[ARVADOS] created: ae3bb0033a24a38489c49ffc26e5a5e8fd93c160
git at public.curoverse.com
git at public.curoverse.com
Thu May 21 15:00:19 EDT 2015
at ae3bb0033a24a38489c49ffc26e5a5e8fd93c160 (commit)
commit ae3bb0033a24a38489c49ffc26e5a5e8fd93c160
Author: Peter Amstutz <peter.amstutz at curoverse.com>
Date: Thu May 21 15:00:10 2015 -0400
6090: Docker install uses local SSO server instead of auth.curoverse.com. Also
clean up references to dev.arvados to use @@ARVADOS_DOMAIN@@.
diff --git a/docker/api/Dockerfile b/docker/api/Dockerfile
index 5a1ef31..51d452b 100644
--- a/docker/api/Dockerfile
+++ b/docker/api/Dockerfile
@@ -53,8 +53,8 @@ RUN mkdir -p /var/lib/arvados
RUN addgroup --gid 4005 crunch && mkdir /home/crunch && useradd --uid 4005 --gid 4005 crunch && chown crunch:crunch /home/crunch
# Create keep and compute node objects
-ADD keep_server_0.json /root/
-ADD keep_server_1.json /root/
+ADD generated/keep_server_0.json /root/
+ADD generated/keep_server_1.json /root/
ADD keep_proxy.json /root/
# Set up update-gitolite.rb
diff --git a/docker/api/application.yml.in b/docker/api/application.yml.in
index 627e775..97eb66f 100644
--- a/docker/api/application.yml.in
+++ b/docker/api/application.yml.in
@@ -19,9 +19,9 @@ development:
blob_signing_key: ~
production:
- host: api.dev.arvados
+ host: api.@@ARVADOS_DOMAIN@@
- git_repo_ssh_base: "git at api.dev.arvados:"
+ git_repo_ssh_base: "git at api.@@ARVADOS_DOMAIN@@:"
# Docker setup doesn't include arv-git-httpd yet.
git_repo_https_base: false
@@ -37,13 +37,6 @@ production:
uuid_prefix: @@API_HOSTNAME@@
- # The e-mail address of the user you would like to become marked as an admin
- # user on their first login.
- # In the default configuration, authentication happens through the Arvados SSO
- # server, which uses openid against Google's servers, so in that case this
- # should be an address associated with a Google account.
- auto_admin_user: @@API_AUTO_ADMIN_USER@@
-
# compute_node_domain: example.org
# compute_node_nameservers:
# - 127.0.0.1
diff --git a/docker/api/arvados-clients.yml.in b/docker/api/arvados-clients.yml.in
index f33352f..6741328 100644
--- a/docker/api/arvados-clients.yml.in
+++ b/docker/api/arvados-clients.yml.in
@@ -1,5 +1,5 @@
production:
- gitolite_url: 'git at api.dev.arvados:gitolite-admin.git'
+ gitolite_url: 'git at api.@@ARVADOS_DOMAIN@@:gitolite-admin.git'
gitolite_tmp: 'gitolite-tmp'
arvados_api_host: 'api'
arvados_api_token: '@@API_SUPERUSER_SECRET@@'
diff --git a/docker/api/keep_server_1.json b/docker/api/keep_server_0.json.in
similarity index 59%
rename from docker/api/keep_server_1.json
rename to docker/api/keep_server_0.json.in
index dbbdd1c..d63c590 100644
--- a/docker/api/keep_server_1.json
+++ b/docker/api/keep_server_0.json.in
@@ -1,7 +1,6 @@
{
- "service_host": "keep_server_1.keep.dev.arvados",
+ "service_host": "keep_server_0.keep.@@ARVADOS_DOMAIN@@",
"service_port": 25107,
"service_ssl_flag": "false",
"service_type": "disk"
}
-
diff --git a/docker/api/keep_server_0.json b/docker/api/keep_server_1.json.in
similarity index 59%
rename from docker/api/keep_server_0.json
rename to docker/api/keep_server_1.json.in
index ce02f50..53d5c64 100644
--- a/docker/api/keep_server_0.json
+++ b/docker/api/keep_server_1.json.in
@@ -1,5 +1,5 @@
{
- "service_host": "keep_server_0.keep.dev.arvados",
+ "service_host": "keep_server_1.keep.@@ARVADOS_DOMAIN@@",
"service_port": 25107,
"service_ssl_flag": "false",
"service_type": "disk"
diff --git a/docker/api/omniauth.rb.in b/docker/api/omniauth.rb.in
index 198668e..8daa300 100644
--- a/docker/api/omniauth.rb.in
+++ b/docker/api/omniauth.rb.in
@@ -7,7 +7,7 @@ APP_SECRET = '@@SSO_CLIENT_SECRET@@'
if '@@OMNIAUTH_URL@@' != ''
CUSTOM_PROVIDER_URL = '@@OMNIAUTH_URL@@'
else
- CUSTOM_PROVIDER_URL = 'https://' + ENV['SSO_PORT_443_TCP_ADDR'].to_s
+ CUSTOM_PROVIDER_URL = 'https://@@SSO_HOSTNAME@@.@@ARVADOS_DOMAIN@@'
end
# This is a development sandbox, we use self-signed certificates
diff --git a/docker/api/setup-gitolite.sh.in b/docker/api/setup-gitolite.sh.in
index 32413c9..d953fa7 100755
--- a/docker/api/setup-gitolite.sh.in
+++ b/docker/api/setup-gitolite.sh.in
@@ -22,9 +22,9 @@ chmod +rx /home/git/repositories/*git -R
# Now set up the gitolite repo(s) we use
mkdir -p /usr/local/arvados/gitolite-tmp/
# Make ssh store the host key
-ssh -o "StrictHostKeyChecking no" git at api.dev.arvados info
+ssh -o "StrictHostKeyChecking no" git at api.@@ARVADOS_DOMAIN@@ info
# Now check out the tree
-git clone git at api.dev.arvados:gitolite-admin.git /usr/local/arvados/gitolite-tmp/gitolite-admin/
+git clone git at api.@@ARVADOS_DOMAIN@@:gitolite-admin.git /usr/local/arvados/gitolite-tmp/gitolite-admin/
cd /usr/local/arvados/gitolite-tmp/gitolite-admin
mkdir keydir/arvados
mkdir conf/admin
diff --git a/docker/arvdock b/docker/arvdock
index b6477d6..2fca7fb 100755
--- a/docker/arvdock
+++ b/docker/arvdock
@@ -10,6 +10,8 @@ CURL=`which curl`
COMPUTE_COUNTER=0
+ARVADOS_DOMAIN=dev.arvados
+
function usage {
echo >&2
echo >&2 "usage: $0 (start|stop|restart|reset|test) [options]"
@@ -62,14 +64,14 @@ function start_container {
if [[ "$2" != '' ]]; then
local name="$2"
if [[ "$name" == "api_server" ]]; then
- args="$args --dns=$bridge_ip --dns-search=compute.dev.arvados --hostname api -P --name $name"
+ args="$args --dns=$bridge_ip --dns-search=compute.$ARVADOS_DOMAIN --hostname api -P --name $name"
elif [[ "$name" == "compute" ]]; then
name=$name$COMPUTE_COUNTER
# We need --privileged because we run docker-inside-docker on the compute nodes
- args="$args --dns=$bridge_ip --dns-search=compute.dev.arvados --hostname compute$COMPUTE_COUNTER -P --privileged --name $name"
+ args="$args --dns=$bridge_ip --dns-search=compute.$ARVADOS_DOMAIN --hostname compute$COMPUTE_COUNTER -P --privileged --name $name"
let COMPUTE_COUNTER=$(($COMPUTE_COUNTER + 1))
else
- args="$args --dns=$bridge_ip --dns-search=dev.arvados --hostname ${name#_server} --name $name"
+ args="$args --dns=$bridge_ip --dns-search=$ARVADOS_DOMAIN --hostname ${name#_server} --name $name"
fi
fi
if [[ "$3" != '' ]]; then
@@ -214,12 +216,11 @@ function do_start {
$start_keepproxy == false ]]
then
start_doc=9898
- #the sso server is currently not used by default so don't start it unless explicitly requested
- #start_sso=9901
+ start_sso=9901
start_api=9900
start_compute=2
start_workbench=9899
- start_vm=true
+ #start_vm=true
start_nameserver=true
start_keep=true
start_keepproxy=true
@@ -227,10 +228,26 @@ function do_start {
if [[ $start_nameserver != false ]]
then
+ $DOCKER ps | grep skydns >/dev/null
+ need_skydns="$?"
+
+ $DOCKER ps | grep skydock >/dev/null
+ need_skydock="$?"
+
+ if [[ "$need_skydns" != 0 || "$need_skydock" != 0 ]]
+ then
+ # skydns and skydock need to both be running before everything else.
+ # If they are not running we need to shut everything down and start
+ # over, otherwise DNS will be broken and the containers won't find each other.
