test(dispatcher): cert needs to match each hostname

diff --git a/test/salt/states/example_add_snakeoil_certs/init.sls b/test/salt/states/example_add_snakeoil_certs/init.sls
index e004128c460596003817161ab56c0d878de75efd..278ccd08a28dec0f968e7764667b1c41ee11612c 100644 (file)
--- a/test/salt/states/example_add_snakeoil_certs/init.sls
+++ b/test/salt/states/example_add_snakeoil_certs/init.sls
@@ -1,24 +1,51 @@
+{% set curr_tpldir = tpldir %}
+{% set tpldir = 'arvados' %}
+{% from "arvados/map.jinja" import arvados with context %}
+{% set tpldir = curr_tpldir %}
+
 snake_oil_certs:
-{%- if grains.os_family in ('RedHat',) %}
   pkg.installed:
     - name: openssl
   cmd.run:
     - name: |
         cat > /tmp/openssl.cnf <<-CNF
-        RANDFILE                = /dev/urandom
-        [ req ]
-        default_bits            = 2048
-        default_keyfile         = privkey.pem
-        distinguished_name      = req_distinguished_name
-        prompt                  = no
-        policy                  = policy_anything
-        req_extensions          = v3_req
-        x509_extensions         = v3_req
-        [ req_distinguished_name ]
-        commonName                      = {{ grains.fqdn }}
-        [ v3_req ]
-        basicConstraints        = CA:FALSE
+        [req]
+        default_bits = 2048
+        prompt = no
+        default_md = sha256
+        x509_extensions = v3_req
+        distinguished_name = dn
+        
+        [dn]
+        C   = CC
+        ST  = SomeState
+        L   = SomeLocation
+        O   = ArvadosFormula
+        OU  = R&D
+        CN  = {{ arvados.cluster.name }}.{{ arvados.cluster.domain }}
+        emailAddress = admin@{{ arvados.cluster.name }}.{{ arvados.cluster.domain }}
+        
+        [v3_req]
+        subjectAltName = @alt_names
+        
+        [alt_names]
+        {%- for entry in grains.get('ipv4') %}
+        IP.{{ loop.index }} = {{entry }}
+        {%- endfor %}
+        {%- for entry in [
+            'keep',
+            'keep0',
+            'collections',
+            'download',
+            'ws',
+            'workbench',
+            'workbench2',
+          ]
+        %}
+        DNS.{{ loop.index }} = {{ entry }}.{{ arvados.cluster.name }}.{{ arvados.cluster.domain }}
+        {%- endfor %}
         CNF
+
         mkdir -p /etc/ssl/certs/  /etc/ssl/private/ && \
         openssl req -config /tmp/openssl.cnf -new -x509 -days 3650 -nodes -sha256 \
           -out /etc/ssl/certs/ssl-cert-snakeoil.pem \
@@ -26,7 +53,3 @@ snake_oil_certs:
     - unless: test -f /etc/ssl/private/ssl-cert-snakeoil.key
     - require:
       - pkg: openssl
-{%- else %}
-  pkg.installed:
-    - name: ssl-cert
-{%- endif %}

diff --git a/test/salt/states/hosts_entries/init.sls b/test/salt/states/example_single_host_host_entries/init.sls
similarity index 59%
rename from test/salt/states/hosts_entries/init.sls
rename to test/salt/states/example_single_host_host_entries/init.sls
index 378571e4255dc509225f9fea8b07583768a790cb..a043333d106e5e5775089f5249a853732935704a 100644 (file)
--- a/test/salt/states/hosts_entries/init.sls
+++ b/test/salt/states/example_single_host_host_entries/init.sls
@@ -1,8 +1,15 @@
+{% set curr_tpldir = tpldir %}
+{% set tpldir = 'arvados' %}
+{% from "arvados/map.jinja" import arvados with context %}
+{% set tpldir = curr_tpldir %}
+
 arvados_hosts_entries:
   host.present:
     - ip: {{ grains.get('ipv4')[0] }}
     - names:
-      - {{ grains.get('fqdn') }}
+      - {{ arvados.cluster.name }}.{{ arvados.cluster.domain }}
+      # FIXME! This just works for our testings.
+      # Won't work if the cluster name != host name
       {%- for entry in [
           'keep',
           'keep0',
@@ -14,7 +21,5 @@ arvados_hosts_entries:
         ]
       %}
       - {{ entry }}
-      # FIXME! This just works for our testings.
-      # Won't work if the cluster name != host name
-      - {{ entry }}.{{ grains.get('host') }}.{{ grains.get('domain') }}
+      - {{ entry }}.{{ arvados.cluster.name }}.{{ arvados.cluster.domain }}
       {%- endfor %}