From 1644d91d248cec352e24dbb86964aa602fada6ea Mon Sep 17 00:00:00 2001 From: Karl Cardenas Date: Tue, 11 Jun 2024 15:40:39 -0700 Subject: [PATCH 1/4] docs: DOC-1224 --- .../vmware-vsphere-airgap-instructions.md | 79 +++++++++++++++++-- 1 file changed, 72 insertions(+), 7 deletions(-) diff --git a/docs/docs-content/enterprise-version/install-palette/install-on-vmware/airgap-install/vmware-vsphere-airgap-instructions.md b/docs/docs-content/enterprise-version/install-palette/install-on-vmware/airgap-install/vmware-vsphere-airgap-instructions.md index a6c04c6395..df4bd7780a 100644 --- a/docs/docs-content/enterprise-version/install-palette/install-on-vmware/airgap-install/vmware-vsphere-airgap-instructions.md +++ b/docs/docs-content/enterprise-version/install-palette/install-on-vmware/airgap-install/vmware-vsphere-airgap-instructions.md @@ -237,23 +237,88 @@ The default container runtime for OVAs is [Podman](https://podman.io/), not Dock ``` 19. If you have custom SSL certificates you want to apply to the image and pack registry, and the Spectro Cloud - Repository, copy the custom SSL certificates, in base64 PEM format, to the airgap support VM. The custom - certificates must be placed in the **/opt/spectro/ssl** folder. Include the following files: + Repository, copy the custom SSL certificates, in base64 PEM format, to the airgap support VM. + + If you do not provide a custom SSL certificate, the airgap setup process will generate a self-signed certificate for + you. + + Select the tab below for detailed instructions on how to update the SSL certificates for the Pack Registry and the + Spectro Cloud Repository. + + + + + + :::warning + + Three items you need to keep in mind when providing custom SSL certificates: + + - The custom SSL certificates must be in base64 PEM format. If you have custom SSL certificates in a different + format, convert them to base64 PEM format before copying them to the support VM. The airgap setup process also + expects the files to be named **server.crt** and **server.key**. + + - The custom certificate's Fully Qualified Domain Name (FQDN) must match the hostname or IP address you provide for + the airgap support VM. Otherwise, the airgap setup process will fail due to a certificate mismatch. + + - The custom SSL certificates must have the following permissions bits set: + + - **server.crt**: 644 + - **server.key**: 600 + + ::: + + The custom certificates must be placed in the **/opt/spectro/ssl** folder. Include the following files: - **server.crt** - **server.key** - If you do not provide a custom SSL certificate, the airgap setup process will generate a self-signed certificate for - you. + You also need to update the permissions for the **/data/secret/cert/** directory. This folder is mounted to Harbor + during the airgap setup process and must have access to the custom SSL certificates. Use the following command to + ensure the permissions are set correctly. + + ```shell + chown -R 10000:10000 /data/secret/cert/* + ``` + + + + :::warning - The custom SSL certificates must be in base64 PEM format. If you have custom SSL certificates in a different format, - convert them to base64 PEM format before copying them to the support VM. The airgap setup process also expects the - files to be named **server.crt** and **server.key**. + Three items you need to keep in mind when providing custom SSL certificates: + + - The custom SSL certificates must be in base64 PEM format. If you have custom SSL certificates in a different + format, convert them to base64 PEM format before copying them to the support VM. The airgap setup process also + expects the files to be named **server.crt** and **server.key**. + + - The custom certificate's Fully Qualified Domain Name (FQDN) must match the hostname or IP address you provide for + the airgap support VM. Otherwise, the airgap setup process will fail due to a certificate mismatch. + + - The custom SSL certificates must have the following permissions bits set: + + - **server.crt**: 644 + - **server.key**: 600 ::: + The custom certificates must be placed in the **/opt/spectro/ssl** folder. Include the following files: + + - **server.crt** + - **server.key** + + Copy the custom SSL certificates to the **/usr/local/share/ca-certificates/** directory. Issue the following + commands to copy the custom SSL certificates to the directory. + + ```shell + cp /opt/spectro/ssl/server.crt /usr/local/share/ca-certificates/ && \ + update-ca-certificates + ``` + + + + + 20. Start the airgap initialization process by issuing the following command. The script requires the hostname or IP address of the airgap support VM. Choose the preferred method for your environment. Be aware that the script will generate a self-signed certificate for the value you provide. From a6a2b4ec25262dadc6238e6c440da2d0f1f4cca2 Mon Sep 17 00:00:00 2001 From: Karl Cardenas Date: Tue, 11 Jun 2024 15:43:40 -0700 Subject: [PATCH 2/4] docs: vertex steps --- .../vmware-vsphere-airgap-instructions.md | 79 +++++++++++++++++-- 1 file changed, 72 insertions(+), 7 deletions(-) diff --git a/docs/docs-content/vertex/install-palette-vertex/install-on-vmware/airgap-install/vmware-vsphere-airgap-instructions.md b/docs/docs-content/vertex/install-palette-vertex/install-on-vmware/airgap-install/vmware-vsphere-airgap-instructions.md index b8ddd933c3..dc25448368 100644 --- a/docs/docs-content/vertex/install-palette-vertex/install-on-vmware/airgap-install/vmware-vsphere-airgap-instructions.md +++ b/docs/docs-content/vertex/install-palette-vertex/install-on-vmware/airgap-install/vmware-vsphere-airgap-instructions.md @@ -238,23 +238,88 @@ If you are working in Vim, press `i` to enter insert mode in the text editor. Pr ``` 19. If you have custom SSL certificates you want to apply to the image and pack registry, and the Spectro Cloud - Repository, copy the custom SSL certificates, in base64 PEM format, to the airgap support VM. The custom - certificates must be placed in the **/opt/spectro/ssl** folder. Include the following files: + Repository, copy the custom SSL certificates, in base64 PEM format, to the airgap support VM. + + If you do not provide a custom SSL certificate, the airgap setup process will generate a self-signed certificate for + you. + + Select the tab below for detailed instructions on how to update the SSL certificates for the Pack Registry and the + Spectro Cloud Repository. + + + + + + :::warning + + Three items you need to keep in mind when providing custom SSL certificates: + + - The custom SSL certificates must be in base64 PEM format. If you have custom SSL certificates in a different + format, convert them to base64 PEM format before copying them to the support VM. The airgap setup process also + expects the files to be named **server.crt** and **server.key**. + + - The custom certificate's Fully Qualified Domain Name (FQDN) must match the hostname or IP address you provide for + the airgap support VM. Otherwise, the airgap setup process will fail due to a certificate mismatch. + + - The custom SSL certificates must have the following permissions bits set: + + - **server.crt**: 644 + - **server.key**: 600 + + ::: + + The custom certificates must be placed in the **/opt/spectro/ssl** folder. Include the following files: - **server.crt** - **server.key** - If you do not provide a custom SSL certificate, the airgap setup process will generate a self-signed certificate for - you. + You also need to update the permissions for the **/data/secret/cert/** directory. This folder is mounted to Harbor + during the airgap setup process and must have access to the custom SSL certificates. Use the following command to + ensure the permissions are set correctly. + + ```shell + chown -R 10000:10000 /data/secret/cert/* + ``` + + + + :::warning - The custom SSL certificates must be in base64 PEM format. If you have custom SSL certificates in a different format, - convert them to base64 PEM format before copying them to the support VM. The airgap setup process also expects the - files to be named **server.crt** and **server.key**. + Three items you need to keep in mind when providing custom SSL certificates: + + - The custom SSL certificates must be in base64 PEM format. If you have custom SSL certificates in a different + format, convert them to base64 PEM format before copying them to the support VM. The airgap setup process also + expects the files to be named **server.crt** and **server.key**. + + - The custom certificate's Fully Qualified Domain Name (FQDN) must match the hostname or IP address you provide for + the airgap support VM. Otherwise, the airgap setup process will fail due to a certificate mismatch. + + - The custom SSL certificates must have the following permissions bits set: + + - **server.crt**: 644 + - **server.key**: 600 ::: + The custom certificates must be placed in the **/opt/spectro/ssl** folder. Include the following files: + + - **server.crt** + - **server.key** + + Copy the custom SSL certificates to the **/usr/local/share/ca-certificates/** directory. Issue the following + commands to copy the custom SSL certificates to the directory. + + ```shell + cp /opt/spectro/ssl/server.crt /usr/local/share/ca-certificates/ && \ + update-ca-certificates + ``` + + + + + 20. Start the airgap initialization process by issuing the following command. The script requires the hostname or IP address of the airgap support VM. Choose the preferred method for your environment. Be aware that the script will generate a self-signed certificate for the value you provide. From 435f819f6b3465632fb5e4a6c46e0c09e5a903d9 Mon Sep 17 00:00:00 2001 From: Karl Cardenas Date: Thu, 13 Jun 2024 11:23:26 -0700 Subject: [PATCH 3/4] docs: updated instructions --- .../vmware-vsphere-airgap-instructions.md | 48 +------------------ .../vmware-vsphere-airgap-instructions.md | 48 +------------------ 2 files changed, 2 insertions(+), 94 deletions(-) diff --git a/docs/docs-content/enterprise-version/install-palette/install-on-vmware/airgap-install/vmware-vsphere-airgap-instructions.md b/docs/docs-content/enterprise-version/install-palette/install-on-vmware/airgap-install/vmware-vsphere-airgap-instructions.md index df4bd7780a..22b82ac33e 100644 --- a/docs/docs-content/enterprise-version/install-palette/install-on-vmware/airgap-install/vmware-vsphere-airgap-instructions.md +++ b/docs/docs-content/enterprise-version/install-palette/install-on-vmware/airgap-install/vmware-vsphere-airgap-instructions.md @@ -242,13 +242,6 @@ The default container runtime for OVAs is [Podman](https://podman.io/), not Dock If you do not provide a custom SSL certificate, the airgap setup process will generate a self-signed certificate for you. - Select the tab below for detailed instructions on how to update the SSL certificates for the Pack Registry and the - Spectro Cloud Repository. - - - - - :::warning Three items you need to keep in mind when providing custom SSL certificates: @@ -260,7 +253,7 @@ The default container runtime for OVAs is [Podman](https://podman.io/), not Dock - The custom certificate's Fully Qualified Domain Name (FQDN) must match the hostname or IP address you provide for the airgap support VM. Otherwise, the airgap setup process will fail due to a certificate mismatch. - - The custom SSL certificates must have the following permissions bits set: + - The custom SSL certificates files must have the following permissions bits set: - **server.crt**: 644 - **server.key**: 600 @@ -280,45 +273,6 @@ The default container runtime for OVAs is [Podman](https://podman.io/), not Dock chown -R 10000:10000 /data/secret/cert/* ``` - - - - - :::warning - - Three items you need to keep in mind when providing custom SSL certificates: - - - The custom SSL certificates must be in base64 PEM format. If you have custom SSL certificates in a different - format, convert them to base64 PEM format before copying them to the support VM. The airgap setup process also - expects the files to be named **server.crt** and **server.key**. - - - The custom certificate's Fully Qualified Domain Name (FQDN) must match the hostname or IP address you provide for - the airgap support VM. Otherwise, the airgap setup process will fail due to a certificate mismatch. - - - The custom SSL certificates must have the following permissions bits set: - - - **server.crt**: 644 - - **server.key**: 600 - - ::: - - The custom certificates must be placed in the **/opt/spectro/ssl** folder. Include the following files: - - - **server.crt** - - **server.key** - - Copy the custom SSL certificates to the **/usr/local/share/ca-certificates/** directory. Issue the following - commands to copy the custom SSL certificates to the directory. - - ```shell - cp /opt/spectro/ssl/server.crt /usr/local/share/ca-certificates/ && \ - update-ca-certificates - ``` - - - - - 20. Start the airgap initialization process by issuing the following command. The script requires the hostname or IP address of the airgap support VM. Choose the preferred method for your environment. Be aware that the script will generate a self-signed certificate for the value you provide. diff --git a/docs/docs-content/vertex/install-palette-vertex/install-on-vmware/airgap-install/vmware-vsphere-airgap-instructions.md b/docs/docs-content/vertex/install-palette-vertex/install-on-vmware/airgap-install/vmware-vsphere-airgap-instructions.md index dc25448368..df31219087 100644 --- a/docs/docs-content/vertex/install-palette-vertex/install-on-vmware/airgap-install/vmware-vsphere-airgap-instructions.md +++ b/docs/docs-content/vertex/install-palette-vertex/install-on-vmware/airgap-install/vmware-vsphere-airgap-instructions.md @@ -243,13 +243,6 @@ If you are working in Vim, press `i` to enter insert mode in the text editor. Pr If you do not provide a custom SSL certificate, the airgap setup process will generate a self-signed certificate for you. - Select the tab below for detailed instructions on how to update the SSL certificates for the Pack Registry and the - Spectro Cloud Repository. - - - - - :::warning Three items you need to keep in mind when providing custom SSL certificates: @@ -261,7 +254,7 @@ If you are working in Vim, press `i` to enter insert mode in the text editor. Pr - The custom certificate's Fully Qualified Domain Name (FQDN) must match the hostname or IP address you provide for the airgap support VM. Otherwise, the airgap setup process will fail due to a certificate mismatch. - - The custom SSL certificates must have the following permissions bits set: + - The custom SSL certificates files must have the following permissions bits set: - **server.crt**: 644 - **server.key**: 600 @@ -281,45 +274,6 @@ If you are working in Vim, press `i` to enter insert mode in the text editor. Pr chown -R 10000:10000 /data/secret/cert/* ``` - - - - - :::warning - - Three items you need to keep in mind when providing custom SSL certificates: - - - The custom SSL certificates must be in base64 PEM format. If you have custom SSL certificates in a different - format, convert them to base64 PEM format before copying them to the support VM. The airgap setup process also - expects the files to be named **server.crt** and **server.key**. - - - The custom certificate's Fully Qualified Domain Name (FQDN) must match the hostname or IP address you provide for - the airgap support VM. Otherwise, the airgap setup process will fail due to a certificate mismatch. - - - The custom SSL certificates must have the following permissions bits set: - - - **server.crt**: 644 - - **server.key**: 600 - - ::: - - The custom certificates must be placed in the **/opt/spectro/ssl** folder. Include the following files: - - - **server.crt** - - **server.key** - - Copy the custom SSL certificates to the **/usr/local/share/ca-certificates/** directory. Issue the following - commands to copy the custom SSL certificates to the directory. - - ```shell - cp /opt/spectro/ssl/server.crt /usr/local/share/ca-certificates/ && \ - update-ca-certificates - ``` - - - - - 20. Start the airgap initialization process by issuing the following command. The script requires the hostname or IP address of the airgap support VM. Choose the preferred method for your environment. Be aware that the script will generate a self-signed certificate for the value you provide. From fc9c8bf5c3da8c26e4bef99733ec5001aa31b5f0 Mon Sep 17 00:00:00 2001 From: Karl Cardenas <29551334+karl-cardenas-coding@users.noreply.github.com> Date: Thu, 20 Jun 2024 14:23:22 -0700 Subject: [PATCH 4/4] Apply suggestions from code review --- .../airgap-install/vmware-vsphere-airgap-instructions.md | 2 +- .../airgap-install/vmware-vsphere-airgap-instructions.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/docs-content/enterprise-version/install-palette/install-on-vmware/airgap-install/vmware-vsphere-airgap-instructions.md b/docs/docs-content/enterprise-version/install-palette/install-on-vmware/airgap-install/vmware-vsphere-airgap-instructions.md index 22b82ac33e..6751667e79 100644 --- a/docs/docs-content/enterprise-version/install-palette/install-on-vmware/airgap-install/vmware-vsphere-airgap-instructions.md +++ b/docs/docs-content/enterprise-version/install-palette/install-on-vmware/airgap-install/vmware-vsphere-airgap-instructions.md @@ -248,7 +248,7 @@ The default container runtime for OVAs is [Podman](https://podman.io/), not Dock - The custom SSL certificates must be in base64 PEM format. If you have custom SSL certificates in a different format, convert them to base64 PEM format before copying them to the support VM. The airgap setup process also - expects the files to be named **server.crt** and **server.key**. + expects the certificate files to be named **server.crt** and **server.key**. - The custom certificate's Fully Qualified Domain Name (FQDN) must match the hostname or IP address you provide for the airgap support VM. Otherwise, the airgap setup process will fail due to a certificate mismatch. diff --git a/docs/docs-content/vertex/install-palette-vertex/install-on-vmware/airgap-install/vmware-vsphere-airgap-instructions.md b/docs/docs-content/vertex/install-palette-vertex/install-on-vmware/airgap-install/vmware-vsphere-airgap-instructions.md index df31219087..81ffeeb3a9 100644 --- a/docs/docs-content/vertex/install-palette-vertex/install-on-vmware/airgap-install/vmware-vsphere-airgap-instructions.md +++ b/docs/docs-content/vertex/install-palette-vertex/install-on-vmware/airgap-install/vmware-vsphere-airgap-instructions.md @@ -249,7 +249,7 @@ If you are working in Vim, press `i` to enter insert mode in the text editor. Pr - The custom SSL certificates must be in base64 PEM format. If you have custom SSL certificates in a different format, convert them to base64 PEM format before copying them to the support VM. The airgap setup process also - expects the files to be named **server.crt** and **server.key**. + expects the certificate files to be named **server.crt** and **server.key**. - The custom certificate's Fully Qualified Domain Name (FQDN) must match the hostname or IP address you provide for the airgap support VM. Otherwise, the airgap setup process will fail due to a certificate mismatch.