{%- set tpldir = curr_tpldir %}
include:
+ - nginx.passenger
+ - nginx.config
- nginx.service
{%- set arvados_ca_cert_file = '/etc/ssl/certs/arvados-snakeoil-ca.pem' %}
<(printf "\n[x509_ext]\nbasicConstraints=critical,CA:true,pathlen:0\nkeyUsage=critical,keyCertSign,cRLSign")) \
-out {{ arvados_ca_cert_file }} \
-keyout {{ arvados_ca_key_file }} \
- -days 3650 && \
+ -days 365 && \
cp {{ arvados_ca_cert_file }} {{ arvados_ca_cert_dest }} && \
{{ update_ca_cert }}
- unless:
%}
DNS.{{ loop.index }} = {{ entry }}.{{ arvados.cluster.name }}.{{ arvados.cluster.domain }}
{%- endfor %}
+ DNS.7 = {{ arvados.cluster.name }}.{{ arvados.cluster.domain }}
CNF
# The req
# The cert
openssl x509 \
-req \
- -days 3650 \
+ -days 365 \
-in {{ arvados_csr_file }} \
-out {{ arvados_cert_file }} \
-extfile /tmp/openssl.cnf \
- sls: postgres
arvados_test_salt_states_examples_single_host_snakeoil_certs_certs_permissions_cmd_run:
- cmd.run:
- - name: |
- chown root:ssl-cert {{ arvados_key_file }}
+ file.managed:
+ - name: {{ arvados_key_file }}
+ - owner: root
+ - group: ssl-cert
- require:
- cmd: arvados_test_salt_states_examples_single_host_snakeoil_certs_arvados_snake_oil_cert_cmd_run
- pkg: arvados_test_salt_states_examples_single_host_snakeoil_certs_ssl_cert_pkg_installed
ssl_certificate_key {{ arvados_key_file }};
- watch_in:
- service: nginx_service
-
-
+ - require:
+ - pkg: passenger_install
+ - file: arvados_test_salt_states_examples_single_host_snakeoil_certs_certs_permissions_cmd_run
+ - require_in:
+ - file: nginx_config