.aws_ecs_cluster.main: Refreshing state... [id=arn:aws:ecs:eu-central-1:905418398257:cluster/ooniapi-ecs-cluster]
module.ooniapi_oonirun.aws_iam_role_policy.ooniapi_service_task: Refreshing state... [id=ooniapi-service-oonirun-task-role:ooniapi-service-oonirun-task-role]
module.oonidevops_github_user.aws_secretsmanager_secret_version.oonidevops_github: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/github_user/access_key_json-9JTJgd|terraform-20240519071250187000000004]
module.ooniapi_user.aws_secretsmanager_secret_version.aws_access_key_id: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooniapi_user/aws_access_key_id-EcXOBx|terraform-20240314200140918400000007]
module.ooniapi_user.aws_secretsmanager_secret_version.aws_secret_access_key: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooniapi_user/aws_secret_access_key-L0DQDr|terraform-20240314200140914600000006]
module.ooniapi_reverseproxy.aws_ecs_task_definition.ooniapi_service: Refreshing state... [id=ooniapi-service-reverseproxy-td]
aws_codestarconnections_connection.oonidevops: Refreshing state... [id=arn:aws:codestar-connections:eu-central-1:905418398257:connection/6bd492f6-c11d-43ec-92b0-24c47700d528]
data.aws_secretsmanager_secret_version.deploy_key: Reading...
module.terraform_state_backend.data.aws_region.current: Reading...
module.terraform_state_backend.data.aws_region.current: Read complete after 0s [id=eu-central-1]
module.oonipg.random_password.pg_password: Refreshing state... [id=none]
aws_acm_certificate_validation.ooniapi_frontend: Refreshing state... [id=0001-01-01 00:00:00 +0000 UTC]
module.oonipg.aws_secretsmanager_secret.pg_password: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooni-tier0-postgres/pg_password-OjzOJC]
module.network.aws_vpc.main: Refreshing state... [id=vpc-0e382f3ad89286de9]
module.terraform_state_backend.aws_dynamodb_table.with_server_side_encryption[0]: Refreshing state... [id=oonidevops-dev-terraform-state-lock]
module.terraform_state_backend.data.aws_iam_policy_document.bucket_policy[0]: Reading...
module.terraform_state_backend.aws_s3_bucket.default[0]: Refreshing state... [id=oonidevops-dev-terraform-state]
module.terraform_state_backend.data.aws_iam_policy_document.bucket_policy[0]: Read complete after 0s [id=2666303363]
module.terraform_state_backend.data.aws_iam_policy_document.aggregated_policy[0]: Reading...
module.terraform_state_backend.data.aws_iam_policy_document.aggregated_policy[0]: Read complete after 0s [id=2666303363]
data.aws_secretsmanager_secret_version.deploy_key: Read complete after 0s [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/deploy_key-2ebqSe|AWSCURRENT]
module.ooni_th_droplet.data.cloudinit_config.ooni_th_docker: Reading...
module.ooni_th_droplet.data.cloudinit_config.ooni_th_docker: Read complete after 0s [id=1719060339]
module.ooni_th_droplet.digitalocean_droplet.ooni_th_docker[0]: Refreshing state... [id=459912318]
module.oonipg.aws_secretsmanager_secret_version.pg_password: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooni-tier0-postgres/pg_password-OjzOJC|terraform-20240310155428358300000002]
module.ooniapi_reverseproxy_deployer.aws_iam_policy.codebuild: Refreshing state... [id=arn:aws:iam::905418398257:policy/service-role/codebuild-reverseproxy-eu-central-1]
module.ooniapi_oonifindings_deployer.aws_iam_policy.codebuild: Refreshing state... [id=arn:aws:iam::905418398257:policy/service-role/codebuild-oonifindings-eu-central-1]
module.ooniapi_ooniauth_deployer.aws_iam_policy.codebuild: Refreshing state... [id=arn:aws:iam::905418398257:policy/service-role/codebuild-ooniauth-eu-central-1]
module.ooniapi_ooniprobe_deployer.aws_iam_policy.codebuild: Refreshing state... [id=arn:aws:iam::905418398257:policy/service-role/codebuild-ooniprobe-eu-central-1]
module.ooniapi_oonirun_deployer.aws_iam_policy.codebuild: Refreshing state... [id=arn:aws:iam::905418398257:policy/service-role/codebuild-oonirun-eu-central-1]
module.ooniapi_oonifindings_deployer.aws_iam_role.codebuild: Refreshing state... [id=codebuild-ooniapi-oonifindings]
module.ooniapi_ooniprobe_deployer.aws_iam_role.codebuild: Refreshing state... [id=codebuild-ooniapi-ooniprobe]
module.ooniapi_oonirun_deployer.aws_iam_role.codebuild: Refreshing state... [id=codebuild-ooniapi-oonirun]
module.ooniapi_ooniauth_deployer.aws_iam_role.codebuild: Refreshing state... [id=codebuild-ooniapi-ooniauth]
module.ooniapi_reverseproxy_deployer.aws_iam_role.codebuild: Refreshing state... [id=codebuild-ooniapi-reverseproxy]
module.ooni_th_droplet.aws_route53_record.ooni_th["0"]: Refreshing state... [id=Z055356431RGCLK3JXZDL_0.do.th.dev.ooni.io_A]
module.ooni_backendproxy.data.cloudinit_config.ooni_backendproxy: Reading...
module.ooni_backendproxy.data.cloudinit_config.ooni_backendproxy: Read complete after 0s [id=3085866265]
module.ooniapi_oonirun_deployer.aws_codebuild_project.ooniapi: Refreshing state... [id=arn:aws:codebuild:eu-central-1:905418398257:project/ooniapi-oonirun]
module.ooniapi_oonifindings_deployer.aws_codebuild_project.ooniapi: Refreshing state... [id=arn:aws:codebuild:eu-central-1:905418398257:project/ooniapi-oonifindings]
module.ooniapi_ooniauth_deployer.aws_codebuild_project.ooniapi: Refreshing state... [id=arn:aws:codebuild:eu-central-1:905418398257:project/ooniapi-ooniauth]
module.ooniapi_ooniprobe_deployer.aws_codebuild_project.ooniapi: Refreshing state... [id=arn:aws:codebuild:eu-central-1:905418398257:project/ooniapi-ooniprobe]
module.ooniapi_reverseproxy_deployer.aws_codebuild_project.ooniapi: Refreshing state... [id=arn:aws:codebuild:eu-central-1:905418398257:project/ooniapi-reverseproxy]
module.ooniapi_ooniauth.aws_alb_target_group.ooniapi_service: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:targetgroup/OautM-20240917211808752700000001/91bcad756924a3a7]
module.network.aws_internet_gateway.gw: Refreshing state... [id=igw-0c080e9b235ed29d1]
module.ooniapi_reverseproxy.aws_alb_target_group.ooniapi_service: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:targetgroup/OrevM-20241126221437689400000001/e05c012d99ff36ad]
module.ooniapi_oonifindings.aws_alb_target_group.ooniapi_service: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:targetgroup/OfinM-20240917211808752800000002/48adcfb18ae34d30]
module.ooniapi_oonirun.aws_alb_target_group.ooniapi_service: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:targetgroup/OrunM-20240917211808753100000003/93d4b2b6dc76acac]
module.ooniapi_cluster.aws_security_group.web: Refreshing state... [id=sg-0187eedfe39538357]
module.oonipg.aws_security_group.pg: Refreshing state... [id=sg-005ca579eb9c08cda]
module.ooniapi_ooniprobe.aws_alb_target_group.ooniapi_service: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:targetgroup/OproM-20240917211808753100000004/1f2ea1732205872c]
module.network.aws_subnet.public[0]: Refreshing state... [id=subnet-0e7a4478be988463f]
module.network.aws_subnet.public[1]: Refreshing state... [id=subnet-0b18966cccfc9d5ef]
module.network.aws_route_table.public: Refreshing state... [id=rtb-0ccb0852e6a365a95]
module.network.aws_subnet.private[0]: Refreshing state... [id=subnet-09314a43ec89d6331]
module.network.aws_subnet.private[1]: Refreshing state... [id=subnet-0b899a7ad10406d06]
module.network.aws_route_table.private: Refreshing state... [id=rtb-011463437da96c77b]
module.ooniapi_cluster.aws_security_group.container_host: Refreshing state... [id=sg-0aa6a97400b619de3]
module.network.aws_route_table_association.public[0]: Refreshing state... [id=rtbassoc-0dbd7fb16801ee049]
module.network.aws_route_table_association.public[1]: Refreshing state... [id=rtbassoc-08ab18165bf481054]
module.terraform_state_backend.aws_s3_bucket_public_access_block.default[0]: Refreshing state... [id=oonidevops-dev-terraform-state]
module.terraform_state_backend.aws_s3_bucket_versioning.default[0]: Refreshing state... [id=oonidevops-dev-terraform-state]
module.terraform_state_backend.aws_s3_bucket_server_side_encryption_configuration.default[0]: Refreshing state... [id=oonidevops-dev-terraform-state]
module.ooniapi_frontend.aws_alb.ooniapi: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:loadbalancer/app/ooni-tier0-api-frontend/52df1e7ac0eb1ea6]
module.oonipg.aws_db_subnet_group.pg: Refreshing state... [id=ooni-tier0-postgres-dbsng]
module.ooniapi_cluster.aws_launch_template.container_host: Refreshing state... [id=lt-0e328a8671f870c64]
module.network.aws_route_table_association.private[0]: Refreshing state... [id=rtbassoc-0e7933e6b804ff2c1]
module.network.aws_route_table_association.private[1]: Refreshing state... [id=rtbassoc-0c9cc0f117ef15fe7]
module.terraform_state_backend.aws_s3_bucket_policy.default[0]: Refreshing state... [id=oonidevops-dev-terraform-state]
module.ooniapi_reverseproxy.aws_ecs_service.ooniapi_service: Refreshing state... [id=arn:aws:ecs:eu-central-1:905418398257:service/ooniapi-ecs-cluster/ooniapi-service-reverseproxy]
module.terraform_state_backend.time_sleep.wait_for_aws_s3_bucket_settings[0]: Refreshing state... [id=2024-03-10T15:06:17Z]
module.terraform_state_backend.aws_s3_bucket_ownership_controls.default[0]: Refreshing state... [id=oonidevops-dev-terraform-state]
module.ooniapi_cluster.aws_autoscaling_group.container_host: Refreshing state... [id=ooniapi-ecs-cluster20240310192644083800000003]
module.ooniapi_reverseproxy_deployer.aws_codepipeline.ooniapi: Refreshing state... [id=ooniapi-reverseproxy]
module.ooniapi_frontend.aws_alb_listener.ooniapi_listener_https: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener/app/ooni-tier0-api-frontend/52df1e7ac0eb1ea6/2f500e01e10ba5cd]
aws_route53_record.ooniapi_frontend_main: Refreshing state... [id=Z055356431RGCLK3JXZDL_api.dev.ooni.io_A]
aws_route53_record.ooniapi_frontend_alt["8.th.dev.ooni.io"]: Refreshing state... [id=Z055356431RGCLK3JXZDL_8.th.dev.ooni.io_A]
module.ooniapi_frontend.aws_alb_listener.ooniapi_listener_http: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener/app/ooni-tier0-api-frontend/52df1e7ac0eb1ea6/d9b2448464179cd1]
aws_route53_record.ooniapi_frontend_alt["ooniprobe.dev.ooni.io"]: Refreshing state... [id=Z055356431RGCLK3JXZDL_ooniprobe.dev.ooni.io_A]
aws_route53_record.ooniapi_frontend_alt["ooniauth.dev.ooni.io"]: Refreshing state... [id=Z055356431RGCLK3JXZDL_ooniauth.dev.ooni.io_A]
aws_route53_record.ooniapi_frontend_alt["oonirun.dev.ooni.io"]: Refreshing state... [id=Z055356431RGCLK3JXZDL_oonirun.dev.ooni.io_A]
module.oonipg.aws_db_instance.pg: Refreshing state... [id=db-27N7Q6XIBNASFCOXN4N7C762L4]
module.ooniapi_frontend.aws_lb_listener_rule.ooniapi_oonifindings_rule: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener-rule/app/ooni-tier0-api-frontend/52df1e7ac0eb1ea6/2f500e01e10ba5cd/cdc4e8e8eabb56f2]
module.ooniapi_frontend.aws_lb_listener_rule.ooniapi_ooniauth_rule_host: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener-rule/app/ooni-tier0-api-frontend/52df1e7ac0eb1ea6/2f500e01e10ba5cd/cefeff0d8aa3118a]
module.ooniapi_frontend.aws_lb_listener_rule.ooniapi_ooniprobe_rule: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener-rule/app/ooni-tier0-api-frontend/52df1e7ac0eb1ea6/2f500e01e10ba5cd/2b09ed268181ba4f]
module.ooniapi_frontend.aws_alb_listener_rule.ooniapi_th: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener-rule/app/ooni-tier0-api-frontend/52df1e7ac0eb1ea6/2f500e01e10ba5cd/01ee7503374be8ff]
module.ooniapi_frontend.aws_lb_listener_rule.ooniapi_oonirun_rule_host: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener-rule/app/ooni-tier0-api-frontend/52df1e7ac0eb1ea6/2f500e01e10ba5cd/551c4128bb282fa4]
module.ooniapi_frontend.aws_lb_listener_rule.ooniapi_ooniprobe_rule_host: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener-rule/app/ooni-tier0-api-frontend/52df1e7ac0eb1ea6/2f500e01e10ba5cd/b436b91883ae7c86]
module.ooniapi_frontend.aws_lb_listener_rule.ooniapi_oonifindings_rule_host: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener-rule/app/ooni-tier0-api-frontend/52df1e7ac0eb1ea6/2f500e01e10ba5cd/5a872da4cc6b9135]
module.ooniapi_frontend.aws_lb_listener_rule.ooniapi_ooniauth_rule: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener-rule/app/ooni-tier0-api-frontend/52df1e7ac0eb1ea6/2f500e01e10ba5cd/128c53ea760208fc]
module.ooniapi_frontend.aws_lb_listener_rule.ooniapi_oonirun_rule: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener-rule/app/ooni-tier0-api-frontend/52df1e7ac0eb1ea6/2f500e01e10ba5cd/65e6f5e3aca0a4e5]
aws_secretsmanager_secret_version.oonipg_url: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooni-tier0-postgres/postgresql_url-w62CTZ|terraform-20240310182536837800000004]
aws_route53_record.postgres_dns: Refreshing state... [id=Z091407123AEJO90Z3H6D_postgres.dev.ooni.nu_CNAME]
module.ooniapi_ooniauth.aws_ecs_task_definition.ooniapi_service: Refreshing state... [id=ooniapi-service-ooniauth-td]
module.ooniapi_ooniprobe.aws_ecs_task_definition.ooniapi_service: Refreshing state... [id=ooniapi-service-ooniprobe-td]
module.ooniapi_oonifindings.aws_ecs_task_definition.ooniapi_service: Refreshing state... [id=ooniapi-service-oonifindings-td]
module.ooniapi_oonirun.aws_ecs_task_definition.ooniapi_service: Refreshing state... [id=ooniapi-service-oonirun-td]
module.ooniapi_ooniauth.aws_ecs_service.ooniapi_service: Refreshing state... [id=arn:aws:ecs:eu-central-1:905418398257:service/ooniapi-ecs-cluster/ooniapi-service-ooniauth]
module.ooniapi_oonifindings.aws_ecs_service.ooniapi_service: Refreshing state... [id=arn:aws:ecs:eu-central-1:905418398257:service/ooniapi-ecs-cluster/ooniapi-service-oonifindings]
module.ooniapi_ooniprobe.aws_ecs_service.ooniapi_service: Refreshing state... [id=arn:aws:ecs:eu-central-1:905418398257:service/ooniapi-ecs-cluster/ooniapi-service-ooniprobe]
module.ooniapi_oonirun.aws_ecs_service.ooniapi_service: Refreshing state... [id=arn:aws:ecs:eu-central-1:905418398257:service/ooniapi-ecs-cluster/ooniapi-service-oonirun]
module.ooniapi_oonifindings_deployer.aws_codepipeline.ooniapi: Refreshing state... [id=ooniapi-oonifindings]
module.ooniapi_ooniauth_deployer.aws_codepipeline.ooniapi: Refreshing state... [id=ooniapi-ooniauth]
module.ooniapi_ooniprobe_deployer.aws_codepipeline.ooniapi: Refreshing state... [id=ooniapi-ooniprobe]
module.ooniapi_oonirun_deployer.aws_codepipeline.ooniapi: Refreshing state... [id=ooniapi-oonirun]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
  ~ update in-place
  - destroy

Terraform will perform the following actions:

  # aws_route53_record.clickhouse_proxy_alias will be destroyed
  # (because aws_route53_record.clickhouse_proxy_alias is not in configuration)
  - resource "aws_route53_record" "clickhouse_proxy_alias" {
      - fqdn                             = "clickhouseproxy.dev.ooni.io" -> null
      - id                               = "Z055356431RGCLK3JXZDL_clickhouseproxy.dev.ooni.io_CNAME" -> null
      - multivalue_answer_routing_policy = false -> null
      - name                             = "clickhouseproxy.dev.ooni.io" -> null
      - records                          = [
          - "ec2-3-79-60-152.eu-central-1.compute.amazonaws.com",
        ] -> null
      - ttl                              = 300 -> null
      - type                             = "CNAME" -> null
      - zone_id                          = "Z055356431RGCLK3JXZDL" -> null
        # (2 unchanged attributes hidden)
    }

  # module.ooni_backendproxy.aws_alb_target_group.oonibackend_proxy will be created
  + resource "aws_alb_target_group" "oonibackend_proxy" {
      + arn                                = (known after apply)
      + arn_suffix                         = (known after apply)
      + connection_termination             = (known after apply)
      + deregistration_delay               = "300"
      + id                                 = (known after apply)
      + ip_address_type                    = (known after apply)
      + lambda_multi_value_headers_enabled = false
      + load_balancer_arns                 = (known after apply)
      + load_balancing_algorithm_type      = (known after apply)
      + load_balancing_anomaly_mitigation  = (known after apply)
      + load_balancing_cross_zone_enabled  = (known after apply)
      + name                               = (known after apply)
      + name_prefix                        = "oobpx"
      + port                               = 80
      + preserve_client_ip                 = (known after apply)
      + protocol                           = "HTTP"
      + protocol_version                   = (known after apply)
      + proxy_protocol_v2                  = false
      + slow_start                         = 0
      + tags                               = {
          + "Environment" = "dev"
          + "Name"        = "ooni-tier0-backendproxy"
          + "Repository"  = "https://github.com/ooni/devops"
        }
      + tags_all                           = {
          + "Environment" = "dev"
          + "Name"        = "ooni-tier0-backendproxy"
          + "Repository"  = "https://github.com/ooni/devops"
        }
      + target_type                        = "instance"
      + vpc_id                             = "vpc-0e382f3ad89286de9"

      + health_check (known after apply)

      + stickiness (known after apply)

      + target_failover (known after apply)

      + target_health_state (known after apply)
    }

  # module.ooni_backendproxy.aws_instance.oonibackend_proxy will be created
  + resource "aws_instance" "oonibackend_proxy" {
      + ami                                  = (known after apply)
      + arn                                  = (known after apply)
      + associate_public_ip_address          = (known after apply)
      + availability_zone                    = (known after apply)
      + cpu_core_count                       = (known after apply)
      + cpu_threads_per_core                 = (known after apply)
      + disable_api_stop                     = (known after apply)
      + disable_api_termination              = (known after apply)
      + ebs_optimized                        = (known after apply)
      + get_password_data                    = false
      + host_id                              = (known after apply)
      + host_resource_group_arn              = (known after apply)
      + iam_instance_profile                 = (known after apply)
      + id                                   = (known after apply)
      + instance_initiated_shutdown_behavior = (known after apply)
      + instance_lifecycle                   = (known after apply)
      + instance_state                       = (known after apply)
      + instance_type                        = (known after apply)
      + ipv6_address_count                   = (known after apply)
      + ipv6_addresses                       = (known after apply)
      + key_name                             = (known after apply)
      + monitoring                           = (known after apply)
      + outpost_arn                          = (known after apply)
      + password_data                        = (known after apply)
      + placement_group                      = (known after apply)
      + placement_partition_number           = (known after apply)
      + primary_network_interface_id         = (known after apply)
      + private_dns                          = (known after apply)
      + private_ip                           = (known after apply)
      + public_dns                           = (known after apply)
      + public_ip                            = (known after apply)
      + secondary_private_ips                = (known after apply)
      + security_groups                      = (known after apply)
      + source_dest_check                    = true
      + spot_instance_request_id             = (known after apply)
      + subnet_id                            = (known after apply)
      + tags                                 = {
          + "Environment" = "dev"
          + "Name"        = "ooni-tier0-backendproxy"
          + "Repository"  = "https://github.com/ooni/devops"
        }
      + tags_all                             = {
          + "Environment" = "dev"
          + "Name"        = "ooni-tier0-backendproxy"
          + "Repository"  = "https://github.com/ooni/devops"
        }
      + tenancy                              = (known after apply)
      + user_data                            = (known after apply)
      + user_data_base64                     = (known after apply)
      + user_data_replace_on_change          = false
      + vpc_security_group_ids               = (known after apply)

      + capacity_reservation_specification (known after apply)

      + cpu_options (known after apply)

      + ebs_block_device (known after apply)

      + enclave_options (known after apply)

      + ephemeral_block_device (known after apply)

      + instance_market_options (known after apply)

      + launch_template {
          + id      = (known after apply)
          + name    = (known after apply)
          + version = "$Latest"
        }

      + maintenance_options (known after apply)

      + metadata_options (known after apply)

      + network_interface (known after apply)

      + private_dns_name_options (known after apply)

      + root_block_device (known after apply)
    }

  # module.ooni_backendproxy.aws_launch_template.ooni_backendproxy will be created
  + resource "aws_launch_template" "ooni_backendproxy" {
      + arn             = (known after apply)
      + default_version = (known after apply)
      + id              = (known after apply)
      + image_id        = (sensitive value)
      + instance_type   = "t3a.nano"
      + key_name        = "oonidevops"
      + latest_version  = (known after apply)
      + name            = (known after apply)
      + name_prefix     = "ooni-backendproxy-bkprx-tmpl-"
      + tags_all        = (known after apply)
      + user_data       = "H4sIAAAAAAAA/7SUT2vcPBDG74L9DsPynl6QtS6UZm1yaJtAe0gLJS0UCkYrjW0RWTLSeLOhzXcv/rO7bnZT2kNP1sjPDM/8NNJb7wgd8duHFjNoOkumlYFEY3aoc9j4zmkZHi6XN+9vrt98/Pzh6vWnr0vWR/wLhmi8yyBNVgu2YJzPRQu2r31lYuujoUEriaSqG3SUQ2ksOtng5dI4Q4kqq+Ux6zZIF0sM/Nopr42rMni1MTQTDJYJdySU9Z3myrvSVAt2Yxo8MddKdScrLLpWS+rzQodsvxszBsDBVcbthpU1myHgjdc8UkDZMHYfDGHRm570raQ6A4GkxKAW0RBGLrfSWLmxKDSWsrPEAADUaDuDH0MIEDFsMcD3KQSwJhI6uFjl7LA3ioqeEhSzfeuV7IGCmBUAaIPfPRStjBFqojZmQmykukOneRld4r0ziQ+VyE9yenmxHaFBmqSniohU1Cg1BnjnI8G3/2of6ah7PKwwBB8K6ysQWxmE9dXEZ/iRWF/tsx73HU2frh1hw72iOs5aewIE0pfr5GKdvEjSdJU/VT0+R3hO8/+E6gOQ/LeH8GewMyEG1/+S7f7Lzs9f43VnMXJ0/fhpsV5Pw5v0d+OZMRyBHxs7nIGyRt3VvotYTEP0S/sT3aMqTdrg9cjU+Gy9Wq3mHTw9wnmtifqYch7xqZsczlX/q+ELnVONHm9zb8soHF8BCBhJBjp51jhfsJ8BAAD//9zsSMA1BQAA"

      + metadata_options (known after apply)

      + network_interfaces {
          + associate_public_ip_address = "true"
          + delete_on_termination       = "true"
          + security_groups             = (known after apply)
          + subnet_id                   = "subnet-0e7a4478be988463f"
        }

      + tag_specifications {
          + resource_type = "instance"
          + tags          = {
              + "Environment" = "dev"
              + "Name"        = "ooni-tier0-backendproxy"
              + "Repository"  = "https://github.com/ooni/devops"
            }
        }
    }

  # module.ooni_backendproxy.aws_lb_target_group_attachment.oonibackend_proxy will be created
  + resource "aws_lb_target_group_attachment" "oonibackend_proxy" {
      + id               = (known after apply)
      + target_group_arn = (known after apply)
      + target_id        = (known after apply)
    }

  # module.ooni_backendproxy.aws_route53_record.clickhouse_proxy_alias will be created
  + resource "aws_route53_record" "clickhouse_proxy_alias" {
      + allow_overwrite = (known after apply)
      + fqdn            = (known after apply)
      + id              = (known after apply)
      + name            = "clickhouseproxy.dev.ooni.io"
      + records         = (known after apply)
      + ttl             = 300
      + type            = "CNAME"
      + zone_id         = "Z055356431RGCLK3JXZDL"
    }

  # module.ooni_backendproxy.aws_security_group.nginx_sg will be created
  + resource "aws_security_group" "nginx_sg" {
      + arn                    = (known after apply)
      + description            = "security group for nginx"
      + egress                 = [
          + {
              + cidr_blocks      = [
                  + "0.0.0.0/0",
                ]
              + from_port        = 0
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "-1"
              + security_groups  = []
              + self             = false
              + to_port          = 0
                # (1 unchanged attribute hidden)
            },
          + {
              + cidr_blocks      = []
              + from_port        = 0
              + ipv6_cidr_blocks = [
                  + "::/0",
                ]
              + prefix_list_ids  = []
              + protocol         = "-1"
              + security_groups  = []
              + self             = false
              + to_port          = 0
                # (1 unchanged attribute hidden)
            },
        ]
      + id                     = (known after apply)
      + ingress                = [
          + {
              + cidr_blocks      = [
                  + "0.0.0.0/0",
                ]
              + from_port        = 22
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "tcp"
              + security_groups  = []
              + self             = false
              + to_port          = 22
                # (1 unchanged attribute hidden)
            },
          + {
              + cidr_blocks      = [
                  + "0.0.0.0/0",
                ]
              + from_port        = 80
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "tcp"
              + security_groups  = []
              + self             = false
              + to_port          = 80
                # (1 unchanged attribute hidden)
            },
          + {
              + cidr_blocks      = [
                  + "10.0.100.0/24",
                  + "10.0.101.0/24",
                ]
              + from_port        = 9000
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "tcp"
              + security_groups  = []
              + self             = false
              + to_port          = 9000
                # (1 unchanged attribute hidden)
            },
        ]
      + name                   = (known after apply)
      + name_prefix            = "ooni-bckprx"
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "Environment" = "dev"
          + "Name"        = "ooni-tier0-backendproxy"
          + "Repository"  = "https://github.com/ooni/devops"
        }
      + tags_all               = {
          + "Environment" = "dev"
          + "Name"        = "ooni-tier0-backendproxy"
          + "Repository"  = "https://github.com/ooni/devops"
        }
      + vpc_id                 = "vpc-0e382f3ad89286de9"
    }

  # module.ooni_clickhouse_proxy.aws_alb_target_group.ooni_ec2 will be destroyed
  # (because aws_alb_target_group.ooni_ec2 is not in configuration)
  - resource "aws_alb_target_group" "ooni_ec2" {
      - arn                                = "arn:aws:elasticloadbalancing:eu-central-1:905418398257:targetgroup/oockpr20241218072459118600000002/9f9687f9704cf431" -> null
      - arn_suffix                         = "targetgroup/oockpr20241218072459118600000002/9f9687f9704cf431" -> null
      - deregistration_delay               = "300" -> null
      - id                                 = "arn:aws:elasticloadbalancing:eu-central-1:905418398257:targetgroup/oockpr20241218072459118600000002/9f9687f9704cf431" -> null
      - ip_address_type                    = "ipv4" -> null
      - lambda_multi_value_headers_enabled = false -> null
      - load_balancer_arns                 = [] -> null
      - load_balancing_algorithm_type      = "round_robin" -> null
      - load_balancing_anomaly_mitigation  = "off" -> null
      - load_balancing_cross_zone_enabled  = "use_load_balancer_configuration" -> null
      - name                               = "oockpr20241218072459118600000002" -> null
      - name_prefix                        = "oockpr" -> null
      - port                               = 80 -> null
      - protocol                           = "HTTP" -> null
      - protocol_version                   = "HTTP1" -> null
      - proxy_protocol_v2                  = false -> null
      - slow_start                         = 0 -> null
      - tags                               = {
          - "Environment" = "dev"
          - "Name"        = "ooni-tier0-clickhouseproxy"
          - "Repository"  = "https://github.com/ooni/devops"
        } -> null
      - tags_all                           = {
          - "Environment" = "dev"
          - "Name"        = "ooni-tier0-clickhouseproxy"
          - "Repository"  = "https://github.com/ooni/devops"
        } -> null
      - target_type                        = "instance" -> null
      - vpc_id                             = "vpc-0e382f3ad89286de9" -> null

      - health_check {
          - enabled             = true -> null
          - healthy_threshold   = 5 -> null
          - interval            = 30 -> null
          - matcher             = "200" -> null
          - path                = "/" -> null
          - port                = "traffic-port" -> null
          - protocol            = "HTTP" -> null
          - timeout             = 5 -> null
          - unhealthy_threshold = 2 -> null
        }

      - stickiness {
          - cookie_duration = 86400 -> null
          - enabled         = false -> null
          - type            = "lb_cookie" -> null
            # (1 unchanged attribute hidden)
        }

      - target_failover {}

      - target_health_state {}
    }

  # module.ooni_clickhouse_proxy.aws_instance.ooni_ec2 will be destroyed
  # (because aws_instance.ooni_ec2 is not in configuration)
  - resource "aws_instance" "ooni_ec2" {
      - ami                                  = "ami-0cf42ae9a371140c8" -> null
      - arn                                  = "arn:aws:ec2:eu-central-1:905418398257:instance/i-074dea1cc0bb3e3f3" -> null
      - associate_public_ip_address          = true -> null
      - availability_zone                    = "eu-central-1a" -> null
      - cpu_core_count                       = 1 -> null
      - cpu_threads_per_core                 = 2 -> null
      - disable_api_stop                     = false -> null
      - disable_api_termination              = false -> null
      - ebs_optimized                        = false -> null
      - get_password_data                    = false -> null
      - hibernation                          = false -> null
      - id                                   = "i-074dea1cc0bb3e3f3" -> null
      - instance_initiated_shutdown_behavior = "stop" -> null
      - instance_state                       = "running" -> null
      - instance_type                        = "t3a.nano" -> null
      - ipv6_address_count                   = 0 -> null
      - ipv6_addresses                       = [] -> null
      - key_name                             = "oonidevops" -> null
      - monitoring                           = false -> null
      - placement_partition_number           = 0 -> null
      - primary_network_interface_id         = "eni-075115be0d384f30d" -> null
      - private_dns                          = "ip-10-0-0-180.eu-central-1.compute.internal" -> null
      - private_ip                           = "10.0.0.180" -> null
      - public_dns                           = "ec2-3-79-60-152.eu-central-1.compute.amazonaws.com" -> null
      - public_ip                            = "3.79.60.152" -> null
      - secondary_private_ips                = [] -> null
      - security_groups                      = [] -> null
      - source_dest_check                    = true -> null
      - subnet_id                            = "subnet-0e7a4478be988463f" -> null
      - tags                                 = {
          - "Environment" = "dev"
          - "Name"        = "ooni-tier0-clickhouseproxy"
          - "Repository"  = "https://github.com/ooni/devops"
        } -> null
      - tags_all                             = {
          - "Environment" = "dev"
          - "Name"        = "ooni-tier0-clickhouseproxy"
          - "Repository"  = "https://github.com/ooni/devops"
        } -> null
      - tenancy                              = "default" -> null
      - user_data                            = "bd31c4f073ccfc1109babe7ffeb3ecc1983bd61a" -> null
      - user_data_replace_on_change          = false -> null
      - vpc_security_group_ids               = [
          - "sg-0962cbf749373f339",
        ] -> null
        # (7 unchanged attributes hidden)

      - capacity_reservation_specification {
          - capacity_reservation_preference = "open" -> null
        }

      - cpu_options {
          - core_count       = 1 -> null
          - threads_per_core = 2 -> null
            # (1 unchanged attribute hidden)
        }

      - credit_specification {
          - cpu_credits = "unlimited" -> null
        }

      - enclave_options {
          - enabled = false -> null
        }

      - launch_template {
          - id      = "lt-0d34141cf8256e7e4" -> null
          - name    = "oonickprx-tmpl-20241218072502487500000004" -> null
          - version = "$Latest" -> null
        }

      - maintenance_options {
          - auto_recovery = "default" -> null
        }

      - metadata_options {
          - http_endpoint               = "enabled" -> null
          - http_protocol_ipv6          = "disabled" -> null
          - http_put_response_hop_limit = 1 -> null
          - http_tokens                 = "optional" -> null
          - instance_metadata_tags      = "disabled" -> null
        }

      - private_dns_name_options {
          - enable_resource_name_dns_a_record    = false -> null
          - enable_resource_name_dns_aaaa_record = false -> null
          - hostname_type                        = "ip-name" -> null
        }

      - root_block_device {
          - delete_on_termination = true -> null
          - device_name           = "/dev/sda1" -> null
          - encrypted             = false -> null
          - iops                  = 100 -> null
          - tags                  = {} -> null
          - tags_all              = {} -> null
          - throughput            = 0 -> null
          - volume_id             = "vol-02e61d2c6fb3521c0" -> null
          - volume_size           = 8 -> null
          - volume_type           = "gp2" -> null
            # (1 unchanged attribute hidden)
        }
    }

  # module.ooni_clickhouse_proxy.aws_launch_template.ooni_ec2 will be destroyed
  # (because aws_launch_template.ooni_ec2 is not in configuration)
  - resource "aws_launch_template" "ooni_ec2" {
      - arn                                  = "arn:aws:ec2:eu-central-1:905418398257:launch-template/lt-0d34141cf8256e7e4" -> null
      - default_version                      = 1 -> null
      - disable_api_stop                     = false -> null
      - disable_api_termination              = false -> null
      - id                                   = "lt-0d34141cf8256e7e4" -> null
      - image_id                             = (sensitive value) -> null
      - instance_type                        = "t3a.nano" -> null
      - key_name                             = "oonidevops" -> null
      - latest_version                       = 1 -> null
      - name                                 = "oonickprx-tmpl-20241218072502487500000004" -> null
      - name_prefix                          = "oonickprx-tmpl-" -> null
      - tags_all                             = {} -> null
      - user_data                            = "H4sIAAAAAAAA/2TOwUrEMBDG8Xsg7xByn109CV32oO4ePFRBquAxTSZ1oJmUZArt24sFsehx4D8fv8fMgizQrRM2Js2j0OSKHBMtGE6mzzMHV9azbZ/a68PL2/Pl/vXDqu8L3rFUytyY28ONVloB7COtfrYvVKdcSbbWiTj/mZDlZCKNyC7h2RKTHHwc7O9XVxzXiAWu7HMgHhpz15Psgo0suMjRj3kO4DNHGrRqKeE/3F8egFZfAQAA//8m7Wqk/QAAAA==" -> null
        # (5 unchanged attributes hidden)

      - network_interfaces {
          - associate_public_ip_address  = "true" -> null
          - delete_on_termination        = "true" -> null
          - device_index                 = 0 -> null
          - ipv4_address_count           = 0 -> null
          - ipv4_prefix_count            = 0 -> null
          - ipv6_address_count           = 0 -> null
          - ipv6_prefix_count            = 0 -> null
          - network_card_index           = 0 -> null
          - security_groups              = [
              - "sg-0962cbf749373f339",
            ] -> null
          - subnet_id                    = "subnet-0e7a4478be988463f" -> null
            # (5 unchanged attributes hidden)
        }

      - tag_specifications {
          - resource_type = "instance" -> null
          - tags          = {
              - "Environment" = "dev"
              - "Name"        = "ooni-tier0-clickhouseproxy"
              - "Repository"  = "https://github.com/ooni/devops"
            } -> null
        }
    }

  # module.ooni_clickhouse_proxy.aws_lb_target_group_attachment.oonibackend_proxy will be destroyed
  # (because aws_lb_target_group_attachment.oonibackend_proxy is not in configuration)
  - resource "aws_lb_target_group_attachment" "oonibackend_proxy" {
      - id               = "arn:aws:elasticloadbalancing:eu-central-1:905418398257:targetgroup/oockpr20241218072459118600000002/9f9687f9704cf431-20241218072519078800000007" -> null
      - target_group_arn = "arn:aws:elasticloadbalancing:eu-central-1:905418398257:targetgroup/oockpr20241218072459118600000002/9f9687f9704cf431" -> null
      - target_id        = "i-074dea1cc0bb3e3f3" -> null
    }

  # module.ooni_clickhouse_proxy.aws_security_group.ec2_sg will be destroyed
  # (because aws_security_group.ec2_sg is not in configuration)
  - resource "aws_security_group" "ec2_sg" {
      - arn                    = "arn:aws:ec2:eu-central-1:905418398257:security-group/sg-0962cbf749373f339" -> null
      - description            = "security group for ec2" -> null
      - egress                 = [] -> null
      - id                     = "sg-0962cbf749373f339" -> null
      - ingress                = [] -> null
      - name                   = "oockprx20241218072459115500000001" -> null
      - name_prefix            = "oockprx" -> null
      - owner_id               = "905418398257" -> null
      - revoke_rules_on_delete = false -> null
      - tags                   = {
          - "Environment" = "dev"
          - "Name"        = "ooni-tier0-clickhouseproxy"
          - "Repository"  = "https://github.com/ooni/devops"
        } -> null
      - tags_all               = {
          - "Environment" = "dev"
          - "Name"        = "ooni-tier0-clickhouseproxy"
          - "Repository"  = "https://github.com/ooni/devops"
        } -> null
      - vpc_id                 = "vpc-0e382f3ad89286de9" -> null
    }

  # module.ooni_clickhouse_proxy.aws_security_group_rule.ec2_sg_egress[0] will be destroyed
  # (because aws_security_group_rule.ec2_sg_egress is not in configuration)
  - resource "aws_security_group_rule" "ec2_sg_egress" {
      - cidr_blocks            = [
          - "0.0.0.0/0",
        ] -> null
      - from_port              = 0 -> null
      - id                     = "sgrule-433404543" -> null
      - protocol               = "-1" -> null
      - security_group_id      = "sg-0962cbf749373f339" -> null
      - security_group_rule_id = "sgr-0bc3f31a78c4f2a72" -> null
      - self                   = false -> null
      - to_port                = 0 -> null
      - type                   = "egress" -> null
    }

  # module.ooni_clickhouse_proxy.aws_security_group_rule.ec2_sg_egress[1] will be destroyed
  # (because aws_security_group_rule.ec2_sg_egress is not in configuration)
  - resource "aws_security_group_rule" "ec2_sg_egress" {
      - from_port              = 0 -> null
      - id                     = "sgrule-2829644169" -> null
      - ipv6_cidr_blocks       = [
          - "::/0",
        ] -> null
      - protocol               = "-1" -> null
      - security_group_id      = "sg-0962cbf749373f339" -> null
      - security_group_rule_id = "sgr-09f10a5e4ad849dd0" -> null
      - self                   = false -> null
      - to_port                = 0 -> null
      - type                   = "egress" -> null
    }

  # module.ooni_clickhouse_proxy.aws_security_group_rule.ec2_sg_ingress[0] will be destroyed
  # (because aws_security_group_rule.ec2_sg_ingress is not in configuration)
  - resource "aws_security_group_rule" "ec2_sg_ingress" {
      - cidr_blocks            = [
          - "0.0.0.0/0",
        ] -> null
      - from_port              = 22 -> null
      - id                     = "sgrule-455678145" -> null
      - protocol               = "tcp" -> null
      - security_group_id      = "sg-0962cbf749373f339" -> null
      - security_group_rule_id = "sgr-05fdf82f53d806958" -> null
      - self                   = false -> null
      - to_port                = 22 -> null
      - type                   = "ingress" -> null
    }

  # module.ooni_clickhouse_proxy.aws_security_group_rule.ec2_sg_ingress[1] will be destroyed
  # (because aws_security_group_rule.ec2_sg_ingress is not in configuration)
  - resource "aws_security_group_rule" "ec2_sg_ingress" {
      - cidr_blocks            = [
          - "0.0.0.0/0",
        ] -> null
      - from_port              = 80 -> null
      - id                     = "sgrule-2913158516" -> null
      - protocol               = "tcp" -> null
      - security_group_id      = "sg-0962cbf749373f339" -> null
      - security_group_rule_id = "sgr-03f7d8dbaef09890f" -> null
      - self                   = false -> null
      - to_port                = 80 -> null
      - type                   = "ingress" -> null
    }

  # module.ooni_clickhouse_proxy.aws_security_group_rule.ec2_sg_ingress[2] will be destroyed
  # (because aws_security_group_rule.ec2_sg_ingress is not in configuration)
  - resource "aws_security_group_rule" "ec2_sg_ingress" {
      - cidr_blocks            = [
          - "0.0.0.0/0",
        ] -> null
      - from_port              = 9000 -> null
      - id                     = "sgrule-3780622166" -> null
      - protocol               = "tcp" -> null
      - security_group_id      = "sg-0962cbf749373f339" -> null
      - security_group_rule_id = "sgr-07597053b7dd05562" -> null
      - self                   = false -> null
      - to_port                = 9000 -> null
      - type                   = "ingress" -> null
    }

  # module.ooniapi_cluster.aws_launch_template.container_host will be updated in-place
  ~ resource "aws_launch_template" "container_host" {
      ~ default_version                      = 26 -> (known after apply)
        id                                   = "lt-0e328a8671f870c64"
      ~ image_id                             = (sensitive value)
      ~ latest_version                       = 26 -> (known after apply)
        name                                 = "ooniapi-ecs-cluster20240310192643664900000001"
        tags                                 = {}
        # (16 unchanged attributes hidden)

        # (4 unchanged blocks hidden)
    }

  # module.ooniapi_oonifindings_deployer.aws_codepipeline.ooniapi will be updated in-place
  ~ resource "aws_codepipeline" "ooniapi" {
        id             = "ooniapi-oonifindings"
        name           = "ooniapi-oonifindings"
        tags           = {}
        # (5 unchanged attributes hidden)

      - trigger {
          - provider_type = "CodeStarSourceConnection" -> null

          - git_configuration {
              - source_action_name = "Source" -> null

              - push {
                  - branches {
                      - excludes = [] -> null
                      - includes = [
                          - "oonidata",
                        ] -> null
                    }
                }
            }
        }

        # (4 unchanged blocks hidden)
    }

  # module.ooniapi_reverseproxy_deployer.aws_codepipeline.ooniapi will be updated in-place
  ~ resource "aws_codepipeline" "ooniapi" {
        id             = "ooniapi-reverseproxy"
        name           = "ooniapi-reverseproxy"
        tags           = {}
        # (5 unchanged attributes hidden)

      - trigger {
          - provider_type = "CodeStarSourceConnection" -> null

          - git_configuration {
              - source_action_name = "Source" -> null

              - push {
                  - branches {
                      - excludes = [] -> null
                      - includes = [
                          - "master",
                        ] -> null
                    }
                }
            }
        }

        # (4 unchanged blocks hidden)
    }

Plan: 6 to add, 3 to change, 11 to destroy.

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.
Pusher @hellais
Action pull_request
Environment dev
Workflow .github/workflows/check_terraform.yml
Last updated Fri, 20 Dec 2024 16:59:02 GMT

@hellais hellais merged commit f87f1ce into main Dec 20, 2024
3 checks passed
@hellais hellais deleted the data2 branch December 20, 2024 16:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@hellais