Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update provision README #37

Merged
merged 5 commits into from
Jun 2, 2024
Merged

Update provision README #37

Changes from 3 commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
5136974
Update tfvars param names and descriptions
jskinne3 May 23, 2024
c312c18
Separate a command so it is easier to copy
jskinne3 May 28, 2024
1e1831a
"Troubleshooting" section created
jskinne3 May 29, 2024
02d34d1
Remove Notify.gov-specific reference
jskinne3 May 31, 2024
2d55a23
Use of terraform show
jskinne3 May 31, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 22 additions & 5 deletions terraform/provision/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,11 @@ You can develop and test the Terraform code for provisioning in isolation from
the broker context here.

1. Copy `terraform.tfvars-template` to `terraform.tfvars`, then edit the content
appropriately. In particular, customize the `instance` and `subdomain`
parameters to avoid collisions in the target AWS account!
appropriately. In particular, set these parameters:
- `instance_name` should be set to something unique to avoid collisions in the target AWS account!
- `domain` should be an empty string if you want to run the full suite of Terraform resources including DNS records.
- `default_domain` should be a domain name including one or more subdomains, such as `dev.ssb.notify.gov`

1. Set these three environment variables:

- AWS_ACCESS_KEY_ID
Expand All @@ -27,11 +30,25 @@ the broker context here.
that you'll have permission to remove any files that get created.

```bash
$ docker run -v `pwd`:`pwd` -w `pwd` -e HOME=`pwd` --user $(id -u):$(id -g) -e TERM -it --rm -e AWS_SECRET_ACCESS_KEY -e AWS_ACCESS_KEY_ID -e AWS_DEFAULT_REGION smtp-provision:latest
docker run -v `pwd`:`pwd` -w `pwd` -e HOME=`pwd` --user $(id -u):$(id -g) -e TERM -it --rm -e AWS_SECRET_ACCESS_KEY -e AWS_ACCESS_KEY_ID -e AWS_DEFAULT_REGION smtp-provision:latest
```

[within the container]
1. Within that container:
```bash
terraform init
terraform apply -auto-approve
terraform apply
[tinker in your editor, run terraform apply, inspect the cluster, repeat]
terraform destroy -auto-approve
exit
```

## Troubleshooting

```
Error creating SES domain identity verification: Expected domain verification Success, but was in state Failed
```
This error occurs when [the timeout](https://github.com/GSA-TTS/datagov-brokerpak-smtp/blob/767bcb71179494a0578c018f8338df4711f1c4fc/terraform/provision/verification.tf#L61) to verify the domain identity is reached. This can be a DNS problem.

Ensure that the domain or subdomain you are working in is reachable by DNS. Ensure that the zone(s) above your subdomain have DNS records which point to your zone — for example if you are using a `default_domain` of `dev.ssb.notify.gov`, ensure that the DNS records at `ssb.notify.gov` correctly indicate a `dev` subdomain. It will need an NS and a DS record.

The [outputs.tf file of usnotify-ssb](https://github.com/GSA/usnotify-ssb/blob/main/outputs.tf#L16) generates instructions on creating DNS records.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should refer to the current repository.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have removed the reference to this Notify.gov-specific repo

Loading