X-Git-Url: https://git.arvados.org/arvados-formula.git/blobdiff_plain/86ea398742e99ab5942705b342b0f0ac7bdef41d..ba5e37ebc18049d4340388fc0c19dcb2a78d6a86:/test/salt/states/example_add_snakeoil_certs/init.sls

diff --git a/test/salt/states/example_add_snakeoil_certs/init.sls b/test/salt/states/example_add_snakeoil_certs/init.sls
index 9d7b644..e004128 100644
--- a/test/salt/states/example_add_snakeoil_certs/init.sls
+++ b/test/salt/states/example_add_snakeoil_certs/init.sls
@@ -1,3 +1,32 @@
 snake_oil_certs:
+{%- if grains.os_family in ('RedHat',) %}
+  pkg.installed:
+    - name: openssl
+  cmd.run:
+    - name: |
+        cat > /tmp/openssl.cnf <<-CNF
+        RANDFILE                = /dev/urandom
+        [ req ]
+        default_bits            = 2048
+        default_keyfile         = privkey.pem
+        distinguished_name      = req_distinguished_name
+        prompt                  = no
+        policy                  = policy_anything
+        req_extensions          = v3_req
+        x509_extensions         = v3_req
+        [ req_distinguished_name ]
+        commonName                      = {{ grains.fqdn }}
+        [ v3_req ]
+        basicConstraints        = CA:FALSE
+        CNF
+        mkdir -p /etc/ssl/certs/  /etc/ssl/private/ && \
+        openssl req -config /tmp/openssl.cnf -new -x509 -days 3650 -nodes -sha256 \
+          -out /etc/ssl/certs/ssl-cert-snakeoil.pem \
+          -keyout /etc/ssl/private/ssl-cert-snakeoil.key > /tmp/snake_oil_certs.output 2>&1
+    - unless: test -f /etc/ssl/private/ssl-cert-snakeoil.key
+    - require:
+      - pkg: openssl
+{%- else %}
   pkg.installed:
     - name: ssl-cert
+{%- endif %}