59 lines
2.5 KiB
Bash
59 lines
2.5 KiB
Bash
|
|
#!/usr/bin/env bash
|
||
|
|
# -----------------------------------------------------------------------------
|
||
|
|
# checks/dns.sh — OPTIONAL / GATED: DNS resolution of the configured hosts.*.
|
||
|
|
# PLAN-002 §9.4: forge.olsitec.de (+ vault/s3) MUST resolve to the VM before
|
||
|
|
# TLS/handover — but NOT necessarily at scaffold time. So: if the host names
|
||
|
|
# are not configured in the Pulumi stack yet, SKIP with a WARNING. When they
|
||
|
|
# ARE configured, attempt resolution; a miss is a WARNING (DNS may not be set
|
||
|
|
# up this early), never a hard failure. This check never fails preflight alone.
|
||
|
|
# -----------------------------------------------------------------------------
|
||
|
|
set -euo pipefail
|
||
|
|
PF_DIR=$(cd "$(dirname "$0")/.." && pwd)
|
||
|
|
# shellcheck source=../lib/common.sh
|
||
|
|
. "$PF_DIR/lib/common.sh"
|
||
|
|
BOOTSTRAP_DIR=$(cd "$PF_DIR/.." && pwd)/bootstrap
|
||
|
|
|
||
|
|
echo "[dns] (gated) DNS resolution of configured hosts.*"
|
||
|
|
|
||
|
|
pf_pulumi_config() {
|
||
|
|
pf_have pulumi || { printf ''; return; }
|
||
|
|
[ -d "$BOOTSTRAP_DIR" ] || { printf ''; return; }
|
||
|
|
( cd "$BOOTSTRAP_DIR" 2>/dev/null && pulumi config get "$1" 2>/dev/null ) || printf ''
|
||
|
|
}
|
||
|
|
|
||
|
|
# pf_resolve <name> : true if name resolves to at least one address.
|
||
|
|
# Tries the tools likely present on macOS/Linux without requiring any one.
|
||
|
|
pf_resolve() {
|
||
|
|
n="$1"
|
||
|
|
if pf_have getent; then getent hosts "$n" >/dev/null 2>&1 && return 0; fi
|
||
|
|
if pf_have dscacheutil; then dscacheutil -q host -a name "$n" 2>/dev/null | grep -q ip_address && return 0; fi
|
||
|
|
if pf_have host; then host "$n" >/dev/null 2>&1 && return 0; fi
|
||
|
|
if pf_have dig; then [ -n "$(dig +short "$n" 2>/dev/null)" ] && return 0; fi
|
||
|
|
if pf_have nslookup; then nslookup "$n" >/dev/null 2>&1 && return 0; fi
|
||
|
|
if pf_have python3; then python3 -c "import socket,sys; socket.gethostbyname(sys.argv[1])" "$n" >/dev/null 2>&1 && return 0; fi
|
||
|
|
return 1
|
||
|
|
}
|
||
|
|
|
||
|
|
if ! pf_have pulumi || [ ! -d "$BOOTSTRAP_DIR" ]; then
|
||
|
|
pf_warn "no pulumi stack config available yet -> SKIPPING dns resolution (expected pre-Phase-0)"
|
||
|
|
pf_summary "dns"; exit $?
|
||
|
|
fi
|
||
|
|
|
||
|
|
any=0
|
||
|
|
for key in foundation:hosts.forge foundation:hosts.vault foundation:hosts.s3; do
|
||
|
|
name=$(pf_pulumi_config "$key")
|
||
|
|
[ -n "$name" ] || continue
|
||
|
|
any=1
|
||
|
|
if pf_resolve "$name"; then
|
||
|
|
pf_pass "DNS: $name resolves"
|
||
|
|
else
|
||
|
|
pf_warn "DNS: $name does NOT resolve yet (required before TLS/handover, PLAN-002 §9.4) — not failing"
|
||
|
|
fi
|
||
|
|
done
|
||
|
|
|
||
|
|
if [ "$any" -eq 0 ]; then
|
||
|
|
pf_warn "no hosts.* configured in stack yet -> SKIPPING dns resolution"
|
||
|
|
fi
|
||
|
|
|
||
|
|
pf_summary "dns"
|