gsadmin/certctl
1
0
Fork 0
mirror of https://github.com/shankar0123/certctl.git synced 2026-06-11 12:58:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

ci-pipeline-cleanup Phase 6 follow-up: IIS operator playbook + matrix doc

Browse Source 
Bundle: ci-pipeline-cleanup, Phase 6 follow-up.

Phase 5+6 commit removed the deploy-vendor-e2e-windows matrix from
ci.yml; this commit closes the Phase 6 deliverables that aren't
ci.yml-side:

1. NEW docs/connector-iis.md::Operator validation playbook
   (Windows host) — the procedure operators run pre-release to flip
   the IIS / WinCertStore vendor-matrix cells from
   'operator-playbook' → '✓'. Mirrors the Bundle II frozen decision
   0.14 third-criterion (operator manual smoke required).

2. docs/deployment-vendor-matrix.md — IIS + WinCertStore rows status
   updated from 'pending' → 'operator-playbook' with link to the
   new playbook section.

3. deploy/docker-compose.test.yml — windows-iis-test sidecar comment
   updated to reflect that CI no longer activates this profile;
   sidecar definition preserved for operator local use via
   'docker compose --profile deploy-e2e-windows up -d windows-iis-test'.

Operator workflow going forward:
- Pre-release: run the playbook on a Windows host
- Record validation date + Windows Server version in
  cowork/<bundle>/iis-validation-receipts.md
- Update docs/deployment-vendor-matrix.md cells if applicable
This commit is contained in:
shankar0123
2026-04-30 20:47:49 +00:00
parent 6f6de639a0
commit d0bc53b63b
3 changed files with 85 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/deployment-vendor-matrix.md
+4 -4
View File
@@ -39,15 +39,15 @@ vendor. EOL versions explicitly excluded.
| **Postfix** | postfix.org | 3.6 | CI | per-listener cert binding | configure cert per-listener block | `TestVendorEdge_Postfix_MultiListenerCertBinding_DeployUpdatesCorrectListener_E2E` |
| Postfix | postfix.org | 3.8 | CI | (same) | (same) | (same) |
| **Dovecot** | dovecot.org | 2.3 | CI | submission/submissions port variants | configure both inet_listener blocks | `TestVendorEdge_Dovecot_SubmissionSubmissionsPortVariants_E2E` |
| **IIS** | microsoft.com | IIS 10 (Server 2019) | pending | Windows-host-only CI; app-pool recycle opt-in | `AppPoolRecycle: true` per-target if needed | `TestVendorEdge_IIS_AppPoolRecycle_OptInForCertChange_E2E` |
| IIS | microsoft.com | IIS 10 (Server 2022) | pending | (same) | (same) | (same) |
| **IIS** | microsoft.com | IIS 10 (Server 2019) | operator-playbook | Windows-host-only validation per [operator playbook](connector-iis.md#operator-validation-playbook-windows-host); app-pool recycle opt-in | `AppPoolRecycle: true` per-target if needed | `TestVendorEdge_IIS_AppPoolRecycle_OptInForCertChange_E2E` |
| IIS | microsoft.com | IIS 10 (Server 2022) | operator-playbook | (same) | (same) | (same) |
| **F5 BIG-IP** | f5.com | v15.1 LTS | mock | larger cert chain (>4 links) historical issue | use cert chain ≤4 links OR upgrade to v17 | `TestVendorEdge_F5_LargeCertChainHandling_E2E` |
| F5 BIG-IP | f5.com | v17.0 | mock | (chain limit lifted) | n/a | (same) |
| F5 BIG-IP | f5.com | v17.5 | mock | (same) | n/a | (same) |
| **SSH** | openssh.com | OpenSSH 8.x | CI | sftp subsystem may be disabled | connector falls back to scp | `TestVendorEdge_SSH_SFTPSubsystemAbsent_FallsBackToSCP_E2E` |
| SSH | openssh.com | OpenSSH 9.x | CI | (same) | (same) | (same) |
| **WinCertStore** | microsoft.com | Windows Server 2019 | pending | cert store ACL: NS vs IIS_IUSRS | configure store ACL per IIS app-pool identity | `TestVendorEdge_WinCertStore_CertStoreACL_NetworkServiceAccess_E2E` |
| WinCertStore | microsoft.com | Windows Server 2022 | pending | (same) | (same) | (same) |
| **WinCertStore** | microsoft.com | Windows Server 2019 | operator-playbook | Windows-host-only validation per [operator playbook](connector-iis.md#operator-validation-playbook-windows-host); cert store ACL: NS vs IIS_IUSRS | configure store ACL per IIS app-pool identity | `TestVendorEdge_WinCertStore_CertStoreACL_NetworkServiceAccess_E2E` |
| WinCertStore | microsoft.com | Windows Server 2022 | operator-playbook | (same) | (same) | (same) |
| **JavaKeystore** | adoptium.net | JDK 11 LTS | pending | keytool `-importkeystore` semantics | use `KeytoolPath` config to pin to JDK | `TestVendorEdge_JavaKeystore_JDK11_vs_17_vs_21_KeytoolBehavior_E2E` |
| JavaKeystore | adoptium.net | JDK 17 LTS | pending | (same) | (same) | (same) |
| JavaKeystore | adoptium.net | JDK 21 LTS | pending | (same) | (same) | (same) |