ansible-playbooks

History

Marcelo Loebens b7c629b603 Rework platform certificates migration Renamed the playbook to 'update_platform_certificates.yml', to reflect the intention behind moving forward (not only to migrate the platform certificates to cert-manager, but to be a easy way to update the local issuer (system-local-ca) CA certificates as well as the leaf certificates data. Moved the install of the RCA to the beginning of the execution, as several validations are made in the role and it's useful to have then fail if a problem is detected before issuing the leaf certificates. Updated the conditions for creating the certificates to issue the Rest API / GUI certificate (default behavior from now onward). Fixed the condition for having the Local OpenLDAP certificate (host role is not subcloud). Test plan: PASS: Deploy a system with the feature flag enabled in the localhost file ('create_platform_certificates'). Apply oidc. Execute the playbook using the new name ('update_platform_certificates.yml') in 'update' and 'check' modes. Observe that it works as expected. Checked: - The provided RCA is installed as Trusted CA; - The resulting certificates are correct; - Login in Local Docker Registry is working; - OIDC is working as expected; - Horizon is working as expected; - OpenLDAP is working as expected. Story: 2009811 Task: 48908 Change-Id: I9b928b1080a28bebb0362ac8d68be387bd4a67da Signed-off-by: Marcelo Loebens <Marcelo.DeCastroLoebens@windriver.com>	2023-11-17 13:17:13 +00:00
..
migrate-subcloud1-overrides-EXAMPLE.yml	Introduce SX to DX migration playbook	2021-03-18 00:38:51 -04:00

Marcelo Loebens b7c629b603 Rework platform certificates migration

Renamed the playbook to 'update_platform_certificates.yml', to reflect
the intention behind moving forward (not only to migrate the platform
certificates to cert-manager, but to be a easy way to update the local
issuer (system-local-ca) CA certificates as well as the leaf
certificates data.

Moved the install of the RCA to the beginning of the execution, as
several validations are made in the role and it's useful to have
then fail if a problem is detected before issuing the leaf
certificates.

Updated the conditions for creating the certificates to issue the
Rest API / GUI certificate (default behavior from now onward). Fixed
the condition for having the Local OpenLDAP certificate (host role is
not subcloud).

Test plan:
PASS: Deploy a system with the feature flag enabled in the localhost
      file ('create_platform_certificates'). Apply oidc. Execute the
      playbook using the new name ('update_platform_certificates.yml')
      in 'update' and 'check' modes. Observe that it works as expected.
      Checked:
      - The provided RCA is installed as Trusted CA;
      - The resulting certificates are correct;
      - Login in Local Docker Registry is working;
      - OIDC is working as expected;
      - Horizon is working as expected;
      - OpenLDAP is working as expected.

Story: 2009811
Task: 48908

Change-Id: I9b928b1080a28bebb0362ac8d68be387bd4a67da
Signed-off-by: Marcelo Loebens <Marcelo.DeCastroLoebens@windriver.com>

2023-11-17 13:17:13 +00:00

migrate-subcloud1-overrides-EXAMPLE.yml

Introduce SX to DX migration playbook

2021-03-18 00:38:51 -04:00