X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/cd9e72bd95b32203231f6ccc96ddce9325b30a95..2f0c775a9e1ab8c3abdd94c854326fab771c4b5e:/lib/install/init.go?ds=sidebyside

diff --git a/lib/install/init.go b/lib/install/init.go
index 8c565bb5d6..d322e753eb 100644
--- a/lib/install/init.go
+++ b/lib/install/init.go
@@ -44,6 +44,7 @@ type initCommand struct {
 	LoginGoogle             bool
 	LoginGoogleClientID     string
 	LoginGoogleClientSecret string
+	TLSDir                  string
 }
 
 func (initcmd *initCommand) RunCommand(prog string, args []string, stdin io.Reader, stdout, stderr io.Writer) int {
@@ -72,7 +73,7 @@ func (initcmd *initCommand) RunCommand(prog string, args []string, stdin io.Read
 	flags.StringVar(&initcmd.Domain, "domain", hostname, "cluster public DNS `name`, like x1234.arvadosapi.com")
 	flags.StringVar(&initcmd.Login, "login", "", "login `backend`: test, pam, 'google {client-id} {client-secret}', or ''")
 	flags.StringVar(&initcmd.AdminEmail, "admin-email", "", "give admin privileges to user with given `email`")
-	flags.StringVar(&initcmd.TLS, "tls", "none", "tls certificate `source`: acme, auto, insecure, or none")
+	flags.StringVar(&initcmd.TLS, "tls", "none", "tls certificate `source`: acme, insecure, none, or /path/to/dir containing privkey and cert files")
 	flags.BoolVar(&initcmd.Start, "start", true, "start systemd service after creating config")
 	if ok, code := cmd.ParseFlags(flags, prog, args, "", stderr); !ok {
 		return code
@@ -97,10 +98,20 @@ func (initcmd *initCommand) RunCommand(prog string, args []string, stdin io.Read
 	} else if initcmd.Login == "" {
 		// none; login will show an error page
 	} else {
-		err = fmt.Errorf("invalid argument to -login: %q: should be 'test', 'pam', 'google {client-id} {client-secret}', or empty")
+		err = fmt.Errorf("invalid argument to -login: %q: should be 'test', 'pam', 'google {client-id} {client-secret}', or empty", initcmd.Login)
 		return 1
 	}
 
+	switch initcmd.TLS {
+	case "none", "acme", "insecure":
+	default:
+		if !strings.HasPrefix(initcmd.TLS, "/") {
+			err = fmt.Errorf("invalid argument to -tls: %q; see %s -help", initcmd.TLS, prog)
+			return 1
+		}
+		initcmd.TLSDir = initcmd.TLS
+	}
+
 	confdir := "/etc/arvados"
 	conffile := confdir + "/config.yml"
 	if _, err = os.Stat(conffile); err == nil {
@@ -214,11 +225,12 @@ func (initcmd *initCommand) RunCommand(prog string, args []string, stdin io.Read
     TLS:
       {{if eq .TLS "insecure"}}
       Insecure: true
-      {{else if eq .TLS "auto"}}
-      Automatic: true
       {{else if eq .TLS "acme"}}
-      Certificate: {{printf "%q" (print "/var/lib/acme/live/" .Domain "/cert")}}
-      Key: {{printf "%q" (print "/var/lib/acme/live/" .Domain "/privkey")}}
+      ACME:
+        Server: LE
+      {{else if ne .TLSDir ""}}
+      Certificate: {{printf "%q" (print .TLSDir "/cert")}}
+      Key: {{printf "%q" (print .TLSDir "/privkey")}}
       {{else}}
       {}
       {{end}}