Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hot reload of server certificate #1403

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Hot reload of server certificate #1403

wants to merge 2 commits into from

Conversation

krockpot
Copy link

For some use cases, the certificate configured on the host may be short lived and rotated regularly. Rather than restart notary, it makes sense for it to regularly update its certificate information based on what is at the configured path.

@GordonTheTurtle
Copy link

Please sign your commits following these rules:
https://github.com/moby/moby/blob/master/CONTRIBUTING.md#sign-your-work
The easiest way to do this is to amend the last commit:

$ git clone -b "certificate_rotation" git@github.com:krockpot/notary.git somewhere
$ cd somewhere
$ git commit --amend -s --no-edit
$ git push -f

Amending updates the existing PR. You DO NOT need to open a new one.

@docker-jenkins
Copy link

Can one of the admins verify this patch?

@krockpot krockpot force-pushed the certificate_rotation branch from 49e2594 to 2f73f0f Compare November 14, 2018 02:14
@krockpot krockpot force-pushed the certificate_rotation branch from d4886d2 to c636b38 Compare December 17, 2018 19:05
@krockpot krockpot force-pushed the certificate_rotation branch from 3b7f642 to 9fceab8 Compare January 10, 2019 18:25
endophage
endophage reviewed Jan 24, 2019
View reviewed changes
utils/configuration.go Show resolved Hide resolved
utils/configuration.go Outdated Show resolved Hide resolved
@krockpot krockpot force-pushed the certificate_rotation branch from c30b13d to 0ca29a6 Compare February 3, 2019 22:48
endophage
endophage approved these changes Mar 6, 2019
View reviewed changes
Copy link
Contributor

@endophage endophage left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Apologies for letting this languish. LGTM.

cc @justincormack @cyli

@endophage
Copy link
Contributor

Noticed the dco/no tag is still one here. Please make sure all commits in this PR have the Signed off by line. This will block merging.

@krockpot krockpot force-pushed the certificate_rotation branch from 1cda812 to 1da0db5 Compare March 6, 2019 19:36
@krockpot
Copy link
Author

krockpot commented Mar 6, 2019

ah yeah I think that's because I used the update branch button in the UI. rebased manually.

@krockpot krockpot force-pushed the certificate_rotation branch from 1da0db5 to 464f833 Compare March 13, 2019 17:20
@krockpot
Copy link
Author

Unclear why CircleCI was waiting, so I'll just rebase from master again 🤷‍♂️

krockpot added 2 commits April 8, 2019 17:58
@krockpot
add functionality to reload certificate from disk every hour (to hand…
67732e9 
…le rotation cleanly).

Signed-off-by: Jeremy Krach <jkrach@pinterest.com>
@krockpot
break logic into helper function to pass gocyclo checks
8f019ff 
Signed-off-by: Jeremy Krach <jkrach@pinterest.com>
@krockpot krockpot force-pushed the certificate_rotation branch from 464f833 to 8f019ff Compare April 9, 2019 01:20
@krockpot
Copy link
Author

krockpot commented Apr 9, 2019
edited
Loading

@endophage @justincormack should be good to merge (had to do a few rebases), I don't have perms to merge.

@krockpot
Copy link
Author

sorry to spam but @cyli @endophage @justincormack any other actions before this can be merged? Thanks!

@krockpot
Copy link
Author

krockpot commented Jun 4, 2019

Just wanted to follow up again and see if there is any official process to have this PR merged now that it's been accepted. Thanks! (@endophage)

@marcofranssen
Copy link
Contributor

Please sign your commits following these rules:
https://github.com/moby/moby/blob/master/CONTRIBUTING.md#sign-your-work
The easiest way to do this is to amend the last commit:

$ git clone -b "certificate_rotation" git@github.com:krockpot/notary.git somewhere
$ cd somewhere
$ git commit --amend -s --no-edit
$ git push -f

Amending updates the existing PR. You DO NOT need to open a new one.

https://marcofranssen.nl/secure-2fa-ssh-and-pgp-using-krypton/#PGP-setup Here is also a guide which eases howto setup your GPG key

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@justincormack justincormack justincormack left review comments

@endophage endophage endophage approved these changes

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@krockpot @GordonTheTurtle @docker-jenkins @endophage @marcofranssen @justincormack