summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSilvio Rhatto <rhatto@riseup.net>2016-11-12 11:57:16 -0200
committerSilvio Rhatto <rhatto@riseup.net>2016-11-12 11:57:16 -0200
commite31fc1a7b51501555867f5c175664710662ffc26 (patch)
tree49a8b15c16e4f8feaf0b0d518d21511b6d9c8c4a
parentbeeed4e1d5348e0fb2dc562bf462cf2e16486e98 (diff)
downloadpadrao-e31fc1a7b51501555867f5c175664710662ffc26.tar.gz
padrao-e31fc1a7b51501555867f5c175664710662ffc26.tar.bz2
Updates certs
-rw-r--r--certs.mdwn19
-rw-r--r--certs/puppet.mdwn30
2 files changed, 5 insertions, 44 deletions
diff --git a/certs.mdwn b/certs.mdwn
index 36df6a0..ee823f5 100644
--- a/certs.mdwn
+++ b/certs.mdwn
@@ -40,7 +40,7 @@ Após a renovação
----------------
cat /path/to/registrar.crt >> /path/to/$DOMAIN.crt
- cat keys/ssl/$DOMAIN.crt | keyringer $HYDRA encrypt ssl/$DOMAIN.crt
+ cat /path/to/$DOMAIN.crt | keyringer $HYDRA encrypt ssl/$DOMAIN.crt
# Registrando e enviando mudancas finais
keyringer $HYDRA git commit
@@ -76,18 +76,9 @@ Copie as notificações para ser incluída em `https://$DOMAIN/certs`:
Por fim, atualize os `postfix::tlspolicy_snippet` do `$DOMAIN`, caso aplicável.
-Checando expiração em massa
----------------------------
+Instalando
+----------
-É necessário instalar o [ssl-cert-check](https://git.fluxo.info/ssl-wrapper):
+Para instalar o certificado num nodo:
- cd $FOLDER/puppet/keys/ssl
-
- for file in *.crt; do
- ssl-cert-check -b -c $file
- done
-
-Puppet
-------
-
-[Renovação de certificados do puppet](puppet).
+ hydra $HYDRA import-certs <nodename>
diff --git a/certs/puppet.mdwn b/certs/puppet.mdwn
deleted file mode 100644
index 490341f..0000000
--- a/certs/puppet.mdwn
+++ /dev/null
@@ -1,30 +0,0 @@
-Puppet: trocando certificados
-=============================
-
-Resetando o master
-------------------
-
-Conforme [referência](http://blkperl.github.io/replace-puppet-ca.html):
-
- hydractl puppet-reset-master
-
-Caso seja necessário limpar todos os requests durante testes:
-
- rm /var/lib/puppetmaster/ssl/ca/requests/*
-
-Reiniciando os agentes
-----------------------
-
-Cada agente precisa ter seus certificados criados:
-
- admin@box$ hydra $HYDRA mass hydractl puppet-reset-agent
- admin@box$ hydra $HYDRA mass hydractl puppet-finger
-
-Colete os fingerprints gerados e confirme com o master:
-
- root@master$ puppet cert list
- root@master$ puppet cert sign --all
-
-Finalmente,
-
- admin@box$ hydra $HYDRA mass /etc/init.d/puppet restart