Test helper rotation: update TLS certs on all hosts

ooni / backend

Everything related to OONI backend infrastructure: ooni/api, ooni/pipeline, ooni/sysadmin, collector, bouncers and test-helpers

BSD 3-Clause "New" or "Revised" License

48 stars 28 forks source link

Test helper rotation: update TLS certs on all hosts #777

Closed FedericoCeratto closed 3 months ago

FedericoCeratto commented 7 months ago

When a test helper is deployed by the rotation script a fresh TLS cert is generated using the Digital Ocean API. The cert is deployed on the new host. The rotation script can be tweaked to [attempt to] update the cert on all existing test helper hosts instead.

hellais commented 3 months ago

We should move the test helper rotation from the custom script into the new devops pattern. See: https://docs.ooni.org/backend/ooniapi/services/