We have some TLS certs that are signed by Fedora IPA infra (dogtag). These certs are generated at the IPA side with a validity of 2years by default. While properly enrolled nodes can retrieve that automatically through dogtag, remote systems (like in the CentOS Infra) can't. So we should have : - zabbix monitoring point for TLS cert validity (from host perspective) - automation in place to retrieve renewed TLS certs - let ansible redeploy new TLS certs (already there, just need the renewed .crt files)
Metadata Update from @arrfab: - Issue assigned to arrfab
Metadata Update from @arrfab: - Issue tagged with: authentication, cbs, centos-build-pipeline, centos-common-infra, high-gain, medium-trouble
we have documented the simple process (including a bash wrapper/helper script in git repo) and we also have updated with ansible some TLS certs that were due for a renewal (like on cbs infra)
Metadata Update from @arrfab: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.