-
Notifications
You must be signed in to change notification settings - Fork 111
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Rotate certs on OS nodes with different CN #7815
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
👷 Deploy Preview for chef-automate processing.
|
prasad927
reviewed
Apr 13, 2023
Signed-off-by: sandhi <sagarwal@progress.com>
Signed-off-by: sandhi <sagarwal@progress.com>
Signed-off-by: sandhi <sagarwal@progress.com>
d3e2c87
to
fca44ab
Compare
Signed-off-by: sandhi <sagarwal@progress.com>
vivekshankar1
approved these changes
Apr 14, 2023
prasad927
approved these changes
Apr 14, 2023
punitmundra
approved these changes
Apr 14, 2023
atultherajput
approved these changes
Apr 14, 2023
vipin230
approved these changes
Apr 14, 2023
rishabhjhs
reviewed
Apr 17, 2023
@@ -441,6 +466,27 @@ func (c *certRotateFlow) certRotateOS(sshUtil SSHUtil, certs *certificates, infr | |||
return nil | |||
} | |||
|
|||
func patchOSNodeDN(flagsObj *certRotateFlags, patchFnParam *patchFnParameters, c *certRotateFlow, nodesDn string) error { | |||
|
|||
peerconfig := fmt.Sprintf(OPENSEARCH_DN_CONFIG_FOR_PEERS, fmt.Sprintf("%v", nodesDn)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should this be peerConfig ?
Signed-off-by: sandhi <sagarwal@progress.com>
rishabhjhs
approved these changes
Apr 17, 2023
shaik80
approved these changes
Apr 17, 2023
SonarCloud Quality Gate failed. |
bvtejaswi
approved these changes
Apr 17, 2023
vivek-yadav
approved these changes
Apr 18, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
🔩 Description: What code changed, and why?
In the HA cluster, custom certs can be enabled on the OS nodes where different certs can be set for each node with a different CN. To preserve the behaviour after cert rotation as well, the certs should be rotated node wise and all the nodes should be aware of each other's new CN.
PR contains the changes to ensure that all the OS are aware of each others CN post cert-rotation as well.
⛓️ Related Resources
https://chefio.atlassian.net/browse/CHEF-1024
👍 Definition of Done
👟 How to Build and Test the Change
✅ Checklist
All PRs must tick these:
With occasional exceptions, all PRs from Progress employees must tick these:
make spell
in any component directory)All PRs from Progress employees should tick these if appropriate:
Please add a note next to any checkbox above if you are NOT ticking it.
📷 Screenshots, if applicable
https://progresssoftware.sharepoint.com/:v:/s/ChefCoreC/EdLDtGycikVOv_YHuj3CT-ABLecYXhQf1Y_aMXi0mhETeQ?e=btGtEh