system-config/playbooks/roles/letsencrypt-create-certs
Ian Wienand 86c5bc2b45 letsencrypt: split staging and self-signed generation
We currently only have letsencrypt_test_only as a single flag that
sets tests to use the letsencrypt staging environment and also
generates a self-signed certificate.

However, for initial testing we actually want to fully generate
certificates on hosts, but using the staging environment (i.e. *not*
generate self-signed certs).  Thus we need to split this option into
two, so the gate tests still use staging+self-signed, but in-progress
production hosts can just using the staging flag.

These variables are split, and graphite01.opendev.org is made to
create staging certificates.

Also remove some debugging that is no longer necessary.

Change-Id: I08959ba904f821c9408d8f363542502cd76a30a4
2019-04-10 08:47:32 +10:00
..
defaults letsencrypt: split staging and self-signed generation 2019-04-10 08:47:32 +10:00
tasks letsencrypt: split staging and self-signed generation 2019-04-10 08:47:32 +10:00
README.rst letsencrypt: split staging and self-signed generation 2019-04-10 08:47:32 +10:00

Generate letsencrypt certificates

This must run after the letsencrypt-install-acme-sh, letsencrypt-request-certs and letsencrypt-install-txt-records roles. It will run the acme.sh process to create the certificates on the host.

Role Variables

If set to True, will locally generate self-signed certificates in the same locations the real script would, instead of contacting letsencrypt. This is set during gate testing as the authentication tokens are not available.

If set to True will use the letsencrypt staging environment, rather than make production requests. Useful during initial provisioning of hosts to avoid affecting production quotas.

The same variable as described in letsencrypt-request-certs.