X-Git-Url: https://git.arvados.org/arvados-formula.git/blobdiff_plain/2d2dd6742e1d8ee0a4cefa5f9db85ec1bdca2dae..fa6d569ffe200b11354cac28452645a9a868ea4a:/test/salt/states/examples/single_host/snakeoil_certs.sls

diff --git a/test/salt/states/examples/single_host/snakeoil_certs.sls b/test/salt/states/examples/single_host/snakeoil_certs.sls
index e6c6a96..6ac8f87 100644
--- a/test/salt/states/examples/single_host/snakeoil_certs.sls
+++ b/test/salt/states/examples/single_host/snakeoil_certs.sls
@@ -4,6 +4,8 @@
 {%- set tpldir = curr_tpldir %}
 
 include:
+  - nginx.passenger
+  - nginx.config
   - nginx.service
 
 {%- set arvados_ca_cert_file = '/etc/ssl/certs/arvados-snakeoil-ca.pem' %}
@@ -46,7 +48,7 @@ arvados_test_salt_states_examples_single_host_snakeoil_certs_arvados_snake_oil_c
                   <(printf "\n[x509_ext]\nbasicConstraints=critical,CA:true,pathlen:0\nkeyUsage=critical,keyCertSign,cRLSign")) \
           -out {{ arvados_ca_cert_file }} \
           -keyout {{ arvados_ca_key_file }} \
-          -days 3650 && \
+          -days 365 && \
         cp {{ arvados_ca_cert_file }} {{ arvados_ca_cert_dest }} && \
         {{ update_ca_cert }}
     - unless:
@@ -90,6 +92,7 @@ arvados_test_salt_states_examples_single_host_snakeoil_certs_arvados_snake_oil_c
         %}
         DNS.{{ loop.index }} = {{ entry }}.{{ arvados.cluster.name }}.{{ arvados.cluster.domain }}
         {%- endfor %}
+        DNS.7 = {{ arvados.cluster.name }}.{{ arvados.cluster.domain }}
         CNF
 
         # The req
@@ -103,7 +106,7 @@ arvados_test_salt_states_examples_single_host_snakeoil_certs_arvados_snake_oil_c
         # The cert
         openssl x509 \
           -req \
-          -days 3650 \
+          -days 365 \
           -in {{ arvados_csr_file }} \
           -out {{ arvados_cert_file }} \
           -extfile /tmp/openssl.cnf \
@@ -128,9 +131,10 @@ arvados_test_salt_states_examples_single_host_snakeoil_certs_ssl_cert_pkg_instal
       - sls: postgres
 
 arvados_test_salt_states_examples_single_host_snakeoil_certs_certs_permissions_cmd_run:
-  cmd.run:
-    - name: |
-        chown root:ssl-cert {{ arvados_key_file }}
+  file.managed:
+    - name: {{ arvados_key_file }}
+    - owner: root
+    - group: ssl-cert
     - require:
       - cmd: arvados_test_salt_states_examples_single_host_snakeoil_certs_arvados_snake_oil_cert_cmd_run
       - pkg: arvados_test_salt_states_examples_single_host_snakeoil_certs_ssl_cert_pkg_installed
@@ -144,5 +148,8 @@ arvados_test_salt_states_examples_single_host_snakeoil_certs_nginx_snakeoil_file
         ssl_certificate_key {{ arvados_key_file }};
     - watch_in:
       - service: nginx_service
-
-
+    - require:
+      - pkg: passenger_install
+      - file: arvados_test_salt_states_examples_single_host_snakeoil_certs_certs_permissions_cmd_run
+    - require_in:
+      - file: nginx_config