[Part 3/3] Use latest OS image and use new metadata format (#60)

jcscottiii · web-flow · commit 89ac98641ecc · 2022-09-06T15:06:43.000-04:00
* [Part 3/3] Use latest OS image and use new metadata format

- Removes the hardcoded OS image so that terraform will build a template
  with the latest os image
- Previously, the metadata was hardcoded to ensure there were no diffs
  upon upgrading to the latest version of terraform. This change now
uses the new format for metadata for containers. (Which would have
caused a diff in part 1)

* Update the cert-renewers update policy &amp; README

The cert-renewers had a different update policy. As a result, it needs
more steps to deploy it after the terraform apply. This change makes it
the same as the wpt live server.

Also update the README for process wise what to do. The terraform
changes should be approved before you do the deploy (which changes the
state file). Create a PR with the terraform change, get it approved.
Then do the deployment and create a separate PR with the state file
changes
diff --git a/README.md b/README.md
@@ -173,3 +173,6 @@ Cloud Platform with the state described by the configuration files in this
 repository:
 
     terraform apply
+
+Create a separate PR with the changes to the terraform.tfstate file after the
+deployment is successful.
diff --git a/infrastructure/web-platform-tests/compute.tf b/infrastructure/web-platform-tests/compute.tf
@@ -141,27 +141,7 @@ resource "google_compute_instance_template" "wpt_server" {
   # startup-script and tf_depends_id comes from the module previously used for wpt-server. (see link at top)
   # TODO: evaluate if those two should be removed.
   metadata = {
-    # "${module.wpt-server-container.metadata_key}" = module.wpt-server-container.metadata_value
-    # The value for ${module.wpt-server-container.metadata_key} is temporary. During the upgrade, the metadata rendering changes.
-    # More info: https://github.com/terraform-google-modules/terraform-google-container-vm/blob/master/docs/upgrading_to_v2.0.md
-    # Clarification to the linked docs, metadata changes will destroy the old template and create a new one.
-    # In order to make this as smooth as possible, we will hardcode this.
-    # When ready, remove this temporary metadata and the one on cert-renewer. And uncomment the line above.
-    "${module.wpt-server-container.metadata_key}" = <<-EOT
-              ---
-              spec:
-                containers:
-                - env:
-                  - name: WPT_HOST
-                    value: wpt.live
-                  - name: WPT_ALT_HOST
-                    value: not-wpt.live
-                  - name: WPT_BUCKET
-                    value: wpt-tot-certificates
-                  image: gcr.io/wpt-live/wpt-live-wpt-server-tot@sha256:5d7a3d7a5ca0ba4ca7f6e56ad62aa6342c9ab92d41eea24cc6ce4a9b1e2a6afe
-                restartPolicy: Always
-                volumes: []
-              EOT
+    "${module.wpt-server-container.metadata_key}" = module.wpt-server-container.metadata_value
     "startup-script"                              = ""
     "tf_depends_id"                               = ""
     "google-logging-enabled"                      = "true"
@@ -219,27 +199,7 @@ resource "google_compute_instance_template" "cert_renewers" {
   # startup-script and tf_depends_id comes from the module previously used for cert renewer. (see link at top)
   # TODO: evaluate if those two should be removed.
   metadata = {
-    # "${module.cert-renewer-container.metadata_key}" = module.cert-renewer-container.metadata_value
-    # The value for ${module.cert-renewer-container.metadata_key} is temporary. During the upgrade, the metadata rendering changes.
-    # More info: https://github.com/terraform-google-modules/terraform-google-container-vm/blob/master/docs/upgrading_to_v2.0.md
-    # Clarification to the linked docs, metadata changes will destroy the old template and create a new one.
-    # In order to make this as smooth as possible, we will hardcode this.
-    # When ready, remove this temporary metadata and the one on wpt-server. And uncomment the line above.
-    "${module.cert-renewer-container.metadata_key}" = <<-EOT
-              ---
-              spec:
-                containers:
-                - env:
-                  - name: WPT_HOST
-                    value: wpt.live
-                  - name: WPT_ALT_HOST
-                    value: not-wpt.live
-                  - name: WPT_BUCKET
-                    value: wpt-tot-certificates
-                  image: gcr.io/wpt-live/wpt-live-cert-renewer@sha256:5b3c0a3a2b0d7e2a0e1c0303874d09bb3214aa93dec55ac245cf1c81e7d117d5
-                restartPolicy: Always
-                volumes: []
-              EOT
+    "${module.cert-renewer-container.metadata_key}" = module.cert-renewer-container.metadata_value
     "startup-script"                                = ""
     "tf_depends_id"                                 = ""
     "google-logging-enabled"                        = "true"
@@ -270,9 +230,7 @@ resource "google_compute_instance_group_manager" "cert_renewers" {
   zone = var.zone
 
   update_policy {
-    # The type is different from wpt servers's update policy.
-    # TODO: Evaluate why
-    type                  = "OPPORTUNISTIC"
+    type                  = local.update_policy.type
     minimal_action        = local.update_policy.minimal_action
     max_unavailable_fixed = local.update_policy.max_unavailable_fixed
   }
diff --git a/infrastructure/web-platform-tests/main.tf b/infrastructure/web-platform-tests/main.tf
@@ -15,8 +15,6 @@ module "wpt-server-container" {
   source  = "terraform-google-modules/container-vm/google"
   version = "3.0.0"
 
-  # Temporary variable
-  cos_image_name = var.cos_image_name
   container = {
     image = var.wpt_server_image
     env = [
@@ -42,8 +40,6 @@ module "cert-renewer-container" {
   source  = "terraform-google-modules/container-vm/google"
   version = "3.0.0"
 
-  # Temporary variable
-  cos_image_name = var.cos_image_name
   container = {
     image = var.cert_renewer_image
     env = [
diff --git a/infrastructure/web-platform-tests/variables.tf b/infrastructure/web-platform-tests/variables.tf
@@ -103,9 +103,3 @@ variable "cert_renewer_ports" {
     }
   ]
 }
-
-variable "cos_image_name" {
-  description = "Name of specific COS image. Temporary variable. Will remove here and in main.tf once ready to upgrade. More info: https://github.com/terraform-google-modules/terraform-google-container-vm/blob/5e69eafaaaa8302c5732799e32d1da5c17b7b285/variables.tf#L46"
-  type        = string
-  default     = "cos-stable-85-13310-1209-17"
-}

Original file line number	Diff line number	Diff line change
`@@ -103,9 +103,3 @@ variable "cert_renewer_ports" {`
`103`	`103`	`}`
`104`	`104`	`]`
`105`	`105`	`}`
`106`		`-`
`107`		`-variable "cos_image_name" {`
`108`		`- description = "Name of specific COS image. Temporary variable. Will remove here and in main.tf once ready to upgrade. More info: https://github.com/terraform-google-modules/terraform-google-container-vm/blob/5e69eafaaaa8302c5732799e32d1da5c17b7b285/variables.tf#L46"`
`109`		`- type = string`
`110`		`- default = "cos-stable-85-13310-1209-17"`
`111`		`-}`