[arvados] created: 2.6.0-369-gef2644287
git repository hosting
git at public.arvados.org
Fri Aug 4 15:27:11 UTC 2023
at ef2644287f25a95b510c4532822f92b3ecd7e33a (commit)
commit ef2644287f25a95b510c4532822f92b3ecd7e33a
Author: Peter Amstutz <peter.amstutz at curii.com>
Date: Thu Aug 3 10:31:05 2023 -0400
20688: Update single host/multiple hostname template
Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <peter.amstutz at curii.com>
diff --git a/tools/salt-install/config_examples/single_host/multiple_hostnames/pillars/nginx_workbench2_configuration.sls b/tools/salt-install/config_examples/single_host/multiple_hostnames/pillars/nginx_workbench2_configuration.sls
index 50c960cbc..081be151e 100644
--- a/tools/salt-install/config_examples/single_host/multiple_hostnames/pillars/nginx_workbench2_configuration.sls
+++ b/tools/salt-install/config_examples/single_host/multiple_hostnames/pillars/nginx_workbench2_configuration.sls
@@ -1,18 +1,14 @@
---
# Copyright (C) The Arvados Authors. All rights reserved.
#
-# SPDX-License-Identifier: Apache-2.0
+# SPDX-License-Identifier: AGPL-3.0
-{%- if grains.os_family in ('RedHat',) %}
- {%- set group = 'nginx' %}
-{%- else %}
- {%- set group = 'www-data' %}
-{%- endif %}
+{%- import_yaml "ssl_key_encrypted.sls" as ssl_key_encrypted_pillar %}
### ARVADOS
arvados:
config:
- group: {{ group }}
+ group: www-data
### NGINX
nginx:
@@ -25,11 +21,9 @@ nginx:
overwrite: true
config:
- server:
- - server_name: workbench2.__CLUSTER__.__DOMAIN__
+ - server_name: workbench2.__DOMAIN__
- listen:
- 80
- - location /.well-known:
- - root: /var/www
- location /:
- return: '301 https://$host$request_uri'
@@ -37,22 +31,21 @@ nginx:
enabled: true
overwrite: true
requires:
- file: extra_custom_certs_file_copy_arvados-workbench2.pem
+ __CERT_REQUIRES__
config:
- server:
- - server_name: workbench2.__CLUSTER__.__DOMAIN__
+ - server_name: workbench2.__DOMAIN__
- listen:
- __CONTROLLER_EXT_SSL_PORT__ http2 ssl
- - index: index.html index.htm
+
- location /:
- - root: /var/www/arvados-workbench2/workbench2
- - try_files: '$uri $uri/ /index.html'
- - 'if (-f $document_root/maintenance.html)':
- - return: 503
- - location /config.json:
- - return: {{ "200 '" ~ '{"API_HOST":"__CLUSTER__.__DOMAIN__:__CONTROLLER_EXT_SSL_PORT__"}' ~ "'" }}
+ - return: '301 https://workbench.__DOMAIN__$request_uri'
+
- include: snippets/ssl_hardening_default.conf
- - ssl_certificate: /etc/nginx/ssl/arvados-workbench2.pem
- - ssl_certificate_key: /etc/nginx/ssl/arvados-workbench2.key
- - access_log: /var/log/nginx/workbench2.__CLUSTER__.__DOMAIN__.access.log combined
- - error_log: /var/log/nginx/workbench2.__CLUSTER__.__DOMAIN__.error.log
+ - ssl_certificate: __CERT_PEM__
+ - ssl_certificate_key: __CERT_KEY__
+ {%- if ssl_key_encrypted_pillar.ssl_key_encrypted.enabled %}
+ - ssl_password_file: {{ '/run/arvados/' | path_join(ssl_key_encrypted_pillar.ssl_key_encrypted.privkey_password_filename) }}
+ {%- endif %}
+ - access_log: /var/log/nginx/workbench2.__DOMAIN__.access.log combined
+ - error_log: /var/log/nginx/workbench2.__DOMAIN__.error.log
diff --git a/tools/salt-install/config_examples/single_host/multiple_hostnames/pillars/nginx_workbench_configuration.sls b/tools/salt-install/config_examples/single_host/multiple_hostnames/pillars/nginx_workbench_configuration.sls
index 90248fcb2..87ed7c450 100644
--- a/tools/salt-install/config_examples/single_host/multiple_hostnames/pillars/nginx_workbench_configuration.sls
+++ b/tools/salt-install/config_examples/single_host/multiple_hostnames/pillars/nginx_workbench_configuration.sls
@@ -3,28 +3,15 @@
#
# SPDX-License-Identifier: AGPL-3.0
-{%- if grains.os_family in ('RedHat',) %}
- {%- set group = 'nginx' %}
-{%- else %}
- {%- set group = 'www-data' %}
-{%- endif %}
+{%- import_yaml "ssl_key_encrypted.sls" as ssl_key_encrypted_pillar %}
### ARVADOS
arvados:
config:
- group: {{ group }}
+ group: www-data
### NGINX
nginx:
- ### SERVER
- server:
- config:
-
- ### STREAMS
- http:
- upstream workbench_upstream:
- - server: 'workbench.internal:9000 fail_timeout=10s'
-
### SITES
servers:
managed:
@@ -34,11 +21,9 @@ nginx:
overwrite: true
config:
- server:
- - server_name: workbench.__CLUSTER__.__DOMAIN__
+ - server_name: workbench.__DOMAIN__
- listen:
- 80
- - location /.well-known:
- - root: /var/www
- location /:
- return: '301 https://$host$request_uri'
@@ -46,38 +31,81 @@ nginx:
enabled: true
overwrite: true
requires:
- file: extra_custom_certs_file_copy_arvados-workbench.pem
+ __CERT_REQUIRES__
config:
- server:
- - server_name: workbench.__CLUSTER__.__DOMAIN__
+ - server_name: workbench.__DOMAIN__
- listen:
- __CONTROLLER_EXT_SSL_PORT__ http2 ssl
- index: index.html index.htm
+
+ # REDIRECTS FROM WORKBENCH 1 TO WORKBENCH 2
+
+ # Paths that are not redirected because wb1 and wb2 have similar enough paths
+ # that a redirect is pointless and would create a redirect loop.
+ # rewrite ^/api_client_authorizations.* /api_client_authorizations redirect;
+ # rewrite ^/repositories.* /repositories redirect;
+ # rewrite ^/links.* /links redirect;
+ # rewrite ^/projects.* /projects redirect;
+ # rewrite ^/trash /trash redirect;
+
+ # Redirects that include a uuid
+ - rewrite: '^/work_units/(.*) /processes/$1 redirect'
+ - rewrite: '^/container_requests/(.*) /processes/$1 redirect'
+ - rewrite: '^/users/(.*) /user/$1 redirect'
+ - rewrite: '^/groups/(.*) /group/$1 redirect'
+
+ # Special file download redirects
+ - 'if ($arg_disposition = attachment)':
+ - rewrite: '^/collections/([^/]*)/(.*) /?redirectToDownload=/c=$1/$2? redirect'
+
+ - 'if ($arg_disposition = inline)':
+ - rewrite: '^/collections/([^/]*)/(.*) /?redirectToPreview=/c=$1/$2? redirect'
+
+ # Redirects that go to a roughly equivalent page
+ - rewrite: '^/virtual_machines.* /virtual-machines-admin redirect'
+ - rewrite: '^/users/.*/virtual_machines /virtual-machines-user redirect'
+ - rewrite: '^/authorized_keys.* /ssh-keys-admin redirect'
+ - rewrite: '^/users/.*/ssh_keys /ssh-keys-user redirect'
+ - rewrite: '^/containers.* /all_processes redirect'
+ - rewrite: '^/container_requests /all_processes redirect'
+ - rewrite: '^/job.* /all_processes redirect'
+ - rewrite: '^/users/link_account /link_account redirect'
+ - rewrite: '^/search.* /search-results redirect'
+ - rewrite: '^/keep_services.* /keep-services redirect'
+ - rewrite: '^/trash_items.* /trash redirect'
+
+ # Redirects that don't have a good mapping and
+ # just go to root.
+ - rewrite: '^/themes.* / redirect'
+ - rewrite: '^/keep_disks.* / redirect'
+ - rewrite: '^/user_agreements.* / redirect'
+ - rewrite: '^/nodes.* / redirect'
+ - rewrite: '^/humans.* / redirect'
+ - rewrite: '^/traits.* / redirect'
+ - rewrite: '^/sessions.* / redirect'
+ - rewrite: '^/logout.* / redirect'
+ - rewrite: '^/logged_out.* / redirect'
+ - rewrite: '^/current_token / redirect'
+ - rewrite: '^/logs.* / redirect'
+ - rewrite: '^/factory_jobs.* / redirect'
+ - rewrite: '^/uploaded_datasets.* / redirect'
+ - rewrite: '^/specimens.* / redirect'
+ - rewrite: '^/pipeline_templates.* / redirect'
+ - rewrite: '^/pipeline_instances.* / redirect'
+
- location /:
- - proxy_pass: 'http://workbench_upstream'
- - proxy_read_timeout: 300
- - proxy_connect_timeout: 90
- - proxy_redirect: 'off'
- - proxy_set_header: X-Forwarded-Proto https
- - proxy_set_header: 'Host $http_host'
- - proxy_set_header: 'X-Real-IP $remote_addr'
- - proxy_set_header: 'X-Forwarded-For $proxy_add_x_forwarded_for'
+ - root: /var/www/arvados-workbench2/workbench2
+ - try_files: '$uri $uri/ /index.html'
+ - 'if (-f $document_root/maintenance.html)':
+ - return: 503
+ - location /config.json:
+ - return: {{ "200 '" ~ '{"API_HOST":"__DOMAIN__:__CONTROLLER_EXT_SSL_PORT__"}' ~ "'" }}
- include: snippets/ssl_hardening_default.conf
- - ssl_certificate: /etc/nginx/ssl/arvados-workbench.pem
- - ssl_certificate_key: /etc/nginx/ssl/arvados-workbench.key
- - access_log: /var/log/nginx/workbench.__CLUSTER__.__DOMAIN__.access.log combined
- - error_log: /var/log/nginx/workbench.__CLUSTER__.__DOMAIN__.error.log
-
- arvados_workbench_upstream.conf:
- enabled: true
- overwrite: true
- config:
- - server:
- - listen: 'workbench.internal:9000'
- - server_name: workbench
- - root: /var/www/arvados-workbench/current/public
- - index: index.html index.htm
- - passenger_enabled: 'on'
- # yamllint disable-line rule:line-length
- - access_log: /var/log/nginx/workbench.__CLUSTER__.__DOMAIN__-upstream.access.log combined
- - error_log: /var/log/nginx/workbench.__CLUSTER__.__DOMAIN__-upstream.error.log
+ - ssl_certificate: __CERT_PEM__
+ - ssl_certificate_key: __CERT_KEY__
+ {%- if ssl_key_encrypted_pillar.ssl_key_encrypted.enabled %}
+ - ssl_password_file: {{ '/run/arvados/' | path_join(ssl_key_encrypted_pillar.ssl_key_encrypted.privkey_password_filename) }}
+ {%- endif %}
+ - access_log: /var/log/nginx/workbench2.__DOMAIN__.access.log combined
+ - error_log: /var/log/nginx/workbench2.__DOMAIN__.error.log
commit e7fe0e38fbf6b919e61ba1d595ef564d67b0a528
Author: Peter Amstutz <peter.amstutz at curii.com>
Date: Thu Aug 3 09:44:41 2023 -0400
20688: "workbench" host is now workbench2
"workbench2" host redirects to workbench
Right now, both workbench and workbench2 roles still need to be
assigned, because the 'workbench' role is now configuring nginx but
the 'workbench2' state is the one that actually installs the package.
Will need to make some upstream changes to the formula.
Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <peter.amstutz at curii.com>
diff --git a/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_workbench2_configuration.sls b/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_workbench2_configuration.sls
index 72cdf0484..081be151e 100644
--- a/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_workbench2_configuration.sls
+++ b/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_workbench2_configuration.sls
@@ -37,70 +37,10 @@ nginx:
- server_name: workbench2.__DOMAIN__
- listen:
- __CONTROLLER_EXT_SSL_PORT__ http2 ssl
- - index: index.html index.htm
-
- # REDIRECTS FROM WORKBENCH 1 TO WORKBENCH 2
-
- # Paths that are not redirected because wb1 and wb2 have similar enough paths
- # that a redirect is pointless and would create a redirect loop.
- # rewrite ^/api_client_authorizations.* /api_client_authorizations redirect;
- # rewrite ^/repositories.* /repositories redirect;
- # rewrite ^/links.* /links redirect;
- # rewrite ^/projects.* /projects redirect;
- # rewrite ^/trash /trash redirect;
-
- # Redirects that include a uuid
- - rewrite: '^/work_units/(.*) /processes/$1 redirect'
- - rewrite: '^/container_requests/(.*) /processes/$1 redirect'
- - rewrite: '^/users/(.*) /user/$1 redirect'
- - rewrite: '^/groups/(.*) /group/$1 redirect'
-
- # Special file download redirects
- - 'if ($arg_disposition = attachment)':
- - rewrite: '^/collections/([^/]*)/(.*) /?redirectToDownload=/c=$1/$2? redirect'
-
- - 'if ($arg_disposition = inline)':
- - rewrite: '^/collections/([^/]*)/(.*) /?redirectToPreview=/c=$1/$2? redirect'
-
- # Redirects that go to a roughly equivalent page
- - rewrite: '^/virtual_machines.* /virtual-machines-admin redirect'
- - rewrite: '^/users/.*/virtual_machines /virtual-machines-user redirect'
- - rewrite: '^/authorized_keys.* /ssh-keys-admin redirect'
- - rewrite: '^/users/.*/ssh_keys /ssh-keys-user redirect'
- - rewrite: '^/containers.* /all_processes redirect'
- - rewrite: '^/container_requests /all_processes redirect'
- - rewrite: '^/job.* /all_processes redirect'
- - rewrite: '^/users/link_account /link_account redirect'
- - rewrite: '^/search.* /search-results redirect'
- - rewrite: '^/keep_services.* /keep-services redirect'
- - rewrite: '^/trash_items.* /trash redirect'
-
- # Redirects that don't have a good mapping and
- # just go to root.
- - rewrite: '^/themes.* / redirect'
- - rewrite: '^/keep_disks.* / redirect'
- - rewrite: '^/user_agreements.* / redirect'
- - rewrite: '^/nodes.* / redirect'
- - rewrite: '^/humans.* / redirect'
- - rewrite: '^/traits.* / redirect'
- - rewrite: '^/sessions.* / redirect'
- - rewrite: '^/logout.* / redirect'
- - rewrite: '^/logged_out.* / redirect'
- - rewrite: '^/current_token / redirect'
- - rewrite: '^/logs.* / redirect'
- - rewrite: '^/factory_jobs.* / redirect'
- - rewrite: '^/uploaded_datasets.* / redirect'
- - rewrite: '^/specimens.* / redirect'
- - rewrite: '^/pipeline_templates.* / redirect'
- - rewrite: '^/pipeline_instances.* / redirect'
- location /:
- - root: /var/www/arvados-workbench2/workbench2
- - try_files: '$uri $uri/ /index.html'
- - 'if (-f $document_root/maintenance.html)':
- - return: 503
- - location /config.json:
- - return: {{ "200 '" ~ '{"API_HOST":"__DOMAIN__:__CONTROLLER_EXT_SSL_PORT__"}' ~ "'" }}
+ - return: '301 https://workbench.__DOMAIN__$request_uri'
+
- include: snippets/ssl_hardening_default.conf
- ssl_certificate: __CERT_PEM__
- ssl_certificate_key: __CERT_KEY__
diff --git a/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_workbench_configuration.sls b/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_workbench_configuration.sls
index 013be704c..87ed7c450 100644
--- a/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_workbench_configuration.sls
+++ b/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_workbench_configuration.sls
@@ -12,15 +12,6 @@ arvados:
### NGINX
nginx:
- ### SERVER
- server:
- config:
-
- ### STREAMS
- http:
- upstream workbench_upstream:
- - server: 'localhost:9000 fail_timeout=10s'
-
### SITES
servers:
managed:
@@ -47,34 +38,74 @@ nginx:
- listen:
- __CONTROLLER_EXT_SSL_PORT__ http2 ssl
- index: index.html index.htm
+
+ # REDIRECTS FROM WORKBENCH 1 TO WORKBENCH 2
+
+ # Paths that are not redirected because wb1 and wb2 have similar enough paths
+ # that a redirect is pointless and would create a redirect loop.
+ # rewrite ^/api_client_authorizations.* /api_client_authorizations redirect;
+ # rewrite ^/repositories.* /repositories redirect;
+ # rewrite ^/links.* /links redirect;
+ # rewrite ^/projects.* /projects redirect;
+ # rewrite ^/trash /trash redirect;
+
+ # Redirects that include a uuid
+ - rewrite: '^/work_units/(.*) /processes/$1 redirect'
+ - rewrite: '^/container_requests/(.*) /processes/$1 redirect'
+ - rewrite: '^/users/(.*) /user/$1 redirect'
+ - rewrite: '^/groups/(.*) /group/$1 redirect'
+
+ # Special file download redirects
+ - 'if ($arg_disposition = attachment)':
+ - rewrite: '^/collections/([^/]*)/(.*) /?redirectToDownload=/c=$1/$2? redirect'
+
+ - 'if ($arg_disposition = inline)':
+ - rewrite: '^/collections/([^/]*)/(.*) /?redirectToPreview=/c=$1/$2? redirect'
+
+ # Redirects that go to a roughly equivalent page
+ - rewrite: '^/virtual_machines.* /virtual-machines-admin redirect'
+ - rewrite: '^/users/.*/virtual_machines /virtual-machines-user redirect'
+ - rewrite: '^/authorized_keys.* /ssh-keys-admin redirect'
+ - rewrite: '^/users/.*/ssh_keys /ssh-keys-user redirect'
+ - rewrite: '^/containers.* /all_processes redirect'
+ - rewrite: '^/container_requests /all_processes redirect'
+ - rewrite: '^/job.* /all_processes redirect'
+ - rewrite: '^/users/link_account /link_account redirect'
+ - rewrite: '^/search.* /search-results redirect'
+ - rewrite: '^/keep_services.* /keep-services redirect'
+ - rewrite: '^/trash_items.* /trash redirect'
+
+ # Redirects that don't have a good mapping and
+ # just go to root.
+ - rewrite: '^/themes.* / redirect'
+ - rewrite: '^/keep_disks.* / redirect'
+ - rewrite: '^/user_agreements.* / redirect'
+ - rewrite: '^/nodes.* / redirect'
+ - rewrite: '^/humans.* / redirect'
+ - rewrite: '^/traits.* / redirect'
+ - rewrite: '^/sessions.* / redirect'
+ - rewrite: '^/logout.* / redirect'
+ - rewrite: '^/logged_out.* / redirect'
+ - rewrite: '^/current_token / redirect'
+ - rewrite: '^/logs.* / redirect'
+ - rewrite: '^/factory_jobs.* / redirect'
+ - rewrite: '^/uploaded_datasets.* / redirect'
+ - rewrite: '^/specimens.* / redirect'
+ - rewrite: '^/pipeline_templates.* / redirect'
+ - rewrite: '^/pipeline_instances.* / redirect'
+
- location /:
- - proxy_pass: 'http://workbench_upstream'
- - proxy_read_timeout: 300
- - proxy_connect_timeout: 90
- - proxy_redirect: 'off'
- - proxy_set_header: X-Forwarded-Proto https
- - proxy_set_header: 'Host $http_host'
- - proxy_set_header: 'X-Real-IP $remote_addr'
- - proxy_set_header: 'X-Forwarded-For $proxy_add_x_forwarded_for'
+ - root: /var/www/arvados-workbench2/workbench2
+ - try_files: '$uri $uri/ /index.html'
+ - 'if (-f $document_root/maintenance.html)':
+ - return: 503
+ - location /config.json:
+ - return: {{ "200 '" ~ '{"API_HOST":"__DOMAIN__:__CONTROLLER_EXT_SSL_PORT__"}' ~ "'" }}
- include: snippets/ssl_hardening_default.conf
- ssl_certificate: __CERT_PEM__
- ssl_certificate_key: __CERT_KEY__
{%- if ssl_key_encrypted_pillar.ssl_key_encrypted.enabled %}
- ssl_password_file: {{ '/run/arvados/' | path_join(ssl_key_encrypted_pillar.ssl_key_encrypted.privkey_password_filename) }}
{%- endif %}
- - access_log: /var/log/nginx/workbench.__DOMAIN__.access.log combined
- - error_log: /var/log/nginx/workbench.__DOMAIN__.error.log
-
- arvados_workbench_upstream:
- enabled: true
- overwrite: true
- config:
- - server:
- - listen: 'localhost:9000'
- - server_name: workbench
- - root: /var/www/arvados-workbench/current/public
- - index: index.html index.htm
- - passenger_enabled: 'on'
- # yamllint disable-line rule:line-length
- - access_log: /var/log/nginx/workbench.__DOMAIN__-upstream.access.log combined
- - error_log: /var/log/nginx/workbench.__DOMAIN__-upstream.error.log
+ - access_log: /var/log/nginx/workbench2.__DOMAIN__.access.log combined
+ - error_log: /var/log/nginx/workbench2.__DOMAIN__.error.log
commit 6ab314a9968a1e3b9d896be006f0d5964cb72522
Author: Peter Amstutz <peter.amstutz at curii.com>
Date: Wed Aug 2 17:18:32 2023 -0400
20688: Reorder redirects by priority
Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <peter.amstutz at curii.com>
diff --git a/tools/arvbox/lib/arvbox/docker/service/nginx/run b/tools/arvbox/lib/arvbox/docker/service/nginx/run
index ec889e7dd..e92870c3e 100755
--- a/tools/arvbox/lib/arvbox/docker/service/nginx/run
+++ b/tools/arvbox/lib/arvbox/docker/service/nginx/run
@@ -122,6 +122,33 @@ http {
# rewrite ^/projects.* /projects redirect;
# rewrite ^/trash /trash redirect;
+ # Redirects that include a uuid
+ rewrite ^/work_units/(.*) /processes/$1 redirect;
+ rewrite ^/container_requests/(.*) /processes/$1 redirect;
+ rewrite ^/users/(.*) /user/$1 redirect;
+ rewrite ^/groups/(.*) /group/$1 redirect;
+
+ # Special file download redirects
+ if (\$arg_disposition = attachment) {
+ rewrite ^/collections/([^/]*)/(.*) /?redirectToDownload=/c=$1/$2? redirect;
+ }
+ if (\$arg_disposition = inline) {
+ rewrite ^/collections/([^/]*)/(.*) /?redirectToPreview=/c=$1/$2? redirect;
+ }
+
+ # Redirects that go to a roughly equivalent page
+ rewrite ^/virtual_machines.* /virtual-machines-admin redirect;
+ rewrite ^/users/.*/virtual_machines /virtual-machines-user redirect;
+ rewrite ^/authorized_keys.* /ssh-keys-admin redirect;
+ rewrite ^/users/.*/ssh_keys /ssh-keys-user redirect;
+ rewrite ^/containers.* /all_processes redirect;
+ rewrite ^/container_requests /all_processes redirect;
+ rewrite ^/job.* /all_processes redirect;
+ rewrite ^/users/link_account /link_account redirect;
+ rewrite ^/search.* /search-results redirect;
+ rewrite ^/keep_services.* /keep-services redirect;
+ rewrite ^/trash_items.* /trash redirect;
+
# Redirects that don't have a good mapping and
# just go to root.
rewrite ^/themes.* / redirect;
@@ -141,33 +168,6 @@ http {
rewrite ^/pipeline_templates.* / redirect;
rewrite ^/pipeline_instances.* / redirect;
- # Redirects that go to a roughly equivalent page
- rewrite ^/virtual_machines.* /virtual-machines-admin redirect;
- rewrite ^/users/.*/virtual_machines /virtual-machines-user redirect;
- rewrite ^/authorized_keys.* /ssh-keys-admin redirect;
- rewrite ^/users/.*/ssh_keys /ssh-keys-user redirect;
- rewrite ^/containers.* /all_processes redirect;
- rewrite ^/container_requests /all_processes redirect;
- rewrite ^/job.* /all_processes redirect;
- rewrite ^/users/link_account /link_account redirect;
- rewrite ^/search.* /search-results redirect;
- rewrite ^/keep_services.* /keep-services redirect;
- rewrite ^/trash_items.* /trash redirect;
-
- # Redirects that include a uuid
- rewrite ^/work_units/(.*) /processes/$1 redirect;
- rewrite ^/container_requests/(.*) /processes/$1 redirect;
- rewrite ^/users/(.*) /user/$1 redirect;
- rewrite ^/groups/(.*) /group/$1 redirect;
-
- # Special file download redirects
- if (\$arg_disposition = attachment) {
- rewrite ^/collections/([^/]*)/(.*) /?redirectToDownload=/c=$1/$2? redirect;
- }
- if (\$arg_disposition = inline) {
- rewrite ^/collections/([^/]*)/(.*) /?redirectToPreview=/c=$1/$2? redirect;
- }
-
location / {
proxy_pass http://workbench2;
proxy_set_header Host \$http_host;
diff --git a/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_workbench2_configuration.sls b/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_workbench2_configuration.sls
index 44b3fb167..72cdf0484 100644
--- a/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_workbench2_configuration.sls
+++ b/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_workbench2_configuration.sls
@@ -49,6 +49,32 @@ nginx:
# rewrite ^/projects.* /projects redirect;
# rewrite ^/trash /trash redirect;
+ # Redirects that include a uuid
+ - rewrite: '^/work_units/(.*) /processes/$1 redirect'
+ - rewrite: '^/container_requests/(.*) /processes/$1 redirect'
+ - rewrite: '^/users/(.*) /user/$1 redirect'
+ - rewrite: '^/groups/(.*) /group/$1 redirect'
+
+ # Special file download redirects
+ - 'if ($arg_disposition = attachment)':
+ - rewrite: '^/collections/([^/]*)/(.*) /?redirectToDownload=/c=$1/$2? redirect'
+
+ - 'if ($arg_disposition = inline)':
+ - rewrite: '^/collections/([^/]*)/(.*) /?redirectToPreview=/c=$1/$2? redirect'
+
+ # Redirects that go to a roughly equivalent page
+ - rewrite: '^/virtual_machines.* /virtual-machines-admin redirect'
+ - rewrite: '^/users/.*/virtual_machines /virtual-machines-user redirect'
+ - rewrite: '^/authorized_keys.* /ssh-keys-admin redirect'
+ - rewrite: '^/users/.*/ssh_keys /ssh-keys-user redirect'
+ - rewrite: '^/containers.* /all_processes redirect'
+ - rewrite: '^/container_requests /all_processes redirect'
+ - rewrite: '^/job.* /all_processes redirect'
+ - rewrite: '^/users/link_account /link_account redirect'
+ - rewrite: '^/search.* /search-results redirect'
+ - rewrite: '^/keep_services.* /keep-services redirect'
+ - rewrite: '^/trash_items.* /trash redirect'
+
# Redirects that don't have a good mapping and
# just go to root.
- rewrite: '^/themes.* / redirect'
@@ -68,33 +94,6 @@ nginx:
- rewrite: '^/pipeline_templates.* / redirect'
- rewrite: '^/pipeline_instances.* / redirect'
- # Redirects that go to a roughly equivalent page
- - rewrite: '^/virtual_machines.* /virtual-machines-admin redirect'
- - rewrite: '^/users/.*/virtual_machines /virtual-machines-user redirect'
- - rewrite: '^/authorized_keys.* /ssh-keys-admin redirect'
- - rewrite: '^/users/.*/ssh_keys /ssh-keys-user redirect'
- - rewrite: '^/containers.* /all_processes redirect'
- - rewrite: '^/container_requests /all_processes redirect'
- - rewrite: '^/job.* /all_processes redirect'
- - rewrite: '^/users/link_account /link_account redirect'
- - rewrite: '^/search.* /search-results redirect'
- - rewrite: '^/keep_services.* /keep-services redirect'
- - rewrite: '^/trash_items.* /trash redirect'
-
- # Redirects that include a uuid
- - rewrite: '^/work_units/(.*) /processes/$1 redirect'
- - rewrite: '^/container_requests/(.*) /processes/$1 redirect'
- - rewrite: '^/users/(.*) /user/$1 redirect'
- - rewrite: '^/groups/(.*) /group/$1 redirect'
-
- # Special file download redirects
- - 'if ($arg_disposition = attachment)':
- - rewrite: '^/collections/([^/]*)/(.*) /?redirectToDownload=/c=$1/$2? redirect'
-
- - 'if ($arg_disposition = inline)':
- - rewrite: '^/collections/([^/]*)/(.*) /?redirectToPreview=/c=$1/$2? redirect'
-
-
- location /:
- root: /var/www/arvados-workbench2/workbench2
- try_files: '$uri $uri/ /index.html'
commit bcbba709ff8e7a186a3adf917ca8e5aee673a8ab
Author: Peter Amstutz <peter.amstutz at curii.com>
Date: Wed Aug 2 14:39:20 2023 -0400
20688: check for ssh ahead of time, sync only before deploy
Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <peter.amstutz at curii.com>
diff --git a/tools/salt-install/installer.sh b/tools/salt-install/installer.sh
index 37007da7b..d2f58fd03 100755
--- a/tools/salt-install/installer.sh
+++ b/tools/salt-install/installer.sh
@@ -106,10 +106,13 @@ sync() {
deploynode() {
local NODE=$1
local ROLES=$2
+ local BRANCH=$3
# Deploy a node. This runs the provision script on the node, with
# the appropriate roles.
+ sync $NODE $BRANCH
+
if [[ -z "$ROLES" ]] ; then
echo "No roles specified for $NODE, will deploy all roles"
else
@@ -289,17 +292,15 @@ case "$subcmd" in
if [[ -z "$NODE" ]]; then
for NODE in "${!NODES[@]}"
do
- # First, push the git repo to each node. This also
- # confirms that we have git and can log into each
- # node.
- sync $NODE $BRANCH
+ # First, just confirm we can ssh to each node.
+ `ssh_cmd "$NODE"` $DEPLOY_USER@$NODE true
done
for NODE in "${!NODES[@]}"
do
# Do 'database' role first,
if [[ "${NODES[$NODE]}" =~ database ]] ; then
- deploynode $NODE "${NODES[$NODE]}"
+ deploynode $NODE "${NODES[$NODE]}" $BRANCH
unset NODES[$NODE]
fi
done
@@ -326,12 +327,11 @@ case "$subcmd" in
do
# Everything else (we removed the nodes that we
# already deployed from the list)
- deploynode $NODE "${NODES[$NODE]}"
+ deploynode $NODE "${NODES[$NODE]}" $BRANCH
done
else
# Just deploy the node that was supplied on the command line.
- sync $NODE $BRANCH
- deploynode $NODE "${NODES[$NODE]}"
+ deploynode $NODE "${NODES[$NODE]}" $BRANCH
fi
set +x
commit f1a48936453b1017d192a40b0b84d71777011071
Author: Peter Amstutz <peter.amstutz at curii.com>
Date: Fri Jul 21 13:44:36 2023 -0400
20688: Add nginx redirects from wb1 paths to wb2 paths to salt
Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <peter.amstutz at curii.com>
diff --git a/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_workbench2_configuration.sls b/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_workbench2_configuration.sls
index 629910eb8..44b3fb167 100644
--- a/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_workbench2_configuration.sls
+++ b/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_workbench2_configuration.sls
@@ -38,6 +38,63 @@ nginx:
- listen:
- __CONTROLLER_EXT_SSL_PORT__ http2 ssl
- index: index.html index.htm
+
+ # REDIRECTS FROM WORKBENCH 1 TO WORKBENCH 2
+
+ # Paths that are not redirected because wb1 and wb2 have similar enough paths
+ # that a redirect is pointless and would create a redirect loop.
+ # rewrite ^/api_client_authorizations.* /api_client_authorizations redirect;
+ # rewrite ^/repositories.* /repositories redirect;
+ # rewrite ^/links.* /links redirect;
+ # rewrite ^/projects.* /projects redirect;
+ # rewrite ^/trash /trash redirect;
+
+ # Redirects that don't have a good mapping and
+ # just go to root.
+ - rewrite: '^/themes.* / redirect'
+ - rewrite: '^/keep_disks.* / redirect'
+ - rewrite: '^/user_agreements.* / redirect'
+ - rewrite: '^/nodes.* / redirect'
+ - rewrite: '^/humans.* / redirect'
+ - rewrite: '^/traits.* / redirect'
+ - rewrite: '^/sessions.* / redirect'
+ - rewrite: '^/logout.* / redirect'
+ - rewrite: '^/logged_out.* / redirect'
+ - rewrite: '^/current_token / redirect'
+ - rewrite: '^/logs.* / redirect'
+ - rewrite: '^/factory_jobs.* / redirect'
+ - rewrite: '^/uploaded_datasets.* / redirect'
+ - rewrite: '^/specimens.* / redirect'
+ - rewrite: '^/pipeline_templates.* / redirect'
+ - rewrite: '^/pipeline_instances.* / redirect'
+
+ # Redirects that go to a roughly equivalent page
+ - rewrite: '^/virtual_machines.* /virtual-machines-admin redirect'
+ - rewrite: '^/users/.*/virtual_machines /virtual-machines-user redirect'
+ - rewrite: '^/authorized_keys.* /ssh-keys-admin redirect'
+ - rewrite: '^/users/.*/ssh_keys /ssh-keys-user redirect'
+ - rewrite: '^/containers.* /all_processes redirect'
+ - rewrite: '^/container_requests /all_processes redirect'
+ - rewrite: '^/job.* /all_processes redirect'
+ - rewrite: '^/users/link_account /link_account redirect'
+ - rewrite: '^/search.* /search-results redirect'
+ - rewrite: '^/keep_services.* /keep-services redirect'
+ - rewrite: '^/trash_items.* /trash redirect'
+
+ # Redirects that include a uuid
+ - rewrite: '^/work_units/(.*) /processes/$1 redirect'
+ - rewrite: '^/container_requests/(.*) /processes/$1 redirect'
+ - rewrite: '^/users/(.*) /user/$1 redirect'
+ - rewrite: '^/groups/(.*) /group/$1 redirect'
+
+ # Special file download redirects
+ - 'if ($arg_disposition = attachment)':
+ - rewrite: '^/collections/([^/]*)/(.*) /?redirectToDownload=/c=$1/$2? redirect'
+
+ - 'if ($arg_disposition = inline)':
+ - rewrite: '^/collections/([^/]*)/(.*) /?redirectToPreview=/c=$1/$2? redirect'
+
+
- location /:
- root: /var/www/arvados-workbench2/workbench2
- try_files: '$uri $uri/ /index.html'
commit 3a86f73ec1fc72b913cc66b2da7872ca4b5ae74f
Author: Peter Amstutz <peter.amstutz at curii.com>
Date: Fri Jul 21 13:15:11 2023 -0400
20688: Fix quoting issue
Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <peter.amstutz at curii.com>
diff --git a/tools/arvbox/lib/arvbox/docker/service/nginx/run b/tools/arvbox/lib/arvbox/docker/service/nginx/run
index 272a6040c..ec889e7dd 100755
--- a/tools/arvbox/lib/arvbox/docker/service/nginx/run
+++ b/tools/arvbox/lib/arvbox/docker/service/nginx/run
@@ -161,10 +161,10 @@ http {
rewrite ^/groups/(.*) /group/$1 redirect;
