4 Commits

Author SHA1 Message Date
Ian Wienand
733122f0df Use handlers for letsencrypt cert updates
This change proposes calling a handler each time a certificate is
created/updated.  The handler name is based on the name of the
certificate given in the letsencrypt_certs variable, as described in
the role documentation.

Because Ansible considers calling a handler with no listeners an error
this means each letsencrypt user will need to provide a handler.

One simple option illustrated here is just to produce a stamp file.
This can facilitate cross-playbook and even cross-orchestration-tool
communication.  For example, puppet or other ansible playbooks can
detect this stamp file and schedule their reloads, etc. then remove
the stamp file.  It is conceivable more complex listeners could be
setup via other roles, etc. should the need arise.

A test is added to make sure the stamp file is created for the
letsencrypt test hosts, which are always generating a new certificate
in the gate test.

Change-Id: I4e0609c4751643d6e0c8d9eaa38f184e0ce5452e
2019-05-14 08:14:51 +10:00
Ian Wienand
a88d836661 Enable production cert generation for graphite01
Testing with the staging cert has shown nothing is going crazy and
making unreasonable letsencrypt requests ... switch this to generate a
real cert.

Change-Id: I861ea295312f83c66dd9b37271969d6e7f8fc2a2
2019-04-11 10:32:30 +10:00
Ian Wienand
86c5bc2b45 letsencrypt: split staging and self-signed generation
We currently only have letsencrypt_test_only as a single flag that
sets tests to use the letsencrypt staging environment and also
generates a self-signed certificate.

However, for initial testing we actually want to fully generate
certificates on hosts, but using the staging environment (i.e. *not*
generate self-signed certs).  Thus we need to split this option into
two, so the gate tests still use staging+self-signed, but in-progress
production hosts can just using the staging flag.

These variables are split, and graphite01.opendev.org is made to
create staging certificates.

Also remove some debugging that is no longer necessary.

Change-Id: I08959ba904f821c9408d8f363542502cd76a30a4
2019-04-10 08:47:32 +10:00
Ian Wienand
00efd089a2 Really add graphite01.opendev.org certificate details
This file was accidentally dropped from
I3e762d071cc609856950898b36f1903fe52840a6 during a rebase.

Change-Id: Iabc1db2aa029d7ff73b742ed63d367d8daa39187
2019-04-09 12:06:23 +10:00