zuul-jobs

History

James E. Blair 59d7af0e67 Add per-build WinRM cert generation This adds roles that, similar to add-build-sshkey, create a per-build WinRM certificate, install it on remote windows nodes, and then switch to using the certificate in Ansible for authentication. A second role is included which can clean up the cert which is useful for static nodes. Since winrm certificates must be acessible within the bubblewrap container, these roles can be used to restrict the system-wide winrm cert to trusted playbooks while untrusted playbooks will only have access to the per-build cert (with appropriate configuration of the executor). Change-Id: I4efe25594c2f543886a000aa02fb0a38683a43cb	2022-04-13 15:04:51 -07:00
..
tasks	Add per-build WinRM cert generation	2022-04-13 15:04:51 -07:00
README.rst	Add per-build WinRM cert generation	2022-04-13 15:04:51 -07:00

James E. Blair 59d7af0e67 Add per-build WinRM cert generation

This adds roles that, similar to add-build-sshkey, create a per-build
WinRM certificate, install it on remote windows nodes, and then switch
to using the certificate in Ansible for authentication.  A second role
is included which can clean up the cert which is useful for static
nodes.

Since winrm certificates must be acessible within the bubblewrap
container, these roles can be used to restrict the system-wide winrm
cert to trusted playbooks while untrusted playbooks will only have access
to the per-build cert (with appropriate configuration of the executor).

Change-Id: I4efe25594c2f543886a000aa02fb0a38683a43cb

2022-04-13 15:04:51 -07:00

tasks

Add per-build WinRM cert generation

2022-04-13 15:04:51 -07:00

README.rst

Add per-build WinRM cert generation

2022-04-13 15:04:51 -07:00

README.rst

Remove the per-build WinRM certificate from all hosts

The complement to :zuuladd-build-winrm-cert. It removes the build's WinRM certificate from WSMan registry of all Windows hosts.