1 {%- set curr_tpldir = tpldir %}
2 {%- set tpldir = 'arvados' %}
3 {%- from "arvados/map.jinja" import arvados with context %}
4 {%- set tpldir = curr_tpldir %}
6 arvados_test_salt_states_examples_single_host_snakeoil_certs_openssl_pkg_installed:
10 arvados_test_salt_states_examples_single_host_snakeoil_certs_arvados_snake_oil_cert_cmd_run:
13 cat > /tmp/openssl.cnf <<-CNF
18 x509_extensions = v3_req
19 distinguished_name = dn
26 CN = {{ arvados.cluster.name }}.{{ arvados.cluster.domain }}
27 emailAddress = admin@{{ arvados.cluster.name }}.{{ arvados.cluster.domain }}
29 subjectAltName = @alt_names
31 {%- for entry in grains.get('ipv4') %}
32 IP.{{ loop.index }} = {{ entry }}
43 DNS.{{ loop.index }} = {{ entry }}.{{ arvados.cluster.name }}.{{ arvados.cluster.domain }}
47 mkdir -p /etc/ssl/certs/ /etc/ssl/private/ && \
48 openssl req -config /tmp/openssl.cnf -new -x509 -days 3650 -nodes -sha256 \
49 -out /etc/ssl/certs/arvados-snakeoil-cert.pem \
50 -keyout /etc/ssl/private/arvados-snakeoil-cert.key > /tmp/snake_oil_certs.output 2>&1 && \
51 chmod 0644 /etc/ssl/certs/arvados-snakeoil-cert.pem && \
52 chmod 0640 /etc/ssl/private/arvados-snakeoil-cert.key
53 - unless: test -f /etc/ssl/private/arvados-snakeoil-cert.key
55 - pkg: arvados_test_salt_states_examples_single_host_snakeoil_certs_openssl_pkg_installed
57 {%- if grains.get('os_family') == 'Debian' %}
58 arvados_test_salt_states_examples_single_host_snakeoil_certs_ssl_cert_pkg_installed:
64 snake_oil_certs_permissions:
67 chown root:ssl-cert /etc/ssl/private/arvados-snakeoil-cert.key
69 - cmd: arvados_test_salt_states_examples_single_host_snakeoil_certs_arvados_snake_oil_cert_cmd_run
70 - pkg: arvados_test_salt_states_examples_single_host_snakeoil_certs_ssl_cert_pkg_installed