test/salt/states/example_add_snakeoil_certs/init.sls

   1 snake_oil_certs:
   2 {%- if grains.os_family in ('RedHat',) %}
   3   pkg.installed:
   4     - name: openssl
   5   cmd.run:
   6     - name: |
   7         cat > /tmp/openssl.cnf <<-CNF
   8         RANDFILE                = /dev/urandom
   9         [ req ]
  10         default_bits            = 2048
  11         default_keyfile         = privkey.pem
  12         distinguished_name      = req_distinguished_name
  13         prompt                  = no
  14         policy                  = policy_anything
  15         req_extensions          = v3_req
  16         x509_extensions         = v3_req
  17         [ req_distinguished_name ]
  18         commonName                      = {{ grains.fqdn }}
  19         [ v3_req ]
  20         basicConstraints        = CA:FALSE
  21         CNF
  22         mkdir -p /etc/ssl/certs/  /etc/ssl/private/ && \
  23         openssl req -config /tmp/openssl.cnf -new -x509 -days 3650 -nodes -sha256 \
  24           -out /etc/ssl/certs/ssl-cert-snakeoil.pem \
  25           -keyout /etc/ssl/private/ssl-cert-snakeoil.key > /tmp/snake_oil_certs.output 2>&1
  26     - unless: test -f /etc/ssl/private/ssl-cert-snakeoil.key
  27     - require:
  28       - pkg: openssl
  29 {%- else %}
  30   pkg.installed:
  31     - name: ssl-cert
  32 {%- endif %}