I'm guessing that this change will fix it; it seems that the `run`
directive is executed by `/bin/sh`, not by `exec()`
Fixes:
```
▼ Run go mod download
go mod download
shell: sh -e {0}
```
```
integration_flags_test.go:8:2: no required module provides package github.com/onsi/ginkgo/v2; to add it:
go get github.com/onsi/ginkgo/v2
```
Previously we depended on the cunnie/fedora-golang-bosh image to have
the correct dependencies, and when it didn't it caused test failures.
This commit fixes that by downloading the dependencies before running
the tests (before running `ginkgo`)
Fixes:
```
xip/xip.go:21:2: no required module provides package golang.org/x/net/dns/dnsmessage; to add it:
go get golang.org/x/net/dns/dnsmessage
```
Fixes, hopefully:
```
xip/xip.go:21:2: no required module provides package golang.org/x/net/dns/dnsmessage; to add it:
go get golang.org/x/net/dns/dnsmessage
```
Fixes, hopefully:
```
Unable to create '/home/runner/actions-runner/_work/sslip.io/sslip.io/.git/index.lock': Permission denied
...
File was unable to be removed Error: EACCES: permission denied, unlink '/home/runner/actions-runner/_work/sslip.io/sslip.io/.git/FETCH_HEAD'
...
Unable to prepare the existing repository. The repository will be recreated instead.
```
I also had to manually log onto my self-hosted runner and change the
ownership of the files under ~runner that were owned by root.
Probably should've gotten rid of `vault` CLI because I don't have a
Vault instance anymore.
Fixes:
```
Unknown argument "--add-repo" for command "config-manager". Add "--help" for more information about the arguments.
```
```
buildx failed with: ERROR: failed to solve: process "/bin/sh -c dnf install -y dnf-plugins-core; dnf config-manager --add-repo https://rpm.releases.hashicorp.com/fedora/hashicorp.repo; dnf -y install vault; setcap -r /usr/bin/vault" did not complete successfully: exit code: 1
```
We produce 3 Docker images
- sslip.io-dns-server (run sslip.io in a container)
- fedora-golang-bosh (CI testing)
- fedora-ruby-bind-utils (nameserver testing)
We place the Dockerfiles under `Docker/` with a subdirectory name
corresponding to the Docker image name.
TODO: we need to tidy the Dockerfiles under `k8s`, but we'll leave that
for another day.
We've migrated the workflows we want to keep to GitHub actions.
The only one we don't want to keep is the nginx-webserver Docker image
whose sole purpose is to be run on k8s, and we're decommissioning our
k8s cluster.
- I don't need the "badges" pipeline anymore. It was once something that
made me terribly proud, and I'm sad to let it go.
- Similarly with the PWS pipeline. PWS is long-gone, and I don't know
why I kept it around so long because I didn't have any emotional
attachment to it
- I certainly don't need the task file for checking the nameservers;
that's a Concourse CI-thing.
Previously this action was called "Check DNS", but that was confusing
because this repo is all about DNS, so to be more clear we are calling
it "Check Nameservers" because that's what we're doing — checking that
the sslip.io nameservers are running properly.
This variable, `DOMAIN`, is carried over from Concourse CI, but I
probably should've hard-coded it.
Fixes, when running GitHub actions:
```
Usage: whois [OPTION]... OBJECT...
```
Concourse uses the directory above the repo; GitHub actions uses the
repo. This commit adjusts the director to accommodate GitHub Actions.
Fixes:
```
LoadError:
cannot load such file -- /__w/sslip.io/sslip.io/sslip.io/spec
```
I'm not ready to convert the release process, which is fairly
complicated, to GitHub actions. And the simple job is inadequate and
does the wrong thing (e.g. doesn't embed version numbers).
- on a self-hosted runner
- pull requests don't trigger actions (security)
- forks don't trigger actions (security)
- run in a container (fedora-golang-bosh) (security)
Concourse has stood me in good stead these past years, but development
has stalled with the Pivotal → VMware → Broadcom acquisitions, and now,
with the expiration of one of my Google Cloud Platform committed use
discounts, is a good time to transition to GitHub actions.
