This is a multi-part message in MIME format... ------------=_1525435956-13373-143 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit [ https://ovirt-jira.atlassian.net/browse/OVIRT-1994?page=com.atlassian.jira.p... ] Evgheni Dereveanchin reassigned OVIRT-1994: ------------------------------------------- Assignee: Evgheni Dereveanchin (was: infra)
foreman certs about to expire -----------------------------
Key: OVIRT-1994 URL: https://ovirt-jira.atlassian.net/browse/OVIRT-1994 Project: oVirt - virtualization made easy Issue Type: Task Reporter: Evgheni Dereveanchin Assignee: Evgheni Dereveanchin Priority: High
The oVirt Foreman was deployed on 05.05.2013 and soon most of the certs issued at that time will expire. Here's a message shown on one of the older systems under its management: Warning: Certificate 'Puppet CA: foreman.ovirt.org' will expire on 2018-05-05T19:41:35GMT Warning: Certificate 'foreman.ovirt.org' will expire on 2018-07-02T13:50:12GMT Warning: Certificate 'monitoring.ovirt.org' will expire on 2018-05-28T15:32:20GMT So the CA certificate is expiring this week, the puppetmaster one - in two months and some client certs - even sooner than that. A possible fix is to generate new CA and puppetmaster certificates using original CSRs, then delete /var/lib/puppet/ssl/certs/ca.pem on clients and most of them should keep working since their own certs will still be signed using the same keys.
-- This message was sent by Atlassian Jira (v1001.0.0-SNAPSHOT#100083) ------------=_1525435956-13373-143 Content-Type: text/html; charset="UTF-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit <html><body> <pre>[ https://ovirt-jira.atlassian.net/browse/OVIRT-1994?page=com.atlassian.jira.p... ]</pre> <h3>Evgheni Dereveanchin reassigned OVIRT-1994:</h3> <pre>Assignee: Evgheni Dereveanchin (was: infra)</pre> <blockquote><h3>foreman certs about to expire</h3> <pre> Key: OVIRT-1994 URL: https://ovirt-jira.atlassian.net/browse/OVIRT-1994 Project: oVirt - virtualization made easy Issue Type: Task Reporter: Evgheni Dereveanchin Assignee: Evgheni Dereveanchin Priority: High</pre> <p>The oVirt Foreman was deployed on 05.05.2013 and soon most of the certs issued at that time will expire. Here's a message shown on one of the older systems under its management: Warning: Certificate ‘Puppet CA: foreman.ovirt.org’ will expire on 2018-05-05T19:41:35GMT Warning: Certificate ‘foreman.ovirt.org’ will expire on 2018-07-02T13:50:12GMT Warning: Certificate ‘monitoring.ovirt.org’ will expire on 2018-05-28T15:32:20GMT So the CA certificate is expiring this week, the puppetmaster one – in two months and some client certs – even sooner than that. A possible fix is to generate new CA and puppetmaster certificates using original CSRs, then delete /var/lib/puppet/ssl/certs/ca.pem on clients and most of them should keep working since their own certs will still be signed using the same keys.</p></blockquote> <p>— This message was sent by Atlassian Jira (v1001.0.0-SNAPSHOT#100083)</p> <img src="https://u4043402.ct.sendgrid.net/wf/open?upn=i5TMWGV99amJbNxJpSp2-2BJ33BSM3t..." alt="" width="1" height="1" border="0" style="height:1px !important;width:1px !important;border-width:0 !important;margin-top:0 !important;margin-bottom:0 !important;margin-right:0 !important;margin-left:0 !important;padding-top:0 !important;padding-bottom:0 !important;padding-right:0 !important;padding-left:0 !important;"/> </body></html> ------------=_1525435956-13373-143--