Documentation changes (#1595)

* Add documentation for `bdb-user` parameter * Remove the bdb-keyfile-passphrase parameter * Formatting changes in bdb-certs.bdb-user subsection
2024-10-13 13:34:05 +00:00 · 2017-06-28 15:35:26 +02:00 · 2017-06-28 15:35:26 +02:00 · d92f5f2024
commit d92f5f2024
parent 69a07b282d
3 changed files with 30 additions and 4 deletions
--- a/docs/server/source/production-deployment-template/node-config-map-and-secrets.rst
+++ b/docs/server/source/production-deployment-template/node-config-map-and-secrets.rst
@ -89,6 +89,36 @@ Note that ``ca.pem`` is just another name for ``ca.crt``
 (the certificate of your BigchainDB cluster's self-signed CA).


+bdb-certs.bdb-user
+~~~~~~~~~~~~~~~~~~
+
+This is the user name that BigchainDB uses to authenticate itself to the
+backend MongoDB database.
+
+We need to specify the user name *as seen in the certificate* issued to
+the BigchainDB instance in order to authenticate correctly. Use
+the following ``openssl`` command to extract the user name from the
+certificate:
+  
+.. code:: bash
+
+   $ openssl x509 -in <path to the bigchaindb certificate> \
+     -inform PEM -subject -nameopt RFC2253
+         
+You should see an output line that resembles:
+  
+.. code:: bash
+  
+   subject= emailAddress=dev@bigchaindb.com,CN=test-bdb-ssl,OU=BigchainDB-Instance,O=BigchainDB GmbH,L=Berlin,ST=Berlin,C=DE
+
+The ``subject`` line states the complete user name we need to use for this
+field (``bdb-certs.bdb-user``), i.e.
+
+.. code:: bash
+
+   emailAddress=dev@bigchaindb.com,CN=test-bdb-ssl,OU=BigchainDB-Instance,O=BigchainDB GmbH,L=Berlin,ST=Berlin,C=DE
+
+
 Deploy Your config-map.yaml and secret.yaml
 -------------------------------------------

--- a/k8s/bigchaindb/bigchaindb-dep.yaml
+++ b/k8s/bigchaindb/bigchaindb-dep.yaml
@ -59,8 +59,6 @@ spec:
          value: /etc/bigchaindb/ssl/bdb-instance.pem
        - name: BIGCHAINDB_DATABASE_KEYFILE
          value: /etc/bigchaindb/ssl/bdb-instance.key
-        - name: BIGCHAINDB_DATABASE_KEYFILE_PASSPHRASE
-          value: /etc/bigchaindb/ssl/bdb-keyfile-passphrase
        - name: BIGCHAINDB_DATABASE_LOGIN
          value: /etc/bigchaindb/ssl/bdb-user
        # The following env var is not required for the bootstrap/first node
--- a/k8s/configuration/secret.yaml
+++ b/k8s/configuration/secret.yaml
@ -82,8 +82,6 @@ data:
  bdb-instance.pem: "<b64 encoded certificate>"
  # Base64-encoded private key
  bdb-instance.key: "<b64 encoded private key>"
-  # Base64-encoded private key passphrase
-  bdb-keyfile-passphrase: "<b64 encoded private key passphrase>"
  # Base64-encoded instance authentication credentials
  bdb-user: "<b64 encoded user name>"
 ---