Using nodebalancers config-update - Githubissues

linode / linode-cli

The official Linode command line interface.

https://linode.com

BSD 3-Clause "New" or "Revised" License

373 stars 132 forks source link

Using nodebalancers config-update #32

Closed Xon closed 6 years ago

Xon commented 6 years ago

When attempting to use the rewritten CLI, there doesn't appear to be any documentation on what the SSL cert & key arguments should look like.

linode-cli nodebalancers config-update 123 123 --port 443 --ssl_cert /etc/letsencrypt/live/forums.spacebattles.com/fullchain.pem --ssl_key /etc/letsencrypt/live/forums.spacebattles.com/privkey.pem

Returns:

lerrorsqqqqwqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk
x field    x reason                                              x
tqqqqqqqqqqnqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqu
x ssl_key  x SSL private key appears to be incorrectly formatted x
x ssl_cert x SSL certificate appears to be incorrectly formatted x
mqqqqqqqqqqvqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj

Dorthu commented 6 years ago

I believe it is expecting the full cert/key to be included there. You could do something like this:

linode-cli nodebalancers config-update 123 123 --port 443 --ssl_cert "$(cat /etc/letsencrypt/live/forums.spacebattles.com/fullchain.pem)" --ssl_key "$(cat /etc/letsencrypt/live/forums.spacebattles.com/privkey.pem)"

I'll look into adding the ability to specify files as input to the spec/CLI shortly.

Dorthu commented 6 years ago

This change was release in version 2.0.6 - let me know if it's working as you expect. I believe your original command should work now.

Xon commented 6 years ago

@Dorthu the 2.0.6 CLI works in that it pushes the SSL update, but the API appears to not be handling it correctly.

Pushing a let's encrypt cert+key results in SSL failing until it is updated via the legacy manager's node balancer webpage.

Dorthu commented 6 years ago

Sorry I missed this - I'm going to look into it today and see if I can figure out what's going on.

To clarify, you're creating a cert/key with LetsEncrypt and then uploading them to the NodeBalancer? Is it the same cert/key you're using in the legacy manager?

Xon commented 6 years ago

Yes, should be the same content. (cat'ing the files to console then copy & pasting)

Only thing that might change is end-line type on copy & pasting and trailing whitespace into the legacy manager vs the files on disk via the CLI.

Dorthu commented 6 years ago

I can reproduce this issue, we're looking into it now - I'll update you when I have more info

Dorthu commented 6 years ago

After looking into this for a while, I believe it to be an error in the API. I've created an issue for it in our internal issue tracker and will report back when it's been resolved. Thank you for your patience!

Dorthu commented 6 years ago

Really sorry this took so long - the API bug turned out to be very difficult to unwind. I just shipped the fix - this should work now. Please let me know if it does, and if you have any other issues. Thank you again for your patience!

Xon commented 6 years ago

@Dorthu yup, looks fixed now. The update script no longer kicks my site offline.