1 {%- set curr_tpldir = tpldir %}
2 {%- set tpldir = 'arvados' %}
3 {%- from "arvados/map.jinja" import arvados with context %}
4 {%- set tpldir = curr_tpldir %}
11 cat > /tmp/openssl.cnf <<-CNF
16 x509_extensions = v3_req
17 distinguished_name = dn
24 CN = {{ arvados.cluster.name }}.{{ arvados.cluster.domain }}
25 emailAddress = admin@{{ arvados.cluster.name }}.{{ arvados.cluster.domain }}
27 subjectAltName = @alt_names
29 {%- for entry in grains.get('ipv4') %}
30 IP.{{ loop.index }} = {{ entry }}
42 DNS.{{ loop.index }} = {{ entry }}.{{ arvados.cluster.name }}.{{ arvados.cluster.domain }}
46 mkdir -p /etc/ssl/certs/ /etc/ssl/private/ && \
47 openssl req -config /tmp/openssl.cnf -new -x509 -days 3650 -nodes -sha256 \
48 -out /etc/ssl/certs/ssl-cert-snakeoil.pem \
49 -keyout /etc/ssl/private/ssl-cert-snakeoil.key > /tmp/snake_oil_certs.output 2>&1 && \
50 chmod 0644 /etc/ssl/certs/ssl-cert-snakeoil.pem && \
51 chmod 0640 /etc/ssl/private/ssl-cert-snakeoil.key
52 - unless: test -f /etc/ssl/private/ssl-cert-snakeoil.key
56 {%- if grains.get('os_family') == 'Debian' %}
63 snake_oil_certs_permissions:
66 chown root:ssl-cert /etc/ssl/private/ssl-cert-snakeoil.key