diff --git a/modules/sysadmin_guide/pages/index.adoc b/modules/sysadmin_guide/pages/index.adoc index 9c35053..b85dddf 100644 --- a/modules/sysadmin_guide/pages/index.adoc +++ b/modules/sysadmin_guide/pages/index.adoc @@ -177,7 +177,7 @@ xref:developer_guide:sops.adoc[Developing Standard Operating Procedures]. * xref:simple_koji_ci.adoc[simple_koji_ci] * xref:sshaccess.adoc[SSH Access Infrastructure] * xref:sshknownhosts.adoc[SSH known hosts Infrastructure] -* xref:making-ssl-certificates.adoc[SSL Certificate Creation] +* xref:ssl-certificates.adoc[SSL Certificates] * xref:staging.adoc[Staging] * xref:tag2distrepo.adoc[Tag2DistRepo Infrastructure] * xref:hotness.adoc[The New Hotness] diff --git a/modules/sysadmin_guide/pages/making-ssl-certificates.adoc b/modules/sysadmin_guide/pages/ssl-certificates.adoc similarity index 62% rename from modules/sysadmin_guide/pages/making-ssl-certificates.adoc rename to modules/sysadmin_guide/pages/ssl-certificates.adoc index 963b309..33d7d97 100644 --- a/modules/sysadmin_guide/pages/making-ssl-certificates.adoc +++ b/modules/sysadmin_guide/pages/ssl-certificates.adoc @@ -1,6 +1,6 @@ -= SSL Certificate Creation SOP += SSL Certificates SOP -Every now and then you will need to create an SSL certificate for a +Every now and then you will need to work with SSL certificate for a Fedora Service. == Creating a CSR for a new server @@ -51,3 +51,26 @@ Getting Private key We only want a self-signed certificate to be good for a short time so 30 days sounds good. + +== Renew a SSL certificate + +To renew SSL certificate for existing service you can run ansible playbook from batcave: + +.... +ansible-playbook /srv/web/infra/ansible/playbooks/groups/proxies.yml -t +.... + +For example +.... +ansible-playbook /srv/web/infra/ansible/playbooks/groups/proxies.yml -t release-monitoring.org +.... + +This will renew the certificates for the service and deploy them on proxies. If some proxies +fail during the run, just run the playbook again with limiting it only to proxy that failed. +For example if the previous example failed on `proxy01` you can run the playbook again like this: + +.... +ansible-playbook /srv/web/infra/ansible/playbooks/groups/proxies.yml -t release-monitoring.org -l proxy01\* +.... + +This will run the playbook only for `proxy01`.