Dry-run improvements

[nstielau]

I love the idea of dry-run mode. Ideally, dry-run mode would work without any valid Dyn creds at all. That way we could run this against production URLs and watch logging, and see what it was doing, even if it was just monitoring at first.

For me, attempting to run dry-run mode without valid creds first yielded:

○ → ddcheck -e 500 --debug --dry-run http://getpantheon.com/test
2014-01-17 15:57:56,428 Resolving http://getpantheon.com/test
2014-01-17 15:57:56,506 Found health check point:  checkpoint(url='http://198.61.151.215/test', host='getpantheon.com', record='getpantheon.com.', ip='198.61.151.215', type='A')
2014-01-17 15:57:56,535 Found health check point:  checkpoint(url='http://[2001:4801:7901:0:aff8:a2d8:0:66]/test', host='getpantheon.com', record='getpantheon.com.', ip='2001:4801:7901:0:aff8:a2d8:0:66', type='AAAA')
Incorrect DynDns credentials
Exception AttributeError: "'DynDns' object has no attribute 'rest_iface'" in <bound method DynDns.__del__ of <ddcheck.dyndns.DynDns object at 0x10427ced0>> ignored

After removing the response check on https://github.com/whiskybar/ddcheck/blob/master/ddcheck/dyndns.py#L62, the script would exit after the first check:

○ → ddcheck -e 500 --debug --dry-run http://www.getpantheon.com/
2014-01-17 16:10:29,562 Resolving http://www.getpantheon.com/
2014-01-17 16:10:30,166 Found health check point:  checkpoint(url='http://198.61.151.215/', host='www.getpantheon.com', record='getpantheon.com.', ip='198.61.151.215', type='A')
2014-01-17 16:10:30,196 Found health check point:  checkpoint(url='http://[2001:4801:7901:0:aff8:a2d8:0:66]/', host='www.getpantheon.com', record='getpantheon.com.', ip='2001:4801:7901:0:aff8:a2d8:0:66', type='AAAA')
2014-01-17 16:10:30,700 Starting new HTTP connection (1): 198.61.151.215
2014-01-17 16:10:30,702 Starting new HTTP connection (1): 2001:4801:7901:0:aff8:a2d8:0:66
2014-01-17 16:10:30,819 http://[2001:4801:7901:0:aff8:a2d8:0:66]/ (www.getpantheon.com) connection failed: HTTPConnectionPool(host='2001:4801:7901:0:aff8:a2d8:0:66', port=80): Max retries exceeded with url: / (Caused by <class 'socket.gaierror'>: (7, 'No address associated with hostname'))
2014-01-17 16:10:30,864 "GET / HTTP/1.1" 301 0
2014-01-17 16:10:30,865 Starting new HTTPS connection (1): www.getpantheon.com
2014-01-17 16:10:31,347 "GET / HTTP/1.1" 200 8667
2014-01-17 16:10:31,428 http://198.61.151.215/ hit -> 200 (OK)
Traceback (most recent call last):
  File "/usr/local/bin/ddcheck", line 9, in <module>
    load_entry_point('ddcheck==0.0.1', 'console_scripts', 'ddcheck')()
  File "/usr/local/lib/python2.7/site-packages/ddcheck/console.py", line 59, in main
    healthcheck(options.urls, error_codes=error_codes, timeout=options.timeout, dry_run=options.dry_run, dyndns_credentials=dyndns_credentials)
  File "/usr/local/lib/python2.7/site-packages/ddcheck/server.py", line 49, in healthcheck
    dyndns.remove_records(records) #TODO: or return the records and call this elsewhere
  File "/usr/local/lib/python2.7/site-packages/ddcheck/dyndns.py", line 105, in remove_records
    self.remove_addresses(zone=zone, name=record, addresses=[cp.ip for cp in checkpoints], type=type)
  File "/usr/local/lib/python2.7/site-packages/ddcheck/dyndns.py", line 79, in remove_addresses
    current_addresess = self.zone_addresses(zone, name, type).items()
  File "/usr/local/lib/python2.7/site-packages/ddcheck/dyndns.py", line 74, in zone_addresses
    for url in self.rest_iface.execute('/%sRecord/%s/%s/' % (type, zone, name), 'GET')['data']:
TypeError: 'NoneType' object is not iterable
curl -XDELETE https://api.dynect.net:443/REST/Session/ \
    --header "Content-Type: application/json" \
    --header "API-Version: current" \
    --header "Auth-Token: None"

[aleszoulek]

Yeah.

That was exactly what dry-run was supposed to do. Run on production without any actual changes doing, to make sure it works as expected.

The script validates credentials and if that validation pass (or someone removes that), it expcets to be connected to the API and tracebacks... :)

Problem with running without any credentials is (if I'm reading the API doc correctly), that one needs access to the API to return "dry" REST requests it would execute. (It needs to list API ARecords to see the document record_id to delete.)

The dry REST requests seems useful, so one can directly copy'n'paste it into console, in case it seems reasonable output.

But I could definitely see a room for adding other level of "dry-run" which would basicaly just print out failed checks and do not go into the DynDNS code at all. Running it in this mode against production wouldn't obviously test the DynDns communication code...

Also upon invalid credetials, this last line should go away.. Exception AttributeError: "'DynDns' object has no attribute 'rest_iface'" in <bound method DynDns.__del__ of <ddcheck.dyndns.DynDns object at 0x10427ced0>> ignored

[aleszoulek]

Fixed the last line of output, when incorrect credetials passed...

Still had to do the rest.

[aleszoulek]

Added --healthcheck-only (-H) option. It will not require any dyndns credentials, will not contact API in anyway.

It just does a healthcheck and prints out failed checkpoints.

(ddcheck){master ddcheck } ddcheck -e 500 --healthcheck-only http://getpantheon.com/test 2014-01-20 23:09:18,359 Starting new HTTP connection (1): 2a00:1450:400d:805::100e 2014-01-20 23:09:18,398 IPv6 support... off 2014-01-20 23:09:18,569 Starting new HTTP connection (1): 198.61.151.215 2014-01-20 23:09:18,874 getpantheon.com http://198.61.151.215/test hit -> 301 (OK) And adding 301 as failed https code: (see the last line) (ddcheck){master ddcheck } ddcheck -e 500,301 --healthcheck-only http://getpantheon.com/test 2014-01-20 23:09:24,749 Starting new HTTP connection (1): 2a00:1450:400d:805::100e 2014-01-20 23:09:24,782 IPv6 support... off 2014-01-20 23:09:24,952 Starting new HTTP connection (1): 198.61.151.215 2014-01-20 23:09:25,249 getpantheon.com http://198.61.151.215/test hit -> 301 (!!) 2014-01-20 23:09:25,249 Detected down: getpantheon.com 198.61.151.215

Does that work for you better? Closing. Feel free to reopen/comment.