From 0d6cb4a51293d3c86938362009b6b674d006ac30 Mon Sep 17 00:00:00 2001 From: Piotr Rogowski Date: Fri, 30 Jul 2021 17:37:06 +0200 Subject: [PATCH] Implement coredns service discovery --- group_vars/all.yml | 12 ++- roles/cs.aws-security-group/tasks/main.yml | 7 +- roles/cs.coredns/defaults/main.yml | 5 ++ roles/cs.coredns/files/coredns.service | 10 +++ roles/cs.coredns/meta/main.yml | 2 + roles/cs.coredns/tasks/disable.yml | 32 +++++++ roles/cs.coredns/tasks/enable.yml | 46 ++++++++++ roles/cs.coredns/tasks/main.yml | 6 ++ roles/cs.coredns/templates/Corefile.j2 | 10 +++ roles/cs.coredns/templates/dhclient.conf.j2 | 5 ++ roles/cs.dynamic-node/defaults/main.yml | 2 + .../files/dynamic_node@.service | 6 ++ .../cs.dynamic-node/files/dynamic_node@.timer | 10 +++ roles/cs.dynamic-node/meta/main.yml | 2 + roles/cs.dynamic-node/tasks/main.yml | 15 ++++ .../cs.mageops-cli/files/libdynamicnode.bash | 7 ++ roles/cs.mageops-cli/files/mageopscli | 86 +++++++++++++++---- roles/cs.mageops-cli/tasks/main.yml | 1 + roles/cs.mageops-cli/templates/config.bash | 4 + roles/cs.varnish/defaults/main.yml | 6 ++ roles/cs.varnish/meta/main.yml | 1 + roles/cs.varnish/tasks/001-install.yml | 6 ++ .../cs.varnish/templates/vcl/backends.vcl.j2 | 31 +++++++ roles/cs.varnish/templates/vcl/base.vcl.j2 | 2 + .../templates/vcl/subroutines/recv.vcl.j2 | 14 ++- site.step-10-infrastructure-aws.yml | 2 +- site.step-15-varnish.yml | 7 +- site.step-45-app-deploy.yml | 7 +- 28 files changed, 315 insertions(+), 29 deletions(-) create mode 100644 roles/cs.coredns/defaults/main.yml create mode 100644 roles/cs.coredns/files/coredns.service create mode 100644 roles/cs.coredns/meta/main.yml create mode 100644 roles/cs.coredns/tasks/disable.yml create mode 100644 roles/cs.coredns/tasks/enable.yml create mode 100644 roles/cs.coredns/tasks/main.yml create mode 100644 roles/cs.coredns/templates/Corefile.j2 create mode 100644 roles/cs.coredns/templates/dhclient.conf.j2 create mode 100644 roles/cs.dynamic-node/defaults/main.yml create mode 100644 roles/cs.dynamic-node/files/dynamic_node@.service create mode 100644 roles/cs.dynamic-node/files/dynamic_node@.timer create mode 100644 roles/cs.dynamic-node/meta/main.yml create mode 100644 roles/cs.dynamic-node/tasks/main.yml create mode 100644 roles/cs.mageops-cli/files/libdynamicnode.bash diff --git a/group_vars/all.yml b/group_vars/all.yml index ec8c47cf5..0a2e4368a 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -1485,7 +1485,7 @@ varnish_manager_ssh_key_filename: varnish/sesame # Is varnish hosted on a separate, dedicated node? varnish_standalone: yes - +varnish_lambda_backends_update: "{{ varnish_standalone and not mageops_coredns_enabled }}" # Shall standalone varnish instance be used as a loadbalancer (instead of AWS ELB)? varnish_as_loadbalancer: "{{ varnish_standalone and mageops_https_termination_enable }}" @@ -1825,3 +1825,13 @@ mageops_magento_vary_sign_enabled: no mageops_magento_vary_sign_secret: "" magento_vary_sign: "{{ mageops_magento_vary_sign_enabled }}" magento_vary_secret: "{{ mageops_magento_vary_sign_secret }}" + +# --------------------------- +# -------- CoreDNS -------- +# --------------------------- +mageops_coredns_enabled: no +mageops_coredns_dynamic_http_port: 2673 +# Required to be set +# mageops_coredns_dynamic_secret: +mageops_dynamic_node_enabled: "{{ mageops_coredns_enabled }}" +varnish_dns_service_discovery: "{{ mageops_dynamic_node_enabled }}" diff --git