markco> grenade: dustin: for 2008 is there any reason we shouldn't grab new certs on each capture? To avoid ending up with a revoked cert? <dustin> I don't really know how the whole thing works <dustin> but you can only have one cert for a hostname <dustin> what is a capture? <markco> when we capture a new golden ami <dustin> ok <dustin> and you don't destroy the golden ami in between runs? <markco> yeah it is kept around currently <dustin> not very golden then :) <dustin> but in that case you should generate a cert when you first create that instance <dustin> and then not generate one after that <dustin> basically whenever you create an instance, you should get a cert for it, but just once <markco> Ok the instance in which we capture from is terminated after the capture, so it sounds like we should be grabbing new certs each time. <dustin> ah, yes <dustin> oh I see, you keep the AMI but not the instance -- that makes sense :) <dustin> sorry to misunderstand
Created attachment 8710942 [details] [diff] [review] https://github.com/mozilla/build-cloud-tools/pull/166
Attachment #8710942 - Flags: review?(mcornmesser)
Attachment #8710942 - Flags: review?(mcornmesser) → review+
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.