[arvados] created: 2.7.0-5416-g2429878e06
git repository hosting
git at public.arvados.org
Tue Nov 28 21:21:30 UTC 2023
at 2429878e06aa2abf0d3a65db7aac97c1ebe89c2e (commit)
commit 2429878e06aa2abf0d3a65db7aac97c1ebe89c2e
Author: Lucas Di Pentima <lucas.dipentima at curii.com>
Date: Tue Nov 28 18:20:57 2023 -0300
20690: Installs everything except wb1 in the single host case.
Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas.dipentima at curii.com>
diff --git a/tools/salt-install/provision.sh b/tools/salt-install/provision.sh
index f5dbb7aa81..e6b7fc2acb 100755
--- a/tools/salt-install/provision.sh
+++ b/tools/salt-install/provision.sh
@@ -598,7 +598,18 @@ if [ -z "${ROLES:-}" ]; then
echo " - postgres" >> ${STATES_TOP}
echo " - logrotate" >> ${STATES_TOP}
echo " - docker.software" >> ${STATES_TOP}
- echo " - arvados" >> ${STATES_TOP}
+ echo " - arvados.repo" >> ${STATES_TOP}
+ echo " - arvados.config" >> ${STATES_TOP}
+ echo " - arvados.ruby" >> ${STATES_TOP}
+ echo " - arvados.api" >> ${STATES_TOP}
+ echo " - arvados.controller" >> ${STATES_TOP}
+ echo " - arvados.keepstore" >> ${STATES_TOP}
+ echo " - arvados.websocket" >> ${STATES_TOP}
+ echo " - arvados.keepweb" >> ${STATES_TOP}
+ echo " - arvados.workbench2" >> ${STATES_TOP}
+ echo " - arvados.keepproxy" >> ${STATES_TOP}
+ echo " - arvados.shell" >> ${STATES_TOP}
+ echo " - arvados.dispatcher" >> ${STATES_TOP}
echo " - extra.shell_sudo_passwordless" >> ${STATES_TOP}
echo " - extra.shell_cron_add_login_sync" >> ${STATES_TOP}
echo " - extra.passenger_rvm" >> ${STATES_TOP}
@@ -611,6 +622,7 @@ if [ -z "${ROLES:-}" ]; then
echo " - nginx_keepproxy_configuration" >> ${PILLARS_TOP}
echo " - nginx_keepweb_configuration" >> ${PILLARS_TOP}
echo " - nginx_passenger" >> ${PILLARS_TOP}
+ echo " - nginx_snippets" >> ${PILLARS_TOP}
echo " - nginx_websocket_configuration" >> ${PILLARS_TOP}
echo " - nginx_webshell_configuration" >> ${PILLARS_TOP}
echo " - nginx_workbench2_configuration" >> ${PILLARS_TOP}
commit 3272fc2ae894a1a2288dd2a87df473ef94621d87
Author: Lucas Di Pentima <lucas.dipentima at curii.com>
Date: Tue Nov 28 17:44:33 2023 -0300
20690: Documentation updates, upgrade notes added.
Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas.dipentima at curii.com>
diff --git a/doc/admin/upgrading.html.textile.liquid b/doc/admin/upgrading.html.textile.liquid
index 739a08b5b3..17ca6e00fe 100644
--- a/doc/admin/upgrading.html.textile.liquid
+++ b/doc/admin/upgrading.html.textile.liquid
@@ -32,6 +32,10 @@ h2(#main). development main
"previous: Upgrading to 2.7.0":#v2_7_0
+h3. Remove Workbench1 packages after upgrading the salt installer
+
+If you have an Arvados cluster deployed with a previous version of the installer and you're planning on upgrading the installer, please take into consideration that the already installed workbench1 package will need to be uninstalled manually from the workbench instance.
