#11756 deploy renewed mirrors.centos.org TLS certs on mirrormanager proxies
Closed: Fixed 23 days ago by kevin. Opened 2 months ago by arrfab.

Follow-up on ticket #11659
Can we have that automated and so not relying on me getting notification from centos infra zabbix to ask you through ticket to manually renew and update cert ? I thought that it was automated but doesn't seem so ..

TIA :-)


Metadata Update from @phsmoura:
- Issue priority set to: Waiting on Assignee (was: Needs Review)
- Issue tagged with: medium-gain, medium-trouble, ops

2 months ago

What needs to be done in here to automate this?

Huh... this shows to me as being renewed on jan 19th?

Are you still showing it as about to expire?

all good now indeed. Can the renew+push to proxies part be automated somehow ? Just to ensure I don't need to create similar ticket every ~90 days :)

Yes, we can... it's part of the ansible playbook. Normally we run it reasonably often for other reasons, but in this case due to holidays and other fires we hadn't

I have an idea how to automate this, so will try and put that in place.

What exactly does your alert trigger on? How many days to expire?

we have multiple warning level in zabbix for this, and we start getting notification when TLS cert valididity is below 30 days, then escalate to next level when it's below 14 days, then 7 days and up to "disaster" level when it's expired

ok, so if we renewed when there's say 35 days left, it should never alert and be good enough?

Metadata Update from @zlopez:
- Issue priority set to: Waiting on Reporter (was: Waiting on Assignee)

2 months ago

@arrfab Will the 35 days left be OK with the alert?

@zlopez : whatever works best for you : as long as it's renewed before cert is expired :) ...

Metadata Update from @zlopez:
- Issue priority set to: Waiting on Assignee (was: Waiting on Reporter)

a month ago

Since we are now out of freeze, I have pushed a weekly renew job.

This should take care of things, let us know if it doesn't. ;)

Metadata Update from @kevin:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

23 days ago

Login to comment on this ticket.

Metadata
Boards 1
ops Status: Backlog