kindred/silo
1
1
Fork 0
Code Issues 30 Pull Requests Actions Packages Projects Releases Wiki Activity

docs: replace kindred.internal with example.internal in all docs and config

Browse Source 
Replace all references to internal hostnames (silo.kindred.internal,
psql.kindred.internal, minio.kindred.internal, ipa.kindred.internal,
keycloak.kindred.internal) with example.internal equivalents.

Replace gitea.kindred.internal and git.kindred.internal with the public
git.kindred-systems.com instance. Also fix stale silo-0062 repo name
in setup-host.sh and DEPLOYMENT.md.
This commit is contained in:
forbes-0023
2026-02-11 11:20:45 -06:00
parent a258152175
commit 127836f7ce
13 changed files with 84 additions and 84 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ROADMAP.md
View File

@@ -129,7 +129,7 @@ This document compares Silo's current capabilities against SOLIDWORKS PDM—the
| Component | Status |
|-----------|--------|
| PostgreSQL | Running (psql.kindred.internal) |
| PostgreSQL | Running (psql.example.internal) |
| MinIO | Configured in Docker Compose |
| Silo API Server | Builds successfully |
| Docker Compose | Complete (dev and production) |

2
cmd/silo/main.go
View File

@@ -66,7 +66,7 @@ Token subcommands:
silo token revoke <id> Revoke a token
Environment variables for API access:
SILO_API_URL Base URL of the Silo server (e.g., https://silo.kindred.internal)
SILO_API_URL Base URL of the Silo server (e.g., https://silo.example.internal)
SILO_API_TOKEN API token for authentication
Examples:

12
config.example.yaml
View File

@@ -8,7 +8,7 @@ server:
# read_only: false # Reject all write operations; toggle at runtime with SIGUSR1
database:
host: "psql.kindred.internal"
host: "psql.example.internal"
port: 5432
name: "silo"
user: "silo"
@@ -17,7 +17,7 @@ database:
max_connections: 10
storage:
endpoint: "minio.kindred.internal:9000"
endpoint: "minio.example.internal:9000"
access_key: "" # Use SILO_MINIO_ACCESS_KEY env var
secret_key: "" # Use SILO_MINIO_SECRET_KEY env var
bucket: "silo-files"
@@ -53,7 +53,7 @@ auth:
# LDAP / FreeIPA
ldap:
enabled: false
url: "ldaps://ipa.kindred.internal"
url: "ldaps://ipa.example.internal"
base_dn: "dc=kindred,dc=internal"
user_search_dn: "cn=users,cn=accounts,dc=kindred,dc=internal"
# Optional service account for user search (omit for direct user bind)
@@ -77,10 +77,10 @@ auth:
# OIDC / Keycloak
oidc:
enabled: false
issuer_url: "https://keycloak.kindred.internal/realms/silo"
issuer_url: "https://keycloak.example.internal/realms/silo"
client_id: "silo"
client_secret: "" # Use SILO_OIDC_CLIENT_SECRET env var
redirect_url: "https://silo.kindred.internal/auth/callback"
redirect_url: "https://silo.example.internal/auth/callback"
scopes: ["openid", "profile", "email"]
# Map Keycloak realm roles to Silo roles
admin_role: "silo-admin"
@@ -90,4 +90,4 @@ auth:
# CORS origins (locked down when auth is enabled)
cors:
allowed_origins:
- "https://silo.kindred.internal"
- "https://silo.example.internal"

12
deployments/config.prod.yaml
View File

@@ -1,7 +1,7 @@
# Silo Production Configuration
# Single-binary deployment: silod serves API + React SPA
#
# Layout on silo.kindred.internal:
# Layout on silo.example.internal:
# /opt/silo/bin/silod - server binary
# /opt/silo/web/dist/ - built React frontend (served automatically)
# /opt/silo/schemas/ - part number schemas
@@ -18,10 +18,10 @@
server:
host: "0.0.0.0"
port: 8080
base_url: "https://silo.kindred.internal"
base_url: "https://silo.example.internal"
database:
host: "psql.kindred.internal"
host: "psql.example.internal"
port: 5432
name: "silo"
user: "silo"
@@ -30,7 +30,7 @@ database:
max_connections: 20
storage:
endpoint: "minio.kindred.internal:9000"
endpoint: "minio.example.internal:9000"
access_key: "" # Set via SILO_MINIO_ACCESS_KEY
secret_key: "" # Set via SILO_MINIO_SECRET_KEY
bucket: "silo-files"
@@ -53,7 +53,7 @@ auth:
default_admin_password: "" # Set via SILO_ADMIN_PASSWORD
ldap:
enabled: true
url: "ldaps://ipa.kindred.internal"
url: "ldaps://ipa.example.internal"
base_dn: "dc=kindred,dc=internal"
user_search_dn: "cn=users,cn=accounts,dc=kindred,dc=internal"
user_attr: "uid"
@@ -73,4 +73,4 @@ auth:
enabled: false
cors:
allowed_origins:
- "https://silo.kindred.internal"
- "https://silo.example.internal"

12
deployments/docker-compose.prod.yaml
View File

@@ -1,5 +1,5 @@
# Production Docker Compose for Silo
# Uses external PostgreSQL (psql.kindred.internal) and MinIO (minio.kindred.internal)
# Uses external PostgreSQL (psql.example.internal) and MinIO (minio.example.internal)
#
# Usage:
# export SILO_DB_PASSWORD=<your-password>
@@ -15,23 +15,23 @@ services:
container_name: silod
restart: unless-stopped
environment:
# Database connection (psql.kindred.internal)
SILO_DB_HOST: psql.kindred.internal
# Database connection (psql.example.internal)
SILO_DB_HOST: psql.example.internal
SILO_DB_PORT: 5432
SILO_DB_NAME: silo
SILO_DB_USER: silo
SILO_DB_PASSWORD: ${SILO_DB_PASSWORD:?Database password required}
SILO_DB_SSLMODE: require
# MinIO storage (minio.kindred.internal)
SILO_MINIO_ENDPOINT: minio.kindred.internal:9000
# MinIO storage (minio.example.internal)
SILO_MINIO_ENDPOINT: minio.example.internal:9000
SILO_MINIO_ACCESS_KEY: ${SILO_MINIO_ACCESS_KEY:?MinIO access key required}
SILO_MINIO_SECRET_KEY: ${SILO_MINIO_SECRET_KEY:?MinIO secret key required}
SILO_MINIO_BUCKET: silo-files
SILO_MINIO_USE_SSL: "true"
# Server settings
SILO_SERVER_BASE_URL: ${SILO_BASE_URL:-http://silo.kindred.internal:8080}
SILO_SERVER_BASE_URL: ${SILO_BASE_URL:-http://silo.example.internal:8080}
ports:
- "8080:8080"
volumes:

6
deployments/systemd/silod.env.example
View File

@@ -2,11 +2,11 @@
# Copy to /etc/silo/silod.env and fill in values
# Permissions: chmod 600 /etc/silo/silod.env
# Database credentials (psql.kindred.internal)
# Database credentials (psql.example.internal)
# Database: silo, User: silo
SILO_DB_PASSWORD=
# MinIO credentials (minio.kindred.internal)
# MinIO credentials (minio.example.internal)
# User: silouser
SILO_MINIO_ACCESS_KEY=silouser
SILO_MINIO_SECRET_KEY=
@@ -23,4 +23,4 @@ SILO_ADMIN_PASSWORD=
# SILO_LDAP_BIND_PASSWORD=
# Optional: Override server base URL
# SILO_SERVER_BASE_URL=http://silo.kindred.internal:8080
# SILO_SERVER_BASE_URL=http://silo.example.internal:8080

12
docs/AUTH_USER_GUIDE.md
View File

@@ -38,7 +38,7 @@ API tokens allow the FreeCAD plugin, scripts, and CI pipelines to authenticate w
### Creating a Token (CLI)
```sh
export SILO_API_URL=https://silo.kindred.internal
export SILO_API_URL=https://silo.example.internal
export SILO_API_TOKEN=silo_<your-existing-token>
silo token create --name "CI pipeline"
@@ -140,7 +140,7 @@ auth:
ldap:
enabled: true
url: "ldaps://ipa.kindred.internal"
url: "ldaps://ipa.example.internal"
base_dn: "dc=kindred,dc=internal"
user_search_dn: "cn=users,cn=accounts,dc=kindred,dc=internal"
user_attr: "uid"
@@ -170,10 +170,10 @@ auth:
oidc:
enabled: true
issuer_url: "https://keycloak.kindred.internal/realms/silo"
issuer_url: "https://keycloak.example.internal/realms/silo"
client_id: "silo"
client_secret: "" # Set via SILO_OIDC_CLIENT_SECRET
redirect_url: "https://silo.kindred.internal/auth/callback"
redirect_url: "https://silo.example.internal/auth/callback"
scopes: ["openid", "profile", "email"]
admin_role: "silo-admin"
editor_role: "silo-editor"
@@ -186,7 +186,7 @@ auth:
auth:
cors:
allowed_origins:
- "https://silo.kindred.internal"
- "https://silo.example.internal"
```
## Environment Variables
@@ -254,4 +254,4 @@ UPDATE users SET password_hash = '<bcrypt-hash>', is_active = true WHERE usernam
- Verify the token is set in FreeCAD preferences or `SILO_API_TOKEN`
- Check the API URL points to the correct server
- Test with curl: `curl -H "Authorization: Bearer silo_..." https://silo.kindred.internal/api/items`
- Test with curl: `curl -H "Authorization: Bearer silo_..." https://silo.example.internal/api/items`

56
docs/DEPLOYMENT.md
View File

@@ -17,7 +17,7 @@ This guide covers deploying Silo to a dedicated VM using external PostgreSQL and
```
┌─────────────────────────────────────────────────────────────────┐
│ silo.kindred.internal │
│ silo.example.internal │
│ ┌───────────────────────────────────────────────────────────┐ │
│ │ silod │ │
│ │ (Silo API Server) │ │
@@ -27,7 +27,7 @@ This guide covers deploying Silo to a dedicated VM using external PostgreSQL and
│ │
▼ ▼
┌─────────────────────────┐ ┌─────────────────────────────────┐
│ psql.kindred.internal │ │ minio.kindred.internal │
│ psql.example.internal │ │ minio.example.internal │
│ PostgreSQL 16 │ │ MinIO S3 │
│ :5432 │ │ :9000 (API) │
│ │ │ :9001 (Console) │
@@ -40,8 +40,8 @@ The following external services are already configured:
| Service | Host | Database/Bucket | User |
|---------|------|-----------------|------|
| PostgreSQL | psql.kindred.internal:5432 | silo | silo |
| MinIO | minio.kindred.internal:9000 | silo-files | silouser |
| PostgreSQL | psql.example.internal:5432 | silo | silo |
| MinIO | minio.example.internal:9000 | silo-files | silouser |
Migrations have been applied to the database.
@@ -53,10 +53,10 @@ For a fresh VM, run these commands:
```bash
# 1. SSH to the target host
ssh root@silo.kindred.internal
ssh root@silo.example.internal
# 2. Download and run setup script
curl -fsSL https://gitea.kindred.internal/kindred/silo-0062/raw/branch/main/scripts/setup-host.sh | bash
curl -fsSL https://git.kindred-systems.com/kindred/silo/raw/branch/main/scripts/setup-host.sh | bash
# 3. Configure credentials
nano /etc/silo/silod.env
@@ -69,16 +69,16 @@ nano /etc/silo/silod.env
## Initial Setup
Run the setup script once on `silo.kindred.internal` to prepare the host:
Run the setup script once on `silo.example.internal` to prepare the host:
```bash
# Option 1: If you have the repo locally
scp scripts/setup-host.sh root@silo.kindred.internal:/tmp/
ssh root@silo.kindred.internal 'bash /tmp/setup-host.sh'
scp scripts/setup-host.sh root@silo.example.internal:/tmp/
ssh root@silo.example.internal 'bash /tmp/setup-host.sh'
# Option 2: Direct on the host
ssh root@silo.kindred.internal
curl -fsSL https://git.kindred.internal/kindred/silo/raw/branch/main/scripts/setup-host.sh -o /tmp/setup-host.sh
ssh root@silo.example.internal
curl -fsSL https://git.kindred-systems.com/kindred/silo/raw/branch/main/scripts/setup-host.sh -o /tmp/setup-host.sh
bash /tmp/setup-host.sh
```
@@ -100,10 +100,10 @@ sudo nano /etc/silo/silod.env
Fill in the values:
```bash
# Database credentials (psql.kindred.internal)
# Database credentials (psql.example.internal)
SILO_DB_PASSWORD=your-database-password
# MinIO credentials (minio.kindred.internal)
# MinIO credentials (minio.example.internal)
SILO_MINIO_ACCESS_KEY=silouser
SILO_MINIO_SECRET_KEY=your-minio-secret-key
```
@@ -114,10 +114,10 @@ Before deploying, verify connectivity to external services:
```bash
# Test PostgreSQL
psql -h psql.kindred.internal -U silo -d silo -c 'SELECT 1'
psql -h psql.example.internal -U silo -d silo -c 'SELECT 1'
# Test MinIO
curl -I http://minio.kindred.internal:9000/minio/health/live
curl -I http://minio.example.internal:9000/minio/health/live
```
---
@@ -129,7 +129,7 @@ curl -I http://minio.kindred.internal:9000/minio/health/live
To deploy or update Silo, run the deploy script on the target host:
```bash
ssh root@silo.kindred.internal
ssh root@silo.example.internal
/opt/silo/src/scripts/deploy.sh
```
@@ -165,7 +165,7 @@ sudo /opt/silo/src/scripts/deploy.sh --status
You can override the git repository URL and branch:
```bash
export SILO_REPO_URL=https://git.kindred.internal/kindred/silo.git
export SILO_REPO_URL=https://git.kindred-systems.com/kindred/silo.git
export SILO_BRANCH=main
sudo -E /opt/silo/src/scripts/deploy.sh
```
@@ -247,7 +247,7 @@ curl http://localhost:8080/ready
To update to the latest version:
```bash
ssh root@silo.kindred.internal
ssh root@silo.example.internal
/opt/silo/src/scripts/deploy.sh
```
@@ -269,7 +269,7 @@ When new migrations are added, run them manually:
ls -la /opt/silo/src/migrations/
# Run a specific migration
psql -h psql.kindred.internal -U silo -d silo -f /opt/silo/src/migrations/008_new_feature.sql
psql -h psql.example.internal -U silo -d silo -f /opt/silo/src/migrations/008_new_feature.sql
```
---
@@ -303,13 +303,13 @@ psql -h psql.kindred.internal -U silo -d silo -f /opt/silo/src/migrations/008_ne
1. Test network connectivity:
```bash
nc -zv psql.kindred.internal 5432
nc -zv psql.example.internal 5432
```
2. Test credentials:
```bash
source /etc/silo/silod.env
PGPASSWORD=$SILO_DB_PASSWORD psql -h psql.kindred.internal -U silo -d silo -c 'SELECT 1'
PGPASSWORD=$SILO_DB_PASSWORD psql -h psql.example.internal -U silo -d silo -c 'SELECT 1'
```
3. Check `pg_hba.conf` on PostgreSQL server allows connections from this host.
@@ -318,12 +318,12 @@ psql -h psql.kindred.internal -U silo -d silo -f /opt/silo/src/migrations/008_ne
1. Test network connectivity:
```bash
nc -zv minio.kindred.internal 9000
nc -zv minio.example.internal 9000
```
2. Test with curl:
```bash
curl -I http://minio.kindred.internal:9000/minio/health/live
curl -I http://minio.example.internal:9000/minio/health/live
```
3. Check SSL settings in config match MinIO setup:
@@ -340,8 +340,8 @@ curl -v http://localhost:8080/health
curl -v http://localhost:8080/ready
# If ready fails but health passes, check external services
psql -h psql.kindred.internal -U silo -d silo -c 'SELECT 1'
curl http://minio.kindred.internal:9000/minio/health/live
psql -h psql.example.internal -U silo -d silo -c 'SELECT 1'
curl http://minio.example.internal:9000/minio/health/live
```
### Build Fails
@@ -391,14 +391,14 @@ This script:
getcert list
```
2. The silo config is already updated to use `https://silo.kindred.internal` as base URL. Restart silo:
2. The silo config is already updated to use `https://silo.example.internal` as base URL. Restart silo:
```bash
sudo systemctl restart silod
```
3. Test the setup:
```bash
curl https://silo.kindred.internal/health
curl https://silo.example.internal/health
```
### Certificate Management
@@ -422,7 +422,7 @@ For clients to trust the Silo HTTPS certificate, they need the IPA CA:
```bash
# Download CA cert
curl -o /tmp/ipa-ca.crt https://ipa.kindred.internal/ipa/config/ca.crt
curl -o /tmp/ipa-ca.crt https://ipa.example.internal/ipa/config/ca.crt
# Ubuntu/Debian
sudo cp /tmp/ipa-ca.crt /usr/local/share/ca-certificates/ipa-ca.crt

4
docs/SPECIFICATION.md
View File

@@ -50,7 +50,7 @@ Silo treats **part numbering schemas as configuration, not code**. Multiple numb
▼ ▼
┌─────────────────────────┐ ┌─────────────────────────────┐
│ PostgreSQL │ │ MinIO │
│ (psql.kindred.internal)│ │ - File storage │
│ (psql.example.internal)│ │ - File storage │
│ - Item metadata │ │ - Versioned objects │
│ - Relationships │ │ - Thumbnails │
│ - Revision history │ │ │
@@ -63,7 +63,7 @@ Silo treats **part numbering schemas as configuration, not code**. Multiple numb
| Component | Technology | Notes |
|-----------|------------|-------|
| Database | PostgreSQL 16 | Existing instance at psql.kindred.internal |
| Database | PostgreSQL 16 | Existing instance at psql.example.internal |
| File Storage | MinIO | S3-compatible, versioning enabled |
| CLI & API Server | Go (1.24) | chi/v5 router, pgx/v5 driver, zerolog |
| Authentication | Multi-backend | Local (bcrypt), LDAP/FreeIPA, OIDC/Keycloak |

2
docs/STATUS.md
View File

@@ -55,7 +55,7 @@ FreeCAD workbench and LibreOffice Calc extension are maintained in separate repo
| Service | Host | Status |
|---------|------|--------|
| PostgreSQL | psql.kindred.internal:5432 | Running |
| PostgreSQL | psql.example.internal:5432 | Running |
| MinIO | localhost:9000 (API) / :9001 (console) | Configured |
| Silo API | localhost:8080 | Builds successfully |

14
scripts/deploy.sh
View File

@@ -1,18 +1,18 @@
#!/bin/bash
# Deploy Silo to silo.kindred.internal
# Deploy Silo to silo.example.internal
#
# Usage: ./scripts/deploy.sh [host]
# host defaults to silo.kindred.internal
# host defaults to silo.example.internal
#
# Prerequisites:
# - SSH access to the target host
# - /etc/silo/silod.env must exist on target with credentials filled in
# - PostgreSQL reachable from target at psql.kindred.internal
# - MinIO reachable from target at minio.kindred.internal
# - PostgreSQL reachable from target at psql.example.internal
# - MinIO reachable from target at minio.example.internal
set -euo pipefail
TARGET="${1:-silo.kindred.internal}"
TARGET="${1:-silo.example.internal}"
DEPLOY_DIR="/opt/silo"
CONFIG_DIR="/etc/silo"
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
@@ -123,14 +123,14 @@ if command -v psql &>/dev/null && [ -n "${SILO_DB_PASSWORD:-}" ]; then
for f in "$DEPLOY_DIR/migrations/"*.sql; do
echo " $(basename "$f")"
PGPASSWORD="$SILO_DB_PASSWORD" psql \
-h psql.kindred.internal -p 5432 \
-h psql.example.internal -p 5432 \
-U silo -d silo \
-f "$f" -q 2>&1 | grep -v "already exists" || true
done
echo " Migrations complete."
else
echo " WARNING: psql not available or SILO_DB_PASSWORD not set, skipping migrations."
echo " Run migrations manually: PGPASSWORD=... psql -h psql.kindred.internal -U silo -d silo -f /opt/silo/migrations/NNN_name.sql"
echo " Run migrations manually: PGPASSWORD=... psql -h psql.example.internal -U silo -d silo -f /opt/silo/migrations/NNN_name.sql"
fi
# Start service

14
scripts/setup-host.sh
View File

@@ -1,7 +1,7 @@
#!/usr/bin/env bash
#
# Silo Host Setup Script
# Run this once on silo.kindred.internal to prepare for deployment
# Run this once on silo.example.internal to prepare for deployment
#
# Usage:
# sudo ./setup-host.sh
@@ -24,7 +24,7 @@ BLUE='\033[0;34m'
NC='\033[0m'
# Configuration
REPO_URL="${SILO_REPO_URL:-https://gitea.kindred.internal/kindred/silo-0062.git}"
REPO_URL="${SILO_REPO_URL:-https://git.kindred-systems.com/kindred/silo.git}"
REPO_BRANCH="${SILO_BRANCH:-main}"
INSTALL_DIR="/opt/silo"
CONFIG_DIR="/etc/silo"
@@ -159,17 +159,17 @@ if [[ ! -f "${ENV_FILE}" ]]; then
# Silo daemon environment variables
# Fill in the values below
# Database credentials (psql.kindred.internal)
# Database credentials (psql.example.internal)
# Database: silo, User: silo
SILO_DB_PASSWORD=
# MinIO credentials (minio.kindred.internal)
# MinIO credentials (minio.example.internal)
# User: silouser
SILO_MINIO_ACCESS_KEY=silouser
SILO_MINIO_SECRET_KEY=
# Optional overrides
# SILO_SERVER_BASE_URL=http://silo.kindred.internal:8080
# SILO_SERVER_BASE_URL=http://silo.example.internal:8080
EOF
chmod 600 "${ENV_FILE}"
chown root:silo "${ENV_FILE}"
@@ -214,10 +214,10 @@ echo "1. Edit ${ENV_FILE} and fill in credentials:"
echo " sudo nano ${ENV_FILE}"
echo ""
echo "2. Verify database connectivity:"
echo " psql -h psql.kindred.internal -U silo -d silo -c 'SELECT 1'"
echo " psql -h psql.example.internal -U silo -d silo -c 'SELECT 1'"
echo ""
echo "3. Verify MinIO connectivity:"
echo " curl -I http://minio.kindred.internal:9000/minio/health/live"
echo " curl -I http://minio.example.internal:9000/minio/health/live"
echo ""
echo "4. Run the deployment:"
echo " sudo ${INSTALL_DIR}/src/scripts/deploy.sh"

20
scripts/setup-ipa-nginx.sh
View File

@@ -7,8 +7,8 @@
# sudo ./scripts/setup-ipa-nginx.sh
#
# Prerequisites:
# - FreeIPA server at ipa.kindred.internal
# - DNS configured for silo.kindred.internal
# - FreeIPA server at ipa.example.internal
# - DNS configured for silo.example.internal
# - Admin credentials for IPA enrollment
set -euo pipefail
@@ -21,10 +21,10 @@ BLUE='\033[0;34m'
NC='\033[0m'
# Configuration
IPA_SERVER="${IPA_SERVER:-ipa.kindred.internal}"
IPA_DOMAIN="${IPA_DOMAIN:-kindred.internal}"
IPA_SERVER="${IPA_SERVER:-ipa.example.internal}"
IPA_DOMAIN="${IPA_DOMAIN:-example.internal}"
IPA_REALM="${IPA_REALM:-KINDRED.INTERNAL}"
HOSTNAME="silo.kindred.internal"
HOSTNAME="silo.example.internal"
CERT_DIR="/etc/ssl/silo"
SILO_PORT=8080
@@ -193,7 +193,7 @@ cat > /etc/nginx/sites-available/silo << 'NGINX_EOF'
server {
listen 80;
listen [::]:80;
server_name silo.kindred.internal;
server_name silo.example.internal;
# Allow certmonger/ACME challenges
location /.well-known/ {
@@ -209,7 +209,7 @@ server {
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name silo.kindred.internal;
server_name silo.example.internal;
# SSL certificates (managed by certmonger/IPA)
ssl_certificate /etc/ssl/silo/silo.crt;
@@ -343,14 +343,14 @@ echo " getcert list"
echo ""
echo "2. Update silo config to use correct base URL:"
echo " sudo nano /etc/silo/config.yaml"
echo " # Change base_url to: https://silo.kindred.internal"
echo " # Change base_url to: https://silo.example.internal"
echo ""
echo "3. Restart silo service:"
echo " sudo systemctl restart silod"
echo ""
echo "4. Test the setup:"
echo " curl -k https://silo.kindred.internal/health"
echo " curl https://silo.kindred.internal/health # after trusting IPA CA"
echo " curl -k https://silo.example.internal/health"
echo " curl https://silo.example.internal/health # after trusting IPA CA"
echo ""
echo "5. Trust IPA CA on client machines:"
echo " # The CA cert is at: ${CERT_DIR}/ca.crt"