gnuviech/gva
1
0
Fork 0
Code Issues 6 Pull requests Releases Wiki Activity
gva/salt/roots/webserver/sslcert.macros.sls
Jan Dittberner 6147a90066 Improve salt setup 
This commit improves the salt setup of the Vagrant box:
- Salt output is reduced to log level warning
- Hosts entries are created for the internal IPs of all planned gva
  component VMs
- .bashrc and a .bash_functions sourced from it are now managed for the
  vagrant user
- the VM name has been changed to gva.local
- recent salt versions do not depend on m2crypto anymore, therefore it
  is now installed before x509certificate functions are called
- the rabbitmq_vhost for gva is now setup before any users are created
  because the previous implementation was broken with recent salt
  versions
- the gnuviechadmin-locale-data-compile step has been simplified because
  Django 1.9's compilemessages takes care of recursive .mo file
  compilation
- pillar data has been separated by role (especially queue permissions
  and credentials)
- salt configuration is now unified with gvaldap
2016-01-29 22:42:45 +01:00

31 lines
1.1 KiB
Plaintext
Raw Blame History

{%- macro key_cert(domain_name) %}
{% set nginx_ssl_keydir = salt['pillar.get']('nginx:sslkeydir', '/etc/nginx/ssl/private') %}
{% set nginx_ssl_certdir = salt['pillar.get']('nginx:sslcertdir', '/etc/nginx/ssl/certs') %}
{% set keyfile = nginx_ssl_keydir + '/' + domain_name + '.key.pem' %}
{% set certfile = nginx_ssl_certdir + '/' + domain_name + '.crt.pem' %}
{{ keyfile }}:
rsa_key.valid_key:
- bits: {{ salt['pillar.get']('nginx:keylength:' + domain_name, 2048) }}
- require:
- file: {{ nginx_ssl_keydir }}
- require_in:
- file: /etc/nginx/sites-available/{{ domain_name }}
- service: nginx
{{ certfile }}:
cmd.run:
- name: openssl req -new -x509 -key {{ keyfile }} -subj '/CN={{ domain_name }}' -days 730 -out {{ certfile }}
- require:
- rsa_key: {{ keyfile }}
- creates: {{ certfile }}
x509_certificate.valid_certificate:
- require:
- file: {{ nginx_ssl_certdir }}
- cmd: {{ certfile }}
- pkg: python-m2crypto
- require_in:
- file: /etc/nginx/sites-available/{{ domain_name }}
- service: nginx
{% endmacro %}
Reference in a new issue View git blame Copy permalink