Add propgation_timeout option into cloudamqp_custom_domain #155
Comments
|
I'm hesitant to add this because I'm not sure it will properly address the issue due to negative caching: https://serverfault.com/questions/426807/how-long-does-negative-dns-caching-typically-last The CloudAMQP backend powering the API might cache the NXDOMAIN response for your custom domain for a while and the timeout you specify might not be enough. It would be better if the user ensured the record exist publicly before using the API/provider resource. As an example, with AWS Route53 there's an API ChangeInfo that can be queried for any DNS change. (I tried looking for a corresponding API with Azure DNS but I did not find any.) Another complicating factor is that the API can return multiple errors (e.g. lack of CAA record on your domain) and not all should be retried. |
|
So the problem with querying is that in my example above the query returned
the record existed ok.
Unless we know what DNS server each cloudamqp is using in each region we
will not know what to query.
I understand that a time delay may not be long enough but surely by making
it customisable it allows users to set via trial and error.
Best practice for automation is that things should complete in a single run
Not split for arbiatory reasons.
…On Fri, 27 May 2022, 14:37 Patrik Ragnarsson, ***@***.***> wrote:
I'm hesitant to add this because I'm not sure it will properly address the
issue due to negative caching:
https://serverfault.com/questions/426807/how-long-does-negative-dns-caching-typically-last
The CloudAMQP backend powering the API might cache the NXDOMAIN response
for your custom domain for a while and the timeout you specify might not be
enough. It would be better if the user ensured the record exist publicly
before using the API/provider resource.
As an example, with AWS Route53 there's an API ChangeInfo
<https://docs.aws.amazon.com/Route53/latest/APIReference/API_ChangeInfo.html>
that can be queried for any DNS change. (I tried looking for a
corresponding API with Azure DNS
<https://docs.microsoft.com/en-us/rest/api/dns/> but I did not find any.)
Another complicating factor is that the API can return multiple errors
(e.g. lack of CAA record on your domain) and not all should be retried.
—
Reply to this email directly, view it on GitHub
<#155 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AH7GYF3WAHX36BVDS32KNF3VMDFZNANCNFSM5XBZGZCQ>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
|
We have many resources (https://github.com/search?q=repo%3Acloudamqp%2Fterraform-provider-cloudamqp%20retries&type=code) having So sure, the |
|
I will leave this here, I had the same issue and used Hashicorp's resource "cloudamqp_custom_domain" "instance_custom_domain" {
instance_id = cloudamqp_instance.instance.id
hostname = cloudflare_record.record.hostname
depends_on = [ time_sleep.record_creation_delay ]
}
resource "time_sleep" "record_creation_delay" {
depends_on = [cloudflare_record.record]
create_duration = "30s"
}
resource "cloudflare_record" "record" {
name = local.mq_dns_record
proxied = false
type = "CNAME"
value = cloudamqp_instance.instance.host
zone_id = var.cloudflare_zone_id
tags = ["unable-to-proxy"]
}it may be useful as a workaround |
Issue
Currently cloudamqp_custom_domain validates and requires that the cname to the hostname exists before creating the custom domain name. This is a good security posture to take to avoid spoofing.
However if your terraform code is like the following, the apply may fail as the cname has not yet propagated.
Example code block
Error received
I would like to suggest that an option setting is added to cloudamqp_custom_domain that allows you to specify a propagation timeout period.
During this period, it would wait 10 seconds and then retry the hostname validation check:
Example resource setup
The text was updated successfully, but these errors were encountered: