Commit 6a5eb8f5 authored by Themis Zamani's avatar Themis Zamani
Browse files

Merge pull request #27 from pkoro/hide_keys

ARGO-242 Add key files explicitly in gitignore
parents b70f7d66 954da9c6
......@@ -2,5 +2,4 @@
.DS_Store
setup.sh
.*.sw?
hostcert.pem
hostkey.pem
roles/has_certificate/files/*.key
......@@ -10,7 +10,7 @@ Contains Ansible playbook for the deployment of the ARGO datastore and API servi
### Things to do before deployment
- Obtain a key/certificate pair from a trusted CA and after place them both under roles/has_certificate/files with names `hostkey.pem` and `hostcert.pem` respectively.
- Obtain a key/certificate pair from a trusted CA and after place them both under roles/has_certificate/files with names `{{inventory_hostname}}.key` and `{{inventory_hostname}}.pem` respectively. As `{{inventory_hostname}}` use the exact name used within the `inventory` file.
- Edit inventory and replace `webapi.node` with the hostname that you intend to deploy the API onto.
### Prerequisites
......@@ -36,7 +36,7 @@ Contains Ansible playbook for the deployment of the ARGO Web UI service. The pla
### Things to do before deployment
- Obtain a key/certificate pair from a trusted CA and after place them both under roles/has_certificate/files with names `hostkey.pem` and `hostcert.pem` respectively.
- Obtain a key/certificate pair from a trusted CA and after place them both under roles/has_certificate/files with names `{{inventory_hostname}}.key` and `{{inventory_hostname}}.pem` respectively. As `{{inventory_hostname}}` use the exact name used within the `inventory` file.
- Edit inventory and replace `webui.node` with the hostname that you intend to deploy the Web UI onto.
- Edit `roles/webui/vars/main.yml` file and change the values of the `certificate_password` and `keystore_password` variables to a stronger value.
......@@ -63,7 +63,7 @@ Contains Ansible playbook for the deployment of all ARGO components. The play is
### Things to do before deployment
- Obtain a key/certificate pair from a trusted CA and after place them both under roles/has_certificate/files with names `hostkey.pem` and `hostcert.pem` respectively.
- Obtain a key/certificate pair from a trusted CA and after place them both under roles/has_certificate/files with names `{{inventory_hostname}}.key` and `{{inventory_hostname}}.pem` respectively. As `{{inventory_hostname}}` use the exact name used within the `inventory` file.
- Edit inventory and replace `standalone.node` with the hostname that you intend to deploy the complete ARGO stack onto.
### Prerequisites
......
---
cert_path: /etc/grid-security/hostcert.pem
key_path: /etc/grid-security/hostkey.pem
\ No newline at end of file
......@@ -7,13 +7,13 @@
- name: Copy host x509 certificate onto host
tags: certificate
copy: src=hostcert.pem
copy: src={{ inventory_hostname }}.pem
dest={{ cert_path }} backup=yes
owner=root group=root mode=0644
- name: Copy host x509 key onto host
tags: certificate
copy: src=hostkey.pem
copy: src={{ inventory_hostname }}.key
dest={{ key_path }} backup=yes
owner=root group=root mode=0400
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment