0d83dd3ea0
Some of our testing makes use of secure communication between testing nodes; e.g. testing a load-balancer pass-through. Other parts "loop-back" but require flags like "curl --insecure" because the self-signed certificates aren't trusted. To make testing more realistic, create a CA that is distributed and trusted by all testing nodes early in the Zuul playbook. This then allows us to sign local certificates created by the letsencrypt playbooks with this trusted CA and have realistic peer-to-peer secure communications. The other thing this does is reworks the letsencrypt self-signed cert path to correctly setup SAN records for the host. This also improves the "realism" of our testing environment. This is so realistic that it requires fixing the gitea playbook :). The Apache service proxying gitea currently has to override in testing to "localhost" because that is all the old certificate covered; we can now just proxy to the hostname directly for testing and production. Change-Id: I3d49a7b683462a076263127018ec6a0f16735c94 |
||
---|---|---|
.. | ||
group_vars | ||
host_vars | ||
gate-groups.yaml.j2 |