From 0828218a59eba2f9112f8623b016647e7b3e8cc0 Mon Sep 17 00:00:00 2001 From: Chris Date: Fri, 12 Apr 2024 22:40:43 +0200 Subject: [PATCH] Reverted nameservers in values.yaml to reflect default. This is assumed to be the situation for cert-manager, this no use applying the local dns first for webhook. Must investigate further. --- cmd/buildversion.go | 19 +++++----- deploy/sthome-webhook/Chart.yaml | 4 +-- deploy/sthome-webhook/values.yaml | 13 +++---- pkg/dns/solver_local.go | 58 ++++++------------------------- pkg/util/wait.go | 20 ++++++----- version.txt | 6 ++-- 6 files changed, 41 insertions(+), 79 deletions(-) diff --git a/cmd/buildversion.go b/cmd/buildversion.go index a8235a6..9633e3b 100644 --- a/cmd/buildversion.go +++ b/cmd/buildversion.go @@ -2,6 +2,7 @@ package main import ( "fmt" + "log" "os" "strconv" "strings" @@ -9,8 +10,8 @@ import ( ) const ( - //chartfile = "./deploy/sthome-webhook/Chart.yaml" - //valuesfile = "./deploy/sthome-webhook/values.yaml" + chartfile = "./deploy/sthome-webhook/Chart.yaml" + valuesfile = "./deploy/sthome-webhook/values.yaml" tagprefix = " tag: " vertxtfile = "./version.txt" apiVersion = "v1" @@ -19,8 +20,8 @@ const ( ) var ( - buildTime string - //appVersion string + buildTime string + appVersion string longversion string multilineversion string ) @@ -44,17 +45,16 @@ func main() { bNum, _ := strconv.Atoi(vLines[2]) bNum++ longversion = version + "." + fmt.Sprint(bNum) - //appVersion = "v" + longversion + appVersion = "v" + longversion // Generate a single string to write back to the file multilineversion = longversion + "\n" + buildTime + "\n" + fmt.Sprint(bNum) - //chartStr := "apiVersion: " + apiVersion + "\nappVersion: " + appVersion + "\ndescription: " + description + "\nname: " + name + "\nversion: " + longversion + "\n" + chartStr := "apiVersion: " + apiVersion + "\nappVersion: " + appVersion + "\ndescription: " + description + "\nname: " + name + "\nversion: " + longversion + "\n" // Write the data back to the file. _ = os.WriteFile(vertxtfile, []byte(multilineversion), 0777) - //_ = os.WriteFile(chartfile, []byte(chartStr), 0777) - //replacetxtfilelines(valuesfile, tagprefix, tagprefix+longversion) + _ = os.WriteFile(chartfile, []byte(chartStr), 0777) + replacetxtfilelines(valuesfile, tagprefix, tagprefix+longversion) } -/* func replacetxtfilelines(filename string, textLinePrefix string, replacetext string) { input, err := os.ReadFile(filename) if err != nil { @@ -74,4 +74,3 @@ func replacetxtfilelines(filename string, textLinePrefix string, replacetext str log.Fatalln(err) } } -*/ diff --git a/deploy/sthome-webhook/Chart.yaml b/deploy/sthome-webhook/Chart.yaml index cac5d42..bb43157 100644 --- a/deploy/sthome-webhook/Chart.yaml +++ b/deploy/sthome-webhook/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: v0.0.5-alpha.33 +appVersion: v0.0.5-alpha.54 description: Cert-Manager webhook for sthome name: sthome-webhook -version: 0.0.5-alpha.33 +version: 0.0.5-alpha.54 diff --git a/deploy/sthome-webhook/values.yaml b/deploy/sthome-webhook/values.yaml index 3fe0c15..4da5487 100644 --- a/deploy/sthome-webhook/values.yaml +++ b/deploy/sthome-webhook/values.yaml @@ -31,7 +31,7 @@ clusterIssuer: image: repository: stuurmcp/cert-manager-webhook-sthome #repository: wstat.sthome.net:5000/cert-manager-webhook-sthome - tag: 0.0.5-alpha.33 + tag: 0.0.5-alpha.54 #pullPolicy should be IfNotPresent. Set to Always for testing purposes pullPolicy: IfNotPresent @@ -41,23 +41,20 @@ imageCredentials: nameOverride: "" fullnameOverride: "" -extraArgs: - # dns1: 192.168.2.4 - # dns2: 10.0.0.15 - dnsPolicy: None dnsConfig: nameservers: - - 10.0.0.15 - 172.17.0.10 - - 192.168.2.4 + - 10.0.0.15 + - 192.168.2.1 + searches: - ix-sthome-webhook2.svc.cluster.local - svc.cluster.local - cluster.local - - sthome.net - sthome.lan + - sthome.net options: - name: ndots value: "5" diff --git a/pkg/dns/solver_local.go b/pkg/dns/solver_local.go index d09a1ac..7801981 100644 --- a/pkg/dns/solver_local.go +++ b/pkg/dns/solver_local.go @@ -50,50 +50,8 @@ func (loc *LocalDNSProviderSolver) Present(ch *v1alpha1.ChallengeRequest) error if err != nil { return err } - - /* - provider, cfg, err := loc.init(ch.Config, ch.ResourceNamespace) - if err != nil { - return fmt.Errorf("failed initializing sthome provider: %v", err) - } - if !cfg.IsAllowedZone(ch.ResolvedZone) { - return fmt.Errorf("zone %s may not be edited per config (allowed zones are %v)", ch.ResolvedZone, cfg.AllowedZones) - } - ctx := context.Background() - records, err := loc.getExistingRecords(ctx, provider, ch.ResolvedZone, ch.ResolvedFQDN) - if err != nil { - return fmt.Errorf("failed loading existing records for %s in domain %s: %v", ch.ResolvedFQDN, ch.ResolvedZone, err) - } - - // Add the record, only if it doesn't exist already - content := quote(ch.Key) - if _, ok := findRecord(records, content); !ok { - disabled := false - records = append(records, sthome.Record{Disabled: &disabled, Content: &content}) - } - - // TODO: do something more useful with the decoded configuration - klog.Infof("CZ: Presenting record for %s, type: %s, uid: %s, key: %s, ns: %s, fqdn: %s, zone: %s, allowambcred: %t, cfg.secret: %s, cfg.email: %s, cfg.allowz: %s", - ch.DNSName, - ch.UID, - ch.Type, - ch.Key, - ch.ResourceNamespace, - ch.ResolvedFQDN, - ch.ResolvedZone, - ch.AllowAmbientCredentials, - cfg.APIKeySecretRef.Name, - cfg.Email, - strings.Join(cfg.AllowedZones, ","), - ) - */ // TODO: convert shell script to golang //localip := GetOutboundIP(Dnsserver_net) - err = loc.Check(ch.DNSName, ch.Key) - if err != nil { - klog.Infof("Check prop failed: %s", err) - return err - } success, err := Execute( Shell, AcmeAuthCmd, @@ -105,7 +63,11 @@ func (loc *LocalDNSProviderSolver) Present(ch *v1alpha1.ChallengeRequest) error "\"\"", //localip, //"-v", ) - klog.Infof("Execute set TXT returned success: %t\n", success) + klog.Infof("Present: Execute set TXT returned success: %t\n", success) + err2 := loc.Check(ch.DNSName, ch.Key) + if err2 != nil { + klog.Infof("Present: Check prop failed: %s", err2) + } return err } @@ -154,11 +116,14 @@ func (loc *LocalDNSProviderSolver) Initialize(kubeClientConfig *rest.Config, sto // Check verifies that the DNS records for the ACME challenge have propagated. func (s *LocalDNSProviderSolver) Check(DNSName string, Key string) error { + ttl := 20 fqdn, err := util.DNS01LookupFQDN(DNSName, false, DNS01Nameservers...) if err != nil { return err } + klog.Info("waiting DNS record TTL to allow the DNS01 record to propagate for domain") + time.Sleep(time.Second * time.Duration(ttl)) //klog.Info("checking DNS propagation: ", "dns: ", DNSName, ", fqdn: ", fqdn, ", key: ", Key, ", nameservers: ", DNS01Nameservers) klog.Info("checking DNS prop: fqdn: ", fqdn) @@ -171,10 +136,9 @@ func (s *LocalDNSProviderSolver) Check(DNSName string, Key string) error { return fmt.Errorf("DNS record for %q not yet propagated", DNSName) } - ttl := 60 - klog.Info("waiting DNS record TTL to allow the DNS01 record to propagate for domain", "ttl", ttl, "fqdn", fqdn) - time.Sleep(time.Second * time.Duration(ttl)) - klog.Info("ACME DNS01 validation record propagated", "fqdn", fqdn) + // klog.Info("waiting DNS record TTL to allow the DNS01 record to propagate for domain") + // time.Sleep(time.Second * time.Duration(ttl)) + klog.Info("ACME DNS01 validation record propagated: ", "fqdn", fqdn) return nil } diff --git a/pkg/util/wait.go b/pkg/util/wait.go index c0044b0..dc6483b 100644 --- a/pkg/util/wait.go +++ b/pkg/util/wait.go @@ -117,7 +117,7 @@ func checkDNSPropagation(fqdn, value string, nameservers []string, if !useAuthoritative { var success bool success, err = checkAuthoritativeNss(fqdn, value, nameservers) - //klog.Infof("PreCheckDNS: checkAuthoritativeNss returned success: %t, err: %s", success, err) + //klog.Infof("PreCheckDNS: returned success: %t, err: %s", success, err) return success, err } @@ -136,28 +136,30 @@ func checkDNSPropagation(fqdn, value string, nameservers []string, // checkAuthoritativeNss queries each of the given nameservers for the expected TXT record. func checkAuthoritativeNss(fqdn, value string, nameservers []string) (bool, error) { for _, ns := range nameservers { + klog.Infof("================== NS: %s ==================", ns) r, err := DNSQuery(fqdn, dns.TypeTXT, []string{ns}, true) - //klog.Infof("checkAuthoritativeNss: DNSQuery returned \nr: %s, \nerr: %s", r, err) + //klog.Infof("DNSQuery returned \nr: %s, \nerr: %s", r, err) if err != nil { - klog.Infof("checkAuthoritativeNss: DNSQuery failed, err: %s", err) + klog.Infof("DNSQuery failed, err: %s", err) return false, err } - klog.Infof("checkAuthoritativeNss: DNSQuery succeeded with r.Rcode: %d", r.Rcode) + klog.Infof("DNSQuery succeeded with r.Rcode: %d", r.Rcode) // NXDomain response is not really an error, just waiting for propagation to happen if !(r.Rcode == dns.RcodeSuccess || r.Rcode == dns.RcodeNameError) { - //klog.Errorf("checkAuthoritativeNss: NS %s returned %s for %s", ns, dns.RcodeToString[r.Rcode], fqdn) + //klog.Errorf("NS %s returned %s for %s", ns, dns.RcodeToString[r.Rcode], fqdn) return false, fmt.Errorf("NS %s returned %s for %s", ns, dns.RcodeToString[r.Rcode], fqdn) } klog.Infof("%q: must be %s", fqdn, value) - klog.Infof("checkAuthoritativeNss: r.Answer: %s", r.Answer) + klog.Infof("r.Answer: %s", r.Answer) var found bool var i = 0 for _, rr := range r.Answer { i++ - txt1, ok1 := rr.(*dns.TXT) - klog.Infof("checkAuthoritativeNss: Compare[%d]: ok: %t, query: %s, value: %s", i, ok1, txt1.Txt, value) + //txt1, ok1 := rr.(*dns.TXT) + //klog.Infof("Compare[%d]: ok: %t, query: %s, value: %s", i, ok1, strings.Join(txt1.Txt, ""), value) if txt, ok := rr.(*dns.TXT); ok { + klog.Infof("Compare[%d]: Q: %s, A: %s", i, value, strings.Join(txt.Txt, "")) if strings.Join(txt.Txt, "") == value { found = true break @@ -474,7 +476,7 @@ func FindZoneByFqdn(fqdn string, nameservers []string) (string, error) { zone := soa.Hdr.Name fqdnToZone[fqdn] = zone - klog.Infof("Returning discovered zone record %q for fqdn %q", zone, fqdn) + klog.Infof("Zone record %q for fqdn %q", zone, fqdn) return zone, nil } } diff --git a/version.txt b/version.txt index 356ca85..1e073d5 100644 --- a/version.txt +++ b/version.txt @@ -1,3 +1,3 @@ -0.0.5-alpha.43 -20240412-1356 -43 \ No newline at end of file +0.0.5-alpha.54 +20240412-2211 +54 \ No newline at end of file