Provide ansible scripts for working with signing servers



2 years ago
10 months ago


(Reporter: hwine, Unassigned)


Firefox Tracking Flags

(Not tracked)


Based on work on renewing Mac cert, some automation across all servers would be nice:

  - report current code deployment hash (should be identical)
  - report hashes of current secrets (should be identical)
  - automatically send email to explain mozdef emails

And, some automation against one server would be handy for:

  - generate Mac CSR for renewal purposes
  - manage the keychain (file) names during renewal process
  - help with deployment of new key/cert to peer servers? <= maybe not

Biggest bonus would be (imo) using inventory to ensure all current servers hit. That could be valuable for adhoc commands.
Darn -- the cli tool can't create the CSR -- or at least the obvious tool 'security' can not.

Comment 2

2 years ago
I have a that I think I used to replace the SSL certs for the signing servers.  Not sure if that helps or not:
Priority: -- → P3


10 months ago
Component: General Automation → General
Product: Release Engineering → Release Engineering
You need to log in before you can comment on or make changes to this bug.