insert-self-signed-certificate-from-url.rb: `require': cannot load such file -- sequel (LoadError)

[praveen-em]

Pre issue-raising checklist

I have already (please mark the applicable with an x):

• [x] Confirmed this is the right place to raise the issue - only issues related to the Dockerization of the Pact Broker should be raised here. Issues related to the Pact Broker application itself should be raised in the Pact Broker project.
• [ ] Upgraded to the latest Pact Broker Docker image OR
• [x ] Checked the CHANGELOG to see if the issue I am about to raise has been fixed
• [x] Read the Troubleshooting page

Software versions

• pactfoundation/pact-broker docker image 2.88.0.1
• Openshift platform

Expected behaviour

The script(insert-self-signed-certificate-from-url.rb) runs successfully and loaded the cert into database

Actual behaviour

Script fails with the following error

/usr/local/lib/ruby/2.6.0/rubygems/core_ext/kernel_require.rb:54:in `require': cannot load such file -- sequel (LoadError)
        from /usr/local/lib/ruby/2.6.0/rubygems/core_ext/kernel_require.rb:54:in `require'
        from insert-self-signed-certificate-from-url.rb:6:in `<main>'

Steps to reproduce

1) Copy pasted the script into a .rb file inside the container (within pod) where the broker is running. Broker is connected to Postgres db. 2) Edited database connection details in the script and saved it. 3) Ran the script from /pact-broker location. ruby insert-self-signed-certificate-from-url.rb <URL> <databasename> I am not much familiar with Ruby ecosystem, so, apologies if I have done something silly here. I followed this documentation.

Relevent log files

NA

Please ensure you set logging to DEBUG and attach any relevant log files here (or link from a gist).

[bethesque]

You need to execute the file with bundler in the context of the Gemfile.

Make sure the script file is in the same directory as the Pact Broker's Gemfile, and run bundle exec ruby insert-self-signed-certificate-from-url.rb

[praveen-em]

Thanks @bethesque . The script progressed further but sh: openssl: not found this time.

[praveen-em]

@bethesque , Just a side note/question on a slightly different issue - In the script, I see openssl x509 -outform PEM at the end of the command to output the certificate in pem. I had to do something similar to download/output certificates for pact-cli in my jenkins pipeline but openssl x509 -outform PEM stripped out the intermediate certificates in the chain, so ssl verification continued to fail. has anyone come across this problem before? I had to replace the command with sed -n -e '/-.BEGIN/,/-.END/ p' at the end which did the trick - it gave me the whole chain . I am guessing I might face similar problem with webhooks as well (once I reach that stage) because this script uses X509?

[bethesque]

You'll need to do the step in two parts - on a machine where you have openssl installed, get the certificate out, and get it into the right format. Then load it into the database in a second step. Yes, you will need the whole chain.

[praveen-em]

Thanks @bethesque . I got it working now. For the second step, here is the query (in case anyone else need it) that worked for me.

insert into certificates(uuid, description, content, created_at, updated_at)
Values( md5(random()::text || clock_timestamp()::text)::uuid,
        'Self signed certificate for xxx',
        '<Insert the certificate here>',
        now(),
        now());

[bethesque]

Great!