Skip to content

Commit

Permalink
Merge pull request #113 from geneontology/update_delete_sop
Browse files Browse the repository at this point in the history 
add more terraform instructions for deleting workspaces
  • Loading branch information
@sierra-moxon
sierra-moxon authored Nov 27, 2024
2 parents 6de8bc4 + c44fa5b commit cd0a7b2
Showing 1 changed file with 16 additions and 22 deletions.
38 changes: 16 additions & 22 deletions provision/production/PRODUCTION_PROVISION_README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,25 +32,24 @@ This guide describes the deployment of the `go-fastapi` stack to AWS using Terra

#### DNS:

DNS records are used for `go-fastapi`; they are typically the "production" record and the dev/testing record. Yhe go-deploy tool allows for creating DNS records (type A) that would be populated by the public ip addresses of the aws instance. If you don't use this option, you would need to point this record to the elastic IP of the VM. For testing purposes, you can use: `aes-test-go-fastapi.geneontology.org` or any other record that you create in Route 53.

**NOTE**: If using cloudflare, you would need to point the cloudflare dns record to the elastic IP.

# BREAK FOR NEW DOC #
**NOTE**: For production, API routing is configured via cloudflare, you point the cloudflare dns record to the elastic IP generated with this procedure.

## Configuring and deploying EC2 _instances_:

This is all completed in a dockerized development environment (all commands take place inside the docker container).

1. Prepare _your_ AWS credentials:

Your (personal developer) AWS credentials are used by Terraform to provision the AWS instance and by the provisioned instance to access the certificate store and the S3 buckets used to store Apache logs. These are your personal AWS credentials and should have been appropriately created to give you these permissions.
Your (personal developer) AWS credentials are used by Terraform to provision the AWS instance and by the provisioned
instance to access the certificate store and the S3 buckets used to store Apache logs. These are your personal AWS
credentials and should have been appropriately created to give you these permissions.

**NOTE**: specifically, you will need to supply an `aws_access_key_id` and `aws_secret_access_key`. These will be marked with `REPLACE_ME` in the `go-aws-credentials.sample` file farther down.
**NOTE**: specifically, you will need to supply an `aws_access_key_id` and `aws_secret_access_key`.
These will be marked with `REPLACE_ME` in the `go-aws-credentials.sample` file farther down.

2. SSH Keys

The keys we'll be using can be found in the shared SpderOak store. If you don't know what this is, ask @kltm.
The keys we'll be using can be found in the shared SpiderOak store. If you don't know what this is, ask @kltm.

For testing purposes you can use your own ssh keys. But for production please ask for the go ssh keys.
/tmp/go-ssh.pub
Expand Down Expand Up @@ -172,7 +171,8 @@ Finally, just show the IP address of the AWS instance:
go-deploy --workspace REPLACE_ME_WITH_S3_WORKSPACE_NAME --working-directory aws -verbose -output
```

**NOTE**: write down the IP address of the AWS instance that is created. This can also be found in `REPLACE_ME_WITH_S3_WORKSPACE_NAME.cfg` (e.g. go-api-production-YYYY-MM-DD.cfg).
**NOTE**: write down the IP address of the AWS instance that is created.
This can also be found in `REPLACE_ME_WITH_S3_WORKSPACE_NAME.cfg` (e.g. go-api-production-YYYY-MM-DD.cfg).

Useful details for troubleshooting:
These commands will produce an IP address in the resulting `inventory.json` file.
Expand Down Expand Up @@ -201,18 +201,15 @@ terraform -chdir=aws output # shows public ip of aws instance

These commands continue to be run in the dockerized development environment.

**POSSIBLE CUT START**
```bash
* replace "REPLACE_ME" values in config-instance.yaml for dns_record_name and dns_zone_id,
dns_zone_id should be "Z04640331A23NHVPCC784" and dns_record_name is the FQDN plus the REPLACE_ME_WITH_TERRAFORM_BACKEND, eg. api-production-2024-08-21.geneontology.org
* Location of SSH keys may need to be replaced after copying config-stack.yaml.sample
* S3 credentials are placed in a file using the format described above
* S3 uri if SSL is enabled. Location of SSL certs/key
* QoS mitigation if QoS is enabled
* Use the same workspace name as in the previous step
**POSSIBLE CUT END**

Let's ready the the instance, starting by editing the config:
Let's ready the instance, starting by editing the config:
```bash
cp ./production/config-stack.yaml.sample ./config-stack.yaml
emacs ./config-stack.yaml
Expand Down Expand Up @@ -280,22 +277,19 @@ docker inspect --format "{{json .State.Health }}" go-fastapi

## Destroy Instance and other destructive things:

```bash
# Destroy Using Tool.
# Make sure you point to the correct workspace before destroying the stack by using the -show command or the -output command
go-deploy --workspace REPLACE_ME_WITH_S3_WORKSPACE_NAME --working-directory aws -verbose -destroy
```

```bash
# Destroy Manually
# Make sure you point to the correct workspace before destroying the stack.
# Make sure you point to the correct workspace before destroying the stack.
# You need to be "in" the workspace you want to destroy. You can use the following commands to help you.

terraform -chdir=aws workspace list
terraform -chdir=aws workspace select <NAME_OF_WORKSPACE_THAT_YOU_WANT_TO_DESTROY> # change to the workspace you want to destroy.
terraform -chdir=aws workspace show # shows the name of the current workspace
terraform -chdir=aws show # shows the state you are about to destroy
terraform -chdir=aws destroy # You would need to type Yes to approve.

# Now delete the workspace.
# Now delete the workspace. You need to not be in the workspace that was deleted to do this final removal. We
# pick the default workspace.

terraform -chdir=aws workspace select default # change to default workspace
terraform -chdir=aws workspace delete <NAME_OF_WORKSPACE_THAT_IS_NOT_DEFAULT> # delete workspace.
Expand All @@ -310,7 +304,7 @@ docker run --rm --name go-dev -it geneontology/go-devops-base:tools-jammy-0.4.4
```
In the command above we used the `--rm` option which means the container will be deleted when you exit.
If that is not the intent and you want to delete it later at your own convenience. Use the following `docker run` command.
If that is not the intent, and you want to delete it later at your own convenience. Use the following `docker run` command.
```bash
docker run --name go-dev -it geneontology/go-devops-base:tools-jammy-0.4.4 /bin/bash
Expand Down

0 comments on commit cd0a7b2

Please sign in to comment.