+
h3. Remove Workbench1 packages and configuration
The Workbench1 application has been removed from the Arvados distribution. We recommend the following follow-up steps.
diff --git a/doc/install/salt-multi-host.html.textile.liquid b/doc/install/salt-multi-host.html.textile.liquid
index eaffcf582c..a3cdd03300 100644
--- a/doc/install/salt-multi-host.html.textile.liquid
+++ b/doc/install/salt-multi-host.html.textile.liquid
@@ -233,10 +233,10 @@ The installer will set up the Arvados services on your machines. Here is the de
# KEEPSTORE nodes (at least 1 if using S3 as a Keep backend, else 2)
## arvados keepstore (recommendend hostnames @keep0.${DOMAIN}@ and @keep1.${DOMAIN}@)
# WORKBENCH node
-## arvados workbench (recommendend hostname @workbench.${DOMAIN}@)
-## arvados workbench2 (recommendend hostname @workbench2.${DOMAIN}@)
-## arvados webshell (recommendend hostname @webshell.${DOMAIN}@)
-## arvados websocket (recommendend hostname @ws.${DOMAIN}@)
+## arvados legacy workbench URLs (recommendend hostname @workbench.${DOMAIN}@)
+## arvados workbench2 (recommendend hostname @workbench2.${DOMAIN}@)
+## arvados webshell (recommendend hostname @webshell.${DOMAIN}@)
+## arvados websocket (recommendend hostname @ws.${DOMAIN}@)
## arvados cloud dispatcher
## arvados keepbalance
## arvados keepproxy (recommendend hostname @keep.${DOMAIN}@)
@@ -284,7 +284,6 @@ BLOB_SIGNING_KEY=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
MANAGEMENT_TOKEN=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
SYSTEM_ROOT_TOKEN=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
ANONYMOUS_USER_TOKEN=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-WORKBENCH_SECRET_KEY=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
DATABASE_PASSWORD=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
</code></pre>
# Set @DATABASE_PASSWORD@ to a random string (unless you "already have a database":#ext-database then you should set it to that database's password)
@@ -409,13 +408,7 @@ The installer records log files for each deployment.
Most service logs go to @/var/log/syslog at .
-The logs for Rails API server and for Workbench can be found in
-
-@/var/www/arvados-api/current/log/production.log@
-and
-@/var/www/arvados-workbench/current/log/production.log@
-
-on the appropriate instances.
+The logs for Rails API server can be found in @/var/www/arvados-api/current/log/production.log@ on the appropriate instance(s).
Workbench 2 is a client-side Javascript application. If you are having trouble loading Workbench 2, check the browser's developer console (this can be found in "Tools → Developer Tools").
diff --git a/doc/install/salt-single-host.html.textile.liquid b/doc/install/salt-single-host.html.textile.liquid
index 8ad79d86e8..92c1aa2645 100644
--- a/doc/install/salt-single-host.html.textile.liquid
+++ b/doc/install/salt-single-host.html.textile.liquid
@@ -48,7 +48,7 @@ Determine if you will use a single hostname, or multiple hostnames.
If you are using multiple hostnames, determine the base domain for the cluster. This will be referred to as @${DOMAIN}@.
-For example, if CLUSTER is @xarv1@ and DOMAIN is @example.com@, then @controller.${CLUSTER}.${DOMAIN}@" means @controller.xarv1.example.com at .
+For example, if CLUSTER is @xarv1@ and DOMAIN is @example.com@, then @controller.${CLUSTER}.${DOMAIN}@ means @controller.xarv1.example.com at .
h3. Machine specification
@@ -190,13 +190,7 @@ The installer records log files for each deployment.
Most service logs go to @/var/log/syslog at .
-The logs for Rails API server and for Workbench can be found in
-
-@/var/www/arvados-api/current/log/production.log@
-and
-@/var/www/arvados-workbench/current/log/production.log@
-
-on the appropriate instances.
+The logs for Rails API server can be found in @/var/www/arvados-api/current/log/production.log@ on the appropriate instance.
Workbench 2 is a client-side Javascript application. If you are having trouble loading Workbench 2, check the browser's developer console (this can be found in "Tools → Developer Tools").
commit 8591a73827976011245909492290d2f82e419931
Author: Lucas Di Pentima <lucas.dipentima at curii.com>
Date: Tue Nov 28 15:45:59 2023 -0300
20690: Include the nginx snippets pillar, remove unneeded wb1 stuff.
Also, go back to using arvados-formula's main branch.
Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas.dipentima at curii.com>
diff --git a/tools/salt-install/provision.sh b/tools/salt-install/provision.sh
index 2831886bac..f5dbb7aa81 100755
--- a/tools/salt-install/provision.sh
+++ b/tools/salt-install/provision.sh
@@ -279,7 +279,7 @@ VERSION="latest"
# An arvados-formula tag. For a stable release, this should be a
# branch name (e.g. X.Y-dev) or tag for the release.
# ARVADOS_TAG="2.2.0"
-BRANCH="20690-remove-wb1-from-installer"
+# BRANCH="main"
# We pin the salt version to avoid potential incompatibilities when a new
# stable version is released.
@@ -752,6 +752,7 @@ else
for SVC in grafana prometheus; do
grep -q "nginx_${SVC}_configuration" ${PILLARS_TOP} || echo " - nginx_${SVC}_configuration" >> ${PILLARS_TOP}
done
+ grep -q "nginx_snippets" ${PILLARS_TOP} || echo " - nginx_snippets" >> ${PILLARS_TOP}
if [ "${SSL_MODE}" = "lets-encrypt" ]; then
grep -q "letsencrypt" ${PILLARS_TOP} || echo " - letsencrypt" >> ${PILLARS_TOP}
for SVC in grafana prometheus; do
@@ -844,6 +845,7 @@ else
grep -q "aws_credentials" ${PILLARS_TOP} || echo " - aws_credentials" >> ${PILLARS_TOP}
grep -q "postgresql" ${PILLARS_TOP} || echo " - postgresql" >> ${PILLARS_TOP}
grep -q "nginx_passenger" ${PILLARS_TOP} || echo " - nginx_passenger" >> ${PILLARS_TOP}
+ grep -q "nginx_snippets" ${PILLARS_TOP} || echo " - nginx_snippets" >> ${PILLARS_TOP}
grep -q "nginx_api_configuration" ${PILLARS_TOP} || echo " - nginx_api_configuration" >> ${PILLARS_TOP}
grep -q "nginx_controller_configuration" ${PILLARS_TOP} || echo " - nginx_controller_configuration" >> ${PILLARS_TOP}
@@ -874,17 +876,7 @@ else
;;
"websocket" | "workbench" | "workbench2" | "webshell" | "keepweb" | "keepproxy")
### States ###
- if [ "${R}" = "workbench" ]; then
- grep -q " - logrotate" ${STATES_TOP} || echo " - logrotate" >> ${STATES_TOP}
- NGINX_INSTALL_SOURCE="install_from_phusionpassenger"
- if grep -q " - nginx$" ${STATES_TOP}; then
- sed -i s/"^ - nginx.*$"/" - nginx.passenger"/g ${STATES_TOP}
- else
- echo " - nginx.passenger" >> ${STATES_TOP}
- fi
- else
- grep -q "\- nginx$" ${STATES_TOP} || echo " - nginx" >> ${STATES_TOP}
- fi
+ grep -q "\- nginx$" ${STATES_TOP} || echo " - nginx" >> ${STATES_TOP}
if [ "${SSL_MODE}" = "lets-encrypt" ]; then
if [ "x${USE_LETSENCRYPT_ROUTE53:-}" = "xyes" ]; then
@@ -906,16 +898,14 @@ else
fi
# webshell role is just a nginx vhost, so it has no state
- if [ "${R}" != "webshell" ]; then
+ # workbench role is deprecated since 2.7.0
+ if [[ "${R}" != "webshell" && "${R}" != "workbench" ]]; then
grep -q "arvados.${R}" ${STATES_TOP} || echo " - arvados.${R}" >> ${STATES_TOP}
fi
### Pillars ###
- if [ "${R}" = "workbench" ]; then
- grep -q "logrotate_wb1" ${PILLARS_TOP} || echo " - logrotate_wb1" >> ${PILLARS_TOP}
- fi
- grep -q "nginx_passenger" ${PILLARS_TOP} || echo " - nginx_passenger" >> ${PILLARS_TOP}
grep -q "nginx_${R}_configuration" ${PILLARS_TOP} || echo " - nginx_${R}_configuration" >> ${PILLARS_TOP}
+ grep -q "nginx_snippets" ${PILLARS_TOP} || echo " - nginx_snippets" >> ${PILLARS_TOP}
# Special case for keepweb
if [ ${R} = "keepweb" ]; then
grep -q "nginx_download_configuration" ${PILLARS_TOP} || echo " - nginx_download_configuration" >> ${PILLARS_TOP}
commit 7709a58e0b5d05b109d54597e97bdb812713b6d2
Author: Lucas Di Pentima <lucas.dipentima at curii.com>
Date: Tue Nov 28 15:43:09 2023 -0300
20690: Bring back the WorkbenchSecretKey config as a dummy value.
