Issue #1040: Automate host IPA TLS certs retrieval/deployment - centos-infra

centos-infra

#1040 Automate host IPA TLS certs retrieval/deployment

Closed: Fixed a year ago by arrfab. Opened a year ago by arrfab.

We have some TLS certs that are signed by Fedora IPA infra (dogtag).
These certs are generated at the IPA side with a validity of 2years by default.
While properly enrolled nodes can retrieve that automatically through dogtag, remote systems (like in the CentOS Infra) can't.
So we should have :
- zabbix monitoring point for TLS cert validity (from host perspective)
- automation in place to retrieve renewed TLS certs
- let ansible redeploy new TLS certs (already there, just need the renewed .crt files)

Metadata Update from @arrfab:
- Issue assigned to arrfab

a year ago

Metadata Update from @arrfab:
- Issue tagged with: authentication, cbs, centos-build-pipeline, centos-common-infra, high-gain, medium-trouble

a year ago

arrfab commented a year ago

we have documented the simple process (including a bash wrapper/helper script in git repo) and we also have updated with ansible some TLS certs that were due for a renewal (like on cbs infra)

Metadata Update from @arrfab:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

a year ago

Metadata

Assignee

arrfab

Tags

Blocking

None

Depending on

None

Priority

Needs Review

centos-infra

Source Code

#1040 Automate host IPA TLS certs retrieval/deployment Closed: Fixed a year ago by arrfab. Opened a year ago by arrfab.

Metadata

centos-build-pipeline authentication centos-common-infra high-gain cbs medium-trouble

#1040 Automate host IPA TLS certs retrieval/deployment

Closed: Fixed a year ago by arrfab. Opened a year ago by arrfab.