Rotating the certs for each OS Node #7544
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Signed-off-by: “SanjuPal01” sanju.sanju@progress.com
"Sahiba3108" sgoyal@progress.com
🔩 Description: What code changed, and why?
I want to rotate my certificates for the Opensearch node from the Bastion host using Automate CLI.
⛓️ Related Resources
https://chefio.atlassian.net/browse/KINETICS-232
👍 Definition of Done
👟 How to Build and Test the Change
Add this package in your manifest while deploying HA:
sahiba3108/automate-ha-deployment/0.1.0/20221028084038
Install this cli in your bastion host:
ssanju/automate-cli/0.1.0/20221115071143
Run the below command in bastion:
prerequisite:
chef-automate cert-rotate --public-cert node1.pem --private-cert node1-key.pem --root-ca root-ca.pem --admin-cert admin.pem --admin-key admin-key.pem --os
the above command will rotate certificates to whole cluster and also update the root-ca in frontend nodes to maintain the connection.
Now if you want to apply some unique public and private certs to some node then you need to run the below command
chef-automate cert-rotate --public-cert node1.pem --private-cert node1-key.pem --node <ip> --os
(You can also use --opensearch flag instead of os)
This will rotate the public and private cert of a particular node.
✅ Checklist
All PRs must tick these:
With occasional exceptions, all PRs from Progress employees must tick these:
make spell
in any component directory)All PRs from Progress employees should tick these if appropriate:
Please add a note next to any checkbox above if you are NOT ticking it.
📷 Screenshots, if applicable
Video Link: https://progresssoftware-my.sharepoint.com/:v:/g/personal/ssanju_progress_com/EaVG1j_QkelLteu4DZPAdcIB3V_eJmiq1zb9UtmI6qn6BQ?e=pcmfCp