Capturing follow up work from TRITON-2478
We currently do all sorts of work getting TLS certificates set up in one way or another even if they won’t be used at all. We could stop doing that and get faster boot times in those cases.
@nshalman
Noting for myself, the existing code will make sure that we have a self-signed certificate even if there is no TLS in the resulting haproxy configuration. We can probably just do better. Either TLS certificates are definitely needed in which case we should make certain they are working, or we should skip checking for them entirely.
@danmcd
Should you resolve this? Or are we "just doing better" before this goes back? No wrong answer from my POV. Yours is the important POV here.
@nshalman
The more I think about this, the less I want to fix it now. It will involve making even more changes to some of the bash scripts that I've been trying to avoid touching for this phase.
@nshalman
As I noted elsewhere, we can and should just do better. Either TLS certificates are definitely needed in which case failure is unacceptable, or they are not needed and we shouldn't waste any time on them at all.
@danmcd
Same question as earlier.
@nshalman
Same answer as before. I think this is a refactor worth doing, but I think it should be deferred to the next phase.
I think I will file a fresh ticket for that work and paste in my notes there.