search

tinkerbell / playground

Example deployments of the Tinkerbell Stack for use as playground environments
Apache License 2.0
127 stars 85 forks source link

Fix TLS gen() func to use updated csr file: #128

Closed jacobweinstock closed 2 years ago

jacobweinstock commented 2 years ago

Description

This fixes a regression in the docker-compose where the TINKERBELL_HOST_IP in the .env file wasn't showing up as a sans ip in the TLS certificate. This caused all TLS communication with the Tink server to fail with an error like:

x509: certificate is valid for 192.168.56.4, 127.0.0.1, not 192.168.2.150

This was happening because the updated csr.json file was not being used to generate the TLS certs. In this line here, the csr.json is updated and written to this location here. But this line here, where the TLS certs are generated, was not using this updated location. It was using this hardcoded location: /app/csr.json.

Why is this needed

Fixes: #127

How Has This Been Tested?

How are existing users impacted? What migration steps/scripts do we need?

The certs docker volume will need to be deleted, remove ./deploy/compose/state/webroot/workflow/ca.pem and then re-run docker-compose up -d

or 

docker-compose down -v --remove-orphans
rm deploy/compose/state/webroot/workflow/ca.pem
git checkout main
git pull
docker-compose up -d

Checklist:

I have:

mmlb commented 2 years ago

Thanks!