ibm-mas
Issue Installing MAS with AWS Route53 Custom Domain
Please refer this customer defect for more details --> https://github.ibm.com/wiotp/tracker/issues/13522
This customer's defect looks to be because of an issue in this query --> aws route53 list-resource-record-sets --hosted-zone-id {{ route53_hosted_zone_id }} --query "ResourceRecordSets[?Name == '\052.{{ cluster_ingress }}.'].AliasTarget.DNSName" --output json
Especially, this part --> --query "ResourceRecordSets[?Name == '\052.{{ cluster_ingress }}.'].AliasTarget.DNSName"
This is coming from this line of code --> https://github.com/ibm-mas/ansible-devops/blob/e1473bf9cea42f90e19bb06eddb161d81dc26c13/ibm/mas_devops/roles/suite_dns/tasks/providers/route53/create-cnames.yml#L16C5-L16C192
To confirm the behavior, I executed this query on our AWS environment & you can see the result of it in the below attached screenshot: I am getting the output as [] for the same query I executed which is present in create-cnames.yml. Even this customer is getting the same output [] and it's failing because of this. So this query isn't showing ResourceRecordSets as output.
I changed the query like this --> --query "ResourceRecordSets[?Name == 'natarajprivhz.']" and I am able to see the ResourceRecords in the output. See in the below screenshot.
@NatarajBTI
Hello... The automation will use the cluster's ingress to lookup the corresponding load balancer server (there should be an "A" type record created under your Route53 instance) as below:
Therefore the command executed:
aws route53 list-resource-record-sets --hosted-zone-id Z06693421T2UIZHSZ9AYY --query "ResourceRecordSets[?Name == '\\052.apps.snofvtaws.buyermas4aws.com.']" --output json
Should return something as:
[
{
"Name": "\\052.apps.snofvtaws.buyermas4aws.com.",
"Type": "A",
"AliasTarget": {
"HostedZoneId": "Z3AADJGX6KTTL2",
"DNSName": "ad873c6b9fe474d5f9bcd5c9d7580843-853028515.us-east-2.elb.amazonaws.com.",
"EvaluateTargetHealth": false
}
}
]
Therefore, we'll need the DNSName property to be defined with a valid value that will be used later on during the process to configure the proper DNS records for MAS instance against the Route53's hosted zone.
It seems that either the automation is not able to find the "A" type DNS record using the cluster's ingress or it does not have a corresponding loadbalancer associated.
Can you go to Route 53 > Hosted Zones, search the hosted zone instance and then list the results displayed under Records tab?
@andrercm - Thanks for your reply. We have type "NS" & "SOA" record as shown in above screenshot and deployment of stack is successful with these record types. We accept hosted zone as one of the input field on AWS Cloudformation page & we check if the entered hosted zone is public or private In our deployment automation code here --> https://github.com/ibm-mas/multicloud-bootstrap and then proceed further with deployment of stack.. We don't call role aws-route53 as the customer is doing. But we do create network load balancer using terraform script. This customer is not using our multicloud-bootstrap code (Cloudformation approach) & looks like an associated loadbalancer is missing as mentioned by you above.
Having the target cluster's loadbalancer associated with an "A" type record in the Route 53 hosted zone instance is important so that the Route 53 instance knows which cluster/loadbalancer server to redirect and solve the DNS requests. Without this information configured in Route 53, cert-manager will try to generate the public certificates but the DNS for the given domain won't be able to be propagated and resolved.