[Freeipa-devel] [RFE] CA certificate renewal
Jakub Hrozek
jhrozek at redhat.com
Tue Oct 8 07:56:24 UTC 2013
On Tue, Oct 08, 2013 at 09:21:10AM +0200, Petr Spacek wrote:
> On 8.10.2013 09:16, Jan Cholasta wrote:
> >On 8.10.2013 08:37, Petr Spacek wrote:
> >>On 7.10.2013 20:20, Jan Cholasta wrote:
> >>>>Automatic renewal of IPA CA certificate.
> >>>>
> >>>>certmonger currently has no notification capabilities. How will anyone
> >>>>know that the renewal has failed unless they happen to run getcert list?
> >>>>Unfortunately I don't really have an answer. An MTA is looking more and
> >>>>more necessary.
> >>>
> >>>I agree.
> >>
> >>Please, don't invent yet another notification system. Don't try to
> >>re-invent wheel :-)
> >>
> >>There are plenty systems for that, we should just provide hooks for them
> >>(i.e. ability to run custom script on particular event and provide
> >>machine-readable output from our tools).
> >>
> >>I don't want to repeat all the arguments again, so there is a link:
> >>https://www.redhat.com/archives/freeipa-devel/2013-September/msg00071.html
> >>(See the end of the page - the part below all quotations.)
> >>
> >
> >OK, I don't care how this is done. Is syslogging with crit or alert severity
> >good enough?
>
> For me - yes, it is. However, it would be great if there will be a
> 'status check tool' (or parameter) with machine readable output.
I haven't read the whole discussion deeply so I might not have context,
but when thinking about logging, I think you should consider journald.
Journald is great at providing machine readable output (journalctl -b -o
json for instance) as well as having the ability to provide custom
fields to be queried later.
More information about the Freeipa-devel
mailing list