Follow-up on ticket #11659 Can we have that automated and so not relying on me getting notification from centos infra zabbix to ask you through ticket to manually renew and update cert ? I thought that it was automated but doesn't seem so ..
TIA :-)
Metadata Update from @phsmoura: - Issue priority set to: Waiting on Assignee (was: Needs Review) - Issue tagged with: medium-gain, medium-trouble, ops
What needs to be done in here to automate this?
Huh... this shows to me as being renewed on jan 19th?
Are you still showing it as about to expire?
all good now indeed. Can the renew+push to proxies part be automated somehow ? Just to ensure I don't need to create similar ticket every ~90 days :)
Yes, we can... it's part of the ansible playbook. Normally we run it reasonably often for other reasons, but in this case due to holidays and other fires we hadn't
I have an idea how to automate this, so will try and put that in place.
What exactly does your alert trigger on? How many days to expire?
we have multiple warning level in zabbix for this, and we start getting notification when TLS cert valididity is below 30 days, then escalate to next level when it's below 14 days, then 7 days and up to "disaster" level when it's expired
ok, so if we renewed when there's say 35 days left, it should never alert and be good enough?
Metadata Update from @zlopez: - Issue priority set to: Waiting on Reporter (was: Waiting on Assignee)
@arrfab Will the 35 days left be OK with the alert?
@zlopez : whatever works best for you : as long as it's renewed before cert is expired :) ...
Metadata Update from @zlopez: - Issue priority set to: Waiting on Assignee (was: Waiting on Reporter)
Since we are now out of freeze, I have pushed a weekly renew job.
This should take care of things, let us know if it doesn't. ;)
Metadata Update from @kevin: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.