NAME¶

corosync-qdevice-net-certutil - tool to generate qdevice model net TLS certificates

SYNOPSIS¶

corosync-qdevice-net-certutil [-i|-m|-M|-r|-s|-Q] [-c certificate] [-S ssh_command] [-C scp_command] [-n cluster_name]

DESCRIPTION¶

corosync-qdevice-net-certutil is a frontend for NSS certutil used for generating client certificate for the net model of qdevice.

OPTIONS¶

-i

Initialize the QDevice Net NSS certificate database. The default directory for the database is /etc/corosync/qdevice/net/. This directory has to be writable by the current user. It needs the QNetd CA certificate passed as the -c parameter. This certificate can be found on the server running QNetd in the file /etc/corosync/qnetd/nssdb/qnetd-cacert.crt.

-m

Import the cluster certificate and key from a pk12 file.

-r

Generate a certificate request. The certificate request is exported into /etc/corosync/qdevice/net/qdevice-net-node.crq. It is necessary to pass the cluster name using the -n parameter. The cluster name has to match the one defined in /etc/corosync/corosync.conf.

-M

Import a signed certificate and export a certificate with private key into pk12 file.

-Q

Use ssh/scp to properly set both corosync-qnetd and corosync-qdevice certificates on all nodes. It's highly recommended that you use an ssh agent, or ssh/scp will keep asking for a password - roughly 8 times the number of nodes.

-c

File with certificate to load.

-S

Alternative remote shell command to be use in place of ssh. If not specified, ssh is used.

-C

Alternative remote copy command to be use in place of scp. If not specified, scp is used.

-n

Name of the cluster.

SEE ALSO¶

corosync-qnetd(8) corosync-qdevice(8)

AUTHOR¶

Jan Friesse