mozilla
/
hubs-ops
зеркало из https://github.com/mozilla/hubs-ops.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Add necessary plumbling for reticulum cors proxying

This commit is contained in:
Greg Fodor 2019-09-06 19:18:58 +00:00
Родитель 5ec704dbb7
Коммит 9eaaa83c96
4 изменённых файлов: 38 добавлений и 9 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

4
ansible/roles/ret/templates/reticulum.toml.j2
Просмотреть файл

@ -13,6 +13,10 @@ static_url_host = "{{ phoenix_static_url_host }}"
{% if phoenix_static_url_port is defined %}
static_url_port = "{{ phoenix_static_url_port }}"
{% endif %}
cors_proxy_host = "{{ phoenix_cors_proxy_host }}"
{% if phoenix_cors_proxy_port is defined %}
cors_proxy_port = "{{ phoenix_cors_proxy_port }}"
{% endif %}
admin_access_key = "{{ phoenix_admin_access_key }}"
[run]

15
bin/ret_alb_to_pool.sh
Просмотреть файл

@ -4,15 +4,16 @@ set -e
HOST=$1
SECONDARY_HOST=$2
POOL=$3
ENVIRONMENT=$4
CORS_HOST=$3
POOL=$4
ENVIRONMENT=$5
[[ -z "$ENVIRONMENT" ]] && ENVIRONMENT=dev
REGION="us-west-1"
if [ -z "$HOST" ] || [ "$HOST" == "--help" ] || ( [ "$POOL" != "earth" ] && [ "$POOL" != "arbre" ] ); then
echo -e "
Usage: ret_alb_to_pool.h <host> <secondary-host> <earth|arbre> [environment]
Usage: ret_alb_to_pool.h <host> <secondary-host> <cors-host> <earth|arbre> [environment]
Flips the ret-alb in the given enviroment to route traffic to the given ret pool (eg "arbre") with the given primary and secondary host (eg hubs.mozilla.com, prod.reticulum.io). The other pool will have traffic routed to it from the smoke hostname.
@ -30,11 +31,11 @@ ARBRE_RULE_ARN=$(aws --region us-west-1 elbv2 describe-rules --listener-arn $LIS
ARBRE_SMOKE_RULE_ARN=$(aws --region us-west-1 elbv2 describe-rules --listener-arn $LISTENER_ARN | jq -r ". | .Rules | map(select(any(.Actions[] ; .TargetGroupArn | contains(\"$ENVIRONMENT-arbre-smoke-ret\")))) | .[] | select(.Priority != \"default\") | .RuleArn")
if [ $POOL == "earth" ]; then
aws --region $REGION elbv2 modify-rule --rule-arn $EARTH_RULE_ARN --conditions Field=host-header,Values="$HOST,$SECONDARY_HOST"
aws --region $REGION elbv2 modify-rule --rule-arn $ARBRE_SMOKE_RULE_ARN --conditions Field=host-header,Values="smoke-$HOST"
aws --region $REGION elbv2 modify-rule --rule-arn $EARTH_RULE_ARN --conditions Field=host-header,Values="$HOST,$SECONDARY_HOST,$CORS_HOST"
aws --region $REGION elbv2 modify-rule --rule-arn $ARBRE_SMOKE_RULE_ARN --conditions Field=host-header,Values="smoke-$HOST,smoke-$CORS_HOST"
aws --region $REGION elbv2 set-rule-priorities --rule-priorities "RuleArn=$EARTH_RULE_ARN,Priority=1" "RuleArn=$ARBRE_SMOKE_RULE_ARN,Priority=2" "RuleArn=$EARTH_SMOKE_RULE_ARN,Priority=3" "RuleArn=$ARBRE_RULE_ARN,Priority=4"
else
aws --region $REGION elbv2 modify-rule --rule-arn $ARBRE_RULE_ARN --conditions Field=host-header,Values="$HOST,$SECONDARY_HOST"
aws --region $REGION elbv2 modify-rule --rule-arn $EARTH_SMOKE_RULE_ARN --conditions Field=host-header,Values="smoke-$HOST"
aws --region $REGION elbv2 modify-rule --rule-arn $ARBRE_RULE_ARN --conditions Field=host-header,Values="$HOST,$SECONDARY_HOST,$CORS_HOST"
aws --region $REGION elbv2 modify-rule --rule-arn $EARTH_SMOKE_RULE_ARN --conditions Field=host-header,Values="smoke-$HOST,smoke-$CORS_HOST"
aws --region $REGION elbv2 set-rule-priorities --rule-priorities "RuleArn=$ARBRE_RULE_ARN,Priority=1" "RuleArn=$EARTH_SMOKE_RULE_ARN,Priority=2" "RuleArn=$ARBRE_SMOKE_RULE_ARN,Priority=3" "RuleArn=$EARTH_RULE_ARN,Priority=4"
fi

