Update TSL Certificate

Currently, the initial certificate generation is not yet automated. You must perform the following steps:

Make a directory for your certificates

docker exec -it letsencrypt_certbot mkdir -p /www/data/testbed.expeca.proj.kth.se/

Request the initial certificate

docker exec -it letsencrypt_certbot certbot certonly --noninteractive --agree-tos
Saving debug log to /var/log/kolla/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for testbed.expeca.proj.kth.se
Waiting for verification...
Cleaning up challenges

Copy fullchain.pem to site-config/certificates/haproxy.pem.

cd /opt/chi-in-a-box
mkdir -p ../site-config/certificates/
sudo cp /var/lib/docker/volumes/letsencrypt_certs/_data/live/testbed.expeca.proj.kth.se/fullchain.pem ../site-config/certificates/haproxy.pem

Append the private key to ../site-config/certificates/haproxy.pem.

sudo vim /var/lib/docker/volumes/letsencrypt_certs/_data/live/testbed.expeca.proj.kth.se/privkey.pem
vim ../site-config/certificates/haproxy.pem

Reset the necessary services

./cc-ansible deploy --site /opt/site-config --tags letsencrypt,haproxy,horizon

After the above step, there is a chance that the reservation of SDRs and other network devices may not work through the python scripts. This is due to an authentication issue and can be resolved by restarting the expeca-controller.

PreviousCreate a VM for the Controller NextAccess the Database

Last updated 3 days ago