mirror of
https://github.com/openziti/zrok.git
synced 2024-12-22 23:02:52 +01:00
initial strawman ziti network
This commit is contained in:
parent
3bde4594db
commit
2c5586a6c1
81
docs/zrok.io-network-skeleton.md
Normal file
81
docs/zrok.io-network-skeleton.md
Normal file
@ -0,0 +1,81 @@
|
||||
`createPki`:
|
||||
|
||||
* create root ca
|
||||
|
||||
`pki_create_ca`:
|
||||
|
||||
```
|
||||
$ ziti pki create ca --pki-root=/home/ubuntu/local/etc/zrok.io/pki --ca-file=root-ca --ca-name="zrok.io Root CA"
|
||||
```
|
||||
|
||||
* signing root ca
|
||||
|
||||
`pki_create_ca`:
|
||||
|
||||
```
|
||||
$ ziti pki create ca --pki-root=/home/ubuntu/local/etc/zrok.io/pki --ca-file=signing-root-ca --ca-name="zrok.io Signing Root CA"
|
||||
```
|
||||
|
||||
* intermediate
|
||||
|
||||
`pki_create_intermediate`:
|
||||
|
||||
```
|
||||
$ ziti pki create intermediate --pki-root=/home/ubuntu/local/etc/zrok.io/pki --ca-name=root-ca --intermediate-name="zrok.io Intermediate" --intermediate-file=intermediate --max-path-len=1
|
||||
```
|
||||
|
||||
* signing intermediate
|
||||
|
||||
`pki_create_intermediate`:
|
||||
|
||||
```
|
||||
$ ziti pki create intermediate --pki-root=/home/ubuntu/local/etc/zrok.io/pki --ca-name=intermediate --intermediate-name="zrok.io Signing Intermediate" --intermediate-file=signing-intermediate --max-path-len=1
|
||||
```
|
||||
|
||||
* create controller client/server certs:
|
||||
|
||||
`pki_client_server`:
|
||||
|
||||
```
|
||||
$ ziti pki create server --pki-root=/home/ubuntu/local/etc/zrok.io/pki --ca-name=intermediate --server-file=ctrl-server --dns="api.zrok.io,localhost" --ip="0.0.0.0,10.0.0.41,127.0.01" --server-name="zrok.io controller server"
|
||||
$ ziti pki create client --pki-root=/home/ubuntu/local/etc/zrok.io/pki --ca-name=intermediate --client-file=ctrl-client --key-file=ctrl-server --client-name="zrok.io controller client"
|
||||
```
|
||||
|
||||
* create edge router client/server certs:
|
||||
|
||||
`pki_client_server`:
|
||||
|
||||
```
|
||||
$ ziti pki create server --pki-root=/home/ubuntu/local/etc/zrok.io/pki --ca-name=intermediate --server-file=router0-server --dns="api.zrok.io,localhost" --ip="0.0.0.0,10.0.0.41,127.0.01" --server-name="zrok.io router0 server"
|
||||
$ ziti pki create client --pki-root=/home/ubuntu/local/etc/zrok.io/pki --ca-name=intermediate --client-file=router0-client --key-file=router0-server --client-name="zrok.io router0 client"
|
||||
```
|
||||
|
||||
* `cas.pem`:
|
||||
|
||||
`createControllerConfig`:
|
||||
|
||||
```
|
||||
$ cat local/etc/zrok.io/pki/intermediate/certs/ctrl-server.chain.pem > local/etc/zrok.io/cas.pem
|
||||
$ cat local/etc/zrok.io/pki/intermediate/certs/signing-intermediate.cert >> local/etc/zrok.io/pki/cas.pem
|
||||
```
|
||||
|
||||
* `ziti-controller edge init`:
|
||||
|
||||
```
|
||||
$ ~/local/ziti/ziti-controller edge init local/etc/zrok.io/ctrl.yml
|
||||
```
|
||||
|
||||
* start controller
|
||||
|
||||
* create and enroll edge router:
|
||||
|
||||
```
|
||||
$ ziti edge create edge-router router0 -o router0.jwt -t -a "public"
|
||||
New edge router router0 created with id: ZAbNbXUL6A
|
||||
Enrollment expires at 2022-08-29T21:56:37.418Z
|
||||
|
||||
$ ziti-router -v enroll local/etc/zrok.io/router0.yml --jwt router0.jwt
|
||||
[ 0.456] DEBUG ziti/ziti/cmd/ziti/util.LogReleaseVersionCheck: this build of ziti-router is the latest release v0.26.5
|
||||
[ 0.467] DEBUG edge/router/enroll.(*RestEnroller).Enroll: JWT parsed
|
||||
[ 3.561] INFO edge/router/enroll.(*RestEnroller).Enroll: registration complete
|
||||
```
|
Loading…
Reference in New Issue
Block a user