Extract GCP DNS (clouddns) from gce-specific 'clean' playbook so that…

… it can be used separately. (#41) Fix clouddns cleaning so that it only cleans cluster hosts, not all GCP
sky-uk · Mar 10, 2020 · e6252ad · e6252ad
1 parent 6008476
commit e6252ad
Show file tree

Hide file tree

Showing 6 changed files with 145 additions and 148 deletions.
diff --git a/EXAMPLE/group_vars/_skel/cluster_vars.yml b/EXAMPLE/group_vars/_skel/cluster_vars.yml
@@ -43,7 +43,7 @@ cluster_name: "{{app_name}}-{{buildenv}}"       # Identifies the cluster within
 #  region: &region "eu-west-1"
 #  dns_zone_internal: "{{_region}}.compute.internal"         # eu-west-1, us-west-2
 #  dns_zone_external: "{%- if dns_tld_external -%}{{_cloud_type}}-{{_region}}.{{app_class}}.{{buildenv}}.{{dns_tld_external}} {%- endif -%}"
-#  dns_server: ""                    # Specify DNS server. nsupdate or route53.  If empty string is specified, no DNS will be added.
+#  dns_server: ""                    # Specify DNS server. nsupdate, route53 or clouddns.  If empty string is specified, no DNS will be added.
 #  assign_public_ip: "yes"
 #  inventory_ip: "public"            # 'public' or 'private', (private in case we're operating in a private LAN).  If public, 'assign_public_ip' must be 'yes'
 #  instance_profile_name: ""
@@ -86,7 +86,7 @@ cluster_name: "{{app_name}}-{{buildenv}}"       # Identifies the cluster within
 #  region: &region "europe-west1"
 #  dns_zone_internal: "c.{{gcp_credentials_json.project_id}}.internal"
 #  dns_zone_external: "{%- if dns_tld_external -%}{{_cloud_type}}-{{_region}}.{{app_class}}.{{buildenv}}.{{dns_tld_external}} {%- endif -%}"
-#  dns_server: ""                    # Specify DNS server. nsupdate or route53.  If empty string is specified, no DNS will be added.
+#  dns_server: ""                    # Specify DNS server. nsupdate, route53 or clouddns.  If empty string is specified, no DNS will be added.
 #  assign_public_ip: "yes"
 #  inventory_ip: "public"            # 'public' or 'private', (private in case we're operating in a private LAN).  If public, 'assign_public_ip' must be 'yes'
 #  project_id: "{{gcp_credentials_json.project_id}}"

diff --git a/EXAMPLE/group_vars/test_aws_euw1/cluster_vars.yml b/EXAMPLE/group_vars/test_aws_euw1/cluster_vars.yml
@@ -38,7 +38,7 @@ cluster_vars:
   region: &region "eu-west-1"
   dns_zone_internal: "{{_region}}.compute.internal"         # eu-west-1, us-west-2
   dns_zone_external: "{%- if dns_tld_external -%}{{_cloud_type}}-{{_region}}.{{app_class}}.{{buildenv}}.{{dns_tld_external}} {%- endif -%}"
-  dns_server: ""                    # Specify DNS server. nsupdate or route53.  If empty string is specified, no DNS will be added.
+  dns_server: ""                    # Specify DNS server. nsupdate, route53 or clouddns.  If empty string is specified, no DNS will be added.
   assign_public_ip: "yes"
   inventory_ip: "public"            # 'public' or 'private', (private in case we're operating in a private LAN).  If public, 'assign_public_ip' must be 'yes'
   instance_profile_name: ""

diff --git a/EXAMPLE/group_vars/test_gce_euw1/cluster_vars.yml b/EXAMPLE/group_vars/test_gce_euw1/cluster_vars.yml
@@ -42,9 +42,9 @@ cluster_vars:
   region: &region "europe-west1"
   dns_zone_internal: "c.{{gcp_credentials_json.project_id}}.internal"
   dns_zone_external: "{%- if dns_tld_external -%}{{_cloud_type}}-{{_region}}.{{app_class}}.{{buildenv}}.{{dns_tld_external}} {%- endif -%}"
-  dns_server: "clouddns"                    # Specify DNS server. nsupdate or route53.  If empty string is specified, no DNS will be added.
+  dns_server: ""                            # Specify DNS server. nsupdate, route53 or clouddns.  If empty string is specified, no DNS will be added.
   assign_public_ip: "yes"
-  inventory_ip: "public"            # 'public' or 'private', (private in case we're operating in a private LAN).  If public, 'assign_public_ip' must be 'yes'
+  inventory_ip: "public"                    # 'public' or 'private', (private in case we're operating in a private LAN).  If public, 'assign_public_ip' must be 'yes'
   project_id: "{{gcp_credentials_json.project_id}}"
   ip_forward: "false"
   ssh_guard_whitelist: &ssh_guard_whitelist ['10.0.0.0/8']    # Put your public-facing IPs into this (if you're going to access it via public IP), to avoid rate-limiting.

diff --git a/clean/tasks/dns.yml b/clean/tasks/dns.yml
@@ -0,0 +1,138 @@
+---
+
+- name: Delete DNS entries from route53
+  block:
+    - name: Delete DNS A records using nsupdate (if applicable)
+      nsupdate:
+        key_name: "{{bind9[buildenv].key_name}}"
+        key_secret: "{{bind9[buildenv].key_secret}}"
+        server: "{{bind9[buildenv].server}}"
+        zone: "{{dns_tld_external}}"
+        state: "absent"
+        record: "{{item.hostname}}.{{cluster_vars.dns_zone_external | regex_replace('^(.*?)\\.' + dns_tld_external, '\\1')}}"
+      with_items: "{{ cluster_hosts_flat }}"
+
+    - name: "Delete CNAME records"
+      nsupdate:
+        key_name: "{{bind9[buildenv].key_name}}"
+        key_secret: "{{bind9[buildenv].key_secret}}"
+        server: "{{bind9[buildenv].server}}"
+        zone: "{{dns_tld_external}}"
+        record: "{{item.hostname | regex_replace('-(?!.*-).*')}}.{{cluster_vars.dns_zone_external | regex_replace('^(.*?)\\.' + dns_tld_external, '\\1')}}"
+        value:  "{{item.hostname}}.{{cluster_vars.dns_zone_external | regex_replace('^(.*?)\\.' + dns_tld_external, '\\1')}}"
+        type: CNAME
+        state: absent
+      with_items: "{{ cluster_hosts_flat }}"
+      when: instance_to_create is undefined or rescuing_instance is undefined
+  when: cluster_vars.dns_server == "nsupdate"
+
+- name: Delete DNS entries from route53
+  block:
+    - name: Get A records from route53
+      route53:
+        aws_access_key: "{{cluster_vars[buildenv].aws_access_key}}"
+        aws_secret_key: "{{cluster_vars[buildenv].aws_secret_key}}"
+        state: "get"
+        zone: "{{cluster_vars.dns_zone_external}}"
+        record: "{{item.hostname}}.{{cluster_vars.dns_zone_external}}"
+        type: "A"
+        private_zone: "{{cluster_vars.route53_private_zone | default(true)}}"
+      register: dns_rec
+      with_items: "{{ cluster_hosts_flat }}"
+
+    - name: Remove A records from route53
+      route53:
+        aws_access_key: "{{cluster_vars[buildenv].aws_access_key}}"
+        aws_secret_key: "{{cluster_vars[buildenv].aws_secret_key}}"
+        state: "absent"
+        zone: "{{ item.set.zone }}"
+        record: "{{ item.set.record }}"
+        type: "{{ item.set.type }}"
+        ttl: "{{ item.set.ttl }}"
+        value: ["{{ item.set.value }}"]
+        private_zone: "{{cluster_vars.route53_private_zone | default(true)}}"
+      with_items: "{{ dns_rec.results }}"
+      when: item.set.value is defined
+
+    - name: Get CNAME records from route53
+      route53:
+        aws_access_key: "{{cluster_vars[buildenv].aws_access_key}}"
+        aws_secret_key: "{{cluster_vars[buildenv].aws_secret_key}}"
+        state: "get"
+        zone: "{{cluster_vars.dns_zone_external}}"
+        record: "{{item.hostname | regex_replace('-(?!.*-)[0-9]{10}$')}}.{{cluster_vars.dns_zone_external}}"
+        type: "CNAME"
+        private_zone: "{{cluster_vars.route53_private_zone | default(true)}}"
+      register: dns_rec
+      with_items: "{{ cluster_hosts_flat }}"
+
+    - name: Remove CNAME records from route53
+      route53:
+        aws_access_key: "{{cluster_vars[buildenv].aws_access_key}}"
+        aws_secret_key: "{{cluster_vars[buildenv].aws_secret_key}}"
+        state: "absent"
+        zone: "{{ item.set.zone }}"
+        record: "{{ item.set.record }}"
+        type: "{{ item.set.type }}"
+        ttl: "{{ item.set.ttl }}"
+        value: ["{{ item.set.value }}"]
+        private_zone: "{{cluster_vars.route53_private_zone | default(true)}}"
+      with_items: "{{ dns_rec.results }}"
+      when: item.set.value is defined
+  when: cluster_vars.dns_server == "route53"
+
+
+- name: Delete DNS entries from clouddns
+  block:
+    - name: Gather info for a pre-existing GCP Managed Zone and store as dict
+      gcp_dns_managed_zone_info:
+        auth_kind: serviceaccount
+        dns_name: "{{dns_tld_external}}"
+        project: "{{cluster_vars.project_id}}"
+        service_account_file: "{{gcp_credentials_file}}"
+      register: gcp_dns_managed_zone_info
+
+    - name: Get DNS entries from clouddns
+      gcp_dns_resource_record_set_info:
+        auth_kind: serviceaccount
+        managed_zone:
+          name: "{{gcp_dns_managed_zone_info.resources.0.name}}"
+          dnsName: "{{gcp_dns_managed_zone_info.resources.0.dnsName}}"
+        project: "{{cluster_vars.project_id}}"
+        service_account_file: "{{gcp_credentials_file}}"
+      register: gcp_dns_resource_record_set_info
+
+    - name: Remove A records from clouddns
+      gcp_dns_resource_record_set:
+        auth_kind: serviceaccount
+        managed_zone:
+          name: "{{gcp_dns_managed_zone_info.resources.0.name}}"
+          dnsName: "{{gcp_dns_managed_zone_info.resources.0.dnsName}}"
+        name: "{{ item.name }}"
+        project: "{{cluster_vars.project_id}}"
+        service_account_file: "{{gcp_credentials_file}}"
+        state: absent
+        target: "{{ item.rrdatas }}"
+        type: A
+      with_items: "{{ gcp_dns_resource_record_set_info.resources | json_query(\"[?type=='A']\") }}"
+      vars:
+        hosts_to_clean: "{{cluster_hosts_flat | map(attribute='hostname') | list }}"
+      when: (item.name | regex_replace('^(.*?)\\..*$', '\\1')) in hosts_to_clean
+
+    - name: Remove CNAME records from clouddns
+      gcp_dns_resource_record_set:
+        auth_kind: serviceaccount
+        managed_zone:
+          name: "{{gcp_dns_managed_zone_info.resources.0.name}}"
+          dnsName: "{{gcp_dns_managed_zone_info.resources.0.dnsName}}"
+        name: "{{ item.name }}"
+        project: "{{cluster_vars.project_id}}"
+        service_account_file: "{{gcp_credentials_file}}"
+        state: absent
+        target: "{{ item.rrdatas[0] }}"
+        type: CNAME
+      with_items: "{{ gcp_dns_resource_record_set_info.resources | json_query(\"[?type=='CNAME']\") }}"
+      vars:
+        cnames_to_clean: "{{cluster_hosts_flat | map(attribute='hostname') | map('regex_replace', '-(?!.*-).*') | list }}"
+      when: (item.name | regex_replace('^(.*?)\\..*$', '\\1')) in cnames_to_clean
+  when: cluster_vars.dns_server=="clouddns"
diff --git a/clean/tasks/gce.yml b/clean/tasks/gce.yml
@@ -54,67 +54,3 @@
     project: "{{cluster_vars.project_id}}"
     state: absent
   when: create_gce_network is defined and create_gce_network|bool
-
-- name: Delete DNS entries from clouddns
-  block:
-  - name: Gather info for a pre-existing GCP Managed Zone and store as dict
-    gcp_dns_managed_zone_info:
-      auth_kind: serviceaccount
-      dns_name: "{{dns_tld_external}}"
-      project: "{{cluster_vars.project_id}}"
-      service_account_file: "{{gcp_credentials_file}}"
-    register: gcp_dns_managed_zone_info
-    become: false
-    delegate_to: localhost
-    run_once: true
-    when: (cluster_vars.dns_server is defined and cluster_vars.dns_server != "") and cluster_vars.dns_server=="clouddns" and (cluster_vars.dns_zone_external is defined and cluster_vars.dns_zone_external != "")
-
-  - name: Get DNS entries from clouddns
-    gcp_dns_resource_record_set_info:
-      auth_kind: serviceaccount
-      managed_zone:
-        name: "{{gcp_dns_managed_zone_info.resources.0.name}}"
-        dnsName: "{{gcp_dns_managed_zone_info.resources.0.dnsName}}"
-      project: "{{cluster_vars.project_id}}"
-      service_account_file: "{{gcp_credentials_file}}"
-    register: gcp_dns_resource_record_set_info
-    with_items: "{{ cluster_hosts_flat }}"
-    when: (cluster_vars.dns_server is defined and cluster_vars.dns_server != "") and cluster_vars.dns_server=="clouddns" and (cluster_vars.dns_zone_external is defined and cluster_vars.dns_zone_external != "")
-
-  - name: Remove related clusterverse A records from clouddns only
-    gcp_dns_resource_record_set:
-      auth_kind: serviceaccount
-      managed_zone:
-        name: "{{gcp_dns_managed_zone_info.resources.0.name}}"
-        dnsName: "{{gcp_dns_managed_zone_info.resources.0.dnsName}}"
-      name: "{{ item.name }}" 
-      project: "{{cluster_vars.project_id}}"
-      service_account_file: "{{gcp_credentials_file}}"
-      state: absent    
-      target: "{{ item.rrdatas[0] }}" 
-      type: A
-      ttl: "{{ item.ttl }}" 
-    become: false
-    delegate_to: localhost
-    run_once: true
-    with_items: "{{ gcp_dns_resource_record_set_info.results.0.resources }}"
-    when: (cluster_vars.dns_server is defined and cluster_vars.dns_server != "") and cluster_vars.dns_server=="clouddns" and (cluster_vars.dns_zone_external is defined and cluster_vars.dns_zone_external != "")
-
-  - name: Remove related clusterverse CNAME records from clouddns only
-    gcp_dns_resource_record_set:
-      auth_kind: serviceaccount
-      managed_zone:
-        name: "{{gcp_dns_managed_zone_info.resources.0.name}}"
-        dnsName: "{{gcp_dns_managed_zone_info.resources.0.dnsName}}"
-      name: "{{ item.name }}"
-      project: "{{cluster_vars.project_id}}"
-      service_account_file: "{{gcp_credentials_file}}"
-      state: absent    
-      target: "{{ item.rrdatas[0] }}" 
-      type: CNAME
-      ttl: "{{ item.ttl }}"
-    become: false
-    delegate_to: localhost
-    run_once: true
-    with_items: "{{ gcp_dns_resource_record_set_info.results.0.resources }}"
-    when: (cluster_vars.dns_server is defined and cluster_vars.dns_server != "") and cluster_vars.dns_server=="clouddns" and (cluster_vars.dns_zone_external is defined and cluster_vars.dns_zone_external != "")
diff --git a/clean/tasks/main.yml b/clean/tasks/main.yml
@@ -6,85 +6,8 @@
 - include_tasks: gce.yml
   when: cluster_vars.type == "gce"
 
-- name: Delete DNS A records using nsupdate (if applicable)
-  nsupdate:
-    key_name: "{{bind9[buildenv].key_name}}"
-    key_secret: "{{bind9[buildenv].key_secret}}"
-    server: "{{bind9[buildenv].server}}"
-    zone: "{{dns_tld_external}}"
-    state: "absent"
-    record: "{{item.hostname}}.{{cluster_vars.dns_zone_external | regex_replace('^(.*?)\\.' + dns_tld_external, '\\1')}}"
-  with_items: "{{ cluster_hosts_flat }}"
-  when: cluster_vars.dns_server == "nsupdate" and cluster_vars.dns_zone_external is defined and cluster_vars.dns_zone_external != ""
-
-- name: "Delete CNAME records"
-  nsupdate:
-    key_name: "{{bind9[buildenv].key_name}}"
-    key_secret: "{{bind9[buildenv].key_secret}}"
-    server: "{{bind9[buildenv].server}}"
-    zone: "{{dns_tld_external}}"
-    record: "{{item.hostname | regex_replace('-(?!.*-).*')}}.{{cluster_vars.dns_zone_external | regex_replace('^(.*?)\\.' + dns_tld_external, '\\1')}}"
-    value:  "{{item.hostname}}.{{cluster_vars.dns_zone_external | regex_replace('^(.*?)\\.' + dns_tld_external, '\\1')}}"
-    type: CNAME
-    state: absent
-  with_items: "{{ cluster_hosts_flat }}"
-  when: cluster_vars.dns_server == "nsupdate" and (instance_to_create is undefined or rescuing_instance is undefined)
-  delegate_to: localhost
-
-- name: Delete DNS entries from route53
-  block:
-  - name: Get DNS entries from route53
-    route53:
-      aws_access_key: "{{cluster_vars[buildenv].aws_access_key}}"
-      aws_secret_key: "{{cluster_vars[buildenv].aws_secret_key}}"
-      state: "get"
-      zone: "{{cluster_vars.dns_zone_external}}"
-      record: "{{item.hostname}}.{{cluster_vars.dns_zone_external}}"
-      type: "A"
-      private_zone: "{{cluster_vars.route53_private_zone | default(true)}}"
-    register: dns_rec
-    with_items: "{{ cluster_hosts_flat }}"
-
-  - name: Remove DNS entries from route53
-    route53:
-      aws_access_key: "{{cluster_vars[buildenv].aws_access_key}}"
-      aws_secret_key: "{{cluster_vars[buildenv].aws_secret_key}}"
-      state: "absent"
-      zone: "{{ item.set.zone }}"
-      record: "{{ item.set.record }}"
-      type: "{{ item.set.type }}"
-      ttl: "{{ item.set.ttl }}"
-      value: ["{{ item.set.value }}"]
-      private_zone: "{{cluster_vars.route53_private_zone | default(true)}}"
-    with_items: "{{ dns_rec.results }}"
-    when: item.set.value is defined
-
-  - name: Get CNAME entries from route53
-    route53:
-      aws_access_key: "{{cluster_vars[buildenv].aws_access_key}}"
-      aws_secret_key: "{{cluster_vars[buildenv].aws_secret_key}}"
-      state: "get"
-      zone: "{{cluster_vars.dns_zone_external}}"
-      record: "{{item.hostname | regex_replace('-(?!.*-)[0-9]{10}$')}}.{{cluster_vars.dns_zone_external}}"
-      type: "CNAME"
-      private_zone: "{{cluster_vars.route53_private_zone | default(true)}}"
-    register: dns_rec
-    with_items: "{{ cluster_hosts_flat }}"
-
-  - name: Remove DNS entries from route53
-    route53:
-      aws_access_key: "{{cluster_vars[buildenv].aws_access_key}}"
-      aws_secret_key: "{{cluster_vars[buildenv].aws_secret_key}}"
-      state: "absent"
-      zone: "{{ item.set.zone }}"
-      record: "{{ item.set.record }}"
-      type: "{{ item.set.type }}"
-      ttl: "{{ item.set.ttl }}"
-      value: ["{{ item.set.value }}"]
-      private_zone: "{{cluster_vars.route53_private_zone | default(true)}}"
-    with_items: "{{ dns_rec.results }}"
-    when: item.set.value is defined
-  when: cluster_vars.dns_server == "route53" and cluster_vars.dns_zone_external is defined and cluster_vars.dns_zone_external != ""
+- include_tasks: dns.yml
+  when: (cluster_vars.dns_server is defined and cluster_vars.dns_server != "")  and  (cluster_vars.dns_zone_external is defined and cluster_vars.dns_zone_external != "")
 
 - name: Delete the inventory file
   block: