[arvados] created: 2.6.0-302-gdb3234cd6
git repository hosting
git at public.arvados.org
Wed Jun 21 20:53:19 UTC 2023
at db3234cd671649c92b25255a4268e1cc8bfd7809 (commit)
commit db3234cd671649c92b25255a4268e1cc8bfd7809
Author: Lucas Di Pentima <lucas.dipentima at curii.com>
Date: Wed Jun 21 17:51:32 2023 -0300
20665: Updates single-host docs to reflect local.params.secrets addition.
Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas.dipentima at curii.com>
diff --git a/doc/install/salt-single-host.html.textile.liquid b/doc/install/salt-single-host.html.textile.liquid
index f0a393828..ec97be485 100644
--- a/doc/install/salt-single-host.html.textile.liquid
+++ b/doc/install/salt-single-host.html.textile.liquid
@@ -12,7 +12,7 @@ SPDX-License-Identifier: CC-BY-SA-3.0
# "Limitations of the single host install":#limitations
# "Prerequisites and planning":#prerequisites
# "Download the installer":#download
-# "Edit local.params":#localparams
+# "Edit local.params* files":#localparams
# "Choose the SSL configuration":#certificates
## "Using a self-signed certificate":#self-signed
## "Using a Let's Encrypt certificate":#lets-encrypt
@@ -104,15 +104,22 @@ h2(#download). Download the installer
If you are using multiple hostname configuration, substitute 'multiple_hostnames' where it says 'single_hostname' in the command above.
-h2(#localparams). Edit @local.params@
+h2(#localparams). Edit @local.params*@ files
-This can be found wherever you choose to initialize the install files (@~/setup-arvados-xarv1@ in these examples).
+The cluster configuration parameters are included in two files: @local.params@ and @local.params.secrets at . These files can be found wherever you choose to initialize the installation files (e.g., @~/setup-arvados-xarv1@ in these examples).
+
+The @local.params.secrets@ file is intended to store security-sensitive data such as passwords, private keys, tokens, etc. Depending on the security requirements of the cluster deployment, this file may need to be handled differently from the others.
+
+h3. Parameters from @local.params@:
# Set @CLUSTER@ to the 5-character cluster identifier (e.g "xarv1")
# Set @DOMAIN@ to the base DNS domain of the environment, e.g. "example.com"
# Single hostname only: set @IP_INT@ to the host's IP address.
# Single hostname only: set @HOSTNAME_EXT@ to the hostname that users will use to connect.
# Set @INITIAL_USER_EMAIL@ to your email address, as you will be the first admin user of the system.
+
+h3. Parameters from @local.params.secrets@:
+
# Set each @KEY@ / @TOKEN@ to a random string
Here's an easy way to create five random tokens:
<pre><code>for i in 1 2 3 4 5; do
@@ -124,7 +131,7 @@ done
For example, if the password is @Lq&MZ<V']d?j@
With backslash quoting the special characters it should appear like this in local.params:
<pre><code>DATABASE_PASSWORD="Lq\&MZ\<V\'\]d\?j"</code></pre>
-
+# Set @DISPATCHER_SSH_PRIVKEY@ to @"no"@, as it isn't needed.
{% include 'ssl_config_single' %}
h2(#authentication). Configure your authentication provider (optional, recommended)
commit 67dbba7cafb94e3527153dbbe58f00f179cfa3a7
Author: Lucas Di Pentima <lucas.dipentima at curii.com>
Date: Wed Jun 21 17:27:41 2023 -0300
20665: Updates documentation reflecting the new local.params.secrets file.
Also, fixes some old issues related to the use of ${CLUSTER} and ${DOMAIN}.
Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas.dipentima at curii.com>
diff --git a/doc/_includes/_multi_host_install_custom_certificates.liquid b/doc/_includes/_multi_host_install_custom_certificates.liquid
index 7063eb28f..1a51f2991 100644
--- a/doc/_includes/_multi_host_install_custom_certificates.liquid
+++ b/doc/_includes/_multi_host_install_custom_certificates.liquid
@@ -14,17 +14,17 @@ xarv1.example.com
*.collections.xarv1.example.com
</pre>
-(Replacing xarv1 with your own ${CLUSTER}.${DOMAIN})
+(Replacing @xarv1.example.com@ with your own @${DOMAIN}@)
Copy your certificates to the directory specified with the variable @CUSTOM_CERTS_DIR@ in the remote directory where you copied the @provision.sh@ script. The provision script will find the certificates there.
The script expects cert/key files with these basenames (matching the role except for <i>keepweb</i>, which is split in both <i>download / collections</i>):
# @controller@
-# @websocket@ -- note: corresponds to default domain @ws.${CLUSTER}.${DOMAIN}@
-# @keepproxy@ -- note: corresponds to default domain @keep.${CLUSTER}.${DOMAIN}@
+# @websocket@ -- note: corresponds to default domain @ws.${DOMAIN}@
+# @keepproxy@ -- note: corresponds to default domain @keep.${DOMAIN}@
# @download@ -- Part of keepweb
-# @collections@ -- Part of keepweb, must be a wildcard for @*.collections.${CLUSTER}.${DOMAIN}@
+# @collections@ -- Part of keepweb, must be a wildcard for @*.collections.${DOMAIN}@
# @workbench@
# @workbench2@
# @webshell@
diff --git a/doc/install/salt-multi-host.html.textile.liquid b/doc/install/salt-multi-host.html.textile.liquid
index 22e06eb7f..b0a3213d2 100644
--- a/doc/install/salt-multi-host.html.textile.liquid
+++ b/doc/install/salt-multi-host.html.textile.liquid
@@ -16,7 +16,7 @@ SPDX-License-Identifier: CC-BY-SA-3.0
# "Set up your infrastructure":#setup-infra
## "Create AWS infrastructure with Terraform":#terraform
## "Create required infrastructure manually":#inframanual
-# "Edit local.params":#localparams
+# "Edit local.params* files":#localparams
# "Configure Keep storage":#keep
# "Choose the SSL configuration":#certificates
## "Using a Let's Encrypt certificates":#lets-encrypt
@@ -192,7 +192,7 @@ The certificates will be requested from Let's Encrypt when you run the installer
* You'll also need @compute_subnet_id@ and @arvados_sg_id@ to set @DriverParameters.SubnetID@ and @DriverParameters.SecurityGroupIDs@ in @local_config_dir/pillars/arvados.sls@ and when you "create a compute image":#create_a_compute_image.
-You can now proceed to "edit local.params":#localparams.
+You can now proceed to "edit local.params* files":#localparams.
h3(#inframanual). Create required infrastructure manually
@@ -259,9 +259,13 @@ This usually means adding the account to the @sudo@ group and having a rule like
If your infrastructure differs from the setup proposed above (ie, different hostnames), you can still use the installer, but "additional customization may be necessary":#further_customization .
-h2(#localparams). Edit @local.params@
+h2(#localparams). Edit @local.params*@ files
-This can be found wherever you choose to initialize the install files (@~/setup-arvados-xarv1@ in these examples).
+The cluster configuration parameters are included in two files: @local.params@ and @local.params.secrets at . These files can be found wherever you choose to initialize the installation files (e.g., @~/setup-arvados-xarv1@ in these examples).
+
+The @local.params.secrets@ file is intended to store security-sensitive data such as passwords, private keys, tokens, etc. Depending on the security requirements of the cluster deployment, this file may need to be handled differently from the others.
+
+h3. Parameters from @local.params@:
# Set @CLUSTER@ to the 5-character cluster identifier (e.g "xarv1")
# Set @DOMAIN@ to the base DNS domain of the environment, e.g. "xarv1.example.com"
@@ -270,6 +274,9 @@ This can be found wherever you choose to initialize the install files (@~/setup-
_CIDR stands for "Classless Inter-Domain Routing" and describes which portion of the IP address that refers to the network. For example 192.168.3.0/24 means that the first 24 bits are the network (192.168.3) and the last 8 bits are a specific host on that network._
_AWS Specific: Go to the AWS console and into the VPC service, there is a column in this table view of the VPCs that gives the CIDR for the VPC (IPv4 CIDR)._
# Set @INITIAL_USER_EMAIL@ to your email address, as you will be the first admin user of the system.
+
+h3. Parameters from @local.params.secrets@:
+
# Set each @KEY@ / @TOKEN@ / @PASSWORD@ to a random string. You can use @installer.sh generate-tokens@
<pre><code>$ ./installer.sh generate-tokens
BLOB_SIGNING_KEY=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
@@ -284,6 +291,13 @@ DATABASE_PASSWORD=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
For example, if the password is @Lq&MZ<V']d?j@
With backslash quoting the special characters it should appear like this in local.params:
<pre><code>DATABASE_PASSWORD="Lq\&MZ\<V\'\]d\?j"</code></pre>
+# Set @DISPATCHER_SSH_PRIVKEY@ to a SSH private key that @arvados-dispatch-cloud@ will use to connect to the compute nodes:
+<pre><code>DISPATCHER_SSH_PRIVKEY="-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
+...
+s4VY40kNxs6MsAAAAPbHVjYXNAaW5zdGFsbGVyAQIDBA==
+-----END OPENSSH PRIVATE KEY-----"
+</code></pre>You can create one by following the steps described on the "building a compute node documentation":{{site.baseurl}}/install/crunch2-cloud/install-compute-node.html#sshkeypair page.
h3(#etchosts). Note on @/etc/hosts@
@@ -324,7 +338,7 @@ Arvados requires a database that is compatible with PostgreSQL 9.5 or later. Fo
# In @local.params@, remove 'database' from the list of roles assigned to the controller node:
<pre><code>NODES=(
- [controller.${CLUSTER}.${DOMAIN}]=api,controller,websocket,dispatcher,keepbalance
+ [controller.${DOMAIN}]=api,controller,websocket,dispatcher,keepbalance
...
)
</code></pre>
@@ -364,7 +378,6 @@ Once the image has been created, open @local_config_dir/pillars/arvados.sls@ and
## Set @DriverParameters.AdminUsername@ to the admin user account on the image
## Set the @DriverParameters.SecurityGroupIDs@ list to the VPC security group which you set up to allow SSH connections to these nodes
## Set @DriverParameters.SubnetID@ to the value of SubnetId of your VPC
-# Update @arvados.cluster.Containers.DispatchPrivateKey@ and paste the contents of the @~/.ssh/id_dispatcher@ file you generated in an earlier step.
# Update @arvados.cluster.InstanceTypes@ as necessary. The example instance types are for AWS, other cloud providers will of course have different instance types with different names and specifications.
(AWS specific) If m5/c5 node types are not available, replace them with m4/c4. You'll need to double check the values for Price and IncludedScratch/AddedScratch for each type that is changed.
@@ -450,7 +463,7 @@ h2(#initial_user). Initial user and login
At this point you should be able to log into the Arvados cluster. The initial URL will be
-https://workbench.@${CLUSTER}.${DOMAIN}@
+https://workbench.${DOMAIN}@
If you did *not* "configure a different authentication provider":#authentication you will be using the "Test" provider, and the provision script creates an initial user for testing purposes. This user is configured as administrator of the newly created cluster. It uses the values of @INITIAL_USER@ and @INITIAL_USER_PASSWORD@ the @local.params@ file.
@@ -460,7 +473,7 @@ h2(#monitoring). Monitoring and Metrics
You can monitor the health and performance of the system using the admin dashboard:
-https://grafana.@${CLUSTER}.${DOMAIN}@
+https://grafana.${DOMAIN}@
To log in, use username "admin" and @${INITIAL_USER_PASSWORD}@ from @local.conf at .
commit 2b541090d500166243c84a9d7d2f9dbedf9f7360
Author: Lucas Di Pentima <lucas.dipentima at curii.com>
Date: Wed Jun 21 16:11:11 2023 -0300
20665: Handles secrets on a separate file.
This allows the admin to give special treatment to it, to comply with security
policies that the local organization may have.
Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas.dipentima at curii.com>
diff --git a/tools/salt-install/config_examples/multi_host/aws/pillars/arvados.sls b/tools/salt-install/config_examples/multi_host/aws/pillars/arvados.sls
index 51842b6e2..98fcf5f6d 100644
--- a/tools/salt-install/config_examples/multi_host/aws/pillars/arvados.sls
+++ b/tools/salt-install/config_examples/multi_host/aws/pillars/arvados.sls
@@ -115,6 +115,7 @@ arvados:
{%- endif %}
### CONTAINERS
+ {%- set dispatcher_ssh_privkey = "__DISPATCHER_SSH_PRIVKEY__" %}
Containers:
MaxRetryAttempts: 10
CloudVMs:
@@ -131,12 +132,7 @@ arvados:
SecurityGroupIDs: ['sg-FIXMEFIXMEFIXMEFI']
SubnetID: subnet-FIXMEFIXMEFIXMEFI
IAMInstanceProfile: __CLUSTER__-compute-node-00-iam-role
- DispatchPrivateKey: |
- -----BEGIN OPENSSH PRIVATE KEY-----
- Read https://doc.arvados.org/install/crunch2-cloud/install-compute-node.html#sshkeypair
- for details on how to create this key.
