From bf6976e31311624863fcb66559c2e7fb7c84d388 Mon Sep 17 00:00:00 2001
From: Arvinth C <54614142+ArvinthC3000@users.noreply.github.com>
Date: Fri, 27 Oct 2023 20:02:45 +0530
Subject: [PATCH] [Doc]Adding note for PG cert-rotate on node level (#8283)

* Adding note for PG cert-rotate on node level

Signed-off-by: Arvinth C <arvinth.chandrasekaran@progress.com>

* Adding note for PG cert-rotate on node level

Signed-off-by: Arvinth C <arvinth.chandrasekaran@progress.com>

* Adding note for PG cert-rotate on node level

Signed-off-by: Arvinth C <arvinth.chandrasekaran@progress.com>

* dummy commit

Signed-off-by: punitmundra <pmundra@progress.com>

---------

Signed-off-by: Arvinth C <arvinth.chandrasekaran@progress.com>
Signed-off-by: punitmundra <pmundra@progress.com>
Co-authored-by: punitmundra <pmundra@progress.com>
---
 .../automate-deployment/habitat/plan.sh       |  1 -
 .../content/automate/ha_cert_rotation.md      | 51 +++++++++++++------
 2 files changed, 35 insertions(+), 17 deletions(-)

diff --git a/components/automate-deployment/habitat/plan.sh b/components/automate-deployment/habitat/plan.sh
index 5636e419e1f..6d9e0d11b01 100644
--- a/components/automate-deployment/habitat/plan.sh
+++ b/components/automate-deployment/habitat/plan.sh
@@ -34,7 +34,6 @@ pkg_deps=(
   core/postgresql13-client
 )
 
-
 pkg_bin_dirs=(bin)
 pkg_exports=(
   [port]=service.port
diff --git a/components/docs-chef-io/content/automate/ha_cert_rotation.md b/components/docs-chef-io/content/automate/ha_cert_rotation.md
index db7d8d73250..42a56844faa 100644
--- a/components/docs-chef-io/content/automate/ha_cert_rotation.md
+++ b/components/docs-chef-io/content/automate/ha_cert_rotation.md
@@ -41,27 +41,35 @@ If you want to rotate certificates of the entire cluster, then you can follow th
 
 - To rotate certificates of automate cluster:
 
-`chef-automate cert-rotate --public-cert <path of public certificate of automate node> --private-cert <path of private certificate of automate node> --a2`
+    ```cmd 
+    chef-automate cert-rotate --public-cert <path of public certificate of automate node> --private-cert <path of private certificate of automate node> --a2
+    ```
 
-You can also use `--automate` or `-a` instead of a2 flag
+    You can also use `--automate` or `-a` instead of a2 flag
 
 - To rotate certificates of chef server cluster:
 
-`chef-automate cert-rotate --public-cert <path of public certificate> --private-cert <path of private certificate> --cs`
+    ```cmd
+    chef-automate cert-rotate --public-cert <path of public certificate> --private-cert <path of private certificate> --cs
+    ```
 
-You can also use `--chef_server`or `-c` instead of the cs flag.
+    You can also use `--chef_server`or `-c` instead of the cs flag.
 
 - To rotate certificates of the PostgreSQL cluster:
 
-`chef-automate cert-rotate --public-cert <path of public certificate> --private-cert <path of private certificate> --root-ca <path of root certificate> --pg`
+    ```cmd
+    chef-automate cert-rotate --public-cert <path of public certificate> --private-cert <path of private certificate> --root-ca <path of root certificate> --pg
+    ```
 
-You can also use `--postgresql` or `-p` instead of the pg flag.
+    You can also use `--postgresql` or `-p` instead of the pg flag.
 
 - To rotate certificates of OpenSearch cluster:
 
-`chef-automate cert-rotate --public-cert <path of public certificate> --private-cert <path of private certificate> --root-ca <path of root certificate> --admin-cert <path of admin certificate> --admin-key <path of admin key> --os`
+    ```cmd
+    chef-automate cert-rotate --public-cert <path of public certificate> --private-cert <path of private certificate> --root-ca <path of root certificate> --admin-cert <path of admin certificate> --admin-key <path of admin key> --os
+    ```
 
-You can also use `--opensearch` or `-o` instead of the os flag.
+    You can also use `--opensearch` or `-o` instead of the os flag.
 
 ### Rotate Certificates of Particular Node
 
@@ -71,27 +79,38 @@ If you want to rotate certificates of a particular node, then you can follow the
 
 - To rotate the certificates of particular automate node:
 
-`chef-automate cert-rotate --public-cert <path of public certificate> --private-cert <path of private certificate> --a2 --node <IP of a particular automate node>`
+    ```cmd
+    chef-automate cert-rotate --public-cert <path of public certificate> --private-cert <path of private certificate> --a2 --node <IP of a particular automate node>
+    ```
 
-You can also use `--automate` or `-a` instead of a2 flag
+    You can also use `--automate` or `-a` instead of a2 flag
 
 - To rotate the certificates of particular chef server node:
 
-`chef-automate cert-rotate --public-cert <path of public certificate> --private-cert <path of private certificate> --cs --node <IP of a particular chef server node>`
+    ```cmd
+    chef-automate cert-rotate --public-cert <path of public certificate> --private-cert <path of private certificate> --cs --node <IP of a particular chef server node>
+    ```
 
-You can also use `--chef_server` or `-c` instead of the cs flag.
+    You can also use `--chef_server` or `-c` instead of the cs flag.
 
 - To rotate the certificates of a particular PostgreSQL node:
 
-`chef-automate cert-rotate --public-cert <path of public certificate> --private-cert <path of private certificate> --pg --node <IP of a particular postgresql node>`
+    {{< note >}} While rotating cert for PG on node level, make sure to wait for sometime before executing cert-rotate for next node. {{< /note >}}
+
 
-You can also use `--postgresql` or `-p` instead of the pg flag.
+    ```cmd
+    chef-automate cert-rotate --public-cert <path of public certificate> --private-cert <path of private certificate> --pg --node <IP of a particular postgresql node>
+    ```
+
+    You can also use `--postgresql` or `-p` instead of the pg flag.
 
 - To rotate the certificates of a particular OpenSearch node:
 
-`chef-automate cert-rotate --public-cert <path of public certificate> --private-cert <path of private certificate> --os --node <IP of a particular opensearch node>`
+    ```cmd
+    chef-automate cert-rotate --public-cert <path of public certificate> --private-cert <path of private certificate> --os --node <IP of a particular opensearch node>
+    ```
 
-You can also use `--opensearch` or `-o` instead of the os flag
+    You can also use `--opensearch` or `-o` instead of the os flag
 
 {{< note >}} Since admin-cert and admin-key are common in all nodes, So if you want to rotate admin-cert and admin-key, you must first run this open search cluster command: 
 `chef-automate cert-rotate --public-cert <path of public certificate> --private-cert <path of private certificate> --root-ca <path of root certificate> --admin-cert <path of admin certificate> --admin-key <path of admin key> --os`{{< /note >}}