a/roles/cs.aws-security-group/tasks/main.yml b/roles/cs.aws-security-group/tasks/main.yml index afe78b46c..3c6acb2df 100644 --- a/roles/cs.aws-security-group/tasks/main.yml +++ b/roles/cs.aws-security-group/tasks/main.yml @@ -40,6 +40,9 @@ - proto: tcp ports: ["{{ goaccess_vhost_port }}"] cidr_ip: "{{ mageops_trusted_cidr_blocks }}" + - proto: tcp + ports: [ "{{ mageops_coredns_dynamic_http_port }}" ] + group_name: "{{ aws_security_group_app_name }}" vpc_id: "{{ aws_vpc_id }}" tags: "{{ aws_tags_default | combine(ec2_sg_tags) }}" vars: @@ -214,7 +217,3 @@ vars: ec2_sg_tags: Name: "{{ aws_security_group_varnish_name }}" - - - - diff --git a/roles/cs.coredns/defaults/main.yml b/roles/cs.coredns/defaults/main.yml new file mode 100644 index 000000000..f5bc7c54f --- /dev/null +++ b/roles/cs.coredns/defaults/main.yml @@ -0,0 +1,5 @@ +coredns_dynamic_enabled: no +coredns_dynamic_domain: dynamic.internal +# coredns_dynamic_http_port: +# coredns_dynamic_secret: +coredns_dynamic_timeout: 2m diff --git a/roles/cs.coredns/files/coredns.service b/roles/cs.coredns/files/coredns.service new file mode 100644 index 000000000..74edfd897 --- /dev/null +++ b/roles/cs.coredns/files/coredns.service @@ -0,0 +1,10 @@ +[Unit] +Description=Coredns serivce discovery and dns server + +[Service] +Type=simple +ExecStart=/usr/bin/coredns -conf /etc/coredns/Corefile +WorkingDirectory=/etc/coredns + +[Install] +WantedBy=multi-user.target diff --git a/roles/cs.coredns/meta/main.yml b/roles/cs.coredns/meta/main.yml new file mode 100644 index 000000000..8c3060f2e --- /dev/null +++ b/roles/cs.coredns/meta/main.yml @@ -0,0 +1,2 @@ +dependencies: + - name: cs.repo-mageops diff --git a/roles/cs.coredns/tasks/disable.yml b/roles/cs.coredns/tasks/disable.yml new file mode 100644 index 000000000..a7d01aac9 --- /dev/null +++ b/roles/cs.coredns/tasks/disable.yml @@ -0,0 +1,32 @@ +- name: Update dhclient config + template: + dest: /etc/dhcp/dhclient.conf + src: dhclient.conf.j2 + register: _update_dhclient + +- name: Restart network + service: + name: network + state: restarted + when: _update_dhclient is changed + +- name: Disable coredns service + service: + name: coredns + state: stopped + enabled: no + +- name: Remove coredns config + file: + path: /etc/coredns/Corefile + state: absent + +- name: Remove coredns service file + file: + path: /etc/systemd/system/coredns.service + state: absent + +- name: Uninstall coredns + yum: + name: coredns + state: absent diff --git a/roles/cs.coredns/tasks/enable.yml b/roles/cs.coredns/tasks/enable.yml new file mode 100644 index 000000000..927ae7aeb --- /dev/null +++ b/roles/cs.coredns/tasks/enable.yml @@ -0,0 +1,46 @@ +- name: Install coredns + yum: + name: coredns + state: latest + +- name: Install service file + copy: + dest: /etc/systemd/system/coredns.service + src: coredns.service + +- name: Create coredns config directory + file: + name: /etc/coredns + state: directory + +- name: Configure coredns + template: + dest: /etc/coredns/Corefile + src: Corefile.j2 + register: _corefile + +- name: Restart coredns service + service: + name: coredns + state: restarted + enabled: yes + when: _corefile is changed + +- name: Enable coredns service + service: + name: coredns + state: started + enabled: yes + when: _corefile is not changed + +- name: Update dhclient config + template: + dest: /etc/dhcp/dhclient.conf + src: dhclient.conf.j2 + register: _update_dhclient + +- name: Restart network + service: + name: network + state: restarted + when: _update_dhclient is changed diff --git a/roles/cs.coredns/tasks/main.yml b/roles/cs.coredns/tasks/main.yml new file mode 100644 index 000000000..26c4d9a0d --- /dev/null +++ b/roles/cs.coredns/tasks/main.yml @@ -0,0 +1,6 @@ +- name: Enable coredns + include_tasks: enable.yml + when: coredns_dynamic_enabled +- name: Disable coredns + include_tasks: disable.yml + when: not coredns_dynamic_enabled diff --git a/roles/cs.coredns/templates/Corefile.j2 b/roles/cs.coredns/templates/Corefile.j2 new file mode 100644 index 000000000..19dcca822 --- /dev/null +++ b/roles/cs.coredns/templates/Corefile.j2 @@ -0,0 +1,10 @@ +{% if coredns_dynamic_enabled %} +{{ coredns_dynamic_domain }}:53 { + bind 127.0.0.53 + dynamic { + addr :{{ coredns_dynamic_http_port }} + secret {{ coredns_dynamic_secret }} + host_timeout {{ coredns_dynamic_timeout }} + } +} +{% endif %} diff --git a/roles/cs.coredns/templates/dhclient.conf.j2 b/roles/cs.coredns/templates/dhclient.conf.j2 new file mode 100644 index 000000000..310b1aef0 --- /dev/null +++ b/roles/cs.coredns/templates/dhclient.conf.j2 @@ -0,0 +1,5 @@ +{% if coredns_dynamic_enabled %} +prepend domain-name-servers 127.0.0.53; +{% endif %} +timeout 300; +retry 60; diff --git a/roles/cs.dynamic-node/defaults/main.yml b/roles/cs.dynamic-node/defaults/main.yml new file mode 100644 index 000000000..bfe195fc1 --- /dev/null +++ b/roles/cs.dynamic-node/defaults/main.yml @@ -0,0 +1,2 @@ +# Set node name to register +# dynamic_node_backend_name: diff --git a/roles/cs.dynamic-node/files/dynamic_node@.service b/roles/cs.dynamic-node/files/dynamic_node@.service new file mode 100644 index 000000000..fc8b40627 --- /dev/null +++ b/roles/cs.dynamic-node/files/dynamic_node@.service @@ -0,0 +1,6 @@ +[Unit] +Description=Register node as dynamic backend named %i + +[Service] +Type=oneshot +ExecStart=/usr/local/bin/mageopscli register_dynamic_bakcend %i diff --git a/roles/cs.dynamic-node/files/dynamic_node@.timer b/roles/cs.dynamic-node/files/dynamic_node@.timer new file mode 100644 index 000000000..673b55181 --- /dev/null +++ b/roles/cs.dynamic-node/files/dynamic_node@.timer @@ -0,0 +1,10 @@ +[Unit] +Description=Timer to keep dynamic backend named %i registered + +[Timer] +OnUnitActiveSec=1min +AccuracySec=30sec +OnActiveSec=10sec + +[Install] +WantedBy=timers.target diff --git a/roles/cs.dynamic-node/meta/main.yml b/roles/cs.dynamic-node/meta/main.yml new file mode 100644 index 000000000..c11dd7879 --- /dev/null +++ b/roles/cs.dynamic-node/meta/main.yml @@ -0,0 +1,2 @@ +dependencies: + - cs.mageops-cli diff --git a/roles/cs.dynamic-node/tasks/main.yml b/roles/cs.dynamic-node/tasks/main.yml new file mode 100644 index 000000000..b618678fa --- /dev/null +++ b/roles/cs.dynamic-node/tasks/main.yml @@ -0,0 +1,15 @@ +- name: Install dynamic node service + copy: + dest: "/etc/systemd/system/dynamic_node@.service" + src: "dynamic_node@.service" + +- name: Install dynamic node timer + copy: + dest: "/etc/systemd/system/dynamic_node@.timer" + src: "dynamic_node@.timer" + +- name: Enable dynamic node timer + service: + name: "dynamic_node@{{ dynamic_node_backend_name }}.timer" + state: started + enabled: yes diff --git a/roles/cs.mageops-cli/files/libdynamicnode.bash b/roles/cs.mageops-cli/files/libdynamicnode.bash new file mode 100644 index 000000000..8c5a90213 --- /dev/null +++ b/roles/cs.mageops-cli/files/libdynamicnode.bash @@ -0,0 +1,7 @@ +#!/usr/bin/env bash +set -e + +dynamicnode::register_node() { + local node_name=$1 + curl -Lsf -H "secret: ${config__dynamicnode_secret}" -H "backend: ${node_name}" "${config__dynamicnode_endpoint_addr}/register" +} diff --git a/roles/cs.mageops-cli/files/mageopscli b/roles/cs.mageops-cli/files/mageopscli index 75e5bf32d..1114b46e0 100755 --- a/roles/cs.mageops-cli/files/mageopscli +++ b/roles/cs.mageops-cli/files/mageopscli @@ -2,56 +2,73 @@ set -euo pipefail source "$(dirname "${BASH_SOURCE[0]}")/../lib/mageops/config.bash" -source "$(dirname "${BASH_SOURCE[0]}")/../lib/mageops/libaws.bash" -source "$(dirname "${BASH_SOURCE[0]}")/../lib/mageops/libmageops.bash" -source "$(dirname "${BASH_SOURCE[0]}")/../lib/mageops/libfeatures.bash" +if [ "${config__aws_enabled}" = "yes" ];then + source "$(dirname "${BASH_SOURCE[0]}")/../lib/mageops/libaws.bash" + source "$(dirname "${BASH_SOURCE[0]}")/../lib/mageops/libmageops.bash" + source "$(dirname "${BASH_SOURCE[0]}")/../lib/mageops/libfeatures.bash" +fi +source "$(dirname "${BASH_SOURCE[0]}")/../lib/mageops/libdynamicnode.bash" main::main() { local cmd=${1:-} case $cmd in is_cron_node) + main::aws_only if [ $# != 1 ];then main::help; fi main::is_cron_node || exit 1 ;; is_tag_present) + main::aws_only if [ $# != 2 ];then main::help; fi local tag=$2 main::is_tag_present "$tag" || exit 1 ;; get_tag_value) + main::aws_only if [ $# != 2 ];then main::help; fi local tag=$2 main::get_tag_value "$tag" || exit 1 ;; current_instance_id) + main::aws_only if [ $# != 1 ];then main::help; fi main::current_instance_id || exit 1 ;; current_region) + main::aws_only if [ $# != 1 ];then main::help; fi main::current_region || exit 1 ;; set_feature_flag) + main::aws_only if [ $# != 3 ];then main::help; fi local feature=$2 local value=$3 main::set_feature_flag "$feature" "$value" ;; read_feature_flag) + main::aws_only if [ $# != 2 ];then main::help; fi local feature=$2 main::read_feature_flag "$feature" ;; is_feature_flag_set) + main::aws_only if [ $# != 2 ];then main::help; fi local feature=$2 main::is_feature_flag_set "$feature" || exit 1 ;; apply_features) - if [ $# != 1 ];then main::help; fi + main::aws_only + if [ $# != 1 ];then main::help; fi main::apply_features ;; + register_dynamic_bakcend) + if [ $# != 2 ];then main::help; fi + local backend_name=$2 + main::register_dynamic_backend "$backend_name" || exit 1 + ;; *) main::help ;; esac } @@ -125,27 +142,58 @@ main::apply_features() { features::update_host_state } +main::register_dynamic_backend() { + local backend_name=$1 + + dynamicnode::register_node "$backend_name" || main::panic "Failed to register this node as dynamic backend" +} + +main::aws_only() { + if [ "${config__aws_enabled}" != "yes" ];then + main::panic "This command is only available on aws environment" + fi +} + +main::dynamic_node_only() { + if [ "${config__dynamicnode_enabled}" != "yes" ];then + main::panic "This command is only available on nodes with dynamic node feature configured" + fi +} + main::help() { + local contains_commands=0 main::eprintln " $0 " main::eprintln "" main::eprintln "Where cmd is one of:" - main::eprintln " is_cron_node Checks if there is tag 'Cron' with value 'yes'" - main::eprintln " status code 0 means tag present, 1 means missing tag or" - main::eprintln " other error" - main::eprintln " is_tag_present Checks if specified tag name is set" - main::eprintln " status code 0 means tag present, 1 means missing tag or" - main::eprintln " other error" - main::eprintln " get_tag_value Reads value assigned to tag" - main::eprintln " current_instance_id Reads current ec2 instance id" - main::eprintln " current_region Reads current ec2 region name" - main::eprintln " set_feature_flag Update feature flag value" - main::eprintln " read_feature_flag Reads current feature flag value" - main::eprintln " is_feature_flag_set Checks if there is any value set for feature flag" - main::eprintln " status code 0 means flag is set, 1 otherwise" - main::eprintln " apply_features Apply feature updates to this host" + if [ "${config__aws_enabled}" = "yes" ];then + contains_commands=1 + main::eprintln " is_cron_node Checks if there is tag 'Cron' with value 'yes'" + main::eprintln " status code 0 means tag present, 1 means missing tag or" + main::eprintln " other error" + main::eprintln " is_tag_present Checks if specified tag name is set" + main::eprintln " status code 0 means tag present, 1 means missing tag or" + main::eprintln " other error" + main::eprintln " get_tag_value Reads value assigned to tag" + main::eprintln " current_instance_id Reads current ec2 instance id" + main::eprintln " current_region Reads current ec2 region name" + main::eprintln " set_feature_flag Update feature flag value" + main::eprintln " read_feature_flag Reads current feature flag value" + main::eprintln " is_feature_flag_set Checks if there is any value set for feature flag" + main::eprintln " status code 0 means flag is set, 1 otherwise" + main::eprintln " apply_features Apply feature updates to this host" + fi + if [ "${config__dynamicnode_enabled}" = "yes" ];then + contains_commands=1 + main::eprintln " register_dynamic_bakcend Register this node as dynamic backend with ." + main::eprintln " This command need to be repeated constandly to keep" + main::eprintln " this node in list." + fi + if [ "${contains_commands}" = "0" ];then + main::eprintln " Sorry but this node does not contain any usable commands" + fi main::eprintln "" main::eprintln " Mageops cli tools" - main::eprintln " (c) Creativestyle 2020" + main::eprintln " (c) Creativestyle 2020-2021" exit 1 } diff --git a/roles/cs.mageops-cli/tasks/main.yml b/roles/cs.mageops-cli/tasks/main.yml index 5f1e41b38..c9b0f59a7 100644 --- a/roles/cs.mageops-cli/tasks/main.yml +++ b/roles/cs.mageops-cli/tasks/main.yml @@ -16,6 +16,7 @@ - { src: "libaws.bash", dest: "/usr/local/lib/mageops/libaws.bash", mode: "0644" } - { src: "libmageops.bash", dest: "/usr/local/lib/mageops/libmageops.bash", mode: "0644" } - { src: "libfeatures.bash", dest: "/usr/local/lib/mageops/libfeatures.bash", mode: "0644" } + - { src: "libdynamicnode.bash", dest: "/usr/local/lib/mageops/libdynamicnode.bash", mode: "0644" } - { src: "mageopscli", dest: "/usr/local/bin/mageopscli", mode: "0755" } - { src: "features/example_feature.bash", dest: "/usr/local/lib/mageops/features/example_feature.bash", mode: "0644" } - { src: "mageops-update-features.service", dest: "/etc/systemd/system/mageops-update-features.service", mode: "0644" } diff --git a/roles/cs.mageops-cli/templates/config.bash b/roles/cs.mageops-cli/templates/config.bash index 2a9c6a436..597fad07a 100644 --- a/roles/cs.mageops-cli/templates/config.bash +++ b/roles/cs.mageops-cli/templates/config.bash @@ -3,3 +3,7 @@ config__features_s3_bucket="{{ aws_s3_secret_bucket }}" config__features_s3_config_path="s3://${config__features_s3_bucket}/features.json" config__features_modules_path="{{ mageops_cli_features_dir }}" +config__dynamicnode_endpoint_addr="http://{{ mageops_varnish_host }}:{{ mageops_coredns_dynamic_http_port }}/" +config__dynamicnode_secret="{{ mageops_coredns_dynamic_secret }}" +config__aws_enabled="{{ aws_use | ternary('yes', 'no') }}" +config__dynamicnode_enabled="{{ mageops_dynamic_node_enabled | ternary('yes', 'no') }}" diff --git a/roles/cs.varnish/defaults/main.yml b/roles/cs.varnish/defaults/main.yml index 2be39fb35..d9cf7ebcf 100644 --- a/roles/cs.varnish/defaults/main.yml +++ b/roles/cs.varnish/defaults/main.yml @@ -172,3 +172,9 @@ varnish_301_cache_time: 3h # If you are on varnish_trusted_ips list you will # still receive those headers varnish_do_not_expose_caching: no + +varnish_dns_service_discovery: no +varnish_dns_backend_domain: magento.dynamic.internal +varnish_dns_extra_backend_domain: magento_extra.dynamic.internal +varnish_dns_acl: + - 10/8 # Default aws network diff --git a/roles/cs.varnish/meta/main.yml b/roles/cs.varnish/meta/main.yml index d193ad5c4..2b4989f5b 100644 --- a/roles/cs.varnish/meta/main.yml +++ b/roles/cs.varnish/meta/main.yml @@ -1,5 +1,6 @@ allow_duplicates: no dependencies: + - cs.repo-mageops - cs.ansible-plugins - cs.repo-varnish diff --git a/roles/cs.varnish/tasks/001-install.yml b/roles/cs.varnish/tasks/001-install.yml index 11047a98b..0252387cc 100644 --- a/roles/cs.varnish/tasks/001-install.yml +++ b/roles/cs.varnish/tasks/001-install.yml @@ -8,3 +8,9 @@ name: "varnish-module-blobdigest" state: present when: varnish_magento_vary_sign + +- name: Install dynamic module + yum: + name: "varnish-module-dynamic" + state: present + when: varnish_dns_service_discovery diff --git a/roles/cs.varnish/templates/vcl/backends.vcl.j2 b/roles/cs.varnish/templates/vcl/backends.vcl.j2 index 423465647..6fe717f0d 100644 --- a/roles/cs.varnish/templates/vcl/backends.vcl.j2 +++ b/roles/cs.varnish/templates/vcl/backends.vcl.j2 @@ -14,6 +14,36 @@ probe app_probe { .window = 3; } +{% if varnish_dns_backend_domain %} +import dynamic; + +acl allowed_backends { + {% for addr in varnish_dns_acl %} + "{{ addr }}"; + {% endfor %} +} + +backend dummy { + .host = "0.0.0.0"; + .max_connections = 0; +} + +sub backends_init { + new app_director = dynamic.director( + whitelist = allowed_backends, + domain_usage_timeout = 15m, + probe = app_probe, + ttl = 10s, + ttl_from = "dns" + ); +} + +sub vcl_backend_error { + # the director may resolve ::1 first + return (retry); +} +{% else %} + {% for instance in (varnish_backend_instances_app + varnish_backend_instances_extra) %} backend {{ instance.instance_id | replace('-','') }} { .host = "{{ instance.private_ip_address }}"; @@ -37,3 +67,4 @@ sub backends_init { extra_director.add_backend({{ instance.instance_id | replace('-','') }}); {% endfor %} } +{% endif %} diff --git a/roles/cs.varnish/templates/vcl/base.vcl.j2 b/roles/cs.varnish/templates/vcl/base.vcl.j2 index b17e7649a..95ff0e468 100644 --- a/roles/cs.varnish/templates/vcl/base.vcl.j2 +++ b/roles/cs.varnish/templates/vcl/base.vcl.j2 @@ -1,6 +1,8 @@ vcl 4.0; +{% if not varnish_dns_backend_domain %} import directors; +{% endif %} import std; import accept; diff --git a/roles/cs.varnish/templates/vcl/subroutines/recv.vcl.j2 b/roles/cs.varnish/templates/vcl/subroutines/recv.vcl.j2 index d8ac8731f..ccc97470b 100644 --- a/roles/cs.varnish/templates/vcl/subroutines/recv.vcl.j2 +++ b/roles/cs.varnish/templates/vcl/subroutines/recv.vcl.j2 @@ -21,7 +21,11 @@ {% if varnish_standalone %} {# This has to be first line, remember this is not declarative config, we always need the director! #} + {% if varnish_dns_service_discovery %} + set req.backend_hint = app_director.backend("{{ varnish_dns_backend_domain }}"); + {% else %} set req.backend_hint = app_director.backend(); + {% endif %} if (req.http.X-Use-Extra-Instance {% if aws_extra_app_asg_passthrough_uagent_pattern %} @@ -34,11 +38,19 @@ || req.http.x-forwarded-for ~ "{{ aws_extra_app_asg_passthrough_ip_pattern }}" {% endif %} ) { - set req.backend_hint = extra_director.backend(); + {% if varnish_dns_service_discovery %} + set req.backend_hint = app_director.backend("{{ varnish_dns_extra_backend_domain }}"); + {% else %} + set req.backend_hint = extra_app_director.backend(); + {% endif %} {% if varnish_extra_instance_failover_enable %} if (!std.healthy(req.backend_hint)) { + {% if varnish_dns_service_discovery %} + set req.backend_hint = app_director.backend("{{ varnish_dns_backend_domain }}"); + {% else %} set req.backend_hint = app_director.backend(); + {% endif %} } {% else %} # Extra instance failover is disabled - requests will return 5xx diff --git a/site.step-10-infrastructure-aws.yml b/site.step-10-infrastructure-aws.yml index 953bf9c53..e8d2302bd 100644 --- a/site.step-10-infrastructure-aws.yml +++ b/site.step-10-infrastructure-aws.yml @@ -44,7 +44,7 @@ mysql_user_localhost_access: "{{ not aws_rds_create }}" when: aws_rds_create or mageops_mysql_host is not none - role: cs.aws-lambda-varnish - when: varnish_standalone + when: varnish_lambda_backends_update - role: cs.aws-lambda-node-coordinator when: aws_magento_cron_enabled - role: cs.aws-lambda-import diff --git a/site.step-15-varnish.yml b/site.step-15-varnish.yml index 5a18733f6..8967b5c73 100644 --- a/site.step-15-varnish.yml +++ b/site.step-15-varnish.yml @@ -52,6 +52,10 @@ https_termination_upstream_port: "{{ mageops_varnish_port }}" when: mageops_https_termination_enable - role: cs.cloudflare + - role: cs.coredns + coredns_dynamic_enabled: "{{ mageops_coredns_enabled }}" + coredns_dynamic_http_port: "{{ mageops_coredns_dynamic_http_port }}" + coredns_dynamic_secret: "{{ mageops_coredns_dynamic_secret }}" - role: cs.varnish varnish_port: "{{ mageops_varnish_port }}" varnish_backend_port: "{{ mageops_varnish_backend_port }}" @@ -67,8 +71,9 @@ varnish_debug_request_header_name: "{{ mageops_debug_token_http_header }}" varnish_magento_vary_sign: "{{ mageops_magento_vary_sign_enabled }}" varnish_magento_vary_secret: "{{ mageops_magento_vary_sign_secret }}" + varnish_dns_service_discovery: "{{ mageops_dynamic_node_enabled }}" - role: cs.varnish-manager - when: varnish_standalone and aws_use + when: varnish_lambda_backends_update and aws_use - role: cs.mageops-cli-profile - role: cs.goaccess when: goaccess_enable diff --git a/site.step-45-app-deploy.yml b/site.step-45-app-deploy.yml index 17a91a739..0d8b28623 100644 --- a/site.step-45-app-deploy.yml +++ b/site.step-45-app-deploy.yml @@ -113,6 +113,11 @@ - role: cs.magento-cache-warmup-crawler when: magento_page_cache_warmer_enable + # TODO: add handling for extra node + - role: cs.dynamic-node + dynamic_node_backend_name: magento + when: mageops_dynamic_node_enabled + tasks: - name: Execute custom post deploy tasks include_tasks: "{{ mageops_extra_tasks_deploy }}" @@ -183,5 +188,3 @@ magento_efs_app_mounts_extra: "{{ magento_efs_app_node_mounts }}" magento_s3_app_mounts_extra: "{{ magento_s3fs_buckets_extra }}" - -