Merge "Fix letsencrypt_self_generate_tokens defaults"

playbooks/roles/letsencrypt-create-certs/defaults/main.yaml

@@ -1,2 +1,3 @@
 letsencrypt_use_staging: False
 letsencrypt_self_sign_only: False
+letsencrypt_self_generate_tokens: False

playbooks/roles/letsencrypt-request-certs/README.rst

@@ -15,6 +15,17 @@ provision process.
 
 **Role Variables**
 
+.. zuul:rolevar:: letsencrypt_self_generate_tokens
+   :default: False
+
+   When set to ``True``, self-generate fake DNS-01 TXT tokens rather
+   than acquiring them through the ACME process with letsencrypt.
+   This avoids leaving "half-open" challenges during gate testing,
+   where we have no way to publish the DNS TXT records letsencrypt
+   gives us to complete the certificate issue.  This should be
+   ``True`` if ``letsencrypt_self_sign_only`` is ``True`` (unless you
+   wish to specifically test the ``acme.sh`` operation).
+
 .. zuul:rolevar:: letsencrypt_use_staging
 
    If set to True will use the letsencrypt staging environment, rather

playbooks/roles/letsencrypt-request-certs/defaults/main.yaml

@@ -1 +1,2 @@
-letsencrypt_use_staging: False
+letsencrypt_use_staging: False
+letsencrypt_self_generate_tokens: False