Clarify that the certificate guide should be used

The quick start guide was pointing users to the old create_certificate.sh script. This patch clarifies that the "Octavia Certificate Configuration Guide" should be used when configurting certificates for the Octavia controllers. It also adds a warning to the create_certificate.sh script. Change-Id: I7a87430be5a1553ff760e31c26ca52090399d00a
2019-05-31 09:11:08 -07:00 · 2019-05-31 09:11:08 -07:00 · d3c3f148f4
commit d3c3f148f4
parent 21a54d6b78
2 changed files with 14 additions and 3 deletions
--- a/bin/create_certificates.sh
+++ b/bin/create_certificates.sh
@ -1,5 +1,11 @@
 #!/bin/bash

+# NOTE: This script should not be used for creating certificates in a
+# deployment. It is only used for some testing jobs.
+# Please follow the Octavia Certificate Configuration Guide when setting
+# up a deployment. See:
+# https://docs.openstack.org/octavia/latest/admin/guides/certificates.html
+
 # USAGE: <certificate directory> <openssl.cnf (example in etc/certificate)
 #Those are certificates for testing will be generated
 #
@ -36,6 +42,11 @@ CERT_DIR=$1
 OPEN_SSL_CONF=$2 # etc/certificates/openssl.cnf
 VALIDITY_DAYS=${3:-18250} # defaults to 50 years

+echo "!!!!!!!!!!!!!!!Do not use this script for deployments!!!!!!!!!!!!!"
+echo "Please use the Octavia Certificate Configuration guide:"
+echo "https://docs.openstack.org/octavia/latest/admin/guides/certificates.html"
+echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
+
 echo $CERT_DIR


--- a/doc/source/contributor/guides/dev-quick-start.rst
+++ b/doc/source/contributor/guides/dev-quick-start.rst
@ -261,10 +261,10 @@ amphorae: The amphora REST API. Both amphora API and Octavia controller do
 bi-directional certificate-based authentication in order to authenticate and
 encrypt communication. You must therefore create appropriate TLS certificates
 which will be used for key signing, authentication, and encryption. There is a
-helper script to do this in this repository under:
-``bin/create_certificates.sh``
+detailed :doc:`../../admin/guides/certificates` to guide you through this
+process.

-Please note that certificates created with this helper script may not meet your
+Please note that certificates created with this guide may not meet your
 organization's security policies, since they are self-signed certificates with
 arbitrary bit lengths, expiration dates, etc.  Operators should obviously
 follow their own security guidelines in creating these certificates.