From 6b9cbc9813b65407a4454cefa8a84d6e820ced16 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?F=C3=A9lix-Antoine=20Fortin?=
 <felix-antoine.fortin@calculquebec.ca>
Date: Sun, 16 Feb 2020 19:34:17 -0500
Subject: [PATCH] Make changes to image variable ignored after cluster is built

---
 aws/infrastructure.tf       | 18 ++++++++++++++++++
 azure/infrastructure.tf     | 18 ++++++++++++++++++
 docs/README.md              |  3 ++-
 gcp/infrastructure.tf       | 17 ++++++++++++++++-
 openstack/infrastructure.tf | 21 +++++++++++++++++++++
 5 files changed, 75 insertions(+), 2 deletions(-)

diff --git a/aws/infrastructure.tf b/aws/infrastructure.tf
index 22e28201b..bb4ff730e 100644
--- a/aws/infrastructure.tf
+++ b/aws/infrastructure.tf
@@ -156,6 +156,12 @@ resource "aws_instance" "mgmt" {
     Name = format("mgmt%d", count.index + 1)
   }
 
+  lifecycle {
+    ignore_changes = [
+      ami
+    ]
+  }
+
   depends_on = [aws_internet_gateway.gw]
 }
 
@@ -244,6 +250,12 @@ resource "aws_instance" "login" {
     aws_security_group.allow_out_any.id,
   ]
 
+  lifecycle {
+    ignore_changes = [
+      ami
+    ]
+  }
+
   tags = {
     Name = format("login%d", count.index + 1)
   }
@@ -279,6 +291,12 @@ resource "aws_instance" "node" {
     aws_security_group.allow_out_any.id,
   ]
 
+  lifecycle {
+    ignore_changes = [
+      ami
+    ]
+  }
+
   tags = {
     Name = "node${count.index + 1}"
   }
diff --git a/azure/infrastructure.tf b/azure/infrastructure.tf
index 88c9c302b..ba5fabf02 100644
--- a/azure/infrastructure.tf
+++ b/azure/infrastructure.tf
@@ -168,6 +168,12 @@ resource "azurerm_virtual_machine" "login" {
   os_profile_linux_config {
     disable_password_authentication = true
   }
+
+  lifecycle {
+    ignore_changes = [
+      storage_image_reference
+    ]
+  }
 }
 
 resource "azurerm_virtual_machine" "mgmt" {
@@ -202,6 +208,12 @@ resource "azurerm_virtual_machine" "mgmt" {
   os_profile_linux_config {
     disable_password_authentication = true
   }
+
+  lifecycle {
+    ignore_changes = [
+      storage_image_reference
+    ]
+  }
 }
 
 resource "azurerm_managed_disk" "home" {
@@ -290,6 +302,12 @@ resource "azurerm_virtual_machine" "nodevm" {
   os_profile_linux_config {
     disable_password_authentication = true
   }
+
+  lifecycle {
+    ignore_changes = [
+      storage_image_reference
+    ]
+  }
 }
 
 locals {
diff --git a/docs/README.md b/docs/README.md
index 8a1b8f42d..8c1530002 100644
--- a/docs/README.md
+++ b/docs/README.md
@@ -189,7 +189,8 @@ should be mainly done through Puppet scripting. Image customization is mostly
 envisioned as a way to accelerate the provisioning process by applying the
 security patches and OS updates in advance.
 
-**Post Build Modification Effect**: rebuild of all instances at next `terraform apply`.
+**Post Build Modification Effect**: None - if this variable is modified, existing
+instances will ignore the change and future instances will use the new value.
 
 #### 4.4.1 AWS
 
diff --git a/gcp/infrastructure.tf b/gcp/infrastructure.tf
index a39e4d2c6..eed0da992 100644
--- a/gcp/infrastructure.tf
+++ b/gcp/infrastructure.tf
@@ -95,7 +95,10 @@ resource "google_compute_instance" "mgmt" {
   metadata_startup_script = file("${path.module}/install_cloudinit.sh")
 
   lifecycle {
-    ignore_changes = [attached_disk]
+    ignore_changes = [
+      attached_disk,
+      boot_disk.initialize_params.image
+    ]
   }
 }
 
@@ -157,6 +160,12 @@ resource "google_compute_instance" "login" {
   }
 
   metadata_startup_script = file("${path.module}/install_cloudinit.sh")
+
+  lifecycle {
+    ignore_changes = [
+      boot_disk.initialize_params.image
+    ]
+  }
 }
 
 resource "google_compute_instance" "node" {
@@ -193,6 +202,12 @@ resource "google_compute_instance" "node" {
   }
 
   metadata_startup_script = file("${path.module}/install_cloudinit.sh")
+
+  lifecycle {
+    ignore_changes = [
+      boot_disk.initialize_params.image
+    ]
+  }
 }
 
 resource "google_compute_firewall" "allow_all_internal" {
diff --git a/openstack/infrastructure.tf b/openstack/infrastructure.tf
index 3e5ce3bd1..3c361015b 100644
--- a/openstack/infrastructure.tf
+++ b/openstack/infrastructure.tf
@@ -120,6 +120,13 @@ resource "openstack_compute_instance_v2" "mgmt" {
       volume_size           = block_device.value.volume_size
     }
   }
+
+  lifecycle {
+    ignore_changes = [
+      image_id,
+      block_device[0].uuid
+    ]
+  }
 }
 
 resource "openstack_compute_volume_attach_v2" "va_home" {
@@ -182,6 +189,13 @@ resource "openstack_compute_instance_v2" "login" {
       volume_size           = block_device.value.volume_size
     }
   }
+
+  lifecycle {
+    ignore_changes = [
+      image_id,
+      block_device[0].uuid
+    ]
+  }
 }
 
 resource "openstack_networking_port_v2" "port_node" {
@@ -226,6 +240,13 @@ resource "openstack_compute_instance_v2" "node" {
       volume_size           = block_device.value.volume_size
     }
   }
+
+  lifecycle {
+    ignore_changes = [
+      image_id,
+      block_device[0].uuid
+    ]
+  }
 }
 
 locals {