Browse Source

use with_fake_LE as global var for letsencrypt staging env

keep-around/441bb62798e1d13de9e6fa259e2b013ebcc09baf
François Poulain 4 years ago
parent
commit
587b26b969
  1. 4
      inventory/group_vars/all/infrastructure.yml
  2. 4
      inventory/host_vars/icinga-host/monitoring.yml
  3. 2
      molecule/gitlab/roles/gitlab/tasks/gitlab.yml
  4. 2
      molecule/icinga/roles/certbot-nginx/tasks/main.yml
  5. 7
      molecule/preprod/host_vars/icinga-host/monitoring.yml

4
inventory/group_vars/all/infrastructure.yml

@ -1 +1,5 @@
domain: securedrop.club
# use Let's Encrypt staging environment
# undef it to avoid
with_fake_LE: true

4
inventory/host_vars/icinga-host/monitoring.yml

@ -13,9 +13,5 @@ vhost_fqdn: _
# with_https: true
# available but un-needed options for let's encrypt
# certbot_redirect: true
# use fake LE
# molecule verify will fail with it
# certbot_test: true

2
molecule/gitlab/roles/gitlab/tasks/gitlab.yml

@ -91,5 +91,5 @@
- '443:443'
env:
DOMAINS: 'gitlab.{{ domain }} -> http://gitlab.{{ domain }}:8080, lab.{{ domain }} -> http://gitlab.{{ domain }}:8080'
STAGE: production
STAGE: "{% if with_fake_LE is undefined %}production{% else %}staging{% endif %}"
state: "{% if with_https is defined %}started{% else %}absent{% endif %}"

2
molecule/icinga/roles/certbot-nginx/tasks/main.yml

@ -14,4 +14,4 @@
--email {{ icingaadmins_email }} \
-d {{ vhost_fqdn }} \
{% if certbot_redirect is defined %}--redirect{% endif %} \
{% if certbot_test is defined %}--test-cert{% endif %}
{% if with_fake_LE is defined %}--test-cert{% endif %}

7
molecule/preprod/host_vars/icinga-host/monitoring.yml

@ -11,10 +11,3 @@ icingaadmins_email: icingaadmins@{{ domain }}
vhost_fqdn: icinga.{{ domain }}
with_https: true
# available but un-needed options for let's encrypt
# certbot_redirect: true
# use fake LE
# molecule verify will fail with it
# certbot_test: true

Loading…
Cancel
Save