How do I update certificate in cloud config?

philosifer · December 10, 2018, 11:11am

I’ve successfully deployed rancher on rancheros and included the certificate for my private registry as described in the documentation. e.g.

#cloud-config
write_files:

path: /etc/docker/certs.d/myregistrydomain.com:5000/ca.crt
permissions: “0644”
owner: root
content: |
-----BEGIN CERTIFICATE-----
MIIDJjCCAg4CCQDLCSjwGXM72TANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJB
…
vloANkUoc1pvzvxKoz2HIHUKf+xFT50xppx6wsQZ01pNMSNF0qgc1vvH
-----END CERTIFICATE-----

The questions is how do i update the certificate when it expires and needs replacing? I tried replacing the file in /etc/docker.d/certs/… but when i reboot the node the cloud config just rights the old one back again.

Maybe its possible to do it with ros config set but i can’t figure out the syntax i’d use.

philosifer · December 11, 2018, 9:21am

Because the certificate is a multiline value its going to be tricky do with ros config set but I worked out a way to do it with merge so for the benefit of others…

sudo ros config get write_files > writefiles.yml

That will dump out the write files section from your live cloud config.

Use an editor to add in the “write_files:” line at the top that it will need later. Edit the certificate section with your new certificate values.

Now just do

sudo ros config merge -i writefiles.yml

Reboot and verify that the new value is being applied. Now to script that for all the other nodes.

Topic		Replies	Views
Update cloud-config RancherOS	0	1329	March 5, 2020
rancherOS cloud-config.yml root CA	6	5728	March 17, 2023
Private Repository RancherOS	2	1471	August 3, 2016
RancherOS v1.0.1 - install process ignores the cloud-config.yml file RancherOS	6	2263	May 10, 2017
Cloud-config auto join rancher and hostname RancherOS	1	1594	May 25, 2018

How do I update certificate in cloud config?

Related Topics