Merge "Clarify that the certificate guide should be used"

bin/create_certificates.sh

@@ -1,5 +1,11 @@
 #!/bin/bash
 
+# NOTE: This script should not be used for creating certificates in a
+# deployment. It is only used for some testing jobs.
+# Please follow the Octavia Certificate Configuration Guide when setting
+# up a deployment. See:
+# https://docs.openstack.org/octavia/latest/admin/guides/certificates.html
+
 # USAGE: <certificate directory> <openssl.cnf (example in etc/certificate)
 #Those are certificates for testing will be generated
 #
@@ -36,6 +42,11 @@ CERT_DIR=$1
 OPEN_SSL_CONF=$2 # etc/certificates/openssl.cnf
 VALIDITY_DAYS=${3:-18250} # defaults to 50 years
 
+echo "!!!!!!!!!!!!!!!Do not use this script for deployments!!!!!!!!!!!!!"
+echo "Please use the Octavia Certificate Configuration guide:"
+echo "https://docs.openstack.org/octavia/latest/admin/guides/certificates.html"
+echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
+
 echo $CERT_DIR
 
 

doc/source/contributor/guides/dev-quick-start.rst

@@ -261,10 +261,10 @@ amphorae: The amphora REST API. Both amphora API and Octavia controller do
 bi-directional certificate-based authentication in order to authenticate and
 encrypt communication. You must therefore create appropriate TLS certificates
 which will be used for key signing, authentication, and encryption. There is a
-helper script to do this in this repository under:
-``bin/create_certificates.sh``
+detailed :doc:`../../admin/guides/certificates` to guide you through this
+process.
 
-Please note that certificates created with this helper script may not meet your
+Please note that certificates created with this guide may not meet your
 organization's security policies, since they are self-signed certificates with
 arbitrary bit lengths, expiration dates, etc.  Operators should obviously
 follow their own security guidelines in creating these certificates.