fix: enhance logging for TLS certificate management and security

- Update log messages to use `Infof` instead of `Debugf` for better visibility. - Add success confirmation logs after renewing TLS certificates. - Modify the warning message to include advice on handling security notices during cluster installation. Signed-off-by: ysicing <[email protected]>
easysoft · Oct 23, 2024 · bfc103a · bfc103a
1 parent de51f88
commit bfc103a
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 3 deletions.
diff --git a/internal/pkg/util/httptls/httptls.go b/internal/pkg/util/httptls/httptls.go
@@ -39,6 +39,7 @@ func CheckReNewCertificate(force bool) (err error) {
 			}
 		}
 		if needRenew {
+			log.Infof("domain %s's certificate need renew now, start to renew", domain)
 			return renewCertificate(domain)
 		}
 		log.Infof("domain %s's certificate has not expired ", domain)
@@ -50,7 +51,7 @@ func CheckReNewCertificate(force bool) (err error) {
 
 func checkCertificate(domain string) (bool, error) {
 	log := log.GetInstance()
-	log.Debugf("start check domain %s certificate", domain)
+	log.Infof("start check domain %s certificate", domain)
 	tr := &http.Transport{
 		TLSClientConfig: &tls.Config{InsecureSkipVerify: false}, // nolint:gosec
 	}
@@ -88,13 +89,16 @@ func renewCertificate(domain string) error {
 	mainDomain := fmt.Sprintf("%s.%s", ds[len(ds)-2], ds[len(ds)-1])
 	coreDomain := fmt.Sprintf("%s.%s.%s", ds[len(ds)-3], ds[len(ds)-2], ds[len(ds)-1])
 	tlsfile := fmt.Sprintf("https://pkg.qucheng.com/ssl/%s/%s/tls.yaml", mainDomain, coreDomain)
+	log.Infof("renew %s tls certificate", domain)
 	log.Debugf("renew default tls certificate use %s", tlsfile)
 	if err := qcexec.Command(os.Args[0], "experimental", "kubectl", "apply", "-f", tlsfile, "-n", common.GetDefaultSystemNamespace(true), "--kubeconfig", common.GetKubeConfig()).Run(); err != nil {
 		log.Warnf("load renew tls cert for %s failed, reason: %v", common.GetDefaultSystemNamespace(true), err)
+		return nil
 	}
-	log.Debugf("renew ingress tls certificate")
 	if err := qcexec.Command(os.Args[0], "experimental", "kubectl", "apply", "-f", tlsfile, "--kubeconfig", common.GetKubeConfig()).Run(); err != nil {
 		log.Warnf("load renew tls cert for default failed, reason: %v", err)
+		return nil
 	}
+	log.Donef("renew tls certificate success")
 	return nil
 }
diff --git a/pkg/quickon/quickon.go b/pkg/quickon/quickon.go
@@ -277,7 +277,7 @@ func (m *Meta) Init() error {
 					// TODO  timeout
 					m.Log.Warnf("wait tls cert ready, timeout: %v", trywaitsc.Sub(waittls).Seconds())
 					cmd := fmt.Sprintf("%s pt tls", os.Args[0])
-					m.Log.Warnf("wait cluster install success, please use cmd check: %s", color.SGreen(cmd))
+					m.Log.Warnf("wait cluster install success, visit %s notice 'Your connection to this site isn't secure', please use follow cmd check and fix: %s", color.SGreen(m.Domain), color.SGreen(cmd))
 					break
 				}
 			}