Uploaded image for project: 'Infrastructure'
  1. Infrastructure
  2. INFRA-2898

Renew cert.ci.jenkins.io service principal

    XMLWordPrintable

    Details

    • Type: Task
    • Status: Closed (View Workflow)
    • Priority: Minor
    • Resolution: Fixed
    • Component/s: azure
    • Labels:
      None
    • Similar Issues:

      Description

      AAD => App registrations => All applications => cert.ci.jenkins.io => A certificate or secret has expired. Create a new one

      Update the configuration on cert.ci.jenkins.io or pass the secret to Daniel Beck

      cc Mark Waite / Olivier Vernin who have permission for it

      Happy to do it myself, it requires one of the User Administrator or Global Administrator roles in Azure AD

        Attachments

          Activity

          Hide
          markewaite Mark Waite added a comment -

          Tim Jacomb I'm happy to make this change, though I'm concerned that I will make a mistake. I can see certificate or secret that has expired:

          It is the next steps that are unclear to me. Would you be willing to coach me through the necessary changes to renew that certificate and push the renewed certificate to the correct locations?

          Show
          markewaite Mark Waite added a comment - Tim Jacomb I'm happy to make this change, though I'm concerned that I will make a mistake. I can see certificate or secret that has expired: It is the next steps that are unclear to me. Would you be willing to coach me through the necessary changes to renew that certificate and push the renewed certificate to the correct locations?
          Hide
          timja Tim Jacomb added a comment -

          Click the app registration, there should be a link at the top sayings it’s expired and do you want to create a new credential, create a new one it will auto generate something for you, copy it somewhere

          On cert.ci.Jenkins.io there will be a credential of type azure service principal that needs its client secret updated

          Show
          timja Tim Jacomb added a comment - Click the app registration, there should be a link at the top sayings it’s expired and do you want to create a new credential, create a new one it will auto generate something for you, copy it somewhere On cert.ci.Jenkins.io there will be a credential of type azure service principal that needs its client secret updated
          Hide
          markewaite Mark Waite added a comment -

          Daniel Beck and I were able to create the new client secret and install it on cert.ci.jenkins.io thanks to the guidance from Tim Jacomb. Provisioning agents now on cert.ci.jenkins.io

          Show
          markewaite Mark Waite added a comment - Daniel Beck and I were able to create the new client secret and install it on cert.ci.jenkins.io thanks to the guidance from Tim Jacomb . Provisioning agents now on cert.ci.jenkins.io
          Hide
          danielbeck Daniel Beck added a comment -

          Builds are back \o/

          Show
          danielbeck Daniel Beck added a comment - Builds are back \o/

            People

            Assignee:
            markewaite Mark Waite
            Reporter:
            timja Tim Jacomb
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: