Skip to content

INFRA-839 Add playbooks, config & docs for enabling Pulp tls with vault #1427

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 5 commits into
base: stackhpc/2024.1
Choose a base branch
from
Open

INFRA-839 Add playbooks, config & docs for enabling Pulp tls with vault #1427

wants to merge 5 commits into from
+132 −2

Conversation

technowhizz
Copy link
Contributor

No description provided.

@technowhizz technowhizz self-assigned this Dec 13, 2024
@technowhizz technowhizz requested a review from a team as a code owner December 13, 2024 10:14
@product-auto-label product-auto-label bot added size: m ansible Ansible playbooks labels Dec 13, 2024
@technowhizz technowhizz force-pushed the update-vault-docs-dec-2024 branch from 0281769 to b69f2bd Compare December 13, 2024 10:36
MoteHue
MoteHue reviewed Dec 13, 2024
View reviewed changes
@technowhizz technowhizz changed the title Add playbooks, config & docs for enabling Pulp tls with vault INFRA-839 Add playbooks, config & docs for enabling Pulp tls with vault Dec 13, 2024
jovial
jovial reviewed Dec 13, 2024
View reviewed changes
seunghun1ee
seunghun1ee previously approved these changes Dec 17, 2024
View reviewed changes
Copy link
Member

@seunghun1ee seunghun1ee left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Don't we also need to add the cert to the docker config directory? /etc/docker/certs/ I think.
If we can restart docker, this is not needed though.

@seunghun1ee seunghun1ee dismissed their stale review December 17, 2024 11:45

Approval by mistake

@technowhizz
Copy link
Contributor Author

Don't we also need to add the cert to the docker config directory? /etc/docker/certs/ I think. If we can restart docker, this is not needed though.

Yeah, so I think docker will use the system CA trust but you might be right about needing to restart docker for that. Also if we did need to add the CA cert to docker I realised @seunghun1ee that we have a variable in kayobe for that

stackhpc-kayobe-config/etc/kayobe/docker.yml

Line 33 in 1b04d74

#docker_registry_ca:

Alex-Welsh
Alex-Welsh reviewed Feb 26, 2025
View reviewed changes
@Alex-Welsh
Copy link
Member

@technowhizz what is the expiry on the certs? Do we need a note on cert rotation in the docs?

technowhizz and others added 4 commits September 11, 2025 15:15
@technowhizz
INFRA-839 Add config for pulp TLS
05d4f30 
Add playbooks, config & docs for enabling pulp tls with vault
@technowhizz @MoteHue
Update doc/source/configuration/vault.rst
9bdd117 
Dont start bifrost playbooks when deploying pulp tls

Co-authored-by: Matt Crees <[email protected]>
@technowhizz
Add message about pulp tls and new deployments
42a5922
@technowhizz
Add FQCNs
0c7d52b
@technowhizz technowhizz force-pushed the update-vault-docs-dec-2024 branch from 751d275 to e71ab9b Compare September 11, 2025 14:35
@technowhizz technowhizz force-pushed the update-vault-docs-dec-2024 branch from e71ab9b to 11a9680 Compare September 11, 2025 14:38
@technowhizz
Copy link
Contributor Author

@Alex-Welsh once checks pass this should be good to go too. Unless also you want this in 2025.1

re cert rotation and length - its 1 year I believe like all the other certs. Nothing out of the ordinary, hence nothing worth mentioning. As far as rotation is concerned I think we need a note for all types not just pulp. Perhaps can be done as a follow up to this

@Alex-Welsh
Copy link
Member

re cert rotation and length - its 1 year I believe like all the other certs

This has recently changed actually, https://github.com/stackhpc/stackhpc-kayobe-config/pull/1775/files
It's been increased to 2 years so we can switch them as part of annual upgrades

Unless also you want this in 2025.1

Yeah, if you could just rebase & change the target to 2025.1 that'd be great.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jovial jovial jovial left review comments

@mnasiadka mnasiadka mnasiadka left review comments

@MoteHue MoteHue MoteHue left review comments

@Alex-Welsh Alex-Welsh Alex-Welsh left review comments

@seunghun1ee seunghun1ee seunghun1ee left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@technowhizz technowhizz

Labels
ansible Ansible playbooks size: m
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@technowhizz @Alex-Welsh @jovial @mnasiadka @MoteHue @seunghun1ee