From 94942f7b2f35a775aea5b22d2be637022e6b4fb7 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Javier=20B=C3=A9rtoli?= Date: Fri, 21 Jan 2022 16:07:00 -0300 Subject: [PATCH] 18658: address review comments. MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Arvados-DCO-1.1-Signed-off-by: Javier Bértoli --- .../local.params.example.multiple_hosts | 12 +++++++----- ....params.example.single_host_multiple_hostnames | 6 ++++-- tools/salt-install/provision.sh | 15 +++++++++++++-- 3 files changed, 24 insertions(+), 9 deletions(-) diff --git a/tools/salt-install/local.params.example.multiple_hosts b/tools/salt-install/local.params.example.multiple_hosts index eb64bb6227..c6f196ca9a 100644 --- a/tools/salt-install/local.params.example.multiple_hosts +++ b/tools/salt-install/local.params.example.multiple_hosts @@ -79,10 +79,12 @@ LE_AWS_SECRET_ACCESS_KEY="thisistherandomstringthatisyoursecretkey" # help you deploy them. In order to do that, you need to set `USE_LETSENCRYPT=no` above, # and copy the required certificates under the directory specified in the next line. # The certs will be copied from this directory by the provision script. -# Plese set it to the FULL PATH to the certs dir if you're going to use a different dir +# Please set it to the FULL PATH to the certs dir if you're going to use a different dir +# Default is "${SCRIPT_DIR}/certs", where the variable "SCRIPT_DIR" has the path to the +# directory where the "provision.sh" script was copied in the destination host. # CUSTOM_CERTS_DIR="${SCRIPT_DIR}/certs" # The script expects cert/key files with these basenames (matching the role except for -# keepweb, which is split in both downoad/collections): +# keepweb, which is split in both download/collections): # "controller" # "websocket" # "workbench" @@ -90,10 +92,10 @@ LE_AWS_SECRET_ACCESS_KEY="thisistherandomstringthatisyoursecretkey" # "webshell" # "download" # Part of keepweb # "collections" # Part of keepweb -# "keep" # Keepproxy +# "keepproxy" # Keepproxy # Ie., 'keep', the script will lookup for -# ${CUSTOM_CERTS_DIR}/keep.crt -# ${CUSTOM_CERTS_DIR}/keep.key +# ${CUSTOM_CERTS_DIR}/keepproxy.crt +# ${CUSTOM_CERTS_DIR}/keepproxy.key # The directory to check for the config files (pillars, states) you want to use. # There are a few examples under 'config_examples'. diff --git a/tools/salt-install/local.params.example.single_host_multiple_hostnames b/tools/salt-install/local.params.example.single_host_multiple_hostnames index 6c9258a3c5..11ebc119f7 100644 --- a/tools/salt-install/local.params.example.single_host_multiple_hostnames +++ b/tools/salt-install/local.params.example.single_host_multiple_hostnames @@ -52,10 +52,12 @@ USE_LETSENCRYPT="no" # help you deploy them. In order to do that, you need to set `USE_LETSENCRYPT=no` above, # and copy the required certificates under the directory specified in the next line. # The certs will be copied from this directory by the provision script. -# Plese set it to the FULL PATH to the certs dir if you're going to use a different dir +# Please set it to the FULL PATH to the certs dir if you're going to use a different dir +# Default is "${SCRIPT_DIR}/certs", where the variable "SCRIPT_DIR" has the path to the +# directory where the "provision.sh" script was copied in the destination host. # CUSTOM_CERTS_DIR="${SCRIPT_DIR}/certs" # The script expects cert/key files with these basenames (matching the role except for -# keepweb, which is split in both downoad/collections): +# keepweb, which is split in both download/collections): # "controller" # "websocket" # "workbench" diff --git a/tools/salt-install/provision.sh b/tools/salt-install/provision.sh index 6f1e625c9b..83a538ee59 100755 --- a/tools/salt-install/provision.sh +++ b/tools/salt-install/provision.sh @@ -141,8 +141,19 @@ copy_custom_cert() { cert_name=${2} mkdir -p /srv/salt/certs - cp -v ${cert_dir}/${cert_name}.crt /srv/salt/certs/arvados-${cert_name}.pem - cp -v ${cert_dir}/${cert_name}.key /srv/salt/certs/arvados-${cert_name}.key + + if [ -f ${cert_dir}/${cert_name}.crt ]; then + cp -v ${cert_dir}/${cert_name}.crt /srv/salt/certs/arvados-${cert_name}.pem + else + echo "${cert_dir}/${cert_name}.crt does not exist. Exiting" + exit 1 + fi + if [ -f ${cert_dir}/${cert_name}.key ]; then + cp -v ${cert_dir}/${cert_name}.key /srv/salt/certs/arvados-${cert_name}.key + else + echo "${cert_dir}/${cert_name}.key does not exist. Exiting" + exit 1 + fi } DEV_MODE="no" -- 2.30.2