20035: Updates nginx pillars to read the certificate privkey password.

author Lucas Di Pentima <lucas.dipentima@curii.com>

Tue, 7 Feb 2023 19:15:40 +0000 (16:15 -0300)

committer Lucas Di Pentima <lucas.dipentima@curii.com>

Fri, 10 Feb 2023 18:22:11 +0000 (15:22 -0300)
author Lucas Di Pentima <lucas.dipentima@curii.com>
Tue, 7 Feb 2023 19:15:40 +0000 (16:15 -0300)
committer Lucas Di Pentima <lucas.dipentima@curii.com>
Fri, 10 Feb 2023 18:22:11 +0000 (15:22 -0300)
diff --git a/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_collections_configuration.sls b/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_collections_configuration.sls

index 00be378c19eaed63537491758767aaca3436c814..1719b0a64c20fd5056f68f9616d152686ec267e5 100644 (file)
--- a/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_collections_configuration.sls
+++ b/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_collections_configuration.sls
@@ -3,6 +3,8 @@
  #
  # SPDX-License-Identifier: AGPL-3.0
  
+{%- import_yaml "ssl_key_encrypted.sls" as imported %}
+
  ### NGINX
  nginx:
    servers:
@@ -47,5 +49,8 @@ nginx:
              - include: snippets/ssl_hardening_default.conf
              - ssl_certificate: __CERT_PEM__
              - ssl_certificate_key: __CERT_KEY__
+            {%- if imported.ssl_key_encrypted.enabled %}
+            - ssl_password_file: {{ imported.ssl_key_encrypted.ssl_password_file }}
+            {%- endif %}
              - access_log: /var/log/nginx/collections.__CLUSTER__.__DOMAIN__.access.log combined
              - error_log: /var/log/nginx/collections.__CLUSTER__.__DOMAIN__.error.log
diff --git a/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_controller_configuration.sls b/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_controller_configuration.sls

index 5df1870c808846c219b6fa845fc32af939908a09..b946c61a0760b3a1dd4f47dab763005637e7583f 100644 (file)
--- a/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_controller_configuration.sls
+++ b/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_controller_configuration.sls
@@ -3,6 +3,8 @@
  #
  # SPDX-License-Identifier: AGPL-3.0
  
+{%- import_yaml "ssl_key_encrypted.sls" as imported %}
+
  ### NGINX
  nginx:
    ### SERVER
@@ -64,6 +66,9 @@ nginx:
              - include: snippets/ssl_hardening_default.conf
              - ssl_certificate: __CERT_PEM__
              - ssl_certificate_key: __CERT_KEY__
+            {%- if imported.ssl_key_encrypted.enabled %}
+            - ssl_password_file: {{ imported.ssl_key_encrypted.ssl_password_file }}
+            {%- endif %}
              - access_log: /var/log/nginx/controller.__CLUSTER__.__DOMAIN__.access.log combined
              - error_log: /var/log/nginx/controller.__CLUSTER__.__DOMAIN__.error.log
              - client_max_body_size: 128m
diff --git a/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_download_configuration.sls b/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_download_configuration.sls

index 9246fc11cbeece3d4d051a20217b29dc8d8bc22d..59c93962c9e28142e0489ab627a9846bcfa332b6 100644 (file)
--- a/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_download_configuration.sls
+++ b/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_download_configuration.sls
@@ -3,6 +3,8 @@
  #
  # SPDX-License-Identifier: AGPL-3.0
  
+{%- import_yaml "ssl_key_encrypted.sls" as imported %}
+
  ### NGINX
  nginx:
    servers:
@@ -47,5 +49,8 @@ nginx:
              - include: snippets/ssl_hardening_default.conf
              - ssl_certificate: __CERT_PEM__
              - ssl_certificate_key: __CERT_KEY__
+            {%- if imported.ssl_key_encrypted.enabled %}
+            - ssl_password_file: {{ imported.ssl_key_encrypted.ssl_password_file }}
+            {%- endif %}
              - access_log: /var/log/nginx/download.__CLUSTER__.__DOMAIN__.access.log combined
              - error_log: /var/log/nginx/download.__CLUSTER__.__DOMAIN__.error.log
diff --git a/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_keepproxy_configuration.sls b/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_keepproxy_configuration.sls

index 2f00524f987f40a5c8e7b0a6fffee96f901da198..690d9413b44dcd573690dc8fa7dad9883998343a 100644 (file)
--- a/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_keepproxy_configuration.sls
+++ b/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_keepproxy_configuration.sls
@@ -3,6 +3,8 @@
  #
  # SPDX-License-Identifier: AGPL-3.0
  
+{%- import_yaml "ssl_key_encrypted.sls" as imported %}
+
  ### NGINX
  nginx:
    ### SERVER
@@ -55,5 +57,8 @@ nginx:
              - include: snippets/ssl_hardening_default.conf
              - ssl_certificate: __CERT_PEM__
              - ssl_certificate_key: __CERT_KEY__
+            {%- if imported.ssl_key_encrypted.enabled %}
+            - ssl_password_file: {{ imported.ssl_key_encrypted.ssl_password_file }}
+            {%- endif %}
              - access_log: /var/log/nginx/keepproxy.__CLUSTER__.__DOMAIN__.access.log combined
              - error_log: /var/log/nginx/keepproxy.__CLUSTER__.__DOMAIN__.error.log
diff --git a/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_webshell_configuration.sls b/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_webshell_configuration.sls

index d631c89a816ffb783246c87655eb8ab03748d260..13a96eb33e76fab4bbc3c51e69f131fa8efc9ea4 100644 (file)
--- a/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_webshell_configuration.sls
+++ b/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_webshell_configuration.sls
@@ -3,6 +3,8 @@
  #
  # SPDX-License-Identifier: AGPL-3.0
  
+{%- import_yaml "ssl_key_encrypted.sls" as imported %}
+
  ### NGINX
  nginx:
    ### SERVER
@@ -71,6 +73,9 @@ nginx:
              - include: snippets/ssl_hardening_default.conf
              - ssl_certificate: __CERT_PEM__
              - ssl_certificate_key: __CERT_KEY__
+            {%- if imported.ssl_key_encrypted.enabled %}
+            - ssl_password_file: {{ imported.ssl_key_encrypted.ssl_password_file }}
+            {%- endif %}
              - access_log: /var/log/nginx/webshell.__CLUSTER__.__DOMAIN__.access.log combined
              - error_log: /var/log/nginx/webshell.__CLUSTER__.__DOMAIN__.error.log
  
diff --git a/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_websocket_configuration.sls b/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_websocket_configuration.sls

index 9658c620cf0f9ac2258a52f43f648c3a1d67efc0..078f916cbe81266947befb135e52ef0f9c83c3f2 100644 (file)
--- a/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_websocket_configuration.sls
+++ b/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_websocket_configuration.sls
@@ -3,6 +3,8 @@
  #
  # SPDX-License-Identifier: AGPL-3.0
  
+{%- import_yaml "ssl_key_encrypted.sls" as imported %}
+
  ### NGINX
  nginx:
    ### SERVER
@@ -56,5 +58,8 @@ nginx:
              - include: snippets/ssl_hardening_default.conf
              - ssl_certificate: __CERT_PEM__
              - ssl_certificate_key: __CERT_KEY__
+            {%- if imported.ssl_key_encrypted.enabled %}
+            - ssl_password_file: {{ imported.ssl_key_encrypted.ssl_password_file }}
+            {%- endif %}
              - access_log: /var/log/nginx/ws.__CLUSTER__.__DOMAIN__.access.log combined
              - error_log: /var/log/nginx/ws.__CLUSTER__.__DOMAIN__.error.log
diff --git a/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_workbench2_configuration.sls b/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_workbench2_configuration.sls

index a821b521fa27d88582760ccf77220d5670d820ca..021c8685d8e98e7ba625cf89c52fafc2ce5cf108 100644 (file)
--- a/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_workbench2_configuration.sls
+++ b/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_workbench2_configuration.sls
@@ -3,6 +3,8 @@
  #
  # SPDX-License-Identifier: AGPL-3.0
  
