+ # States
+ echo " - nginx.passenger" >> ${S_DIR}/top.sls
+ if [ "${SSL_MODE}" = "lets-encrypt" ]; then
+ if [ "${USE_LETSENCRYPT_ROUTE53}" = "yes" ]; then
+ grep -q "aws_credentials" ${S_DIR}/top.sls || echo " - extra.aws_credentials" >> ${S_DIR}/top.sls
+ fi
+ grep -q "letsencrypt" ${S_DIR}/top.sls || echo " - letsencrypt" >> ${S_DIR}/top.sls
+ else
+ mkdir -p /srv/salt/certs
+ if [ "${SSL_MODE}" = "bring-your-own" ]; then
+ # Copy certs to formula extra/files
+ cp -rv ${CUSTOM_CERTS_DIR}/* /srv/salt/certs/
+ # We add the custom_certs state
+ grep -q "custom_certs" ${S_DIR}/top.sls || echo " - extra.custom_certs" >> ${S_DIR}/top.sls
+ fi
+ # In self-signed mode, the certificate files will be created and put in the
+ # destination directory by the snakeoil_certs.sls state file
+ fi
+
+ echo " - postgres" >> ${S_DIR}/top.sls
+ echo " - docker.software" >> ${S_DIR}/top.sls
+ echo " - arvados" >> ${S_DIR}/top.sls
+ echo " - extra.shell_sudo_passwordless" >> ${S_DIR}/top.sls
+ echo " - extra.shell_cron_add_login_sync" >> ${S_DIR}/top.sls
+ echo " - extra.passenger_rvm" >> ${S_DIR}/top.sls
+
+ # Pillars
+ echo " - docker" >> ${P_DIR}/top.sls
+ echo " - nginx_api_configuration" >> ${P_DIR}/top.sls
+ echo " - nginx_controller_configuration" >> ${P_DIR}/top.sls
+ echo " - nginx_keepproxy_configuration" >> ${P_DIR}/top.sls
+ echo " - nginx_keepweb_configuration" >> ${P_DIR}/top.sls
+ echo " - nginx_passenger" >> ${P_DIR}/top.sls
+ echo " - nginx_websocket_configuration" >> ${P_DIR}/top.sls
+ echo " - nginx_webshell_configuration" >> ${P_DIR}/top.sls
+ echo " - nginx_workbench2_configuration" >> ${P_DIR}/top.sls
+ echo " - nginx_workbench_configuration" >> ${P_DIR}/top.sls
+ echo " - postgresql" >> ${P_DIR}/top.sls
+
+ # We need to tweak the Nginx's pillar depending whether we want plan nginx or nginx+passenger
+ NGINX_INSTALL_SOURCE="install_from_phusionpassenger"
+ sed -i "s/__NGINX_INSTALL_SOURCE__/${NGINX_INSTALL_SOURCE}/g" ${P_DIR}/nginx_passenger.sls
+
+ if [ "${SSL_MODE}" = "lets-encrypt" ]; then
+ if [ "${USE_LETSENCRYPT_ROUTE53}" = "yes" ]; then
+ grep -q "aws_credentials" ${P_DIR}/top.sls || echo " - aws_credentials" >> ${P_DIR}/top.sls
+ fi
+ grep -q "letsencrypt" ${P_DIR}/top.sls || echo " - letsencrypt" >> ${P_DIR}/top.sls
+
+ hosts=("controller" "websocket" "workbench" "workbench2" "webshell" "keepproxy")
+ if [ ${USE_SINGLE_HOSTNAME} = "no" ]; then
+ hosts+=("download" "collections")
+ else
+ hosts+=("keepweb")
+ fi
+
+ for c in "${hosts[@]}"; do
+ # Are we in a single-host-single-hostname env?
+ if [ "${USE_SINGLE_HOSTNAME}" = "yes" ]; then
+ # Are we in a single-host-single-hostname env?
+ CERT_NAME=${HOSTNAME_EXT}
+ else
+ # We are in a multiple-hostnames env
+ CERT_NAME=${c}.${CLUSTER}.${DOMAIN}
+ fi
+
+ # As the pillar differs whether we use LE or custom certs, we need to do a final edition on them
+ sed -i "s/__CERT_REQUIRES__/cmd: create-initial-cert-${CERT_NAME}*/g;
+ s#__CERT_PEM__#/etc/letsencrypt/live/${CERT_NAME}/fullchain.pem#g;
+ s#__CERT_KEY__#/etc/letsencrypt/live/${CERT_NAME}/privkey.pem#g" \
+ ${P_DIR}/nginx_${c}_configuration.sls
+ done
+ else
+ # Use custom certs (either dev mode or prod)
+ grep -q "extra_custom_certs" ${P_DIR}/top.sls || echo " - extra_custom_certs" >> ${P_DIR}/top.sls
+ # And add the certs in the custom_certs pillar
+ echo "extra_custom_certs_dir: /srv/salt/certs" > ${P_DIR}/extra_custom_certs.sls
+ echo "extra_custom_certs:" >> ${P_DIR}/extra_custom_certs.sls
+
+ for c in controller websocket workbench workbench2 webshell keepweb keepproxy shell; do
+ # Are we in a single-host-single-hostname env?
+ if [ "${USE_SINGLE_HOSTNAME}" = "yes" ]; then
+ # Are we in a single-host-single-hostname env?
+ CERT_NAME=${HOSTNAME_EXT}
+ else
+ # We are in a multiple-hostnames env
+ CERT_NAME=${c}
+ fi
+
+ if [[ "$SSL_MODE" == "bring-your-own" ]]; then
+ copy_custom_cert ${CUSTOM_CERTS_DIR} ${CERT_NAME}
+ fi
+
+ grep -q ${CERT_NAME} ${P_DIR}/extra_custom_certs.sls || echo " - ${CERT_NAME}" >> ${P_DIR}/extra_custom_certs.sls
+
+ # As the pillar differs whether we use LE or custom certs, we need to do a final edition on them
+ sed -i "s/__CERT_REQUIRES__/file: extra_custom_certs_file_copy_arvados-${CERT_NAME}.pem/g;
+ s#__CERT_PEM__#/etc/nginx/ssl/arvados-${CERT_NAME}.pem#g;
+ s#__CERT_KEY__#/etc/nginx/ssl/arvados-${CERT_NAME}.key#g" \
+ ${P_DIR}/nginx_${c}_configuration.sls
+ done
+ fi