d961b6d0d4
This is a slight divergence from the accepted spec, where we were going to implement these redirects via a new haproxy instance (I961456d44a56f2334d3c94ef27e408f27409cd65). We've decided it's easier to keep them on static.opendev.org The following sites are configured to redirect to whatever they are redirecting to now on static.opendev.org: * devstack.org * www.devstack.org * ci.openstack.org * cinder.openstack.org * glance.openstack.org * horizon.openstack.org * keystone.openstack.org * nova.openstack.org * qa.openstack.org * summit.openstack.org * swift.openstack.org As a bonus, they all get a https instance too, which they didn't have before. testinfra coverage should be total for this change. I have created the _acme-challange CNAME records for all the above. Story: #2006598 Task: #38881 Change-Id: I3f1fc108e7bb1c9500ad4d1a51df13bb4ae00cb9
Generate letsencrypt certificates
This must run after the letsencrypt-install-acme-sh,
letsencrypt-request-certs and
letsencrypt-install-txt-records roles. It will run the
acme.sh process to create the certificates on the host.
Role Variables
If set to True, will locally generate self-signed certificates in the same locations the real script would, instead of contacting letsencrypt. This is set during gate testing as the authentication tokens are not available.
If set to True will use the letsencrypt staging environment, rather than make production requests. Useful during initial provisioning of hosts to avoid affecting production quotas.
The same variable as described in
letsencrypt-request-certs.