Open ffirg opened 3 years ago
This information is currently not available in the API so the mesh code pod will need to do some work here to expose that.
Do we need any information from execution nodes for this? I'm thinking "no", because we distribute the same cert to all control nodes (in the case of job signing, less certain on tls). A system job is probably overkill from this, because it's just reading stuff from local receptor settings, and I'd suggest we could add a field to some endpoint.
ISSUE TYPE
SUMMARY
Now we have various certification chains and signing mechanisms in the mesh, I would like to be able to validate the certs/keys and notify where possible of pending expiry (much like we do with licenses already).
Mesh installer generate keys for signing work - for signing work from control to execution nodes using keys - https://github.com/ansible/tower-packaging/issues/1407 and https://github.com/ansible/receptor/pull/414
/etc/receptor/receptor.conf also contains a number of TLS certs, such as:
We should inform the user when they are coming up for expiry/renewal. Perhaps a management job which runs periodically, and informs the user 90,60 and 30 days out.