Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

INFRA-839 Add playbooks, config & docs for enabling Pulp tls with vault #1427

Open
wants to merge 4 commits into
base: stackhpc/2024.1
Choose a base branch
from
Open

INFRA-839 Add playbooks, config & docs for enabling Pulp tls with vault #1427

wants to merge 4 commits into from
+120 −2

Conversation

technowhizz
Copy link
Contributor

No description provided.

@technowhizz technowhizz self-assigned this Dec 13, 2024
@technowhizz technowhizz requested a review from a team as a code owner December 13, 2024 10:14
@product-auto-label product-auto-label bot added size: m ansible Ansible playbooks labels Dec 13, 2024
@technowhizz
INFRA-839 Add config for pulp TLS
b69f2bd 
Add playbooks, config & docs for enabling pulp tls with vault
@technowhizz technowhizz force-pushed the update-vault-docs-dec-2024 branch from 0281769 to b69f2bd Compare December 13, 2024 10:36
@technowhizz technowhizz changed the title Add playbooks, config & docs for enabling Pulp tls with vault INFRA-839 Add playbooks, config & docs for enabling Pulp tls with vault Dec 13, 2024
@technowhizz @MoteHue
Update doc/source/configuration/vault.rst
c239387 
Dont start bifrost playbooks when deploying pulp tls

Co-authored-by: Matt Crees <[email protected]>
seunghun1ee
seunghun1ee previously approved these changes Dec 17, 2024
View reviewed changes
Copy link
Member

@seunghun1ee seunghun1ee left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Don't we also need to add the cert to the docker config directory? /etc/docker/certs/ I think.
If we can restart docker, this is not needed though.

@seunghun1ee seunghun1ee dismissed their stale review December 17, 2024 11:45

Approval by mistake

@technowhizz
Copy link
Contributor Author

Don't we also need to add the cert to the docker config directory? /etc/docker/certs/ I think. If we can restart docker, this is not needed though.

Yeah, so I think docker will use the system CA trust but you might be right about needing to restart docker for that. Also if we did need to add the CA cert to docker I realised @seunghun1ee that we have a variable in kayobe for that

stackhpc-kayobe-config/etc/kayobe/docker.yml

Line 33 in 1b04d74

#docker_registry_ca:

Alex-Welsh
Alex-Welsh reviewed Feb 26, 2025
View reviewed changes
doc/source/configuration/vault.rst

.. code-block::

kayobe playbook run $KAYOBE_CONFIG_PATH/ansible/vault-generate-pulp-tls.yml
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you add a step to encrypt the secrets that come out of this?

doc/source/configuration/vault.rst
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you capitalise TLS throughout this section?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jovial jovial jovial left review comments

@mnasiadka mnasiadka mnasiadka left review comments

@MoteHue MoteHue MoteHue left review comments

@Alex-Welsh Alex-Welsh Alex-Welsh left review comments

@seunghun1ee seunghun1ee seunghun1ee left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@technowhizz technowhizz

Labels
ansible Ansible playbooks size: m
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@technowhizz @jovial @mnasiadka @MoteHue @seunghun1ee @Alex-Welsh