X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/ba34a22d9918ae97306472c04701e69090821c82..08078f621c8dbc1ecbd6e030bb0fac848cb6a01c:/tools/salt-install/config_examples/single_host/single_hostname/states/snakeoil_certs.sls diff --git a/tools/salt-install/config_examples/single_host/single_hostname/states/snakeoil_certs.sls b/tools/salt-install/config_examples/single_host/single_hostname/states/snakeoil_certs.sls index 4cbdee32fc..0ee7949183 100644 --- a/tools/salt-install/config_examples/single_host/single_hostname/states/snakeoil_certs.sls +++ b/tools/salt-install/config_examples/single_host/single_hostname/states/snakeoil_certs.sls @@ -62,21 +62,21 @@ extra_snakeoil_certs_arvados_snakeoil_ca_cmd_run: - name: | # These dirs are not too CentOS-ish, but this is a helper script # and they should be enough - mkdir -p /etc/ssl/certs/ /etc/ssl/private/ && \ + /bin/bash -c "mkdir -p /etc/ssl/certs/ /etc/ssl/private/ && \ openssl req \ -new \ -nodes \ -sha256 \ -x509 \ - -subj "/C=CC/ST=Some State/O=Arvados Formula/OU=arvados-formula/CN=snakeoil-ca-{{ arvados.cluster.name }}.{{ arvados.cluster.domain }}" \ + -subj \"/C=CC/ST=Some State/O=Arvados Formula/OU=arvados-formula/CN=snakeoil-ca-{{ arvados.cluster.name }}.{{ arvados.cluster.domain }}\" \ -extensions x509_ext \ -config <(cat {{ openssl_conf }} \ - <(printf "\n[x509_ext]\nbasicConstraints=critical,CA:true,pathlen:0\nkeyUsage=critical,keyCertSign,cRLSign")) \ + <(printf \"\n[x509_ext]\nbasicConstraints=critical,CA:true,pathlen:0\nkeyUsage=critical,keyCertSign,cRLSign\")) \ -out {{ arvados_ca_cert_file }} \ -keyout {{ arvados_ca_key_file }} \ -days 365 && \ cp {{ arvados_ca_cert_file }} {{ arvados_ca_cert_dest }} && \ - {{ update_ca_cert }} + {{ update_ca_cert }}" - unless: - test -f {{ arvados_ca_cert_file }} - openssl verify -CAfile {{ arvados_ca_cert_file }} {{ arvados_ca_cert_file }}