sky-uk
diff --git a/‎EXAMPLE/README.md
-1 b/‎EXAMPLE/README.md
-1
diff --git a/‎EXAMPLE/group_vars/_skel/cluster_vars.yml
+17-15 b/‎EXAMPLE/group_vars/_skel/cluster_vars.yml
+17-15
diff --git a/‎EXAMPLE/group_vars/test_aws_euw1/cluster_vars.yml
+12-5 b/‎EXAMPLE/group_vars/test_aws_euw1/cluster_vars.yml
+12-5
diff --git a/‎EXAMPLE/group_vars/test_gcp_euw1/app_vars.yml
+4-1 b/‎EXAMPLE/group_vars/test_gcp_euw1/app_vars.yml
+4-1
diff --git a/‎EXAMPLE/group_vars/test_gcp_euw1/cluster_vars.yml
+9-3 b/‎EXAMPLE/group_vars/test_gcp_euw1/cluster_vars.yml
+9-3
@@ -66,7 +66,6 @@ ansible-playbook -u <username> --private-key=/home/<user>/.ssh/<rsa key> cluster
 + `-e app_name=<nginx>` - Normally defined in `group_vars/<clusterid>/cluster_vars.yml`.  The name of the application cluster (e.g. 'couchbase', 'nginx'); becomes part of cluster_name
 + `-e app_class=<proxy>` - Normally defined in `group_vars/<clusterid>/cluster_vars.yml`.  The class of application (e.g. 'database', 'webserver'); becomes part of the fqdn
 + `-e release_version=<v1.0.1>` - Identifies the application version that is being deployed.
-+ `-e dns_tld_external=<test.example.com>` - Normally defined in `group_vars/<clusterid>/cluster_vars.yml`.
 + `-e clean=[current|retiring|redeployfail|_all_]` - Deletes VMs in `lifecycle_state`, or `_all_`, as well as networking and security groups
 + `-e do_package_upgrade=true` - Upgrade the OS packages (not good for determinism)
 + `-e reboot_on_package_upgrade=true` - After updating packages, performs a reboot on all nodes.
 
@@ -7,8 +7,6 @@ gcp_credentials_json: "{{ lookup('file', gcp_credentials_file) | default({'proje
 app_name: "test"                  # The name of the application cluster (e.g. 'couchbase', 'nginx'); becomes part of cluster_name.
 app_class: "test"                 # The class of application (e.g. 'database', 'webserver'); becomes part of the fqdn
 
-dns_tld_external: ""              # Top-level domain for external access.  gcloud dns needs a trailing '.'.  Leave blank if no external DNS (use IPs only)
-
 beats_target_hosts: []            # The destination hosts for e.g. filebeat/ metricbeat logs
 
 ## Vulnerability scanners - Tenable and/ or Qualys cloud agents:
@@ -42,14 +40,15 @@ cluster_name: "{{app_name}}-{{buildenv}}"       # Identifies the cluster within
 #cluster_vars:
 #  type: &cloud_type "aws"
 #  image: "ami-0964eb2dc8b836eb6"    # eu-west-1, 18.04, amd64, hvm-ssd, 20200430.  Ubuntu images can be located at https://cloud-images.ubuntu.com/locator/
-#  region: &region "eu-west-1"
-#  dns_zone_internal: "{{_region}}.compute.internal"         # eu-west-1, us-west-2
-#  dns_zone_external: "{%- if dns_tld_external -%}{{_cloud_type}}-{{_region}}.{{app_class}}.{{buildenv}}.{{dns_tld_external}} {%- endif -%}"
+#  region: &region "eu-west-1"       # eu-west-1, us-west-2
+#  dns_cloud_internal_domain: "{{_region}}.compute.internal"                       # The cloud-internal zone as defined by the cloud provider (e.g. GCP, AWS)
+#  dns_nameserver_zone: &dns_nameserver_zone ""                                    # The zone that dns_server will operate on.  gcloud dns needs a trailing '.'.  Leave blank if no external DNS (use IPs only)
+#  dns_user_domain: "{%- if _dns_nameserver_zone -%}MY.OTHER.PREFIXES.{{_dns_nameserver_zone}}{%- endif -%}"         # A user-defined _domain_ part of the FDQN, (if more prefixes are required before the dns_nameserver_zone)
 #  dns_server: ""                    # Specify DNS server. nsupdate, route53 or clouddns.  If empty string is specified, no DNS will be added.
+#  route53_private_zone: true        # Only used when cluster_vars.type == 'aws'. Defaults to true if not set.
 #  assign_public_ip: "yes"
 #  inventory_ip: "public"            # 'public' or 'private', (private in case we're operating in a private LAN).  If public, 'assign_public_ip' must be 'yes'
 #  instance_profile_name: ""
-#  route53_private_zone: true        # Only used when cluster_vars.type == 'aws'. Defaults to true if not set.
 #  custom_tagslabels: {inv_resident_id: "abc", inv_proposition_id: "def"}
 #  secgroups_existing: []
 #  secgroup_new:
@@ -67,12 +66,13 @@ cluster_name: "{{app_name}}-{{buildenv}}"       # Identifies the cluster within
 #  sandbox:
 #    hosttype_vars:
 #      sys: {vms_by_az: {a: 1, b: 1, c: 1}, flavor: t3a.nano, version: "{{sys_version | default('')}}", auto_volumes: []}
-#      #sysnobeats: {vms_by_az: {a: 1, b: 1, c: 1}, skip_beat_install:true, flavor: t3a.nano, version: "{{sysnobeats_version | default('')}}", auto_volumes: []
-#      #sysdisks: {vms_by_az: {a: 1, b: 1, c: 1}, flavor: t3a.nano, version: "{{sysdisks_version | default('')}}", auto_volumes: [{"device_name": "/dev/sdb", mountpoint: "/var/log/mysvc", fstype: "ext4", "volume_type": "gp2", "volume_size": 2, ephemeral: False, encrypted: True, "delete_on_termination": true, perms: {owner: "root", group: "sudo", mode: "775"} }, {"device_name": "/dev/sdc", mountpoint: "/var/log/mysvc2", fstype: "ext4", "volume_type": "gp2", "volume_size": 2, ephemeral: False, encrypted: True, "delete_on_termination": true}, {"device_name": "/dev/sdd", mountpoint: "/var/log/mysvc3", fstype: "ext4", "volume_type": "gp2", "volume_size": 2, ephemeral: False, encrypted: True, "delete_on_termination": true}]}
-#      #hostnvme_multi: {vms_by_az: {a: 1, b: 1, c: 1}, flavor: i3en.2xlarge, auto_volumes: [], nvme: {volumes: [{mountpoint: "/var/log/mysvc", fstype: ext4, volume_size: 2500}, {mountpoint: "/var/log/mysvc2", fstype: ext4, volume_size: 2500}]} } }
-#      #hostnvme_lvm: {vms_by_az: {a: 1, b: 1, c: 1}, flavor: i3en.2xlarge, auto_volumes: [], nvme: {volumes: [{mountpoint: "/var/log/mysvc", fstype: ext4, volume_size: 2500}, {mountpoint: "/var/log/mysvc", fstype: ext4, volume_size: 2500}], lvmparams: {vg_name: "vg0", lv_name: "lv0", lv_size: "+100%FREE"} } }
-#      #hostssd: {vms_by_az: {a: 1, b: 1, c: 0}, flavor: c3.large, auto_volumes: [{device_name: "/dev/sdb", mountpoint: "/var/log/mysvc", fstype: "ext4", "volume_type": "gp2", "volume_size": 2, ephemeral: False, encrypted: True, "delete_on_termination": true}]}
-#      #hosthdd: {vms_by_az: {a: 1, b: 1, c: 0}, flavor: h1.2xlarge, auto_volumes: [{device_name: "/dev/sdb", mountpoint: "/var/log/mysvc", fstype: "ext4", "volume_type": "gp2", "volume_size": 2, ephemeral: False, encrypted: True, "delete_on_termination": true}]}
+#      # sysnobeats: {vms_by_az: {a: 1, b: 0, c: 0}, skip_beat_install:true, flavor: t3a.nano, version: "{{sysnobeats_version | default('')}}", auto_volumes: []
+#      # sysdisks: {vms_by_az: {a: 1, b: 0, c: 0}, flavor: t3a.nano, version: "{{sysdisks_version | default('')}}", auto_volumes: [{"device_name": "/dev/sdb", mountpoint: "/var/log/mysvc", fstype: "ext4", "volume_type": "gp2", "volume_size": 2, ephemeral: False, encrypted: True, "delete_on_termination": true, perms: {owner: "root", group: "sudo", mode: "775"} }, {"device_name": "/dev/sdc", mountpoint: "/var/log/mysvc2", fstype: "ext4", "volume_type": "gp2", "volume_size": 3, ephemeral: False, encrypted: True, "delete_on_termination": true}, {"device_name": "/dev/sdd", mountpoint: "/var/log/mysvc3", fstype: "ext4", "volume_type": "gp2", "volume_size": 2, ephemeral: False, encrypted: True, "delete_on_termination": true}]}
+#      # sysdisks_snapshot: {vms_by_az: {a: 1, b: 1, c: 0}, flavor: t3a.nano, auto_volumes: [{"snapshot_tags": {"tag:backup_id": "57180566894481854905"}, "device_name": "/dev/sdb", mountpoint: "/data", fstype: "ext4", "volume_type": "gp2", "volume_size": 2, ephemeral: False, encrypted: True, "delete_on_termination": true }]}
+#      # hostnvme_multi: {vms_by_az: {a: 1, b: 0, c: 0}, flavor: i3en.2xlarge, auto_volumes: [], nvme: {volumes: [{mountpoint: "/var/log/mysvc", fstype: ext4, volume_size: 2500}, {mountpoint: "/var/log/mysvc2", fstype: ext4, volume_size: 2500}]} }
+#      # hostnvme_lvm: {vms_by_az: {a: 1, b: 0, c: 0}, flavor: i3en.2xlarge, auto_volumes: [], nvme: {volumes: [{mountpoint: "/var/log/mysvc", fstype: ext4, volume_size: 2500}, {mountpoint: "/var/log/mysvc", fstype: ext4, volume_size: 2500}], lvmparams: {vg_name: "vg0", lv_name: "lv0", lv_size: "+100%FREE"} } }
+#      # hostssd: {vms_by_az: {a: 1, b: 0, c: 0}, flavor: c3.large, auto_volumes: [{device_name: "/dev/sdb", mountpoint: "/var/log/mysvc", fstype: "ext4", "volume_type": "gp2", "volume_size": 2, ephemeral: False, encrypted: True, "delete_on_termination": true}]}
+#      # hosthdd: {vms_by_az: {a: 1, b: 0, c: 0}, flavor: h1.2xlarge, auto_volumes: [{device_name: "/dev/sdb", mountpoint: "/var/log/mysvc", fstype: "ext4", "volume_type": "gp2", "volume_size": 2, ephemeral: False, encrypted: True, "delete_on_termination": true}]}
 #    aws_access_key: ""
 #    aws_secret_key: ""
 #    vpc_name: "test{{buildenv}}"
@@ -81,15 +81,16 @@ cluster_name: "{{app_name}}-{{buildenv}}"       # Identifies the cluster within
 #    termination_protection: "no"
 #_cloud_type: *cloud_type
 #_region: *region
-
+#_dns_nameserver_zone: *dns_nameserver_zone
 
 ### GCP example
 #cluster_vars:
 #  type: &cloud_type "gcp"
 #  image: "projects/ubuntu-os-cloud/global/images/ubuntu-1804-bionic-v20200430"
 #  region: &region "europe-west1"
-#  dns_zone_internal: "c.{{gcp_credentials_json.project_id}}.internal"
-#  dns_zone_external: "{%- if dns_tld_external -%}{{_cloud_type}}-{{_region}}.{{app_class}}.{{buildenv}}.{{dns_tld_external}} {%- endif -%}"
+#  dns_cloud_internal_domain: "c.{{gcp_credentials_json.project_id}}.internal"     # The cloud-internal zone as defined by the cloud provider (e.g. GCP, AWS)
+#  dns_nameserver_zone: &dns_nameserver_zone ""                                    # The zone that dns_server will operate on.  gcloud dns needs a trailing '.'.  Leave blank if no external DNS (use IPs only)
+#  dns_user_domain: "{%- if _dns_nameserver_zone -%}MY.OTHER.PREFIXES.{{_dns_nameserver_zone}}{%- endif -%}"         # A user-defined _domain_ part of the FDQN, (if more prefixes are required before the dns_nameserver_zone)
 #  dns_server: ""                            # Specify DNS server. nsupdate, route53 or clouddns.  If empty string is specified, no DNS will be added.
 #  assign_public_ip: "yes"
 #  inventory_ip: "public"                    # 'public' or 'private', (private in case we're operating in a private LAN).  If public, 'assign_public_ip' must be 'yes'
@@ -122,3 +123,4 @@ cluster_name: "{{app_name}}-{{buildenv}}"       # Identifies the cluster within
 #_cloud_type: *cloud_type
 #_region: *region
 #_ssh_guard_whitelist: *ssh_guard_whitelist
+#_dns_nameserver_zone: *dns_nameserver_zone
@@ -1,9 +1,13 @@
 ---
 
