From 647082e8a67a22babc06d0713568611c9fb82b9f Mon Sep 17 00:00:00 2001 From: Edoardo Putti Date: Mon, 10 Apr 2017 16:38:00 +0200 Subject: [PATCH] [doc] remove ramblings about ssh certificates from lxc_guest --- doc/source/lxc_guest.rst | 30 ------------------------------ doc/source/ssh_server.rst | 32 ++++++++++++++++++++++++++++++++ 2 files changed, 32 insertions(+), 30 deletions(-) create mode 100644 doc/source/ssh_server.rst diff --git a/doc/source/lxc_guest.rst b/doc/source/lxc_guest.rst index 7f3137d..c9e03bc 100644 --- a/doc/source/lxc_guest.rst +++ b/doc/source/lxc_guest.rst @@ -32,35 +32,5 @@ During the role execution there are multiple phases - Create the container and assign the configuration - Update the container dns configuration -- Creation of the host ssh certificate if needed - Update the container network configuration - Install python and openssh-server -- Update of the user ssh certification authority public key - -SSH Certificate ---------------- - -During the execution of this role the vm host key will be used to create a certificate signin request. - -This requests will be "posted" to the service known as ca manager and ansible will then wait for a certificate from the same service. - -This is accomplished using ssh as a mean of transport, the specific task for a signin requests is alwasys like this - -.. code-block:: yaml - - - name: generate host request - set_fact: - cert_request: - type: 'sign_request' - request: - keyType: 'ssh_host' - hostName: '{{ vm_name }}' - keyData: '{{ vm_public_key.text}}' - - - name: start sign request - raw: "{{ cert_request | to_json }}" - delegate_to: ca_request - register: request_result - failed_when: "( request_result.stdout | from_json ).failed" - -To sign this certificate an admin must log onto the ca manager machine with the user *sign* and follow the procedure to sign a request with an appropriate certification authority. diff --git a/doc/source/ssh_server.rst b/doc/source/ssh_server.rst new file mode 100644 index 0000000..b80fafc --- /dev/null +++ b/doc/source/ssh_server.rst @@ -0,0 +1,32 @@ +.. highlight:: yaml + +ssh_server +========= + +SSH Certificate +--------------- + +During the execution of this role the vm host key will be used to create a certificate signin request. + +This requests will be "posted" to the service known as ca manager and ansible will then wait for a certificate from the same service. + +This is accomplished using ssh as a mean of transport, the specific task for a signin requests is alwasys like this + +.. code-block:: yaml + + - name: generate host request + set_fact: + cert_request: + type: 'sign_request' + request: + keyType: 'ssh_host' + hostName: '{{ vm_name }}' + keyData: '{{ vm_public_key.text}}' + + - name: start sign request + raw: "{{ cert_request | to_json }}" + delegate_to: ca_request + register: request_result + failed_when: "( request_result.stdout | from_json ).failed" + +To sign this certificate an admin must log onto the ca manager machine with the user *sign* and follow the procedure to sign a request with an appropriate certification authority.