This article describes how to generate test SSL certificates suitable for a lab installation of a Cloudify Manager Distributed Cluster.
- 3 VMs for database nodes and their public and private IPs
- 3 VMs for RabbitMQ nodes and their public and private IPs
- At least 2 VMs for Manager nodes and their public and private IPs
- 1 VM for HA proxy
- SSH access to all nodes
1. First, ensure the Cloudify Manager RPM is installed on one manager node:
- Download the Cloudify Manager RPM file.
- Copy the RPM file to your target host.
- From the terminal of your target host, run:
sudo yum install <RPM file path>
2. Create certificates for each node:
cfy_manager generate-test-cert -s PRIVATE-IP,PUBLIC-IP
- The application generates a (non-authoritative) CA used to sign all certificates
- The certificates, keys and CA will be found in ~/.cloudify-test-ca/
- The certificates will be named according to the first IP in the generate-test-cert command
3. Copy the certificate, key, and CA for each VM:
scp -i ~/.ssh/id_rsa ~/.cloudify-test-ca/PRIVATE-IP.crt ~/.cloudify-test-ca/PRIVATE-IP.key ~/.cloudify-test-ca/ca.crt centos@PRIVATE-IP:.
Each node only needs its own certificate and key. The CA will be the same for all nodes and it should be copied to all nodes. The certificate, key, and CA will be used in the configuration of each cluster node.