fix: update preflight checks for runners.conf and DNS validation
This commit is contained in:
S
58
preflight.sh
58
preflight.sh
@@ -96,7 +96,7 @@ check_runners_conf() {
|
|||||||
}
|
}
|
||||||
check 5 "runners.conf file exists" check_runners_conf
|
check 5 "runners.conf file exists" check_runners_conf
|
||||||
if [[ ! -f "${SCRIPT_DIR}/runners.conf" ]]; then
|
if [[ ! -f "${SCRIPT_DIR}/runners.conf" ]]; then
|
||||||
log_error " → runners.conf not found. Copy runners.conf.example to runners.conf."
|
log_error " → runners.conf not found. Run ./setup/configure_runners.sh to create it."
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# ---------------------------------------------------------------------------
|
# ---------------------------------------------------------------------------
|
||||||
@@ -187,18 +187,24 @@ check_runners_ini_format() {
|
|||||||
errors=$((errors + 1))
|
errors=$((errors + 1))
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# repos: must be "all" or a name from REPO_NAMES
|
# repos: must be "all" or a known repo name.
|
||||||
|
# Comma-separated values mean configure_runners.sh didn't expand — warn the user.
|
||||||
if [[ "$repos" != "all" ]] && [[ -n "$repos" ]]; then
|
if [[ "$repos" != "all" ]] && [[ -n "$repos" ]]; then
|
||||||
|
if [[ "$repos" == *,* ]]; then
|
||||||
|
log_error " → [$section] repos='$repos' contains commas — run ./setup/configure_runners.sh to expand into separate sections"
|
||||||
|
errors=$((errors + 1))
|
||||||
|
else
|
||||||
local repos_valid=false
|
local repos_valid=false
|
||||||
local _rn
|
local _rn
|
||||||
for _rn in ${REPO_NAMES:-}; do
|
for _rn in ${REPO_NAMES:-}; do
|
||||||
if [[ "$repos" == "$_rn" ]]; then repos_valid=true; break; fi
|
if [[ "$repos" == "$_rn" ]]; then repos_valid=true; break; fi
|
||||||
done
|
done
|
||||||
if ! $repos_valid; then
|
if ! $repos_valid; then
|
||||||
log_error " → [$section] repos='$repos' (must be 'all' or a name from REPO_NAMES)"
|
log_error " → [$section] repos='$repos' (must be 'all' or a name from REPO_NAMES: ${REPO_NAMES:-<empty>})"
|
||||||
errors=$((errors + 1))
|
errors=$((errors + 1))
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
# boot: must be "true" or "false" if present (native runners only)
|
# boot: must be "true" or "false" if present (native runners only)
|
||||||
local boot
|
local boot
|
||||||
@@ -433,27 +439,35 @@ else
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
# ---------------------------------------------------------------------------
|
# ---------------------------------------------------------------------------
|
||||||
# Check 14: DNS resolves
|
# Check 14a: python3 available for DNS resolution checks
|
||||||
# ---------------------------------------------------------------------------
|
# ---------------------------------------------------------------------------
|
||||||
check_dns() {
|
check_python3() {
|
||||||
# Fail closed when required values are missing.
|
command -v python3 >/dev/null 2>&1
|
||||||
[[ -n "${GITEA_DOMAIN:-}" ]] || return 1
|
|
||||||
[[ -n "${UNRAID_IP:-}" ]] || return 1
|
|
||||||
|
|
||||||
local resolved
|
|
||||||
# Use python3 (bundled with macOS) for DNS — avoids dependency on dig/host/nslookup
|
|
||||||
resolved=$(python3 -c "import socket; print('\n'.join(r[4][0] for r in socket.getaddrinfo('${GITEA_DOMAIN}', None, socket.AF_INET)))" 2>/dev/null | sort -u) || return 1
|
|
||||||
[[ -n "$resolved" ]] || return 1
|
|
||||||
|
|
||||||
# Pass only if one of the domain's A records exactly matches UNRAID_IP.
|
|
||||||
if printf '%s\n' "$resolved" | grep -Fxq "${UNRAID_IP}"; then
|
|
||||||
return 0
|
|
||||||
fi
|
|
||||||
return 1
|
|
||||||
}
|
}
|
||||||
check 14 "DNS: ${GITEA_DOMAIN:-<not set>} resolves to ${UNRAID_IP:-<not set>}" check_dns
|
check 14a "python3 available for DNS resolution checks" check_python3
|
||||||
if ! check_dns 2>/dev/null; then
|
if ! check_python3 2>/dev/null; then
|
||||||
log_error " → ${GITEA_DOMAIN:-GITEA_DOMAIN} does not resolve to ${UNRAID_IP:-UNRAID_IP}."
|
log_error " → python3 is required for DNS validation (Check 14b). Install it (e.g. brew install python)."
|
||||||
|
fi
|
||||||
|
|
||||||
|
# ---------------------------------------------------------------------------
|
||||||
|
# Check 14b: DNS resolves (informational — only needed for Phase 8 TLS)
|
||||||
|
# ---------------------------------------------------------------------------
|
||||||
|
if ! check_python3 2>/dev/null; then
|
||||||
|
log_warn "[14b] DNS: skipped — python3 not found (install python3 to run DNS validation before Phase 8)"
|
||||||
|
elif [[ -n "${GITEA_DOMAIN:-}" ]] && [[ -n "${UNRAID_IP:-}" ]]; then
|
||||||
|
dns_resolved=$(python3 -c "import socket; print('\n'.join(r[4][0] for r in socket.getaddrinfo('${GITEA_DOMAIN}', None, socket.AF_INET)))" 2>/dev/null | sort -u) || dns_resolved=""
|
||||||
|
if [[ -n "$dns_resolved" ]] && printf '%s\n' "$dns_resolved" | grep -Fxq "${UNRAID_IP}"; then
|
||||||
|
log_success "[14b] DNS: ${GITEA_DOMAIN} resolves to ${UNRAID_IP}"
|
||||||
|
PASS_COUNT=$((PASS_COUNT + 1))
|
||||||
|
else
|
||||||
|
if [[ -z "$dns_resolved" ]]; then
|
||||||
|
log_warn "[14b] DNS: ${GITEA_DOMAIN} does not resolve (needed before Phase 8)"
|
||||||
|
else
|
||||||
|
log_warn "[14b] DNS: ${GITEA_DOMAIN} resolves to ${dns_resolved} but expected ${UNRAID_IP} (needed before Phase 8)"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
log_warn "[14b] DNS: skipped — GITEA_DOMAIN or UNRAID_IP not set"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# ---------------------------------------------------------------------------
|
# ---------------------------------------------------------------------------
|
||||||
|
|||||||
Reference in New Issue
Block a user