cert_name=${2}
mkdir -p /srv/salt/certs
+ chmod 700 /srv/salt/certs
if [ -f ${cert_dir}/${cert_name}.crt ]; then
cp -v ${cert_dir}/${cert_name}.crt /srv/salt/certs/arvados-${cert_name}.pem
+ chmod 600 /srv/salt/certs/arvados-${cert_name}.pem
else
echo "${cert_dir}/${cert_name}.crt does not exist. Exiting"
exit 1
fi
if [ -f ${cert_dir}/${cert_name}.key ]; then
cp -v ${cert_dir}/${cert_name}.key /srv/salt/certs/arvados-${cert_name}.key
+ chmod 600 /srv/salt/certs/arvados-${cert_name}.key
else
echo "${cert_dir}/${cert_name}.key does not exist. Exiting"
exit 1
SALT_VERSION="3004"
# Other formula versions we depend on
-POSTGRES_TAG="v0.44.0"
+#POSTGRES_TAG="v0.44.0"
+#POSTGRES_URL="https://github.com/saltstack-formulas/postgres-formula.git"
+POSTGRES_TAG="0.45.0-bugfix327"
+POSTGRES_URL="https://github.com/arvados/postgres-formula.git"
NGINX_TAG="v2.8.1"
DOCKER_TAG="v2.4.2"
LOCALE_TAG="v0.3.4"
echo "...postgres"
test -d postgres && ( cd postgres && git fetch ) \
- || git clone --quiet https://github.com/saltstack-formulas/postgres-formula.git ${F_DIR}/postgres
+ || git clone --quiet ${POSTGRES_URL} ${F_DIR}/postgres
( cd postgres && git checkout --quiet tags/"${POSTGRES_TAG}" )
echo "...letsencrypt"
grep -q "letsencrypt" ${S_DIR}/top.sls || echo " - letsencrypt" >> ${S_DIR}/top.sls
else
mkdir -p /srv/salt/certs
+ chmod 700 /srv/salt/certs
if [ "${SSL_MODE}" = "bring-your-own" ]; then
# Copy certs to formula extra/files
cp -rv ${CUSTOM_CERTS_DIR}/* /srv/salt/certs/
+ chmod 600 /srv/salt/certs/*
# We add the custom_certs state
grep -q "custom_certs" ${S_DIR}/top.sls || echo " - extra.custom_certs" >> ${S_DIR}/top.sls
fi
echo "extra_custom_certs_dir: /srv/salt/certs" > ${P_DIR}/extra_custom_certs.sls
echo "extra_custom_certs:" >> ${P_DIR}/extra_custom_certs.sls
- for c in controller websocket workbench workbench2 webshell keepweb keepproxy shell; do
+ for c in controller websocket workbench workbench2 webshell keepweb keepproxy; do
# Are we in a single-host-single-hostname env?
if [ "${USE_SINGLE_HOSTNAME}" = "yes" ]; then
# Are we in a single-host-single-hostname env?
fi
# Now run the install
-salt-call --local state.apply -l ${LOG_LEVEL}
+salt-call --state-output=mixed --local state.apply -l ${LOG_LEVEL}
# Finally, make sure that /etc/hosts is not overwritten on reboot
if [ -d /etc/cloud/cloud.cfg.d ]; then