Ginkgo v2.0.0 is hot off the press, released yesterday. Let's upgrade!
- `extensions/table` no longer needs to be separately imported
- `BeforeSuite()` must be outermost
fixes:
```
It looks like you are trying to add a [BeforeSuite] node within a container
```
```
imported and not used: "github.com/onsi/ginkgo/v2/extensions/table"
```
```
Entry redeclared during import "github.com/onsi/ginkgo/extensions/table"
```
Previously `etcd` wasn't running, causing the integration tests to fail
because they require `etcd`.
We now run `etcd`.
In the future I plan to add the ability to not require `etcd`, to use a
local table of key-value pairs, but I don't plan to test that option in
CI. It'll be for the very few users who use the sslip.io code but not
the service.
fixes <https://ci.nono.io/teams/main/pipelines/sslip.io/jobs/unit/builds/23>:
```
{"level":"warn","ts":"2021-12-31T01:34:28.089Z","logger":"etcd-client","caller":"v3@v3.5.1/retry_interceptor.go:62","msg":"retrying of unary invoker failed","target":"etcd-endpoints://0xc0001ef340/localhost:2379","attempt":0,"error":"rpc error: code = DeadlineExceeded desc = latest balancer error: last connection error: connection error: desc = \"transport: Error while dialing dial tcp 127.0.0.1:2379: connect: connection refused\""}
2021/12/31 01:34:28 couldn't GET "dmy-key": context deadline exceeded
```
We include an invisible "d" in our keys, but we don't want to leak them
to the user (it'll only serve to confuse), so we fix our error messages
to not display them. This code doesn't have coverage, but we don't feel
it's worth the contortions to cover it.
fixes
<https://ci.nono.io/teams/main/pipelines/sslip.io/jobs/unit/builds/23>
(should have been "my-key" not "dmy-key":
```
2021/12/31 17:36:27 couldn't GET "dmy-key": context deadline exceeded
```
...that we can customize for each of our three DNS servers.
Drive-bys:
- Bumped SOA serial 2021080200 → 2021123100. There's something poetic
about it being the last day of the year
- Deleted the old PowerDNS configuration. It's so stale there's no point
in having it. Or mentioning it in the README.
I didn't want a really long domain for the key-value store; I wanted a
short, easy-to-remember domain. And it cost $400 for ten years.
Many good domains (e.g. keyvalue.store, kv.io)
were taken, and some weren't easily registered (e.g. the Albanian
domain, keyv.al).
Browsing these domains that were never put into use is like strolling
along the Boulevard of Broken Dreams: high hopes dashed against the hard
rocks of reality.
Previously we maintained a local table of key-value pairs
(`TxtKvCustomizations`), but this had two drawbacks:
- no persistence: when the server is restarted, all key-value pairs are
wipe.
- no consistency: the key-value pairs on one server are completely
orthogonal to the key-value pairs on another.
By using `etcd` to store our KV pairs, we fix both those problems.
The addition of etcd was enough to inspire me to make a struct (`Xip`)
to hold the important information (source addr, etcd client). That way I
don't have to plumb that information through the hierarchy of function
calls.
Drive-by: fixed a bug in the random-IPv6-address-generator that would,
once in a great while, generate an IPv4 address.
When we implement the key-value store, we want new values to propagate
in a reasonable amount of time. Based on no scientific evidence
whatsoever, based solely on "gut feel", I came up with three minutes
(180 seconds).
The previous value was one week. I can't imagine anyone in their right
mind waiting a full week for their key-value to propagate.
I was uneasy: functions were returning values and mutating arguments
(specifically `response &Response`)--I was mixing meat with dairy, and
the result wasn't kosher.
Now I only return values, and don't mutate.
According to canonical [Go Code Review
Comments](https://github.com/golang/go/wiki/CodeReviewComments#pass-values):
> Don't pass pointers as function arguments just to save a few bytes. If
a function refers to its argument x only as *x throughout, then the
argument shouldn't be a pointer. Common instances of this include
passing a pointer to a string (*string) or a pointer to an interface
value (*io.Reader). In both cases the value itself is a fixed size and
can be passed directly. This advice does not apply to large structs, or
even small structs that might grow.
We set the number of replicas to 1 so that when you create a key-value
on `ns-gce.sslip.io`, you're sure of retrieving that value later from
`ns-gce.sslip.io`.
Previously it could hit the other replica, which would have a different
key-value store, which would make the value "disappear".
We enable special behavior under the `kv.sslip.io` subdomain: it can be
treated as a key-value store, the sub-subdomain being the key, and the
TXT record being the value.
For example, to write ("put") the value "12.0.1" to the key
"macos-version" on the `ns-gce.sslip.io.` nameserver, you'd use the
following `dig` command:
```shell
dig @ns-gce.sslip.io. txt put.12.0.1.macos-version.kv.sslip.io.
```
To read ("get") the value back, you'd write the following `dig` command:
```shell
dig @ns-gce.sslip.io. txt get.macos-version.kv.sslip.io.
```
Since "get" is the default behavior, you don't need to include it in the
domain name:
```shell
dig @ns-gce.sslip.io. txt macos-version.kv.sslip.io.
```
Finally, when you're done with the key-value, you can "delete" it:
```shell
dig @ns-gce.sslip.io. txt delete.macos-version.kv.sslip.io.
```
Notes:
- Keys are case-insensitive (to accommodate DNS convention). In other
words, `KEY.kv.sslip.io` and `key.kv.sslip.io` return the same TXT
record.
- Values are case-sensitive. `put.CamelCase.style.kv.sslip.io` sets the
TXT record to "CamelCase".
- `put` requests will return the TXT record being put; i.e.
`put.hello.world.kv.sslip.io` returns one TXT record of one string,
`hello`.
- `delete` requests will return the TXT record being deleted; i.e.
`delete.world.kv.sslip.io` returns one TXT record of one string,
`hello`. If the TXT record does not exist, no TXT records will be
returned.
- Values are limited to 63 bytes to mitigate using the sslip.io servers
in a [DNS amplification
attack](https://us-cert.cisa.gov/ncas/alerts/TA13-088A).
- Values are not persistent: if the server is restarted, all values
disappear. Poof.
- Values are not consistent. If a value is set in `ns-aws.sslip.io`, it
does not propagate to `ns-gce.sslip.io` nor `ns-azure.sslip.io`.
This pipeline's only purpose was an asset in a blog post that I wrote a
couple of years ago, and is no longer necessary.
Also, and this sounds petty, but I didn't like the RED on my CI--I'd
like to see as much green as possible. Now my CI is green (with the
exception of the many-colored "badges" pipeline).
They have been replaced by the sslip.io nameservers. I had been meaning
to do this a long time, and nothing like a Thanksgiving weekend to get
long-lingering tasks done.
The Docker images are now created automatically with our pipeline.
That's right: with 80 hours of work we saved 30 seconds of work! We are
nothing if not efficient.
We currently use three nameservers in the `nono.io` domain, but that's
confusing--why not have the nameservers in the `sslip.io` domain?
This commit starts the ball rolling to convert to the sslip.io. We'll
have a brief period where we have _both_ `nono.io` and `sslip.io`
nameservers.
At which point we'll add the `sslip.io` nameservers to our registrar,
Namecheap.com.
Once they've been added to our registrar, we'll wait a day or two to
propagate, and then we'll delete references to the `nono.io`
nameservers.
...especially since I recently switched from `master` to `main` on
sslip.io's repo.
Also I got rid of the Concourse groups, which I don't like at all. And I
added some pretty icons to the resources.
...especially since I recently switched from `master` to `main` on
sslip.io's repo.
Also I got rid of the Concourse groups, which I don't like at all. And I
added some pretty icons to the resources.
fixes:
```
error: error unmarshaling JSON: while decoding JSON: malformed task step: json: cannot unmarshal bool into Go struct field TaskRunConfig.config.run.path of type string
```
Also, change the order of `dig` arguments so that the server being
queried is first (e.g. `@#{whois_nameserver}`) and the arguments (e.g.
`+short`), is last.
Our documentation was wrong; our homepage said to get the origin IP
address by querying the TXT record of the root, i.e. `dig
@ns-aws.nono.io txt . +short`; however, our code worked differently: it
returned the origin IP when the `.ip` TLD was queried.
The new behavior is that it returns the origin IP when `ip.sslip.io.` is
queried, and the documentation now reflects that behavior.
Also, that behavior is marked "experimental" to give us leeway to
change.
[fixes#11]
- Returns version information for DNS server
- Contains 3 strings:
- Semantic version, e.g. "2.2.1"
- Date of compilation
- Latest git hash
Note: the BOSH Release will have a different compilation date &
different git hash than the released executables; the semantic version
will be the same.
I needed a way of determining the version that a server was running. I
orginally considered a command-line argument, but then I thought, "Why
not create a DNS record for it? That way I can query running servers
without needing to ssh onto the machine."
The TXT record consists of three distinct strings: version, compile
date, and git hash.
```bash
dig txt version.sslip.io +short
"2.2.1"
"2021/10/03-15:08:54+0100"
"6a928eb"
```
The integration tests were failing on my laptop.
As a side note, it's interesting that a 2013 desktop is almost three times
faster than a 2020 laptop. Sic transit gloria mundi.
Drive-by: I removed a `JustBeforeEach()` clause that wasn't being used,
and removed a comment that no longer applied (we no longer need to stop
`systemd-resolved`)
This time it's fixed for sure.
I should have tested the previous commit before I pushed it. Or I could
have re-written the git history to make a complete commit, but as an
exercise in humility I decided to allow my mistakes to be seen.
fixes: <https://ci.nono.io/teams/main/pipelines/sslip.io/jobs/unit/builds/6>
```
dig: couldn't get address for '::1': address family not supported
```
Our unit tests have been failing on our IPv4-only containers because one
of the tests forces a lookup from the (non-existent) IPv6 loopback
interface.
Now we first test to make sure such an interface exists by using
`ping6`. Corner-case: In the event that `ping6` is not on the machine
where the tests are run, but that machine has an IPv6 loopback
interface, that test will be mistakenly skipped. Big deal.
fixes: <https://ci.nono.io/teams/main/pipelines/sslip.io/jobs/unit/builds/4>
```
dig: couldn't get address for '::1': address family not supported
```
