1 {% set curr_tpldir = tpldir %}
2 {% set tpldir = 'arvados' %}
3 {% from "arvados/map.jinja" import arvados with context %}
4 {% set tpldir = curr_tpldir %}
11 cat > /tmp/openssl.cnf <<-CNF
16 x509_extensions = v3_req
17 distinguished_name = dn
25 CN = {{ arvados.cluster.name }}.{{ arvados.cluster.domain }}
26 emailAddress = admin@{{ arvados.cluster.name }}.{{ arvados.cluster.domain }}
29 subjectAltName = @alt_names
32 {%- for entry in grains.get('ipv4') %}
33 IP.{{ loop.index }} = {{entry }}
45 DNS.{{ loop.index }} = {{ entry }}.{{ arvados.cluster.name }}.{{ arvados.cluster.domain }}
49 mkdir -p /etc/ssl/certs/ /etc/ssl/private/ && \
50 openssl req -config /tmp/openssl.cnf -new -x509 -days 3650 -nodes -sha256 \
51 -out /etc/ssl/certs/ssl-cert-snakeoil.pem \
52 -keyout /etc/ssl/private/ssl-cert-snakeoil.key > /tmp/snake_oil_certs.output 2>&1
53 - unless: test -f /etc/ssl/private/ssl-cert-snakeoil.key