xCAT/xcat-core
2
0
Fork 0
mirror of https://github.com/xcat2/xcat-core.git synced 2025-05-21 19:22:05 +00:00
Code Issues Releases Wiki Activity

Remove trailing spaces in file docs/source/advanced/security/certs.rst

Browse Source
This commit is contained in:
GONG Jie 2017-12-31 23:59:59 +00:00
parent afbae5dd91
commit edf5f37751
1 changed files with 17 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
docs/source/advanced/security/certs.rst
View File

@ -10,47 +10,47 @@ The xCAT daemon on the management node and service node listens on a SSL socket
xCAT creates 1 CA certificate and 2 credentials (private key and certificate pairs):
1. xCAT CA certificate(ca.pem):
1. xCAT CA certificate(ca.pem):
* a self-signed certificate used as Certificate Authority in xcatd SSL communication;
* generated by ``/opt/xcat/share/xcat/scripts/setup-xcat-ca.sh`` script on xCAT installation;
* generated by ``/opt/xcat/share/xcat/scripts/setup-xcat-ca.sh`` script on xCAT installation;
* will be generated (or updated) on xCAT management node when:
* install or update xCAT when "/etc/xcat/ca" directory does not exist
* or run ``xcatconfig -f|--force``
* install or update xCAT when "/etc/xcat/ca" directory does not exist
* or run ``xcatconfig -f|--force``
* or run ``xcatconfig -c|--credentials``
* files on management node:
* files on management node:
* ``/etc/xcat/ca/ca-cert.pem``
* ``/etc/xcat/cert/ca.pem`` ,copied by ``/opt/xcat/share/xcat/scripts/setup-server-cert.sh``
* ``/root/.xcat/ca.pem`` ,copied by ``/opt/xcat/share/xcat/scripts/setup-local-client.sh``
* file on service node: ``/root/.xcat/ca.pem``
* distribution path:
* distribution path:
**/etc/xcat/cert/ca.pem (MN)** ===(run ``xcatconfig`` command)===> **/install/postscripts/_xcat/ca.pem (MN)** ===(node provision/updatenode)==> **/xcatpost/_xcat/ca.pem (SN and CN)** ==(run "servicenode" postscript)==> **/root/.xcat/ca.pem (SN)**
2. xCAT server credential(server-cred.pem):
2. xCAT server credential(server-cred.pem):
* a concatenation of server private key and certificate(signed with xCAT CA certificate)
* generated by ``/opt/xcat/share/xcat/scripts/setup-server-cert.sh`` on xCAT installation;
* will be generated (or updated) on xCAT management node when:
* install or update xCAT when ``/etc/xcat/cert`` directory does not exist
* or run ``xcatconfig -f|--force``
* install or update xCAT when ``/etc/xcat/cert`` directory does not exist
* or run ``xcatconfig -f|--force``
* or run ``xcatconfig -c|--credentials``
* file on management node: ``/etc/xcat/cert/server-cred.pem``
* file on service node: ``/etc/xcat/cert/server-cred.pem``
* distribution path:
* file on service node: ``/etc/xcat/cert/server-cred.pem``
* distribution path:
**/etc/xcat/cert/server-cred.pem (MN)** ==(run ``xcatserver`` script called by ``servicenode`` postscript)===> **/etc/xcat/cert/server-cred.pem(SN)**
3. xCAT client credential(client-cred.pem):
* a concatenation of client private key and certificate (signed with xCAT CA certificate)
* generated by ``/opt/xcat/share/xcat/scripts/setup-local-client.sh`` on xCAT installation
* will be generated (or updated) on xCAT management node when:
* install or update xCAT when ``/root/.xcat/client-key.pem`` does not exist;
* or run ``xcatconfig -f|--force``
* will be generated (or updated) on xCAT management node when:
* install or update xCAT when ``/root/.xcat/client-key.pem`` does not exist;
* or run ``xcatconfig -f|--force``
* or run ``xcatconfig -c|--credentials``
* file on management node: ``/root/.xcat/client-cred.pem``
* file on service node: ``/root/.xcat/client-cred.pem``
* distribution path:
**/root/.xcat/client-cred.pem (MN)** ===(run ``xcatclient`` script called by ``servicenode`` postscript")===> **/root/.xcat/client-cred.pem(SN)**
* file on service node: ``/root/.xcat/client-cred.pem``
* distribution path:
**/root/.xcat/client-cred.pem (MN)** ===(run ``xcatclient`` script called by ``servicenode`` postscript")===> **/root/.xcat/client-cred.pem(SN)**
The usage of the credentials in the xCAT SSL communication is: