doxxx

futel · Feb 12, 2015 · f180a6c · f180a6c
1 parent ddacf82
commit f180a6c
Showing 1 changed file with 16 additions and 4 deletions.
diff --git a/vpnbox/README b/vpnbox/README
@@ -1,7 +1,16 @@
 ## Deploy a vpnbox to Digital Ocean
 
 ## Ongoing:
-create keys in conf by following README.ssl
+
+in conf, have:
+(or create by following README.ssl)
+ca.crt ca.key
+client.conf.[prod|stage]
+client.crt client.csr client.key dh1024.pem
+id_rsa
+server.crt server.csr server.key
+
+give client.conf.[prod|stage] to client
 
 ## Deploy stage vpnbox to digital ocean manually
 
@@ -11,6 +20,8 @@ size smallest
 region San Francisco 1
 ssh key (personal key)
 
+create or check out release branch
+
 create droplet from snapshot baseinstall_stage
 src/make_vpnbox.sh <ip>
 save snapshot vpnbox_stage
@@ -22,11 +33,12 @@ wait for DNS to propagate
 
 connect client to vpnbox_stage as in asteriskbox README.client
 
-## promote stage to prod
-# XXX can't rename futel-vpnbox to vpnbox-prod until clients updated
+## promote stage to prod (note names are inconsistent)
 rename futel-vpnbox droplet to futel-vpnbox-back
 rename vpnbox-stage droplet to futel-vpnbox
-change A record for vpnbox to point to new futel-vpnbox
+rename futel-stage hostname to futel-prod
+  edit /etc/sysconfig/network, "hostname futel-vpnbox"
+change A record for futel-vpnbox to point to new futel-vpnbox
 change A record for vpnbox-stage to point to old futel-vpnbox
 wait for DNS to propagate
 # XXX DNS takes time, what about clients already connected to old prod?