- ns-aws & ns-azure have been replaced by ns-hetzner & ns-ovh
- ns-azure has been completely destroyed (`terraform apply -destroy`);
the elastic IP has been released, so there's no hope of bringing it
back.
- ns-aws has been renamed to "blocked.sslip.io". It no longer answers
DNS queries, but lives on as the website we point "blocked" queries to
that warns about phishing.
- Some of the Markdown files' changes were mere reformatting changes
When using dig to determine the metrics of my servers, e.g. "dig txt
metrics.status.sslip.io @ns-ovh.sslip.io +short", one record looks
particularly heinous:
```
"Answer \226\137\165 1: 67974722 (651.9/s)"
```
It's supposed to look like this:
```
"Answer ≥ 1: 67974722 (651.9/s)"
```
`dig` doesn't handle Unicode well. So I'm replacing "Answer ≥ 1" with
"Answer > 0". No Unicode.
It was a worthy effort, but ultimately failed.
We don't need a custom `listLocalIPCIDRs()`; Golang now has a builtin:
`net.InterfaceAddrs()`. [0]
This is one of those wonderful commits that removes more lines than it
adds.
[0] https://pkg.go.dev/net#InterfaceAddrs
I've always been uncomfortable with the metric "Answered Queries" — it
implies that we don't answer all the queries. But we do answer all the
queries!
What the metric meant is "the number of DNS responses that we send that
have one or more records in the ANSWER section".
The new metric is "Answer ≥ 1". Not great, but better than before.
When I had introduced ns-hetzner, I forgot to update the records for
ns.sslip.io, which continued to point to the old, deprecated ns-azure.
This commit updates the ns.sslip.io records.
- remove the alert about not using the sslip.io nameservers as
general-purpose nameservers — I feel if they're looking at the page,
they already know enough not to use the nameservers as recursive
nameservers.
- deprecate ns-azure.
- extend the shutdown to 12/25 for ns-aws & ns-azure
- add a shoutout to Let's Encrypt
`tidy`, a UNIX-based HTML-formatter, has had its day in the sun, but
with the advent of VS Code, which I'll be using often to modify the
HTML, it makes more sense to format within the editor rather than in a
separate terminal window.
The nameserver on Azure is probably my least-favorite: much slower, much
higher latency. Even though it would've made more geographic sense to
dismantle my GCP nameserver in favor of the Hetzner, I'm using this
opportunity to get rid of the Azure.
And, of course, introduce the Hetzner nameserver with its 20TB of
bandwidth allowance, which I've come to need.
The torrent of traffic I'm receiving has caused my AWS bill to spike
from $9 to $148, all of the increase due to bandwidth charges.
I'm still maintaining ns-aws; the VM still continue to run, and continue
to serve web traffic, and maintain its hostname and IP addresses;
however, it will no longer be in the list of NS records for sslip.io.
There are much less expensive hosting providers. OVH is my current
favorite.
Rather than bloating the code with yet another flag, one that only I
would use, and in only one specific case (ns-aws.sslip.io), it would be
better to simply take ns-aws.sslip.io out of the NS list.
I'm being gouged by bandwidth costs by AWS. Last month's bill was $148,
and all but $9 was about bandwidth.
My bandwidth has been inexplicably climbing since February:
Billing
Month Total GB % increase
2024/2 37.119
2024/3 52.953 42.66%
2024/4 58.745 10.94%
2024/5 69.307 17.98%
2024/6 173.371 150.15%
2024/7 334.064 92.69%
2024/8 539.343 61.45%
2024/9 568.745 5.45%
2024/10 1365.305 140.06%
The new flag will allow me to throttle the AWS bandwidth to ~287 queries
/ second, which, according to my calculations, will max out the free
100 GB bandwidth without dipping into the for-pay bandwidth.
