Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixes #29803 - Move --certs* to hooks/ #514

Merged
merged 1 commit into from
Sep 22, 2020
Merged

Fixes #29803 - Move --certs* to hooks/ #514

merged 1 commit into from
Sep 22, 2020

Conversation

wbclark
Copy link
Contributor

@wbclark wbclark commented Jun 2, 2020

No description provided.

ehelms
ehelms reviewed Jun 2, 2020
View reviewed changes
hooks/pre/20-certs_update.rb Outdated Show resolved Hide resolved
ekohl
ekohl reviewed Jun 2, 2020
View reviewed changes
hooks/boot/20-certs_update.rb Outdated Show resolved Hide resolved
hooks/pre/20-certs_update.rb Outdated Show resolved Hide resolved
hooks/pre/20-certs_update.rb Outdated Show resolved Hide resolved
ekohl
ekohl reviewed Jun 2, 2020
View reviewed changes
hooks/pre/20-certs_update.rb Outdated Show resolved Hide resolved
@ehelms
Copy link
Member

ehelms commented Jul 31, 2020

Given this and a few other PRs depend on the logic, I implemented the module_present? concept --theforeman/kafo#262

ekohl
ekohl requested changes Aug 24, 2020
View reviewed changes
hooks/boot/20-certs_update.rb Outdated Show resolved Hide resolved
hooks/pre/20-certs_update.rb Outdated Show resolved Hide resolved
hooks/pre/20-certs_update.rb Outdated Show resolved Hide resolved
hooks/pre/20-certs_update.rb Outdated Show resolved Hide resolved
hooks/pre/20-certs_update.rb Outdated Show resolved Hide resolved
hooks/pre/20-certs_update.rb Outdated Show resolved Hide resolved
ekohl
ekohl reviewed Aug 25, 2020
View reviewed changes
hooks/pre/20-certs_update.rb Outdated
Comment on lines 23 to 40
if app_value('certs_update_server')
mark_for_update("#{hostname}-apache", hostname)
mark_for_update("#{hostname}-foreman-proxy", hostname)
end

if app_value('certs_update_all') || app_value('certs_update_default_ca') || app_value('certs_reset')
all_cert_names = Dir.glob(File.join(SSL_BUILD_DIR, hostname, '*.noarch.rpm')).map do |rpm|
File.basename(rpm).sub(/-1\.0-\d+\.noarch\.rpm/, '')
end.uniq

all_cert_names.each do |cert_name|
mark_for_update(cert_name, hostname)
end
end

if app_value('certs_update_server_ca') || app_value('certs_reset')
mark_for_update('katello-server-ca')
end
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does it make sense to gather an array on all of this? We now have all_cert_names but really we can gather them all. Explicitly gathering the paths would make mark_for_update redundant. Because I wanted to know how it looked, I took a stab at it:

require 'fileutils'

if module_enabled?('certs')
  if param('foreman_proxy_certs', 'foreman_proxy_fqdn')
    hostname = param('foreman_proxy_certs', 'foreman_proxy_fqdn').value
  else
    hostname = param('certs', 'node_fqdn').value
  end

  SSL_BUILD_DIR = param('certs', 'ssl_build_dir').value
  HOST_BUILD_DIR = File.join(SSL_BUILD_DIR, hostname)

  certs_to_update = []

  if app_value('certs_update_server')
    certs_to_update << File.join(HOST_BUILD_DIR, "#{hostname}-apache")
    certs_to_update << File.join(HOST_BUILD_DIR, "#{hostname}-foreman-proxy")
  end
   
  if app_value('certs_update_all') || app_value('certs_update_default_ca') || app_value('certs_reset')
    certs_to_update += Dir.glob(File.join(HOST_BUILD_DIR, '*.noarch.rpm')).map do |rpm|
      rpm.sub(/-1\.0-\d+\.noarch\.rpm/, '')
    end
  end

  if app_value('certs_update_server_ca') || app_value('certs_reset')
    certs_to_update << File.join(SSL_BUILD_DIR, 'katello-server-ca')
  end

  certs_to_update.uniq.each do |path|
    if app_value(:noop)
      puts "Marking certificate #{path} for update (noop)"
    else
      puts "Marking certificate #{path} for update"
      FileUtils.touch("#{path}.update")
    end
  end
end

I think it looks and better shows the intention of this hook. Note I left out resetting the params since I believe that should be in a different hook (https://github.com/theforeman/foreman-installer/pull/514/files#r476563297).

ekohl
ekohl requested changes Aug 25, 2020
View reviewed changes
Copy link
Member

@ekohl ekohl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note that katello_certs/hooks/pre/20-certs_update.rb is a symlink to the current certs update. That will need an update too.

@ehelms
Copy link
Member

ehelms commented Aug 25, 2020

Given this hook has worked by all accounts, it would be nice if this could be a move and then a refactor rather than combining the two. That will make tracking down issues easier.

@wbclark wbclark force-pushed the 29803_move_certs branch 3 times, most recently from 7b98a19 to cc07b39 Compare September 4, 2020 18:50
@wbclark wbclark force-pushed the 29803_move_certs branch 3 times, most recently from 17ca33e to fdb66e9 Compare September 14, 2020 19:21
@wbclark wbclark mentioned this pull request Sep 15, 2020
Merged
@wbclark
Copy link
Contributor Author

wbclark commented Sep 15, 2020

@ekohl I fixed the symlinks and tests are now green. I also moved resetting certs answers to pre_commit. do you have any other feedback on this one?

btw, I also opened #579 to run katello-certs-check whenever non-default certs answers are provided.

ekohl
ekohl reviewed Sep 15, 2020
View reviewed changes
katello_certs/hooks/boot/20-certs_update.rb
../../../hooks/boot/20-certs_update.rb
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I always forget these and what they're exactly supposed to do. It would be great to have some integration tests to make sure the functionality actually does what it's supposed to.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm working on theforeman/forklift#1208 as a first step towards integration testing of installer PRs.

Could we go ahead and merge this, and add tests in a future PR?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, tests can come after. Please file a Redmine issue to not lose track of the need.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree they can come later, but I'm wonder how much we actually verified this continues to work. With the rest of the code I'm decently familiar with how it should work but I'm not that familiar with foreman-proxy-certs-generate.

ehelms
ehelms approved these changes Sep 22, 2020
View reviewed changes
Copy link
Member

@ehelms ehelms left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested locally with an install test

@ehelms ehelms merged commit e3c472e into theforeman:develop Sep 22, 2020
@wbclark wbclark mentioned this pull request Oct 23, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ekohl ekohl ekohl requested changes

@ehelms ehelms ehelms approved these changes

Assignees
No one assigned
Labels
Needs testing
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@wbclark @ehelms @ekohl @theforeman-bot