-
Notifications
You must be signed in to change notification settings - Fork 10
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: postgresql_cert_name didn't work properly, using this parameter #102
Conversation
caused an error. Because there was a missing variable __pg_server_crt definition in the correct context. This commit also enhances the description of postgresql_cern_name variable. Related: SYSROLES-157
[citest] |
@fila43 we'll need to add a new test for this, or modify one of the existing tests in |
@richm I would prefer to add the new one. |
[citest] |
tests/tests_custom_certificate.yaml
Outdated
@@ -0,0 +1,50 @@ | |||
--- | |||
- name: Generate certificate using certificate role |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this doesn't have to be a separate play - this can be a task in the Test PostgreSQL server with ssl support using certificate role
play
There is a way to use the certificate
role in test mode which makes it easier to use for system roles testing.
- name: Generate certificates
include_role:
name: fedora.linux_system_roles.certificate
vars:
certificate_requests:
- name: /tmp/mycert
dns: www.example.com
ca: self-sign
certificate_test_mode: true
then you don't need the task for Stop tracking certificate
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, I didn't know it.
[citest] |
tests/tests_custom_certificate.yaml
Outdated
that: >- | ||
"SSL connection" in result.stdout | ||
always: | ||
- name: Stop tracking certificate |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
When using the certificate role with certificate_test_mode: true
you don't need to stop tracking - the certificate role does this for you https://github.com/linux-system-roles/certificate/blob/main/tasks/main.yml#L184
@fila43 all Ansible YAML files must have a |
[citest] |
The certificate role test mode doesn't work with |
[citest] |
My current version works locally, but since I am not an ansible expert, I don't know if it satisfies all the rules. |
Ah - because you aren't using |
tests/tests_custom_certificate.yml
Outdated
name: fedora.linux_system_roles.certificate | ||
vars: | ||
certificate_requests: | ||
- name: /etc/pki/tls/certs/mycert |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- name: /etc/pki/tls/certs/mycert | |
- name: /etc/pki/tls/certs/postgresql_test |
So that if something goes wrong with the test, and doesn't clean up, we know which test this is
tests/tests_custom_certificate.yml
Outdated
vars: | ||
__test_clean_instance: false | ||
__test_check_unix_socket: false | ||
postgresql_cert_name: /etc/pki/tls/certs/mycert |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
postgresql_cert_name: /etc/pki/tls/certs/mycert | |
postgresql_cert_name: /etc/pki/tls/certs/postgresql_test |
Yes, but there is a missing check mechanism in the certificate role. Usually, it gets stuck in the |
[citest] |
postgresql_cert_name parameter caused an error. Because there is a missing variable __pg_server_crt definition in the correct context. This commit also enhances the description of postgresql_cern_name variable.
Issue Tracker Tickets (Jira or BZ if any): SYSROLES-157