X-Git-Url: https://git.arvados.org/arvados-formula.git/blobdiff_plain/1bddf7efba4c6abeaa1a530664672bffa965998d..2ac8a85f91b60ebe5fb337bfcbeb09836842ed85:/test/salt/states/example_add_snakeoil_certs/init.sls

diff --git a/test/salt/states/example_add_snakeoil_certs/init.sls b/test/salt/states/example_add_snakeoil_certs/init.sls
index e004128..278ccd0 100644
--- a/test/salt/states/example_add_snakeoil_certs/init.sls
+++ b/test/salt/states/example_add_snakeoil_certs/init.sls
@@ -1,24 +1,51 @@
+{% set curr_tpldir = tpldir %}
+{% set tpldir = 'arvados' %}
+{% from "arvados/map.jinja" import arvados with context %}
+{% set tpldir = curr_tpldir %}
+
 snake_oil_certs:
-{%- if grains.os_family in ('RedHat',) %}
   pkg.installed:
     - name: openssl
   cmd.run:
     - name: |
         cat > /tmp/openssl.cnf <<-CNF
-        RANDFILE                = /dev/urandom
-        [ req ]
-        default_bits            = 2048
-        default_keyfile         = privkey.pem
-        distinguished_name      = req_distinguished_name
-        prompt                  = no
-        policy                  = policy_anything
-        req_extensions          = v3_req
-        x509_extensions         = v3_req
-        [ req_distinguished_name ]
-        commonName                      = {{ grains.fqdn }}
-        [ v3_req ]
-        basicConstraints        = CA:FALSE
+        [req]
+        default_bits = 2048
+        prompt = no
+        default_md = sha256
+        x509_extensions = v3_req
+        distinguished_name = dn
+        
+        [dn]
+        C   = CC
+        ST  = SomeState
+        L   = SomeLocation
+        O   = ArvadosFormula
+        OU  = R&D
+        CN  = {{ arvados.cluster.name }}.{{ arvados.cluster.domain }}
+        emailAddress = admin@{{ arvados.cluster.name }}.{{ arvados.cluster.domain }}
+        
+        [v3_req]
+        subjectAltName = @alt_names
+        
+        [alt_names]
+        {%- for entry in grains.get('ipv4') %}
+        IP.{{ loop.index }} = {{entry }}
+        {%- endfor %}
+        {%- for entry in [
+            'keep',
+            'keep0',
+            'collections',
+            'download',
+            'ws',
+            'workbench',
+            'workbench2',
+          ]
+        %}
+        DNS.{{ loop.index }} = {{ entry }}.{{ arvados.cluster.name }}.{{ arvados.cluster.domain }}
+        {%- endfor %}
         CNF
+
         mkdir -p /etc/ssl/certs/  /etc/ssl/private/ && \
         openssl req -config /tmp/openssl.cnf -new -x509 -days 3650 -nodes -sha256 \
           -out /etc/ssl/certs/ssl-cert-snakeoil.pem \
@@ -26,7 +53,3 @@ snake_oil_certs:
     - unless: test -f /etc/ssl/private/ssl-cert-snakeoil.key
     - require:
       - pkg: openssl
-{%- else %}
-  pkg.installed:
-    - name: ssl-cert
-{%- endif %}