From bfc103a875bc635264f2a84b120a1486678508f8 Mon Sep 17 00:00:00 2001
From: ysicing <i@ysicing.me>
Date: Wed, 23 Oct 2024 14:56:51 +0800
Subject: [PATCH] fix: enhance logging for TLS certificate management and
 security

- Update log messages to use `Infof` instead of `Debugf` for better visibility.
- Add success confirmation logs after renewing TLS certificates.
- Modify the warning message to include advice on handling security notices during cluster installation.

Signed-off-by: ysicing <i@ysicing.me>
---
 internal/pkg/util/httptls/httptls.go | 8 ++++++--
 pkg/quickon/quickon.go               | 2 +-
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/internal/pkg/util/httptls/httptls.go b/internal/pkg/util/httptls/httptls.go
index 524d03f6..93a83b3e 100644
--- a/internal/pkg/util/httptls/httptls.go
+++ b/internal/pkg/util/httptls/httptls.go
@@ -39,6 +39,7 @@ func CheckReNewCertificate(force bool) (err error) {
 			}
 		}
 		if needRenew {
+			log.Infof("domain %s's certificate need renew now, start to renew", domain)
 			return renewCertificate(domain)
 		}
 		log.Infof("domain %s's certificate has not expired ", domain)
@@ -50,7 +51,7 @@ func CheckReNewCertificate(force bool) (err error) {
 
 func checkCertificate(domain string) (bool, error) {
 	log := log.GetInstance()
-	log.Debugf("start check domain %s certificate", domain)
+	log.Infof("start check domain %s certificate", domain)
 	tr := &http.Transport{
 		TLSClientConfig: &tls.Config{InsecureSkipVerify: false}, // nolint:gosec
 	}
@@ -88,13 +89,16 @@ func renewCertificate(domain string) error {
 	mainDomain := fmt.Sprintf("%s.%s", ds[len(ds)-2], ds[len(ds)-1])
 	coreDomain := fmt.Sprintf("%s.%s.%s", ds[len(ds)-3], ds[len(ds)-2], ds[len(ds)-1])
 	tlsfile := fmt.Sprintf("https://pkg.qucheng.com/ssl/%s/%s/tls.yaml", mainDomain, coreDomain)
+	log.Infof("renew %s tls certificate", domain)
 	log.Debugf("renew default tls certificate use %s", tlsfile)
 	if err := qcexec.Command(os.Args[0], "experimental", "kubectl", "apply", "-f", tlsfile, "-n", common.GetDefaultSystemNamespace(true), "--kubeconfig", common.GetKubeConfig()).Run(); err != nil {
 		log.Warnf("load renew tls cert for %s failed, reason: %v", common.GetDefaultSystemNamespace(true), err)
+		return nil
 	}
-	log.Debugf("renew ingress tls certificate")
 	if err := qcexec.Command(os.Args[0], "experimental", "kubectl", "apply", "-f", tlsfile, "--kubeconfig", common.GetKubeConfig()).Run(); err != nil {
 		log.Warnf("load renew tls cert for default failed, reason: %v", err)
+		return nil
 	}
+	log.Donef("renew tls certificate success")
 	return nil
 }
diff --git a/pkg/quickon/quickon.go b/pkg/quickon/quickon.go
index 0175895b..cda97575 100644
--- a/pkg/quickon/quickon.go
+++ b/pkg/quickon/quickon.go
@@ -277,7 +277,7 @@ func (m *Meta) Init() error {
 					// TODO  timeout
 					m.Log.Warnf("wait tls cert ready, timeout: %v", trywaitsc.Sub(waittls).Seconds())
 					cmd := fmt.Sprintf("%s pt tls", os.Args[0])
-					m.Log.Warnf("wait cluster install success, please use cmd check: %s", color.SGreen(cmd))
+					m.Log.Warnf("wait cluster install success, visit %s notice 'Your connection to this site isn't secure', please use follow cmd check and fix: %s", color.SGreen(m.Domain), color.SGreen(cmd))
 					break
 				}
 			}