Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

issue internal CA for 20 years #319

Merged
merged 2 commits into from
May 4, 2022
Merged

issue internal CA for 20 years #319

merged 2 commits into from
May 4, 2022

Conversation

michalskrivanek
Copy link
Member

@mz-pdm
Copy link
Member

mz-pdm commented Apr 28, 2022

It deserves a comment in the commit message, otherwise OK for me.

I believe it applies to the QEMU CA certificate too (qemu-ca.pem) but don't forget to check it in the verification.

@michalskrivanek
Copy link
Member Author

It deserves a comment in the commit message, otherwise OK for me.

to repeat the title, why? Feel free to update

I believe it applies to the QEMU CA certificate too (qemu-ca.pem) but don't forget to check it in the verification.

yes, it applies to QEMU CA too.

@michalskrivanek
Copy link
Member Author

/ost

@mz-pdm
Copy link
Member

mz-pdm commented Apr 29, 2022

It deserves a comment in the commit message, otherwise OK for me.

to repeat the title, why?

No, to explain why we need to extend the certificate lifetime. If there is no reason then we don't need the change.

Feel free to update

I think you can explain it best.

@michalskrivanek
Copy link
Member Author

It deserves a comment in the commit message, otherwise OK for me.

to repeat the title, why?

No, to explain why we need to extend the certificate lifetime. If there is no reason then we don't need the change.
it's in the bug, do you want to copy&paste the bug description? alright

@michalskrivanek
issue internal CA for 20 years
23a5459 
Currently our internal CA is always issued for 10 years during the
initial engine-setup. This carries over upgrades and on old enough
installations we can get close to expiration. We don't have an easy way
how to replace internal CA without complete downtime, and running over
the expiration date leads to a complete cease of communication between
all oVirt components.

Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=2079799
mz-pdm
mz-pdm approved these changes Apr 29, 2022
View reviewed changes
Copy link
Member

@mz-pdm mz-pdm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great, thanks!

mwperina
mwperina approved these changes May 3, 2022
View reviewed changes
Copy link
Member

@mwperina mwperina left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1

@michalskrivanek michalskrivanek merged commit 35b0719 into oVirt:master May 4, 2022
@michalskrivanek michalskrivanek deleted the longer-ca branch May 4, 2022 07:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mz-pdm mz-pdm mz-pdm approved these changes

@mwperina mwperina mwperina approved these changes

@ahadas ahadas Awaiting requested review from ahadas ahadas is a code owner

@bennyz bennyz Awaiting requested review from bennyz bennyz is a code owner

@emesika emesika Awaiting requested review from emesika emesika is a code owner

@oliel oliel Awaiting requested review from oliel

@sgratch sgratch Awaiting requested review from sgratch sgratch is a code owner

@didib didib Awaiting requested review from didib didib is a code owner

Assignees

@michalskrivanek michalskrivanek

Labels
None yet
Projects
None yet
Milestone
ovirt-4.5.1
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@michalskrivanek @mz-pdm @mwperina @sandrobonazzola