chore(ansible): improve upon rds restoration

knowledge base/cloud computing/aws/iam.md

@@ -9,7 +9,7 @@ Authorization is provided by sending requests to grant the principal access to _
 Such access is given in response to the authorization request **only** if _policies_ exist that grant the principal
 permission to the _actions_ **and** the _resources_ defined in the request.
 
-<details/>
+<details>
   <summary>Example</summary>
 
 When first signing in to the console, one lands on the console's homepage. At this point, one isn't accessing any

knowledge base/cloud computing/aws/rds.md

@@ -110,6 +110,29 @@ If any maintenance event is scheduled before the window, it's **initiated** in t
 complete during the 30-minute maintenance window, while larger events may take more.<br/>
 Maintenance windows are paused when their DB instances are stopped.
 
+> Watch out for changes application order and timing.
+>
+> <details>
+> <summary>Example: creating a DB instance from snapshot with defined Parameter Group</summary>
+>
+> 1. The request of creation from snapshot is received by the AWS APIs.<br/>
+>    The Parameter Group's name is defined here.
+>
+> 1. The DB instance is created with a **default** Parameter Group.
+>
+>    The Parameter group **is** due for change, but this does **NOT** come up as a pending modified value.<br/>
+>    Checks for pending changes **will** miss it.
+>
+> 1. The DB instance's state goes from `creating` to `backing-up`.<br/>
+>    This backup usually takes very little for some unknown reason.
+>
+> 1. The change in Parameter Group is applied now, requiring the DB instance to be rebooted.<br/>
+>    The instance's state goes to `modifying`, then `rebooting`.
+>
+> 1. **NOW** the instance is ready for use.
+>
+> </details>
+
 ## Engine
 
 ### PostgreSQL
@@ -746,6 +769,7 @@ Solution: reboot the source and target instance and retry.
 - [Amazon RDS DB instances]
 - [Maintaining a DB instance]
 - [Disabling AWS RDS backups when creating/updating instances?]
+- [Viewing instance status]
 
 <!--
   Reference
@@ -776,6 +800,7 @@ Solution: reboot the source and target instance and retry.
 [transport postgresql databases between two amazon rds db instances using pg_transport]: https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/transport-postgresql-databases-between-two-amazon-rds-db-instances-using-pg_transport.html
 [transporting postgresql databases between db instances]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/PostgreSQL.TransportableDB.html
 [understanding postgresql roles and permissions]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.PostgreSQL.CommonDBATasks.Roles.html
+[viewing instance status]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/accessing-monitoring.html
 [what is aws database migration service?]: https://docs.aws.amazon.com/dms/latest/userguide/Welcome.html
 [working with db instance read replicas]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ReadRepl.html
 [working with parameter groups]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithParamGroups.html

snippets/ansible/commands.sh

@@ -1,33 +1,33 @@
 #!/usr/bin/env sh
 
-# Generate example configuration files with entries disabled.
+# Generate example configuration files with entries disabled
 ansible-config init --disabled > 'ansible.cfg'
 ansible-config init --disabled -t 'all' > 'ansible.cfg'
 
-# Show the current configuration.
+# Show the current configuration
 ansible-config dump
 
-# List hosts.
+# List hosts
 ansible-inventory -i 'aws_ec2.yml' --list
 ansible-playbook -i 'self-hosting.yml' 'gitlab.yml' --list-hosts
 ansible -i 'webservers.yml' all --list-hosts
 
-# Show hosts' ansible facts.
+# Show hosts' ansible facts
 ansible -i 'inventory.yml' -m 'setup' all
 ansible -i '192.168.1.34,gitlab.lan,' -m 'setup' 'gitlab.lan' -u 'admin'
 ansible -i 'localhost,' -c 'local' -km 'setup' 'localhost'
 
-# List tasks what would be executed.
+# List tasks what would be executed
 ansible-playbook 'gitlab.yml' --list-tasks
 ansible-playbook 'gitlab.yml' --list-tasks --tags 'configuration,packages'
 ansible-playbook 'gitlab.yml' --list-tasks --skip-tags 'system,user'
 
-# Create new roles.
+# Create new roles
 ansible-galaxy init 'gitlab'
 ansible-galaxy role init 'my_role'
 ansible-galaxy role init --type 'container' --init-path 'gitlab' 'name'
 
-# Run playbooks.
+# Run playbooks
 ansible-playbook -DK 'ansible/playbooks/local-network.hosts.configure.yml' \
 	-i 'inventory/local-network.ini' -l 'workstation.lan' -c 'local' -C
 ansible-playbook 'gitlab.yml' \
@@ -45,7 +45,7 @@ ansible-playbook -i 'localhost,' -c 'local' -Dvvv 'playbook.yml' -t 'container_r
 ansible-runner -p 'test_play.yml' --container-image 'example-ee:latest'
 
 # Run playbooks within Execution Environments.
-# Use the '=' between options and their arguments.
+# Use the '=' between options and their arguments
 ansible-runner run \
     --container-volume-mount "$HOME/.aws:/runner/.aws:ro" \
 	--container-image '012345678901.dkr.ecr.eu-west-1.amazonaws.com/ansible-ee:1.2'
@@ -72,7 +72,7 @@ ANSIBLE_CALLBACKS_ENABLED='profile_tasks' ansible-playbook …
 # Validate playbooks
 ansible-playbook 'path/to/playbook.yml' --syntax-check
 
-# Ad-hoc commands.
+# Ad-hoc commands
 ansible -i 'hosts.yml' -m 'ping' 'all'
 ansible -i 'host-1,host-n,' 'hostRegex' -m 'ansible.builtin.shell' -a 'echo $TERM'
 ansible -i 'localhost' -c 'local' 'localhost' -m 'ansible.builtin.copy' -a 'src=/tmp/src dest=/tmp/dest'
@@ -101,15 +101,18 @@ ansible-vault edit 'ssh.key.pub'
 ANSIBLE_VAULT_PASSWORD_FILE='password_file.txt' ansible-vault decrypt --output '.ssh/id_rsa' 'ssh.key'
 diff 'some_role/files/ssh.key.plain' <(ansible-vault view --vault-password-file 'password_file.txt' 'some_role/files/ssh.key.enc')
 
-# List available plugins.
+# List available plugins
 ansible-doc -t 'lookup' -l
 ansible-doc -t 'strategy' -l
 
-# Show plugin-specific docs and examples.
+# List installed collections
+ansible-galaxy collection list
+
+# Show plugin-specific docs and examples
 ansible-doc -t 'lookup' 'fileglob'
 ansible-doc -t 'strategy' 'linear'
 
-# Run commands within Execution Environments.
+# Run commands within Execution Environments
 ansible-navigator exec
 AWS_PROFILE='AnsibleTaskExecutor' venv/bin/ansible-navigator \
 	--execution-environment-image='012345678901.dkr.ecr.eu-west-1.amazonaws.com/infra/ansible-ee' \

snippets/ansible/tasks.yml

@@ -636,6 +636,10 @@
         mode: u=rw,go=r
         content: |
           …
+    - name: Generate random strings
+      ansible.builtin.set_fact:
+        random_alphanumerical_lowercase_string_of_12_chars: >-
+          query('community.general.random_string', upper=false, special=false, length=12)
     - name: Generate passwords
       ansible.builtin.set_fact:
         random_password: "{{ lookup('ansible.builtin.password', '/dev/null') }}"
@@ -643,6 +647,9 @@
           {{ lookup('ansible.builtin.password', '/dev/null length=32 chars=ascii_letters,digits,punctuation') }}
         random_but_idempotent_password: >-
           {{ lookup('ansible.builtin.password', '/dev/null', seed=inventory_hostname, length=16) }}
+    - name: Get the PID of the current play
+      ansible.builtin.set_fact:
+        current_play_pid: lookup('pipe', 'echo $PPID')
     - name: Look for files
       ansible.builtin.set_fact:
         path_list_of_all_txt_files_in_dir: "{{ lookup('ansible.builtin.fileglob', '/my/path/*.txt') }}"
@@ -1064,28 +1071,28 @@
                 creation_source: instance
                 source_db_instance_identifier: source-instance
                 use_latest_restorable_time: true
-                # tags:  # avoid setting up, it errors out when restoring to pitr
+                tags: "{{ omit }}"  # avoid setting tags, it errors out when restoring to pitr
                 wait:
                   # avoid waiting for db instances with automatic backup enabled to finish backing up the restored
-                  # instance right after creation since db instances' first backup takes unbearably long (3h for 100GB)
+                  # instance right after creation - db instances' first backup can take unbearably long (3h for 100GB)
                   false
               register: pitr_restored_instance
-            - name: Wait for the restored DB instance to be created
-              when:
-                - clone_db_instance.backup_retention_period is defined
-                - clone_db_instance.backup_retention_period != 0
+            - name: Wait for the restored DB instance to be ready
+              when: pitr_restored_instance.db_instance_identifier is defined
               block:
-                - name: Wait for the restored DB instance to be created
+                - name: Wait for the restored DB instance to be ready
                   amazon.aws.rds_instance_info:
                     db_instance_identifier: "{{ pitr_restored_instance.db_instance_identifier }}"
-                  register: pitr_restored_instance_status_check
+                  register: pitr_restored_instance_ready_check
                   retries: 15
                   delay: 60
-                  until: pitr_restored_instance_status_check.instances[0].db_instance_status != 'creating'
+                  until:
+                    - pitr_restored_instance_ready_check.instances[0].db_instance_status in ['available', 'backing-up']
+                    - pitr_restored_instance_ready_check.instances[0].pending_modified_values.keys() | length == 0
                 - name: Update restored DB instance information
                   # 'amazon.aws.rds_instance' will *not* have the 'endpoint' key defined if not waiting
                   ansible.builtin.set_fact:
-                    pitr_restored_instance: "{{ pitr_restored_instance_status_check.instances[0] }}"
+                    pitr_restored_instance: "{{ pitr_restored_instance_ready_check.instances[0] }}"
         - name: Dump roles' privileges
           block:
             - name: Dump to file