Troubleshooting DNS01
This commit is contained in:
parent
e064ae8dad
commit
977ca6a544
@ -4,6 +4,7 @@ FROM golang:1.21-alpine3.18 AS build_deps
|
|||||||
ENV RUNNING_IN_DOCKER true
|
ENV RUNNING_IN_DOCKER true
|
||||||
ENV DEBIAN_FRONTEND=noninteractive
|
ENV DEBIAN_FRONTEND=noninteractive
|
||||||
ENV TZ="Africa/Johannesburg"
|
ENV TZ="Africa/Johannesburg"
|
||||||
|
ENV WEBROOT=/webroot
|
||||||
|
|
||||||
# Set up ZSH and our preferred terminal environment for containers
|
# Set up ZSH and our preferred terminal environment for containers
|
||||||
RUN apk add --no-cache git
|
RUN apk add --no-cache git
|
||||||
@ -35,9 +36,10 @@ RUN apk add --no-cache alpine-conf && \
|
|||||||
setup-timezone -z Africa/Johannesburg
|
setup-timezone -z Africa/Johannesburg
|
||||||
# chmod 0644 /etc/krb5.conf
|
# chmod 0644 /etc/krb5.conf
|
||||||
|
|
||||||
#RUN mkdir -p /app
|
ENV RUNNING_IN_DOCKER true
|
||||||
#COPY ./config/updatedns.sh /app
|
ENV DEBIAN_FRONTEND=noninteractive
|
||||||
#RUN chmod 0744 /app/updatedns.sh
|
ENV TZ="Africa/Johannesburg"
|
||||||
|
ENV WEBROOT=/webroot
|
||||||
|
|
||||||
COPY --from=build /workspace/webhook /usr/local/bin/webhook
|
COPY --from=build /workspace/webhook /usr/local/bin/webhook
|
||||||
|
|
||||||
|
|||||||
@ -27,3 +27,4 @@ alias dnsupd=/acme/updatedns.sh
|
|||||||
export PATH=/root/bin:$PATH:/acme
|
export PATH=/root/bin:$PATH:/acme
|
||||||
export FRONTEND=noninteractive
|
export FRONTEND=noninteractive
|
||||||
export TZ=Africa/Johannesburg
|
export TZ=Africa/Johannesburg
|
||||||
|
export WEBROOT=/webroot
|
||||||
@ -32,3 +32,4 @@ alias dnsupd=/acme/updatedns.sh
|
|||||||
# alias mv='mv -i'
|
# alias mv='mv -i'
|
||||||
# alias rm='rm -i'
|
# alias rm='rm -i'
|
||||||
export PATH=/root/bin:$PATH
|
export PATH=/root/bin:$PATH
|
||||||
|
export WEBROOT=/webroot
|
||||||
|
|||||||
@ -1,5 +1,5 @@
|
|||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
appVersion: v0.0.4-alpha.86
|
appVersion: v0.0.4-alpha.93
|
||||||
description: Cert-Manager webhook for sthome
|
description: Cert-Manager webhook for sthome
|
||||||
name: sthome-webhook
|
name: sthome-webhook
|
||||||
version: 0.0.4-alpha.86
|
version: 0.0.4-alpha.93
|
||||||
|
|||||||
@ -60,6 +60,9 @@ spec:
|
|||||||
- name: workdir
|
- name: workdir
|
||||||
mountPath: /workdir
|
mountPath: /workdir
|
||||||
readOnly: false
|
readOnly: false
|
||||||
|
- name: webroot
|
||||||
|
mountPath: /webroot
|
||||||
|
readOnly: false
|
||||||
resources:
|
resources:
|
||||||
{{ toYaml .Values.resources | indent 12 }}
|
{{ toYaml .Values.resources | indent 12 }}
|
||||||
volumes:
|
volumes:
|
||||||
@ -71,8 +74,10 @@ spec:
|
|||||||
path: {{ .Values.host.scriptdir }}
|
path: {{ .Values.host.scriptdir }}
|
||||||
- name: workdir
|
- name: workdir
|
||||||
hostPath:
|
hostPath:
|
||||||
path: {{ .Values.host.workdir}}
|
path: {{ .Values.host.workdir }}
|
||||||
|
- name: webroot
|
||||||
|
hostPath:
|
||||||
|
path: {{ .Values.host.webrootdir }}
|
||||||
|
|
||||||
{{- with .Values.nodeSelector }}
|
{{- with .Values.nodeSelector }}
|
||||||
nodeSelector:
|
nodeSelector:
|
||||||
|
|||||||
@ -31,7 +31,7 @@ clusterIssuer:
|
|||||||
image:
|
image:
|
||||||
repository: stuurmcp/cert-manager-webhook-sthome
|
repository: stuurmcp/cert-manager-webhook-sthome
|
||||||
#repository: wstat.sthome.net:5000/cert-manager-webhook-sthome
|
#repository: wstat.sthome.net:5000/cert-manager-webhook-sthome
|
||||||
tag: 0.0.4-alpha.86
|
tag: 0.0.4-alpha.93
|
||||||
#pullPolicy should be IfNotPresent. Set to Always for testing purposes
|
#pullPolicy should be IfNotPresent. Set to Always for testing purposes
|
||||||
pullPolicy: IfNotPresent
|
pullPolicy: IfNotPresent
|
||||||
|
|
||||||
@ -50,6 +50,7 @@ pki:
|
|||||||
host:
|
host:
|
||||||
workdir: /mnt/stpool1/scripts/acme/cert-manager-webhook-sthome
|
workdir: /mnt/stpool1/scripts/acme/cert-manager-webhook-sthome
|
||||||
scriptdir: /mnt/stpool1/scripts/acme
|
scriptdir: /mnt/stpool1/scripts/acme
|
||||||
|
webrootdir: /mnt/stpool1/apps/static-web-server
|
||||||
|
|
||||||
secret:
|
secret:
|
||||||
accessKey: ""
|
accessKey: ""
|
||||||
|
|||||||
@ -13,9 +13,9 @@ import (
|
|||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
providerName = "sthome"
|
providerName = "sthome"
|
||||||
shell = "/bin/bash"
|
shell = "/bin/bash"
|
||||||
dnsUpdaterScriptCmd = "/acme/updatedns.sh"
|
acmeAuthCmd = "/acme/acmeauth.sh"
|
||||||
|
|
||||||
dnsserver_net = "10.0.0.15"
|
dnsserver_net = "10.0.0.15"
|
||||||
dnsserver_lan = "192.168.2.1"
|
dnsserver_lan = "192.168.2.1"
|
||||||
@ -86,31 +86,16 @@ func (loc *LocalDNSProviderSolver) Present(ch *v1alpha1.ChallengeRequest) error
|
|||||||
// shell command
|
// shell command
|
||||||
settxtcommand := []string{
|
settxtcommand := []string{
|
||||||
shell,
|
shell,
|
||||||
dnsUpdaterScriptCmd,
|
acmeAuthCmd,
|
||||||
"-set",
|
"set",
|
||||||
".net",
|
|
||||||
ch.DNSName,
|
ch.DNSName,
|
||||||
"TXT",
|
ch.ResolvedFQDN,
|
||||||
ch.Key,
|
ch.Key,
|
||||||
"-v",
|
|
||||||
"-l",
|
"-l",
|
||||||
localip,
|
localip,
|
||||||
}
|
|
||||||
unsetcnamecommand := []string{
|
|
||||||
shell,
|
|
||||||
dnsUpdaterScriptCmd,
|
|
||||||
"-unset",
|
|
||||||
".net",
|
|
||||||
ch.DNSName,
|
|
||||||
"CNAME",
|
|
||||||
hostserver_net,
|
|
||||||
"-v",
|
"-v",
|
||||||
"-l",
|
|
||||||
localip,
|
|
||||||
}
|
}
|
||||||
success, _ := Execute(shell, unsetcnamecommand)
|
success, _ := Execute(shell, settxtcommand)
|
||||||
klog.Infof("Execute unset CNAME returned success: %t", success)
|
|
||||||
success, _ = Execute(shell, settxtcommand)
|
|
||||||
klog.Infof("Execute set TXT returned success: %t", success)
|
klog.Infof("Execute set TXT returned success: %t", success)
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
@ -122,37 +107,23 @@ func (loc *LocalDNSProviderSolver) Present(ch *v1alpha1.ChallengeRequest) error
|
|||||||
// This is in order to facilitate multiple DNS validations for the same domain
|
// This is in order to facilitate multiple DNS validations for the same domain
|
||||||
// concurrently.
|
// concurrently.
|
||||||
func (loc *LocalDNSProviderSolver) CleanUp(ch *v1alpha1.ChallengeRequest) error {
|
func (loc *LocalDNSProviderSolver) CleanUp(ch *v1alpha1.ChallengeRequest) error {
|
||||||
|
//domainName := extractDomainName(ch.ResolvedZone)
|
||||||
// TODO: add code that deletes a record from the DNS provider's console
|
// TODO: add code that deletes a record from the DNS provider's console
|
||||||
localip := getOutboundIP(dnsserver_net)
|
localip := getOutboundIP(dnsserver_net)
|
||||||
// shell command
|
// shell command
|
||||||
unsetxtcommand := []string{
|
unsetxtcommand := []string{
|
||||||
shell,
|
shell,
|
||||||
dnsUpdaterScriptCmd,
|
acmeAuthCmd,
|
||||||
"-unset",
|
"unset",
|
||||||
".net",
|
|
||||||
ch.DNSName,
|
ch.DNSName,
|
||||||
"TXT",
|
ch.ResolvedFQDN,
|
||||||
ch.Key,
|
ch.Key,
|
||||||
"-v",
|
|
||||||
"-l",
|
"-l",
|
||||||
localip,
|
localip,
|
||||||
}
|
|
||||||
setcnamecommand := []string{
|
|
||||||
shell,
|
|
||||||
dnsUpdaterScriptCmd,
|
|
||||||
"-set",
|
|
||||||
".net",
|
|
||||||
ch.DNSName,
|
|
||||||
"CNAME",
|
|
||||||
hostserver_net,
|
|
||||||
"-v",
|
"-v",
|
||||||
"-l",
|
|
||||||
localip,
|
|
||||||
}
|
}
|
||||||
success, _ := Execute(shell, unsetxtcommand)
|
success, _ := Execute(shell, unsetxtcommand)
|
||||||
klog.Infof("Execute unset TXT returned success: %t", success)
|
klog.Infof("Execute unset TXT returned success: %t", success)
|
||||||
success, _ = Execute(shell, setcnamecommand)
|
|
||||||
klog.Infof("Execute set CNAME returned success: %t", success)
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -1,3 +1,3 @@
|
|||||||
0.0.4-alpha.86
|
0.0.4-alpha.93
|
||||||
20240331-2359
|
20240401-2346
|
||||||
86
|
93
|
||||||
Loading…
Reference in New Issue
Block a user