People

Agenda

  • Discuss and decide goals for this iteration.

Notes

  • This iteration is all about making use of Let's Encrypt for TLS certificates.

Roadmap

Current projects

  • N/An

Tasks for this week

Tasks may be part of a project or be random small ones (max an hour) that just need doing.

what Who estimate(h)
Change icktool, worker-manager to verify TLS certs Lars 1
Add Let's Encrypt certs to Ansible playbook Lars 4
Total Lars 5

Task descriptions

  • Change icktool, worker-manager to verify TLS certs: Currently all places in ick where HTTP queries are made, checking of TLS certificates is turned off. Specifically, icktool and worker-manager. Change both so that it's optional: enabled by default, but possible to disable via a configuration option. Enabled is the sensible default, but to support those who for whatever reason can't get a CA-signed certificate, it should be possible to turn it off.

    Acceptance criteria: Running icktool and worker-manager with TLS certificate checking turned off means nothing really works. Test this manually.

  • Add Let's Encrypt certs to Ansible playbook: Change the Ansible playbook(s) in the ick2-ansible repository to automatically set up a TLS certificate by LE for the controller and artifact store.

    Acceptance criteria: Deploy a new ick instance with separate controller and artifact store hosts. Run icktool, with certificate checking enabled, to add a project, and to trigger its build. Check manually that it gets built OK.