Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add information about SSL certificates in the default log level. #459

Merged
merged 1 commit into from
Mar 17, 2017
Merged

Add information about SSL certificates in the default log level. #459

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions core/pkg/ingress/controller/backend_ssl.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -76,11 +76,11 @@ func (ic *GenericController) syncSecret(k interface{}) error {
// no need to update
return nil
}
glog.V(3).Infof("updating secret %v/%v in the store", sec.Namespace, sec.Name)
glog.Infof("updating secret %v/%v in the local store", sec.Namespace, sec.Name)
ic.sslCertTracker.Update(key, cert)
return nil
}
glog.V(3).Infof("adding secret %v/%v to the store", sec.Namespace, sec.Name)
glog.Infof("adding secret %v/%v to the local store", sec.Namespace, sec.Name)
ic.sslCertTracker.Add(key, cert)
return nil
}
Expand All @@ -106,10 +106,10 @@ func (ic *GenericController) getPemCertificate(secretName string) (*ingress.SSLC

var s *ingress.SSLCert
if okcert && okkey {
glog.V(3).Infof("found certificate and private key, configuring %v as a TLS Secret", secretName)
glog.Infof("found certificate and private key, configuring %v as a TLS Secret", secretName)
s, err = ssl.AddOrUpdateCertAndKey(nsSecName, cert, key, ca)
} else if ca != nil {
glog.V(3).Infof("found only ca.crt, configuring %v as an Certificate Authentication secret", secretName)
glog.Infof("found only ca.crt, configuring %v as an Certificate Authentication secret", secretName)
s, err = ssl.AddCertAuth(nsSecName, ca)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@aledbf these lines above log every 10 seconds. Don't know if the whole func shouldn't be running or if the logs shouldn't be as default logs. What about reinclude V() until a correct fix is provided?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Don't know if the whole func shouldn't be running or if the logs shouldn't be as default logs

We need to know if there is an issue with the certs. Let me see if I can change this to show only errors in the default level.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@aledbf Our logs are a bit noisy and I think there is nothing we can do outside Ingress core. Let me know if I can provide some help or if there is a fix in a couple of days. Otherwise no problem! I make a temporary fork and wait the final solution.

} else {
return nil, fmt.Errorf("ko keypair or CA cert could be found in %v", secretName)
Expand Down
10 changes: 10 additions & 0 deletions core/pkg/ingress/controller/controller.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -960,14 +960,24 @@ func (ic *GenericController) createServers(data []interface{},
}
}

if tlsSecretName == "" {
glog.Warningf("ingress rule %v/%v for host %v does not contains a matching tls host", ing.Namespace, ing.Name, host)
glog.V(2).Infof("%v", ing.Spec.TLS)
continue
}

key := fmt.Sprintf("%v/%v", ing.Namespace, tlsSecretName)
bc, exists := ic.sslCertTracker.Get(key)
if exists {
cert := bc.(*ingress.SSLCert)
if isHostValid(host, cert) {
servers[host].SSLCertificate = cert.PemFileName
servers[host].SSLPemChecksum = cert.PemSHA
} else {
glog.Warningf("ssl certificate %v does not contains a common name for host %v", key, host)
}
} else {
glog.Warningf("ssl certificate \"%v\" does not exist in local store", key)
}
}
}
Expand Down
2 changes: 1 addition & 1 deletion core/pkg/ingress/controller/util.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ func isHostValid(host string, cert *ingress.SSLCert) bool {
return false
}
for _, cn := range cert.CN {
if matchHostnames(cn, host) {
if matchHostnames(cn, strings.ToLower(host)) {
return true
}
}
Expand Down