2 {%- if grains.os_family in ('RedHat',) %}
7 cat > /tmp/openssl.cnf <<-CNF
8 RANDFILE = /dev/urandom
11 default_keyfile = privkey.pem
12 distinguished_name = req_distinguished_name
14 policy = policy_anything
15 req_extensions = v3_req
16 x509_extensions = v3_req
17 [ req_distinguished_name ]
18 commonName = {{ grains.fqdn }}
20 basicConstraints = CA:FALSE
22 mkdir -p /etc/ssl/certs/ /etc/ssl/private/ && \
23 openssl req -config /tmp/openssl.cnf -new -x509 -days 3650 -nodes -sha256 \
24 -out /etc/ssl/certs/ssl-cert-snakeoil.pem \
25 -keyout /etc/ssl/private/ssl-cert-snakeoil.key > /tmp/snake_oil_certs.output 2>&1
26 - unless: test -f /etc/ssl/private/ssl-cert-snakeoil.key