[ARVADOS] updated: 5ce0e0fe745c8d3e0f23629f26eeb8b0d01923db

git at public.curoverse.com git at public.curoverse.com
Thu Jul 31 20:19:44 EDT 2014


Summary of changes:
 docker/api/omniauth.rb.in    |  6 ++++-
 docker/build_tools/Makefile  | 56 ++++++++++++++++++++------------------------
 docker/build_tools/config.rb | 18 ++++++++++----
 docker/config.yml.example    |  5 ++--
 docker/keep/run-keep.in      |  6 ++---
 5 files changed, 50 insertions(+), 41 deletions(-)

       via  5ce0e0fe745c8d3e0f23629f26eeb8b0d01923db (commit)
       via  0b07e15a0e3b3c9dd69f137d8617b20bba3b1f75 (commit)
       via  fe11ead2089ef954dd76c1f23a7db3527f057413 (commit)
      from  8e998c69259240de0af63428fe94de645e665615 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.


commit 5ce0e0fe745c8d3e0f23629f26eeb8b0d01923db
Author: Tom Clegg <tom at curoverse.com>
Date:   Thu Jul 31 20:19:31 2014 -0400

    3261: Reduce dependency bloat: process templates one dir at a time.

diff --git a/docker/build_tools/Makefile b/docker/build_tools/Makefile
index c30dbd3..240e820 100644
--- a/docker/build_tools/Makefile
+++ b/docker/build_tools/Makefile
@@ -56,28 +56,29 @@ LIST_GENERATED_FILES = build_tools/list_generated_files
 
 BUILD = build/.buildstamp
 
-BASE_DEPS = base/Dockerfile $(BASE_GENERATED)
+BASE_DEPS = base/Dockerfile config.yml $(BASE_GENERATED)
 
-SLURM_DEPS = slurm/Dockerfile $(SLURM_GENERATED)
+SLURM_DEPS = slurm/Dockerfile config.yml $(SLURM_GENERATED)
 
 JOBS_DEPS = jobs/Dockerfile
 
 JAVA_BWA_SAMTOOLS_DEPS = java-bwa-samtools/Dockerfile
 
-API_DEPS = api/* $(API_GENERATED)
+API_DEPS = api/* config.yml $(API_GENERATED)
 
-SHELL_DEPS = shell/* $(SHELL_GENERATED)
+SHELL_DEPS = shell/* config.yml $(SHELL_GENERATED)
 
-COMPUTE_DEPS = compute/* $(COMPUTE_GENERATED)
+COMPUTE_DEPS = compute/* config.yml $(COMPUTE_GENERATED)
 
 DOC_DEPS = doc/Dockerfile doc/apache2_vhost
 
 WORKBENCH_DEPS = workbench/Dockerfile \
+                 config.yml \
                  $(WORKBENCH_GENERATED)
 
-KEEP_DEPS = keep/Dockerfile $(KEEP_GENERATED)
+KEEP_DEPS = keep/Dockerfile config.yml $(KEEP_GENERATED)
 
-SSO_DEPS = $(SSO_GENERATED)
+SSO_DEPS = config.yml $(SSO_GENERATED)
 
 BCBIO_NEXTGEN_DEPS = bcbio-nextgen/Dockerfile
 
@@ -115,35 +116,32 @@ $(BUILD):
 	cd build/sdk/ruby && gem build arvados.gemspec
 	touch build/.buildstamp
 
-$(SLURM_GENERATED): config.yml $(BUILD)
-	$(CONFIG_RB)
+$(SLURM_GENERATED): $(BUILD)
+	$(CONFIG_RB) slurm
 	mkdir -p slurm/generated
 
-$(BASE_GENERATED): config.yml $(BUILD)
-	$(CONFIG_RB)
+$(BASE_GENERATED): $(BUILD)
+	$(CONFIG_RB) base
 	mkdir -p base/generated
 	tar -czf base/generated/arvados.tar.gz -C build .
 
-$(API_GENERATED): config.yml $(API_GENERATED_IN)
-	$(CONFIG_RB)
+$(API_GENERATED): $(API_GENERATED_IN)
+	$(CONFIG_RB) api
 
-$(SHELL_GENERATED): config.yml $(SHELL_GENERATED_IN)
-	$(CONFIG_RB)
+$(SHELL_GENERATED): $(SHELL_GENERATED_IN)
+	$(CONFIG_RB) shell
 
-$(WORKBENCH_GENERATED): config.yml $(WORKBENCH_GENERATED_IN)
-	$(CONFIG_RB)
+$(WORKBENCH_GENERATED): $(WORKBENCH_GENERATED_IN)
+	$(CONFIG_RB) workbench
 
-$(COMPUTE_GENERATED): config.yml $(COMPUTE_GENERATED_IN)
-	$(CONFIG_RB)
+$(COMPUTE_GENERATED): $(COMPUTE_GENERATED_IN)
+	$(CONFIG_RB) compute
 
-$(WAREHOUSE_GENERATED): config.yml $(WAREHOUSE_GENERATED_IN)
-	$(CONFIG_RB)
+$(SSO_GENERATED): $(SSO_GENERATED_IN)
+	$(CONFIG_RB) sso
 
-$(SSO_GENERATED): config.yml $(SSO_GENERATED_IN)
-	$(CONFIG_RB)
-
-$(KEEP_GENERATED): config.yml $(KEEP_GENERATED_IN)
-	$(CONFIG_RB)
+$(KEEP_GENERATED): $(KEEP_GENERATED_IN)
+	$(CONFIG_RB) keep
 
 # The docker build -q option suppresses verbose build output.
 # Necessary to prevent failure on building warehouse; see
@@ -151,7 +149,7 @@ $(KEEP_GENERATED): config.yml $(KEEP_GENERATED_IN)
 DOCKER_BUILD = $(DOCKER) build -q --rm=true
 
 # ============================================================
-# The main Arvados servers: api, doc, workbench, warehouse
+# The main Arvados servers: api, doc, workbench, compute
 
 api-image: passenger-image $(BUILD) $(API_DEPS)
 	@echo "Building api-image"
@@ -208,10 +206,6 @@ workbench-image: passenger-image $(BUILD) $(WORKBENCH_DEPS)
 	$(DOCKER_BUILD) -t arvados/workbench workbench
 	date >workbench-image
 
-warehouse-image: base-image $(WAREHOUSE_DEPS)
-	$(DOCKER_BUILD) -t arvados/warehouse warehouse
-	date >warehouse-image
-
 sso-image: passenger-image $(SSO_DEPS)
 	@echo "Building sso-image"
 	$(DOCKER_BUILD) -t arvados/sso sso
diff --git a/docker/build_tools/config.rb b/docker/build_tools/config.rb
index ddf9237..8b9bb73 100755
--- a/docker/build_tools/config.rb
+++ b/docker/build_tools/config.rb
@@ -2,6 +2,7 @@
 
 require 'yaml'
 require 'fileutils'
+require 'digest'
 
 abort 'Error: Ruby >= 1.9.3 required.' if RUBY_VERSION < '1.9.3'
 
@@ -13,10 +14,13 @@ config = YAML.load_file('config.yml')
 # be suitable for any installation.
 
 # Any _PW/_SECRET config settings represent passwords/secrets. If they
-# are blank, choose a password randomly.
+# are blank, choose a password. Make sure the generated password
+# doesn't change if config.yml doesn't change. Otherwise, keys won't
+# match any more if (say) keep's files get regenerated but apiserver's
+# don't.
 config.each_key do |var|
   if (var.end_with?('_PW') || var.end_with?('_SECRET')) && (config[var].nil? || config[var].empty?)
-    config[var] = rand(2**256).to_s(36)
+    config[var] = Digest::SHA1.hexdigest(`hostname` + var + config.to_yaml)
   end
 end
 
@@ -30,12 +34,18 @@ end
 # the same tree structure as in the original source. Then all
 # the files can be added to the docker container with a single ADD.
 
-Dir.glob('*/generated/*') do |stale_file|
+if ARGV[0] and ARGV[0].length > 0
+  globdir = ARGV[0]
+else
+  globdir = '*'
+end
+
+Dir.glob(globdir + '/generated/*') do |stale_file|
   File.delete(stale_file)
 end
 
 File.umask(022)
-Dir.glob('*/*.in') do |template_file|
+Dir.glob(globdir + '/*.in') do |template_file|
   generated_dir = File.join(File.dirname(template_file), 'generated')
   Dir.mkdir(generated_dir) unless Dir.exists? generated_dir
   output_path = File.join(generated_dir, File.basename(template_file, '.in'))

commit 0b07e15a0e3b3c9dd69f137d8617b20bba3b1f75
Author: Tom Clegg <tom at curoverse.com>
Date:   Thu Jul 31 20:18:08 2014 -0400

    3261: Turn on --enforce-permissions in run-keep.

diff --git a/docker/keep/run-keep.in b/docker/keep/run-keep.in
index 4d910cf..9525ed5 100755
--- a/docker/keep/run-keep.in
+++ b/docker/keep/run-keep.in
@@ -3,9 +3,9 @@
 pkf="/etc/keep_signing_secret"
 if [ -s "$pkf" ]
 then
-    permission_key_arg="-permission-key-file=$pkf"
+    permission_args="-permission-key-file=$pkf -enforce-permissions"
 else
-    permission_key_arg=""
+    permission_args=""
 fi
 
-exec keep $permission_key_arg -listen=":25107" -volumes="/keep-data"
+exec keep $permission_args -listen=":25107" -volumes="/keep-data"

commit fe11ead2089ef954dd76c1f23a7db3527f057413
Author: Tom Clegg <tom at curoverse.com>
Date:   Thu Jul 31 18:19:24 2014 -0400

    3261: Restore (and document) ability to use docker sso container.

diff --git a/docker/api/omniauth.rb.in b/docker/api/omniauth.rb.in
index 5636e04..198668e 100644
--- a/docker/api/omniauth.rb.in
+++ b/docker/api/omniauth.rb.in
@@ -4,7 +4,11 @@ APP_ID = '@@SSO_CLIENT_APP_ID@@'
 APP_SECRET = '@@SSO_CLIENT_SECRET@@'
 
 # Update your custom Omniauth provider URL here
-CUSTOM_PROVIDER_URL = '@@OMNIAUTH_URL@@'
+if '@@OMNIAUTH_URL@@' != ''
+  CUSTOM_PROVIDER_URL = '@@OMNIAUTH_URL@@'
+else
+  CUSTOM_PROVIDER_URL = 'https://' + ENV['SSO_PORT_443_TCP_ADDR'].to_s
+end
 
 # This is a development sandbox, we use self-signed certificates
 OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE
diff --git a/docker/config.yml.example b/docker/config.yml.example
index d4cda97..52a505c 100644
--- a/docker/config.yml.example
+++ b/docker/config.yml.example
@@ -66,8 +66,9 @@ API_SUPERUSER_SECRET:
 # change it and don't be dumb.
 POSTGRES_ROOT_PW: dummy_pw
 
-# The URL of the SSO server that you want your API server to use.
-OMNIAUTH_URL: https://@@SSO_HOSTNAME@@.@@ARVADOS_DOMAIN@@
+# The URL of the SSO server that you want your API server to use. If
+# blank, use the sso docker container.
+OMNIAUTH_URL:
 
 # ==============================
 # Workbench settings

-----------------------------------------------------------------------


hooks/post-receive
-- 




More information about the arvados-commits mailing list