add /etc/ipa to certificates_enddate #2649
Conversation
|
Can one of the admins verify this patch? |
|
hi @bfahr @csams |
| @@ -181,7 +181,7 @@ def is_ceph_monitor(broker): | |||
| ceph_osd_tree = simple_command("/usr/bin/ceph osd tree -f json") | |||
| ceph_s = simple_command("/usr/bin/ceph -s -f json") | |||
| ceph_v = simple_command("/usr/bin/ceph -v") | |||
| certificates_enddate = simple_command("/usr/bin/find /etc/origin/node /etc/origin/master /etc/pki -type f -exec /usr/bin/openssl x509 -noout -enddate -in '{}' \; -exec echo 'FileName= {}' \;") | |||
| certificates_enddate = simple_command("/usr/bin/find /etc/origin/node /etc/origin/master /etc/pki /etc/ipa -type f -exec /usr/bin/openssl x509 -noout -enddate -in '{}' \; -exec echo 'FileName= {}' \;") | |||
There was a problem hiding this comment.
@fcami - please update the simple_file of the spec certificates_enddate in insights_archive.py.
FYI, you could use the "mangle" script of insights core to generate its simple_file:
# mangle "/usr/bin/find /etc/origin/node /etc/origin/master /etc/pki /etc/ipa -type f -exec /usr/bin/openssl x509 -noout -enddate -in '{}' \; -exec echo 'FileName= {}' \;"
insights_commands/find_.etc.origin.node_.etc.origin.master_.etc.pki_.etc.ipa_-type_f_-exec_.usr.bin.openssl_x509_-noout_-enddate_-in_-exec_echo_FileName
There was a problem hiding this comment.
@xiangce Thanks for the hint, this is done.
There was a problem hiding this comment.
@fcami - oh, sorry just missed one point, since this update will not be applied to the uploader.json in the insights-core-assets immediately. And the insights archives collected from our customer is discrete, which means there must insights-archive collect with the old spec and some with the new. To make sure the spec certificates_enddate working well with both the old simple_file and the newly updated simple file, we'd better use the first_file to make it compatible for the both simple_files,
certificates_enddate = first_file(["insights_commands/find_.etc.origin.node_.etc.origin.master_.etc.pki_.etc.ipa_-type_f_-exec_.usr.bin.openssl_x509_-noout_-enddate_-in_-exec_echo_FileName", "insights_commands/find_.etc.origin.node_.etc.origin.master_.etc.pki_-type_f_-exec_.usr.bin.openssl_x509_-noout_-enddate_-in_-exec_echo_FileName"])Thanks.
There was a problem hiding this comment.
Good catch, I had not thought of that, thanks! This should be fixed.
|
hi @xiangce thanks for the review, I've updated insights_archive.py too. |
|
@fcami - Thanks for your quick update, it looks good to me. |
The FreeIPA CA certificate at /etc/ipa/ca.crt expiration date should be monitored too. Signed-off-by: François Cami <[email protected]>
The FreeIPA CA certificate at /etc/ipa/ca.crt expiration date should be monitored too. Signed-off-by: François Cami <[email protected]> (cherry picked from commit 3f11d46)
The FreeIPA CA certificate at /etc/ipa/ca.crt expiration date should be monitored too. Signed-off-by: François Cami <[email protected]>
The FreeIPA CA certificate at /etc/ipa/ca.crt expiration date should
be monitored too.
Signed-off-by: François Cami [email protected]