4
jenkins/Jenkinsfile.ret-deploy
Просмотреть файл

@ -14,8 +14,8 @@ pipeline {
sh "curl -X POST --data-urlencode \'payload=${payload}\' ${slackURL}"
}
sh "bin/ret_alb_to_pool.sh '${env.RET_DEV_POOL_HOST}' '${env.RET_DEV_SECONDARY_HOST}' '${env.RET_POOL}' dev"
sh "bin/ret_alb_to_pool.sh '${env.RET_PROD_POOL_HOST}' '${env.RET_PROD_SECONDARY_HOST}' '${env.RET_POOL}' prod"
sh "bin/ret_alb_to_pool.sh '${env.RET_DEV_POOL_HOST}' '${env.RET_DEV_SECONDARY_HOST}' '${env.RET_DEV_CORS_HOST}' '${env.RET_POOL}' dev"
sh "bin/ret_alb_to_pool.sh '${env.RET_PROD_POOL_HOST}' '${env.RET_PROD_SECONDARY_HOST}' '${env.RET_PROD_CORS_HOST}' '${env.RET_POOL}' prod"
sh "curl -H \"x-ret-admin-access-key: ${env.RET_DEV_ADMIN_ACCESS_KEY}\" -H \"Content-Type: application/json\" -XPOST -d \"{ \\\"event\\\": \\\"ret-deploy\\\", \\\"ret_pool\\\": \\\"${env.RET_POOL}\\\", \\\"ret_version\\\": \\\"${env.RET_VERSION}\\\" }\" https://${env.RET_DEV_POOL_HOST}/api/v1/ret_notices"
sh "curl -H \"x-ret-admin-access-key: ${env.RET_PROD_ADMIN_ACCESS_KEY}\" -H \"Content-Type: application/json\" -XPOST -d \"{ \\\"event\\\": \\\"ret-deploy\\\", \\\"ret_pool\\\": \\\"${env.RET_POOL}\\\", \\\"ret_version\\\": \\\"${env.RET_VERSION}\\\" }\" https://${env.RET_PROD_POOL_HOST}/api/v1/ret_notices"

24
terraform/modules/ret/main.tf
Просмотреть файл

@ -89,6 +89,18 @@ resource "aws_route53_record" "ret-alb-dns" {
}
}
resource "aws_route53_record" "ret-alb-cors-proxy-dns" {
zone_id = "${data.aws_route53_zone.reticulum-zone.zone_id}"
name = "cors-proxy-${var.shared["env"]}.${data.aws_route53_zone.reticulum-zone.name}"
type = "A"
alias {
name = "${aws_alb.ret.dns_name}"
zone_id = "${aws_alb.ret.zone_id}"
evaluate_target_health = true
}
}
resource "aws_alb" "ret" {
name = "${var.shared["env"]}-ret"
security_groups = ["${aws_security_group.ret-alb.id}"]
@ -536,6 +548,18 @@ resource "aws_route53_record" "ret-smoke-alb-dns" {
}
}
resource "aws_route53_record" "ret-smoke-alb-cors-proxy-dns" {
zone_id = "${data.aws_route53_zone.reticulum-zone.zone_id}"
name = "smoke-cors-proxy-${var.shared["env"]}.${data.aws_route53_zone.reticulum-zone.name}"
type = "A"
alias {
name = "${aws_alb.ret.dns_name}"
zone_id = "${aws_alb.ret.zone_id}"
evaluate_target_health = true
}
}
resource "aws_launch_configuration" "ret-pool" {
count = "${length(var.ret_pools)}"
image_id = "${data.aws_ami.ret-ami.id}"