Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refresh PKI assets from config endpoint #2587

Merged
1 commit merged into from Apr 23, 2022
Merged

Refresh PKI assets from config endpoint #2587

1 commit merged into from Apr 23, 2022

Conversation

ab77
Copy link
Contributor

@ab77 ab77 commented Apr 15, 2022
edited by klutchell

  • ensure OpenVPN client always starts with the latest CA certificate
    from API config endpoint as this certificate may have changed and
    we don't want VPN to be down for ~24 hours until os-config is triggered
    by systemd timer

Change-type: minor
Fixes: #2569

@ab77 ab77 requested review from majorz, alexgg and mtoman April 15, 2022 17:40
alexgg
alexgg approved these changes Apr 15, 2022
View reviewed changes
Copy link
Contributor

@alexgg alexgg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@alexgg alexgg mentioned this pull request Apr 18, 2022
Closed
alexgg
alexgg requested changes Apr 18, 2022
View reviewed changes
Copy link
Contributor

@alexgg alexgg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe add a:

Fixes #2569

To the commit log.

@ab77
Copy link
Contributor Author

ab77 commented Apr 18, 2022

@resin-jenkins jenkins build please

@ab77
Copy link
Contributor Author

ab77 commented Apr 18, 2022

@resin-jenkins test this please

@ab77
Copy link
Contributor Author

ab77 commented Apr 18, 2022

@alexgg I think this is causing the overall build to fail, but I am not exactly sure if its related to this PR cc @klutchell

@alexgg
Copy link
Contributor

alexgg commented Apr 18, 2022

I think this is causing the overall build to fail, but I am not exactly sure if its related to this PR cc @klutchell

@ab77 it's missing #2239. The meta-balena PR needed this device type to be fixed first, once that PR is merged in meta-balena this device tree repo will update and it will build.

mtoman
mtoman approved these changes Apr 20, 2022
View reviewed changes
Copy link
Contributor

@mtoman mtoman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@ab77
Copy link
Contributor Author

ab77 commented Apr 22, 2022

@resin-jenkins test this please

@ab77 @klutchell
Refresh PKI assets from config endpoint
081fca8 
* Fixes #2569
* ensure OpenVPN client always starts with the latest CA certificate
  from API config endpoint as this certificate may have changed and
  we don't want VPN to be down for ~24 hours until os-config is triggered
  by systemd timer

Change-type: minor
@klutchell
Copy link
Collaborator

@resin-jenkins retest this please

@klutchell
Copy link
Collaborator

@balena-ci rebase

@ghost ghost merged commit dff044e into master Apr 23, 2022
@ghost ghost deleted the ab77/openvpn-pki branch April 23, 2022 14:18
This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@PranavPeshwe PranavPeshwe PranavPeshwe left review comments

@alexgg alexgg alexgg approved these changes

@mtoman mtoman mtoman approved these changes

@klutchell klutchell klutchell approved these changes

@majorz majorz Awaiting requested review from majorz

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

openvpn-service should re-run os-config if root ca is expired
5 participants
@ab77 @alexgg @klutchell @PranavPeshwe @mtoman