Majic Projects
Majic Ansible Roles
Go to the previous open issue
Go to the previous issue (open or closed)
Please log in to bookmark issues
icon_project.png Majic Ansible Roles / Closed Enhancement MAR-150 On-the-fly generation of private keys and certificates for role tests
Go to the next issue (open or closed)
Go to the next open issue
This issue has been closed with status "Closed" and resolution "RESOLVED".
Issue basics
  • Type of issue
  • Category
    Not determined
  • Targetted for
  • Status
  • Progress
  • Priority
    Not determined
User pain
  • Type of bug
    Not triaged
  • Likelihood
    Not triaged
  • Effect
    Not triaged
Affected by this issue (0)
There are no items
People involved
Times and dates
  • Posted at
  • Last updated
  • Estimated time
    16 hours
  • Time spent
    No time spent
    Click here to see time logged against this issue
Issue details
  • Resolution
Attachments (0)
There is nothing attached to this issue
Duplicate issues (0)
This issue does not have any duplicates

Current implementation of tests for the Majic Ansible Roles relies on using pre-generated private keys and X.509 certificates. This has a couple of drawbacks:

  • Making any kind of naming changes around test machine hostnames etc requires issuing new certificates by hand.
  • Certificates need to be renewed by hand upon expiration.
  • Truststores also need to be updated by hand.

It would be much better if the private key and certificate generation was performed "on-the-fly" during the test runs instead.

The following should be done:

  • Switch to using Gimmecert, small tool for quickly generating private keys, CA hierarchies, and issuing certificates.
  • Update roles:
    • ldap_server
    • mail_forwarder
    • mail_server
    • php_website
    • web_server
    • wsgi_website
    • xmpp_server
  • Remove statically generated private keys/certificates.
  • Private key/certificate generation should be kept for the test site itself - only the role tests should be switched over to using Gimmecert.
  • Switch to using the .cert.pem and .key.pem as default extensions for certificates and private keys.
  • Update the release notes.
  • Update the role reference documentation.
Todos (0 / 0)
There are no comments