Fix/update cert on restart#318
Conversation
Signed-off-by: sanjujunnuthula <sanjuvardhan.junnuthula@capgemini.com>
Signed-off-by: sanjujunnuthula <sanjuvardhan.junnuthula@capgemini.com>
- Add copy_harbor_certificate() helper function to handle both CI and production certificate paths
- Update systemd service to check CI path first, then production path
- Add proper certificate directory creation before operations
- Increase delays in ExecStartPost to ensure CA update completes before restart
- Add NODE_EXTRA_CA_CERTS to all container runs (not just CI)
- Add error handling and validation for critical operations
- Improve logging for certificate operations
- Fix variable escaping in systemd here-doc (\${SYMPHONY_IMAGE_REF})
- Remove unused global HARBOR_CERT_SRC/DEST constants in favor of specific paths"
…ficate handling - Add reusable copy_harbor_certificate() helper function for certificate management - Add certificate path constants at the top of the file - Simplify sync_harbor_cert_for_symphony() to use the new helper function - Improve create_harbor_systemd_service() with proper certificate syncing in ExecStartPost - Add error handling consistency for service status checks before restarts - Clean up formatting and improve code maintainability
Signed-off-by: Ubuntu <margo@margo-wfm-v3.3kqag3nfqq2uvj5n0t1ulon1ge.xx.internal.cloudapp.net>
Signed-off-by: Ubuntu <margo@margo-wfm-v3.3kqag3nfqq2uvj5n0t1ulon1ge.xx.internal.cloudapp.net>
Signed-off-by: Ubuntu <margo@margo-wfm-v3.3kqag3nfqq2uvj5n0t1ulon1ge.xx.internal.cloudapp.net>
Signed-off-by: Ubuntu <margo@margo-wfm-v3.3kqag3nfqq2uvj5n0t1ulon1ge.xx.internal.cloudapp.net>
|
|
||
| # Helper function to locate and copy Harbor certificate | ||
| copy_harbor_certificate() { | ||
| local dest="$1" |
There was a problem hiding this comment.
what is dest? are you getting it from user input?
There was a problem hiding this comment.
dest is the destination path, we are using this in the helper function, it takes the first argument passed through the function let us say copy_harbor_certificate "$symphony_cert_dir/harbor-ca.crt"
| fi | ||
| else | ||
| echo "⚠️ docker-compose.yml not found after prepare" | ||
| fi |
There was a problem hiding this comment.
is any changes done on these lines? seems indentation has been altered.
There was a problem hiding this comment.
no changes done, just a proper format was made making the indentation to align.
| echo "❌ Harbor certificate invalid" | ||
| return 1 | ||
| } | ||
|
|
There was a problem hiding this comment.
reason for these lines?
There was a problem hiding this comment.
one to verify the harbor certs exists and the other if the cert exists then verifying the cert is valid
| go build -o maestro || return 1 | ||
| echo "✅ Maestro CLI built successfully" | ||
| fi | ||
| } |
There was a problem hiding this comment.
reason for changing this and adding one more condition for returning failure code?
There was a problem hiding this comment.
If go mod tidy fails, the script will still continue to build, this is to handle the build failure or any dependency errors
| # Copy Harbor CA certificate from appropriate location | ||
| if ! copy_harbor_certificate "$HARBOR_CERT_DEST"; then | ||
| echo "⚠️ Warning: Harbor certificate not available, container may have SSL issues" | ||
| fi |
There was a problem hiding this comment.
check if it has impact to sanity CI pipeline as copying of harbor certificate changed
There was a problem hiding this comment.
i had run the sanity CI, it worked, it doesn't affect sanity, sharing you the latest actions result
https://github.com/margo/sandbox/actions/runs/27628809051
|
|
||
| [v3_req] | ||
| basicConstraints = CA:FALSE | ||
| basicConstraints = CA:TRUE |
There was a problem hiding this comment.
add this for harbor certificates also
2 participants
updated harbor.sh and symphony.sh to sync harbor cert on sync and added few helper classes for more code readability