This section describes how to update the Nova NoVNCProxy certificates
managed by salt-minion.
To update the Nova NoVNCProxy certificates managed by salt-minion:
Log in to the Salt Master node.
Create certificate backups for all compute nodes:
salt '*ctl*' cmd.run 'cp -pr /etc/pki/nova-novncproxy/client-cert.pem /etc/pki/nova-novncproxy/client-cert.pem_$(date +"%Y_%m_%d").bak'
salt '*ctl*' cmd.run 'cp -pr /etc/pki/nova-novncproxy/server-cert.pem /etc/pki/nova-novncproxy/server-cert.pem_$(date +"%Y_%m_%d").bak'
Remove your current certificates from each compute node:
salt '*ctl*' cmd.run 'rm -rf /etc/pki/nova-novncproxy/client-cert.pem /etc/pki/nova-novncproxy/server-cert.pem'
Apply the salt.minion.grains state for all compute nodes to
retrieve the CA certificate from Salt Master:
salt '*ctl*' state.sls salt.minion.grains test=true -b 1
salt '*ctl*' state.sls salt.minion.grains -b 1
Apply the salt.minion.cert state on all compute nodes:
salt '*ctl*' state.sls salt.minion.cert test=true -b 2
salt '*ctl*' state.sls salt.minion.cert -b 2
Restart the nova-novncproxy service:
salt '*ctl*' cmd.run 'service nova-novncproxy restart' -b 1