Commit 2abb9b8a authored by Helga Velroyen's avatar Helga Velroyen

man: mention changes in renew-crypto

This updates the gnt-cluster man page wrt to the changes
about server and client certificates and how they affect
the operation 'gnt-cluster renew-crypto'.
Signed-off-by: default avatarHelga Velroyen <helgav@google.com>
Reviewed-by: default avatarKlaus Aehlig <aehlig@google.com>
parent fba13a09
......@@ -850,14 +850,20 @@ RENEW-CRYPTO
This command will stop all Ganeti daemons in the cluster and start
them again once the new certificates and keys are replicated. The
options ``--new-cluster-certificate`` and ``--new-confd-hmac-key``
can be used to regenerate respectively the cluster-internal SSL
certificate and the HMAC key used by **ganeti-confd**\(8).
The option ``--new-node-certificates`` will generate new node SSL
certificates for all nodes. Note that the regeneration of the node
certificates takes place after the other certificates are created
and distributed and the ganeti daemons are restarted again.
option ``--new-confd-hmac-key`` can be used to regenerate
the HMAC key used by **ganeti-confd**\(8).
The option ``--new-cluster-certificate`` will regenerate the
cluster-internal server SSL certificate. The option
``--new-node-certificates`` will generate new node SSL
certificates for all nodes. Note that for the regeneration of
of the server SSL certficate will invoke a regeneration of the
node certificates as well, because node certificates are signed
by the server certificate and thus have to be recreated and
signed by the new server certificate. Nodes which are offline
during a renewal of the server or the node certificates are not
accessible anymore once they are marked as online again. To
fix this, please readd the node instead.
To generate a new self-signed RAPI certificate (used by
**ganeti-rapi**\(8)) specify ``--new-rapi-certificate``. If you want to
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment