Quick Reference

Backend initialization (run first, once per environment):

shell
terraform init -backend-config=backend-configs/production-primary.hcl
terraform init -backend-config=backend-configs/production-secondary.hcl

Workspaces (create once, after init):

shell
terraform workspace new primary
terraform workspace new secondary

Workspace selection:

shell
terraform workspace select primary
terraform workspace select secondary

Applies:

shell
# Primary:
terraform apply -var-file=primary-<region>.tfvars
# Secondary: 
terraform apply -var-file=secondary-<region>.tfvars

Readiness on secondary:

  • kubectl --context aks-secondary -n logging scale deploy humio-operator --replicas=1

  • Verify Humio pod and DataSnapshotLoader logs as in Stage 2

Encryption key comparison (hash):

shell
# Primary: 
kubectl get secret -n logging logscale-storage-encryption-key --context aks-primary -o jsonpath='{.data.azure-storage-encryption-key}' | base64 -d | shasum -a 256
# Secondary: 
kubectl get secret -n logging logscale-storage-encryption-key --context aks-secondary -o jsonpath='{.data.azure-storage-encryption-key}' | base64 -d | shasum -a 256

Storage credentials verification:

shell
kubectl get secret logscale-storage-encryption-key -n logging

Traffic Manager Status Check:

  • Profile shows "Degraded"? This is expected when secondary is in standby mode

  • Verify primary endpoint is "Online": az network traffic-manager endpoint show --profile-name <tm-profile> --name <primary-endpoint> --resource-group <rg> --type externalEndpoints --query endpointMonitorStatus

  • Verify traffic routes correctly: curl -sk https://<global-dr-fqdn>/api/v1/status should return HTTP 200

  • See Traffic Manager Priority Routing for more details.