From: Javier Bértoli Date: Fri, 21 Jan 2022 19:07:00 +0000 (-0300) Subject: 18658: address review comments. X-Git-Tag: 2.4.0~110^2 X-Git-Url: https://git.arvados.org/arvados.git/commitdiff_plain/94942f7b2f35a775aea5b22d2be637022e6b4fb7 18658: address review comments. Arvados-DCO-1.1-Signed-off-by: Javier Bértoli --- diff --git a/tools/salt-install/local.params.example.multiple_hosts b/tools/salt-install/local.params.example.multiple_hosts index eb64bb6227..c6f196ca9a 100644 --- a/tools/salt-install/local.params.example.multiple_hosts +++ b/tools/salt-install/local.params.example.multiple_hosts @@ -79,10 +79,12 @@ LE_AWS_SECRET_ACCESS_KEY="thisistherandomstringthatisyoursecretkey" # help you deploy them. In order to do that, you need to set `USE_LETSENCRYPT=no` above, # and copy the required certificates under the directory specified in the next line. # The certs will be copied from this directory by the provision script. -# Plese set it to the FULL PATH to the certs dir if you're going to use a different dir +# Please set it to the FULL PATH to the certs dir if you're going to use a different dir +# Default is "${SCRIPT_DIR}/certs", where the variable "SCRIPT_DIR" has the path to the +# directory where the "provision.sh" script was copied in the destination host. # CUSTOM_CERTS_DIR="${SCRIPT_DIR}/certs" # The script expects cert/key files with these basenames (matching the role except for -# keepweb, which is split in both downoad/collections): +# keepweb, which is split in both download/collections): # "controller" # "websocket" # "workbench" @@ -90,10 +92,10 @@ LE_AWS_SECRET_ACCESS_KEY="thisistherandomstringthatisyoursecretkey" # "webshell" # "download" # Part of keepweb # "collections" # Part of keepweb -# "keep" # Keepproxy +# "keepproxy" # Keepproxy # Ie., 'keep', the script will lookup for -# ${CUSTOM_CERTS_DIR}/keep.crt -# ${CUSTOM_CERTS_DIR}/keep.key +# ${CUSTOM_CERTS_DIR}/keepproxy.crt +# ${CUSTOM_CERTS_DIR}/keepproxy.key # The directory to check for the config files (pillars, states) you want to use. # There are a few examples under 'config_examples'. diff --git a/tools/salt-install/local.params.example.single_host_multiple_hostnames b/tools/salt-install/local.params.example.single_host_multiple_hostnames index 6c9258a3c5..11ebc119f7 100644 --- a/tools/salt-install/local.params.example.single_host_multiple_hostnames +++ b/tools/salt-install/local.params.example.single_host_multiple_hostnames @@ -52,10 +52,12 @@ USE_LETSENCRYPT="no" # help you deploy them. In order to do that, you need to set `USE_LETSENCRYPT=no` above, # and copy the required certificates under the directory specified in the next line. # The certs will be copied from this directory by the provision script. -# Plese set it to the FULL PATH to the certs dir if you're going to use a different dir +# Please set it to the FULL PATH to the certs dir if you're going to use a different dir +# Default is "${SCRIPT_DIR}/certs", where the variable "SCRIPT_DIR" has the path to the +# directory where the "provision.sh" script was copied in the destination host. # CUSTOM_CERTS_DIR="${SCRIPT_DIR}/certs" # The script expects cert/key files with these basenames (matching the role except for -# keepweb, which is split in both downoad/collections): +# keepweb, which is split in both download/collections): # "controller" # "websocket" # "workbench" diff --git a/tools/salt-install/provision.sh b/tools/salt-install/provision.sh index 6f1e625c9b..83a538ee59 100755 --- a/tools/salt-install/provision.sh +++ b/tools/salt-install/provision.sh @@ -141,8 +141,19 @@ copy_custom_cert() { cert_name=${2} mkdir -p /srv/salt/certs - cp -v ${cert_dir}/${cert_name}.crt /srv/salt/certs/arvados-${cert_name}.pem - cp -v ${cert_dir}/${cert_name}.key /srv/salt/certs/arvados-${cert_name}.key + + if [ -f ${cert_dir}/${cert_name}.crt ]; then + cp -v ${cert_dir}/${cert_name}.crt /srv/salt/certs/arvados-${cert_name}.pem + else + echo "${cert_dir}/${cert_name}.crt does not exist. Exiting" + exit 1 + fi + if [ -f ${cert_dir}/${cert_name}.key ]; then + cp -v ${cert_dir}/${cert_name}.key /srv/salt/certs/arvados-${cert_name}.key + else + echo "${cert_dir}/${cert_name}.key does not exist. Exiting" + exit 1 + fi } DEV_MODE="no"