From 3eae74e5af3f81c324ec1d617141afe7619719b4 Mon Sep 17 00:00:00 2001
From: Ward Vandewege <ward@curii.com>
Date: Thu, 26 May 2022 16:42:02 -0400
Subject: [PATCH] Salt installer change: standardize on putting the certs
 directory under the local_config_dir directory, this simplifies things.

No issue #

Arvados-DCO-1.1-Signed-off-by: Ward Vandewege <ward@curii.com>
---
 doc/install/salt-multi-host.html.textile.liquid                | 2 --
 doc/install/salt-single-host.html.textile.liquid               | 3 ---
 tools/salt-install/local.params.example.multiple_hosts         | 2 +-
 .../local.params.example.single_host_multiple_hostnames        | 2 +-
 .../local.params.example.single_host_single_hostname           | 2 +-
 tools/salt-install/provision.sh                                | 2 +-
 6 files changed, 4 insertions(+), 9 deletions(-)

diff --git a/doc/install/salt-multi-host.html.textile.liquid b/doc/install/salt-multi-host.html.textile.liquid
index 1778338f53..5d871c4277 100644
--- a/doc/install/salt-multi-host.html.textile.liquid
+++ b/doc/install/salt-multi-host.html.textile.liquid
@@ -123,8 +123,6 @@ When you finished customizing the configuration, you are ready to copy the files
 
 <notextile>
 <pre><code>scp -r provision.sh local* user@host:
-# if you use custom certificates (not Let's Encrypt), make sure to copy those too:
-# scp -r certs user@host:
 ssh user@host sudo ./provision.sh --roles comma,separated,list,of,roles,to,apply
 </code></pre>
 </notextile>
diff --git a/doc/install/salt-single-host.html.textile.liquid b/doc/install/salt-single-host.html.textile.liquid
index 106fab9bd4..4b13dcc11e 100644
--- a/doc/install/salt-single-host.html.textile.liquid
+++ b/doc/install/salt-single-host.html.textile.liquid
@@ -111,7 +111,6 @@ To supply your own certificate, change the configuration like this:
 
 <notextile>
 <pre><code>SSL_MODE="bring-your-own"
-CUSTOM_CERTS_DIR="${SCRIPT_DIR}/certs"
 </code></pre>
 </notextile>
 
@@ -135,8 +134,6 @@ When you finished customizing the configuration, you are ready to copy the files
 
 <notextile>
 <pre><code>scp -r provision.sh local* tests user@host:
-# if you have set SSL_MODE to "bring-your-own", make sure to also copy the certificate files:
-# scp -r certs user@host:
 ssh user@host sudo ./provision.sh
 </code></pre>
 </notextile>
diff --git a/tools/salt-install/local.params.example.multiple_hosts b/tools/salt-install/local.params.example.multiple_hosts
index 32d1f8bb96..0ddec2c7cc 100644
--- a/tools/salt-install/local.params.example.multiple_hosts
+++ b/tools/salt-install/local.params.example.multiple_hosts
@@ -82,7 +82,7 @@ LE_AWS_SECRET_ACCESS_KEY="thisistherandomstringthatisyoursecretkey"
 # Please set it to the FULL PATH to the certs dir if you're going to use a different dir
 # Default is "${SCRIPT_DIR}/certs", where the variable "SCRIPT_DIR" has the path to the
 # directory where the  "provision.sh" script was copied in the destination host.
-# CUSTOM_CERTS_DIR="${SCRIPT_DIR}/certs"
+# CUSTOM_CERTS_DIR="${SCRIPT_DIR}/local_config_dir/certs"
 # The script expects cert/key files with these basenames (matching the role except for
 # keepweb, which is split in both download/collections):
 #  "controller"
diff --git a/tools/salt-install/local.params.example.single_host_multiple_hostnames b/tools/salt-install/local.params.example.single_host_multiple_hostnames
index d6bfb102e9..3cdc1ec8f1 100644
--- a/tools/salt-install/local.params.example.single_host_multiple_hostnames
+++ b/tools/salt-install/local.params.example.single_host_multiple_hostnames
@@ -45,7 +45,7 @@ SSL_MODE="self-signed"
 
 # CUSTOM_CERTS_DIR is only used when SSL_MODE is set to "bring-your-own".
 # See https://doc.arvados.org/intall/salt-single-host.html#bring-your-own for more information.
-# CUSTOM_CERTS_DIR="${SCRIPT_DIR}/certs"
+# CUSTOM_CERTS_DIR="${SCRIPT_DIR}/local_config_dir/certs"
 
 # The directory to check for the config files (pillars, states) you want to use.
 # There are a few examples under 'config_examples'.
diff --git a/tools/salt-install/local.params.example.single_host_single_hostname b/tools/salt-install/local.params.example.single_host_single_hostname
index b6c7e5f7a5..45842b3dcc 100644
--- a/tools/salt-install/local.params.example.single_host_single_hostname
+++ b/tools/salt-install/local.params.example.single_host_single_hostname
@@ -53,7 +53,7 @@ SSL_MODE="self-signed"
 
 # CUSTOM_CERTS_DIR is only used when SSL_MODE is set to "bring-your-own".
 # See https://doc.arvados.org/intall/salt-single-host.html#bring-your-own for more information.
-# CUSTOM_CERTS_DIR="${SCRIPT_DIR}/certs"
+# CUSTOM_CERTS_DIR="${SCRIPT_DIR}/local_config_dir/certs"
 
 # The directory to check for the config files (pillars, states) you want to use.
 # There are a few examples under 'config_examples'.
diff --git a/tools/salt-install/provision.sh b/tools/salt-install/provision.sh
index be1506c620..f1fc700a9e 100755
--- a/tools/salt-install/provision.sh
+++ b/tools/salt-install/provision.sh
@@ -200,7 +200,7 @@ WORKBENCH2_EXT_SSL_PORT=3001
 
 SSL_MODE="self-signed"
 USE_LETSENCRYPT_ROUTE53="no"
-CUSTOM_CERTS_DIR="${SCRIPT_DIR}/certs"
+CUSTOM_CERTS_DIR="${SCRIPT_DIR}/local_config_dir/certs"
 
 ## These are ARVADOS-related parameters
 # For a stable release, change RELEASE "production" and VERSION to the
-- 
2.30.2