search

ansible-community / ara-collection

Collection of Ansible roles for ARA Records Ansible.
https://ara.recordsansible.org
GNU General Public License v3.0
28 stars 16 forks source link

ara_frontend_nginx: add support for https/ssl #43

Closed dmsimard closed 3 years ago

dmsimard commented 3 years ago

This is rebased on top of https://github.com/ansible-community/ara-collection/pull/38 which isn't merged yet, will rebase on top of master when it is merged so all the commits belonging to it will go away.

dmsimard commented 3 years ago

It works: https://dashboard.zuul.ansible.com/t/ansible/build/c8e6119422ad4175a88aad1bef486218

Although the ssl certificate warning is quite noisy:

TASK [smoke-tests : include_tasks] *********************************************
task path: /home/zuul/.ara-tests/git/ara/tests/integration/roles/smoke-tests/tasks/main.yaml:22
included: /home/zuul/.ara-tests/git/ara/tests/integration/roles/smoke-tests/tasks/ara-ops.yaml for localhost

TASK [smoke-tests : Print normal data] *****************************************
task path: /home/zuul/.ara-tests/git/ara/tests/integration/roles/smoke-tests/tasks/ara-ops.yaml:20
/home/zuul/.ara-tests/virtualenv/lib64/python3.6/site-packages/urllib3/connectionpool.py:1020: InsecureRequestWarning: Unverified HTTPS request is being made to host 'ara.example.org'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings
  InsecureRequestWarning,
ok: [localhost] => {
    "msg": "normal data"
}

TASK [smoke-tests : Print confidential data] ***********************************
task path: /home/zuul/.ara-tests/git/ara/tests/integration/roles/smoke-tests/tasks/ara-ops.yaml:24
ok: [localhost] => {
    "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result"
}

TASK [smoke-tests : Record data with no type] **********************************
task path: /home/zuul/.ara-tests/git/ara/tests/integration/roles/smoke-tests/tasks/ara-ops.yaml:30
/home/zuul/.ara-tests/virtualenv/lib64/python3.6/site-packages/urllib3/connectionpool.py:1020: InsecureRequestWarning: Unverified HTTPS request is being made to host 'ara.example.org'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings
  InsecureRequestWarning,
changed: [localhost] => {
    "changed": true,
    "created": "2021-08-16T02:41:57.430370Z",
    "key": "notype",
    "msg": "Record created or updated in ARA",
    "playbook_id": 1,
    "type": "text",
    "updated": "2021-08-16T02:41:57.430427Z",
    "value": "text"
}
Thulium-Drake commented 3 years ago

Indeed it is noisy, but alas nothing we can really do about it (I think I'd rather have this noise in the logs then to try and work around it in the CI), this really should be solved by the end-user :)

dmsimard commented 3 years ago

LGTM, but it seems this PR targets master, will that still work after merging #38 ?

Yep, need to rebase against master and then push --force this branch like I just did.

dmsimard commented 3 years ago

Improved SSL ciphers like so: https://github.com/dmsimard/recordsansible.ara/commit/5ab92bf2dba4a93653b70f54c9bdfb41e00a8d13

Squashed into non-WIP commit ready to land.

dmsimard commented 3 years ago

recheck