Actions
Feature #22924
open
Ansible installer sets up and uses certs from Let's Encrypt
Status:
New
Priority:
Normal
Assigned To:
-
Category:
Deployment
Target version:
-
Story points:
-
Description
There's sort of two parts to this:
- In general, the Ansible installer should be able to use certs that already exist on the server without copying/mucking with them.
- Right now if you tell it to use a remote cert, it copies it so config doesn't have to template the location, we know it has good ownership and perms, etc. That was the easiest implementation for the prototype. But now we have to actually deal with the harder setup problems.
- This would let it use Let's Encrypt certs when LE is managed by another stack.
- Include automated certbot/acmetool deployment when requested.
- Probably the way to do this is do it automatically when the host has a non-empty list of domains to get cert(s) for.
- Should probably be a separate role that's a dependency of
arvados_nginx_baseand anything else that needs it (even if there currently is nothing else, it's easy to imagine there could be in the future).
Updated by Peter Amstutz
Updated by Brett Smith 10 months ago
- Blocks Idea #22865: Planning for ansible installer to replace salt for deploying tordo added
Updated by Brett Smith 9 months ago
- Target version deleted (
Development 2025-06-25) - Assigned To deleted (
Brett Smith)
Actions