Browse Source

[doc] remove ramblings about ssh certificates from lxc_guest

python3
Edoardo Putti 8 years ago
parent
commit
647082e8a6
2 changed files with 32 additions and 30 deletions
  1. +0
    -30
      doc/source/lxc_guest.rst
  2. +32
    -0
      doc/source/ssh_server.rst

+ 0
- 30
doc/source/lxc_guest.rst View File

@ -32,35 +32,5 @@ During the role execution there are multiple phases
- Create the container and assign the configuration - Create the container and assign the configuration
- Update the container dns configuration - Update the container dns configuration
- Creation of the host ssh certificate if needed
- Update the container network configuration - Update the container network configuration
- Install python and openssh-server - Install python and openssh-server
- Update of the user ssh certification authority public key
SSH Certificate
---------------
During the execution of this role the vm host key will be used to create a certificate signin request.
This requests will be "posted" to the service known as ca manager and ansible will then wait for a certificate from the same service.
This is accomplished using ssh as a mean of transport, the specific task for a signin requests is alwasys like this
.. code-block:: yaml
- name: generate host request
set_fact:
cert_request:
type: 'sign_request'
request:
keyType: 'ssh_host'
hostName: '{{ vm_name }}'
keyData: '{{ vm_public_key.text}}'
- name: start sign request
raw: "{{ cert_request | to_json }}"
delegate_to: ca_request
register: request_result
failed_when: "( request_result.stdout | from_json ).failed"
To sign this certificate an admin must log onto the ca manager machine with the user *sign* and follow the procedure to sign a request with an appropriate certification authority.

+ 32
- 0
doc/source/ssh_server.rst View File

@ -0,0 +1,32 @@
.. highlight:: yaml
ssh_server
=========
SSH Certificate
---------------
During the execution of this role the vm host key will be used to create a certificate signin request.
This requests will be "posted" to the service known as ca manager and ansible will then wait for a certificate from the same service.
This is accomplished using ssh as a mean of transport, the specific task for a signin requests is alwasys like this
.. code-block:: yaml
- name: generate host request
set_fact:
cert_request:
type: 'sign_request'
request:
keyType: 'ssh_host'
hostName: '{{ vm_name }}'
keyData: '{{ vm_public_key.text}}'
- name: start sign request
raw: "{{ cert_request | to_json }}"
delegate_to: ca_request
register: request_result
failed_when: "( request_result.stdout | from_json ).failed"
To sign this certificate an admin must log onto the ca manager machine with the user *sign* and follow the procedure to sign a request with an appropriate certification authority.

Loading…
Cancel
Save