You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It would be nice if the tool had integration with systemd to enable launch / reload via systemd.
Its saves sysadmins from "reinventing the wheel" and un-necessary DIY maintenance dependencies.
Also pretty much all third-party packages will install a systemd service. So that's more sysadmin work to remove the systemd service.
For example, PostgreSQL, install via official package. It installs a systemd service. All configuration (e.g. where to find SSL certs) is done in /etc/postgresql, so sysadmins don't need to touch the maintainer's systemd service. It would be good to point the /etc config at the spiffe certs location and spiffe-helper calls systemd.
The text was updated successfully, but these errors were encountered:
I haven't reviewed it or tried it, but I do know from recently looking through their docs that smallstep use systemd service and timer templates: https://smallstep.com/docs/step-ca/renewal/#automated-renewal ... cert-renewer@.servicecert-renewer@.timer and then e.g. creating cert-renewer@postgresql.service and cert-renewer@postgresql.timer
Whether that's simpler or more convoluted than your proposal I don't know... 😉
It would be nice if the tool had integration with
systemd
to enable launch / reload viasystemd
.Its saves sysadmins from "reinventing the wheel" and un-necessary DIY maintenance dependencies.
Also pretty much all third-party packages will install a systemd service. So that's more sysadmin work to remove the systemd service.
For example, PostgreSQL, install via official package. It installs a systemd service. All configuration (e.g. where to find SSL certs) is done in /etc/postgresql, so sysadmins don't need to touch the maintainer's systemd service. It would be good to point the /etc config at the spiffe certs location and spiffe-helper calls systemd.
The text was updated successfully, but these errors were encountered: