Skip to content

Ci multinode ca choice #1740

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 5 commits into
base: stackhpc/2025.1
Choose a base branch
from
Open

Ci multinode ca choice #1740

wants to merge 5 commits into from

Conversation

seunghun1ee
Copy link
Member

@seunghun1ee seunghun1ee commented Jul 3, 2025
edited
Loading

The revert at stackhpc/terraform-kayobe-multinode#92 made Epoxy and Caracal ci-multinode to fail because SKC assumes that OpenBao is used as CA.

This allows users to choose which secret store to use as CA.

Related PR: stackhpc/terraform-kayobe-multinode#94

@seunghun1ee seunghun1ee self-assigned this Jul 3, 2025
@seunghun1ee seunghun1ee requested a review from a team as a code owner July 3, 2025 12:53
@product-auto-label product-auto-label bot added size: s workflows Workflow files have been modified labels Jul 3, 2025
@seunghun1ee
Copy link
Member Author

/cherry-pick stackhpc/2024.1

MaxBed4d
MaxBed4d previously approved these changes Jul 4, 2025
View reviewed changes
Copy link
Contributor

@MaxBed4d MaxBed4d left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Alex-Welsh
Alex-Welsh requested changes Jul 7, 2025
View reviewed changes
Copy link
Member

@Alex-Welsh Alex-Welsh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We're planning on making the vault* and openbao* playbooks generic, and use a separate variable to choose between them

See discussion here for details: stackhpc/terraform-kayobe-multinode#93 (comment)

@Alex-Welsh
Copy link
Member

I'm putting this PR back to draft while we work on a new solution and Seunghun is away

@Alex-Welsh Alex-Welsh marked this pull request as draft July 8, 2025 13:29
@seunghun1ee seunghun1ee force-pushed the ci-multinode-ca-choice branch from ca400f1 to 93c5748 Compare July 14, 2025 10:44
@seunghun1ee seunghun1ee force-pushed the ci-multinode-ca-choice branch from 2f2d1d4 to aeaf3a0 Compare July 16, 2025 15:25
Alex-Welsh
Alex-Welsh reviewed Jul 17, 2025
View reviewed changes
Copy link
Member

@Alex-Welsh Alex-Welsh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Turns out you can't leave a "neutral" review anymore without adding a comment

etc/kayobe/ansible/secret-store-deploy-seed.yml
Comment on lines +45 to +47
consul_bind_interface: "{{ secret_store_bind_interface }}"
vault_bind_address: "{{ secret_store_bind_address }}"
vault_api_addr: "{{ secret_store_api_address }}"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What's with these new variables?

releasenotes/notes/merge-openbao-vault-playbooks-0c78364f4a86f6e0.yaml
- |
Merged OpenBao playbooks and Hashicorp Vault playbooks.
They starts with the prefix "secret-store".
By default, the playbooks are set to be OpenBao playbooks.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: wording

Suggested change
By default, the playbooks are set to be OpenBao playbooks.
By default, the playbooks will deploy OpenBao.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Alex-Welsh Alex-Welsh Alex-Welsh requested changes

@MaxBed4d MaxBed4d MaxBed4d left review comments

Requested changes must be addressed to merge this pull request.

Assignees

@seunghun1ee seunghun1ee

Labels
size: xl workflows Workflow files have been modified
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@seunghun1ee @Alex-Welsh @MaxBed4d