projects / arvados-formula.git / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
docs(single_host): fix hostnames and tests
[arvados-formula.git] / test / salt / states / example_add_snakeoil_certs / init.sls
1 {%- set curr_tpldir = tpldir %}
2 {%- set tpldir = 'arvados' %}
3 {%- from "arvados/map.jinja" import arvados with context %}
4 {%- set tpldir = curr_tpldir %}
5
6 snake_oil_certs:
7   pkg.installed:
8     - name: openssl
9   cmd.run:
10     - name: |
11         cat > /tmp/openssl.cnf <<-CNF
12         [req]
13         default_bits = 2048
14         prompt = no
15         default_md = sha256
16         x509_extensions = v3_req
17         distinguished_name = dn
18         [dn]
19         C   = CC
20         ST  = SomeState
21         L   = SomeLocation
22         O   = ArvadosFormula
23         OU  = R&D
24         CN  = {{ arvados.cluster.name }}.{{ arvados.cluster.domain }}
25         emailAddress = admin@{{ arvados.cluster.name }}.{{ arvados.cluster.domain }}
26         [v3_req]
27         subjectAltName = @alt_names
28         [alt_names]
29         {%- for entry in grains.get('ipv4') %}
30         IP.{{ loop.index }} = {{ entry }}
31         {%- endfor %}
32         {%- for entry in [
33             'keep',
34             'keep0',
35             'collections',
36             'download',
37             'ws',
38             'workbench',
39             'workbench2',
40           ]
41         %}
42         DNS.{{ loop.index }} = {{ entry }}.{{ arvados.cluster.name }}.{{ arvados.cluster.domain }}
43         {%- endfor %}
44         CNF
45
46         mkdir -p /etc/ssl/certs/  /etc/ssl/private/ && \
47         openssl req -config /tmp/openssl.cnf -new -x509 -days 3650 -nodes -sha256 \
48           -out /etc/ssl/certs/ssl-cert-snakeoil.pem \
49           -keyout /etc/ssl/private/ssl-cert-snakeoil.key > /tmp/snake_oil_certs.output 2>&1 && \
50         chmod 0644 /etc/ssl/certs/ssl-cert-snakeoil.pem && \
51         chmod 0640 /etc/ssl/private/ssl-cert-snakeoil.key
52     - unless: test -f /etc/ssl/private/ssl-cert-snakeoil.key
53     - require:
54       - pkg: openssl
55
56 {%- if grains.get('os_family') == 'Debian' %}
57 ssl_certs:
58   pkg.installed:
59     - name: ssl-cert
60     - require_in:
61       - sls: postgres
62
63 snake_oil_certs_permissions:
64   cmd.run:
65     - name: |
66         chown root:ssl-cert /etc/ssl/private/ssl-cert-snakeoil.key
67     - require:
68       - pkg: ssl_certs
69 {%- endif %}