[pve-devel] applied: [PATCH docs] cert-management: mention symlinks in /etc/pve
Thomas Lamprecht
t.lamprecht at proxmox.com
Fri Jan 24 09:55:18 CET 2020
On 1/23/20 6:07 PM, Stoiko Ivanov wrote:
> The warning to not replace the cluster-certificates in '/etc/pve/local' can
> be misleading and let users think that '/etc/pve/nodes/NODENAME/pve-ssl.pem'
> (and .key) are the files they should replace with a LE/externally signed
> certificate.
>
> Explicitly mentioning that '/etc/pve/local' is a symlink to
> '/etc/pve/nodes/NODENAME' should make the warning more clear.
>
> Signed-off-by: Stoiko Ivanov <s.ivanov at proxmox.com>
> ---
> reported in:
> https://forum.proxmox.com/threads/setting-up-cluster-and-certificates-which-order.63955/
>
> I tried explicitly naming both paths for both files, but the result seemed more
> cluttered than explicitly saying that the directories are linked.
>
> certificate-management.adoc | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/certificate-management.adoc b/certificate-management.adoc
> index 81660b2..ff1ca49 100644
> --- a/certificate-management.adoc
> +++ b/certificate-management.adoc
> @@ -41,6 +41,8 @@ WARNING: Do not replace or manually modify the automatically generated node
> certificate files in `/etc/pve/local/pve-ssl.pem` and
> `/etc/pve/local/pve-ssl.key` or the cluster CA files in
> `/etc/pve/pve-root-ca.pem` and `/etc/pve/priv/pve-root-ca.key`.
> +Also keep in mind that `/etc/pve/local` is a symlink to
> +`/etc/pve/nodes/NODENAME`.
>
> Getting trusted certificates via ACME
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
applied, thanks! Moved the sentence to it's own hint a bit higher up to make it
stand more out, though.
More information about the pve-devel
mailing list