route53 cookbook is not updating domain name to multiple hosted zones


#1

Hi All,

We are getting a strange issue while trying to update domain names to multiple hosted zone in aws route53.

We have created two hosted zones (public and private) for a domain example.com. We already have automation script to update in public zone which is using the supermarket cookbook route53. After creating the private zone (with different zone id but same zone name) we tried to integrate the script with it. But unfortunately it is not letting it update in public zone. While private one is properly getting updated.

Please check the below code which is performing the task for private and public.

For public:-

if var_available
if node[‘reverse-proxy’][‘update_route53’]
route53_bag = search(:credentials, ‘id:route53’).first
aws_cred = Chef::EncryptedDataBagItem.load(‘credentials’, ‘aws’)
tmp_dir = node[‘reverse-proxy’][‘tmp_dir’]

	directory tmp_dir do
		mode 0755
		owner 'root'
		group 'root'
		action :create
		recursive true
	end

	va_nodes.each do |va_node|
		va_id = Example::Chef.get_va_id_from_name(va_node['name'])
		# dns_resource_name = "va#{va_id} route53 record creation"
		name = "va#{va_id}.example.com"
		value = 'vpn1-gateway.example.com'
		type = 'CNAME'
		ttl = 300
		zone_id = route53_bag['zone_id']
		aws_access_key_id = aws_cred['aws_access_key_id']
		aws_secret_access_key = aws_cred['aws_secret_access_key']

		route53_record name do
			name name
			value value
			type type
			ttl ttl
			zone_id zone_id
			aws_access_key_id aws_access_key_id
			aws_secret_access_key aws_secret_access_key
			action :nothing
			retries 10
  			retry_delay 1
  			only_if { node.chef_environment == "prod" }
			# ignore_failure true
		end	

	  file "#{tmp_dir}/#{name}" do
			content "#{value}/#{type}/#{ttl}/#{zone_id}"
			mode 0644
			owner 'root'
			group 'root'
			action :create
			notifies :create, "route53_record[#{name}]"
		end
	end

For private:-

if var_available
if node[‘reverse-proxy’][‘update_route53’]
route53_bag = search(:credentials, ‘id:route53_private’).first
aws_cred = Chef::EncryptedDataBagItem.load(‘credentials’, ‘aws’)
tmp_dir = node[‘reverse-proxy’][‘tmp_dir_private’]

	directory tmp_dir do
		mode 0755
		owner 'root'
		group 'root'
		action :create
		recursive true
	end

	va_nodes.each do |va_node|
		va_id = Example::Chef.get_va_id_from_name(va_node['name'])
		# dns_resource_name = "va#{va_id} route53 record creation"
		name = "va#{va_id}.example.com"
		value = 'vpn1-gateway.example.com'
		type = 'CNAME'
		ttl = 300
		zone_id = route53_bag['zone_id']
		aws_access_key_id = aws_cred['aws_access_key_id']
		aws_secret_access_key = aws_cred['aws_secret_access_key']

		route53_record name do
			name name
			value value
			type type
			ttl ttl
			zone_id zone_id
			aws_access_key_id aws_access_key_id
			aws_secret_access_key aws_secret_access_key
			action :nothing
			retries 10
  			retry_delay 1
  			only_if { node.chef_environment == "prod" }
			# ignore_failure true
		end	

	  file "#{tmp_dir}/#{name}" do
			content "#{value}/#{type}/#{ttl}/#{zone_id}"
			mode 0644
			owner 'root'
			group 'root'
			action :create
			notifies :create, "route53_record[#{name}]"
		end
	end
end

end

while adding both the cookbook recipes in a role we executed the instance with the role file and found the below output in log for newly created domain

For private(it’s working, check the last line which is creating the domain name in aws route53):-

[2016-02-18T13:06:45+00:00] INFO: file[/opt/tmp/route53_records_private/va0950.example.com] created file /opt/tmp/route53_records_private/va0950.example.com
[2016-02-18T13:06:45+00:00] INFO: file[/opt/tmp/route53_records_private/va0950.example.com] updated file contents /opt/tmp/route53_records_private/va0950.example.com
[2016-02-18T13:06:45+00:00] INFO: file[/opt/tmp/route53_records_private/va0950.example.com] owner changed to 0
[2016-02-18T13:06:45+00:00] INFO: file[/opt/tmp/route53_records_private/va0950.example.com] group changed to 0
[2016-02-18T13:06:45+00:00] INFO: file[/opt/tmp/route53_records_private/va0950.example.com] mode changed to 644
[2016-02-18T13:06:45+00:00] INFO: file[/opt/tmp/route53_records_private/va0950.example.com] not queuing delayed action create on route53_record[va0950.example.com] (delayed), as it’s already been queued

For public( There is no such line for public in log):-

[2016-02-18T13:06:32+00:00] INFO: file[/opt/tmp/route53_records/va0950.example.com] created file /opt/tmp/route53_records/va0950.example.com
[2016-02-18T13:06:32+00:00] INFO: file[/opt/tmp/route53_records/va0950.example.com] updated file contents /opt/tmp/route53_records/va0950.example.com
[2016-02-18T13:06:32+00:00] INFO: file[/opt/tmp/route53_records/va0950.example.com] owner changed to 0
[2016-02-18T13:06:32+00:00] INFO: file[/opt/tmp/route53_records/va0950.example.com] group changed to 0
[2016-02-18T13:06:32+00:00] INFO: file[/opt/tmp/route53_records/va0950.example.com] mode changed to 644

It would be great if you put any kind of light on it.