Add how to generate fedora-messaging certs
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
This commit is contained in:
Pierre-Yves Chibon
parent
a0a1bc7788
commit
fd4e904473
1 changed files with 44 additions and 0 deletions
44
fedora_messaging_certificates.md
Normal file
44
fedora_messaging_certificates.md
Normal file
|
|
@ -0,0 +1,44 @@
|
||||||
|
# How to create TLS certificates for fedora-messaging
|
||||||
|
|
||||||
|
In ansible-private, find the files/rabbitmq/ folder. In that is a production
|
||||||
|
and a staging subdirectory
|
||||||
|
|
||||||
|
* Create the staging certificates:
|
||||||
|
|
||||||
|
In the staging subdir, run:
|
||||||
|
```
|
||||||
|
/usr/share/easy-rsa/3/easyrsa build-client-full <service name>.stg nopass
|
||||||
|
```
|
||||||
|
|
||||||
|
For example:
|
||||||
|
```
|
||||||
|
/usr/share/easy-rsa/3/easyrsa build-client-full monitor-gating.stg nopass
|
||||||
|
```
|
||||||
|
|
||||||
|
(**note**: for **stg** we always make the name ``.stg`` so that ansible scripts
|
||||||
|
work with it)
|
||||||
|
|
||||||
|
* Create the production certificates:
|
||||||
|
|
||||||
|
In the production subdir, run:
|
||||||
|
|
||||||
|
```
|
||||||
|
/usr/share/easy-rsa/3/easyrsa build-client-full <service name> nopass
|
||||||
|
```
|
||||||
|
|
||||||
|
For example:
|
||||||
|
```
|
||||||
|
/usr/share/easy-rsa/3/easyrsa build-client-full monitor-gating nopass
|
||||||
|
```
|
||||||
|
|
||||||
|
(**note**: no ``.stg`` here).
|
||||||
|
|
||||||
|
* Add the certificates to the git repo:
|
||||||
|
|
||||||
|
Run the usual commands:
|
||||||
|
```
|
||||||
|
git add .
|
||||||
|
git commit -s -a -m 'Added fedora-messaging certs for <service>'
|
||||||
|
git push
|
||||||
|
```
|
||||||
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue