aboutsummaryrefslogtreecommitdiff
path: root/TODOs.org
diff options
context:
space:
mode:
Diffstat (limited to 'TODOs.org')
-rw-r--r--TODOs.org5
1 files changed, 4 insertions, 1 deletions
diff --git a/TODOs.org b/TODOs.org
index 2f2b85a..6b83283 100644
--- a/TODOs.org
+++ b/TODOs.org
@@ -142,7 +142,10 @@ Also put all of the content of =secrets/*= into vps-state? Maybe rename it to vp
Right now, secrets are scattered between the two repositories. By moving I can completely remove =git-crypt= from this repository.
*** Cancelled:
The =vps-state= repo isn't supposed to centralize all secrets, it's just a storage backend for Terraform files.
-** NEXT Run backup on Terraform destroy action instead of manually in =provision.sh=
+** DOING Run backup on Terraform destroy action instead of manually in =provision.sh=
+Terraform's destroy provisioner isn't well suited for this: in case of failure [[https://www.terraform.io/docs/provisioners/#destroy-time-provisioners][it tries to run the provisioner more than once]]. I'd rather have it fail on the first error.
+
+Instead use Ansible to perform this instead of ad-hoc Bash commands.
** DONE Explicitly destroy Droplets before running Terraform apply
CLOSED: [2019-06-05 Wed 19:48]
** DONE Store updated =.tfstate= even in case of deployment failure