As a CNV admin I'd like to easily check if my CNV certificates are nearing their expiry date, and to easily regenerate new certificate. I'd like to have a script such as cnv_certs.sh that can be used as follows: $ oc login $ ./cnv_certs.sh examine ... list of existing certs, each with its expiry date $ ./cnv_certs.sh renew ... list of new certs each with its expiry date The script should work against cnv-1.4 and cnv-2 (possibly two different scripts).
There is now a script in HCO which roughly does what was requested here: https://github.com/kubevirt/hyperconverged-cluster-operator/pull/372 https://github.com/kubevirt/hyperconverged-cluster-operator/pull/352 It only rotates. It does not show you when certificates would expire.
Roman, you answered only few of my requests. I see the script is documented here: https://github.com/kubevirt/hyperconverged-cluster-operator/blob/master/tools/README.md#rotating-certificates I believe the script is ready to be tested, I see no reason to keep it MODIFIED. Correct me if I am wrong. Wouldn't the same script work for bug 1768751 too?
> Roman, you answered only few of my requests. Yes, sorry. > Wouldn't the same script work for bug 1768751 too? Yep. Updated. > I believe the script is ready to be tested, I see no reason to keep it MODIFIED. Correct me if I am wrong. I can't speak for QE, so that was intentional.
> I can't speak for QE, so that was intentional. I don't follow. MODIFIED means "coding is done, but a build is not yet available for QE". In this case we don't expect to have any build. QE is expected to test upstream.
Ran all the tests from the HCO repo at github.com/kubevirt/hyperconverged-cluster-operator/tests/func-tests/certificates_test.go All tests PASSED except the one with PVC+VMI ( It failed because of the StorageClass name mismatch ) So, created a VM with PVC manually and it worked successfully. Will attach the logs shortly.
Also had created a VM before running the cert rotation script and was able to access the console after running the cert rotation script.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2020:0307