(Optionally?) Check that DNS records are in place before running a deploy #227

New Issue

3wordchant · 2021-11-01T09:41:17Z

3wordchant commented

2021-11-01 09:41:17 +00:00

Describe the problem to be solved

I'm deploying an app, I typo the domain, or I mess up the DNS config. Then when I deploy the app, Traefik can't generate SSL certificates. If I do this enough times (> 4 in an hour?) then LetsEncrypt rate-limits me and I have to wait for the timeout before continuing with the deployment.

Describe the solution you would like

Before deploying, abra could look up if there's an A record pointing to the relevant swarm server (ping it to get its IP?), or a CNAME record pointing to its hostname, and throw up a GIGANTIC WARNING.

For maximum bonus points, this would use whatever "unbound" system LetsEncrypt itself uses, to account for propagation /caching differences.

## Describe the problem to be solved I'm deploying an app, I typo the domain, or I mess up the DNS config. Then when I deploy the app, Traefik can't generate SSL certificates. If I do this enough times (> 4 in an hour?) then LetsEncrypt rate-limits me and I have to wait for the timeout before continuing with the deployment. ## Describe the solution you would like Before deploying, abra could look up if there's an A record pointing to the relevant swarm server (ping it to get its IP?), or a CNAME record pointing to its hostname, and throw up a GIGANTIC WARNING. For maximum bonus points, this would use whatever "unbound" system LetsEncrypt itself uses, to account for propagation /caching differences.

3wordchant added the

enhancement

abra

labels 2021-11-01 09:41:17 +00:00

decentral1se commented

2021-11-03 05:38:06 +00:00

Good idea! Idk if its as robust as you have described but we have logic to do a DNS lookup (you could add more DNS servers to make it better maybe?) over in 08aca28d9d/cli/server/add.go (L269-L291). You could just run that on the server before a deploy alright.

Good idea! Idk if its as robust as you have described but we have logic to do a DNS lookup (you could add more DNS servers to make it better maybe?) over in https://git.coopcloud.tech/coop-cloud/abra/src/commit/08aca28d9df8fcdf4140e7183055c5b2741fbcf4/cli/server/add.go#L269-L291. You could just run that on the server before a deploy alright.

❤️ 1

decentral1se referenced this issue from a commit

2021-11-13 22:06:35 +00:00

fix: ensure ipv4 is present for app deploys

decentral1se commented

2021-11-13 22:15:11 +00:00

I've just pushed 85ff04202f and tested that it does indeed bail out, whatcha reckon?

➜  abra (main) ✔ ./abra app deploy foo_nowhere_zone 
...overview...
? continue with deployment? Yes
FATA[0002] could not find an IP address assigned to foo.nowhere.zone?

I've just pushed https://git.coopcloud.tech/coop-cloud/abra/commit/85ff04202fc374511d7d350b0f602cc420f65683 and tested that it does indeed bail out, whatcha reckon? ``` ➜ abra (main) ✔ ./abra app deploy foo_nowhere_zone ...overview... ? continue with deployment? Yes FATA[0002] could not find an IP address assigned to foo.nowhere.zone? ```

🎉 1

decentral1se referenced this issue

2021-11-13 22:16:00 +00:00

Descriptive error messages: thread #243

decentral1se added the

awaiting-feedback

label 2021-11-13 22:17:45 +00:00

3wordchant commented

2021-11-14 11:18:06 +00:00

This looks amazing! 😍

Maybe let's close this, open a separate ticket for "check if $DOMAIN resolves to the same IP address as $SERVER"?

This looks amazing! 😍 Maybe let's close this, open a separate ticket for "check if $DOMAIN resolves to the same IP address as $SERVER"?