From 8fde28b44c0314f4092023a37fe615c0bab444b9 Mon Sep 17 00:00:00 2001 From: Chris Date: Thu, 11 Apr 2024 00:53:20 +0200 Subject: [PATCH] Now battling with nameservers in container --- .vscode/settings.json | 3 +++ Dockerfile | 1 + Makefile | 16 +++++++++----- cmd/buildversion.go | 19 ++++++++-------- config/resolv.sh | 4 ++++ deploy/sthome-webhook/Chart.yaml | 4 ++-- .../sthome-webhook/templates/deployment.yaml | 7 ++++++ deploy/sthome-webhook/values.yaml | 6 ++++- pkg/dns/shell.go | 2 ++ pkg/dns/solver_local.go | 9 ++++---- pkg/util/wait.go | 22 ++++++++++++++----- version.txt | 6 ++--- 12 files changed, 69 insertions(+), 30 deletions(-) create mode 100644 .vscode/settings.json create mode 100644 config/resolv.sh diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 0000000..0e1afa8 --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,3 @@ +{ + "terminal.explorerKind": "integrated" +} \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index dd6c942..155b667 100644 --- a/Dockerfile +++ b/Dockerfile @@ -34,6 +34,7 @@ RUN chown -R root:root /root/.bashrc && \ RUN apk add --no-cache alpine-conf && \ setup-timezone -z Africa/Johannesburg # chmod 0644 /etc/krb5.conf +COPY config/resolv.sh /etc/resolv.conf ENV RUNNING_IN_DOCKER true ENV DEBIAN_FRONTEND=noninteractive diff --git a/Makefile b/Makefile index dd6d12b..98054bc 100644 --- a/Makefile +++ b/Makefile @@ -12,7 +12,7 @@ OUT := $(shell pwd)/_out KUBEBUILDER_VERSION=1.28.0 -HELM_FILES := $(shell find deploy/sthome-webhook) +HELM_FILES := $(shell find "deploy/sthome-webhook") dependencies: go mod tidy @@ -52,17 +52,21 @@ build: rendered-manifest.yaml dependencies bin/buildversion.exe version.txt docker build --pull --rm -f "Dockerfile" -t "stuurmcp/$(IMAGE_NAME):latest" -t "stuurmcp/$(IMAGE_NAME):$(shell head -n 1 version.txt)" "." docker image push "docker.io/stuurmcp/$(IMAGE_NAME):$(shell head -n 1 version.txt)" docker image push "docker.io/stuurmcp/$(IMAGE_NAME):latest" - helm package deploy/sthome-webhook -d //truenas/Shared_data/Chris/clusterissuer/charts/ - -.PHONY: rendered-manifest.yaml -rendered-manifest.yaml: $(OUT)/rendered-manifest.yaml + helm package \ + -n ix-sthome-webhook2\ + --version $(shell head -n 1 version.txt) \ + deploy/sthome-webhook \ + -d //truenas/Shared_data/Chris/clusterissuer/charts/ $(OUT)/rendered-manifest.yaml: $(HELM_FILES) | $(OUT) helm template \ - sthome-webhook -n ix-cert-manager\ + sthome-webhook -n ix-sthome-webhook2\ --set image.repository=$(IMAGE_NAME) \ --set image.tag=$(shell head -n 1 version.txt) \ deploy/sthome-webhook > $@ +.PHONY: rendered-manifest.yaml +rendered-manifest.yaml: $(OUT)/rendered-manifest.yaml + _test $(OUT) _test/kubebuilder-$(KUBEBUILDER_VERSION)-$(OS)-$(ARCH): mkdir -p $@ diff --git a/cmd/buildversion.go b/cmd/buildversion.go index 9633e3b..a8235a6 100644 --- a/cmd/buildversion.go +++ b/cmd/buildversion.go @@ -2,7 +2,6 @@ package main import ( "fmt" - "log" "os" "strconv" "strings" @@ -10,8 +9,8 @@ import ( ) const ( - chartfile = "./deploy/sthome-webhook/Chart.yaml" - valuesfile = "./deploy/sthome-webhook/values.yaml" + //chartfile = "./deploy/sthome-webhook/Chart.yaml" + //valuesfile = "./deploy/sthome-webhook/values.yaml" tagprefix = " tag: " vertxtfile = "./version.txt" apiVersion = "v1" @@ -20,8 +19,8 @@ const ( ) var ( - buildTime string - appVersion string + buildTime string + //appVersion string longversion string multilineversion string ) @@ -45,16 +44,17 @@ func main() { bNum, _ := strconv.Atoi(vLines[2]) bNum++ longversion = version + "." + fmt.Sprint(bNum) - appVersion = "v" + longversion + //appVersion = "v" + longversion // Generate a single string to write back to the file multilineversion = longversion + "\n" + buildTime + "\n" + fmt.Sprint(bNum) - chartStr := "apiVersion: " + apiVersion + "\nappVersion: " + appVersion + "\ndescription: " + description + "\nname: " + name + "\nversion: " + longversion + "\n" + //chartStr := "apiVersion: " + apiVersion + "\nappVersion: " + appVersion + "\ndescription: " + description + "\nname: " + name + "\nversion: " + longversion + "\n" // Write the data back to the file. _ = os.WriteFile(vertxtfile, []byte(multilineversion), 0777) - _ = os.WriteFile(chartfile, []byte(chartStr), 0777) - replacetxtfilelines(valuesfile, tagprefix, tagprefix+longversion) + //_ = os.WriteFile(chartfile, []byte(chartStr), 0777) + //replacetxtfilelines(valuesfile, tagprefix, tagprefix+longversion) } +/* func replacetxtfilelines(filename string, textLinePrefix string, replacetext string) { input, err := os.ReadFile(filename) if err != nil { @@ -74,3 +74,4 @@ func replacetxtfilelines(filename string, textLinePrefix string, replacetext str log.Fatalln(err) } } +*/ diff --git a/config/resolv.sh b/config/resolv.sh new file mode 100644 index 0000000..a7bec8e --- /dev/null +++ b/config/resolv.sh @@ -0,0 +1,4 @@ +search ix-sthome-webhook2.svc.cluster.local svc.cluster.local cluster.local sthome.lan +nameserver 10.0.0.15 +nameserver 172.17.0.10 +options ndots:5 \ No newline at end of file diff --git a/deploy/sthome-webhook/Chart.yaml b/deploy/sthome-webhook/Chart.yaml index 1aac4ea..cac5d42 100644 --- a/deploy/sthome-webhook/Chart.yaml +++ b/deploy/sthome-webhook/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: v0.0.5-alpha.24 +appVersion: v0.0.5-alpha.33 description: Cert-Manager webhook for sthome name: sthome-webhook -version: 0.0.5-alpha.24 +version: 0.0.5-alpha.33 diff --git a/deploy/sthome-webhook/templates/deployment.yaml b/deploy/sthome-webhook/templates/deployment.yaml index e70d247..dfb4d89 100644 --- a/deploy/sthome-webhook/templates/deployment.yaml +++ b/deploy/sthome-webhook/templates/deployment.yaml @@ -31,6 +31,13 @@ spec: - --tls-cert-file=/tls/tls.crt - --tls-private-key-file=/tls/tls.key - --secure-port=8443 + {{- range $key, $value := .Values.extraArgs }} + {{- if $value }} + - --{{ $key }}={{ $value }} + {{- else }} + - --{{ $key }} + {{- end }} + {{- end }} env: - name: GROUP_NAME value: {{ .Values.groupName | quote }} diff --git a/deploy/sthome-webhook/values.yaml b/deploy/sthome-webhook/values.yaml index 18a009c..81be250 100644 --- a/deploy/sthome-webhook/values.yaml +++ b/deploy/sthome-webhook/values.yaml @@ -31,7 +31,7 @@ clusterIssuer: image: repository: stuurmcp/cert-manager-webhook-sthome #repository: wstat.sthome.net:5000/cert-manager-webhook-sthome - tag: 0.0.5-alpha.24 + tag: 0.0.5-alpha.33 #pullPolicy should be IfNotPresent. Set to Always for testing purposes pullPolicy: IfNotPresent @@ -41,6 +41,10 @@ imageCredentials: nameOverride: "" fullnameOverride: "" +extraArgs: + # dns1: 192.168.2.4 + # dns2: 10.0.0.15 + replicaCount: 1 pki: diff --git a/pkg/dns/shell.go b/pkg/dns/shell.go index c93c6ff..b137498 100644 --- a/pkg/dns/shell.go +++ b/pkg/dns/shell.go @@ -2,6 +2,7 @@ package dns import ( "bytes" + "fmt" "os/exec" "k8s.io/klog/v2" @@ -21,6 +22,7 @@ func Execute(shell string, arg ...string) (bool, error) { } if errb.String() != "" { klog.Errorf("stderr:\n%s============\n", errb.String()) + return false, fmt.Errorf("stderr:\n%q", errb.String()) } klog.Infof("Script returned success\n") return true, nil diff --git a/pkg/dns/solver_local.go b/pkg/dns/solver_local.go index 9ce89ed..c3ad104 100644 --- a/pkg/dns/solver_local.go +++ b/pkg/dns/solver_local.go @@ -92,8 +92,9 @@ func (loc *LocalDNSProviderSolver) Present(ch *v1alpha1.ChallengeRequest) error err = loc.Check(ch.DNSName, ch.Key) if err != nil { klog.Infof("Check for propagation failed: %s", err) + return err } - success, _ := Execute( + success, err := Execute( Shell, AcmeAuthCmd, "set", @@ -105,7 +106,7 @@ func (loc *LocalDNSProviderSolver) Present(ch *v1alpha1.ChallengeRequest) error //"-v", ) klog.Infof("Execute set TXT returned success: %t\n", success) - return nil + return err } // CleanUp should delete the relevant TXT record from the DNS provider console. @@ -117,7 +118,7 @@ func (loc *LocalDNSProviderSolver) Present(ch *v1alpha1.ChallengeRequest) error func (loc *LocalDNSProviderSolver) CleanUp(ch *v1alpha1.ChallengeRequest) error { //domainName := extractDomainName(ch.ResolvedZone) //localip := GetOutboundIP(Dnsserver_net) - success, _ := Execute( + success, err := Execute( Shell, AcmeAuthCmd, "unset", @@ -129,7 +130,7 @@ func (loc *LocalDNSProviderSolver) CleanUp(ch *v1alpha1.ChallengeRequest) error //"-v", ) klog.Infof("Execute unset TXT returned success: %t\n", success) - return nil + return err } // Initialize will be called when the webhook first starts. diff --git a/pkg/util/wait.go b/pkg/util/wait.go index 364073b..222658f 100644 --- a/pkg/util/wait.go +++ b/pkg/util/wait.go @@ -110,15 +110,19 @@ func checkDNSPropagation(fqdn, value string, nameservers []string, var err error fqdn, err = followCNAMEs(fqdn, nameservers) + //klog.Infof("PreCheckDNS: followCNAMEs returned fqdn: %s, err: %s", fqdn, err) if err != nil { return false, err } - if !useAuthoritative { - return checkAuthoritativeNss(fqdn, value, nameservers) + var success bool + success, err = checkAuthoritativeNss(fqdn, value, nameservers) + //klog.Infof("PreCheckDNS: checkAuthoritativeNss returned success: %t, err: %s", success, err) + return success, err } authoritativeNss, err := lookupNameservers(fqdn, nameservers) + //klog.Infof("PreCheckDNS: lookupNameservers returned authoritativeNss: %s, err: %s", authoritativeNss, err) if err != nil { return false, err } @@ -133,18 +137,26 @@ func checkDNSPropagation(fqdn, value string, nameservers []string, func checkAuthoritativeNss(fqdn, value string, nameservers []string) (bool, error) { for _, ns := range nameservers { r, err := DNSQuery(fqdn, dns.TypeTXT, []string{ns}, true) + //klog.Infof("checkAuthoritativeNss: DNSQuery returned \nr: %s, \nerr: %s", r, err) if err != nil { + klog.Infof("checkAuthoritativeNss: DNSQuery failed") return false, err } - + klog.Infof("checkAuthoritativeNss: DNSQuery succeeded with r.Rcode: %d", r.Rcode) // NXDomain response is not really an error, just waiting for propagation to happen if !(r.Rcode == dns.RcodeSuccess || r.Rcode == dns.RcodeNameError) { + //klog.Errorf("checkAuthoritativeNss: NS %s returned %s for %s", ns, dns.RcodeToString[r.Rcode], fqdn) return false, fmt.Errorf("NS %s returned %s for %s", ns, dns.RcodeToString[r.Rcode], fqdn) } - klog.Infof("Looking up TXT records for %q", fqdn) + klog.Infof("Looking up TXT records for %q, should be = %s", fqdn, value) + //klog.Infof("checkAuthoritativeNss: r.Answer: %s", r.Answer) var found bool + var i = 0 for _, rr := range r.Answer { + i++ + txt1, ok1 := rr.(*dns.TXT) + klog.Infof("checkAuthoritativeNss: Compare[%d]: ok: %t, query: %s, value: %s", i, ok1, txt1.Txt, value) if txt, ok := rr.(*dns.TXT); ok { if strings.Join(txt.Txt, "") == value { found = true @@ -394,7 +406,7 @@ func lookupNameservers(fqdn string, nameservers []string) ([]string, error) { } if len(authoritativeNss) > 0 { - klog.Infof("Returning authoritative nameservers [%s]", strings.Join(authoritativeNss, ", ")) + //klog.Infof("Returning authoritative nameservers [%s]", strings.Join(authoritativeNss, ", ")) return authoritativeNss, nil } return nil, fmt.Errorf("could not determine authoritative nameservers for %q", fqdn) diff --git a/version.txt b/version.txt index aa938c9..cb96bda 100644 --- a/version.txt +++ b/version.txt @@ -1,3 +1,3 @@ -0.0.5-alpha.24 -20240409-1838 -24 \ No newline at end of file +0.0.5-alpha.37 +20240411-0048 +37 \ No newline at end of file