refactor

Leechael · Leechael · commit 55164368d784 · 2025-08-20T03:02:39.000+08:00
diff --git a/custom-domain/dstack-ingress/scripts/certman.py b/custom-domain/dstack-ingress/scripts/certman.py
@@ -81,226 +81,135 @@ def install_plugin(self) -> bool:
         
         print(f"Successfully installed {self.provider.CERTBOT_PACKAGE}")
         
-        # Add diagnostic information
+        # Diagnostic information for troubleshooting
         try:
-            print("=== Diagnostic Information ===")
-            # Check which Python executable is being used
             import sys
-            print(f"Python executable: {sys.executable}")
-            print(f"Python version: {sys.version}")
-            
-            # Check where the package was installed
             import pkg_resources
+            print(f"Installed to Python: {sys.executable}")
+            
             try:
                 dist = pkg_resources.get_distribution("certbot-dns-namecheap")
-                print(f"Package location: {dist.location}")
-                print(f"Package version: {dist.version}")
+                print(f"Package version: {dist.version} at {dist.location}")
             except pkg_resources.DistributionNotFound:
-                print("Package not found in current environment")
-            
-            # Check sys.path
-            print(f"Python path: {sys.path[:3]}...")
-            print("=== End Diagnostic Information ===")
+                print("Warning: Package not found in current environment")
         except Exception as diag_error:
             print(f"Diagnostic error: {diag_error}")
         
-        # For Docker environments, we need to check if the plugin is actually usable
-        # Try a direct test of the plugin functionality
+        # Verify plugin installation
         try:
             if self.provider.CERTBOT_PLUGIN == "dns-namecheap":
                 import certbot_dns_namecheap.dns_namecheap
                 print(f"Plugin {self.provider.CERTBOT_PLUGIN} successfully imported")
                 
-                # Try to create a simple test to see if the plugin works
-                print(f"Testing if plugin {self.provider.CERTBOT_PLUGIN} is available...")
+                # Test if plugin is recognized by certbot
                 test_cmd = ["certbot", "plugins"]
                 test_result = subprocess.run(test_cmd, capture_output=True, text=True, timeout=10)
                 
-                print(f"Certbot plugins command returned: {test_result.returncode}")
-                if test_result.stdout:
-                    print(f"Available plugins:")
-                    print(test_result.stdout)
-                
-                if test_result.stderr:
-                    print(f"Plugin test stderr: {test_result.stderr}")
-                
                 if test_result.returncode == 0 and "dns-namecheap" in test_result.stdout:
-                    print(f"Plugin {self.provider.CERTBOT_PLUGIN} is available and working correctly")
+                    print(f"Plugin {self.provider.CERTBOT_PLUGIN} is available in certbot")
                     return True
                 else:
-                    print(f"Plugin {self.provider.CERTBOT_PLUGIN} may not be properly installed")
-                    if "dns-namecheap" not in test_result.stdout:
-                        print(f"Warning: dns-namecheap plugin not found in certbot plugins list")
-                        
-                        # Try some additional fixes
-                        print("Attempting additional fixes...")
-                        
-                        # Try to reload Python modules
-                        try:
-                            import importlib
-                            import certbot_dns_namecheap
-                            importlib.reload(certbot_dns_namecheap)
-                            print("Reloaded certbot_dns_namecheap module")
-                        except Exception as reload_error:
-                            print(f"Module reload failed: {reload_error}")
-                        
-                        # Try installing with --force-reinstall
-                        try:
-                            print("Trying force reinstall...")
-                            import sys
-                            force_cmd = [sys.executable, "-m", "pip", "install", "--force-reinstall", self.provider.CERTBOT_PACKAGE]
-                            print(f"Force reinstall command: {' '.join(force_cmd)}")
-                            force_result = subprocess.run(force_cmd, capture_output=True, text=True)
-                            if force_result.returncode == 0:
-                                print("Force reinstall succeeded")
-                            else:
-                                print(f"Force reinstall failed: {force_result.stderr}")
-                        except Exception as force_error:
-                            print(f"Force reinstall error: {force_error}")
-                        
-                        # Test plugins again after fixes
-                        print("Testing plugins again after fixes...")
-                        retest_cmd = ["certbot", "plugins"]
-                        retest_result = subprocess.run(retest_cmd, capture_output=True, text=True, timeout=10)
-                        if retest_result.returncode == 0 and "dns-namecheap" in retest_result.stdout:
-                            print(f"Plugin {self.provider.CERTBOT_PLUGIN} is now available after fixes!")
-                            return True
-                        
-                    # In Docker environments, this might still work in practice
-                    print("Continuing anyway - plugin may work in actual certbot execution")
+                    print(f"Warning: dns-namecheap plugin not found in certbot plugins list")
+                    if test_result.stderr:
+                        print(f"Plugin test stderr: {test_result.stderr}")
+                    # Continue anyway - may work in Docker environments
                     return True
             
         except Exception as e:
-            print(f"Plugin test warning: {e}")
-            # Continue anyway - the plugin may still work
+            print(f"Plugin verification warning: {e}")
             return True
         
         return True
 
+    def _validate_provider_credentials(self) -> bool:
+        """Validate provider credentials by testing API access."""
+        print(f"Validating {self.provider_type} API credentials...")
+        
+        try:
+            # For Namecheap, test API access
+            if hasattr(self.provider, '_make_request'):
+                test_result = self.provider._make_request("namecheap.users.getBalances")
+                if test_result.get("success", False):
+                    print(f"✓ {self.provider_type} API credentials are valid")
+                    return True
+                else:
+                    print(f"✗ {self.provider_type} API validation failed: {test_result.get('errors', ['Unknown error'])}")
+                    return False
+            else:
+                print(f"No API validation available for {self.provider_type}, skipping")
+                return True
+        except Exception as e:
+            print(f"Error validating {self.provider_type} credentials: {e}")
+            return False
+    
     def setup_credentials(self) -> bool:
         """Setup credentials file for certbot using provider implementation."""
-        print(f"Setting up credentials for {self.provider_type} provider")
         result = self.provider.setup_certbot_credentials()
-        if result:
-            print(f"Credentials setup successful for {self.provider_type}")
-        else:
-            print(f"Credentials setup failed for {self.provider_type}")
+        if not result:
+            print(f"Failed to setup credentials file for {self.provider_type}")
         return result
 
     def _build_certbot_command(self, action: str, domain: str, email: str) -> List[str]:
         """Build certbot command using provider configuration."""
-        print(f"Building certbot command for action: {action}, domain: {domain}")
-        
         plugin = self.provider.CERTBOT_PLUGIN
-        print(f"Using plugin: {plugin}")
-        
         if not plugin:
             raise ValueError(f"No certbot plugin configured for {self.provider_type}")
 
-        propagation_seconds = self.provider.CERTBOT_PROPAGATION_SECONDS
-        print(f"Propagation seconds configured: {propagation_seconds}")
-
-        base_cmd = ["certbot", action]
+        base_cmd = ["certbot", action, "-a", plugin, "--non-interactive", "-v"]
 
-        # Add DNS plugin configuration
-        base_cmd.extend(
-            [
-                "-a", plugin,
-                "--non-interactive",
-                "-v",  # Add verbose flag for detailed output
-            ]
-        )
-        print(f"Added plugin and non-interactive flags")
-
-        # Add credentials file if provider has one configured
+        # Add credentials file if configured
         if self.provider.CERTBOT_CREDENTIALS_FILE:
-            credentials_file = os.path.expanduser(
-                self.provider.CERTBOT_CREDENTIALS_FILE
-            )
-            print(f"Credentials file path (expanded): {credentials_file}")
-            
+            credentials_file = os.path.expanduser(self.provider.CERTBOT_CREDENTIALS_FILE)
             if os.path.exists(credentials_file):
-                credentials_arg = f"--{plugin}-credentials={credentials_file}"
-                base_cmd.extend([credentials_arg])
-                print(f"Added credentials argument: {credentials_arg}")
+                base_cmd.extend([f"--{plugin}-credentials={credentials_file}"])
             else:
-                print(f"Warning: Credentials file does not exist: {credentials_file}")
-        else:
-            print(f"No credentials file configured for provider")
+                raise ValueError(f"Credentials file does not exist: {credentials_file}")
 
         if action == "certonly":
-            base_cmd.extend(
-                ["--agree-tos", "--no-eff-email", "--email", email, "-d", domain]
-            )
-            print(f"Added certonly-specific arguments")
+            base_cmd.extend(["--agree-tos", "--no-eff-email", "--email", email, "-d", domain])
 
-        # Print the final command with masked email
-        masked_cmd = []
-        for i, arg in enumerate(base_cmd):
-            if i > 0 and base_cmd[i-1] == "--email":
-                masked_cmd.append("<email>")
-            else:
-                masked_cmd.append(arg)
-        print(f"Final certbot command: {' '.join(masked_cmd)}")
+        # Log command with masked email for debugging
+        masked_cmd = [arg if not (i > 0 and base_cmd[i-1] == "--email") else "<email>" 
+                     for i, arg in enumerate(base_cmd)]
+        print(f"Executing: {' '.join(masked_cmd)}")
         
         return base_cmd
 
     def obtain_certificate(self, domain: str, email: str) -> bool:
         """Obtain a new certificate for the domain."""
-        print(f"Starting certificate obtaining process for {domain} using {self.provider_type}")
+        print(f"Obtaining certificate for {domain} using {self.provider_type}")
         
         # Ensure plugin is installed
-        print(f"Checking plugin installation...")
         if not self.install_plugin():
             print(f"Failed to install plugin for {self.provider_type}", file=sys.stderr)
             return False
-        print(f"Plugin installation completed")
         
