From d6ee6aa6cb14558461341a83aa22bd7f44fc18b8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Aur=C3=A9lien=20Bompard?= <aurelien@bompard.org>
Date: Fri, 3 Nov 2023 09:11:51 +0100
Subject: [PATCH] Add a paragraph to update the fedmsg CRL and publish it
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Fixes: https://pagure.io/fedora-infrastructure/issue/11599

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
---
 .../sysadmin_guide/pages/fedmsg-certs.adoc    | 21 +++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/modules/sysadmin_guide/pages/fedmsg-certs.adoc b/modules/sysadmin_guide/pages/fedmsg-certs.adoc
index 05b7a6b..d54f7cb 100644
--- a/modules/sysadmin_guide/pages/fedmsg-certs.adoc
+++ b/modules/sysadmin_guide/pages/fedmsg-certs.adoc
@@ -176,3 +176,24 @@ panic. :)
 At the time of this writing, the CRL is not actually used. I need one
 publicly available first so we can test it out.
 ====
+
+== Regenerating the CRL
+
+When the CRL has expired, it needs to be re-generated and re-published.
+
+In the private repo:
+
+....
+$ cd files/fedmsg-certs
+$ source ./vars
+$ ./regen-crl
+$ git commit -a -s -m "Regenerate the fedmsg CRL"
+$ git push
+....
+
+Then run the proxies playbook including only the `fedmsg/crl` tag to publish
+the updated CRL:
+
+....
+$ rbac-playbook playbooks/groups/proxies.yml -t fedmsg/crl
+....