kosmos/chef
kosmos/chef
8
3
Fork 0
Code Issues 30 Pull Requests 3 Projects 2 Activity

Remove deploying the root cert to clients from the README

Browse Source 
We do not want to verify the root cert so this is not needed
This commit is contained in:
Greg Karékinian 2020-05-14 13:14:42 +02:00
parent 124ee5e6f3
commit dd92d6cdb7
1 changed files with 0 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
site-cookbooks/kosmos-postgresql/README.md
View File

@ -55,20 +55,3 @@ The content of `server.crt`, `server.key` and `root.crt` an stored in the
`postgresql` encrypted data bag. The root key is stored in LastPass
("Self-signed TLS root certificate"). `server.crt` & `server.key` are used by
the PostgreSQL server.
The root certificate needs to be deployed to clients so they verify the cert
can be trusted.
For example:
```ruby
postgresql_data_bag_item = data_bag_item('credentials', 'postgresql')
root_cert_path = "/etc/ssl/certs/root.kosmos.org.crt"
file root_cert_path do
content postgresql_data_bag_item['ssl_root_cert']
mode "0644"
end
```
`/etc/ssl/certs/root.kosmos.org.crt` can be used as the CA root cert path in
the client's configuration