How do I update certificate in cloud config?


#1

I’ve successfully deployed rancher on rancheros and included the certificate for my private registry as described in the documentation. e.g.

#cloud-config
write_files:

  • path: /etc/docker/certs.d/myregistrydomain.com:5000/ca.crt
    permissions: “0644”
    owner: root
    content: |
    -----BEGIN CERTIFICATE-----
    MIIDJjCCAg4CCQDLCSjwGXM72TANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJB

    vloANkUoc1pvzvxKoz2HIHUKf+xFT50xppx6wsQZ01pNMSNF0qgc1vvH
    -----END CERTIFICATE-----

The questions is how do i update the certificate when it expires and needs replacing? I tried replacing the file in /etc/docker.d/certs/… but when i reboot the node the cloud config just rights the old one back again.

Maybe its possible to do it with ros config set but i can’t figure out the syntax i’d use.


#2

Because the certificate is a multiline value its going to be tricky do with ros config set but I worked out a way to do it with merge so for the benefit of others…

sudo ros config get write_files > writefiles.yml

That will dump out the write files section from your live cloud config.

Use an editor to add in the “write_files:” line at the top that it will need later. Edit the certificate section with your new certificate values.

Now just do

sudo ros config merge -i writefiles.yml

Reboot and verify that the new value is being applied. Now to script that for all the other nodes.