New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add debug action #76

Merged
merged 4 commits into from Feb 1, 2017

Conversation

Projects
None yet
2 participants
@Cynerva
Copy link
Contributor

Cynerva commented Jan 30, 2017

Follow-up to a recent debug session. Let's get the debug action added to layer-etcd.

@Cynerva

This comment has been minimized.

Copy link
Contributor

Cynerva commented Jan 30, 2017

Fixed a couple problems in testing, oops. This should be good to go now.

alias etcdctl="etcdctl --cert-file /etc/ssl/etcd/client.crt --key-file /etc/ssl/etcd/client.key --ca-file /etc/ssl/etcd/ca.crt"
etcdctl cluster-health > $DEBUG_SCRIPT_DIR/etcdctl-cluster-health
etcdctl ls --recursive > $DEBUG_SCRIPT_DIR/etcdctl-ls
etcdctl member list > $DEBUG_SCRIPT_DIR/etcdctl-member-list

This comment has been minimized.

@Cynerva

Cynerva Jan 30, 2017

Contributor

@chuckbutler I made a naive attempt to grab some useful info from etcd. Do you have any ideas what else we might want here?

This comment has been minimized.

@lazypower

lazypower Jan 31, 2017

Contributor

can we dump x509 info for the tls certificate(s)? I'm still thinking through what other diagnostic information would be helpful, but this is a great start @Cynerva <3

[edit] acutally, does layer:tls-client have the tls debug bits added? it might be better to place it there so every configured tls-client has this out of the box.

This comment has been minimized.

@Cynerva

Cynerva Jan 31, 2017

Contributor

Sure thing.

Hey, actually, any objection to me submitting that to layer-tls-client instead? That'll get it included in the kubernetes charms, too.

I'm guessing that'd be useful? I dunno!

This comment has been minimized.

@lazypower

lazypower Feb 1, 2017

Contributor

Certainly. I think it makes sense to live there so long as we are parsing out the locations from the layer.yaml.

It became a little more obvious to me the more I thought about this that we're going to have to rely on the implementor to actually supply the TLS locations for x509 validation. Thats potentially problematic as I don't know that we can reasonably infer what layer it was included in.

I think it needs more thought and perhaps we can get a dict back of the layer options and just iterate over them to discover which ones have tls-cert keys and can then run the gambit of validations there.

Thanks @Cynerva for the submission. I'm good with this as is and will gladly take further patches to enhance functionality.

@lazypower lazypower merged commit aadc47b into master Feb 1, 2017

2 checks passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details
continuous-integration/travis-ci/push The Travis CI build passed
Details

@Cynerva Cynerva deleted the gkk/add-layer-debug branch Sep 15, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment