People

Agenda

  • Discuss and decide goals for this iteration.

Notes

  • This iteration is all about making use of Let’s Encrypt for TLS certificates.

Roadmap

@startroadmap
alpha6:
  label: ALPHA-6
  depends:
    - alpha5
    - docs

alpha5:
  label: ALPHA-5
  depends:
    - alpha4
    - notifications
    - build_graph
    - incremental

alpha4:
  label: ALPHA-4
  depends:
    - qvisqve
    - letsencrypt
    - self_hosting
    - archdocs

self_hosting:
  label: |
    ick builds,
    publishes
    its own .debs

notifications:
  label: |
    ick has a
    rudimentary
    notification
    system

qvisqve:
  label: |
    ick uses Qvisqve
    as an IDP

build_graph:
  label: |
    ick constructs a
    build graph from
    all pipelines at
    trigger time

incremental:
  label: |
    ick can do
    incremental
    builds (reuse
    workspaces
    across builds)

letsencrypt:
  label: |
    ick deploys
    Let's Encrypt
    TLS certificates
  status: next

docs:
  label: |
    there's sufficient
    docs for others to
    install ick for
    themselves

archdocs:
  label: |
    the arch doc
    describes ick
    that others can
    use
@endroadmap

Current projects

  • N/An

Tasks for this week

Tasks may be part of a project or be random small ones (max an hour) that just need doing.

what Who estimate(h)
Change icktool, worker-manager to verify TLS certs Lars 1
Add Let’s Encrypt certs to Ansible playbook Lars 4
Total Lars 5

Task descriptions

  • Change icktool, worker-manager to verify TLS certs: Currently all places in ick where HTTP queries are made, checking of TLS certificates is turned off. Specifically, icktool and worker-manager. Change both so that it’s optional: enabled by default, but possible to disable via a configuration option. Enabled is the sensible default, but to support those who for whatever reason can’t get a CA-signed certificate, it should be possible to turn it off.

    Acceptance criteria: Running icktool and worker-manager with TLS certificate checking turned off means nothing really works. Test this manually.

  • Add Let’s Encrypt certs to Ansible playbook: Change the Ansible playbook(s) in the ick2-ansible repository to automatically set up a TLS certificate by LE for the controller and artifact store.

    Acceptance criteria: Deploy a new ick instance with separate controller and artifact store hosts. Run icktool, with certificate checking enabled, to add a project, and to trigger its build. Check manually that it gets built OK.