fix: enhance logging for TLS certificate management and security

ysicing · ysicing · commit bfc103a875bc · 2024-10-23T14:56:51.000+08:00
- Update log messages to use `Infof` instead of `Debugf` for better visibility.
- Add success confirmation logs after renewing TLS certificates.
- Modify the warning message to include advice on handling security notices during cluster installation.

Signed-off-by: ysicing &lt;i@ysicing.me&gt;
diff --git a/internal/pkg/util/httptls/httptls.go b/internal/pkg/util/httptls/httptls.go
@@ -39,6 +39,7 @@ func CheckReNewCertificate(force bool) (err error) {
 			}
 		}
 		if needRenew {
+			log.Infof("domain %s's certificate need renew now, start to renew", domain)
 			return renewCertificate(domain)
 		}
 		log.Infof("domain %s's certificate has not expired ", domain)
@@ -50,7 +51,7 @@ func CheckReNewCertificate(force bool) (err error) {
 
 func checkCertificate(domain string) (bool, error) {
 	log := log.GetInstance()
-	log.Debugf("start check domain %s certificate", domain)
+	log.Infof("start check domain %s certificate", domain)
 	tr := &http.Transport{
 		TLSClientConfig: &tls.Config{InsecureSkipVerify: false}, // nolint:gosec
 	}
@@ -88,13 +89,16 @@ func renewCertificate(domain string) error {
 	mainDomain := fmt.Sprintf("%s.%s", ds[len(ds)-2], ds[len(ds)-1])
 	coreDomain := fmt.Sprintf("%s.%s.%s", ds[len(ds)-3], ds[len(ds)-2], ds[len(ds)-1])
 	tlsfile := fmt.Sprintf("https://pkg.qucheng.com/ssl/%s/%s/tls.yaml", mainDomain, coreDomain)
+	log.Infof("renew %s tls certificate", domain)
 	log.Debugf("renew default tls certificate use %s", tlsfile)
 	if err := qcexec.Command(os.Args[0], "experimental", "kubectl", "apply", "-f", tlsfile, "-n", common.GetDefaultSystemNamespace(true), "--kubeconfig", common.GetKubeConfig()).Run(); err != nil {
 		log.Warnf("load renew tls cert for %s failed, reason: %v", common.GetDefaultSystemNamespace(true), err)
+		return nil
 	}
-	log.Debugf("renew ingress tls certificate")
 	if err := qcexec.Command(os.Args[0], "experimental", "kubectl", "apply", "-f", tlsfile, "--kubeconfig", common.GetKubeConfig()).Run(); err != nil {
 		log.Warnf("load renew tls cert for default failed, reason: %v", err)
+		return nil
 	}
+	log.Donef("renew tls certificate success")
 	return nil
 }
diff --git a/pkg/quickon/quickon.go b/pkg/quickon/quickon.go
@@ -277,7 +277,7 @@ func (m *Meta) Init() error {
 					// TODO  timeout
 					m.Log.Warnf("wait tls cert ready, timeout: %v", trywaitsc.Sub(waittls).Seconds())
 					cmd := fmt.Sprintf("%s pt tls", os.Args[0])
-					m.Log.Warnf("wait cluster install success, please use cmd check: %s", color.SGreen(cmd))
+					m.Log.Warnf("wait cluster install success, visit %s notice 'Your connection to this site isn't secure', please use follow cmd check and fix: %s", color.SGreen(m.Domain), color.SGreen(cmd))
 					break
 				}
 			}

Original file line number	Diff line number	Diff line change
`@@ -39,6 +39,7 @@ func CheckReNewCertificate(force bool) (err error) {`
`39`	`39`	`}`
`40`	`40`	`}`
`41`	`41`	`if needRenew {`
	`42`	`+ log.Infof("domain %s's certificate need renew now, start to renew", domain)`
`42`	`43`	`return renewCertificate(domain)`
`43`	`44`	`}`
`44`	`45`	`log.Infof("domain %s's certificate has not expired ", domain)`
`@@ -50,7 +51,7 @@ func CheckReNewCertificate(force bool) (err error) {`
`50`	`51`
`51`	`52`	`func checkCertificate(domain string) (bool, error) {`
`52`	`53`	`log := log.GetInstance()`
`53`		`- log.Debugf("start check domain %s certificate", domain)`
	`54`	`+ log.Infof("start check domain %s certificate", domain)`
`54`	`55`	`tr := &http.Transport{`
`55`	`56`	`TLSClientConfig: &tls.Config{InsecureSkipVerify: false}, // nolint:gosec`
`56`	`57`	`}`
`@@ -88,13 +89,16 @@ func renewCertificate(domain string) error {`
`88`	`89`	`mainDomain := fmt.Sprintf("%s.%s", ds[len(ds)-2], ds[len(ds)-1])`
`89`	`90`	`coreDomain := fmt.Sprintf("%s.%s.%s", ds[len(ds)-3], ds[len(ds)-2], ds[len(ds)-1])`
`90`	`91`	`tlsfile := fmt.Sprintf("https://pkg.qucheng.com/ssl/%s/%s/tls.yaml", mainDomain, coreDomain)`
	`92`	`+ log.Infof("renew %s tls certificate", domain)`
`91`	`93`	`log.Debugf("renew default tls certificate use %s", tlsfile)`
`92`	`94`	`if err := qcexec.Command(os.Args[0], "experimental", "kubectl", "apply", "-f", tlsfile, "-n", common.GetDefaultSystemNamespace(true), "--kubeconfig", common.GetKubeConfig()).Run(); err != nil {`
`93`	`95`	`log.Warnf("load renew tls cert for %s failed, reason: %v", common.GetDefaultSystemNamespace(true), err)`
	`96`	`+ return nil`
`94`	`97`	`}`
`95`		`- log.Debugf("renew ingress tls certificate")`
`96`	`98`	`if err := qcexec.Command(os.Args[0], "experimental", "kubectl", "apply", "-f", tlsfile, "--kubeconfig", common.GetKubeConfig()).Run(); err != nil {`
`97`	`99`	`log.Warnf("load renew tls cert for default failed, reason: %v", err)`
	`100`	`+ return nil`
`98`	`101`	`}`
	`102`	`+ log.Donef("renew tls certificate success")`
`99`	`103`	`return nil`
`100`	`104`	`}`
Original file line number	Diff line number	Diff line change
`@@ -277,7 +277,7 @@ func (m *Meta) Init() error {`
`277`	`277`	`// TODO timeout`
`278`	`278`	`m.Log.Warnf("wait tls cert ready, timeout: %v", trywaitsc.Sub(waittls).Seconds())`
`279`	`279`	`cmd := fmt.Sprintf("%s pt tls", os.Args[0])`
`280`		`- m.Log.Warnf("wait cluster install success, please use cmd check: %s", color.SGreen(cmd))`
	`280`	`+ m.Log.Warnf("wait cluster install success, visit %s notice 'Your connection to this site isn't secure', please use follow cmd check and fix: %s", color.SGreen(m.Domain), color.SGreen(cmd))`
`281`	`281`	`break`
`282`	`282`	`}`
`283`	`283`	`}`