Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Code sign box #83

Merged
merged 12 commits into from
Jul 29, 2024
Merged

Code sign box #83

merged 12 commits into from
Jul 29, 2024

Conversation

hellais
Copy link
Member

@hellais hellais commented Jul 29, 2024
edited
Loading

This sets up all the needed config to initialize the code signing box.

Changes:

  • Removes the user_data from the terraform setup since we do it in ansible
  • The ansible blocks are commented out since manual .ssh/config is needed to bootstrap the host

This fixes: #55

@github-actions GitHub Actions
Copy link

github-actions bot commented Jul 29, 2024
edited
Loading

Ansible Run Output 🤖

Ansible Playbook Recap 🔍

Ansible playbook output 📖success

Show Execution 

$ ansible-playbook playbook.yml --check --diff -i ../tf/modules/ansible_inventory/inventories/inventory-dev.ini
[WARNING]: provided hosts list is empty, only localhost is available. Note that
the implicit localhost does not match 'all'
[WARNING]: Could not match supplied host pattern, ignoring: clickhouse_servers
[WARNING]: Could not match supplied host pattern, ignoring: monitoring.ooni.org
[WARNING]: Could not match supplied host pattern, ignoring: openvpn-
server1.ooni.io

PLAY [ClickHouse servers] ******************************************************
skipping: no hosts matched

PLAY [Update monitoring config] ************************************************
skipping: no hosts matched

PLAY [Setup OpenVPN server] ****************************************************
skipping: no hosts matched

PLAY RECAP *********************************************************************
Pusher @hellais
Action pull_request
Working Directory
Workflow .github/workflows/check_ansible.yml
Last updated Mon, 29 Jul 2024 15:50:15 GMT

@github-actions GitHub Actions
Copy link

github-actions bot commented Jul 29, 2024
edited
Loading

Terraform Run Output 🤖

Format and Style 🖌success

Initialization ⚙️success

Validation 🤖success

Validation Output 

$ terraform validate
Success! The configuration is valid.

Plan 📖success

  • Plan: 0 to add, 3 to change, 0 to destroy.
Show Plan 

$ terraform plan
module.ansible_inventory.local_file.ansible_inventory: Refreshing state... [id=b6de844ed8d384f890fa6f467502390de843f758]
module.adm_iam_roles.tls_private_key.oonidevops: Refreshing state... [id=b49a9fdb9f720320340226016efe24808dd68203]
random_id.artifact_id: Refreshing state... [id=8Ujqew]
random_password.prometheus_metrics_password: Refreshing state... [id=none]
random_password.jwt_secret: Refreshing state... [id=none]
module.ansible_inventory.null_resource.ansible_update_known_hosts: Refreshing state... [id=236461505953331670]
module.ooniapi_oonirun_deployer.data.aws_caller_identity.current: Reading...
module.adm_iam_roles.aws_iam_policy.oonidevops: Refreshing state... [id=arn:aws:iam::905418398257:policy/OONIDevopsPolicy]
module.ooniapi_ooniauth.data.aws_ecs_container_definition.ooniapi_service_current[0]: Reading...
module.ooniapi_user.aws_secretsmanager_secret.aws_secret_access_key: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooniapi_user/aws_secret_access_key-L0DQDr]
module.ooniapi_ooniprobe.aws_iam_role.ooniapi_service_task: Refreshing state... [id=ooniapi-service-ooniprobe-task-role]
module.oonith_cluster.data.aws_ssm_parameter.ecs_optimized_ami: Reading...
module.oonith_oohelperd.aws_cloudwatch_log_group.oonith_service: Refreshing state... [id=ooni-ecs-group/oonith-service-oohelperd]
module.adm_iam_roles.data.aws_iam_policy_document.assume_role: Reading...
module.ooniapi_cluster.aws_iam_role.container_host: Refreshing state... [id=ooniapi-ecs-cluster-container-host-role]
module.ooniapi_ooniauth_deployer.aws_iam_policy.codepipeline: Refreshing state... [id=arn:aws:iam::905418398257:policy/service-role/codepipeline-ooniapi-ooniauth]
module.adm_iam_roles.data.aws_iam_policy_document.assume_role: Read complete after 0s [id=4022892340]
module.ooniapi_ooniprobe_deployer.data.aws_caller_identity.current: Reading...
module.ooniapi_oonirun_deployer.data.aws_caller_identity.current: Read complete after 0s [id=905418398257]
module.ooniapi_cluster.data.aws_ssm_parameter.ecs_optimized_ami: Reading...
module.oonith_oohelperd_deployer.aws_iam_policy.codepipeline: Refreshing state... [id=arn:aws:iam::905418398257:policy/service-role/codepipeline-oonith-oohelperd]
module.ooniapi_oonirun_deployer.aws_iam_policy.codepipeline: Refreshing state... [id=arn:aws:iam::905418398257:policy/service-role/codepipeline-ooniapi-oonirun]
module.ooniapi_ooniauth.aws_cloudwatch_log_group.ooniapi_service: Refreshing state... [id=ooni-ecs-group/ooniapi-service-ooniauth]
module.ooniapi_oonirun.aws_cloudwatch_log_group.ooniapi_service: Refreshing state... [id=ooni-ecs-group/ooniapi-service-oonirun]
module.ooniapi_ooniprobe_deployer.data.aws_caller_identity.current: Read complete after 0s [id=905418398257]
module.ooniapi_oonirun.aws_iam_role.ooniapi_service_task: Refreshing state... [id=ooniapi-service-oonirun-task-role]
module.adm_iam_roles.aws_secretsmanager_secret.oonidevops_deploy_key: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/deploy_key/ssh_key_private-J5OsZt]
aws_s3_bucket.oonith_codepipeline_bucket: Refreshing state... [id=codepipeline-oonith-eu-central-1-f148ea7b]
module.oonidevops_github_user.aws_secretsmanager_secret.oonidevops_github: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/github_user/access_key_json-9JTJgd]
module.oonith_cluster.data.aws_ssm_parameter.ecs_optimized_ami: Read complete after 0s [id=/aws/service/ecs/optimized-ami/amazon-linux-2/recommended]
module.ooniapi_oonirun.aws_acm_certificate.ooniapi_service: Refreshing state... [id=arn:aws:acm:eu-central-1:905418398257:certificate/879f6ecd-9260-489a-a120-a578677fe254]
module.ooniapi_ooniauth.data.aws_ecs_container_definition.ooniapi_service_current[0]: Read complete after 0s [id=arn:aws:ecs:eu-central-1:905418398257:task-definition/ooniapi-service-ooniauth-td:39/ooniapi-service-ooniauth]
module.oonith_oohelperd.aws_iam_role.oonith_service_task: Refreshing state... [id=oonith-service-oohelperd-task-role]
module.ooniapi_cluster.data.aws_ssm_parameter.ecs_optimized_ami: Read complete after 0s [id=/aws/service/ecs/optimized-ami/amazon-linux-2/recommended]
module.ooniapi_oonirun.data.aws_ecs_container_definition.ooniapi_service_current[0]: Reading...
aws_secretsmanager_secret.oonipg_url: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooni-tier0-postgres/postgresql_url-w62CTZ]
module.ooniapi_user.aws_iam_user.ooniapi: Refreshing state... [id=oonidevops-ooniapi]
data.aws_availability_zones.available: Reading...
module.ooniapi_oonirun.data.aws_ecs_container_definition.ooniapi_service_current[0]: Read complete after 0s [id=arn:aws:ecs:eu-central-1:905418398257:task-definition/ooniapi-service-oonirun-td:37/ooniapi-service-oonirun]
module.ooniapi_ooniprobe.data.aws_ecs_container_definition.ooniapi_service_current[0]: Reading...
module.oonith_oohelperd_deployer.data.aws_caller_identity.current: Reading...
module.ooniapi_frontend.aws_acm_certificate.ooniapi: Refreshing state... [id=arn:aws:acm:eu-central-1:905418398257:certificate/c5a662a8-8373-46ed-b2f6-73582b0f01c2]
aws_s3_bucket.ooniapi_codepipeline_bucket: Refreshing state... [id=codepipeline-ooniapi-eu-central-1-f148ea7b]
module.ooniapi_ooniprobe_deployer.aws_iam_policy.codepipeline: Refreshing state... [id=arn:aws:iam::905418398257:policy/service-role/codepipeline-ooniapi-ooniprobe]
module.oonidevops_github_user.aws_iam_policy.oonidevops_github: Refreshing state... [id=arn:aws:iam::905418398257:policy/oonidevops-github-policy]
module.ooniapi_ooniprobe.data.aws_ecs_container_definition.ooniapi_service_current[0]: Read complete after 0s [id=arn:aws:ecs:eu-central-1:905418398257:task-definition/ooniapi-service-ooniprobe-td:21/ooniapi-service-ooniprobe]
module.adm_iam_roles.aws_key_pair.oonidevops: Refreshing state... [id=oonidevops]
module.ooniapi_user.aws_secretsmanager_secret.aws_access_key_id: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooniapi_user/aws_access_key_id-EcXOBx]
module.oonith_oohelperd_deployer.data.aws_caller_identity.current: Read complete after 0s [id=905418398257]
aws_secretsmanager_secret.jwt_secret: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooni_services/jwt_secret-NUESvS]
module.oonith_oohelperd.aws_acm_certificate.oonith_service: Refreshing state... [id=arn:aws:acm:eu-central-1:905418398257:certificate/5bc4ec37-a842-4362-abad-db1ec463b1ff]
module.oonith_oohelperd.data.aws_ecs_container_definition.oonith_service_current[0]: Reading...
module.oonith_oohelperd.data.aws_ecs_container_definition.oonith_service_current[0]: Read complete after 0s [id=arn:aws:ecs:eu-central-1:905418398257:task-definition/oonith-service-oohelperd-td:114/oonith-service-oohelperd]
module.oonith_cluster.aws_iam_role.container_host: Refreshing state... [id=oonith-ecs-cluster-container-host-role]
module.ooniapi_ooniauth.aws_iam_role.ooniapi_service_task: Refreshing state... [id=ooniapi-service-ooniauth-task-role]
module.ooniapi_ooniprobe.aws_acm_certificate.ooniapi_service: Refreshing state... [id=arn:aws:acm:eu-central-1:905418398257:certificate/3c92c753-426b-41ca-97c2-8967c0fd704b]
module.ooniapi_ooniauth_deployer.data.aws_caller_identity.current: Reading...
data.aws_availability_zones.available: Read complete after 1s [id=eu-central-1]
aws_secretsmanager_secret.prometheus_metrics_password: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooni_services/prometheus_metrics_password-M8BbRw]
module.oonidevops_github_user.aws_iam_user.oonidevops_github: Refreshing state... [id=oonidevops-github]
module.ooniapi_user.aws_ses_email_identity.ooniapi: Refreshing state... [[email protected]]
module.ooniapi_ooniauth.aws_acm_certificate.ooniapi_service: Refreshing state... [id=arn:aws:acm:eu-central-1:905418398257:certificate/2202d88a-dd01-478d-af5c-e71ed70817c3]
module.ooniapi_ooniauth_deployer.data.aws_caller_identity.current: Read complete after 0s [id=905418398257]
module.oonith_cluster.aws_cloudwatch_log_group.ooniapi_services: Refreshing state... [id=ooni-ecs-group/oonith-ecs-cluster]
module.ooni_backendproxy.data.aws_ssm_parameter.ubuntu_22_ami: Reading...
module.ooniapi_cluster.aws_cloudwatch_log_group.ooniapi_services: Refreshing state... [id=ooni-ecs-group/ooniapi-ecs-cluster]
module.ooniapi_ooniprobe.aws_cloudwatch_log_group.ooniapi_service: Refreshing state... [id=ooni-ecs-group/ooniapi-service-ooniprobe]
module.adm_iam_roles.aws_iam_role.oonidevops: Refreshing state... [id=oonidevops]
module.ooni_backendproxy.data.aws_ssm_parameter.ubuntu_22_ami: Read complete after 0s [id=/aws/service/canonical/ubuntu/server/22.04/stable/current/amd64/hvm/ebs-gp2/ami-id]
module.ooniapi_ooniauth_deployer.aws_iam_role.codepipeline: Refreshing state... [id=codepipeline-ooniapi-ooniauth]
module.ooniapi_ooniprobe.aws_iam_role_policy.ooniapi_service_task: Refreshing state... [id=ooniapi-service-ooniprobe-task-role:ooniapi-service-ooniprobe-task-role]
module.ooniapi_cluster.aws_iam_instance_profile.container_host: Refreshing state... [id=ooniapi-ecs-cluster]
module.ooniapi_cluster.aws_iam_role_policy.container_host: Refreshing state... [id=ooniapi-ecs-cluster-container-host-role:ooniapi-ecs-cluster-instance-role-policy]
module.ooniapi_oonirun_deployer.aws_iam_role.codepipeline: Refreshing state... [id=codepipeline-ooniapi-oonirun]
module.oonith_oohelperd_deployer.aws_iam_role.codepipeline: Refreshing state... [id=codepipeline-oonith-oohelperd]
module.ooniapi_oonirun.aws_iam_role_policy.ooniapi_service_task: Refreshing state... [id=ooniapi-service-oonirun-task-role:ooniapi-service-oonirun-task-role]
module.oonith_oohelperd.aws_iam_role_policy.oonith_service_task: Refreshing state... [id=oonith-service-oohelperd-task-role:oonith-service-oohelperd-task-role]
module.ooniapi_user.aws_iam_user_policy.ooniapi: Refreshing state... [id=oonidevops-ooniapi:oonidevops-ooniapi-policy]
module.ooniapi_user.aws_iam_access_key.ooniapi: Refreshing state... [id=AKIA5FTZELIYSK2XEVOT]
module.adm_iam_roles.aws_secretsmanager_secret_version.oonidevops_deploy_key: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/deploy_key/ssh_key_private-J5OsZt|terraform-20240310164138349500000001]
module.ooniapi_ooniprobe_deployer.aws_iam_role.codepipeline: Refreshing state... [id=codepipeline-ooniapi-ooniprobe]
aws_secretsmanager_secret_version.jwt_secret: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooni_services/jwt_secret-NUESvS|terraform-20240310182536838400000005]
module.oonith_cluster.aws_iam_instance_profile.container_host: Refreshing state... [id=oonith-ecs-cluster]
module.oonith_cluster.aws_iam_role_policy.container_host: Refreshing state... [id=oonith-ecs-cluster-container-host-role:oonith-ecs-cluster-instance-role-policy]
module.ooniapi_ooniauth.aws_iam_role_policy.ooniapi_service_task: Refreshing state... [id=ooniapi-service-ooniauth-task-role:ooniapi-service-ooniauth-task-role]
module.ooniapi_oonirun.aws_route53_record.ooniapi_service_validation["oonirun.api.dev.ooni.io"]: Refreshing state... [id=Z055356431RGCLK3JXZDL__2eedf4cd60d6661d37cc36317849f2a4.oonirun.api.dev.ooni.io._CNAME]
module.oonidevops_github_user.aws_iam_user_policy_attachment.oonidevops_github: Refreshing state... [id=oonidevops-github-20240313195612421500000001]
module.oonidevops_github_user.aws_iam_access_key.oonidevops_github: Refreshing state... [id=AKIA5FTZELIYXDN55SMS]
module.ooniapi_frontend.aws_route53_record.ooniapi_cert_validation["api.dev.ooni.io"]: Refreshing state... [id=Z055356431RGCLK3JXZDL__cd4729fc0c282e771d056e719a7bdf4f.api.dev.ooni.io._CNAME]
module.oonith_oohelperd.aws_route53_record.oonith_service_validation["5.th.dev.ooni.io"]: Refreshing state... [id=Z055356431RGCLK3JXZDL__f4d7512857371619137500b772693ba2.5.th.dev.ooni.io._CNAME]
module.oonith_oohelperd.aws_route53_record.oonith_service_validation["6.th.dev.ooni.io"]: Refreshing state... [id=Z055356431RGCLK3JXZDL__5a723a4916c23c6d307e545f032ad8b6.6.th.dev.ooni.io._CNAME]
module.oonith_oohelperd.aws_route53_record.oonith_service_validation["oohelperd.th.dev.ooni.io"]: Refreshing state... [id=Z055356431RGCLK3JXZDL__bcaab73c83b6b1e544f8d6a172071b8b.oohelperd.th.dev.ooni.io._CNAME]
aws_secretsmanager_secret_version.prometheus_metrics_password: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooni_services/prometheus_metrics_password-M8BbRw|terraform-20240314200140936700000008]
module.ooniapi_ooniprobe.aws_route53_record.ooniapi_service_validation["ooniprobe.api.dev.ooni.io"]: Refreshing state... [id=Z055356431RGCLK3JXZDL__f976c78b8792bbc3f04508cf0574e363.ooniprobe.api.dev.ooni.io._CNAME]
module.oonith_cluster.aws_ecs_cluster.main: Refreshing state... [id=arn:aws:ecs:eu-central-1:905418398257:cluster/oonith-ecs-cluster]
module.ooniapi_cluster.aws_ecs_cluster.main: Refreshing state... [id=arn:aws:ecs:eu-central-1:905418398257:cluster/ooniapi-ecs-cluster]
module.ooniapi_ooniauth.aws_route53_record.ooniapi_service_validation["ooniauth.api.dev.ooni.io"]: Refreshing state... [id=Z055356431RGCLK3JXZDL__e8e7f4bd29329533805dd684fb3c1cf5.ooniauth.api.dev.ooni.io._CNAME]
module.ooniapi_user.aws_secretsmanager_secret_version.aws_secret_access_key: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooniapi_user/aws_secret_access_key-L0DQDr|terraform-20240314200140914600000006]
module.ooniapi_user.aws_secretsmanager_secret_version.aws_access_key_id: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooniapi_user/aws_access_key_id-EcXOBx|terraform-20240314200140918400000007]
module.oonidevops_github_user.aws_secretsmanager_secret_version.oonidevops_github: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/github_user/access_key_json-9JTJgd|terraform-20240519071250187000000004]
module.ooniapi_frontend.aws_acm_certificate_validation.ooniapi: Refreshing state... [id=2024-03-10 17:19:18.261 +0000 UTC]
aws_codestarconnections_connection.oonidevops: Refreshing state... [id=arn:aws:codestar-connections:eu-central-1:905418398257:connection/6bd492f6-c11d-43ec-92b0-24c47700d528]
module.terraform_state_backend.data.aws_region.current: Reading...
module.terraform_state_backend.data.aws_region.current: Read complete after 0s [id=eu-central-1]
module.oonith_oohelperd.aws_ecs_task_definition.oonith_service: Refreshing state... [id=oonith-service-oohelperd-td]
module.oonipg.random_password.pg_password: Refreshing state... [id=none]
module.oonipg.aws_secretsmanager_secret.pg_password: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooni-tier0-postgres/pg_password-OjzOJC]
module.network.aws_vpc.main: Refreshing state... [id=vpc-0e382f3ad89286de9]
module.terraform_state_backend.aws_s3_bucket.default[0]: Refreshing state... [id=oonidevops-dev-terraform-state]
module.terraform_state_backend.data.aws_iam_policy_document.bucket_policy[0]: Reading...
module.terraform_state_backend.data.aws_iam_policy_document.bucket_policy[0]: Read complete after 0s [id=2666303363]
module.terraform_state_backend.data.aws_iam_policy_document.aggregated_policy[0]: Reading...
module.terraform_state_backend.data.aws_iam_policy_document.aggregated_policy[0]: Read complete after 0s [id=2666303363]
module.terraform_state_backend.aws_dynamodb_table.with_server_side_encryption[0]: Refreshing state... [id=oonidevops-dev-terraform-state-lock]
module.oonipg.aws_secretsmanager_secret_version.pg_password: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooni-tier0-postgres/pg_password-OjzOJC|terraform-20240310155428358300000002]
module.ooniapi_oonirun_deployer.aws_iam_policy.codebuild: Refreshing state... [id=arn:aws:iam::905418398257:policy/service-role/codebuild-oonirun-eu-central-1]
module.ooniapi_ooniprobe_deployer.aws_iam_policy.codebuild: Refreshing state... [id=arn:aws:iam::905418398257:policy/service-role/codebuild-ooniprobe-eu-central-1]
module.oonith_oohelperd_deployer.aws_iam_policy.codebuild: Refreshing state... [id=arn:aws:iam::905418398257:policy/service-role/codebuild-oohelperd-eu-central-1]
module.ooniapi_ooniauth_deployer.aws_iam_policy.codebuild: Refreshing state... [id=arn:aws:iam::905418398257:policy/service-role/codebuild-ooniauth-eu-central-1]
module.oonith_oohelperd_deployer.aws_iam_role.codebuild: Refreshing state... [id=codebuild-oonith-oohelperd]
module.ooniapi_ooniauth_deployer.aws_iam_role.codebuild: Refreshing state... [id=codebuild-ooniapi-ooniauth]
module.ooniapi_ooniprobe_deployer.aws_iam_role.codebuild: Refreshing state... [id=codebuild-ooniapi-ooniprobe]
module.ooniapi_oonirun_deployer.aws_iam_role.codebuild: Refreshing state... [id=codebuild-ooniapi-oonirun]
module.ooniapi_ooniprobe_deployer.aws_codebuild_project.ooniapi: Refreshing state... [id=arn:aws:codebuild:eu-central-1:905418398257:project/ooniapi-ooniprobe]
module.ooniapi_ooniauth_deployer.aws_codebuild_project.ooniapi: Refreshing state... [id=arn:aws:codebuild:eu-central-1:905418398257:project/ooniapi-ooniauth]
module.oonith_oohelperd_deployer.aws_codebuild_project.oonith: Refreshing state... [id=arn:aws:codebuild:eu-central-1:905418398257:project/oonith-oohelperd]
module.ooniapi_oonirun_deployer.aws_codebuild_project.ooniapi: Refreshing state... [id=arn:aws:codebuild:eu-central-1:905418398257:project/ooniapi-oonirun]
module.network.aws_egress_only_internet_gateway.egress_gw: Refreshing state... [id=eigw-03afee035e0b6729a]
module.network.aws_internet_gateway.gw: Refreshing state... [id=igw-0c080e9b235ed29d1]
module.oonith_oohelperd.aws_security_group.oonith_service_ecs: Refreshing state... [id=sg-0a7e0661bbdf6b4b0]
module.ooniapi_ooniprobe.aws_alb_target_group.ooniapi_service_mapped: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:targetgroup/oooonM20240418080130683000000005/c354f69594522da6]
module.ooni_backendproxy.aws_alb_target_group.oonibackend_proxy: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:targetgroup/oobpx20240422160053180600000001/1ec17e88e2467a5b]
module.ooniapi_ooniprobe.aws_security_group.ooniapi_service_ecs: Refreshing state... [id=sg-084e73288da856ff5]
module.ooniapi_ooniauth.aws_security_group.ooniapi_service_ecs: Refreshing state... [id=sg-0d4efdff6d32f5b2b]
module.oonith_cluster.aws_security_group.web: Refreshing state... [id=sg-097a9e3bffe3f2331]
module.ooniapi_cluster.aws_security_group.web: Refreshing state... [id=sg-0187eedfe39538357]
module.oonipg.aws_security_group.pg: Refreshing state... [id=sg-005ca579eb9c08cda]
module.ooniapi_oonirun.aws_security_group.ooniapi_service_ecs: Refreshing state... [id=sg-07d3c73567451826a]
module.ooniapi_ooniauth.aws_alb_target_group.ooniapi_service_mapped: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:targetgroup/oooonM20240418080130682900000002/0d6a2f45a6e755bc]
module.ooniapi_ooniauth.aws_alb_target_group.ooniapi_service_direct: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:targetgroup/oooonD20240418080130683000000007/0e1654fb92841045]
module.oonith_oohelperd.aws_alb_target_group.oonith_service_direct: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:targetgroup/oooohD20240418080130682900000003/50a9b48b158881a2]
module.ooni_backendproxy.aws_security_group.nginx_sg: Refreshing state... [id=sg-050fe64c8d862ab5e]
module.ooniapi_oonirun.aws_alb_target_group.ooniapi_service_direct: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:targetgroup/oooonD20240418080130683000000004/4e00323e6ab8d637]
module.ooniapi_oonirun.aws_alb_target_group.ooniapi_service_mapped: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:targetgroup/oooonM20240418080130682900000001/4d1af4487552b416]
module.ooniapi_ooniprobe.aws_alb_target_group.ooniapi_service_direct: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:targetgroup/oooonD20240418080130683000000006/99675eb000679c2b]
module.oonith_cluster.aws_security_group.container_host: Refreshing state... [id=sg-002f5c42f6ef346a3]
module.network.aws_route_table.public: Refreshing state... [id=rtb-0ccb0852e6a365a95]
module.network.aws_subnet.public[0]: Refreshing state... [id=subnet-0e7a4478be988463f]
module.network.aws_subnet.public[1]: Refreshing state... [id=subnet-0b18966cccfc9d5ef]
module.network.aws_eip.nat[0]: Refreshing state... [id=eipalloc-022fb13a0c7ddb626]
module.network.aws_eip.nat[1]: Refreshing state... [id=eipalloc-03be8df34b488c314]
module.network.aws_subnet.private[1]: Refreshing state... [id=subnet-0b899a7ad10406d06]
module.network.aws_subnet.private[0]: Refreshing state... [id=subnet-09314a43ec89d6331]
module.terraform_state_backend.aws_s3_bucket_server_side_encryption_configuration.default[0]: Refreshing state... [id=oonidevops-dev-terraform-state]
module.terraform_state_backend.aws_s3_bucket_public_access_block.default[0]: Refreshing state... [id=oonidevops-dev-terraform-state]
module.terraform_state_backend.aws_s3_bucket_versioning.default[0]: Refreshing state... [id=oonidevops-dev-terraform-state]
module.ooniapi_cluster.aws_security_group.container_host: Refreshing state... [id=sg-0aa6a97400b619de3]
module.oonith_cluster.aws_launch_template.container_host: Refreshing state... [id=lt-0cc1023af38e0c608]
module.ooni_backendproxy.aws_launch_template.ooni_backendproxy: Refreshing state... [id=lt-02ae2b46369a252fe]
module.network.aws_route_table_association.public[0]: Refreshing state... [id=rtbassoc-0dbd7fb16801ee049]
module.network.aws_route_table_association.public[1]: Refreshing state... [id=rtbassoc-08ab18165bf481054]
module.network.aws_nat_gateway.nat_gw[0]: Refreshing state... [id=nat-09236631cadad72ab]
module.network.aws_nat_gateway.nat_gw[1]: Refreshing state... [id=nat-0eae7a2d1734db8c7]
module.oonipg.aws_db_subnet_group.pg: Refreshing state... [id=ooni-tier0-postgres-dbsng]
module.ooniapi_ooniauth.aws_alb.ooniapi_service: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:loadbalancer/app/ooniapi-service-ooniauth/b23b435019fd8ab3]
module.ooniapi_oonirun.aws_alb.ooniapi_service: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:loadbalancer/app/ooniapi-service-oonirun/b9f74ff75fec23f6]
module.ooniapi_ooniprobe.aws_alb.ooniapi_service: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:loadbalancer/app/ooniapi-service-ooniprobe/e1c3628a052086fd]
module.ooniapi_frontend.aws_alb.ooniapi: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:loadbalancer/app/ooni-tier0-api-frontend/52df1e7ac0eb1ea6]
module.oonith_oohelperd.aws_alb.oonith_service: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:loadbalancer/app/oonith-service-oohelperd/f593bd31a53fe9b8]
module.terraform_state_backend.aws_s3_bucket_policy.default[0]: Refreshing state... [id=oonidevops-dev-terraform-state]
module.ooniapi_cluster.aws_launch_template.container_host: Refreshing state... [id=lt-0e328a8671f870c64]
module.network.aws_route_table.private[0]: Refreshing state... [id=rtb-011463437da96c77b]
module.network.aws_route_table.private[1]: Refreshing state... [id=rtb-0666b737c5e9dd271]
module.oonith_cluster.aws_autoscaling_group.container_host: Refreshing state... [id=oonith-ecs-cluster20240402135340671300000005]
module.ooni_backendproxy.aws_autoscaling_group.oonibackend_proxy: Refreshing state... [id=ooni-backendproxy-asg-20240310162930616000000001]
module.terraform_state_backend.time_sleep.wait_for_aws_s3_bucket_settings[0]: Refreshing state... [id=2024-03-10T15:06:17Z]
module.network.aws_route_table_association.private[0]: Refreshing state... [id=rtbassoc-0e7933e6b804ff2c1]
module.network.aws_route_table_association.private[1]: Refreshing state... [id=rtbassoc-00c843739fe29695a]
module.ooniapi_cluster.aws_autoscaling_group.container_host: Refreshing state... [id=ooniapi-ecs-cluster20240310192644083800000003]
module.terraform_state_backend.aws_s3_bucket_ownership_controls.default[0]: Refreshing state... [id=oonidevops-dev-terraform-state]
module.ooniapi_ooniauth.aws_alb_listener.ooniapi_service_http: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener/app/ooniapi-service-ooniauth/b23b435019fd8ab3/6a4847ad88d80668]
module.ooniapi_ooniauth.aws_route53_record.ooniapi_service: Refreshing state... [id=Z055356431RGCLK3JXZDL_ooniauth.api.dev.ooni.io_A]
module.ooniapi_ooniauth.aws_alb_listener.front_end_https: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener/app/ooniapi-service-ooniauth/b23b435019fd8ab3/65afb2dc6b055829]
module.ooniapi_oonirun.aws_alb_listener.front_end_https: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener/app/ooniapi-service-oonirun/b9f74ff75fec23f6/b7c2581f2b3ac357]
module.ooniapi_oonirun.aws_route53_record.ooniapi_service: Refreshing state... [id=Z055356431RGCLK3JXZDL_oonirun.api.dev.ooni.io_A]
module.ooniapi_oonirun.aws_alb_listener.ooniapi_service_http: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener/app/ooniapi-service-oonirun/b9f74ff75fec23f6/f8565f9258861bb5]
module.ooniapi_ooniprobe.aws_alb_listener.front_end_https: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener/app/ooniapi-service-ooniprobe/e1c3628a052086fd/ae5c1586eda58113]
module.ooniapi_ooniprobe.aws_route53_record.ooniapi_service: Refreshing state... [id=Z055356431RGCLK3JXZDL_ooniprobe.api.dev.ooni.io_A]
module.ooniapi_ooniprobe.aws_alb_listener.ooniapi_service_http: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener/app/ooniapi-service-ooniprobe/e1c3628a052086fd/7869359b1011bd9c]
module.oonith_oohelperd.aws_alb_listener.front_end_https: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener/app/oonith-service-oohelperd/f593bd31a53fe9b8/7019bdcf99c58221]
module.oonith_oohelperd.aws_route53_record.oonith_service: Refreshing state... [id=Z055356431RGCLK3JXZDL_oohelperd.th.dev.ooni.io_A]
module.oonith_oohelperd.aws_alb_listener.oonith_service_http: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener/app/oonith-service-oohelperd/f593bd31a53fe9b8/2303610c118b5d5a]
module.oonith_oohelperd.aws_route53_record.oonith_service_alias["5.th.dev.ooni.io"]: Refreshing state... [id=Z055356431RGCLK3JXZDL_5.th.dev.ooni.io_A]
module.oonith_oohelperd.aws_route53_record.oonith_service_alias["6.th.dev.ooni.io"]: Refreshing state... [id=Z055356431RGCLK3JXZDL_6.th.dev.ooni.io_A]
module.ooniapi_frontend.aws_alb_listener.ooniapi_listener_https: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener/app/ooni-tier0-api-frontend/52df1e7ac0eb1ea6/2f500e01e10ba5cd]
module.ooniapi_frontend.aws_route53_record.ooniapi: Refreshing state... [id=Z055356431RGCLK3JXZDL_api.dev.ooni.io_A]
module.ooniapi_frontend.aws_alb_listener.ooniapi_listener_http: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener/app/ooni-tier0-api-frontend/52df1e7ac0eb1ea6/d9b2448464179cd1]
module.ooniapi_ooniauth.aws_acm_certificate_validation.ooniapi_service: Refreshing state... [id=2024-03-14 19:35:39.331 +0000 UTC]
module.ooniapi_oonirun.aws_acm_certificate_validation.ooniapi_service: Refreshing state... [id=2024-03-14 17:00:38.999 +0000 UTC]
module.ooni_backendproxy.aws_autoscaling_attachment.oonibackend_proxy: Refreshing state... [id=ooni-backendproxy-asg-20240310162930616000000001-20240422160054639200000002]
module.ooniapi_ooniprobe.aws_acm_certificate_validation.ooniapi_service: Refreshing state... [id=2024-04-08 12:35:09.968 +0000 UTC]
module.oonipg.aws_db_instance.pg: Refreshing state... [id=db-27N7Q6XIBNASFCOXN4N7C762L4]
module.oonith_oohelperd.aws_acm_certificate_validation.oonith_service: Refreshing state... [id=2024-04-17 09:11:44.786 +0000 UTC]
module.oonith_oohelperd.aws_ecs_service.oonith_service: Refreshing state... [id=arn:aws:ecs:eu-central-1:905418398257:service/oonith-ecs-cluster/oonith-service-oohelperd]
module.ooniapi_frontend.aws_lb_listener_rule.ooniapi_ooniprobe_rule: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener-rule/app/ooni-tier0-api-frontend/52df1e7ac0eb1ea6/2f500e01e10ba5cd/2b09ed268181ba4f]
module.ooniapi_frontend.aws_lb_listener_rule.ooniapi_oonirun_rule: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener-rule/app/ooni-tier0-api-frontend/52df1e7ac0eb1ea6/2f500e01e10ba5cd/65e6f5e3aca0a4e5]
module.ooniapi_frontend.aws_lb_listener_rule.ooniapi_ooniauth_rule: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener-rule/app/ooni-tier0-api-frontend/52df1e7ac0eb1ea6/2f500e01e10ba5cd/128c53ea760208fc]
aws_secretsmanager_secret_version.oonipg_url: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooni-tier0-postgres/postgresql_url-w62CTZ|terraform-20240310182536837800000004]
aws_route53_record.postgres_dns: Refreshing state... [id=Z091407123AEJO90Z3H6D_postgres.dev.ooni.nu_CNAME]
module.oonith_oohelperd_deployer.aws_codepipeline.oonith: Refreshing state... [id=oonith-oohelperd]
module.ooniapi_ooniprobe.aws_ecs_task_definition.ooniapi_service: Refreshing state... [id=ooniapi-service-ooniprobe-td]
module.ooniapi_ooniauth.aws_ecs_task_definition.ooniapi_service: Refreshing state... [id=ooniapi-service-ooniauth-td]
module.ooniapi_oonirun.aws_ecs_task_definition.ooniapi_service: Refreshing state... [id=ooniapi-service-oonirun-td]
module.ooniapi_ooniprobe.aws_ecs_service.ooniapi_service: Refreshing state... [id=arn:aws:ecs:eu-central-1:905418398257:service/ooniapi-ecs-cluster/ooniapi-service-ooniprobe]
module.ooniapi_ooniauth.aws_ecs_service.ooniapi_service: Refreshing state... [id=arn:aws:ecs:eu-central-1:905418398257:service/ooniapi-ecs-cluster/ooniapi-service-ooniauth]
module.ooniapi_oonirun.aws_ecs_service.ooniapi_service: Refreshing state... [id=arn:aws:ecs:eu-central-1:905418398257:service/ooniapi-ecs-cluster/ooniapi-service-oonirun]
module.ooniapi_ooniprobe_deployer.aws_codepipeline.ooniapi: Refreshing state... [id=ooniapi-ooniprobe]
module.ooniapi_oonirun_deployer.aws_codepipeline.ooniapi: Refreshing state... [id=ooniapi-oonirun]
module.ooniapi_ooniauth_deployer.aws_codepipeline.ooniapi: Refreshing state... [id=ooniapi-ooniauth]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # module.ooni_backendproxy.aws_launch_template.ooni_backendproxy will be updated in-place
  ~ resource "aws_launch_template" "ooni_backendproxy" {
        id                                   = "lt-02ae2b46369a252fe"
      ~ image_id                             = (sensitive value)
      ~ latest_version                       = 12 -> (known after apply)
        name                                 = "ooni-backendproxy-nginx-tmpl-20240310162527731600000004"
        tags                                 = {}
        # (16 unchanged attributes hidden)

        # (2 unchanged blocks hidden)
    }

  # module.ooniapi_cluster.aws_launch_template.container_host will be updated in-place
  ~ resource "aws_launch_template" "container_host" {
      ~ default_version                      = 13 -> (known after apply)
        id                                   = "lt-0e328a8671f870c64"
      ~ image_id                             = (sensitive value)
      ~ latest_version                       = 13 -> (known after apply)
        name                                 = "ooniapi-ecs-cluster20240310192643664900000001"
        tags                                 = {}
        # (16 unchanged attributes hidden)

        # (4 unchanged blocks hidden)
    }

  # module.oonith_cluster.aws_launch_template.container_host will be updated in-place
  ~ resource "aws_launch_template" "container_host" {
      ~ default_version                      = 8 -> (known after apply)
        id                                   = "lt-0cc1023af38e0c608"
      ~ image_id                             = (sensitive value)
      ~ latest_version                       = 8 -> (known after apply)
        name                                 = "oonith-ecs-cluster20240402135339541700000003"
        tags                                 = {}
        # (16 unchanged attributes hidden)

        # (4 unchanged blocks hidden)
    }

Plan: 0 to add, 3 to change, 0 to destroy.

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.
Pusher @hellais
Action pull_request
Environment dev
Workflow .github/workflows/check_terraform.yml
Last updated Mon, 29 Jul 2024 15:50:11 GMT

@hellais hellais merged commit 572719c into main Jul 29, 2024
3 checks passed
@hellais hellais deleted the code-sign-box branch July 29, 2024 15:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Finalize CloudHSM setup
1 participant
@hellais