setup-component-pack-complete-harbor.yml generates new haproxy TLS cert each time

[stoeps13]

connections-automation/playbooks/setup-component-pack-complete-harbor.yml

Line 5 in 6284e97

import_playbook: third_party/setup-haproxy.yml

On each run, this generates a new TLS certificate (self-signed without root ca). The whole playbook does some things with DMGR (like restart, import ES certs), but does not import this new cert into trusted root. I'm not sure where it fits best, but I would like to call the role https://github.com/HCL-TECH-SOFTWARE/connections-automation/tree/main/roles/third_party/ibm/wasnd/was-dmgr-config-add-cert-truststore after HAProxy role has finished.

[nitinjagjivan]

Thanks, this is nginx cert and we need to import it into trusted root each time we run setup nginx/haproxy . Internal work item is created.

[stoeps13]

Thanks, @nitinjagjivan
when you are looking into this. What's the process if I want to have a Lets encrypt or an official certificate?

I see there is a variable nginx_certbot_production in the nginx role, but it is nowhere used or documented.

[nitinjagjivan]

Acknowledged and have created an internal work item. We will prioritise and address it accordingly.

[stoeps13]

Hi,
just asking about the status?

This issue is nearly one year old, each run generates certificates and does not update DMGR.

Regards,
Christoph