Once you have generated the CA certificates, custom X509 certificates, and private keys for each Distributed DDNS component, you must associate the certificates and keys with the corresponding components.
You can create custom certificates and keys using the following
command:
python3 /opt/bluecat/common/generate_certificates/gen_cert.py \ <dir_containing_ca_key_pair> \ <dir_containing_custom_cert_and_key> \ <key_name> \ <cert_name>
Distributed DDNS Data Nodes
- Ensure that the ca_key.pem (CA Key) and ca_cert.pem (CA
Certificate) have read permissions set for all users using the following
command:
chmod a+r ca_key.pem chmod a+r ca_cert.pem
- Copy the ca_cert.pemand ca_key.pem files to each BDDS running
the Distributed DDNS Data Node component using the following
command:
docker cp ca_key.pem <docker-container-name>:/etc/ddns_ssl/ca/ docker cp ca_cert.pem <docker-container-name>:/etc/ddns_ssl/ca/
- On each BDDS running the Distributed DDNS Data Node, log in to the container
and run the following commands to create custom
certificates:
docker exec -it <container-name> bash python3 /opt/bluecat/common/generate_certificates/gen_cert.py /etc/ddns_ssl/ca/ /etc/ddns_ssl/mysql/ mariadb_server_key.pem mariadb_server_cert.pem python3 /opt/bluecat/common/generate_certificates/gen_cert.py /etc/ddns_ssl/ca/ /etc/ddns_ssl/app_db/ app_db_key.pem app_db_cert.pem
- Verify that the custom certificates have been successfully created by checking the /var/log/gen_ssl.log file.
- Shut down the cluster by stopping each node, one at a time, using the
following command:
docker stop <node_name>
- Once you have shut down all nodes, remove all IP addresses of cluster nodes
in the cluster configuration file (my.conf) located under
/var/lib/docker/volumes/mariadb-config/_data/my.cnf.Note: The IP addresses of cluster nodes is located within the wsrep_cluster_address setting. Remove the addresses so that the setting looks similar to the following:
wsrep_cluster_address=gcomm://
- Restart the one node where the cluster configuration file was edited using
the following
command:
docker start <node_name>
- Once the first node has successfully started and services have restarted, restart the other nodes.
- On the initial node where the cluster configuration file was edited, add the
IP addresses of all cluster nodes. The wsrep_cluster_address setting
of the
/var/lib/docker/bolumes/mariadb-config/_data/my.cnf
file should look similar to the
following:
wsrep_cluster_address=gcomm://<node1_ip>,<node2_ip>,<node3_ip>
- Restart the last shutdown node.
Distributed DDNS Application Node
- Ensure that the ca_key.pem (CA Key) and ca_cert.pem (CA
Certificate) have read permissions set for all users using the following
command:
chmod a+r ca_key.pem chmod a+r ca_cert.pem
- Copy the ca_cert.pemand ca_key.pem files to the host machine
running the Distributed DDNS Application Node component using the following
command:
docker cp ca_key.pem <docker-container-name>:/portal/bluecat_portal/app/certificates/ docker cp ca_cert.pem <docker-container-name>:/portal/bluecat_portal/app/certificates/
- On the BDDS running the Distributed DDNS Application Node, log in to the
container and run the following commands to create custom
certificates:
docker exec -it <container-name> bash python3 /opt/bluecat/common/generate_certificates/gen_cert.py /portal/bluecat_portal/app/certificates/ /portal/bluecat_portal/app/certificates/ workflow_key.pem workflow_cert.pem
- Verify that the custom certificate has been successfully created by checking the /var/log/gen_ssl.log file.
- Restart the container using the following
command:
docker restart <container_name>
Distributed DDNS Service Node
- Ensure that the ca_key.pem (CA Key) and ca_cert.pem (CA
Certificate) have read permissions set for all users using the following
command:
chmod a+r ca_key.pem chmod a+r ca_cert.pem
- Copy the ca_cert.pemand ca_key.pem files to each BDDS running
the Distributed DDNS Data Node component using the following
command:
docker cp ca_key.pem <docker-container-name>:/etc/ddns_ssl/ca docker cp ca_cert.pem <docker-container-name>:/etc/ddns_ssl/ca
- On the BDDS running the Distributed DDNS Application Node, log in to the
container and run the following commands to create custom
certificates:
docker exec -it <container-name> bash python3 /opt/bluecat/common/generate_certificates/gen_cert.py /etc/ddns_ssl/ca/ /etc/ddns_ssl/app_cs/ api_server_key.pem api_server_cert.pem
- Verify that the custom certificate has been successfully created by checking the /var/log/gen_ssl.log file.
- Restart the container using the following
command:
docker restart <container_name>