[ARVADOS] updated: 5ce0e0fe745c8d3e0f23629f26eeb8b0d01923db
git at public.curoverse.com
git at public.curoverse.com
Thu Jul 31 20:19:44 EDT 2014
Summary of changes:
docker/api/omniauth.rb.in | 6 ++++-
docker/build_tools/Makefile | 56 ++++++++++++++++++++------------------------
docker/build_tools/config.rb | 18 ++++++++++----
docker/config.yml.example | 5 ++--
docker/keep/run-keep.in | 6 ++---
5 files changed, 50 insertions(+), 41 deletions(-)
via 5ce0e0fe745c8d3e0f23629f26eeb8b0d01923db (commit)
via 0b07e15a0e3b3c9dd69f137d8617b20bba3b1f75 (commit)
via fe11ead2089ef954dd76c1f23a7db3527f057413 (commit)
from 8e998c69259240de0af63428fe94de645e665615 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
commit 5ce0e0fe745c8d3e0f23629f26eeb8b0d01923db
Author: Tom Clegg <tom at curoverse.com>
Date: Thu Jul 31 20:19:31 2014 -0400
3261: Reduce dependency bloat: process templates one dir at a time.
diff --git a/docker/build_tools/Makefile b/docker/build_tools/Makefile
index c30dbd3..240e820 100644
--- a/docker/build_tools/Makefile
+++ b/docker/build_tools/Makefile
@@ -56,28 +56,29 @@ LIST_GENERATED_FILES = build_tools/list_generated_files
BUILD = build/.buildstamp
-BASE_DEPS = base/Dockerfile $(BASE_GENERATED)
+BASE_DEPS = base/Dockerfile config.yml $(BASE_GENERATED)
-SLURM_DEPS = slurm/Dockerfile $(SLURM_GENERATED)
+SLURM_DEPS = slurm/Dockerfile config.yml $(SLURM_GENERATED)
JOBS_DEPS = jobs/Dockerfile
JAVA_BWA_SAMTOOLS_DEPS = java-bwa-samtools/Dockerfile
-API_DEPS = api/* $(API_GENERATED)
+API_DEPS = api/* config.yml $(API_GENERATED)
-SHELL_DEPS = shell/* $(SHELL_GENERATED)
+SHELL_DEPS = shell/* config.yml $(SHELL_GENERATED)
-COMPUTE_DEPS = compute/* $(COMPUTE_GENERATED)
+COMPUTE_DEPS = compute/* config.yml $(COMPUTE_GENERATED)
DOC_DEPS = doc/Dockerfile doc/apache2_vhost
WORKBENCH_DEPS = workbench/Dockerfile \
+ config.yml \
$(WORKBENCH_GENERATED)
-KEEP_DEPS = keep/Dockerfile $(KEEP_GENERATED)
+KEEP_DEPS = keep/Dockerfile config.yml $(KEEP_GENERATED)
-SSO_DEPS = $(SSO_GENERATED)
+SSO_DEPS = config.yml $(SSO_GENERATED)
BCBIO_NEXTGEN_DEPS = bcbio-nextgen/Dockerfile
@@ -115,35 +116,32 @@ $(BUILD):
cd build/sdk/ruby && gem build arvados.gemspec
touch build/.buildstamp
-$(SLURM_GENERATED): config.yml $(BUILD)
- $(CONFIG_RB)
+$(SLURM_GENERATED): $(BUILD)
+ $(CONFIG_RB) slurm
mkdir -p slurm/generated
-$(BASE_GENERATED): config.yml $(BUILD)
- $(CONFIG_RB)
+$(BASE_GENERATED): $(BUILD)
+ $(CONFIG_RB) base
mkdir -p base/generated
tar -czf base/generated/arvados.tar.gz -C build .
-$(API_GENERATED): config.yml $(API_GENERATED_IN)
- $(CONFIG_RB)
+$(API_GENERATED): $(API_GENERATED_IN)
+ $(CONFIG_RB) api
-$(SHELL_GENERATED): config.yml $(SHELL_GENERATED_IN)
- $(CONFIG_RB)
+$(SHELL_GENERATED): $(SHELL_GENERATED_IN)
+ $(CONFIG_RB) shell
-$(WORKBENCH_GENERATED): config.yml $(WORKBENCH_GENERATED_IN)
- $(CONFIG_RB)
+$(WORKBENCH_GENERATED): $(WORKBENCH_GENERATED_IN)
+ $(CONFIG_RB) workbench
-$(COMPUTE_GENERATED): config.yml $(COMPUTE_GENERATED_IN)
- $(CONFIG_RB)
+$(COMPUTE_GENERATED): $(COMPUTE_GENERATED_IN)
+ $(CONFIG_RB) compute
-$(WAREHOUSE_GENERATED): config.yml $(WAREHOUSE_GENERATED_IN)
- $(CONFIG_RB)
+$(SSO_GENERATED): $(SSO_GENERATED_IN)
+ $(CONFIG_RB) sso
-$(SSO_GENERATED): config.yml $(SSO_GENERATED_IN)
- $(CONFIG_RB)
-
-$(KEEP_GENERATED): config.yml $(KEEP_GENERATED_IN)
- $(CONFIG_RB)
+$(KEEP_GENERATED): $(KEEP_GENERATED_IN)
+ $(CONFIG_RB) keep
# The docker build -q option suppresses verbose build output.
# Necessary to prevent failure on building warehouse; see
@@ -151,7 +149,7 @@ $(KEEP_GENERATED): config.yml $(KEEP_GENERATED_IN)
DOCKER_BUILD = $(DOCKER) build -q --rm=true
# ============================================================
-# The main Arvados servers: api, doc, workbench, warehouse
+# The main Arvados servers: api, doc, workbench, compute
api-image: passenger-image $(BUILD) $(API_DEPS)
@echo "Building api-image"
@@ -208,10 +206,6 @@ workbench-image: passenger-image $(BUILD) $(WORKBENCH_DEPS)
$(DOCKER_BUILD) -t arvados/workbench workbench
date >workbench-image
-warehouse-image: base-image $(WAREHOUSE_DEPS)
- $(DOCKER_BUILD) -t arvados/warehouse warehouse
- date >warehouse-image
-
sso-image: passenger-image $(SSO_DEPS)
@echo "Building sso-image"
$(DOCKER_BUILD) -t arvados/sso sso
diff --git a/docker/build_tools/config.rb b/docker/build_tools/config.rb
index ddf9237..8b9bb73 100755
--- a/docker/build_tools/config.rb
+++ b/docker/build_tools/config.rb
@@ -2,6 +2,7 @@
require 'yaml'
require 'fileutils'
+require 'digest'
abort 'Error: Ruby >= 1.9.3 required.' if RUBY_VERSION < '1.9.3'
@@ -13,10 +14,13 @@ config = YAML.load_file('config.yml')
# be suitable for any installation.
# Any _PW/_SECRET config settings represent passwords/secrets. If they
-# are blank, choose a password randomly.
+# are blank, choose a password. Make sure the generated password
+# doesn't change if config.yml doesn't change. Otherwise, keys won't
+# match any more if (say) keep's files get regenerated but apiserver's
+# don't.
config.each_key do |var|
if (var.end_with?('_PW') || var.end_with?('_SECRET')) && (config[var].nil? || config[var].empty?)
- config[var] = rand(2**256).to_s(36)
+ config[var] = Digest::SHA1.hexdigest(`hostname` + var + config.to_yaml)
end
end
@@ -30,12 +34,18 @@ end
# the same tree structure as in the original source. Then all
# the files can be added to the docker container with a single ADD.
-Dir.glob('*/generated/*') do |stale_file|
+if ARGV[0] and ARGV[0].length > 0
+ globdir = ARGV[0]
+else
+ globdir = '*'
+end
+
+Dir.glob(globdir + '/generated/*') do |stale_file|
File.delete(stale_file)
end
File.umask(022)
-Dir.glob('*/*.in') do |template_file|
+Dir.glob(globdir + '/*.in') do |template_file|
generated_dir = File.join(File.dirname(template_file), 'generated')
Dir.mkdir(generated_dir) unless Dir.exists? generated_dir
output_path = File.join(generated_dir, File.basename(template_file, '.in'))
commit 0b07e15a0e3b3c9dd69f137d8617b20bba3b1f75
Author: Tom Clegg <tom at curoverse.com>
Date: Thu Jul 31 20:18:08 2014 -0400
3261: Turn on --enforce-permissions in run-keep.
diff --git a/docker/keep/run-keep.in b/docker/keep/run-keep.in
index 4d910cf..9525ed5 100755
--- a/docker/keep/run-keep.in
+++ b/docker/keep/run-keep.in
@@ -3,9 +3,9 @@
pkf="/etc/keep_signing_secret"
if [ -s "$pkf" ]
then
- permission_key_arg="-permission-key-file=$pkf"
+ permission_args="-permission-key-file=$pkf -enforce-permissions"
else
- permission_key_arg=""
+ permission_args=""
fi
-exec keep $permission_key_arg -listen=":25107" -volumes="/keep-data"
+exec keep $permission_args -listen=":25107" -volumes="/keep-data"
commit fe11ead2089ef954dd76c1f23a7db3527f057413
Author: Tom Clegg <tom at curoverse.com>
Date: Thu Jul 31 18:19:24 2014 -0400
3261: Restore (and document) ability to use docker sso container.
diff --git a/docker/api/omniauth.rb.in b/docker/api/omniauth.rb.in
index 5636e04..198668e 100644
--- a/docker/api/omniauth.rb.in
+++ b/docker/api/omniauth.rb.in
@@ -4,7 +4,11 @@ APP_ID = '@@SSO_CLIENT_APP_ID@@'
APP_SECRET = '@@SSO_CLIENT_SECRET@@'
# Update your custom Omniauth provider URL here
-CUSTOM_PROVIDER_URL = '@@OMNIAUTH_URL@@'
+if '@@OMNIAUTH_URL@@' != ''
+ CUSTOM_PROVIDER_URL = '@@OMNIAUTH_URL@@'
+else
+ CUSTOM_PROVIDER_URL = 'https://' + ENV['SSO_PORT_443_TCP_ADDR'].to_s
+end
# This is a development sandbox, we use self-signed certificates
OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE
diff --git a/docker/config.yml.example b/docker/config.yml.example
index d4cda97..52a505c 100644
--- a/docker/config.yml.example
+++ b/docker/config.yml.example
@@ -66,8 +66,9 @@ API_SUPERUSER_SECRET:
# change it and don't be dumb.
POSTGRES_ROOT_PW: dummy_pw
-# The URL of the SSO server that you want your API server to use.
-OMNIAUTH_URL: https://@@SSO_HOSTNAME@@.@@ARVADOS_DOMAIN@@
+# The URL of the SSO server that you want your API server to use. If
+# blank, use the sso docker container.
+OMNIAUTH_URL:
# ==============================
# Workbench settings
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list