X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/7653054635e3f4f84da3f2b6862cd2c02fbe3fd4..3aaefcb3c76ff470b475d950398d01255e87712a:/tools/arvbox/lib/arvbox/docker/service/certificate/run

diff --git a/tools/arvbox/lib/arvbox/docker/service/certificate/run b/tools/arvbox/lib/arvbox/docker/service/certificate/run
index f951eef18d..2536981a7a 100755
--- a/tools/arvbox/lib/arvbox/docker/service/certificate/run
+++ b/tools/arvbox/lib/arvbox/docker/service/certificate/run
@@ -8,7 +8,9 @@ set -ex -o pipefail
 
 . /usr/local/lib/arvbox/common.sh
 
-uuid_prefix=$(cat /var/lib/arvados/api_uuid_prefix)
+/usr/local/lib/arvbox/runsu.sh flock $ARVADOS_CONTAINER_PATH/cluster_config.yml.lock /usr/local/lib/arvbox/cluster-config.sh
+
+uuid_prefix=$(cat $ARVADOS_CONTAINER_PATH/api_uuid_prefix)
 
 if ! openssl verify -CAfile $root_cert $root_cert ; then
     # req           signing request sub-command
@@ -72,13 +74,13 @@ if ! openssl verify -CAfile $root_cert $server_cert ; then
 	    -extensions x509_ext \
 	    -config <(cat /etc/ssl/openssl.cnf \
 			  <(printf "\n[x509_ext]\nkeyUsage=critical,digitalSignature,keyEncipherment\nsubjectAltName=DNS:localhost,$san")) \
-            -out /var/lib/arvados/server-cert-${localip}.csr \
+            -out $ARVADOS_CONTAINER_PATH/server-cert-${localip}.csr \
             -keyout $server_cert_key \
             -days 365
 
     openssl x509 \
 	    -req \
-	    -in /var/lib/arvados/server-cert-${localip}.csr \
+	    -in $ARVADOS_CONTAINER_PATH/server-cert-${localip}.csr \
 	    -CA $root_cert \
 	    -CAkey $root_cert_key \
 	    -out $server_cert \