# RDS Notes

## Moving to Encrypted RDS

Migrating the jira rds.

Install the terraform without termination protection.
```
cd ~/xdr-terraform-live/test/aws/legacy-mdr-test/210-rds-jira
TF_VAR_instance_termination_protection=false terragrunt-local apply
```
Record the output as you'll need it in the next group.

Then in the console:
1. Go to the proper account, rds, databases.
2. Select the new database, and select 'Actions->Delete'
  *  Create a final snapshot, just in case you're a fool and deleting the wrong one. Put a date in the name.
4. Announce start of jira downtime
5. stop jira
6. Select the production database and choose actions->take snapshot
  * Give it an identifier like `jira-migration-source-<date>`
7. Once created, select it and choose 'actions->copy snapshot'
  * Give it an identifier like 'jira-migration-dest-<date>'
  * Check 'copy tags'
  * Check 'enable encryption'
  * For the master key, choose "Enter a key ARN"
  * Paste the arn from terraform 
8. Select the _new_ snapshot (`migration-dest`), and choose actions->upgrade snapshot
  * For new engine version, choose "11.8" (latest supported by jira)
9. wait for update to complete (this will take some time)
10. Choose actions->restore snapshot:
  * identifier: choose the same name of the instance you removed (e.g. `jira2`)
  * VPC: The VPC ID from the terraform
  * Subnet Group: subnet group from the terraform
  * VPC Security Groups: Remove 'default', add the output from the terraform (e.g. `jira2_rds_sg`)
  * Instance type: Burtable class, Type from terraform output
  * Storage type: SSD
  * Allocated Storage: output from terraform
  * Multi-AZ: "Do not create a standby instance"k
  * Database Authentication: Password Authentication
  * Additional Configuration
    * DB Parameter Group: jira2-...
    * Copy tags to snapshot checked (default)
    * Check the export logs
  * Click 'restore db'
11. Wait for database to enter 'Available'
12. CLick on the database, select Configuration, and copy the ARN
  arn:aws:rds:us-east-1:527700175026:db:jira2

Rerun the terraform. It should result in `1 to change`, and 0 to add or destroy.

Update the dbconnection in jira:
```
ssh prod-jira-server
sudo bash
cd /opt/jira-data/jira/
cp dbconfig.xml dbconfig.xml.20210129
# change the url with the output of `database_url` from terraform
# Do _not_ change the database-type. postgres72 is correct for versions >= 7.2
systemd start jira
```

Test!