recreate expired certificates

Qarik-Group / bucc

The fastest way to get a BUCC (BOSH, UAA Credhub and Concourse)

Apache License 2.0

135 stars 46 forks source link

recreate expired certificates #171

Closed ramonskie closed 5 years ago

ramonskie commented 5 years ago

the ability to recreate expired certificates. it should be as simple as updating the state/cred.yml

echo "$(bosh int state/creds.yml -o <(echo -e "- type: remove\n path: /credhub_ca"))" > state/creds.yml bucc up something like this

ramonskie commented 5 years ago

all certs that need to renewed /credhub_ca /credhub_tls /vault-proxy_tls: //nats_clients_director_tls /nats_ca /nats_clients_health_monitor_tls /nats_server_tls /mbus_bootstrap_ssl /atc_ssl /blobstore_ca /blobstore_server_tls /director_ssl /token_signing_key /uaa_jwt_signing_key /worker_key /uaa_ssl /uaa_service_provider_ssl /tsa_host_key

ramonskie commented 5 years ago

after renewe certs. all bosh created vms are in a flux state due to the fact that the agent cannot connect connect with nats due to changed certificates. on each deployment a bosh cck -d YourDeployment should be run

ramonskie commented 5 years ago

https://github.com/starkandwayne/bucc/commit/24fa6dcf10b80eb84e0f98ffa09b7c9ec57bfc8b