diff options
| author | Pedro Alvarez <pedro.alvarez@codethink.co.uk> | 2017-05-02 14:18:04 +0100 |
|---|---|---|
| committer | Pedro Alvarez <pedro.alvarez@codethink.co.uk> | 2017-05-02 14:19:02 +0100 |
| commit | ce67d75b5fd074c14f57d75823c306e88ae25b84 (patch) | |
| tree | 5e679a7a00bc5e75534dbac1307bb2ab5aa966af | |
| parent | 0984aeb65c4c69d253cecbd933d772f016bf4bf1 (diff) | |
| download | infrastructure-ce67d75b5fd074c14f57d75823c306e88ae25b84.tar.gz | |
Ensure all certificate files needed are created
| -rw-r--r-- | README.mdwn | 18 | ||||
| -rw-r--r-- | baserock_storyboard/storyboard-vars.yml | 2 | ||||
| -rw-r--r-- | baserock_trove/configure-trove.yml | 4 |
3 files changed, 16 insertions, 8 deletions
diff --git a/README.mdwn b/README.mdwn index 2a781aeb..c5834255 100644 --- a/README.mdwn +++ b/README.mdwn @@ -854,10 +854,22 @@ certificates that are present in `certs` and `private` you will have to: cp irclogs.baserock.org/privkey.pem tmp/private/frontend.pem cp storyboard.baserock.org/privkey.pem tmp/private/storyboard.pem + + # Copy cert files + cp git.baserock.org/cert.csr tmp/certs/git.csr + cp git.baserock.org/cert.pem tmp/certs/git.pem + cp git.baserock.org/chain.pem tmp/certs/git-chain.pem + cp irclogs.baserock.org/cert.csr tmp/certs/frontend.csr + cp irclogs.baserock.org/cert.pem tmp/certs/frontend.pem + cp irclogs.baserock.org/chain.pem tmp/certs/frontend-chain.pem + cp storyboard.baserock.org/cert.csr tmp/certs/storyboard.csr + cp storyboard.baserock.org/cert.pem tmp/certs/storyboard.pem + cp storyboard.baserock.org/chain.pem tmp/certs/storyboard-chain.pem + # Create full certs without keys - cat git.baserock.org/cert.csr git.baserock.org/cert.pem chain.pem > tmp/certs/git.pem - cat irclogs.baserock.org/cert.csr irclogs.baserock.org/cert.pem irclogs.baserock.org/chain.pem > tmp/certs/frontend.pem - cat storyboard.baserock.org/cert.csr storyboard.baserock.org/cert.pem storyboard.baserock.org/chain.pem > tmp/certs/storyboard.pem + cat git.baserock.org/cert.csr git.baserock.org/cert.pem chain.pem > tmp/certs/git-full.pem + cat irclogs.baserock.org/cert.csr irclogs.baserock.org/cert.pem irclogs.baserock.org/chain.pem > tmp/certs/frontend-full.pem + cat storyboard.baserock.org/cert.csr storyboard.baserock.org/cert.pem storyboard.baserock.org/chain.pem > tmp/certs/storyboard-full.pem Before replacing the current ones, make sure you **encrypt** the ones that contain keys (located in `private` folder): diff --git a/baserock_storyboard/storyboard-vars.yml b/baserock_storyboard/storyboard-vars.yml index ec382142..ad1fcd8a 100644 --- a/baserock_storyboard/storyboard-vars.yml +++ b/baserock_storyboard/storyboard-vars.yml @@ -43,7 +43,7 @@ storyboard_projects: projects.yaml storyboard_superusers: users.yaml storyboard_mysql_user_password: "{{ baserock_storyboard_password }}" -storyboard_ssl_cert: ../certs/storyboard.pem +storyboard_ssl_cert: ../certs/storyboard-full.pem storyboard_ssl_key: ../private/storyboard.pem storyboard_resolved_ssl_ca: ../certs/letsencrypt-ca.pem diff --git a/baserock_trove/configure-trove.yml b/baserock_trove/configure-trove.yml index a86ee7cd..9ae41f95 100644 --- a/baserock_trove/configure-trove.yml +++ b/baserock_trove/configure-trove.yml @@ -15,10 +15,6 @@ sudo: yes tasks: - # To create the .pem file, simply concatenate - # certs/git.pem with - # the private key for that certificate (which is not committed to Git, of - # course). - name: Install SSL certificate copy: content: "{{ lookup('file', '../private/git-with-key.pem') }}" |