Bug 1369181

Summary: [DOCS] Certificate retooling docs
Product: OpenShift Container Platform Reporter: Steven Walter <stwalter>
Component: DocumentationAssignee: Ashley Hardin <ahardin>
Status: CLOSED CURRENTRELEASE QA Contact: Xiaoli Tian <xtian>
Severity: urgent Docs Contact: Vikram Goyal <vigoyal>
Priority: medium    
Version: 3.2.1CC: aos-bugs, erich, javier.ramirez, jokerman, mmccomas
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-01-27 19:06:30 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Steven Walter 2016-08-22 15:20:37 UTC 
Document URL: 
Either of:
https://docs.openshift.com/enterprise/3.2/install_config/upgrading/automated_upgrades.html
or:
https://docs.openshift.com/enterprise/3.2/install_config/certificate_customization.html
Or perhaps a new document? My money is on upgrades


Section Number and Name: 
New section for certificate retooling

Describe the issue: 
We recently released the certificate retooling ansible playbook. This is a very useful function that allows the reconfiguring/redeploying of certificates and kubeconfigs, and has already been useful for me in successfully changing, for instance, the internal masterUrl api url without much hassle whereas before it required manually mucking about with kubeconfigs, etc. This tooling is a large enough new feature and was just released in an advisory so we should prioritize getting this documented soon since it's already out.


Suggestions for improvement: 
Already some usage examples here:
https://bugzilla.redhat.com/show_bug.cgi?id=1275648#c27

Should include a couple examples such as above, and a quick description of what gets updated (kubeconfigs, certs, anything else. Does {master,node}-config.yaml get updated?)

Additional information: 
Let us know if any more info is needed, thanks!
Comment 1 Steven Walter 2017-01-16 14:59:40 UTC 
The docs were released a while back at https://docs.openshift.com/container-platform/3.3/install_config/redeploying_certificates.html HOWEVER they are missing from the 3.2 docs, although the feature is in 3.2 as per https://bugzilla.redhat.com/show_bug.cgi?id=1275648#c27
Comment 2 Ashley Hardin 2017-01-26 20:35:34 UTC 
Added the topic to 3.2 via https://github.com/openshift/openshift-docs/pull/3582
Comment 3 Ashley Hardin 2017-01-27 19:06:30 UTC 
Content is now published to 3.2: https://access.redhat.com/documentation/en/openshift-enterprise/3.2/paged/installation-and-configuration/chapter-9-redeploying-certificates