+{%- import_yaml "ssl_key_encrypted.sls" as imported %}
+
  ### ARVADOS
  arvados:
    config:
@@ -46,5 +48,8 @@ nginx:
              - include: snippets/ssl_hardening_default.conf
              - ssl_certificate: __CERT_PEM__
              - ssl_certificate_key: __CERT_KEY__
+            {%- if imported.ssl_key_encrypted.enabled %}
+            - ssl_password_file: {{ imported.ssl_key_encrypted.ssl_password_file }}
+            {%- endif %}
              - access_log: /var/log/nginx/workbench2.__CLUSTER__.__DOMAIN__.access.log combined
              - error_log: /var/log/nginx/workbench2.__CLUSTER__.__DOMAIN__.error.log
diff --git a/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_workbench_configuration.sls b/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_workbench_configuration.sls

index 32904a12b2cd5cf87899ebe6f74cae534a513db2..92b5d0356bda7d2ba558d82dd82031e9ec0134d0 100644 (file)
--- a/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_workbench_configuration.sls
+++ b/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_workbench_configuration.sls
@@ -3,6 +3,8 @@
  #
  # SPDX-License-Identifier: AGPL-3.0
  
+{%- import_yaml "ssl_key_encrypted.sls" as imported %}
+
  ### ARVADOS
  arvados:
    config:
@@ -57,6 +59,9 @@ nginx:
              - include: snippets/ssl_hardening_default.conf
              - ssl_certificate: __CERT_PEM__
              - ssl_certificate_key: __CERT_KEY__
+            {%- if imported.ssl_key_encrypted.enabled %}
+            - ssl_password_file: {{ imported.ssl_key_encrypted.ssl_password_file }}
+            {%- endif %}
              - access_log: /var/log/nginx/workbench.__CLUSTER__.__DOMAIN__.access.log combined
              - error_log: /var/log/nginx/workbench.__CLUSTER__.__DOMAIN__.error.log
  
diff --git a/tools/salt-install/config_examples/multi_host/aws/states/custom_certs.sls b/tools/salt-install/config_examples/multi_host/aws/states/custom_certs.sls

index d2345273f50ee517f23a4600b3825461b80c879a..5a7d9a269a5817c0c8be6570703b2d48b6f485d0 100644 (file)
--- a/tools/salt-install/config_examples/multi_host/aws/states/custom_certs.sls
+++ b/tools/salt-install/config_examples/multi_host/aws/states/custom_certs.sls
@@ -23,7 +23,6 @@ extra_custom_certs_file_directory_certs_dir:
  
    {%- for cert in certs %}
      {%- set cert_file = 'arvados-' ~ cert ~ '.pem' %}
-    {#- set csr_file = 'arvados-' ~ cert ~ '.csr' #}
      {%- set key_file = 'arvados-' ~ cert ~ '.key' %}
      {% for c in [cert_file, key_file] %}
  extra_custom_certs_file_copy_{{ c }}:
author	Lucas Di Pentima <lucas.dipentima@curii.com>
	Tue, 7 Feb 2023 19:15:40 +0000 (16:15 -0300)
committer	Lucas Di Pentima <lucas.dipentima@curii.com>
	Fri, 10 Feb 2023 18:22:11 +0000 (15:22 -0300)
tools/salt-install/config_examples/multi_host/aws/pillars/nginx_collections_configuration.sls		patch \| blob \| history
tools/salt-install/config_examples/multi_host/aws/pillars/nginx_controller_configuration.sls		patch \| blob \| history
tools/salt-install/config_examples/multi_host/aws/pillars/nginx_download_configuration.sls		patch \| blob \| history
tools/salt-install/config_examples/multi_host/aws/pillars/nginx_keepproxy_configuration.sls		patch \| blob \| history
tools/salt-install/config_examples/multi_host/aws/pillars/nginx_webshell_configuration.sls		patch \| blob \| history
tools/salt-install/config_examples/multi_host/aws/pillars/nginx_websocket_configuration.sls		patch \| blob \| history
tools/salt-install/config_examples/multi_host/aws/pillars/nginx_workbench2_configuration.sls		patch \| blob \| history
tools/salt-install/config_examples/multi_host/aws/pillars/nginx_workbench_configuration.sls		patch \| blob \| history
tools/salt-install/config_examples/multi_host/aws/states/custom_certs.sls		patch \| blob \| history