Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

suggestion: systemd integration #156

Open
udf2457 opened this issue May 6, 2024 · 2 comments
Open

suggestion: systemd integration #156

udf2457 opened this issue May 6, 2024 · 2 comments

Comments

@udf2457
Copy link

udf2457 commented May 6, 2024

It would be nice if the tool had integration with systemd to enable launch / reload via systemd.

Its saves sysadmins from "reinventing the wheel" and un-necessary DIY maintenance dependencies.

Also pretty much all third-party packages will install a systemd service. So that's more sysadmin work to remove the systemd service.

For example, PostgreSQL, install via official package. It installs a systemd service. All configuration (e.g. where to find SSL certs) is done in /etc/postgresql, so sysadmins don't need to touch the maintainer's systemd service. It would be good to point the /etc config at the spiffe certs location and spiffe-helper calls systemd.

@kfox1111
Copy link
Contributor

kfox1111 commented May 6, 2024

There's a start of some here: spiffe/spire-examples#64

Would be pretty easy to add spiffe-helper there too.

@udf2457
Copy link
Author

udf2457 commented May 6, 2024

Thanks for the pointer, will take a look.

I haven't reviewed it or tried it, but I do know from recently looking through their docs that smallstep use systemd service and timer templates: https://smallstep.com/docs/step-ca/renewal/#automated-renewal ... cert-renewer@.service cert-renewer@.timer and then e.g. creating cert-renewer@postgresql.service and cert-renewer@postgresql.timer

Whether that's simpler or more convoluted than your proposal I don't know... 😉

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants