From 9eaaa83c9684f214c43edaa70867808ba83bbc8e Mon Sep 17 00:00:00 2001 From: Greg Fodor Date: Fri, 6 Sep 2019 19:18:58 +0000 Subject: [PATCH] Add necessary plumbling for reticulum cors proxying --- ansible/roles/ret/templates/reticulum.toml.j2 | 4 ++++ bin/ret_alb_to_pool.sh | 15 ++++++------ jenkins/Jenkinsfile.ret-deploy | 4 ++-- terraform/modules/ret/main.tf | 24 +++++++++++++++++++ 4 files changed, 38 insertions(+), 9 deletions(-) diff --git a/ansible/roles/ret/templates/reticulum.toml.j2 b/ansible/roles/ret/templates/reticulum.toml.j2 index ff542ef..3e83124 100644 --- a/ansible/roles/ret/templates/reticulum.toml.j2 +++ b/ansible/roles/ret/templates/reticulum.toml.j2 @@ -13,6 +13,10 @@ static_url_host = "{{ phoenix_static_url_host }}" {% if phoenix_static_url_port is defined %} static_url_port = "{{ phoenix_static_url_port }}" {% endif %} +cors_proxy_host = "{{ phoenix_cors_proxy_host }}" +{% if phoenix_cors_proxy_port is defined %} +cors_proxy_port = "{{ phoenix_cors_proxy_port }}" +{% endif %} admin_access_key = "{{ phoenix_admin_access_key }}" [run] diff --git a/bin/ret_alb_to_pool.sh b/bin/ret_alb_to_pool.sh index bd99aa1..e61c4a0 100755 --- a/bin/ret_alb_to_pool.sh +++ b/bin/ret_alb_to_pool.sh @@ -4,15 +4,16 @@ set -e HOST=$1 SECONDARY_HOST=$2 -POOL=$3 -ENVIRONMENT=$4 +CORS_HOST=$3 +POOL=$4 +ENVIRONMENT=$5 [[ -z "$ENVIRONMENT" ]] && ENVIRONMENT=dev REGION="us-west-1" if [ -z "$HOST" ] || [ "$HOST" == "--help" ] || ( [ "$POOL" != "earth" ] && [ "$POOL" != "arbre" ] ); then echo -e " -Usage: ret_alb_to_pool.h [environment] +Usage: ret_alb_to_pool.h [environment] Flips the ret-alb in the given enviroment to route traffic to the given ret pool (eg "arbre") with the given primary and secondary host (eg hubs.mozilla.com, prod.reticulum.io). The other pool will have traffic routed to it from the smoke hostname. @@ -30,11 +31,11 @@ ARBRE_RULE_ARN=$(aws --region us-west-1 elbv2 describe-rules --listener-arn $LIS ARBRE_SMOKE_RULE_ARN=$(aws --region us-west-1 elbv2 describe-rules --listener-arn $LISTENER_ARN | jq -r ". | .Rules | map(select(any(.Actions[] ; .TargetGroupArn | contains(\"$ENVIRONMENT-arbre-smoke-ret\")))) | .[] | select(.Priority != \"default\") | .RuleArn") if [ $POOL == "earth" ]; then - aws --region $REGION elbv2 modify-rule --rule-arn $EARTH_RULE_ARN --conditions Field=host-header,Values="$HOST,$SECONDARY_HOST" - aws --region $REGION elbv2 modify-rule --rule-arn $ARBRE_SMOKE_RULE_ARN --conditions Field=host-header,Values="smoke-$HOST" + aws --region $REGION elbv2 modify-rule --rule-arn $EARTH_RULE_ARN --conditions Field=host-header,Values="$HOST,$SECONDARY_HOST,$CORS_HOST" + aws --region $REGION elbv2 modify-rule --rule-arn $ARBRE_SMOKE_RULE_ARN --conditions Field=host-header,Values="smoke-$HOST,smoke-$CORS_HOST" aws --region $REGION elbv2 set-rule-priorities --rule-priorities "RuleArn=$EARTH_RULE_ARN,Priority=1" "RuleArn=$ARBRE_SMOKE_RULE_ARN,Priority=2" "RuleArn=$EARTH_SMOKE_RULE_ARN,Priority=3" "RuleArn=$ARBRE_RULE_ARN,Priority=4" else - aws --region $REGION elbv2 modify-rule --rule-arn $ARBRE_RULE_ARN --conditions Field=host-header,Values="$HOST,$SECONDARY_HOST" - aws --region $REGION elbv2 modify-rule --rule-arn $EARTH_SMOKE_RULE_ARN --conditions