Also, make config-check non-strict, to support deprecated config knobs on the
config.yml file.
Eventually, the arvados-formula will require updating but we have to make sure
that a proper branch strategy is in use, as changing it now would break
existing deployments.
Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas.dipentima at curii.com>
diff --git a/tools/salt-install/config_examples/multi_host/aws/pillars/arvados.sls b/tools/salt-install/config_examples/multi_host/aws/pillars/arvados.sls
index 177e60cb74..bd95c5a868 100644
--- a/tools/salt-install/config_examples/multi_host/aws/pillars/arvados.sls
+++ b/tools/salt-install/config_examples/multi_host/aws/pillars/arvados.sls
@@ -54,7 +54,8 @@ arvados:
# - ruby-dev
# - zlib1g-dev
- # config:
+ config:
+ check_command: /usr/bin/arvados-server config-check -strict=false -config
# file: /etc/arvados/config.yml
# user: root
## IMPORTANT!!!!!
@@ -105,6 +106,7 @@ arvados:
### KEYS
secrets:
blob_signing_key: __BLOB_SIGNING_KEY__
+ workbench_secret_key: "deprecated"
Login:
Test:
diff --git a/tools/salt-install/config_examples/single_host/multiple_hostnames/pillars/arvados.sls b/tools/salt-install/config_examples/single_host/multiple_hostnames/pillars/arvados.sls
index e50e5c677a..275c2c78ab 100644
--- a/tools/salt-install/config_examples/single_host/multiple_hostnames/pillars/arvados.sls
+++ b/tools/salt-install/config_examples/single_host/multiple_hostnames/pillars/arvados.sls
@@ -53,7 +53,8 @@ arvados:
# - ruby-dev
# - zlib1g-dev
- # config:
+ config:
+ check_command: /usr/bin/arvados-server config-check -strict=false -config
# file: /etc/arvados/config.yml
# user: root
## IMPORTANT!!!!!
@@ -106,6 +107,7 @@ arvados:
### KEYS
secrets:
blob_signing_key: __BLOB_SIGNING_KEY__
+ workbench_secret_key: "deprecated"
Login:
Test:
diff --git a/tools/salt-install/config_examples/single_host/single_hostname/pillars/arvados.sls b/tools/salt-install/config_examples/single_host/single_hostname/pillars/arvados.sls
index 1dec7633d4..f83984b01a 100644
--- a/tools/salt-install/config_examples/single_host/single_hostname/pillars/arvados.sls
+++ b/tools/salt-install/config_examples/single_host/single_hostname/pillars/arvados.sls
@@ -53,7 +53,8 @@ arvados:
# - ruby-dev
# - zlib1g-dev
- # config:
+ config:
+ check_command: /usr/bin/arvados-server config-check -strict=false -config
# file: /etc/arvados/config.yml
# user: root
## IMPORTANT!!!!!
@@ -106,6 +107,7 @@ arvados:
### KEYS
secrets:
blob_signing_key: __BLOB_SIGNING_KEY__
+ workbench_secret_key: "deprecated"
Login:
Test:
commit db0cdc6a548d0b4516790b82471d7580d07a2524
Author: Lucas Di Pentima <lucas.dipentima at curii.com>
Date: Tue Nov 28 15:39:54 2023 -0300
20690: Sets nginx snippets on its own pillar sls file.
Because we're not using the nginx passenger pillar on non controller nodes
anymore, we needed a way of requesting the ssl hardening snippet independently.
Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas.dipentima at curii.com>
diff --git a/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_passenger.sls b/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_passenger.sls
index de4c830906..82f1b91bb5 100644
--- a/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_passenger.sls
+++ b/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_passenger.sls
@@ -58,35 +58,6 @@ nginx:
events:
worker_connections: {{ max_reqs * 3 + 1 }}
- ### SNIPPETS
- snippets:
- # Based on https://ssl-config.mozilla.org/#server=nginx&version=1.14.2&config=intermediate&openssl=1.1.1d&guideline=5.4
- ssl_hardening_default.conf:
- - ssl_session_timeout: 1d
- - ssl_session_cache: 'shared:arvadosSSL:10m'
- - ssl_session_tickets: 'off'
-
- # intermediate configuration
- - ssl_protocols: TLSv1.2 TLSv1.3
- - ssl_ciphers: ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
- - ssl_prefer_server_ciphers: 'off'
-
- # HSTS (ngx_http_headers_module is required) (63072000 seconds)
- - add_header: 'Strict-Transport-Security "max-age=63072000" always'
-
- # OCSP stapling
- - ssl_stapling: 'on'
- - ssl_stapling_verify: 'on'
-
- # verify chain of trust of OCSP response using Root CA and Intermediate certs
- # - ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates
-
- # curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam
- # - ssl_dhparam: /path/to/dhparam
-
- # replace with the IP address of your resolver
- # - resolver: 127.0.0.1
-
### SITES
servers:
managed:
diff --git a/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_snippets.sls b/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_snippets.sls
new file mode 100644
index 0000000000..dfe17b57a1
--- /dev/null
+++ b/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_snippets.sls
@@ -0,0 +1,35 @@
+---
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: AGPL-3.0
+
+### NGINX
+nginx:
+ ### SNIPPETS
+ snippets:
+ # Based on https://ssl-config.mozilla.org/#server=nginx&version=1.14.2&config=intermediate&openssl=1.1.1d&guideline=5.4
+ ssl_hardening_default.conf:
+ - ssl_session_timeout: 1d
+ - ssl_session_cache: 'shared:arvadosSSL:10m'
+ - ssl_session_tickets: 'off'
+
+ # intermediate configuration
+ - ssl_protocols: TLSv1.2 TLSv1.3
+ - ssl_ciphers: ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
+ - ssl_prefer_server_ciphers: 'off'
+
+ # HSTS (ngx_http_headers_module is required) (63072000 seconds)
+ - add_header: 'Strict-Transport-Security "max-age=63072000" always'
+
+ # OCSP stapling
+ - ssl_stapling: 'on'
+ - ssl_stapling_verify: 'on'
+
+ # verify chain of trust of OCSP response using Root CA and Intermediate certs
+ # - ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates
+
+ # curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam
+ # - ssl_dhparam: /path/to/dhparam
+
+ # replace with the IP address of your resolver
+ # - resolver: 127.0.0.1
commit 16031250d900abdee6bd8e8d9276871801d30f11
Author: Lucas Di Pentima <lucas.dipentima at curii.com>
Date: Tue Nov 21 17:47:18 2023 -0300
20690: Removes WORKBENCH_SECRET_KEY from config. Uses new formula version.
Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas.dipentima at curii.com>
diff --git a/tools/salt-install/config_examples/multi_host/aws/pillars/arvados.sls b/tools/salt-install/config_examples/multi_host/aws/pillars/arvados.sls
index dc98c43ace..177e60cb74 100644
--- a/tools/salt-install/config_examples/multi_host/aws/pillars/arvados.sls
+++ b/tools/salt-install/config_examples/multi_host/aws/pillars/arvados.sls
@@ -105,7 +105,6 @@ arvados:
### KEYS
secrets:
blob_signing_key: __BLOB_SIGNING_KEY__
- workbench_secret_key: __WORKBENCH_SECRET_KEY__
Login:
Test:
diff --git a/tools/salt-install/config_examples/single_host/multiple_hostnames/pillars/arvados.sls b/tools/salt-install/config_examples/single_host/multiple_hostnames/pillars/arvados.sls
