From: Ward Vandewege <ward@curii.com>
Date: Wed, 1 Jun 2022 14:15:23 +0000 (-0400)
Subject: provision script: fix single host/single hostname letsencrypt.
X-Git-Tag: 2.5.0~148^2
X-Git-Url: https://git.arvados.org/arvados.git/commitdiff_plain/ca112fc69a5b85127d243d716b032d2c08bb393c?hp=75967562d779337c0920841a0a66d130b4ba51a9

provision script: fix single host/single hostname letsencrypt.

refs #19169

Arvados-DCO-1.1-Signed-off-by: Ward Vandewege <ward@curii.com>
---

diff --git a/tools/salt-install/provision.sh b/tools/salt-install/provision.sh
index f1fc700a9e..dc4a7b70ff 100755
--- a/tools/salt-install/provision.sh
+++ b/tools/salt-install/provision.sh
@@ -593,11 +593,27 @@ if [ -z "${ROLES}" ]; then
     fi
     grep -q "letsencrypt" ${P_DIR}/top.sls || echo "    - letsencrypt" >> ${P_DIR}/top.sls
 
-    # As the pillar differ whether we use LE or custom certs, we need to do a final edition on them
-    for c in controller websocket workbench workbench2 webshell download collections keepproxy; do
-      sed -i "s/__CERT_REQUIRES__/cmd: create-initial-cert-${c}.${CLUSTER}.${DOMAIN}*/g;
-              s#__CERT_PEM__#/etc/letsencrypt/live/${c}.${CLUSTER}.${DOMAIN}/fullchain.pem#g;
-              s#__CERT_KEY__#/etc/letsencrypt/live/${c}.${CLUSTER}.${DOMAIN}/privkey.pem#g" \
+    hosts=("controller" "websocket" "workbench" "workbench2" "webshell" "keepproxy")
+    if [ ${USE_SINGLE_HOSTNAME} = "no" ]; then
+      hosts+=("download" "collections")
+    else
+      hosts+=("keepweb")
+    fi
+
+    for c in "${hosts[@]}"; do
+      # Are we in a single-host-single-hostname env?
+      if [ "${USE_SINGLE_HOSTNAME}" = "yes" ]; then
+        # Are we in a single-host-single-hostname env?
+        CERT_NAME=${HOSTNAME_EXT}
+      else
+        # We are in a multiple-hostnames env
+        CERT_NAME=${c}.${CLUSTER}.${DOMAIN}
+      fi
+
+      # As the pillar differs whether we use LE or custom certs, we need to do a final edition on them
+      sed -i "s/__CERT_REQUIRES__/cmd: create-initial-cert-${CERT_NAME}*/g;
+              s#__CERT_PEM__#/etc/letsencrypt/live/${CERT_NAME}/fullchain.pem#g;
+              s#__CERT_KEY__#/etc/letsencrypt/live/${CERT_NAME}/privkey.pem#g" \
       ${P_DIR}/nginx_${c}_configuration.sls
     done
   else