Add info to indicate that only certificates with RSA keys are supported
closes-bug: 2086733 Change-Id: I1f1719e213d70e5a30abdd40c63388f0e4379fac Signed-off-by: Suzana Fernandes <Suzana.Fernandes@windriver.com>
This commit is contained in:
parent
df5f959cf3
commit
3150cbaf6f
@ -476,4 +476,7 @@ Platform Issuer (system-local-ca)
|
||||
subclouds, but the leaf certificates can still be configured with the
|
||||
override ``system_platform_certificate`` in separate ways.
|
||||
|
||||
The data provided through ``system_local_ca_key`` has to contain a RSA
|
||||
private key, in unencrypted |PEM| format.
|
||||
|
||||
.. include:: /_myincludes/migrate-platform-certificates-to-use-cert-manager-c0b1727e4e5d.rest
|
@ -105,6 +105,14 @@ Follow the steps below to manually upgrade the system controller:
|
||||
Where ``<release-id>`` is ``starlingx-24.09.0`` for above software upload
|
||||
example, or it can be found out by running :command:`software list`.
|
||||
|
||||
The platform issuer (system-local-ca) is required to have an RSA
|
||||
certificate/private key pair before upgrading. If ``system-local-ca`` was
|
||||
configured with a different type of certificate/private key, the upgrade
|
||||
pre check will fail with an informative message. In this case, the
|
||||
:ref:`migrate-platform-certificates-to-use-cert-manager-c0b1727e4e5d` procedure
|
||||
needs to be executed to reconfigure ``system-local-ca`` with the RSA
|
||||
certificate/private key targeting the ``SystemController`` and all subclouds.
|
||||
|
||||
By default, the upgrade process cannot run and is not recommended to run
|
||||
with active alarms present. It is strongly recommended that you clear your
|
||||
system of all alarms before doing an upgrade.
|
||||
|
@ -98,7 +98,7 @@ playbook are:
|
||||
using, on how to create an Intermediate |CA| public certificate and
|
||||
private key pair.
|
||||
|
||||
The 'system_local_ca_cert' override must provide either:
|
||||
The ``system_local_ca_cert`` override must provide either:
|
||||
|
||||
- A single certificate, directly signed by the Root |CA|; or
|
||||
|
||||
@ -109,11 +109,16 @@ playbook are:
|
||||
be included in this bundle.
|
||||
|
||||
The ``system_local_ca_key`` override must provide only the private
|
||||
key for ``system-local-ca``. Only RSA and |ECDSA| keys are supported.
|
||||
key for ``system-local-ca``. Only RSA is supported for the key, which
|
||||
must be provided in unencrypted |PEM| format.
|
||||
|
||||
The duration of the Intermediate |CA| public certificate should be at
|
||||
least 3 years. See *ica_duration* to modify this semantic check.
|
||||
|
||||
.. only:: partner
|
||||
|
||||
.. include:: /_includes/migrate-platform-certificates-to-use-cert-manager-c0b1727e4e5d.rest
|
||||
|
||||
.. warning::
|
||||
|
||||
The private key for ``system-local-ca`` should be handled carefully,
|
||||
|
@ -58,6 +58,12 @@ standard configuration.
|
||||
- The system should be patch current, that is, all the available patch
|
||||
releases for the current major release should be deployed.
|
||||
|
||||
- The platform issuer (system-local-ca) must be configured with an RSA
|
||||
certificate/private key. If ``system-local-ca`` was configured with a
|
||||
different type of certificate/private key, use the
|
||||
:ref:`migrate-platform-certificates-to-use-cert-manager-c0b1727e4e5d` procedure
|
||||
to reconfigure it with the RSA certificate/private key.
|
||||
|
||||
.. rubric:: |proc|
|
||||
|
||||
#. For a duplex (dual controller) system, switch the activity from
|
||||
|
@ -139,6 +139,12 @@ to control and monitor their progress manually.
|
||||
| <new-release-id> | True | available |
|
||||
+--------------------------+-------+-----------+
|
||||
|
||||
- For a major release deployment, the platform issuer (system-local-ca) must be
|
||||
configured beforehand with an RSA certificate/private key. If ``system-local-ca``
|
||||
was configured with a different type of certificate/private key, use the
|
||||
:ref:`migrate-platform-certificates-to-use-cert-manager-c0b1727e4e5d` procedure
|
||||
to reconfigure it with RSA certificate/private key.
|
||||
|
||||
.. rubric:: |proc|
|
||||
|
||||
#. Create a software deployment orchestration strategy for a specified software
|
||||
|
Loading…
Reference in New Issue
Block a user