Hello,
I already have a cluster set-up and running with 7 nodes and about 200 virtual computers (some VMs and some LXC) they are all part of our company development platform. it is a good environment for testing things…
The problem we have is that we install services on each one of the virtual computer and they require TLS certificates. Most of the time, the certificates are the same for a group of servers because they fall down into a wildcard certificate for a domain.
The problem comes when we need to renew the certificate. We have to go one by one to all the computers and update two files (certificate and privaste key) and we are looking for best practices in reducing the burden of doing that manual tasks.
One of them would be to have an NFS share where we put the two files and configure access so all computers mount that share but I don’t know if that will work at all
Are there any other options?
Thanks in advance
Ignacio
I already have a cluster set-up and running with 7 nodes and about 200 virtual computers (some VMs and some LXC) they are all part of our company development platform. it is a good environment for testing things…
The problem we have is that we install services on each one of the virtual computer and they require TLS certificates. Most of the time, the certificates are the same for a group of servers because they fall down into a wildcard certificate for a domain.
The problem comes when we need to renew the certificate. We have to go one by one to all the computers and update two files (certificate and privaste key) and we are looking for best practices in reducing the burden of doing that manual tasks.
One of them would be to have an NFS share where we put the two files and configure access so all computers mount that share but I don’t know if that will work at all
Are there any other options?
Thanks in advance
Ignacio
Last edited:
