awslabs · Chancebair · Aug 23, 2019 · Aug 21, 2019 · Aug 22, 2019 · Aug 23, 2019
diff --git a/README.md b/README.md
@@ -267,6 +267,8 @@ bff/bin/anubis --results <ACTION_ID>
 ./anubis-setup --region us-east-1 --prefix-list-id pl-xxxxxxxx --destroy
 ```
 
+*Note - There is a bug in terraform where security group don't get revoked before security group deletion causing timeout https://github.com/hashicorp/terraform/issues/8617*
+
 ## Great, what's next?
 
 Write your own benchmarks!

diff --git a/baictl/Makefile b/baictl/Makefile
@@ -29,6 +29,10 @@ destroy-infra: check-parameter-region venv _destroy-infra
 _destroy-infra:
  ./baictl destroy infra --aws-region=$(AWS_REGION)
 
+sync-infra: check-parameter-region venv _sync-infra
+_sync-infra:
+ ./baictl sync infra --aws-region=$(AWS_REGION) --mode=pull
+
 publish:
  echo "Nothing to publish"
 

diff --git a/ci/anubis-driver.py b/ci/anubis-driver.py
@@ -120,12 +120,12 @@ def add_args(cls, parser):
 def s3_remote_state_bucket(config, region, session):
  # Ensure bucket exists for remote state
  sts = session.client("sts")
- if os.path.exists(".terraform/ci-backend-config"):
+ if os.path.exists(os.path.join(os.path.dirname(__file__), ".terraform/ci-backend-config")):
  ci_backend_config = open(".terraform/ci-backend-config", "r").read()
  if sts.get_caller_identity()["Account"] not in ci_backend_config:
  os.remove(".terraform/ci-backend-config")
  config["bucket"] = None
- if os.path.exists(".terraform/terraform.tfstate"):
+ if os.path.exists(os.path.join(os.path.dirname(__file__), ".terraform/terraform.tfstate")):
  os.remove(".terraform/terraform.tfstate")
 
  if config["bucket"] is None:
@@ -179,6 +179,35 @@ def add_current_user_arn(config, session):
  config["extra_users"] = ",".join(extra_users_config)
 
 
+def sync_baictl(session, region):
+ os.environ["AWS_REGION"] = region
+
+ print(f"=> Calling `./baictl sync infra --aws-region={region}` in baictl to get kubeconfig")
+
+ if os.path.exists(os.path.join(os.path.dirname(__file__), "../baictl/drivers/aws/cluster/.terraform")):
+ return_code = subprocess.call(["rm", "-rf", "drivers/aws/cluster/.terraform"], cwd="../baictl")
+ if return_code != 0:
+ raise Exception(f"Failure calling `rm -rf drivers/aws/cluster/.terraform` in baictl: {return_code}")
+
+ return_code = subprocess.call(["make", "sync-infra"], cwd="../baictl")
+ if return_code != 0:
+ raise Exception(f"Failure calling `make sync-infra` in baictl: {return_code}")
+
+
+def undeploy_services():
+ parent_dir = os.path.join(os.path.dirname(__file__), "..")
+ service_dirs = [
+ f
+ for f in os.listdir(parent_dir)
+ if os.path.isdir(os.path.join(parent_dir, f)) and os.path.exists(os.path.join(parent_dir, f) + "/Makefile")
+ ]
+
+ for folder in service_dirs:
+ return_code = subprocess.call(["make", "undeploy"], cwd=f"../{folder}")
+ if return_code != 0:
+ raise Exception(f"Failure calling `make undeploy` in {folder}: {return_code}")
+
+
 def main():
  print(Figlet().renderText("anubis setup"))
  parser = argparse.ArgumentParser()
@@ -212,7 +241,9 @@ def main():
 
  # Destroy pipeline and infrastructure
  if args.destroy:
+ sync_baictl(session, region)
  destroy_pipeline(region)
+ undeploy_services()
  destroy_infrastructure(region)
  return
 
@@ -228,7 +259,6 @@ def main():
  # Create pipeline which creates infrastructure and deploys services
  print(f"=> Calling `terraform plan --out=terraform.plan`")
  return_code = subprocess.call(["terraform", "plan", "--out=terraform.plan"])
-
  if return_code != 0:
  raise Exception(f"Failure calling `terraform plan`: {return_code}")
  print("=> Calling `terraform apply`")
@@ -252,33 +282,38 @@ def rm(path):
 
 
 def destroy_pipeline(region):
- # HACK: Rules don't get revoked causing timeout on security group destroy
- group_id = subprocess.check_output(["terraform", "output", "blackbox_vpc_default_group_id"]).strip()
- source_group = subprocess.check_output(["terraform", "output", "blackbox_public_group_id"]).strip()
- return_code = subprocess.call(
- [
- "aws",
- "ec2",
- "revoke-security-group-ingress",
- "--region",
- region,
- "--group-id",
- group_id,
- "--source-group",
- source_group,
- "--protocol",
- "all",
- ]
- )
+ # HACK: Rules don't get revoked causing timeout on security group destroy https://github.com/hashicorp/terraform/issues/8617
+ devnull = open(os.devnull, "w")
+ if (
+ subprocess.call(["terraform", "output", "blackbox_vpc_default_group_id"], stderr=devnull) == 0
+ and subprocess.call(["terraform", "output", "blackbox_public_group_id"], stderr=devnull) == 0
+ ):
+ group_id = subprocess.check_output(["terraform", "output", "blackbox_vpc_default_group_id"]).strip()
+ source_group = subprocess.check_output(["terraform", "output", "blackbox_public_group_id"]).strip()
+ return_code = subprocess.call(
+ [
+ "aws",
+ "ec2",
+ "revoke-security-group-ingress",
+ "--region",
+ region,
+ "--group-id",
+ group_id,
+ "--source-group",
+ source_group,
+ "--protocol",
+ "all",
+ ]
+ )
  print("=> Calling `terraform destroy` to destroy pipeline")
  return_code = subprocess.call(["terraform", "destroy", "-auto-approve"])
  if return_code != 0:
  raise Exception(f"Failure calling `terraform destroy`: {return_code}")
 
 
 def destroy_infrastructure(region):
- print("=> Calling `make destroy-infra` in baictl to destroy infrastructure")
  os.environ["AWS_REGION"] = region
+ print("=> Calling `make destroy-infra` in baictl to destroy infrastructure")
  return_code = subprocess.call(["make", "destroy-infra"], cwd="../baictl")
  if return_code != 0:
  raise Exception(f"Failure calling `make destroy` in baictl: {return_code}")