X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/9539317a22d8ea16f94b0e086507ab595d758216..4823a1b88754ef8dc3a4fe3fcb549cb4e6f34246:/tools/salt-install/config_examples/single_host/multiple_hostnames/states/snakeoil_certs.sls diff --git a/tools/salt-install/config_examples/single_host/multiple_hostnames/states/snakeoil_certs.sls b/tools/salt-install/config_examples/single_host/multiple_hostnames/states/snakeoil_certs.sls index 8f2fda45bf..5f83582bc3 100644 --- a/tools/salt-install/config_examples/single_host/multiple_hostnames/states/snakeoil_certs.sls +++ b/tools/salt-install/config_examples/single_host/multiple_hostnames/states/snakeoil_certs.sls @@ -65,21 +65,21 @@ extra_snakeoil_certs_arvados_snakeoil_ca_cmd_run: - name: | # These dirs are not to CentOS-ish, but this is a helper script # and they should be enough - mkdir -p /etc/ssl/certs/ /etc/ssl/private/ && \ + /bin/bash -c "mkdir -p /etc/ssl/certs/ /etc/ssl/private/ && \ openssl req \ -new \ -nodes \ -sha256 \ -x509 \ - -subj "/C=CC/ST=Some State/O=Arvados Formula/OU=arvados-formula/CN=snakeoil-ca-{{ arvados.cluster.name }}.{{ arvados.cluster.domain }}" \ + -subj \"/C=CC/ST=Some State/O=Arvados Formula/OU=arvados-formula/CN=snakeoil-ca-{{ arvados.cluster.name }}.{{ arvados.cluster.domain }}\" \ -extensions x509_ext \ -config <(cat {{ openssl_conf }} \ - <(printf "\n[x509_ext]\nbasicConstraints=critical,CA:true,pathlen:0\nkeyUsage=critical,keyCertSign,cRLSign")) \ + <(printf \"\n[x509_ext]\nbasicConstraints=critical,CA:true,pathlen:0\nkeyUsage=critical,keyCertSign,cRLSign\")) \ -out {{ arvados_ca_cert_file }} \ -keyout {{ arvados_ca_key_file }} \ -days 365 && \ cp {{ arvados_ca_cert_file }} {{ arvados_ca_cert_dest }} && \ - {{ update_ca_cert }} + {{ update_ca_cert }}" - unless: - test -f {{ arvados_ca_cert_file }} - openssl verify -CAfile {{ arvados_ca_cert_file }} {{ arvados_ca_cert_file }}