Deploying CA certificates, custom X509 certificates, and private keys - Adaptive Applications - BlueCat Gateway - 21.1

BlueCat Distributed DDNS Administration Guide

prodname
BlueCat Gateway
version_custom
21.1

Once you have generated the CA certificates, custom X509 certificates, and private keys for each Distributed DDNS component, you must associate the certificates and keys with the corresponding components.

Distributed DDNS Data Nodes

  1. Copy the ca_cert.pem (CA certificate), mariadb_server_cert.pem (custom X509 certificate), and mariadb_server_key.pem (private key) files to the /var/lib/docker/volumes/mariadb-config/_data/ssl directory of each host machine running the Distributed DDNS Data Node component.
  2. Shut down the cluster by stopping each node, one at a time, using the following command:
    docker stop <node_name>
  3. Once you have shut down all nodes, remove all IP addresses of cluster nodes in the cluster configuration file (my.cnf) located under /var/lib/docker/volumes/mariadb-config/_data/my.cnf.
    Note: The IP addresses of cluster nodes is located within the wsrep_cluster_address setting. Remove the addresses so that the setting looks similar to the following:
    wsrep_cluster_address=gcomm://
  4. Restart the one node where the cluster configuration file was edited using the following command:
    docker start <node_name>
  5. Once the first node has successfully started and services have restarted, restart the other nodes.
  6. On the initial node where the cluster configuration file was edited, add the IP addresses of all cluster nodes. The wsrep_cluster_address setting of the /var/lib/docker/bolumes/mariadb-config/_data/my.cnf file should look similar to the following:
    wsrep_cluster_address=gcomm://<node1_ip>,<node2_ip>,<node3_ip>
  7. Copy the ca_cert.pem (CA certificate) to the /var/lib/docker/volumes/daemon-config/_data/ssl_config/mariadb/ssl directory of each node.
  8. Restart the services on each node using the following commands:
    docker exec <container_name> supervisorctl restart config_daemon:*

Distributed DDNS Application Node

  1. Copy the ca_cert.pem (CA certificate), workflow_cert.pem (custom X509 certificate), and workflow_key.pem (private key) files to the /var/lib/docker/volumes/gateway_data/_data/workflows/app/certificates directory of the host machine running the Distributed DDNS Application Node.
  2. Restart the container using the following command:
    docker restart <container_name>

Distributed DDNS Service Node

  1. Copy the ca_cert.pem (CA certificate) file to the /var/lib/docker/volumes/ssl_config/_data directory of the host machines running the Distributed DDNS Service Node.
  2. Copy the ca_cert.pem (CA certificate), api_server_cert.pem (custom X509 certificate), and api_server_key.pem (private key) files to the /var/lib/docker/volumes/ssl_config/_data directory.
  3. Restart the container using the following command:
    docker restart <container_name>