I'd like to override an ignore_changes, like the one below.
provider "aws" {
profile = "default"
region = "us-east-1"
}
resource "aws_instance" "example" {
ami = "ami-2757f631"
instance_type = "t2.micro"
lifecycle {
ignore_changes = [instance_type]
}
}
I'd like to override this configuration with one making the instance_type controlled by Terraform again. Is that possible? How do I do that? The configuration with ignore_changes should still exist and be unmodified.
Related
I am trying to change the root activity name in .NET HotChocolate for Elastic APM by creating a custom activity enricher and overriding the CreateRootActivityName method.
public class CustomActivityEnricher : ActivityEnricher
{
public CustomActivityEnricher(ObjectPool<StringBuilder> stringBuilderPoolPool, InstrumentationOptions options):
base(stringBuilderPoolPool, options)
{
}
protected override string CreateRootActivityName(Activity activity, Activity root, string operationDisplayName)
{
return operationDisplayName;
}
}
I added it as a Singleton service, as described in the documentation of HotChocolate and in this video demonstration:
Instrumentation
GraphQL Observability with Elastic and OpenTelemetry - Michael Staib
services.AddSingleton<ActivityEnricher, CustomActivityEnricher>();
But this doesn't seem to work for me. Instead of getting the name of the query I am running, I get the endpoint of my GraphQL server.
Edit:
This is the configuration of my GraphQL server:
services.AddGraphQLServer(schema.Organization.GetGraphId())
...
.AddInstrumentation(o =>
{
o.RenameRootActivity = true;
o.IncludeDocument = true;
});
We solved this by assigning a new name to the APM transaction when diplayName contains '{'
protected override string CreateRootActivityName(Activity activity, Activity root, string displayName)
{
var baseName = base.CreateRootActivityName(activity, root, displayName);
var trans = Agent.Tracer.CurrentTransaction;
if (displayName.Contains('{'))
{
trans.Name = displayName;
}
return baseName;
}
How do I configure App Insights instrumentation for an app service via Terraform? Is it all via app_settings, or is there a resource I am missing?
I create app insights resource:
resource "azurerm_application_insights" "app1" {
for_each = local.all_envs
application_type = "web"
location = azurerm_resource_group.rg-webapps.location
name = "appi-app1-${each.value}"
resource_group_name = azurerm_resource_group.rg-webapps.name
retention_in_days = 30
sampling_percentage = 0
workspace_id = azurerm_log_analytics_workspace.log-analytics-workspace[each.value].id
}
I tie it to my app service:
resource "azurerm_windows_web_app" "app1" {
name = "app1"
location = azurerm_resource_group.rg-webapps.location
resource_group_name = azurerm_resource_group.rg-webapps.name
...
app_settings = {
APPLICATIONINSIGHTS_ROLE_NAME = "role1"
APPINSIGHTS_INSTRUMENTATIONKEY = azurerm_application_insights.app1["dev"].instrumentation_key
APPLICATIONINSIGHTS_CONNECTION_STRING = azurerm_application_insights.app1["dev"].connection_string
}
...
}
But it says application insights is not fully enabled:
Is instrumentation controlled by these config keys, which I have to manually set?
Tried to check with appsettings for instrumentation key and connection string in my case and it was not enabled in portal.
app_settings = {
"APPINSIGHTS_INSTRUMENTATIONKEY" = azurerm_application_insights.<app>.instrumentation_key
"APPLICATIONINSIGHTS_CONNECTION_STRING" = azurerm_application_insights.<app>.connection_string
}
Also include ApplicationInsightsAgent_EXTENSION_VERSION in the app settings .
app_settings = {
"APPINSIGHTS_INSTRUMENTATIONKEY" = azurerm_application_insights.<app>.instrumentation_key
"APPLICATIONINSIGHTS_CONNECTION_STRING" = azurerm_application_insights.<app>.connection_string
"APPINSIGHTS_PORTALINFO" = "ASP.NET"
"APPINSIGHTS_PROFILERFEATURE_VERSION" = "1.0.0"
"ApplicationInsightsAgent_EXTENSION_VERSION" = "~2"
}
For working properly, your app may require additional settings from below: check what works for your app.
"APPINSIGHTS_INSTRUMENTATIONKEY"
"APPINSIGHTS_PROFILERFEATURE_VERSION"
"APPINSIGHTS_SNAPSHOTFEATURE_VERSION"
"APPLICATIONINSIGHTS_CONNECTION_STRING"
"ApplicationInsightsAgent_EXTENSION_VERSION"
"DiagnosticServices_EXTENSION_VERSION"
"InstrumentationEngine_EXTENSION_VERSION"
"SnapshotDebugger_EXTENSION_VERSION"
"XDT_MicrosoftApplicationInsights_BaseExtensions"
"XDT_MicrosoftApplicationInsights_Mode"
And try to set a tag on the azurerm_application_insights as said by nancy in SO reference
resource "azurerm_application_insights" "webapp-ka-repo" {
...
tags {
"hidden-link:/subscriptions/<subscription id>/resourceGroups/<rg name>/providers/Microsoft.Web/sites/<site name>": "Resource"
}
}
or
tags = {
"hidden-link:/subscriptions/${data.azurerm_subscription.current.subscription_id}/resourceGroups/${azurerm_resource_group.example.name}/providers/Microsoft.Web/sites/<sitename>” = "Resource"
}
and check if it is enabled.
i get an error saying that nginx is unable to get my secret key noting that it does exists when i checked it in gcp
when i chekced the logs of nginx-ingress-controller , it gives me this error : Error getting SSL certificate "default/my-certs": local SSL certificate default/my-certs was not found. Using default certificate
module "nginx-controller" {
source = "terraform-iaac/nginx-controller/helm"
namespace = "default"
ip_address = data.google_compute_address.ingress_ip_address.address
depends_on=[kubernetes_secret.store_ssl_private_key]
}
service
resource "kubernetes_service_v1" "exposing_app" {
metadata {
name = "service${var.app}"
}
spec {
selector = {
app = var.app
}
port {
port = 80
target_port = 8080
protocol = "TCP"
name = "grpc-server"
}
}
}
creating secret
resource "kubernetes_secret" "store_ssl_private_key" {
metadata {
name = "my-certs"
}
data = {
"tls.crt" = var.CRT
"tls.key" = var.PRIV_KEY_SSL
"ca.crt" = var.CA
}
type = "kubernetes.io/tls"
}
ingress :
resource "kubernetes_ingress_v1" "exposing_app" {
metadata {
name = "exposingapp"
annotations = {
"kubernetes.io/ingress.class"= "nginx"
#"nginx.ingress.kubernetes.io/ssl-redirect"= "false"
#"nginx.ingress.kubernetes.io/ssl-redirect" = "true"
"nginx.org/grpc-services"= "service${var.app} grpc-server"
"nginx.ingress.kubernetes.io/backend-protocol"="GRPC"
"nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream"= "true"
"nginx.ingress.kubernetes.io/auth-tls-secret"= "default/${kubernetes_secret.store_ssl_private_key.metadata.0.name}"
}
}
spec {
rule {
host = "${var.ENV == "staging" ? var.website_staging:var.website_production}"
http {
path {
backend {
service {
name = kubernetes_service_v1.exposing_app.metadata.0.name
port {
number = 80
}
}
}
path = "/*"
}
}
}
tls {
hosts = ["${var.ENV == "staging" ? var.website_staging:var.website_production}"]
secret_name = kubernetes_secret.store_ssl_private_key.metadata.0.name
}
}
depends_on = [
kubernetes_secret.store_ssl_private_key
]
}
At a first glance, it appears to potentially be related to the way you create the TLS secret in Terraform. In the kubernetes_secret.store_ssl_private_key resource you are setting the various data attributes to Terraform variables. Are you providing those as file() input or simply strings containing the path to the certificate files you have locally?
In order to successfully generate a certificate via Terraform and ensure that it contains the right data, you would have to declare a ca.crt secret attribute of type file, as you would create it via the CLI as indicated here
You could try to decode the base64 value of your secret to ensure that it's properly created. I also found this post that might be helpful in detailing how to create a TLS secret via Terraform.
EDIT1
Another thing that is specified in the official docs for using client certificates is that when they create the secrets they are of type generic and not tls. Could you maybe try and provision a new secret using the commands indicated in the official example? Make sure to also provide the full CA certificate chain for the ca.crt key.
We configure MassTransit to use Azure Service Bus in this way:
mtConfig.UsingAzureServiceBus((context, busConfig) =>
{
busConfig.Host(new HostSettings
{
ServiceUri = new Uri(xxx),
TokenProvider = TokenProvider.CreateManagedIdentityTokenProvider()
});
busConfig.ConfigureJsonSerializer(ConfigureJsonSerialization);
busConfig.ConfigureJsonDeserializer(ConfigureJsonSerialization);
busConfig.ConfigureEndpoints(context);
});
How can we set e.g. subscription properties like EnableDeadLetteringOnMessageExpiration for all the subscriptions created automatically by MassTransit?
Thanks,
Peter
Update
I've tried this (EnableDeadLetteringOnMessageExpiration), but the dead letter option isn't enabled on the subscriptions in the Azure Service Bus (we've deleted all the topics and subscriptions first, so that they were newly created):
mtConfig.UsingAzureServiceBus((context, busConfig) =>
{
busConfig.Host(new HostSettings
{
ServiceUri = new Uri(xxx),
TokenProvider = TokenProvider.CreateManagedIdentityTokenProvider()
});
busConfig.EnableDeadLetteringOnMessageExpiration = true;
busConfig.ConfigureJsonSerializer(ConfigureJsonSerialization);
busConfig.ConfigureJsonDeserializer(ConfigureJsonSerialization);
busConfig.ConfigureEndpoints(context);
});
You can create a class that implements IConfigureReceiveEndpoint (see the docs) and in that function, pattern match the configurator to see if it is Azure Service Bus and set the properties. When registered in the container, MassTransit will run the class against each endpoint.
class ConfigureMyEndpoint :
IConfigureReceiveEndpoint
{
public void Configure(string name, IReceiveEndpointConfigurator configurator)
{
if(configurator is IServiceBusReceiveEndpointConfigurator sb)
{
sb.EnableDeadLetteringOnMessageExpiration = true;
}
}
}
I am trying to migrate between data between 2 containers with option StartFromBeginning =true. while migrating I am also making a small modification to the document also. When I add this logic I live sync between collections is not working. I had used Migrating data from old container to new partitioned container using change feed as reference which works. After deploying there seems to be no error but. How can I check what I am doing wrong. I have also enabled application insights.
namespace CosmosContainerMigration.Trigger
{
public class ContainerMigration
{
private IUpdatedDocument updatedDocument;
public ContainerMigration(IUpdatedDocument updatedDocument)
{
this.updatedDocument = updatedDocument;
}
[FunctionName("CosmosContainerMigration")]
public async Task Run([CosmosDBTrigger(
databaseName: "%SourceDatabaseName%",
collectionName: "%ContainerName%",
ConnectionStringSetting = "connectionString",
StartFromBeginning =true,
LeaseCollectionName ="%ContainerLeaseName%",
CreateLeaseCollectionIfNotExists = true)]IReadOnlyList<Document> source,
[CosmosDB(databaseName:"%TargetDatabaseName%",
collectionName:"%ContainerName%",
ConnectionStringSetting = "connectionString")]IAsyncCollector<Document> destination,
ILogger log)
{
log.LogInformation("Documents modified " + source.Count);
foreach (var item in source)
{
try
{
Document updatedItem = await this.updatedDocument.Update(item);
await destination.AddAsync(updatedItem);
}
catch (Exception)
{
log.LogInformation("Failed document ", item.Id);
throw;
}
}
}
}
}