Merge branch 'main' into 21359-rightclick-newproject-bug

[arvados.git] / tools / salt-install / common.sh

diff --git a/tools/salt-install/common.sh b/tools/salt-install/common.sh
index a1201fe369043a0bf78680551873e00594adc847..5392da71be938c372cfdee0493a864596cb19d29 100644 (file)
--- a/tools/salt-install/common.sh
+++ b/tools/salt-install/common.sh
@@ -18,7 +18,7 @@ fi
 
 USE_SSH_JUMPHOST=${USE_SSH_JUMPHOST:-}
 DISABLED_CONTROLLER=""
-DATABASE_POSTGRESQL_DEFAULT_VERSION=12
+DATABASE_POSTGRESQL_DEFAULT_VERSION=15
 
 # Comma-separated list of nodes. This is used to dynamically adjust
 # salt pillars.
@@ -48,6 +48,14 @@ for node in "${!NODES[@]}"; do
   done
 done
 
+# Sets TLS certificate expiration thresholds
+TLS_EXPIRATION_YELLOW=5184000 # > 2 months
+TLS_EXPIRATION_GREEN=15552000 # > 6 months
+if [[ "${SSL_MODE}" == "lets-encrypt" ]]; then
+  TLS_EXPIRATION_YELLOW=1900800 # > 22 days
+  TLS_EXPIRATION_GREEN=2505600 # > 29 days
+fi
+
 # Auto-detects load-balancing mode
 if [ -z "${ROLE2NODES['balancer']:-}" ]; then
   ENABLE_BALANCER="no"
@@ -56,6 +64,6 @@ else
 fi
 
 # Auto-sets PG version if needed
-if [ -n "${ROLE2NODES['database']:-}" ]; then
+if [[ -n "${ROLE2NODES['database']:-}" || "${NODELIST}" == "localhost" ]]; then
   DATABASE_POSTGRESQL_VERSION="${DATABASE_POSTGRESQL_VERSION:-${DATABASE_POSTGRESQL_DEFAULT_VERSION}}"
 fi
\ No newline at end of file