fedora-infrastructure

Clone
Source Code
GIT

#11145 Tool to renew certificates for rabbitmq
Closed: Will Not/Can Not fix 7 months ago by zlopez. Opened a year ago by zlopez.

Closed: Will Not/Can Not fix
Reopen Issue

Describe what you would like us to do:

This is a followup for https://pagure.io/fedora-infrastructure/issue/11144 and a nice to have tool. When the certificate is about to expire this tool should create a new one and put it in some safe space, where it could be retrieved by service maintainer. We already have tools to recreate the certificate, see https://pagure.io/fedora-infra/howtos/blob/main/f/fedora_messaging_certificates.md, it's just not automated.

When do you need this to be done by? (YYYY/MM/DD)

Not urgent, but would be nice to have.

I think this is may be too complicated for us to spend a lot of time on.

Not only would it need to renew, it would have to deploy also (or we could renew something and not know we needed to push it out and the old cert would be expired).

I think if we know that are going to expire in the next few weeks, we can just re-issue them and get them deployed.

Metadata Update from @zlopez:
- Issue untagged with: medium-trouble
- Issue tagged with: high-trouble
a year ago

Going to close this one in favour of just the monitoring tool:

https://pagure.io/fedora-infrastructure/issue/11144

if we want to automate this all the way in the future, let's reopen this ticket.

Metadata Update from @ryanlerch:
- Issue close_status updated to: Will Not/Can Not fix
- Issue status updated to: Closed (was: Open)
a year ago

Metadata Update from @zlopez:
- Issue status updated to: Open (was: Closed)
11 months ago

Metadata Update from @zlopez:
- Issue assigned to t0xic0der
11 months ago

For the record, in the private ansible repo I've created a script in files/rabbitmq/renew-certs.sh that will automatically renew all the certificates that expire within 7 days. It's certainly not a standalone solution as corresponding apps should be redeployed, and it's only run manually, but at least it's saving a bit of work, and can maybe be built upon.

[backlog refinement]
When discussing this ticket with @kevin on Fedora Infrastructure weekly meeting we found on that https://gitlab.com/t0xic0der/firmitas tool is enough. So I'm closing this ticket.

Metadata Update from @zlopez:
- Issue close_status updated to: Will Not/Can Not fix
- Issue status updated to: Closed (was: Open)
7 months ago

Login to comment on this ticket.

Metadata

high-trouble medium-gain dev

None
None
Waiting on Assignee
Boards 1
dev Status: Backlog
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.