On Thu, Apr 17, 2025 at 04:22:11PM +0000, Aurelien Bompard via infrastructure wrote: > Hey folks! > > I'm wondering whether we have a list of people who requested Fedora Messaging (RabbitMQ) certificates and how to contact them. > We're in need to refresh the CA cert, so I need to send the new CA cert to all clients so that they can add it to their trusted certs (append it to the file that [tls]ca_cert points to in the config file). > Most of those certs are used by apps in ansible, those are easy, but there are also CentOS and external applications IIRC. > I've tried searching our tracker with little success. Yeah, these should largely have been tickets in the past... but might not have been under the same subject really. ;( > If you are using fedora-messaging in the CentOS infra, please respond here. You likely want to ask Fabian about the centos side. > If you are using fedora-messaging outside of the Fedora infra, please respond here. > I think those user accounts are "external", please chime in if you recognize one of yours: All these -> Fabian > - centos-ci > - alt-src (CentOS Stream) > - centos-integration > - centos-koji > - cbs > - resultsdb-centos > - centos-stream-robosignatory These CoreOS folks (dustymabe) > - coreos These fedora-ci (mvadkert) > - osci-pipelines Copr folks (frostyx, etc) > - copr > - copr-be-dev ELN (yselkowitz) > - distrobuildsync-eln odcs is no more. We can remove these 2. > - odcs-private-queue > - odcs Openqa (adamwill) > - openqa > > I think those certs aren't used anymore, if that's not the case please respond here: > - gitlab-centos > - basset > - datagrepper (only datanommer is connected to the bus) > - git-hooks (used by dist-git but it's now "pagure") Did we ever get rid of the duplicate hook. Last I recall it was still there because it broke something? Or did we fix it? > - github2fedmsg (retired) > - joystick > - mailman3-fedmsg-plugin (renamed to "mailman") > - mbs-private-queue > - messaging-bridge (retired) > - monitor-gating > - mts > - nuancier (retired) > - releng-tools > - robosign (renamed to "robosignatory") > - sse2fedmsg (retired) > - supybot-fedmsg (replaced by maubot) > - tag2distrepo tag2distrepo is still very much in use, but I was unaware it was sending messages? > - tahrir-api (renamed to "tahrir") > - ursabot (replaced by maubot) > - zanata2fedmsg (retired) > - fedora-messaging-operator > - fedora-search > - fm-orchestrator > - rpminspect > - testing-farm testing-farm might still be in use by fedora-ci folks? > I've built this list by looking at issued certs that did not have a matching user creation instruction in our ansible repo, so it may be flawed. > > It would be great if we had some sort of registry with a contact account or address for each issued cert :-) yes. > Once every client is trusting the new CA, we can switch the server certs to the new ones, and then send out the updated client certs. > The new combined CA file is available at https://infrastructure.fedoraproject.org/infra/rabbitmq-certs/production/ca.crt > (replace "production" with "staging" for the staging one) > > Am I missing something? > Thanks for you attention! Thanks! kevin -- _______________________________________________ infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
