From 2e038a8ff053e085a3a5d8f91b87c2d3af781d17 Mon Sep 17 00:00:00 2001 From: Chef Expeditor Date: Tue, 31 Oct 2023 13:33:41 +0000 Subject: [PATCH] Bump Hugo module automate to latest current release (61e0a5d70b2cbc2dff06ccab5c1b69a1f38c62c5). This pull request was triggered automatically via Expeditor. This change falls under the obvious fix policy so no Developer Certificate of Origin (DCO) sign-off is required. --- .../content/automate/ha_cert_rotation.md | 51 +++++++++++++------ .../content/automate/ha_cert_selfsign.md | 8 ++- .../chef-automate_service-versions.yaml | 5 ++ .../commands/chef-automate_status.yaml | 5 ++ .../commands/chef-automate_version.yaml | 37 ++++++++++++-- _vendor/modules.txt | 2 +- go.mod | 2 +- go.sum | 4 +- 8 files changed, 89 insertions(+), 25 deletions(-) diff --git a/_vendor/github.com/chef/automate/components/docs-chef-io/content/automate/ha_cert_rotation.md b/_vendor/github.com/chef/automate/components/docs-chef-io/content/automate/ha_cert_rotation.md index db7d8d7325..42a56844fa 100644 --- a/_vendor/github.com/chef/automate/components/docs-chef-io/content/automate/ha_cert_rotation.md +++ b/_vendor/github.com/chef/automate/components/docs-chef-io/content/automate/ha_cert_rotation.md @@ -41,27 +41,35 @@ If you want to rotate certificates of the entire cluster, then you can follow th - To rotate certificates of automate cluster: -`chef-automate cert-rotate --public-cert --private-cert --a2` + ```cmd + chef-automate cert-rotate --public-cert --private-cert --a2 + ``` -You can also use `--automate` or `-a` instead of a2 flag + You can also use `--automate` or `-a` instead of a2 flag - To rotate certificates of chef server cluster: -`chef-automate cert-rotate --public-cert --private-cert --cs` + ```cmd + chef-automate cert-rotate --public-cert --private-cert --cs + ``` -You can also use `--chef_server`or `-c` instead of the cs flag. + You can also use `--chef_server`or `-c` instead of the cs flag. - To rotate certificates of the PostgreSQL cluster: -`chef-automate cert-rotate --public-cert --private-cert --root-ca --pg` + ```cmd + chef-automate cert-rotate --public-cert --private-cert --root-ca --pg + ``` -You can also use `--postgresql` or `-p` instead of the pg flag. + You can also use `--postgresql` or `-p` instead of the pg flag. - To rotate certificates of OpenSearch cluster: -`chef-automate cert-rotate --public-cert --private-cert --root-ca --admin-cert --admin-key --os` + ```cmd + chef-automate cert-rotate --public-cert --private-cert --root-ca --admin-cert --admin-key --os + ``` -You can also use `--opensearch` or `-o` instead of the os flag. + You can also use `--opensearch` or `-o` instead of the os flag. ### Rotate Certificates of Particular Node @@ -71,27 +79,38 @@ If you want to rotate certificates of a particular node, then you can follow the - To rotate the certificates of particular automate node: -`chef-automate cert-rotate --public-cert --private-cert --a2 --node ` + ```cmd + chef-automate cert-rotate --public-cert --private-cert --a2 --node + ``` -You can also use `--automate` or `-a` instead of a2 flag + You can also use `--automate` or `-a` instead of a2 flag - To rotate the certificates of particular chef server node: -`chef-automate cert-rotate --public-cert --private-cert --cs --node ` + ```cmd + chef-automate cert-rotate --public-cert --private-cert --cs --node + ``` -You can also use `--chef_server` or `-c` instead of the cs flag. + You can also use `--chef_server` or `-c` instead of the cs flag. - To rotate the certificates of a particular PostgreSQL node: -`chef-automate cert-rotate --public-cert --private-cert --pg --node ` + {{< note >}} While rotating cert for PG on node level, make sure to wait for sometime before executing cert-rotate for next node. {{< /note >}} + -You can also use `--postgresql` or `-p` instead of the pg flag. + ```cmd + chef-automate cert-rotate --public-cert --private-cert --pg --node + ``` + + You can also use `--postgresql` or `-p` instead of the pg flag. - To rotate the certificates of a particular OpenSearch node: -`chef-automate cert-rotate --public-cert --private-cert --os --node ` + ```cmd + chef-automate cert-rotate --public-cert --private-cert --os --node + ``` -You can also use `--opensearch` or `-o` instead of the os flag + You can also use `--opensearch` or `-o` instead of the os flag {{< note >}} Since admin-cert and admin-key are common in all nodes, So if you want to rotate admin-cert and admin-key, you must first run this open search cluster command: `chef-automate cert-rotate --public-cert --private-cert --root-ca --admin-cert --admin-key --os`{{< /note >}} diff --git a/_vendor/github.com/chef/automate/components/docs-chef-io/content/automate/ha_cert_selfsign.md b/_vendor/github.com/chef/automate/components/docs-chef-io/content/automate/ha_cert_selfsign.md index bbb7054d9a..c6a86a8961 100644 --- a/_vendor/github.com/chef/automate/components/docs-chef-io/content/automate/ha_cert_selfsign.md +++ b/_vendor/github.com/chef/automate/components/docs-chef-io/content/automate/ha_cert_selfsign.md @@ -51,7 +51,7 @@ You can create a self-signed key and certificate pair with the **OpenSSL** utili echo extendedKeyUsage = clientAuth, serverAuth > client_cert_ext.cnf echo subjectAltName = DNS:chefclient >> client_cert_ext.cnf openssl genrsa -out root-ca-key.pem 2048 - openssl req -new -x509 -sha256 -key root-ca-key.pem -subj "/C=US/ST=Washington/L=Seattle/O=Chef Software Inc/CN=progress" -out root-ca.pem -days 1095 + openssl req -new -x509 -sha256 -key root-ca-key.pem -subj "/C=US/ST=Washington/L=Seattle/O=Chef Software Inc/CN=progress" -out root-ca.pem -days 1095 -addext basicConstraints=CA:TRUE # Admin cert openssl genrsa -out admin-key-temp.pem 2048 @@ -82,6 +82,12 @@ You can create a self-signed key and certificate pair with the **OpenSSL** utili {{< note >}} +To create self-signed certificate for FQDN make sure to provide proper DNS and CN value. The DNS in Subject Alternative Name should match with the CN (Comman Name) + +{{< /note >}} + +{{< note >}} + Please refer Opensearch certificate [documentation](https://opensearch.org/docs/1.2/security-plugin/configuration/tls/#x509-pem-certificates-and-pkcs-8-keys) {{< /note >}} \ No newline at end of file diff --git a/_vendor/github.com/chef/automate/components/docs-chef-io/data/automate/cli_chef_automate/commands/chef-automate_service-versions.yaml b/_vendor/github.com/chef/automate/components/docs-chef-io/data/automate/cli_chef_automate/commands/chef-automate_service-versions.yaml index f5c1b74179..6b94cc8cab 100644 --- a/_vendor/github.com/chef/automate/components/docs-chef-io/data/automate/cli_chef_automate/commands/chef-automate_service-versions.yaml +++ b/_vendor/github.com/chef/automate/components/docs-chef-io/data/automate/cli_chef_automate/commands/chef-automate_service-versions.yaml @@ -9,6 +9,11 @@ options: default_value: "false" usage: Shows service-versions for Automate nodes[DUPLICATE] compatible_with_options: AutomateHA +- name: accept-hab-license + default_value: "false" + usage: | + Pass this flag to accept hab license for PostgresQL/OpenSearch nodes and check service-versions + compatible_with_options: AutomateHA - name: automate shorthand: a default_value: "false" diff --git a/_vendor/github.com/chef/automate/components/docs-chef-io/data/automate/cli_chef_automate/commands/chef-automate_status.yaml b/_vendor/github.com/chef/automate/components/docs-chef-io/data/automate/cli_chef_automate/commands/chef-automate_status.yaml index 4f692d8280..8101027932 100644 --- a/_vendor/github.com/chef/automate/components/docs-chef-io/data/automate/cli_chef_automate/commands/chef-automate_status.yaml +++ b/_vendor/github.com/chef/automate/components/docs-chef-io/data/automate/cli_chef_automate/commands/chef-automate_status.yaml @@ -8,6 +8,11 @@ options: default_value: "false" usage: Shows status from Automate nodes[DUPLICATE] compatible_with_options: AutomateHA +- name: accept-hab-license + default_value: "false" + usage: | + Pass this flag to accept hab license for PostgresQL/OpenSearch nodes and show status + compatible_with_options: AutomateHA - name: automate shorthand: a default_value: "false" diff --git a/_vendor/github.com/chef/automate/components/docs-chef-io/data/automate/cli_chef_automate/commands/chef-automate_version.yaml b/_vendor/github.com/chef/automate/components/docs-chef-io/data/automate/cli_chef_automate/commands/chef-automate_version.yaml index 7cc302a772..18645134c1 100644 --- a/_vendor/github.com/chef/automate/components/docs-chef-io/data/automate/cli_chef_automate/commands/chef-automate_version.yaml +++ b/_vendor/github.com/chef/automate/components/docs-chef-io/data/automate/cli_chef_automate/commands/chef-automate_version.yaml @@ -5,10 +5,27 @@ description: Show the CLI version. options: - name: a2 default_value: "false" - usage: Get only automate Status + usage: Shows the versions of Automate node(HA)[DUPLICATE] + compatible_with_options: AutomateHA +- name: automate + shorthand: a + default_value: "false" + usage: Shows the versions of Automate node(HA) + compatible_with_options: AutomateHA +- name: bastion + shorthand: b + default_value: "false" + usage: Shows the versions of bastion node(HA) + compatible_with_options: AutomateHA +- name: chef_server + shorthand: c + default_value: "false" + usage: Shows the versions of Chef-server node(HA) + compatible_with_options: AutomateHA - name: cs default_value: "false" - usage: Get only chef server Status + usage: Shows the versions of Chef-server node(HA)[DUPLICATE] + compatible_with_options: AutomateHA - name: help shorthand: h default_value: "false" @@ -17,12 +34,24 @@ options: usage: | Node Ip address. While using this flag, pass the node type as well. Example : chef-automate version --node 192.0.0.1 --cs compatible_with_options: AutomateHA +- name: opensearch + shorthand: o + default_value: "false" + usage: Shows the versions of OpenSearch node + compatible_with_options: AutomateHA - name: os default_value: "false" - usage: Get only opensearch Status + usage: Shows the versions of OpenSearch node[DUPLICATE] + compatible_with_options: AutomateHA - name: pg default_value: "false" - usage: Get only postgresql Status + usage: Shows the versions of PostgresQL node[DUPLICATE] + compatible_with_options: AutomateHA +- name: postgresql + shorthand: p + default_value: "false" + usage: Shows the versions of PostgresQL node + compatible_with_options: AutomateHA - name: verbose shorthand: v default_value: "false" diff --git a/_vendor/modules.txt b/_vendor/modules.txt index 9fe69831be..6c746e578e 100644 --- a/_vendor/modules.txt +++ b/_vendor/modules.txt @@ -1,4 +1,4 @@ -# github.com/chef/automate/components/docs-chef-io v0.0.0-20230925114325-98981657948f +# github.com/chef/automate/components/docs-chef-io v0.0.0-20231027151655-61e0a5d70b2c # github.com/chef/desktop-config/docs-chef-io v0.0.0-20230711052355-bad26ce3ac0b # github.com/habitat-sh/habitat/components/docs-chef-io v0.0.0-20230808222519-d0c20bbe8c45 # github.com/chef/chef-server/docs-chef-io v0.0.0-20230929110551-e5bebd3e433d diff --git a/go.mod b/go.mod index 41895de5c4..73c690991b 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,7 @@ module github.com/chef/chef-web-docs go 1.16 require ( - github.com/chef/automate/components/docs-chef-io v0.0.0-20230925114325-98981657948f // indirect + github.com/chef/automate/components/docs-chef-io v0.0.0-20231027151655-61e0a5d70b2c // indirect github.com/chef/chef-server/docs-chef-io v0.0.0-20230929110551-e5bebd3e433d // indirect github.com/chef/chef-workstation/docs-chef-io v0.0.0-20230906065503-8f1a978813f8 // indirect github.com/chef/compliance-profiles/docs-chef-io v0.0.0-20230904102656-f8fff0821d49 // indirect diff --git a/go.sum b/go.sum index 4435d97973..e301af69bc 100644 --- a/go.sum +++ b/go.sum @@ -1,8 +1,8 @@ cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= -github.com/chef/automate/components/docs-chef-io v0.0.0-20230925114325-98981657948f h1:ar9pU9Wc5Z0h6f+KaznmxgTHXP24iArbAZv9jTYQZLw= -github.com/chef/automate/components/docs-chef-io v0.0.0-20230925114325-98981657948f/go.mod h1:juvLC7Rt33YOCgJ5nnfl4rWZRAbSwqjTbWmcAoA0LtU= +github.com/chef/automate/components/docs-chef-io v0.0.0-20231027151655-61e0a5d70b2c h1:qp3KGGBgifLcQFbci1bzNDNI8qoIwVLvRCuvSfzuCPI= +github.com/chef/automate/components/docs-chef-io v0.0.0-20231027151655-61e0a5d70b2c/go.mod h1:juvLC7Rt33YOCgJ5nnfl4rWZRAbSwqjTbWmcAoA0LtU= github.com/chef/chef-server/docs-chef-io v0.0.0-20230929110551-e5bebd3e433d h1:e9VRN2RQee3ali2dcqvkIhSf1UaL8vFNg70Hs1ZnBWE= github.com/chef/chef-server/docs-chef-io v0.0.0-20230929110551-e5bebd3e433d/go.mod h1:gMSa25GUHmLimA0gjvRd3hs1buOBqkKPrdHzHvaJauY= github.com/chef/chef-workstation/docs-chef-io v0.0.0-20230906065503-8f1a978813f8 h1:rMpqWWnaV+fzB5Qk+8sNdbMgBarjPmCGSF623V5SOqc=