Rotating the certs for each OS Node #7544

SanjuPal01 · 2022-11-15T08:07:58Z

Signed-off-by: “SanjuPal01” sanju.sanju@progress.com
"Sahiba3108" sgoyal@progress.com

🔩 Description: What code changed, and why?

I want to rotate my certificates for the Opensearch node from the Bastion host using Automate CLI.

⛓️ Related Resources

https://chefio.atlassian.net/browse/KINETICS-232

👍 Definition of Done

👟 How to Build and Test the Change

Add this package in your manifest while deploying HA:
sahiba3108/automate-ha-deployment/0.1.0/20221028084038

Install this cli in your bastion host:
ssanju/automate-cli/0.1.0/20221115071143

Run the below command in bastion:
prerequisite:
chef-automate cert-rotate --public-cert node1.pem --private-cert node1-key.pem --root-ca root-ca.pem --admin-cert admin.pem --admin-key admin-key.pem --os
the above command will rotate certificates to whole cluster and also update the root-ca in frontend nodes to maintain the connection.

Now if you want to apply some unique public and private certs to some node then you need to run the below command
chef-automate cert-rotate --public-cert node1.pem --private-cert node1-key.pem --node <ip> --os
(You can also use --opensearch flag instead of os)
This will rotate the public and private cert of a particular node.

✅ Checklist

All PRs must tick these:

I have read the CONTRIBUTING document.
All commits signed-off for the Developer Certification of Origin.

With occasional exceptions, all PRs from Progress employees must tick these:

Is the code clear? (complicated code or lots of comments--subdivide and use well-named methods, meaningful variable names, etc.)
Consistency checked? (user notifications, user prompts, visual patterns, code patterns, variable names)
Repeated code blocks eliminated? (adapt and reuse existing components, blocks, functions, etc.)
Spelling, grammar, typos checked? (at a minimum use make spell in any component directory)
Code well-formatted? (indents, line breaks, etc. improve rather than hinder readability)