Hi Clint,
Recently I was looking into automatically building some ceph packages in CBS, and I was curious how you're doing automatic CBS builds with the paas user.
I'm guessing you've generated the paas CentOS FAS x509 cert with centos-cert, and then you upload that .centos.cert file into some Jenkins instance? Is that ci.centos.org or something else?
I see mention of the account creation @ https://bugs.centos.org/view.php?id=11465, but there's no mention of how long-lived this FAS x509 cert is. Does it expire every six months like all the others?
- Ken
On 21/09/17 13:59, Ken Dreyer wrote:
Hi Clint,
Recently I was looking into automatically building some ceph packages in CBS, and I was curious how you're doing automatic CBS builds with the paas user.
I'm guessing you've generated the paas CentOS FAS x509 cert with centos-cert, and then you upload that .centos.cert file into some Jenkins instance? Is that ci.centos.org or something else?
It would be somewhere in the workspace dedicated for the jenkins slave, yes (nothing on master)
I see mention of the account creation @ https://bugs.centos.org/view.php?id=11465, but there's no mention of how long-lived this FAS x509 cert is. Does it expire every six months like all the others?
We have certs that don't use the "6 months" period, usually for "service" accounts. But as I can't see that one, I guess it was generated for a real user (so with email validation and so on) and through accounts.centos.org (so with centos-cert) ? If so, yes , it has to be renewed
On Thu, Sep 21, 2017 at 8:37 AM, Fabian Arrotin arrfab@centos.org wrote:
We have certs that don't use the "6 months" period, usually for "service" accounts. But as I can't see that one, I guess it was generated for a real user (so with email validation and so on) and through accounts.centos.org (so with centos-cert) ? If so, yes , it has to be renewed
Thanks Fabian!
To request one of those non-expiring certs for ceph, I've opened https://bugs.centos.org/view.php?id=13884
- Ken
-
Fabian Arrotin -
Ken Dreyer