From 4fa25a175495f75cc9340baa51e16a8903d6ec08 Mon Sep 17 00:00:00 2001
From: EuAndreh <eu@euandre.org>
Date: Tue, 11 Jun 2019 10:32:58 -0300
Subject: Run shutdown with Ansible instead of Bash

---
 TODOs.org | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'TODOs.org')

diff --git a/TODOs.org b/TODOs.org
index 2f2b85a..6b83283 100644
--- a/TODOs.org
+++ b/TODOs.org
@@ -142,7 +142,10 @@ Also put all of the content of =secrets/*= into vps-state? Maybe rename it to vp
 Right now, secrets are scattered between the two repositories. By moving I can completely remove =git-crypt= from this repository.
 *** Cancelled:
 The =vps-state= repo isn't supposed to centralize all secrets, it's just a storage backend for Terraform files.
-** NEXT Run backup on Terraform destroy action instead of manually in =provision.sh=
+** DOING Run backup on Terraform destroy action instead of manually in =provision.sh=
+Terraform's destroy provisioner isn't well suited for this: in case of failure [[https://www.terraform.io/docs/provisioners/#destroy-time-provisioners][it tries to run the provisioner more than once]]. I'd rather have it fail on the first error.
+
+Instead use Ansible to perform this instead of ad-hoc Bash commands.
 ** DONE Explicitly destroy Droplets before running Terraform apply
 CLOSED: [2019-06-05 Wed 19:48]
 ** DONE Store updated =.tfstate= even in case of deployment failure
-- 
cgit v1.2.3