Utility and library for the purpose of assisting in creating certificates and client certificates for use in authentication against Couchbase Server during development/testing.
Building is the usual go thing: go build -o cbcerthelper ./cmd/cbcerthelper/main.go.
What it does:
* Creates a root certificate and key
* Creates a node certificate, certificate request, and key for each node provided
* Copies the node certificate and key to the node over ssh/scp
* Uploads the root certificate to the node and reloads the certificate
* Creates a client certificate that can be used to auth against nodes
* Writes out all the certificates and keys to disk
What it might do:
* If it fails then it might leave your cluster in a weird state where some nodes have certificates and others don't
What it won't do:
* Any attempt at recovery if it fails at any step
Configuration of the executable is done via a config file (it'll look for $HOME/.cbcerthelper.toml) or cli flags.
Parameters are the same in both config file and cli and are:
| Name | Type | Description | Example | |
|---|---|---|---|---|
| config | string | Path to config file | ./.cbcerthelper.toml |
|
| http-user | string | Username to use for auth against Couchbase Server | MyAdminUser |
|
| http-pass | string | Password to use for auth against Couchbase Server | MyAdminPass |
|
| ssh-user | string | Username to use for ssh access to nodes hosting Couchbase Server | gary |
|
| ssh-pass | string | Password to use for ssh access to nodes hosting Couchbase Server | garyspassword |
|
| cert-user | string | The username for the user that will be authenticating with this client certificate | dave |
|
| cert-email | string | The email for the user that will be authenticating with this client certificate | dave@davescompany.com |