iklim.co/Environment_Infrastructure
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Environment_Infrastructure/roadmap/prod-env/02-godaddy-credentials.md
Murat ÖZDEMİR 67dc2986dd docs(infra): restructure and update infrastructure setup documentation 
- Anglicized setup and facts markdown file names for better consistency.

- Updated 01-swarm-init-multinode.md to highlight Ansible automation of Swarm initialization and labeling.

- Overhauled 03-infra-stack-changes.md to describe the single monolithic file strategy and reflect current Redis, RabbitMQ, and etcd cluster configurations.

- Fixed minor overrides and typos in Patroni templates and Ansible bootstrap documents.

- Restructured README and roadmap mapping to align with the renamed setup documents.
2026-06-15 16:42:18 +03:00

2.5 KiB
Raw Blame History

02 — GoDaddy DNS Credentials for SWAG (Prod)

Context

Identical to test-env-setup/02, except the storagebox path is prod/ instead of test/.

⚠️ Security — Rotate credentials before use

If credentials were shared in any chat log, Slack message, or email, revoke them immediately:

  1. Go to: https://developer.godaddy.com/keys
  2. Revoke the exposed key
  3. Create a new Production key pair

Never commit credentials to the repository.

Step 1 — Add credentials to storagebox .env.secrets.swag (prod path)

Open the file at storagebox path:

prod/secrets/iklim.co/.env.secrets.swag

Add:

GODADDY_KEY=<your-new-api-key>
GODADDY_SECRET=<your-new-api-secret>

.env.secrets.swag contains SWAG/GoDaddy credentials only. .env.secrets.shared contains AppRole IDs, DB passwords, and other runtime secrets — do not mix.

Step 2 — Repo template file

Same file as test: template/swag/dns-conf/godaddy.ini.tpl (already created in test step 02). No additional action needed in the repo.

Step 3 — (Handled by pipeline) Write credentials file on prod host

The deploy pipeline (see 08-deploy-pipeline-update.md) runs on iklim-app-01:

set -a; . ./.env; set +a
mkdir -p "$SWAG_CONFIG_DIR/dns-conf"
envsubst < template/swag/dns-conf/godaddy.ini.tpl > "$SWAG_CONFIG_DIR/dns-conf/godaddy.ini"
chmod 600 "$SWAG_CONFIG_DIR/dns-conf/godaddy.ini"

Step 4 — GoDaddy A records for prod subdomains (handled by pipeline)

The deploy pipeline's Update DNS Records step automatically manages A records via GoDaddy API. It reads the Floating IP from the Gitea variable vars.PROD_FLOATING_IP — set this once in Gitea project settings.

To get the Floating IP: terraform output prod_floating_ip

Record Value
api vars.PROD_FLOATING_IP
apigw vars.PROD_FLOATING_IP
rabbitmq vars.PROD_FLOATING_IP
grafana vars.PROD_FLOATING_IP

Logic: for each record, pipeline queries the current value via GoDaddy API. If already correct, it skips. Otherwise it creates/updates the record.

The Floating IP is assigned to iklim-app-01 (06-prod-terraform-iac.mdfloating_ip.tf). If failover is needed, the Floating IP can be reassigned to another app node; DNS does not change.

Notes

  • Test and prod SWAG instances both obtain *.iklim.co independently from Let's Encrypt. There is no conflict — they use the same domain, different servers.
  • DNSPROPAGATION=90 handles GoDaddy's typical 30-90s propagation delay.