Release 2.25.1.0-b276: [PLAT-15532][YBA CLI]Add support for updating TLS of Universe · yugabyte/yugabyte-db

2.25.1.0-b276
7a76785
Compare

Choose a tag to compare

Loading

View all tags
2.25.1.0-b276: [PLAT-15532][YBA CLI]Add support for updating TLS of Universe
2.25.1.0-b276
7a76785
Compare

Choose a tag to compare

Loading

View all tags
Deepti-yb tagged this 31 Jan 14:52
Summary:
```
yba universe security eit -h
Encryption-in-transit settings for a universe

Usage:
  yba universe security eit [flags]
  yba universe security eit [command]

Aliases:
  eit, encryption-in-transit, certs

Available Commands:
  cert        Rotate certificates for a universe
  tls         Toggle TLS settings for a universe

Flags:
      --upgrade-option string   [Optional] Upgrade Options, defaults to Rolling. Allowed values (case sensitive): Rolling, Non-Rolling (involves DB downtime). Only a "Non-Rolling" type of restart is allowed for TLS upgrade. (default "Rolling")
  -h, --help                    help for eit

Global Flags:
  -a, --apiToken string    YugabyteDB Anywhere api token.
      --config string      Config file, defaults to $HOME/.yba-cli.yaml
      --debug              Use debug mode, same as --logLevel debug.
      --disable-color      Disable colors in output. (default false)
  -f, --force              [Optional] Bypass the prompt for non-interactive usage.
  -H, --host string        YugabyteDB Anywhere Host (default "http://localhost:9000")
  -l, --logLevel string    Select the desired log level format. Allowed values: debug, info, warn, error, fatal. (default "info")
  -n, --name string        [Required] The name of the universe for the operation.
  -o, --output string      Select the desired output format. Allowed values: table, json, pretty. (default "table")
  -s, --skip-validations   [Optional] Skip validations before running the CLI command.
      --timeout duration   Wait command timeout, example: 5m, 1h. (default 168h0m0s)
      --wait               Wait until the task is completed, otherwise it will exit immediately. (default true)
```

```
Toggle TLS settings for a universe

Usage:
  yba universe security eit tls [flags]

Aliases:
  tls, tls-toggle

Examples:
yba universe security eit tls --name <universe-name> \
        --client-to-node-encryption <client-to-node-encryption>

Flags:
      --client-to-node-encryption string   [Optional] Client to node encryption. Allowed values: enable, disable.
      --node-to-node-encryption string     [Optional] Node to node encryption. Allowed values: enable, disable.
      --root-and-client-root-ca-same       [Optional] Use same certificates for node to node and client to node communication. (default true)
  -h, --help                               help for tls

Global Flags:
  -a, --apiToken string         YugabyteDB Anywhere api token.
      --config string           Config file, defaults to $HOME/.yba-cli.yaml
      --debug                   Use debug mode, same as --logLevel debug.
      --disable-color           Disable colors in output. (default false)
  -f, --force                   [Optional] Bypass the prompt for non-interactive usage.
  -H, --host string             YugabyteDB Anywhere Host (default "http://localhost:9000")
  -l, --logLevel string         Select the desired log level format. Allowed values: debug, info, warn, error, fatal. (default "info")
  -n, --name string             [Required] The name of the universe for the operation.
  -o, --output string           Select the desired output format. Allowed values: table, json, pretty. (default "table")
  -s, --skip-validations        [Optional] Skip validations before running the CLI command.
      --timeout duration        Wait command timeout, example: 5m, 1h. (default 168h0m0s)
      --upgrade-option string   [Optional] Upgrade Options, defaults to Rolling. Allowed values (case sensitive): Rolling, Non-Rolling (involves DB downtime). Only a "Non-Rolling" type of restart is allowed for TLS upgrade. (default "Rolling")
      --wait                    Wait until the task is completed, otherwise it will exit immediately. (default true)
```

```
yba universe security eit cert -h
Rotate certificates for a universe. Rotation is supported on all certificate types (except for cert-manager on k8s)

Usage:
  yba universe security eit cert [flags]

Aliases:
  cert, cert-rotate, cert-rotation, certificates-rotation

Examples:
yba universe security eit cert --name <universe-name> --rotate-self-signed-client-cert

Flags:
      --root-ca string                       [Optional] Root Certificate name.
      --client-root-ca string                [Optional] Client Root Certificate name.
      --rotate-self-signed-client-cert       [Optional] Rotates client certificate. Cannot rotate client certificate when root CA or client root CA are being rotated (default false)
      --rotate-self-signed-server-cert       [Optional] Rotates server certificate. Cannot rotate client certificate when root CA or client root CA are being rotated (default false)
      --root-and-client-root-ca-same         [Optional] Use same certificates for node to node and client to node communication. Set true for rotating server and client certificates and when root CA and client root CA are same. (default true)
      --delay-between-master-servers int32   [Optional] Upgrade delay between Master servers (in miliseconds). (default 18000)
      --delay-between-tservers int32         [Optional] Upgrade delay between Tservers (in miliseconds). (default 18000)
  -h, --help                                 help for cert

Global Flags:
  -a, --apiToken string         YugabyteDB Anywhere api token.
      --config string           Config file, defaults to $HOME/.yba-cli.yaml
      --debug                   Use debug mode, same as --logLevel debug.
      --disable-color           Disable colors in output. (default false)
  -f, --force                   [Optional] Bypass the prompt for non-interactive usage.
  -H, --host string             YugabyteDB Anywhere Host (default "http://localhost:9000")
  -l, --logLevel string         Select the desired log level format. Allowed values: debug, info, warn, error, fatal. (default "info")
  -n, --name string             [Required] The name of the universe for the operation.
  -o, --output string           Select the desired output format. Allowed values: table, json, pretty. (default "table")
  -s, --skip-validations        [Optional] Skip validations before running the CLI command.
      --timeout duration        Wait command timeout, example: 5m, 1h. (default 168h0m0s)
      --upgrade-option string   [Optional] Upgrade Options, defaults to Rolling. Allowed values (case sensitive): Rolling, Non-Rolling (involves DB downtime). Only a "Non-Rolling" type of restart is allowed for TLS upgrade. (default "Rolling")
      --wait                    Wait until the task is completed, otherwise it will exit immediately. (default true)
```

Test Plan:
` yba universe security eit cert --name dkumar-cli-1 --rotate-self-signed-client-cert `

`yba universe security eit cert -n dkumar-cli --client-root-ca yb-15-dkumar-cli-client~1 --root-and-client-root-ca-same=false`

` yba universe security eit cert -n dkumar-cli --root-ca yb-15-dkumar-cli~18`

` yba universe security eit tls -n dkumar-cli-1 --node-to-node-encryption enable`

Reviewers: sneelakantan, svarshney

Reviewed By: svarshney

Subscribers: yugaware

Differential Revision: https://phorge.dev.yugabyte.com/D40432
Assets 2
Provide feedback

Saved searches

Use saved searches to filter your results more quickly
