# Deploying a new OSP13 Cloud using os-inception
These templates can be used to build or rebuild a OSP13 dev cloud using os-inception.
## Clone the repo onto the undercloud
- login to the undercloud
- clone this repo into /home/stack/templates
- cp the deploy script deploy-osp13.sh into the stack home directory.
- Update the "undercloud-ca" entry in the file
/home/stack/templates/inject-trust-anchor-hiera.yaml with the
contents of the undercloud ca with is located at
/etc/pki/ca-trust/source/anchors/cm-local-ca.pem. This will allow the overcloud
nodes to trust the undercloud.
- ensure the ipa credentials are correct in
/home/stack/templates/ipa-ldap-config.yaml
- load the undercloud creds with
. stackrc
- deploy the overcloud with
./deploy-osp13.sh
## To regenerate the overcloud certs
su - stack
mkdir ~/SSL
cd ~/SSL
```
Generate a private key for the CA
```bash
openssl genrsa -out overcloud-ca-privkey.pem 2048
```
Generate a self-signed CA certificate
```bash
openssl req -new -x509 -key overcloud-ca-privkey.pem -out overcloud-cacert.pem -config openssl-ca.cnf
```
Add the self-signed CA certificate to the undercloud’s trusted certificate store.
```bash
sudo cp overcloud-cacert.pem /etc/pki/ca-trust/source/anchors/
sudo update-ca-trust extract
```
Generate the leaf certificate request and key that will be used for the public VIP.
```bash
openssl req -sha256 -nodes -newkey rsa:2048 -keyout server-key.pem -out server-req.pem -config openssl.cnf
```
Process the server RSA key
```bash
openssl rsa -in server-key.pem -out server-key.pem
```
Sign the leaf certificate with the CA certificate and generate the certificate.
```bash
openssl x509 -req -in server-req.pem -days 365 \
-CA overcloud-cacert.pem -CAkey overcloud-ca-privkey.pem \
-set_serial 01 -out server-cert.pem
```
Based on the documentation at
https://docs.openstack.org/tripleo-docs/latest/install/advanced_deployment/ssl.html#certificate-details