iklim.co/Environment_Infrastructure
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Environment_Infrastructure/roadmap/prod-env/02-godaddy-credentials.md
Murat ÖZDEMİR bf8f011e43 Restructure setup documentation and refine environment bootstrapping 
This commit introduces a reordered and renumbered set of setup documentation files to better reflect the deployment stages for both test and production environments.

Key changes include:
*   A new `setup-vs-roadmap-map.md` file to provide a clear mapping between roadmap tasks and their corresponding setup phases.
*   Significantly expanded Ansible bootstrap documentation for both test and production, detailing Docker, Swarm, security hardening, and StorageBox SSH key management roles.
*   Formalized database Docker and Swarm cluster setup instructions for test and production, including explicit steps for Swarm worker integration of DB nodes.
*   Updated roadmap documentation (`roadmap/prod-env/*`) to align with the refined setup, incorporating correct private IP addresses for Swarm joins, new node labels, and floating IP usage for GoDaddy DNS records.
2026-05-11 17:47:30 +03:00

2.0 KiB
Raw Blame History

02 — GoDaddy DNS Credentials for SWAG (Prod)

Context

Identical to test-env-setup/02, except the storagebox path is prod/ instead of test/.

⚠️ Security — Rotate credentials before use

If credentials were shared in any chat log, Slack message, or email, revoke them immediately:

  1. Go to: https://developer.godaddy.com/keys
  2. Revoke the exposed key
  3. Create a new Production key pair

Never commit credentials to the repository.

Step 1 — Add credentials to storagebox .env.secrets.shared (prod path)

Open the file at storagebox path:

prod/secrets/iklim.co/.env.secrets.shared

Add:

GODADDY_KEY=<your-new-api-key>
GODADDY_SECRET=<your-new-api-secret>

Step 2 — Repo template file

Same file as test: swag/dns-conf/godaddy.ini.tpl (already created in test step 02). No additional action needed in the repo.

Step 3 — (Handled by pipeline) Write credentials file on prod host

The deploy pipeline (see 08-deploy-pipeline-update.md) runs on iklim-app-01:

mkdir -p /opt/iklimco/swag/dns-conf
envsubst < swag/dns-conf/godaddy.ini.tpl > /opt/iklimco/swag/dns-conf/godaddy.ini
chmod 600 /opt/iklimco/swag/dns-conf/godaddy.ini

Step 4 — GoDaddy A records for prod subdomains

In GoDaddy DNS panel for iklim.co, add/update A records pointing to the Floating IP (iklim-prod-app-fip). Floating IP değerini almak için: terraform output prod_floating_ip

Record Value
api <iklim-prod-app-fip>
apigw <iklim-prod-app-fip>
rabbitmq <iklim-prod-app-fip>
grafana <iklim-prod-app-fip>

Floating IP iklim-app-01'e atanmıştır (06-prod-terraform-iaac.mdfloating_ip.tf). Failover gerekirse Floating IP başka bir app node'una taşınabilir; DNS değişmez.

Notes

  • Test and prod SWAG instances both obtain *.iklim.co independently from Let's Encrypt. There is no conflict — they use the same domain, different servers.
  • DNSPROPAGATION=90 handles GoDaddy's typical 30-90s propagation delay.