+ - pkgs:
+ - openssl
+ - ca-certificates
+
+arvados_test_salt_states_examples_single_host_snakeoil_certs_arvados_snake_oil_ca_cmd_run:
+ # Taken from https://github.com/arvados/arvados/blob/master/tools/arvbox/lib/arvbox/docker/service/certificate/run
+ cmd.run:
+ - name: |
+ # These dirs are not to CentOS-ish, but this is a helper script
+ # and they should be enough
+ mkdir -p /etc/ssl/certs/ /etc/ssl/private/ && \
+ openssl req \
+ -new \
+ -nodes \
+ -sha256 \
+ -x509 \
+ -subj "/C=CC/ST=Some State/O=Arvados Formula/OU=arvados-formula/CN=snakeoil-ca-{{ arvados.cluster.name }}.{{ arvados.cluster.domain }}" \
+ -extensions x509_ext \
+ -config <(cat {{ openssl_conf }} \
+ <(printf "\n[x509_ext]\nbasicConstraints=critical,CA:true,pathlen:0\nkeyUsage=critical,keyCertSign,cRLSign")) \
+ -out {{ arvados_ca_cert_file }} \
+ -keyout {{ arvados_ca_key_file }} \
+ -days 3650 && \
+ cp {{ arvados_ca_cert_file }} {{ arvados_ca_cert_dest }} && \
+ {{ update_ca_cert }}
+ - unless:
+ - test -f {{ arvados_ca_cert_file }}
+ - openssl verify -CAfile {{ arvados_ca_cert_file }} {{ arvados_ca_cert_file }}
+ - require:
+ - pkg: arvados_test_salt_states_examples_single_host_snakeoil_certs_dependencies_pkg_installed