Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reuse certs #1402

Closed
wants to merge 3 commits into from
Closed

Reuse certs #1402

wants to merge 3 commits into from

Conversation

nzoschke
Copy link
Contributor

@nzoschke nzoschke commented Nov 16, 2016
edited
Loading

Demo

# no certs exist
$ convox certs
ID                DOMAIN       EXPIRES

$ cd convox-guide
$ convox apps create

# first deploy creates a cert and SSL endpoints
$ convox deploy
...
Promoting RZEXQRXNHTI... UPDATING

$ convox apps info
Name       convox-guide
Status     running
Release    RZEXQRXNHTI
Processes  redis web worker
Endpoints  convox-guide-web-NQKTDIJ-553968778.us-east-1.elb.amazonaws.com:80 (web)
           convox-guide-web-NQKTDIJ-553968778.us-east-1.elb.amazonaws.com:443 (web)
           internal-convox-guide-redis-FGGZQIL-i-518573721.us-east-1.elb.amazonaws.com:6379 (redis)

$ convox certs
ID                              DOMAIN                 EXPIRES
cert-dev-east-1479341785-53506  *.*.elb.amazonaws.com  1 year from now

# second app create / deploy reuses the cert
$ convox apps create guide2
$ convox deploy --app guide2

$ convox apps info
Name       guide2
Status     running
Release    RZEXQRXNHTI
Processes  redis web worker
Endpoints  guide2-web-NQKTDIJ-553968778.us-east-1.elb.amazonaws.com:80 (web)
           guide2-web-NQKTDIJ-553968778.us-east-1.elb.amazonaws.com:443 (web)
           internal-guide2-redis-FGGZQIL-i-518573721.us-east-1.elb.amazonaws.com:6379 (redis)


$ convox certs
ID                              DOMAIN                 EXPIRES
cert-dev-east-1479341785-53506  *.*.elb.amazonaws.com  1 year from now

@codecov-io
Copy link

codecov-io commented Nov 16, 2016
edited
Loading

Current coverage is 29.04% (diff: 0.00%)

Merging #1402 into master will decrease coverage by 0.04%

@@             master      #1402   diff @@
==========================================
  Files           137        137          
  Lines         12900      12923    +23   
  Methods           0          0          
  Messages          0          0          
  Branches          0          0          
==========================================
+ Hits           3752       3753     +1   
- Misses         8750       8772    +22   
  Partials        398        398

Powered by Codecov. Last update 46de994...b73da58

MiguelMoll
MiguelMoll reviewed Nov 17, 2016
View reviewed changes
api/models/release.go

app.Parameters[certParam] = *res.ServerCertificateMetadata.Arn

time.Sleep(45 * time.Second) // delay to let cert propagate
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this sleep a test or do we really want something like that?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is a test, but based on the AWS ticket.

We observed certs created 30s before the CF stack creation that couldn't be used.

So the hypothesis is that adding a sleep will help with IAM delay and let the first deploy work more reliably.

But we also have evidence that this may have been a transient error so maybe we don't need it.

@MiguelMoll
Copy link
Contributor

Using existing rack cert for apps

@nzoschke
Copy link
Contributor Author

Cert/ELB debugging

@nzoschke nzoschke changed the title [WIP] Reuse certs Reuse certs Nov 17, 2016
@nzoschke
Copy link
Contributor Author

👍

@MiguelMoll MiguelMoll added this to the 20161116 milestone Nov 17, 2016
MiguelMoll added a commit that referenced this pull request Nov 17, 2016
@MiguelMoll
[merge] pull request #1402
a0865ab
@MiguelMoll MiguelMoll mentioned this pull request Nov 17, 2016
Merged
18 tasks
@MiguelMoll MiguelMoll deleted the reuse-certs branch December 13, 2016 15:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MiguelMoll MiguelMoll MiguelMoll approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
20161116
Development

Successfully merging this pull request may close these issues.
3 participants
@nzoschke @codecov-io @MiguelMoll