Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature: configurable deployment tasks (alpha/beta testers wanted) #440

Open
webprofusion-chrisc opened this Issue Feb 20, 2019 · 5 comments

Comments

Projects
None yet
2 participants
@webprofusion-chrisc
Copy link
Contributor

webprofusion-chrisc commented Feb 20, 2019

Testers wanted, please reply and indicate the deployment task type you'd like to test (or would like added)

#329
Currently our main deployment options are:

  • Local Certificate Store + Local IIS
  • Local Certificate Store

You can additionally use Scripting (Show Advanced Options > Scripting) post-request to perform custom deployment actions.

This planned feature Deployment Tasks intends to extend our current deployment options to have UI for optional selection and configuration of common deployment tasks which can be performed in a variety of configuration:

  • Certificate Store
  • Centralised Certificate Store (PFX export to UNC Path, Windows Credentials, CCS cert file naming)
  • IIS
  • Export to common formats with and without private keys/passwords (.pem, .crt, .pfx, .key) with local or remote destination file copying.
  • Apache (local or remote)
  • Nginx (local or remote)
  • Exchange
  • Custom Script (local or remote, e.g. for custom deployment scripting or service restarts etc)
  • Webhook
  • Others?

UI would likely be an options To [+ Add Deployment Task] and choose from the list, adding any number of tasks and re-ordering as required.

We would default to an Auto deployment of Local Certificate Store (Personal) and Local IIS (same as we currently have), this way current users and users who don't require advanced deployment can just follow the simple process of Create Certificate > Select IIS Site > Request Certificate as normal.

  • May need something for failure continuation yes/no
  • This may involve moving scripting (or post request at least) and webhooks into the Deployment UI
  • Some deployment tasks/steps may be deferred rather than performed as soon as renewal completes e.g. Deployment to Exchange during maintenance window. User would either manually start deployment (UI or CLI) or use a scheduled task to deploy latest. Tasks can be named uniquely (per managed cert) so the user can invoke them from the CLI.
@webprofusion-chrisc

This comment has been minimized.

Copy link
Contributor Author

webprofusion-chrisc commented Feb 20, 2019

We could also have a command line to invoke specific custom named deployment steps for a particular managed cert, so for instance certify deploy "mycert" steps="exchange 2016 deployment","sftp deployment","linux servers" for easy invoke from scheduled tasks or manually during maintenance windows etc.
As per #437

@webprofusion-chrisc

This comment has been minimized.

Copy link
Contributor Author

webprofusion-chrisc commented Feb 20, 2019

Also ref #105 #257 #355

@webprofusion-chrisc

This comment has been minimized.

Copy link
Contributor Author

webprofusion-chrisc commented Feb 27, 2019

Also ref #268 for webhook task

@webprofusion-chrisc webprofusion-chrisc changed the title Feature: configurable deployment tasks Feature: configurable deployment tasks (alpha/beta testers wanted) Feb 28, 2019

@matsmcp

This comment has been minimized.

Copy link

matsmcp commented Mar 15, 2019

I can test pem formated cer + key file function. Would be great if it could be done against the acme test-ca

@webprofusion-chrisc

This comment has been minimized.

Copy link
Contributor Author

webprofusion-chrisc commented Mar 16, 2019

@matsmcp thanks, I'm also looking at making the choice of ACME CA configurable, so staging would be an option. Each CA (and each production/staging variant) is a different account key so we'd need to track those, each CA also has different sets of restrictions.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.