The lifecycle-8.pre-release-nsxt41-cvds job started failing on April 11th due to a change in the platform that it is connecting to. Specifically, the certificate associated with the NSXT Manager changed it's TLS certificate to use a wild card cert and the hard coded NSXT Manager host name will no long work (fails with SSL errors when trying to connect to the NSX Manager APIs.
This change dynamically creates an NSXT Manager host name based on information in the SAN of the TLS server certificate. It is aware of SANs that use specific host names or wildcard domain names. In the case of a wildcard, a new FQDN is derived from the wild card cert's domain name. This hostname added to the /etc/hosts file and used as the NSX Manager hostname throughout the tests.
Related PR and Issues
NA
Impacted Areas in Application
CI only.
Type of change
Please delete options that are not relevant.
[x ] Bug fix (non-breaking change which fixes an issue)
How Has This Been Tested?
Tested in a temporary CI Pipeline that had accessed to all necessary infrastructure (Nimbus pools) that pointed to a forked repo for the CI task updates (the same forked repo that is part of this PR). Successfully ran the lifecycle-8.pre-release-nsxt41-cvds job from that temporary pipeline.
To reproduce, updated the pipeline.yaml to point the source-ci Git resource to the repo referenced in this PR and install the pipeline on a Concourse instance that has access to the Nimbus pools (can currently only runs on VMware hosted pipelines). Run the lifecycle-8.pre-release-nsxt41-cvd job and validate that all tests pass.
Description
The lifecycle-8.pre-release-nsxt41-cvds job started failing on April 11th due to a change in the platform that it is connecting to. Specifically, the certificate associated with the NSXT Manager changed it's TLS certificate to use a wild card cert and the hard coded NSXT Manager host name will no long work (fails with SSL errors when trying to connect to the NSX Manager APIs.
This change dynamically creates an NSXT Manager host name based on information in the SAN of the TLS server certificate. It is aware of SANs that use specific host names or wildcard domain names. In the case of a wildcard, a new FQDN is derived from the wild card cert's domain name. This hostname added to the /etc/hosts file and used as the NSX Manager hostname throughout the tests.
Related PR and Issues
NA
Impacted Areas in Application
CI only.
Type of change
Please delete options that are not relevant.
How Has This Been Tested?
Tested in a temporary CI Pipeline that had accessed to all necessary infrastructure (Nimbus pools) that pointed to a forked repo for the CI task updates (the same forked repo that is part of this PR). Successfully ran the lifecycle-8.pre-release-nsxt41-cvds job from that temporary pipeline.
To reproduce, updated the pipeline.yaml to point the
source-ciGit resource to the repo referenced in this PR and install the pipeline on a Concourse instance that has access to the Nimbus pools (can currently only runs on VMware hosted pipelines). Run the lifecycle-8.pre-release-nsxt41-cvd job and validate that all tests pass.