Field=host-header,Values="smoke-$HOST" + aws --region $REGION elbv2 modify-rule --rule-arn $ARBRE_RULE_ARN --conditions Field=host-header,Values="$HOST,$SECONDARY_HOST,$CORS_HOST" + aws --region $REGION elbv2 modify-rule --rule-arn $EARTH_SMOKE_RULE_ARN --conditions Field=host-header,Values="smoke-$HOST,smoke-$CORS_HOST" aws --region $REGION elbv2 set-rule-priorities --rule-priorities "RuleArn=$ARBRE_RULE_ARN,Priority=1" "RuleArn=$EARTH_SMOKE_RULE_ARN,Priority=2" "RuleArn=$ARBRE_SMOKE_RULE_ARN,Priority=3" "RuleArn=$EARTH_RULE_ARN,Priority=4" fi diff --git a/jenkins/Jenkinsfile.ret-deploy b/jenkins/Jenkinsfile.ret-deploy index 646522e..f617167 100644 --- a/jenkins/Jenkinsfile.ret-deploy +++ b/jenkins/Jenkinsfile.ret-deploy @@ -14,8 +14,8 @@ pipeline { sh "curl -X POST --data-urlencode \'payload=${payload}\' ${slackURL}" } - sh "bin/ret_alb_to_pool.sh '${env.RET_DEV_POOL_HOST}' '${env.RET_DEV_SECONDARY_HOST}' '${env.RET_POOL}' dev" - sh "bin/ret_alb_to_pool.sh '${env.RET_PROD_POOL_HOST}' '${env.RET_PROD_SECONDARY_HOST}' '${env.RET_POOL}' prod" + sh "bin/ret_alb_to_pool.sh '${env.RET_DEV_POOL_HOST}' '${env.RET_DEV_SECONDARY_HOST}' '${env.RET_DEV_CORS_HOST}' '${env.RET_POOL}' dev" + sh "bin/ret_alb_to_pool.sh '${env.RET_PROD_POOL_HOST}' '${env.RET_PROD_SECONDARY_HOST}' '${env.RET_PROD_CORS_HOST}' '${env.RET_POOL}' prod" sh "curl -H \"x-ret-admin-access-key: ${env.RET_DEV_ADMIN_ACCESS_KEY}\" -H \"Content-Type: application/json\" -XPOST -d \"{ \\\"event\\\": \\\"ret-deploy\\\", \\\"ret_pool\\\": \\\"${env.RET_POOL}\\\", \\\"ret_version\\\": \\\"${env.RET_VERSION}\\\" }\" https://${env.RET_DEV_POOL_HOST}/api/v1/ret_notices" sh "curl -H \"x-ret-admin-access-key: ${env.RET_PROD_ADMIN_ACCESS_KEY}\" -H \"Content-Type: application/json\" -XPOST -d \"{ \\\"event\\\": \\\"ret-deploy\\\", \\\"ret_pool\\\": \\\"${env.RET_POOL}\\\", \\\"ret_version\\\": \\\"${env.RET_VERSION}\\\" }\" https://${env.RET_PROD_POOL_HOST}/api/v1/ret_notices" diff --git a/terraform/modules/ret/main.tf b/terraform/modules/ret/main.tf index 71e4036..fd684e0 100644 --- a/terraform/modules/ret/main.tf +++ b/terraform/modules/ret/main.tf @@ -89,6 +89,18 @@ resource "aws_route53_record" "ret-alb-dns" { } } +resource "aws_route53_record" "ret-alb-cors-proxy-dns" { + zone_id = "${data.aws_route53_zone.reticulum-zone.zone_id}" + name = "cors-proxy-${var.shared["env"]}.${data.aws_route53_zone.reticulum-zone.name}" + type = "A" + + alias { + name = "${aws_alb.ret.dns_name}" + zone_id = "${aws_alb.ret.zone_id}" + evaluate_target_health = true + } +} + resource "aws_alb" "ret" { name = "${var.shared["env"]}-ret" security_groups = ["${aws_security_group.ret-alb.id}"] @@ -536,6 +548,18 @@ resource "aws_route53_record" "ret-smoke-alb-dns" { } } +resource "aws_route53_record" "ret-smoke-alb-cors-proxy-dns" { + zone_id = "${data.aws_route53_zone.reticulum-zone.zone_id}" + name = "smoke-cors-proxy-${var.shared["env"]}.${data.aws_route53_zone.reticulum-zone.name}" + type = "A" + + alias { + name = "${aws_alb.ret.dns_name}" + zone_id = "${aws_alb.ret.zone_id}" + evaluate_target_health = true + } +} + resource "aws_launch_configuration" "ret-pool" { count = "${length(var.ret_pools)}" image_id = "${data.aws_ami.ret-ami.id}"