Share /var/cache and /var/lib with the host

In the AWS backend. This means that they don't end up on a tmpfs and
using up RAM.

2 files changed, 6 insertions, 1 deletions

diff --git a/app/models/backends/terraform_aws.rb b/app/models/backends/terraform_aws.rb
index 299b5b5..f538cbf 100644
--- a/app/models/backends/terraform_aws.rb
+++ b/app/models/backends/terraform_aws.rb
@@ -65,7 +65,11 @@ class Backends::TerraformAws < ApplicationRecord
         signon_instance_name: slug,
         admin_environment_label: mini_environment.name,
         use_error_pages: 'true',
-        origin_basic_auth: "#{slug}=#{slug}"
+        origin_basic_auth: "#{slug}=#{slug}",
+        share: [
+          '/var/cache/govuk-mini-environment-admin=/var/cache',
+          '/var/lib/govuk-mini-environment-admin=/var/lib'
+        ]
       },
       run_remotely_on_host: "ubuntu@guix-daemon.#{domain}"
     )
diff --git a/terraform/aws/mini_environment/main.tf b/terraform/aws/mini_environment/main.tf
index 6dd7ac6..b69f8f5 100644
--- a/terraform/aws/mini_environment/main.tf
+++ b/terraform/aws/mini_environment/main.tf
@@ -101,6 +101,7 @@ resource "aws_spot_instance_request" "main" {
       "sudo iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 8443",
       "sudo iptables -A OUTPUT -t nat -o lo -p tcp --dport 80 -j REDIRECT --to-port 8080",
       "sudo iptables -A OUTPUT -t nat -o lo -p tcp --dport 443 -j REDIRECT --to-port 8443",
+      "sudo mkdir -p /var/cache/govuk-mini-environment-admin /var/lib/govuk-mini-environment-admin",
       "sudo mv /home/ubuntu/govuk.service /etc/systemd/system/govuk.service",
       "sudo systemctl daemon-reload",
       "sudo systemctl enable govuk.service",