Skip to content

Add DNS provider for F5 XC #2409

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Mar 3, 2025
Merged

Add DNS provider for F5 XC #2409

merged 4 commits into from
Mar 3, 2025

Conversation

@ldez
Copy link
Member

@ldez ldez commented Jan 27, 2025
edited
Loading

  • adds a description to your PR
  • have a homogeneous design with the other providers
  • add tests (units)
  • add tests ("live")
  • add a provider descriptor
  • generate CLI help, documentation, and readme.
  • be able to do: (and put the output of this command to a comment) 
    make build
rm -rf .lego

F5XC_API_TOKEN="xxx" \
F5XC_TENANT_NAME="yyy" \
F5XC_GROUP_NAME="zzz" \
./dist/lego -m [email protected] --dns f5xc -d '*.example.com' -d example.com -s https://acme-staging-v02.api.letsencrypt.org/directory run
    Note the wildcard domain is important.
  • pass the linter
  • do go mod tidy

Ping @Ewouddlb, can you run the command (with your domain, email, credentials, etc.)?

Closes #2408

How to test this PR?
  1. You need Go
  2. Checkout the PR: 
    git clone https://github.com/ldez/lego.git
cd lego
git checkout feat/f5xc
  3. Compile lego:
    • if you have make: make build
    • if you don't make make: go build -o dist/lego ./cmd/lego
  4. Run the following command with your information (email, domain, credentials): 
    F5XC_API_TOKEN="xxx" \
F5XC_TENANT_NAME="yyy" \
F5XC_GROUP_NAME="zzz" \
./dist/lego -m [email protected] --dns f5xc -d ''*.example.com' -d example.com -s https://acme-staging-v02.api.letsencrypt.org/directory run
    The wildcard domain is important
  5. Before each run of the command, you should clean your local environment: 
    rm -rf .lego

@ldez ldez changed the title Add DNS provider for Add DNS provider for F5 XC Jan 27, 2025
@Ewouddlb

This comment was marked as outdated.

Sign in to view
@ldez

This comment was marked as outdated.

Sign in to view
@ldez

This comment was marked as outdated.

Sign in to view
@Ewouddlb

This comment was marked as outdated.

Sign in to view
@Ewouddlb

This comment was marked as outdated.

Sign in to view
@ldez

This comment was marked as outdated.

Sign in to view
@ldez

This comment was marked as outdated.

Sign in to view
@Ewouddlb

This comment was marked as outdated.

Sign in to view
@ldez

This comment was marked as outdated.

Sign in to view
@ldez
Copy link
Member Author

ldez commented Mar 3, 2025
edited
Loading

The wrong usage of HTTP code is a problem: technically, a retry should only be done on client errors (4xx) and never on server errors (5xx).
Because server errors should represent real server problems and not the status of the data.

And without the documentation about the field code, it is difficult to know what to do.

@Ewouddlb

This comment was marked as outdated.

Sign in to view
@ldez
Copy link
Member Author

ldez commented Mar 3, 2025

I implemented a naive retry, this should help.

@Ewouddlb
Copy link

Ewouddlb commented Mar 3, 2025

Thanks, that works great. There is one minor error that does popup when trying to clean up the TXT records but the actual records seem to be cleaned up.

