Fix TLS gen() func to use updated csr file: #128
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
This fixes a regression in the docker-compose where the
TINKERBELL_HOST_IP
in the .env file wasn't showing up as a sans ip in the TLS certificate. This caused all TLS communication with the Tink server to fail with an error like:x509: certificate is valid for 192.168.56.4, 127.0.0.1, not 192.168.2.150
This was happening because the updated csr.json file was not being used to generate the TLS certs. In this line here, the csr.json is updated and written to this location here. But this line here, where the TLS certs are generated, was not using this updated location. It was using this hardcoded location:
/app/csr.json
.Why is this needed
Fixes: #127
How Has This Been Tested?
How are existing users impacted? What migration steps/scripts do we need?
The certs docker volume will need to be deleted, remove ./deploy/compose/state/webroot/workflow/ca.pem and then re-run
docker-compose up -d
or
Checklist:
I have: