[GitHub] [trafficcontrol] zrhoffman commented on a diff in pull request #7450: Update cdn config (Remove hypnotoad section and update listen field)

Wed, 10 May 2023 14:25:51 -0700 


zrhoffman commented on code in PR #7450:
URL: https://github.com/apache/trafficcontrol/pull/7450#discussion_r1190391609


##########
.github/actions/to-integration-tests/cdn.json:
##########
@@ -4,8 +4,9 @@
        "role_based_permissions": true,
        "traffic_ops_golang": {
                "insecure": true,
-               "cert" : "$PWD/localhost.crt",
-               "key" : "$PWD/localhost.key",
+               "listen": [
+                       
"https://not-a-real-host.test:1?cert=$PWD/localhost.crt&key=$PWD/localhost.key";
+               ],

Review Comment:
   Having `"cert"` and `"key"` fields is preferable IMO, why revert it back to 
they hypnotoad way of getting the cert an key as GET variables of the *listen* 
URL?



##########
traffic_ops/install/bin/_postinstall.py:
##########
@@ -886,24 +886,32 @@ def setup_certificates(conf, root, ops_user, ops_group): 
# type: (SSLConfig, str
                exception.__cause__ = e
                raise exception
 
-       to_golang = cdn_conf["traffic_ops_golang"]
        if (
-               "cert" not in to_golang or
-               not isinstance(to_golang["cert"], list)
-       ):
-               log_msg = """   The "cert" portion of %s is missing from %s
+                       not isinstance(cdn_conf, dict) or
+                       "traffic_ops_golang" not in cdn_conf or
+                       not isinstance(cdn_conf["traffic_ops_golang"], dict)
+               ):
+                       logging.critical("Malformed %s; improper object and/or 
missing 'traffic_ops_golang' key", cdn_conf_path)
+               return 1
+
+       to_golang = cdn_conf["traffic_ops_golang"]
+               if (
+                       "listen" not in traffic_ops_golang or

Review Comment:
   I get a stack trace running `./postinstall.test.sh`:
   
   ```python
   INFO:root:Starting postinstall
   INFO:root:Debug is on
   INFO:root:Running in automatic mode
   INFO:root:Using input file /tmp/tmp.DTjLbmAc4k/defaults.json
   INFO:root:File sanity check complete - found 0 differences
   
INFO:root:===========/opt/traffic_ops/app/conf/production/database.conf===========
   INFO:root:Database configuration has been saved
   INFO:root:===========/opt/traffic_ops/app/conf/production/tv.conf===========
   INFO:root:Database configuration has been saved
   INFO:root:===========/opt/traffic_ops/app/conf/ldap.conf===========
   INFO:root:===========/opt/traffic_ops/install/data/json/users.json===========
   
INFO:root:===========/opt/traffic_ops/install/data/json/openssl_configuration.json===========
   
INFO:root:===========/opt/traffic_ops/install/data/json/profiles.json===========
   INFO:root:Installing SSL Certificates
   INFO:root:
           We're now running a script to generate a self signed X509 SSL 
certificate
   INFO:root:Postinstall SSL Certificate Creation
   INFO:root:The server key has been generated
   INFO:root:Generating an RSA Private Server Key
   INFO:root:Creating a Certificate Signing Request (CSR)
   INFO:root:The Certificate Signing Request has been generated
   INFO:root:Removing the pass phrase from the server key
   INFO:root:The pass phrase has been removed from the server key
   INFO:root:Generating a Self-signed certificate
   INFO:root:A server key and self signed certificate has been generated
   INFO:root:Installing a server key and certificate
   INFO:root:The private key has been installed
   INFO:root:Installing self signed certificate
   INFO:root:Saving the self signed csr
   INFO:root:
           The self signed certificate has now been installed.
   
           You may obtain a certificate signed by a Certificate Authority using 
the
           server.csr file saved in the current directory.  Once you have 
obtained
           a signed certificate, copy it to 
/tmp/tmp.DTjLbmAc4k/etc/pki/tls/certs/localhost.crt and
           restart Traffic Ops.
   Traceback (most recent call last):
     File 
"/home/zhoffm468/go/src/github.com/apache/trafficcontrol/traffic_ops/install/bin/_postinstall.py",
 line 1510, in <module>
       EXIT_CODE = main(
                   ^^^^^
     File 
"/home/zhoffm468/go/src/github.com/apache/trafficcontrol/traffic_ops/install/bin/_postinstall.py",
 line 1314, in main
       cert_code = setup_certificates(opensslconf, root_dir, ops_user, 
ops_group)
                   
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     File 
"/home/zhoffm468/go/src/github.com/apache/trafficcontrol/traffic_ops/install/bin/_postinstall.py",
 line 899, in setup_certificates
       "listen" not in traffic_ops_golang or
                       ^^^^^^^^^^^^^^^^^^
   NameError: name 'traffic_ops_golang' is not defined
   ```



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to