-        # Check if credentials are set up
-        print(f"Checking credentials setup...")
+        # Validate credentials before proceeding
+        if not self._validate_provider_credentials():
+            print(f"Failed to validate credentials for {self.provider_type}", file=sys.stderr)
+            return False
+        
+        # Setup credentials file
         if not self.setup_credentials():
             print(f"Failed to setup credentials for {self.provider_type}", file=sys.stderr)
             return False
-        print(f"Credentials setup completed")
 
-        # Check certbot version for debugging
-        try:
-            version_cmd = ["certbot", "--version"]
-            version_result = subprocess.run(version_cmd, capture_output=True, text=True, timeout=10)
-            if version_result.returncode == 0:
-                print(f"Certbot version: {version_result.stdout.strip()}")
-            else:
-                print(f"Could not determine certbot version")
-        except Exception as e:
-            print(f"Error checking certbot version: {e}")
-        
         cmd = self._build_certbot_command("certonly", domain, email)
-        print(f"Executing certbot command...")
 
         try:
             result = subprocess.run(cmd, capture_output=True, text=True, timeout=300)
             
-            print(f"Certbot command completed with return code: {result.returncode}")
-            
-            # Always print stdout if available
-            if result.stdout.strip():
-                print(f"=== Certbot stdout ===")
-                print(result.stdout)
-                print(f"=== End stdout ===")
-            
-            # Always print stderr if available
-            if result.stderr.strip():
-                print(f"=== Certbot stderr ===", file=sys.stderr)
-                print(result.stderr, file=sys.stderr)
-                print(f"=== End stderr ===", file=sys.stderr)
-            
-            if result.returncode != 0:
-                print(f"Certificate obtaining failed with return code {result.returncode}")
+            if result.returncode == 0:
+                print(f"✓ Certificate obtained successfully for {domain}")
+                return True
+            else:
+                print(f"✗ Certificate obtaining failed (exit code: {result.returncode})")
+                if result.stderr.strip():
+                    print(f"Error details: {result.stderr.strip()}")
+                if result.stdout.strip():
+                    print(f"Output: {result.stdout.strip()}")
                 return False
 
-            print(f"Certificate obtained successfully for {domain}")
-            return True
-
         except subprocess.TimeoutExpired:
             print(f"Certbot command timed out after 300 seconds", file=sys.stderr)
             return False
@@ -316,12 +225,10 @@ def renew_certificate(self, domain: str) -> Tuple[bool, bool]:
         """
         print(f"Renewing certificate using {self.provider_type}")
         
-        # Ensure plugin is installed for renewal too
-        print(f"Checking plugin installation for renewal...")
+        # Ensure plugin is installed
         if not self.install_plugin():
-            print(f"Failed to install plugin for renewal for {self.provider_type}", file=sys.stderr)
+            print(f"Failed to install plugin for renewal", file=sys.stderr)
             return False, False
-        print(f"Plugin installation completed for renewal")
 
         cmd = self._build_certbot_command("renew", domain, "")
 
diff --git a/custom-domain/dstack-ingress/scripts/dns_providers/namecheap.py b/custom-domain/dstack-ingress/scripts/dns_providers/namecheap.py
@@ -34,41 +34,21 @@ def __init__(self):
 
     def setup_certbot_credentials(self) -> bool:
         """Setup credentials file for certbot."""
-        print(f"Setting up Namecheap credentials file...")
-        
         try:
             cred_dir = os.path.expanduser("~/.namecheap")
-            print(f"Creating credentials directory: {cred_dir}")
             os.makedirs(cred_dir, exist_ok=True)
             
             cred_file = os.path.join(cred_dir, "namecheap.ini")
-            print(f"Writing credentials file: {cred_file}")
-            
             with open(cred_file, "w") as f:
                 f.write(f"# Namecheap API credentials used by Certbot\n")
                 f.write(f"dns_namecheap_username={self.username}\n")
                 f.write(f"dns_namecheap_api_key={self.api_key}\n")
             
-            print(f"Setting file permissions to 0o600")
             os.chmod(cred_file, 0o600)
-            
-            print(f"Credentials file created successfully: {cred_file}")
-            
-            # Verify file contents (without showing sensitive data)
-            if os.path.exists(cred_file):
-                with open(cred_file, "r") as f:
-                    lines = f.readlines()
-                print(f"Credentials file has {len(lines)} lines")
-                for i, line in enumerate(lines):
-                    if line.startswith('#'):
-                        print(f"Line {i+1}: {line.strip()}")
-                    elif '=' in line:
-                        key = line.split('=')[0]
-                        print(f"Line {i+1}: {key}=<value>")
-            
+            print(f"Credentials file created: {cred_file}")
             return True
         except Exception as e:
-            print(f"Error setting up certbot credentials: {e}")
+            print(f"Error setting up credentials file: {e}")
             return False
 
     def _make_request(self, command: str, **params) -> Dict:
