From ca112fc69a5b85127d243d716b032d2c08bb393c Mon Sep 17 00:00:00 2001 From: Ward Vandewege Date: Wed, 1 Jun 2022 10:15:23 -0400 Subject: [PATCH] provision script: fix single host/single hostname letsencrypt. refs #19169 Arvados-DCO-1.1-Signed-off-by: Ward Vandewege --- tools/salt-install/provision.sh | 26 +++++++++++++++++++++----- 1 file changed, 21 insertions(+), 5 deletions(-) diff --git a/tools/salt-install/provision.sh b/tools/salt-install/provision.sh index f1fc700a9e..dc4a7b70ff 100755 --- a/tools/salt-install/provision.sh +++ b/tools/salt-install/provision.sh @@ -593,11 +593,27 @@ if [ -z "${ROLES}" ]; then fi grep -q "letsencrypt" ${P_DIR}/top.sls || echo " - letsencrypt" >> ${P_DIR}/top.sls - # As the pillar differ whether we use LE or custom certs, we need to do a final edition on them - for c in controller websocket workbench workbench2 webshell download collections keepproxy; do - sed -i "s/__CERT_REQUIRES__/cmd: create-initial-cert-${c}.${CLUSTER}.${DOMAIN}*/g; - s#__CERT_PEM__#/etc/letsencrypt/live/${c}.${CLUSTER}.${DOMAIN}/fullchain.pem#g; - s#__CERT_KEY__#/etc/letsencrypt/live/${c}.${CLUSTER}.${DOMAIN}/privkey.pem#g" \ + hosts=("controller" "websocket" "workbench" "workbench2" "webshell" "keepproxy") + if [ ${USE_SINGLE_HOSTNAME} = "no" ]; then + hosts+=("download" "collections") + else + hosts+=("keepweb") + fi + + for c in "${hosts[@]}"; do + # Are we in a single-host-single-hostname env? + if [ "${USE_SINGLE_HOSTNAME}" = "yes" ]; then + # Are we in a single-host-single-hostname env? + CERT_NAME=${HOSTNAME_EXT} + else + # We are in a multiple-hostnames env + CERT_NAME=${c}.${CLUSTER}.${DOMAIN} + fi + + # As the pillar differs whether we use LE or custom certs, we need to do a final edition on them + sed -i "s/__CERT_REQUIRES__/cmd: create-initial-cert-${CERT_NAME}*/g; + s#__CERT_PEM__#/etc/letsencrypt/live/${CERT_NAME}/fullchain.pem#g; + s#__CERT_KEY__#/etc/letsencrypt/live/${CERT_NAME}/privkey.pem#g" \ ${P_DIR}/nginx_${c}_configuration.sls done else -- 2.30.2