- FIXMEFIXMEFIXME replace this with your dispatcher ssh private key
- -----END OPENSSH PRIVATE KEY-----
+ DispatchPrivateKey: {{ dispatcher_ssh_privkey|yaml_dquote }}
### VOLUMES
## This should usually match all your `keepstore` instances
diff --git a/tools/salt-install/installer.sh b/tools/salt-install/installer.sh
index c86e9b02c..55cbd36d9 100755
--- a/tools/salt-install/installer.sh
+++ b/tools/salt-install/installer.sh
@@ -127,9 +127,10 @@ deploynode() {
}
loadconfig() {
- if [[ ! -s $CONFIG_FILE ]] ; then
+ if [ ! -s ${CONFIG_FILE} -o ! -s ${CONFIG_FILE}.secrets ]; then
echo "Must be run from initialized setup dir, maybe you need to 'initialize' first?"
fi
+ source ${CONFIG_FILE}.secrets
source ${CONFIG_FILE}
GITTARGET=arvados-deploy-config-${CLUSTER}
}
@@ -198,6 +199,7 @@ case "$subcmd" in
cp -r *.sh tests $SETUPDIR
cp local.params.example.$PARAMS $SETUPDIR/${CONFIG_FILE}
+ cp local.params.secrets.example $SETUPDIR/${CONFIG_FILE}.secrets
cp -r config_examples/$SLS $SETUPDIR/${CONFIG_DIR}
if [[ -n "$TERRAFORM" ]] ; then
@@ -214,7 +216,7 @@ case "$subcmd" in
git add terraform
fi
- git add *.sh ${CONFIG_FILE} ${CONFIG_DIR} tests .gitignore
+ git add *.sh ${CONFIG_FILE} ${CONFIG_FILE}.secrets ${CONFIG_DIR} tests .gitignore
git commit -m"initial commit"
echo
@@ -225,7 +227,7 @@ case "$subcmd" in
(cd $SETUPDIR/terraform/services && terraform init)
echo "Now go to $SETUPDIR, customize 'terraform/vpc/terraform.tfvars' as needed, then run 'installer.sh terraform'"
else
- echo "Now go to $SETUPDIR, customize '${CONFIG_FILE}' and '${CONFIG_DIR}' as needed, then run 'installer.sh deploy'"
+ echo "Now go to $SETUPDIR, customize '${CONFIG_FILE}', '${CONFIG_FILE}.secrets' and '${CONFIG_DIR}' as needed, then run 'installer.sh deploy'"
fi
;;
@@ -259,7 +261,7 @@ case "$subcmd" in
loadconfig
- if grep -rni 'fixme' ${CONFIG_FILE} ${CONFIG_DIR} ; then
+ if grep -rni 'fixme' ${CONFIG_FILE} ${CONFIG_FILE}.secrets ${CONFIG_DIR} ; then
echo
echo "Some parameters still need to be updated. Please fix them and then re-run deploy."
exit 1
@@ -270,7 +272,7 @@ case "$subcmd" in
set -x
git add -A
- if ! git diff --cached --exit-code ; then
+ if ! git diff --cached --exit-code --quiet ; then
git commit -m"prepare for deploy"
fi
diff --git a/tools/salt-install/local.params.example.multiple_hosts b/tools/salt-install/local.params.example.multiple_hosts
index 463ee4c10..d1cdfeb3c 100644
--- a/tools/salt-install/local.params.example.multiple_hosts
+++ b/tools/salt-install/local.params.example.multiple_hosts
@@ -21,7 +21,6 @@ INITIAL_USER=admin
# If not specified, the initial user email will be composed as
# INITIAL_USER at DOMAIN
INITIAL_USER_EMAIL="admin at cluster_fixme_or_this_wont_work.domain_fixme_or_this_wont_work"
-INITIAL_USER_PASSWORD="fixmepassword"
# Use a public node as a jump host for SSH sessions. This allows running the
# installer from the outside of the cluster's local network and still reach
@@ -29,14 +28,6 @@ INITIAL_USER_PASSWORD="fixmepassword"
