diff options
author | Sam Thursfield <sam.thursfield@codethink.co.uk> | 2017-10-04 15:27:46 +0100 |
---|---|---|
committer | Sam Thursfield <sam.thursfield@codethink.co.uk> | 2017-10-04 15:27:46 +0100 |
commit | 7018cd6011afda6afca722719465538e63f00a6a (patch) | |
tree | cdd769fea89d6dd09d51c68ecb221c01c1dced7a | |
parent | 8f5352e8f0ccbb4ba358125ffb76af72580a814e (diff) | |
download | infrastructure-7018cd6011afda6afca722719465538e63f00a6a.tar.gz |
README.mdwn: No need to update SSL certificates for the obsolete services
-rw-r--r-- | README.mdwn | 27 |
1 files changed, 1 insertions, 26 deletions
diff --git a/README.mdwn b/README.mdwn index 79b43592..5212e648 100644 --- a/README.mdwn +++ b/README.mdwn @@ -468,8 +468,7 @@ of the subdomains: cd letsencrypt.sh cat >domains.txt <<'EOF' baserock.org - cache.baserock.org docs.baserock.org download.baserock.org gerrit.baserock.org irclogs.baserock.org openid.baserock.org ostree.baserock.org paste.baserock.org spec.baserock.org - storyboard.baserock.org + docs.baserock.org download.baserock.org irclogs.baserock.org ostree.baserock.org paste.baserock.org spec.baserock.org git.baserock.org EOF @@ -502,29 +501,17 @@ certificates that are present in `certs` and `private` you will have to: # Create some full certs including key for some services that need it this way cat git.baserock.org/cert.csr git.baserock.org/cert.pem git.baserock.org/chain.pem git.baserock.org/privkey.pem > tmp/private/git-with-key.pem - cat cache.baserock.org/cert.csr cache.baserock.org/cert.pem cache.baserock.org/chain.pem cache.baserock.org/privkey.pem > tmp/private/frontend-with-key.pem # Copy key files cp git.baserock.org/privkey.pem tmp/private/git.pem - cp cache.baserock.org/privkey.pem tmp/private/frontend.pem - cp storyboard.baserock.org/privkey.pem tmp/private/storyboard.pem - # Copy cert files cp git.baserock.org/cert.csr tmp/certs/git.csr cp git.baserock.org/cert.pem tmp/certs/git.pem cp git.baserock.org/chain.pem tmp/certs/git-chain.pem - cp cache.baserock.org/cert.csr tmp/certs/frontend.csr - cp cache.baserock.org/cert.pem tmp/certs/frontend.pem - cp cache.baserock.org/chain.pem tmp/certs/frontend-chain.pem - cp storyboard.baserock.org/cert.csr tmp/certs/storyboard.csr - cp storyboard.baserock.org/cert.pem tmp/certs/storyboard.pem - cp storyboard.baserock.org/chain.pem tmp/certs/storyboard-chain.pem # Create full certs without keys cat git.baserock.org/cert.csr git.baserock.org/cert.pem chain.pem > tmp/certs/git-full.pem - cat cache.baserock.org/cert.csr cache.baserock.org/cert.pem cache.baserock.org/chain.pem > tmp/certs/frontend-full.pem - cat storyboard.baserock.org/cert.csr storyboard.baserock.org/cert.pem storyboard.baserock.org/chain.pem > tmp/certs/storyboard-full.pem Before replacing the current ones, make sure you **encrypt** the ones that contain keys (located in `private` folder): @@ -540,7 +527,6 @@ And copy them to the repo: Deploy certificates ------------------- - For `git.baserock.org` just run: ansible-playbook -i hosts baserock_trove/configure-trove.yml @@ -548,20 +534,9 @@ For `git.baserock.org` just run: This script will copy the certificates to the Trove and run the scripts that will configure them. - For the frontend, run: ansible-playbook -i hosts baserock_frontend/instance-config.yml ansible -i hosts -m service -a 'name=haproxy enabled=true state=restarted' --sudo frontend-haproxy - ansible-playbook -i hosts baserock_gerrit/instance-ca-certificate-config.yml - ansible -i hosts -m service -a 'name=gerrit enabled=true state=restarted' --sudo gerrit Which will install the certificates and then restart the services needed. - - -For StoryBoard, run: - - ansible-playbook -i hosts baserock_storyboard/instance-storyboard-config.yml - -This script will trigger a full deployment. It will take a bit longer than the -others, but will do the job. |