From 8cbea1490426882aba4e82dac4a8eafbb51550c1 Mon Sep 17 00:00:00 2001 From: Arvinth C Date: Tue, 3 Oct 2023 11:00:23 +0530 Subject: [PATCH 01/11] FQDN check should pass/fail after retrying mutilple times to reach the node Signed-off-by: Arvinth C --- .../pkg/verifyserver/server/api/v1/fqdn.go | 2 +- .../batchcheckservice/trigger/triggerapi.go | 2 +- .../services/fqdnservice/fqdnservice.go | 51 +++++++++++++------ 3 files changed, 37 insertions(+), 18 deletions(-) diff --git a/components/automate-cli/pkg/verifyserver/server/api/v1/fqdn.go b/components/automate-cli/pkg/verifyserver/server/api/v1/fqdn.go index 19ea1593b70..7a931b70d34 100644 --- a/components/automate-cli/pkg/verifyserver/server/api/v1/fqdn.go +++ b/components/automate-cli/pkg/verifyserver/server/api/v1/fqdn.go @@ -37,6 +37,6 @@ func (h *Handler) CheckFqdn(c *fiber.Ctx) error { return fiber.NewError(http.StatusBadRequest, "node_type should be automate or chef-infra-server, Please provide node_type.") } - res := h.FqdnService.CheckFqdnReachability(*req, constants.DEFAULT_HTTPS_PORT, time.Minute*1) + res := h.FqdnService.CheckFqdnReachability(*req, constants.DEFAULT_HTTPS_PORT, time.Second*30) return c.JSON(response.BuildSuccessResponse(res)) } diff --git a/components/automate-cli/pkg/verifyserver/services/batchcheckservice/trigger/triggerapi.go b/components/automate-cli/pkg/verifyserver/services/batchcheckservice/trigger/triggerapi.go index 5b4590b101f..a580b1d1c3e 100644 --- a/components/automate-cli/pkg/verifyserver/services/batchcheckservice/trigger/triggerapi.go +++ b/components/automate-cli/pkg/verifyserver/services/batchcheckservice/trigger/triggerapi.go @@ -121,7 +121,7 @@ func TriggerCheckAPI(endPoint, host, nodeType, method string, output chan<- mode } client := http.Client{ - Timeout: 35 * time.Second, + Timeout: 65 * time.Second, } resp, err := client.Do(req) if err != nil { diff --git a/components/automate-cli/pkg/verifyserver/services/fqdnservice/fqdnservice.go b/components/automate-cli/pkg/verifyserver/services/fqdnservice/fqdnservice.go index bcadd9eea69..22d315e4ba0 100644 --- a/components/automate-cli/pkg/verifyserver/services/fqdnservice/fqdnservice.go +++ b/components/automate-cli/pkg/verifyserver/services/fqdnservice/fqdnservice.go @@ -149,25 +149,44 @@ func (fq *FqdnService) MakeConcurrentCalls(url string, client *http.Client, setN return errors.New("nodes are not reachable") } -func (fq *FqdnService) triggerRequest(client *http.Client, url string) error { - res, err := client.Get(url) - if err != nil { - fq.log.Error(err.Error()) - return err - } +func (fq *FqdnService) triggerRequest(client *http.Client, url string, duration time.Duration) error { + timeout := time.After(duration) + + var fqdnError error +loop: + for { + select { + case <-timeout: + fq.log.Debugf("Stopped making API calls after %v seconds.", duration) + if fqdnError == nil { + return errors.New(constants.FQDN_ERROR_MESSAGE) + } + return fqdnError + default: + res, err := client.Get(url) + if err != nil { + fq.log.Error("Iteration logs: ", err.Error()) + fqdnError = err + continue + } + fq.log.Debug("Status Code: ", res.StatusCode) + if res.StatusCode != 200 { + fq.log.Errorf("%v is not reachable.", url) + } + if res.StatusCode == 200 { + fq.log.Debug("FQDN is reachable") + // return nil + break loop + } + } + time.Sleep(3 * time.Second) - fq.log.Debug("Status Code: ", res.StatusCode) - if res.StatusCode != 200 { - fq.log.Debugf("%v is not reachable.", url) - return errors.New("fqdn is not reachable") } - - fq.log.Debug("Fqdn is Reachable.") return nil } // fqdnReachable function will check that are we able to hit the load balancer fqdn or not. -func (fq *FqdnService) fqdnReachable(fqdn, rootCert, nodeType string, isAfterDeployment bool, port string) models.Checks { +func (fq *FqdnService) fqdnReachable(fqdn, rootCert, nodeType string, isAfterDeployment bool, port string, duration time.Duration) models.Checks { fq.log.Debug("Checking Fqdn Reachability...") client := fq.createClient(rootCert) var url string @@ -179,9 +198,9 @@ func (fq *FqdnService) fqdnReachable(fqdn, rootCert, nodeType string, isAfterDep } fq.log.Debug("URL: ", url) - err := fq.triggerRequest(client, url) + err := fq.triggerRequest(client, url, duration) if err != nil { - return createCheck(constants.FQDN_TITLE, false, "", constants.FQDN_ERROR_MESSAGE, constants.FQDN_RESOLUTION_MESSAGE) + return createCheck(constants.FQDN_TITLE, false, "", err.Error(), constants.FQDN_RESOLUTION_MESSAGE) } return createCheck(constants.FQDN_TITLE, true, constants.FQDN_TITLE, "", "") } @@ -266,7 +285,7 @@ func (fq *FqdnService) CheckFqdnReachability(req models.FqdnRequest, port string } if certificateValidityCheck { - check = fq.fqdnReachable(req.Fqdn, req.RootCert, req.NodeType, req.IsAfterDeployment, port) + check = fq.fqdnReachable(req.Fqdn, req.RootCert, req.NodeType, req.IsAfterDeployment, port, duration) } else { check = createCheck(constants.FQDN_TITLE, false, "", constants.FQDN_ERROR_MESSAGE, constants.FQDN_RESOLUTION_MESSAGE) } From 0333c27733adff26fe4c75075fc67d23f0374574 Mon Sep 17 00:00:00 2001 From: Arvinth C Date: Tue, 3 Oct 2023 11:27:43 +0530 Subject: [PATCH 02/11] Updating test cased Signed-off-by: Arvinth C --- .../verifyserver/services/fqdnservice/fqdnservice_test.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/components/automate-cli/pkg/verifyserver/services/fqdnservice/fqdnservice_test.go b/components/automate-cli/pkg/verifyserver/services/fqdnservice/fqdnservice_test.go index feffddd44a6..bc4c0f6a69c 100644 --- a/components/automate-cli/pkg/verifyserver/services/fqdnservice/fqdnservice_test.go +++ b/components/automate-cli/pkg/verifyserver/services/fqdnservice/fqdnservice_test.go @@ -325,7 +325,7 @@ func TestCheckFqdnReachability(t *testing.T) { Title: constants.FQDN_TITLE, Passed: false, SuccessMsg: "", - ErrorMsg: constants.FQDN_ERROR_MESSAGE, + ErrorMsg: "Get \"https://localhost2:5345\": dial tcp: lookup localhost2: no such host", ResolutionMsg: constants.FQDN_RESOLUTION_MESSAGE, }, { @@ -545,7 +545,7 @@ func TestCheckFqdnReachability(t *testing.T) { Title: constants.FQDN_TITLE, Passed: false, SuccessMsg: "", - ErrorMsg: constants.FQDN_ERROR_MESSAGE, + ErrorMsg: "Get \"https://localhost2:5345/_status\": dial tcp: lookup localhost2: no such host", ResolutionMsg: constants.FQDN_RESOLUTION_MESSAGE, }, { @@ -609,7 +609,7 @@ func TestCheckFqdnReachability(t *testing.T) { Title: constants.FQDN_TITLE, Passed: false, SuccessMsg: "", - ErrorMsg: constants.FQDN_ERROR_MESSAGE, + ErrorMsg: "Get \"https://localhost2:5345\": dial tcp: lookup localhost2: no such host", ResolutionMsg: constants.FQDN_RESOLUTION_MESSAGE, }, { From 7484a35be176f1f406409bcb87a8611a98cbd6ee Mon Sep 17 00:00:00 2001 From: Arvinth C Date: Wed, 4 Oct 2023 11:03:35 +0530 Subject: [PATCH 03/11] Updating resolve message for FQDN error Signed-off-by: Arvinth C --- .../pkg/verifyserver/constants/fqdn.go | 38 +++++++++++-------- .../services/fqdnservice/fqdnservice.go | 10 ++++- 