# Comment out to disable.
USE_SSH_JUMPHOST="controller.${DOMAIN}"
-# YOU SHOULD CHANGE THESE TO SOME RANDOM STRINGS
-BLOB_SIGNING_KEY=fixmeblobsigningkeymushaveatleast32characters
-MANAGEMENT_TOKEN=fixmemanagementtokenmushaveatleast32characters
-SYSTEM_ROOT_TOKEN=fixmesystemroottokenmushaveatleast32characters
-ANONYMOUS_USER_TOKEN=fixmeanonymoususertokenmushaveatleast32characters
-WORKBENCH_SECRET_KEY=fixmeworkbenchsecretkeymushaveatleast32characters
-DATABASE_PASSWORD=fixmeplease_set_this_to_some_secure_value
-
# SSL CERTIFICATES
# Arvados requires SSL certificates to work correctly. This installer supports these options:
# * self-signed: let the installer create self-signed certificate(s)
@@ -52,8 +43,6 @@ USE_LETSENCRYPT_ROUTE53="yes"
# RRs in the route53 zone for the cluster.
# WARNING!: If AWS credentials files already exist in the hosts, they won't be replaced.
LE_AWS_REGION="us-east-1"
-LE_AWS_ACCESS_KEY_ID="AKIABCDEFGHIJKLMNOPQ"
-LE_AWS_SECRET_ACCESS_KEY="thisistherandomstringthatisyoursecretkey"
# If you going to provide your own certificates for Arvados, the provision script can
# help you deploy them. In order to do that, you need to set `SSL_MODE=bring-your-own` above,
diff --git a/tools/salt-install/local.params.example.single_host_multiple_hostnames b/tools/salt-install/local.params.example.single_host_multiple_hostnames
index 5633c6cbf..5b3135287 100644
--- a/tools/salt-install/local.params.example.single_host_multiple_hostnames
+++ b/tools/salt-install/local.params.example.single_host_multiple_hostnames
@@ -20,15 +20,6 @@ INITIAL_USER=admin
# If not specified, the initial user email will be composed as
# INITIAL_USER at CLUSTER.DOMAIN
INITIAL_USER_EMAIL="admin at cluster_fixme_or_this_wont_work.domain_fixme_or_this_wont_work"
-INITIAL_USER_PASSWORD="fixmepassword"
-
-# YOU SHOULD CHANGE THESE TO SOME RANDOM STRINGS
-BLOB_SIGNING_KEY=fixmeblobsigningkeymushaveatleast32characters
-MANAGEMENT_TOKEN=fixmemanagementtokenmushaveatleast32characters
-SYSTEM_ROOT_TOKEN=fixmesystemroottokenmushaveatleast32characters
-ANONYMOUS_USER_TOKEN=fixmeanonymoususertokenmushaveatleast32characters
-WORKBENCH_SECRET_KEY=fixmeworkbenchsecretkeymushaveatleast32characters
-DATABASE_PASSWORD=fixmeplease_set_this_to_some_secure_value
# SSL CERTIFICATES
# Arvados requires SSL certificates to work correctly. This installer supports these options:
diff --git a/tools/salt-install/local.params.example.single_host_single_hostname b/tools/salt-install/local.params.example.single_host_single_hostname
index 0c4f5c356..7af8898a5 100644
--- a/tools/salt-install/local.params.example.single_host_single_hostname
+++ b/tools/salt-install/local.params.example.single_host_single_hostname
@@ -20,15 +20,6 @@ INITIAL_USER=admin
# If not specified, the initial user email will be composed as
# INITIAL_USER at CLUSTER.DOMAIN
INITIAL_USER_EMAIL="admin at cluster_fixme_or_this_wont_work.domain_fixme_or_this_wont_work"
-INITIAL_USER_PASSWORD="fixmepassword"
-
-# Populate these values with random strings
-BLOB_SIGNING_KEY=fixmeblobsigningkeymushaveatleast32characters
-MANAGEMENT_TOKEN=fixmemanagementtokenmushaveatleast32characters
-SYSTEM_ROOT_TOKEN=fixmesystemroottokenmushaveatleast32characters
-ANONYMOUS_USER_TOKEN=fixmeanonymoususertokenmushaveatleast32characters
-WORKBENCH_SECRET_KEY=fixmeworkbenchsecretkeymushaveatleast32characters
-DATABASE_PASSWORD=fixmeplease_set_this_to_some_secure_value
# SSL CERTIFICATES
# Arvados requires SSL certificates to work correctly. This installer supports these options:
diff --git a/tools/salt-install/local.params.secrets.example b/tools/salt-install/local.params.secrets.example
new file mode 100644
index 000000000..bec56e00b
--- /dev/null
+++ b/tools/salt-install/local.params.secrets.example
@@ -0,0 +1,24 @@
+##########################################################
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: CC-BY-SA-3.0
+
+# These are the security-sensitive parameters to configure the installation
+
+INITIAL_USER_PASSWORD="fixme"
+
+# YOU SHOULD CHANGE THESE TO SOME RANDOM STRINGS
+BLOB_SIGNING_KEY=fixmeblobsigningkeymushaveatleast32characters
+MANAGEMENT_TOKEN=fixmemanagementtokenmushaveatleast32characters
+SYSTEM_ROOT_TOKEN=fixmesystemroottokenmushaveatleast32characters
+ANONYMOUS_USER_TOKEN=fixmeanonymoususertokenmushaveatleast32characters
+WORKBENCH_SECRET_KEY=fixmeworkbenchsecretkeymushaveatleast32characters
+DATABASE_PASSWORD=fixmeplease_set_this_to_some_secure_value
+
+LE_AWS_ACCESS_KEY_ID="FIXME"
+LE_AWS_SECRET_ACCESS_KEY="fixme"
+
+# Read https://doc.arvados.org/install/crunch2-cloud/install-compute-node.html#sshkeypair
+# for details on how to create this key.
+DISPATCHER_SSH_PRIVKEY="fixme"
+
diff --git a/tools/salt-install/provision.sh b/tools/salt-install/provision.sh
index f90386652..e438dfa77 100755
--- a/tools/salt-install/provision.sh
+++ b/tools/salt-install/provision.sh
@@ -241,11 +241,12 @@ arguments ${@}
declare -A NODES
-if [ -s ${CONFIG_FILE} ]; then
+if [ -s ${CONFIG_FILE} -a -s ${CONFIG_FILE}.secrets ]; then
+ source ${CONFIG_FILE}.secrets
source ${CONFIG_FILE}
else
echo >&2 "You don't seem to have a config file with initial values."
- echo >&2 "Please create a '${CONFIG_FILE}' file as described in"
+ echo >&2 "Please create a '${CONFIG_FILE}' & '${CONFIG_FILE}.secrets' files as described in"
echo >&2 " * https://doc.arvados.org/install/salt-single-host.html#single_host, or"
echo >&2 " * https://doc.arvados.org/install/salt-multi-host.html#multi_host_multi_hostnames"
exit 1
@@ -259,8 +260,8 @@ if [ ! -d ${CONFIG_DIR} ]; then
exit 1
fi
-if grep -rni 'fixme' ${CONFIG_FILE} ${CONFIG_DIR} ; then
- echo >&2 "The config file ${CONFIG_FILE} has some parameters that need to be modified."
+if grep -rni 'fixme' ${CONFIG_FILE}.secrets ${CONFIG_FILE} ${CONFIG_DIR} ; then
+ echo >&2 "The config files has some parameters that need to be modified."
echo >&2 "Please, fix them and re-run the provision script."
exit 1
fi
@@ -459,7 +460,8 @@ for f in $(ls "${SOURCE_PILLARS_DIR}"/*); do
s#__CONTROLLER_MAX_CONCURRENT_REQUESTS__#${CONTROLLER_MAX_CONCURRENT_REQUESTS}#g;
s#__MONITORING_USERNAME__#${MONITORING_USERNAME}#g;
s#__MONITORING_EMAIL__#${MONITORING_EMAIL}#g;
- s#__MONITORING_PASSWORD__#${MONITORING_PASSWORD}#g" \
+ s#__MONITORING_PASSWORD__#${MONITORING_PASSWORD}#g;
+ s#__DISPATCHER_SSH_PRIVKEY__#${DISPATCHER_SSH_PRIVKEY//$'\n'/\\n}#g" \
"${f}" > "${P_DIR}"/$(basename "${f}")
done
@@ -538,7 +540,8 @@ if [ -d "${SOURCE_STATES_DIR}" ]; then
s#__CONTROLLER_MAX_CONCURRENT_REQUESTS__#${CONTROLLER_MAX_CONCURRENT_REQUESTS}#g;
s#__MONITORING_USERNAME__#${MONITORING_USERNAME}#g;
s#__MONITORING_EMAIL__#${MONITORING_EMAIL}#g;
- s#__MONITORING_PASSWORD__#${MONITORING_PASSWORD}#g" \
+ s#__MONITORING_PASSWORD__#${MONITORING_PASSWORD}#g;
+ s#__DISPATCHER_SSH_PRIVKEY__#${DISPATCHER_SSH_PRIVKEY//$'\n'/\\n}#g" \
"${f}" > "${F_DIR}/extra/extra"/$(basename "${f}")
done
fi
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list