index 5883f19241..e50e5c677a 100644
--- a/tools/salt-install/config_examples/single_host/multiple_hostnames/pillars/arvados.sls
+++ b/tools/salt-install/config_examples/single_host/multiple_hostnames/pillars/arvados.sls
@@ -106,7 +106,6 @@ arvados:
### KEYS
secrets:
blob_signing_key: __BLOB_SIGNING_KEY__
- workbench_secret_key: __WORKBENCH_SECRET_KEY__
Login:
Test:
diff --git a/tools/salt-install/config_examples/single_host/single_hostname/pillars/arvados.sls b/tools/salt-install/config_examples/single_host/single_hostname/pillars/arvados.sls
index e85b709c2c..1dec7633d4 100644
--- a/tools/salt-install/config_examples/single_host/single_hostname/pillars/arvados.sls
+++ b/tools/salt-install/config_examples/single_host/single_hostname/pillars/arvados.sls
@@ -106,7 +106,6 @@ arvados:
### KEYS
secrets:
blob_signing_key: __BLOB_SIGNING_KEY__
- workbench_secret_key: __WORKBENCH_SECRET_KEY__
Login:
Test:
diff --git a/tools/salt-install/installer.sh b/tools/salt-install/installer.sh
index 27feffa2d2..439293c296 100755
--- a/tools/salt-install/installer.sh
+++ b/tools/salt-install/installer.sh
@@ -281,7 +281,7 @@ terraform-destroy)
;;
generate-tokens)
- for i in BLOB_SIGNING_KEY MANAGEMENT_TOKEN SYSTEM_ROOT_TOKEN ANONYMOUS_USER_TOKEN WORKBENCH_SECRET_KEY DATABASE_PASSWORD; do
+ for i in BLOB_SIGNING_KEY MANAGEMENT_TOKEN SYSTEM_ROOT_TOKEN ANONYMOUS_USER_TOKEN DATABASE_PASSWORD; do
echo ${i}=$(
tr -dc A-Za-z0-9 </dev/urandom | head -c 32
echo ''
diff --git a/tools/salt-install/local.params.secrets.example b/tools/salt-install/local.params.secrets.example
index 36cdb57b87..f7c555b128 100644
--- a/tools/salt-install/local.params.secrets.example
+++ b/tools/salt-install/local.params.secrets.example
@@ -13,7 +13,6 @@ BLOB_SIGNING_KEY=fixmeblobsigningkeymushaveatleast32characters
MANAGEMENT_TOKEN=fixmemanagementtokenmushaveatleast32characters
SYSTEM_ROOT_TOKEN=fixmesystemroottokenmushaveatleast32characters
ANONYMOUS_USER_TOKEN=fixmeanonymoususertokenmushaveatleast32characters
-WORKBENCH_SECRET_KEY=fixmeworkbenchsecretkeymushaveatleast32characters
DATABASE_PASSWORD=fixmeplease_set_this_to_some_secure_value
LE_AWS_ACCESS_KEY_ID="FIXME"
diff --git a/tools/salt-install/provision.sh b/tools/salt-install/provision.sh
index 9b69bbffec..2831886bac 100755
--- a/tools/salt-install/provision.sh
+++ b/tools/salt-install/provision.sh
@@ -201,7 +201,6 @@ apply_var_substitutions() {
s#__SHELL_INT_IP__#${SHELL_INT_IP}#g;
s#__WORKBENCH1_INT_IP__#${WORKBENCH1_INT_IP}#g;
s#__WORKBENCH2_INT_IP__#${WORKBENCH2_INT_IP}#g;
- s#__WORKBENCH_SECRET_KEY__#${WORKBENCH_SECRET_KEY}#g;
s#__SSL_KEY_ENCRYPTED__#${SSL_KEY_ENCRYPTED}#g;
s#__SSL_KEY_AWS_REGION__#${SSL_KEY_AWS_REGION:-}#g;
s#__SSL_KEY_AWS_SECRET_NAME__#${SSL_KEY_AWS_SECRET_NAME}#g;
@@ -280,7 +279,7 @@ VERSION="latest"
# An arvados-formula tag. For a stable release, this should be a
# branch name (e.g. X.Y-dev) or tag for the release.
# ARVADOS_TAG="2.2.0"
-# BRANCH="main"
+BRANCH="20690-remove-wb1-from-installer"
# We pin the salt version to avoid potential incompatibilities when a new
# stable version is released.
@@ -457,7 +456,7 @@ test -d arvados || git clone --quiet https://git.arvados.org/arvados-formula.git
# If we want to try a specific branch of the formula
if [[ ! -z "${BRANCH:-}" && "x${BRANCH}" != "xmain" ]]; then
- ( cd ${F_DIR}/arvados && git checkout --quiet -t origin/"${BRANCH}" -b "${BRANCH}" )
+ ( cd ${F_DIR}/arvados && git fetch && git checkout --quiet "${BRANCH}" || git checkout --quiet -t origin/"${BRANCH}" -b "${BRANCH}" )
elif [ "x${ARVADOS_TAG:-}" != "x" ]; then
( cd ${F_DIR}/arvados && git checkout --quiet tags/"${ARVADOS_TAG}" -b "${ARVADOS_TAG}" )
fi
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list