improvement(tls-certs): collect and keep TLS/SSL artifacts #9219
+34
−1
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
dimakr
requested review from
soyacz and
fruch
and removed request for
soyacz
vponomaryov
requested changes
Nov 15, 2024
| @@ -2986,6 +2991,7 @@ def tearDown(self): | |||
| time.sleep(1) # Sleep is needed to let final event being saved into files | |||
| self.save_email_data() | |||
| self.argus_collect_gemini_results() | |||
| self.collect_certs() | |||
There was a problem hiding this comment.
Shouldn't it be called before the line 2988 (self.clean_resources())?
There was a problem hiding this comment.
Certs are collected from SCT runner, so cleaning cluster resources doesn't affect collecting certs.
There was a problem hiding this comment.
we might also consider collecting from nodes, to validate we didn't mess-up transferring them to the correct nodes ?
There was a problem hiding this comment.
Gathering certs from nodes is also interesting, IMHO.
But it can be done later.
dimakr
force-pushed
the
certs_logging_9133
branch
2 times, most recently
from
c456e69
to
107b77f
Compare
vponomaryov
added
backport/2024.2
Collect SSL configuration from SCT runner (node certificates/keys; CA certificate/key; etc.) and node specific certificates from DB/loader nodes. Keep them after a test is finished, similarly to how logs are collected and published. This will facilitate root cause analysis of SCT failures caused by certificate related issues. Closes: scylladb#9133
dimakr
force-pushed
the
certs_logging_9133
branch
from
107b77f
to
a3870ab
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Collect TLS/SSL artifacts (server, client certificates; CA certificate; etc.) and keep them after a test is finished, similarly to how logs are collected and published.
This will facilitate root cause analysis of SCT failures caused by certificate related issues (e.g. "Unknown Subject Alternative name in X.509 certificate" kind of errors, etc.).
Closes: #9133
Testing
PR pre-checks (self review)
backportlabelsReminders
sdcm/sct_config.py)unit-test/folder)