# Special file download redirects
- if ($arg_disposition = attachment) {
+ if (\$arg_disposition = attachment) {
rewrite ^/collections/([^/]*)/(.*) /?redirectToDownload=/c=$1/$2? redirect;
}
- if ($arg_disposition = inline) {
+ if (\$arg_disposition = inline) {
rewrite ^/collections/([^/]*)/(.*) /?redirectToPreview=/c=$1/$2? redirect;
}
commit df946e60eaefe6f7ea8db6667bf61841612c5a88
Author: Peter Amstutz <peter.amstutz at curii.com>
Date: Tue Jul 18 14:57:39 2023 -0400
20688: Add wb1 to wb2 redirects to arvbox
Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <peter.amstutz at curii.com>
diff --git a/tools/arvbox/lib/arvbox/docker/common.sh b/tools/arvbox/lib/arvbox/docker/common.sh
index d900f0377..822def937 100644
--- a/tools/arvbox/lib/arvbox/docker/common.sh
+++ b/tools/arvbox/lib/arvbox/docker/common.sh
@@ -35,9 +35,9 @@ server_cert_key=$ARVADOS_CONTAINER_PATH/server-cert-${localip}.key
declare -A services
services=(
- [workbench]=443
+ [workbench]=3001
[workbench2]=3000
- [workbench2-ssl]=3001
+ [workbench2-ssl]=443
[api]=8004
[controller]=8003
[controller-ssl]=8000
diff --git a/tools/arvbox/lib/arvbox/docker/service/nginx/run b/tools/arvbox/lib/arvbox/docker/service/nginx/run
index 991927be7..272a6040c 100755
--- a/tools/arvbox/lib/arvbox/docker/service/nginx/run
+++ b/tools/arvbox/lib/arvbox/docker/service/nginx/run
@@ -111,6 +111,63 @@ http {
server_name workbench2;
ssl_certificate "${server_cert}";
ssl_certificate_key "${server_cert_key}";
+
+ # REDIRECTS FROM WORKBENCH 1 TO WORKBENCH 2
+
+ # Paths that are not redirected because wb1 and wb2 have similar enough paths
+ # that a redirect is pointless and would create a redirect loop.
+ # rewrite ^/api_client_authorizations.* /api_client_authorizations redirect;
+ # rewrite ^/repositories.* /repositories redirect;
+ # rewrite ^/links.* /links redirect;
+ # rewrite ^/projects.* /projects redirect;
+ # rewrite ^/trash /trash redirect;
+
+ # Redirects that don't have a good mapping and
+ # just go to root.
+ rewrite ^/themes.* / redirect;
+ rewrite ^/keep_disks.* / redirect;
+ rewrite ^/user_agreements.* / redirect;
+ rewrite ^/nodes.* / redirect;
+ rewrite ^/humans.* / redirect;
+ rewrite ^/traits.* / redirect;
+ rewrite ^/sessions.* / redirect;
+ rewrite ^/logout.* / redirect;
+ rewrite ^/logged_out.* / redirect;
+ rewrite ^/current_token / redirect;
+ rewrite ^/logs.* / redirect;
+ rewrite ^/factory_jobs.* / redirect;
+ rewrite ^/uploaded_datasets.* / redirect;
+ rewrite ^/specimens.* / redirect;
+ rewrite ^/pipeline_templates.* / redirect;
+ rewrite ^/pipeline_instances.* / redirect;
+
+ # Redirects that go to a roughly equivalent page
+ rewrite ^/virtual_machines.* /virtual-machines-admin redirect;
+ rewrite ^/users/.*/virtual_machines /virtual-machines-user redirect;
+ rewrite ^/authorized_keys.* /ssh-keys-admin redirect;
+ rewrite ^/users/.*/ssh_keys /ssh-keys-user redirect;
+ rewrite ^/containers.* /all_processes redirect;
+ rewrite ^/container_requests /all_processes redirect;
+ rewrite ^/job.* /all_processes redirect;
+ rewrite ^/users/link_account /link_account redirect;
+ rewrite ^/search.* /search-results redirect;
+ rewrite ^/keep_services.* /keep-services redirect;
+ rewrite ^/trash_items.* /trash redirect;
+
+ # Redirects that include a uuid
+ rewrite ^/work_units/(.*) /processes/$1 redirect;
+ rewrite ^/container_requests/(.*) /processes/$1 redirect;
+ rewrite ^/users/(.*) /user/$1 redirect;
+ rewrite ^/groups/(.*) /group/$1 redirect;
+
+ # Special file download redirects
+ if ($arg_disposition = attachment) {
+ rewrite ^/collections/([^/]*)/(.*) /?redirectToDownload=/c=$1/$2? redirect;
+ }
+ if ($arg_disposition = inline) {
+ rewrite ^/collections/([^/]*)/(.*) /?redirectToPreview=/c=$1/$2? redirect;
+ }
+
location / {
proxy_pass http://workbench2;
proxy_set_header Host \$http_host;
diff --git a/tools/arvbox/lib/arvbox/docker/service/ready/run-service b/tools/arvbox/lib/arvbox/docker/service/ready/run-service
index 1e9aae0c4..b19edaf25 100755
--- a/tools/arvbox/lib/arvbox/docker/service/ready/run-service
+++ b/tools/arvbox/lib/arvbox/docker/service/ready/run-service
@@ -89,7 +89,7 @@ fi
echo
echo "Your Arvados-in-a-box is ready!"
-echo "Workbench is hosted at https://$localip"
+echo "Workbench is hosted at https://$localip:${services[workbench]}"
echo "Workbench2 is hosted at https://$localip:${services[workbench2-ssl]}"
echo "Documentation is hosted at http://$localip:${services[doc]}"
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list