Minimal downtime on migration

[jmcarp]

If users want to transfer a custom domain from east/west to govcloud, they'll create a new instance in govcloud, set up a CNAME or ALIAS record, and wait for the broker to provision and upload a certificate. During the provisioning step, the domain will be CNAME'd to a cloudfront distribution without a matching certificate, so requests to the domain will fail. Ideally, users should be able to migrate without downtime.

Some options:

• As @cnelson pointed out, we could allow the broker to use the dns challenge. When a user sets up a service instance in the new environment, they are prompted to create a TXT record via the acme dns challenge. This allows us to decouple certificate provisioning from CNAME updates, so that we can wait to update the CNAME until the certificate is provisioned. I took a quick look at the acme library we're using, and this might be a little tricky.
• Transfer cloudfront distributions between accounts and manually provision service instances to manage the transferred distributions. This could be a pain, but wouldn't involve writing new code and maintaining more features in the broker.
• Decide that brief downtime is acceptance for migration

[cnelson]

this might be a little tricky.

Can you elaborate? I briefly looked at this and thought the manual DNS provider would make this pretty simple. What did I miss?

[jmcarp]

It's more likely that I missed something, but: it looks like the dns challenge Solve method calls the provider Present method, then blocks until the challenge is solved or the timeout has elapsed. I think we'd need to do some work to integrate this with the broker workflow, since we'd want to call Present, save the challenge info to the db, and wait until the user has created the text record, then finish provisioning the cert.

[cnelson]

~I was thinking the broker could check for the DNS entry in updateProvisioning and when we see the record exists we tell lego we are ready to solve. Thoughts?~

Just realized that's what you said above 😁

I still think this is the best approach -- while the immediate need is to help with migrations, this is going to be a problem for any customer in the future who wants to migrate an existing site to the platform so it's worth doing it right.

[jmcarp]

while the immediate need is to help with migrations, this is going to be a problem for any customer in the future who wants to migrate an existing site to the platform so it's worth doing it right.

Agreed. The only thing that could be annoying here is that some of the methods we might want to call are private.

[jmcarp]

Done.