+redeploy_scheme: _scheme_addallnew_rmdisk_rollback
+#redeploy_scheme: _scheme_addnewvm_rmdisk_rollback
+#redeploy_scheme: _scheme_rmvm_rmdisks_only
+
 app_name: "test"                  # The name of the application cluster (e.g. 'couchbase', 'nginx'); becomes part of cluster_name.
 app_class: "test"                 # The class of application (e.g. 'database', 'webserver'); becomes part of the fqdn
 
-dns_tld_external: ""              # Top-level domain for external access.  gcloud dns needs a trailing '.'.  Leave blank if no external DNS (use IPs only)
+beats_target_hosts: []            # The destination hosts for e.g. filebeat/ metricbeat logs
 
 ## Vulnerability scanners - Tenable and/ or Qualys cloud agents:
 cloud_agent:
@@ -35,14 +39,15 @@ cluster_name: "{{app_name}}-{{buildenv}}"       # Identifies the cluster within
 cluster_vars:
   type: &cloud_type "aws"
   image: "ami-0964eb2dc8b836eb6"    # eu-west-1, 18.04, amd64, hvm-ssd, 20200430.  Ubuntu images can be located at https://cloud-images.ubuntu.com/locator/
-  region: &region "eu-west-1"
-  dns_zone_internal: "{{_region}}.compute.internal"         # eu-west-1, us-west-2
-  dns_zone_external: "{%- if dns_tld_external -%}{{_cloud_type}}-{{_region}}.{{app_class}}.{{buildenv}}.{{dns_tld_external}} {%- endif -%}"
+  region: &region "eu-west-1"       # eu-west-1, us-west-2
+  dns_cloud_internal_domain: "{{_region}}.compute.internal"   # The cloud-internal zone as defined by the cloud provider (e.g. GCP, AWS)
+  dns_nameserver_zone: &dns_nameserver_zone ""                # The zone that dns_server will operate on.  gcloud dns needs a trailing '.'.  Leave blank if no external DNS (use IPs only)
+  dns_user_domain: "{%- if _dns_nameserver_zone -%}{{_cloud_type}}-{{_region}}.{{app_class}}.{{buildenv}}.{{_dns_nameserver_zone}}{%- endif -%}"         # A user-defined _domain_ part of the FDQN, (if more prefixes are required before the dns_nameserver_zone)
   dns_server: ""                    # Specify DNS server. nsupdate, route53 or clouddns.  If empty string is specified, no DNS will be added.
+  route53_private_zone: true        # Only used when cluster_vars.type == 'aws'. Defaults to true if not set.
   assign_public_ip: "yes"
   inventory_ip: "public"            # 'public' or 'private', (private in case we're operating in a private LAN).  If public, 'assign_public_ip' must be 'yes'
   instance_profile_name: ""
-  route53_private_zone: true        # Only used when cluster_vars.type == 'aws'. Defaults to true if not set.
   custom_tagslabels:
     inv_resident_id: "myresident"
     inv_proposition_id: "myproposition"
@@ -68,6 +73,7 @@ cluster_vars:
     hosttype_vars:
       sys: {vms_by_az: {a: 1, b: 1, c: 1}, flavor: t3a.nano, version: "{{sys_version | default('')}}", auto_volumes: []}
 #      sysdisks: {vms_by_az: {a: 1, b: 0, c: 0}, flavor: t3a.nano, version: "{{sysdisks_version | default('')}}", auto_volumes: [{"device_name": "/dev/sdb", mountpoint: "/var/log/mysvc", fstype: "ext4", "volume_type": "gp2", "volume_size": 2, ephemeral: False, encrypted: True, "delete_on_termination": true, perms: {owner: "root", group: "sudo", mode: "775"} }, {"device_name": "/dev/sdc", mountpoint: "/var/log/mysvc2", fstype: "ext4", "volume_type": "gp2", "volume_size": 3, ephemeral: False, encrypted: True, "delete_on_termination": true}, {"device_name": "/dev/sdd", mountpoint: "/var/log/mysvc3", fstype: "ext4", "volume_type": "gp2", "volume_size": 2, ephemeral: False, encrypted: True, "delete_on_termination": true}]}
+#      sysdisks_snapshot: {vms_by_az: {a: 1, b: 1, c: 0}, flavor: t3a.nano, auto_volumes: [{"snapshot_tags": {"tag:backup_id": "57180566894481854905"}, "device_name": "/dev/sdb", mountpoint: "/data", fstype: "ext4", "volume_type": "gp2", "volume_size": 2, ephemeral: False, encrypted: True, "delete_on_termination": true }]}
 #      hostnvme_multi: {vms_by_az: {a: 1, b: 0, c: 0}, flavor: i3en.2xlarge, auto_volumes: [], nvme: {volumes: [{mountpoint: "/var/log/mysvc", fstype: ext4, volume_size: 2500}, {mountpoint: "/var/log/mysvc2", fstype: ext4, volume_size: 2500}]} }
 #      hostnvme_lvm: {vms_by_az: {a: 1, b: 0, c: 0}, flavor: i3en.2xlarge, auto_volumes: [], nvme: {volumes: [{mountpoint: "/var/log/mysvc", fstype: ext4, volume_size: 2500}, {mountpoint: "/var/log/mysvc", fstype: ext4, volume_size: 2500}], lvmparams: {vg_name: "vg0", lv_name: "lv0", lv_size: "+100%FREE"} } }
 #      hostssd: {vms_by_az: {a: 1, b: 0, c: 0}, flavor: c3.large, auto_volumes: [{device_name: "/dev/sdb", mountpoint: "/var/log/mysvc", fstype: "ext4", "volume_type": "gp2", "volume_size": 2, ephemeral: False, encrypted: True, "delete_on_termination": true}]}
@@ -80,3 +86,4 @@ cluster_vars:
     termination_protection: "no"
 _cloud_type: *cloud_type
 _region: *region
+_dns_nameserver_zone: *dns_nameserver_zone
@@ -1 +1,4 @@
----
+---
+
+sys_version: "1_0_0"
+sysdisks_version: "1_0_1"
@@ -4,10 +4,14 @@
 gcp_credentials_file: "{{ lookup('env','GCP_CREDENTIALS') | default('/dev/null', true) }}"
 gcp_credentials_json: "{{ lookup('file', gcp_credentials_file) | default({'project_id': 'GCP_CREDENTIALS__NOT_SET','client_email': 'GCP_CREDENTIALS__NOT_SET'}, true) }}"
 
+redeploy_scheme: _scheme_addallnew_rmdisk_rollback
+#redeploy_scheme: _scheme_addnewvm_rmdisk_rollback
+#redeploy_scheme: _scheme_rmvm_rmdisks_only
+
 app_name: "test"                  # The name of the application cluster (e.g. 'couchbase', 'nginx'); becomes part of cluster_name.
 app_class: "test"                 # The class of application (e.g. 'database', 'webserver'); becomes part of the fqdn
 
-dns_tld_external: ""              # Top-level domain for external access.  gcloud dns needs a trailing '.'.  Leave blank if no external DNS (use IPs only)
+beats_target_hosts: []            # The destination hosts for e.g. filebeat/ metricbeat logs
 
 ## Vulnerability scanners - Tenable and/ or Qualys cloud agents:
 cloud_agent:
@@ -40,8 +44,9 @@ cluster_vars:
   type: &cloud_type "gcp"
   image: "projects/ubuntu-os-cloud/global/images/ubuntu-1804-bionic-v20200430"
   region: &region "europe-west1"
-  dns_zone_internal: "c.{{gcp_credentials_json.project_id}}.internal"
-  dns_zone_external: "{%- if dns_tld_external -%}{{_cloud_type}}-{{_region}}.{{app_class}}.{{buildenv}}.{{dns_tld_external}} {%- endif -%}"
+  dns_cloud_internal_domain: "c.{{gcp_credentials_json.project_id}}.internal"   # The cloud-internal zone as defined by the cloud provider (e.g. GCP, AWS)
+  dns_nameserver_zone: &dns_nameserver_zone ""                                  # The zone that dns_server will operate on.  gcloud dns needs a trailing '.'.  Leave blank if no external DNS (use IPs only)
+  dns_user_domain: "{%- if _dns_nameserver_zone -%}{{_cloud_type}}-{{_region}}.{{app_class}}.{{buildenv}}.{{_dns_nameserver_zone}}{%- endif -%}"         # A user-defined _domain_ part of the FDQN, (if more prefixes are required before the dns_nameserver_zone)
   dns_server: ""                            # Specify DNS server. nsupdate, route53 or clouddns.  If empty string is specified, no DNS will be added.
   assign_public_ip: "yes"
   inventory_ip: "public"                    # 'public' or 'private', (private in case we're operating in a private LAN).  If public, 'assign_public_ip' must be 'yes'
@@ -81,3 +86,4 @@ cluster_vars:
 _cloud_type: *cloud_type
 _region: *region
 _ssh_guard_whitelist: *ssh_guard_whitelist
+_dns_nameserver_zone: *dns_nameserver_zone