2 files changed, 31 insertions(+), 17 deletions(-) diff --git a/components/automate-cli/pkg/verifyserver/constants/fqdn.go b/components/automate-cli/pkg/verifyserver/constants/fqdn.go index 37a868e8294..68ac9688162 100644 --- a/components/automate-cli/pkg/verifyserver/constants/fqdn.go +++ b/components/automate-cli/pkg/verifyserver/constants/fqdn.go @@ -1,20 +1,26 @@ package constants const ( - FQDN_TITLE = "FQDN is reachable" - FQDN_ERROR_MESSAGE = "FQDN is not reachable" - FQDN_RESOLUTION_MESSAGE = "Ensure FQDN is reachable and mapped to load balancer.Also, ensure your Port 443 is open and load balancer is able to reach to the machine on port 443. Review security group or firewall settings." - NODE_TITLE = "Nodes are reachable" - NODE_SUCCESS_MESSAGE = "All nodes are reachable" - NODE_ERROR_MESSAGE = "%v is not reachable" - NODE_RESOLUTION_MESSAGE = "Ensure your Port 443 is open. Review security group or firewall settings." - CERTIFICATE_TITLE = "Certificate validity for FQDN" - CERTIFICATE_SUCCESS_MESSAGE = "FQDN has with valid certificates" - CERTIFICATE_ERROR_MESSAGE = "FQDN certificate is not valid." - CERTIFICATE_RESOLUTION_MESSAGE = "Generate new valid certificates and provide those." - IP_TO_HASH_FAIL_MESSAGE = "Failed to hash the IP." - DEFAULT_HTTPS_PORT = "443" - SERVER_IP_HEADER_KEY = "x-server-ip" - CHAN_RESULT_ERROR_MESSAGE = "error recieved" - MIN_NUMBER_OF_CALLS = 50 + FQDN_TITLE = "FQDN is reachable" + FQDN_ERROR_MESSAGE = "FQDN is not reachable" + INVALID_CERTIFICATE_ERROR = "FQDN is not reachable" + FQDN_RESOLUTION_MESSAGE = "Ensure FQDN is reachable and mapped to load balancer.Also, ensure your Port 443 is open and load balancer is able to reach to the machine on port 443. Review security group or firewall settings." + CERT_CN_MISMATCH_RESOLUTION_MESSAGE = "Ensure the certificate provided is Valid. In case of self-signed certificate, make sure the DNS provided in \"subjectAltName\" matches with \"CN\" (Common Name)" + CERT_CN_MISMATCH_ERROR_PATTERN = "x509: certificate is not valid for any names, but wanted to match" + INVALID_FQDN_CERT_RESOLUTION_MESSAGE = "Ensure the certificate provided is Valid. In case of self-signed certificate, make sure the root-ca and the certificate provided in LB belongs to same CA" + INVALID_FQDN_CERT_ERROR_PATTERN = "x509: certificate signed by unknown authority" + GENERIC_FQDN_CERT_RESOLUTION_MESSAGE = "Ensure the certificate provided is Valid. Also check if the FQDN is reachable, and mapped to load balancer. Review security group or firewall settings." + NODE_TITLE = "Nodes are reachable" + NODE_SUCCESS_MESSAGE = "All nodes are reachable" + NODE_ERROR_MESSAGE = "%v is not reachable" + NODE_RESOLUTION_MESSAGE = "Ensure your Port 443 is open. Review security group or firewall settings." + CERTIFICATE_TITLE = "Certificate validity for FQDN" + CERTIFICATE_SUCCESS_MESSAGE = "FQDN has with valid certificates" + CERTIFICATE_ERROR_MESSAGE = "FQDN certificate is not valid." + CERTIFICATE_RESOLUTION_MESSAGE = "Generate new valid certificates and provide those." + IP_TO_HASH_FAIL_MESSAGE = "Failed to hash the IP." + DEFAULT_HTTPS_PORT = "443" + SERVER_IP_HEADER_KEY = "x-server-ip" + CHAN_RESULT_ERROR_MESSAGE = "error recieved" + MIN_NUMBER_OF_CALLS = 50 ) diff --git a/components/automate-cli/pkg/verifyserver/services/fqdnservice/fqdnservice.go b/components/automate-cli/pkg/verifyserver/services/fqdnservice/fqdnservice.go index 22d315e4ba0..f02efd231c1 100644 --- a/components/automate-cli/pkg/verifyserver/services/fqdnservice/fqdnservice.go +++ b/components/automate-cli/pkg/verifyserver/services/fqdnservice/fqdnservice.go @@ -200,7 +200,15 @@ func (fq *FqdnService) fqdnReachable(fqdn, rootCert, nodeType string, isAfterDep err := fq.triggerRequest(client, url, duration) if err != nil { - return createCheck(constants.FQDN_TITLE, false, "", err.Error(), constants.FQDN_RESOLUTION_MESSAGE) + resoultion_message := "" + if strings.Contains(err.Error(), constants.CERT_CN_MISMATCH_ERROR_PATTERN) { + resoultion_message = constants.CERT_CN_MISMATCH_RESOLUTION_MESSAGE + } else if strings.Contains(err.Error(), constants.INVALID_FQDN_CERT_ERROR_PATTERN) { + resoultion_message = constants.INVALID_FQDN_CERT_RESOLUTION_MESSAGE + } else { + resoultion_message = constants.GENERIC_FQDN_CERT_RESOLUTION_MESSAGE + } + return createCheck(constants.FQDN_TITLE, false, "", err.Error(), resoultion_message) } return createCheck(constants.FQDN_TITLE, true, constants.FQDN_TITLE, "", "") } From b102fd2f9c474a6d98ebcc2f0af09f3ad52027b4 Mon Sep 17 00:00:00 2001 From: Arvinth C Date: Wed, 4 Oct 2023 11:38:24 +0530 Subject: [PATCH 04/11] Updating test case Signed-off-by: Arvinth C --- .../verifyserver/services/fqdnservice/fqdnservice_test.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/components/automate-cli/pkg/verifyserver/services/fqdnservice/fqdnservice_test.go b/components/automate-cli/pkg/verifyserver/services/fqdnservice/fqdnservice_test.go index bc4c0f6a69c..10fa2e66d8c 100644 --- a/components/automate-cli/pkg/verifyserver/services/fqdnservice/fqdnservice_test.go +++ b/components/automate-cli/pkg/verifyserver/services/fqdnservice/fqdnservice_test.go @@ -326,7 +326,7 @@ func TestCheckFqdnReachability(t *testing.T) { Passed: false, SuccessMsg: "", ErrorMsg: "Get \"https://localhost2:5345\": dial tcp: lookup localhost2: no such host", - ResolutionMsg: constants.FQDN_RESOLUTION_MESSAGE, + ResolutionMsg: constants.GENERIC_FQDN_CERT_RESOLUTION_MESSAGE, }, { Title: constants.NODE_TITLE, @@ -546,7 +546,7 @@ func TestCheckFqdnReachability(t *testing.T) { Passed: false, SuccessMsg: "", ErrorMsg: "Get \"https://localhost2:5345/_status\": dial tcp: lookup localhost2: no such host", - ResolutionMsg: constants.FQDN_RESOLUTION_MESSAGE, + ResolutionMsg: constants.GENERIC_FQDN_CERT_RESOLUTION_MESSAGE, }, { Title: constants.NODE_TITLE, @@ -610,7 +610,7 @@ func TestCheckFqdnReachability(t *testing.T) { Passed: false, SuccessMsg: "", ErrorMsg: "Get \"https://localhost2:5345\": dial tcp: lookup localhost2: no such host", - ResolutionMsg: constants.FQDN_RESOLUTION_MESSAGE, + ResolutionMsg: constants.GENERIC_FQDN_CERT_RESOLUTION_MESSAGE, }, { Title: constants.NODE_TITLE, @@ -713,7 +713,7 @@ func TestCheckFqdnReachability(t *testing.T) { Passed: false, SuccessMsg: "", ErrorMsg: constants.FQDN_ERROR_MESSAGE, - ResolutionMsg: constants.FQDN_RESOLUTION_MESSAGE, + ResolutionMsg: constants.GENERIC_FQDN_CERT_RESOLUTION_MESSAGE, }, { Title: constants.NODE_TITLE, From c13e2d8c6e11df63221a01d99e1f0154a912741c Mon Sep 17 00:00:00 2001 From: Arvinth C Date: Fri, 6 Oct 2023 19:14:53 +0530 Subject: [PATCH 05/11] Updating resolve messages Signed-off-by: Arvinth C --- components/automate-cli/pkg/verifyserver/constants/fqdn.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/components/automate-cli/pkg/verifyserver/constants/fqdn.go b/components/automate-cli/pkg/verifyserver/constants/fqdn.go index 68ac9688162..29884efa4de 100644 --- a/components/automate-cli/pkg/verifyserver/constants/fqdn.go +++ b/components/automate-cli/pkg/verifyserver/constants/fqdn.go @@ -4,16 +4,16 @@ const ( FQDN_TITLE = "FQDN is reachable" FQDN_ERROR_MESSAGE = "FQDN is not reachable" INVALID_CERTIFICATE_ERROR = "FQDN is not reachable" - FQDN_RESOLUTION_MESSAGE = "Ensure FQDN is reachable and mapped to load balancer.Also, ensure your Port 443 is open and load balancer is able to reach to the machine on port 443. Review security group or firewall settings." + FQDN_RESOLUTION_MESSAGE = "Ensure FQDN is reachable and mapped to load balancer. Also, ensure your Port 443 is open and load balancer is able to reach to the machine on port 443. Review security group or firewall settings." CERT_CN_MISMATCH_RESOLUTION_MESSAGE = "Ensure the certificate provided is Valid. In case of self-signed certificate, make sure the DNS provided in \"subjectAltName\" matches with \"CN\" (Common Name)" CERT_CN_MISMATCH_ERROR_PATTERN = "x509: certificate is not valid for any names, but wanted to match" INVALID_FQDN_CERT_RESOLUTION_MESSAGE = "Ensure the certificate provided is Valid. In case of self-signed certificate, make sure the root-ca and the certificate provided in LB belongs to same CA" INVALID_FQDN_CERT_ERROR_PATTERN = "x509: certificate signed by unknown authority" - GENERIC_FQDN_CERT_RESOLUTION_MESSAGE = "Ensure the certificate provided is Valid. Also check if the FQDN is reachable, and mapped to load balancer. Review security group or firewall settings." + GENERIC_FQDN_CERT_RESOLUTION_MESSAGE = "Ensure the certificate provided is Valid. Also check if the FQDN is reachable, and mapped to load balancer. Review security group or firewall settings for the load-balance." NODE_TITLE = "Nodes are reachable" NODE_SUCCESS_MESSAGE = "All nodes are reachable" NODE_ERROR_MESSAGE = "%v is not reachable" - NODE_RESOLUTION_MESSAGE = "Ensure your Port 443 is open. Review security group or firewall settings." + NODE_RESOLUTION_MESSAGE = "Ensure your Port 443 is open. Review security group or firewall settings of the node." CERTIFICATE_TITLE = "Certificate validity for FQDN" CERTIFICATE_SUCCESS_MESSAGE = "FQDN has with valid certificates" CERTIFICATE_ERROR_MESSAGE = "FQDN certificate is not valid." From 8946d9ec9c7a1718f022062f66f16167827dd0fa Mon Sep 17 00:00:00 2001 From: Arvinth C Date: Tue, 10 Oct 2023 18:36:39 +0530 Subject: [PATCH 06/11] Adding timeout in server-not-reachable Signed-off-by: Arvinth C --- .../pkg/verifyserver/services/fqdnservice/fqdnservice.go | 1 + 1 file changed, 1 insertion(+) diff --git a/components/automate-cli/pkg/verifyserver/services/fqdnservice/fqdnservice.go b/components/automate-cli/pkg/verifyserver/services/fqdnservice/fqdnservice.go index f02efd231c1..fe530293afe 100644 --- a/components/automate-cli/pkg/verifyserver/services/fqdnservice/fqdnservice.go +++ b/components/automate-cli/pkg/verifyserver/services/fqdnservice/fqdnservice.go @@ -167,6 +167,7 @@ loop: if err != nil { fq.log.Error("Iteration logs: ", err.Error()) fqdnError = err + time.Sleep(3 * time.Second) continue } fq.log.Debug("Status Code: ", res.StatusCode) From 5cab0d4c9db3eea708a32c02fc598d14719aa083 Mon Sep 17 00:00:00 2001 From: Arvinth C Date: Wed, 11 Oct 2023 12:54:37 +0530 Subject: [PATCH 07/11] Review comments Signed-off-by: Arvinth C --- components/automate-cli/pkg/verifyserver/constants/fqdn.go | 1 - 1 file changed, 1 deletion(-) diff --git a/components/automate-cli/pkg/verifyserver/constants/fqdn.go b/components/automate-cli/pkg/verifyserver/constants/fqdn.go index 29884efa4de..8e4caf941bf 100644 --- a/components/automate-cli/pkg/verifyserver/constants/fqdn.go +++ b/components/automate-cli/pkg/verifyserver/constants/fqdn.go @@ -3,7 +3,6 @@ package constants const ( FQDN_TITLE = "FQDN is reachable" FQDN_ERROR_MESSAGE = "FQDN is not reachable" - INVALID_CERTIFICATE_ERROR = "FQDN is not reachable" FQDN_RESOLUTION_MESSAGE = "Ensure FQDN is reachable and mapped to load balancer. Also, ensure your Port 443 is open and load balancer is able to reach to the machine on port 443. Review security group or firewall settings." CERT_CN_MISMATCH_RESOLUTION_MESSAGE = "Ensure the certificate provided is Valid. In case of self-signed certificate, make sure the DNS provided in \"subjectAltName\" matches with \"CN\" (Common Name)" CERT_CN_MISMATCH_ERROR_PATTERN = "x509: certificate is not valid for any names, but wanted to match" From 1bb8de12057c4bce36b00ac8075371731ebf5964 Mon Sep 17 00:00:00 2001 From: Arvinth C Date: Thu, 12 Oct 2023 15:17:17 +0530 Subject: [PATCH 08/11] FQDN reachablility timeout Signed-off-by: Arvinth C --- components/automate-cli/pkg/verifyserver/server/api/v1/fqdn.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/automate-cli/pkg/verifyserver/server/api/v1/fqdn.go b/components/automate-cli/pkg/verifyserver/server/api/v1/fqdn.go index 7a931b70d34..9d47920909f 100644 --- a/components/automate-cli/pkg/verifyserver/server/api/v1/fqdn.go +++ b/components/automate-cli/pkg/verifyserver/server/api/v1/fqdn.go @@ -37,6 +37,6 @@ func (h *Handler) CheckFqdn(c *fiber.Ctx) error { return fiber.NewError(http.StatusBadRequest, "node_type should be automate or chef-infra-server, Please provide node_type.") } - res := h.FqdnService.CheckFqdnReachability(*req, constants.DEFAULT_HTTPS_PORT, time.Second*30) + res := h.FqdnService.CheckFqdnReachability(*req, constants.DEFAULT_HTTPS_PORT, time.Second*60) return c.JSON(response.BuildSuccessResponse(res)) } From 26d10a844a994095d8c34d58dc3c5609c247b20a Mon Sep 17 00:00:00 2001 From: Arvinth C Date: Thu, 12 Oct 2023 16:06:41 +0530 Subject: [PATCH 09/11] Doc change Signed-off-by: Arvinth C --- .../docs-chef-io/content/automate/ha_cert_selfsign.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/components/docs-chef-io/content/automate/ha_cert_selfsign.md b/components/docs-chef-io/content/automate/ha_cert_selfsign.md index bbb7054d9ac..c6a86a8961e 100644 --- a/components/docs-chef-io/content/automate/ha_cert_selfsign.md +++ b/components/docs-chef-io/content/automate/ha_cert_selfsign.md @@ -51,7 +51,7 @@ You can create a self-signed key and certificate pair with the **OpenSSL** utili echo extendedKeyUsage = clientAuth, serverAuth > client_cert_ext.cnf echo subjectAltName = DNS:chefclient >> client_cert_ext.cnf openssl genrsa -out root-ca-key.pem 2048 - openssl req -new -x509 -sha256 -key root-ca-key.pem -subj "/C=US/ST=Washington/L=Seattle/O=Chef Software Inc/CN=progress" -out root-ca.pem -days 1095 + openssl req -new -x509 -sha256 -key root-ca-key.pem -subj "/C=US/ST=Washington/L=Seattle/O=Chef Software Inc/CN=progress" -out root-ca.pem -days 1095 -addext basicConstraints=CA:TRUE # Admin cert openssl genrsa -out admin-key-temp.pem 2048 @@ -82,6 +82,12 @@ You can create a self-signed key and certificate pair with the **OpenSSL** utili {{< note >}} +To create self-signed certificate for FQDN make sure to provide proper DNS and CN value. The DNS in Subject Alternative Name should match with the CN (Comman Name) + +{{< /note >}} + +{{< note >}} + Please refer Opensearch certificate [documentation](https://opensearch.org/docs/1.2/security-plugin/configuration/tls/#x509-pem-certificates-and-pkcs-8-keys) {{< /note >}} \ No newline at end of file From 594e21bb23d9395eea57012c8f68066fdb344cb8 Mon Sep 17 00:00:00 2001 From: Arvinth C Date: Tue, 17 Oct 2023 20:20:21 +0530 Subject: [PATCH 10/11] Fixing test case for pipeline Signed-off-by: Arvinth C --- .../services/fqdnservice/fqdnservice_test.go | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/components/automate-cli/pkg/verifyserver/services/fqdnservice/fqdnservice_test.go b/components/automate-cli/pkg/verifyserver/services/fqdnservice/fqdnservice_test.go index 10fa2e66d8c..57b6dc19855 100644 --- a/components/automate-cli/pkg/verifyserver/services/fqdnservice/fqdnservice_test.go +++ b/components/automate-cli/pkg/verifyserver/services/fqdnservice/fqdnservice_test.go @@ -325,7 +325,7 @@ func TestCheckFqdnReachability(t *testing.T) { Title: constants.FQDN_TITLE, Passed: false, SuccessMsg: "", - ErrorMsg: "Get \"https://localhost2:5345\": dial tcp: lookup localhost2: no such host", + ErrorMsg: "no such host", ResolutionMsg: constants.GENERIC_FQDN_CERT_RESOLUTION_MESSAGE, }, { @@ -545,7 +545,7 @@ func TestCheckFqdnReachability(t *testing.T) { Title: constants.FQDN_TITLE, Passed: false, SuccessMsg: "", - ErrorMsg: "Get \"https://localhost2:5345/_status\": dial tcp: lookup localhost2: no such host", + ErrorMsg: "no such host", ResolutionMsg: constants.GENERIC_FQDN_CERT_RESOLUTION_MESSAGE, }, { @@ -609,7 +609,7 @@ func TestCheckFqdnReachability(t *testing.T) { Title: constants.FQDN_TITLE, Passed: false, SuccessMsg: "", - ErrorMsg: "Get \"https://localhost2:5345\": dial tcp: lookup localhost2: no such host", + ErrorMsg: "no such host", ResolutionMsg: constants.GENERIC_FQDN_CERT_RESOLUTION_MESSAGE, }, { @@ -731,7 +731,18 @@ func TestCheckFqdnReachability(t *testing.T) { for _, e := range tests { t.Run(e.TestName, func(t *testing.T) { res := fq.CheckFqdnReachability(e.ReqBody, e.Port, time.Second*2) - assert.Equal(t, e.ResponseBody, res) + if e.ResponseBody.Passed { + assert.Equal(t, e.ResponseBody, res) + } else { + for i := 0; i < len(e.ResponseBody.Checks); i++ { + check := e.ResponseBody.Checks[i] + if check.Passed { + assert.Contains(t, check.SuccessMsg, check.SuccessMsg) + } else { + assert.Contains(t, check.ErrorMsg, check.ErrorMsg) + } + } + } }) } } From 55e1251aa511e328eca3f50c1e9f0840e464db99 Mon Sep 17 00:00:00 2001 From: Arvinth C Date: Tue, 17 Oct 2023 20:31:54 +0530 Subject: [PATCH 11/11] Fixing test case for pipeline Signed-off-by: Arvinth C --- .../pkg/verifyserver/services/fqdnservice/fqdnservice_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/components/automate-cli/pkg/verifyserver/services/fqdnservice/fqdnservice_test.go b/components/automate-cli/pkg/verifyserver/services/fqdnservice/fqdnservice_test.go index 57b6dc19855..58c3269a39c 100644 --- a/components/automate-cli/pkg/verifyserver/services/fqdnservice/fqdnservice_test.go +++ b/components/automate-cli/pkg/verifyserver/services/fqdnservice/fqdnservice_test.go @@ -737,9 +737,9 @@ func TestCheckFqdnReachability(t *testing.T) { for i := 0; i < len(e.ResponseBody.Checks); i++ { check := e.ResponseBody.Checks[i] if check.Passed { - assert.Contains(t, check.SuccessMsg, check.SuccessMsg) + assert.Contains(t, res.Checks[i].SuccessMsg, check.SuccessMsg) } else { - assert.Contains(t, check.ErrorMsg, check.ErrorMsg) + assert.Contains(t, res.Checks[i].ErrorMsg, check.ErrorMsg) } } }