[testuser@localhost lego]$ ./dist/lego -m <user> --dns f5xc -d '*.xc.our-test-domain.com' -d xc.our-test-domain.com -s https://acme-staging-v02.api.letsencrypt.org/directory run
2025/03/03 16:07:12 [INFO] [*.xc.our-test-domain.com, xc.our-test-domain.com] acme: Obtaining bundled SAN certificate
2025/03/03 16:07:13 [INFO] [*.xc.our-test-domain.com] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz/187702324/16266991524
2025/03/03 16:07:13 [INFO] [xc.our-test-domain.com] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz/187702324/16266991534
2025/03/03 16:07:13 [INFO] [*.xc.our-test-domain.com] acme: use dns-01 solver
2025/03/03 16:07:13 [INFO] [xc.our-test-domain.com] acme: Could not find solver for: tls-alpn-01
2025/03/03 16:07:13 [INFO] [xc.our-test-domain.com] acme: Could not find solver for: http-01
2025/03/03 16:07:13 [INFO] [xc.our-test-domain.com] acme: use dns-01 solver
2025/03/03 16:07:13 [INFO] [*.xc.our-test-domain.com] acme: Preparing to solve DNS-01
2025/03/03 16:07:14 [INFO] Wait for f5xc create [timeout: 1m0s, interval: 2s]
2025/03/03 16:07:14 [INFO] [xc.our-test-domain.com] acme: Preparing to solve DNS-01
2025/03/03 16:07:14 [INFO] Wait for f5xc replace [timeout: 1m0s, interval: 2s]
2025/03/03 16:07:16 [INFO] [*.xc.our-test-domain.com] acme: Trying to solve DNS-01
2025/03/03 16:07:16 [INFO] [*.xc.our-test-domain.com] acme: Checking DNS record propagation. [nameservers=8.8.8.8:53,8.8.4.4:53]
2025/03/03 16:07:18 [INFO] Wait for propagation [timeout: 1m0s, interval: 2s]
2025/03/03 16:07:23 [INFO] [*.xc.our-test-domain.com] The server validated our request
2025/03/03 16:07:23 [INFO] [xc.our-test-domain.com] acme: Trying to solve DNS-01
2025/03/03 16:07:23 [INFO] [xc.our-test-domain.com] acme: Checking DNS record propagation. [nameservers=8.8.8.8:53,8.8.4.4:53]
2025/03/03 16:07:25 [INFO] Wait for propagation [timeout: 1m0s, interval: 2s]
2025/03/03 16:07:25 [INFO] [xc.our-test-domain.com] acme: Waiting for DNS record propagation.
2025/03/03 16:07:31 [INFO] [xc.our-test-domain.com] The server validated our request
2025/03/03 16:07:31 [INFO] [*.xc.our-test-domain.com] acme: Cleaning DNS-01 challenge
2025/03/03 16:07:31 [INFO] [xc.our-test-domain.com] acme: Cleaning DNS-01 challenge
2025/03/03 16:07:32 [WARN] [xc.our-test-domain.com] acme: cleaning up failed: f5xc: delete RR set: code: 5, message: the requested resource record was not found: (group,name,type) (acme-records,_acme-challenge,TXT)
2025/03/03 16:07:32 [INFO] [*.xc.our-test-domain.com, xc.our-test-domain.com] acme: Validations succeeded; requesting certificates
2025/03/03 16:07:32 [INFO] Wait for certificate [timeout: 30s, interval: 500ms]
2025/03/03 16:07:33 [INFO] [*.xc.our-test-domain.com] Server responded with a certificate.

@ldez
Copy link
Member Author

ldez commented Mar 3, 2025
edited
Loading

the cleanup error is expected because I remove the full RRSet related to ACME challenge in one time, so you can ignore it.

@ldez ldez marked this pull request as ready for review March 3, 2025 15:34
@ldez ldez requested a review from dmke March 3, 2025 15:34
@ldez ldez added this to the unreleased milestone Mar 3, 2025
@ldez ldez removed the waiting-for/user-tests Need users to test functionality label Mar 3, 2025
dmke
dmke approved these changes Mar 3, 2025
View reviewed changes
Copy link
Member

@dmke dmke left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ldez ldez merged commit 4675ef7 into go-acme:master Mar 3, 2025
7 checks passed
@ldez ldez deleted the feat/f5xc branch March 3, 2025 17:01
@ldez ldez modified the milestones: unreleased, v4.23 Apr 16, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dmke dmke dmke approved these changes

Assignees

No one assigned

Labels

area/dnsprovider enhancement

Milestone

v4.23

Development

Successfully merging this pull request may close these issues.

Support for provider: F5 - XC - Distributed Cloud - Volterra

3 participants

@ldez @Ewouddlb @dmke