Hi All,
We are getting a strange issue while trying to update domain names to multiple hosted zone in aws route53.
We have created two hosted zones (public and private) for a domain example.com. We already have automation script to update in public zone which is using the supermarket cookbook route53. After creating the private zone (with different zone id but same zone name) we tried to integrate the script with it. But unfortunately it is not letting it update in public zone. While private one is properly getting updated.
Please check the below code which is performing the task for private and public.
For public:-
if var_available
if node[‘reverse-proxy’][‘update_route53’]
route53_bag = search(:credentials, ‘id:route53’).first
aws_cred = Chef::EncryptedDataBagItem.load(‘credentials’, ‘aws’)
tmp_dir = node[‘reverse-proxy’][‘tmp_dir’]
directory tmp_dir do
mode 0755
owner 'root'
group 'root'
action :create
recursive true
end
va_nodes.each do |va_node|
va_id = Example::Chef.get_va_id_from_name(va_node['name'])
# dns_resource_name = "va#{va_id} route53 record creation"
name = "va#{va_id}.example.com"
value = 'vpn1-gateway.example.com'
type = 'CNAME'
ttl = 300
zone_id = route53_bag['zone_id']
aws_access_key_id = aws_cred['aws_access_key_id']
aws_secret_access_key = aws_cred['aws_secret_access_key']
route53_record name do
name name
value value
type type
ttl ttl
zone_id zone_id
aws_access_key_id aws_access_key_id
aws_secret_access_key aws_secret_access_key
action :nothing
retries 10
retry_delay 1
only_if { node.chef_environment == "prod" }
# ignore_failure true
end
file "#{tmp_dir}/#{name}" do
content "#{value}/#{type}/#{ttl}/#{zone_id}"
mode 0644
owner 'root'
group 'root'
action :create
notifies :create, "route53_record[#{name}]"
end
end
For private:-
if var_available
if node[‘reverse-proxy’][‘update_route53’]
route53_bag = search(:credentials, ‘id:route53_private’).first
aws_cred = Chef::EncryptedDataBagItem.load(‘credentials’, ‘aws’)
tmp_dir = node[‘reverse-proxy’][‘tmp_dir_private’]
directory tmp_dir do
mode 0755
owner 'root'
group 'root'
action :create
recursive true
end
va_nodes.each do |va_node|
va_id = Example::Chef.get_va_id_from_name(va_node['name'])
# dns_resource_name = "va#{va_id} route53 record creation"
name = "va#{va_id}.example.com"
value = 'vpn1-gateway.example.com'
type = 'CNAME'
ttl = 300
zone_id = route53_bag['zone_id']
aws_access_key_id = aws_cred['aws_access_key_id']
aws_secret_access_key = aws_cred['aws_secret_access_key']
route53_record name do
name name
value value
type type
ttl ttl
zone_id zone_id
aws_access_key_id aws_access_key_id
aws_secret_access_key aws_secret_access_key
action :nothing
retries 10
retry_delay 1
only_if { node.chef_environment == "prod" }
# ignore_failure true
end
file "#{tmp_dir}/#{name}" do
content "#{value}/#{type}/#{ttl}/#{zone_id}"
mode 0644
owner 'root'
group 'root'
action :create
notifies :create, "route53_record[#{name}]"
end
end
end
end
while adding both the cookbook recipes in a role we executed the instance with the role file and found the below output in log for newly created domain
For private(it’s working, check the last line which is creating the domain name in aws route53):-
[2016-02-18T13:06:45+00:00] INFO: file[/opt/tmp/route53_records_private/va0950.example.com] created file /opt/tmp/route53_records_private/va0950.example.com
[2016-02-18T13:06:45+00:00] INFO: file[/opt/tmp/route53_records_private/va0950.example.com] updated file contents /opt/tmp/route53_records_private/va0950.example.com
[2016-02-18T13:06:45+00:00] INFO: file[/opt/tmp/route53_records_private/va0950.example.com] owner changed to 0
[2016-02-18T13:06:45+00:00] INFO: file[/opt/tmp/route53_records_private/va0950.example.com] group changed to 0
[2016-02-18T13:06:45+00:00] INFO: file[/opt/tmp/route53_records_private/va0950.example.com] mode changed to 644
[2016-02-18T13:06:45+00:00] INFO: file[/opt/tmp/route53_records_private/va0950.example.com] not queuing delayed action create on route53_record[va0950.example.com] (delayed), as it’s already been queued
For public( There is no such line for public in log):-
[2016-02-18T13:06:32+00:00] INFO: file[/opt/tmp/route53_records/va0950.example.com] created file /opt/tmp/route53_records/va0950.example.com
[2016-02-18T13:06:32+00:00] INFO: file[/opt/tmp/route53_records/va0950.example.com] updated file contents /opt/tmp/route53_records/va0950.example.com
[2016-02-18T13:06:32+00:00] INFO: file[/opt/tmp/route53_records/va0950.example.com] owner changed to 0
[2016-02-18T13:06:32+00:00] INFO: file[/opt/tmp/route53_records/va0950.example.com] group changed to 0
[2016-02-18T13:06:32+00:00] INFO: file[/opt/tmp/route53_records/va0950.example.com] mode changed to 644
It would be great if you put any kind of light on it.