Closed stevecharon closed 11 months ago
How can I regenerate the CA too?
With quick look to code, logic looks to be that those are generated when they do not exist in config. So this should works (worked at least on my lab):
/var/lib/rancher/conf/cloud-config.yml
and remove ca_cert
and ca_key
sudo ros tls gen --server -H localhost
If you can tell me switching to burmilla will fix this I would be happy to do so
It does not but I would recommend upgrade because of known security issues and other bugs on RancherOS. However on this point of time, you probably want to wait that our 2.0.0 version get out from release candidate state and released as RTM.
thanks, now I have a correct ca in place. What is odd: it should not even regenerate certs if the CA is about to expire and server/client cert goes beyond validity of CA. That is just plain wrong. I will test migration to 1.9.x Waiting for 2.0 can be used to get up to the latest. I would guess upgrading from 1.9 to 2.x will be more smooth than from 1.5?
BurmillaOS Version: (ros os version) 1.5.8
Where are you running BurmillaOS? (docker-machine, AWS, GCE, baremetal, etc.) Nutanix AHV VM
Which processor architecture you are using? Intel gold
Do you use some extra hardware? (GPU, etc)? No
Which console you use (default, ubuntu, centos, etc..) debian
Do you use some service(s) which are not enabled by default? qemu-guestagent
Have you installed some extra tools to console?
Do you use some other customizations? Docker TLS, own registry (jfrog-artifactory)
Please share copy of your cloud-init (remember remove all sensitive data first)
I use TLS since 2020 to monitor the containers in the VM. Now the certificate expired and I wanted to regenerate according to documentation. But I noticed that only server and client cert can be regenerated. The underlying CA is still kept, which will expire tomorrow. How can I regenerate the CA too? I already deleted CA.pem and CA-cert.pem to no avail. The exact some files are put in /etc/docker/tls every time I use sudo ros tls gen -H localhost -d /etc/docker/tls
I know I am using rancheros 1.5.8 but since documentation still states the same for burmilla I thought here is more responsive. If you can tell me switching to burmilla will fix this I would be happy to do so
best regards
Steve