This is a followup for https://pagure.io/fedora-infrastructure/issue/11144 and a nice to have tool. When the certificate is about to expire this tool should create a new one and put it in some safe space, where it could be retrieved by service maintainer. We already have tools to recreate the certificate, see https://pagure.io/fedora-infra/howtos/blob/main/f/fedora_messaging_certificates.md, it's just not automated.
Not urgent, but would be nice to have.
I think this is may be too complicated for us to spend a lot of time on.
Not only would it need to renew, it would have to deploy also (or we could renew something and not know we needed to push it out and the old cert would be expired).
I think if we know that are going to expire in the next few weeks, we can just re-issue them and get them deployed.
Metadata Update from @zlopez: - Issue untagged with: medium-trouble - Issue tagged with: high-trouble
Going to close this one in favour of just the monitoring tool:
https://pagure.io/fedora-infrastructure/issue/11144
if we want to automate this all the way in the future, let's reopen this ticket.
Metadata Update from @ryanlerch: - Issue close_status updated to: Will Not/Can Not fix - Issue status updated to: Closed (was: Open)
Metadata Update from @zlopez: - Issue status updated to: Open (was: Closed)
Metadata Update from @zlopez: - Issue assigned to t0xic0der
For the record, in the private ansible repo I've created a script in files/rabbitmq/renew-certs.sh that will automatically renew all the certificates that expire within 7 days. It's certainly not a standalone solution as corresponding apps should be redeployed, and it's only run manually, but at least it's saving a bit of work, and can maybe be built upon.
files/rabbitmq/renew-certs.sh
[backlog refinement] When discussing this ticket with @kevin on Fedora Infrastructure weekly meeting we found on that https://gitlab.com/t0xic0der/firmitas tool is enough. So I'm closing this ticket.
Metadata Update from @zlopez: - Issue close_status updated to: Will Not/Can Not fix - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.