+ do_stop
+ need_skydns=1
+ need_skydock=1
+ fi
+
# We rely on skydock and skydns for dns discovery between the slurm controller and compute nodes,
# so make sure they are running
$DOCKER ps | grep skydns >/dev/null
- if [[ "$?" != "0" ]]; then
+ if [[ $need_skydns != "0" ]]; then
echo "Detecting bridge '$bridge' IP for crosbymichael/skydns"
bridge_ip=$(bridge_ip_address "$bridge")
@@ -240,7 +257,7 @@ function do_start {
$DOCKER run -d -p $bridge_ip:53:53/udp --name skydns crosbymichael/skydns -nameserver 8.8.8.8:53 -domain arvados
fi
$DOCKER ps | grep skydock >/dev/null
- if [[ "$?" != "0" ]]; then
+ if [[ "$need_skydock" != "0" ]]; then
echo "Starting crosbymichael/skydock container..."
$DOCKER rm "skydock" 2>/dev/null
echo $DOCKER run -d -v /var/run/docker.sock:/docker.sock --name skydock crosbymichael/skydock -ttl 30 -environment dev -s /docker.sock -domain arvados -name skydns
@@ -303,7 +320,7 @@ function do_start {
if [[ $start_workbench != false ]]
then
- start_container "$start_workbench:80" "workbench_server" '' "api_server:api" "arvados/workbench"
+ start_container "" "workbench_server" '' "" "arvados/workbench"
fi
if [[ $start_api != false ]]
@@ -332,7 +349,7 @@ EOF
echo "******************************************************************"
echo
else
- while ! $CURL -L -f http://workbench.dev.arvados >/dev/null 2>/dev/null ; do
+ while ! $CURL -k -L -f http://workbench.$ARVADOS_DOMAIN >/dev/null 2>/dev/null ; do
echo "Waiting for Arvados to be ready."
sleep 1
done
@@ -341,7 +358,7 @@ EOF
if [[ "$?" == "0" ]]; then
echo
echo "******************************************************************"
- echo "You can access the Arvados documentation at http://doc.dev.arvados"
+ echo "You can access the Arvados documentation at http://doc.$ARVADOS_DOMAIN"
echo "******************************************************************"
echo
fi
@@ -350,7 +367,7 @@ EOF
if [[ "$?" == "0" ]]; then
echo
echo "********************************************************************"
- echo "You can access the Arvados workbench at http://workbench.dev.arvados"
+ echo "You can access the Arvados workbench at http://workbench.$ARVADOS_DOMAIN"
echo "********************************************************************"
echo
fi
@@ -469,7 +486,7 @@ function do_test {
}
function do_reset {
- for name in skydock skydns workbench_server shell doc_server keepproxy_server keep_server_0 keep_server_1 compute0 compute1 api_server keepproxy keep_data
+ for name in skydock skydns workbench_server shell doc_server keepproxy_server keep_server_0 keep_server_1 compute0 compute1 api_server keepproxy keep_data sso_server
do
`$DOCKER ps |grep -E "\b$name\b" -q`
if [[ "$?" == "0" ]]; then
diff --git a/docker/build_tools/Makefile b/docker/build_tools/Makefile
index 621aa04..556be3f 100644
--- a/docker/build_tools/Makefile
+++ b/docker/build_tools/Makefile
@@ -4,7 +4,8 @@ OLD_SHELL := $(SHELL)
SHELL = $(warning [$@])$(OLD_SHELL) -x
endif
-all: skydns-image skydock-image api-image compute-image doc-image workbench-image keep-image keep-proxy-image sso-image shell-image
+#shell-image
+all: skydns-image skydock-image api-image compute-image doc-image workbench-image keep-image keep-proxy-image sso-image
IMAGE_FILES := $(shell ls *-image 2>/dev/null |grep -v -E 'debian-arvados-image|skydns-image|skydock-image')
GENERATED_DIRS := $(shell ls */generated 2>/dev/null)
@@ -70,7 +71,7 @@ SHELL_DEPS = shell/* config.yml $(SHELL_GENERATED)
COMPUTE_DEPS = compute/* config.yml $(COMPUTE_GENERATED)
-DOC_DEPS = doc/Dockerfile doc/apache2_vhost
+DOC_DEPS = doc/Dockerfile $(DOC_GENERATED)
WORKBENCH_DEPS = workbench/Dockerfile \
config.yml \
@@ -110,6 +111,9 @@ WORKBENCH_GENERATED = workbench/generated/*
SSO_GENERATED_IN = sso/*.in
SSO_GENERATED = sso/generated/*
+DOC_GENERATED_IN = doc/*.in
+DOC_GENERATED = doc/generated/*
+
KEEP_DEPS += keep/generated/bin/keepproxy
KEEP_DEPS += keep/generated/bin/keepstore
keep/generated/bin/%: $(wildcard build/services/%/*.go)
@@ -158,6 +162,9 @@ $(COMPUTE_GENERATED): $(COMPUTE_GENERATED_IN)
$(SSO_GENERATED): $(SSO_GENERATED_IN)
$(CONFIG_RB) sso
+$(DOC_GENERATED): $(DOC_GENERATED_IN)
+ $(CONFIG_RB) doc
+
$(KEEP_GENERATED): $(KEEP_GENERATED_IN)
$(CONFIG_RB) keep
diff --git a/docker/build_tools/build.rb b/docker/build_tools/build.rb
index e8f5809..e3309a9 100755
--- a/docker/build_tools/build.rb
+++ b/docker/build_tools/build.rb
@@ -51,38 +51,38 @@ def main options
# Generate a config.yml if it does not exist or is empty
if not File.size? 'config.yml'
print "Generating config.yml.\n"
- print "Arvados needs to know the email address of the administrative user,\n"
- print "so that when that user logs in they are automatically made an admin.\n"
- print "This should be an email address associated with a Google account.\n"
- print "\n"
- admin_email_address = ""
- until is_valid_email? admin_email_address
- print "Enter your Google ID email address here: "
- admin_email_address = gets.strip
- if not is_valid_email? admin_email_address
- print "That doesn't look like a valid email address. Please try again.\n"
- end
- end
-
- print "Arvados needs to know the shell login name for the administrative user.\n"
- print "This will also be used as the name for your git repository.\n"
- print "\n"
- user_name = ""
- until is_valid_user_name? user_name
- print "Enter a shell login name here: "
- user_name = gets.strip
- if not is_valid_user_name? user_name
- print "That doesn't look like a valid shell login name. Please try again.\n"
- end
- end
+ # print "Arvados needs to know the email address of the administrative user,\n"
+ # print "so that when that user logs in they are automatically made an admin.\n"
+ # print "This should be an email address associated with a Google account.\n"
+ # print "\n"
+ # admin_email_address = ""
+ # until is_valid_email? admin_email_address
+ # print "Enter your Google ID email address here: "
+ # admin_email_address = gets.strip
+ # if not is_valid_email? admin_email_address
+ # print "That doesn't look like a valid email address. Please try again.\n"
+ # end
+ # end
+
+ # print "Arvados needs to know the shell login name for the administrative user.\n"
+ # print "This will also be used as the name for your git repository.\n"
+ # print "\n"
+ # user_name = ""
+ # until is_valid_user_name? user_name
+ # print "Enter a shell login name here: "
+ # user_name = gets.strip
+ # if not is_valid_user_name? user_name
+ # print "That doesn't look like a valid shell login name. Please try again.\n"
+ # end
+ # end
File.open 'config.yml', 'w' do |config_out|
config_out.write "# If a _PW or _SECRET variable is set to an empty string, a password\n"
config_out.write "# will be chosen randomly at build time. This is the\n"
config_out.write "# recommended setting.\n\n"
config = YAML.load_file 'config.yml.example'
- config['API_AUTO_ADMIN_USER'] = admin_email_address
- config['ARVADOS_USER_NAME'] = user_name
+ #config['API_AUTO_ADMIN_USER'] = admin_email_address
+ #config['ARVADOS_USER_NAME'] = user_name
config['API_HOSTNAME'] = generate_api_hostname
config['API_WORKBENCH_ADDRESS'] = 'false'
config.each_key do |var|
diff --git a/docker/config.yml.example b/docker/config.yml.example
index 4210ec3..f40c0fe 100644
--- a/docker/config.yml.example
+++ b/docker/config.yml.example
@@ -7,7 +7,7 @@ ARVADOS_USER_NAME:
# ARVADOS_DOMAIN: the Internet domain of this installation.
# ARVADOS_DNS_SERVER: the authoritative nameserver for ARVADOS_DOMAIN.
-ARVADOS_DOMAIN: # e.g. arvados.internal
+ARVADOS_DOMAIN: dev.arvados
ARVADOS_DNS_SERVER: # e.g. 192.168.0.1
# ==============================
@@ -79,8 +79,6 @@ WORKBENCH_VCF_PIPELINE_UUID:
WORKBENCH_SITE_NAME: Arvados Workbench
WORKBENCH_INSECURE_HTTPS: true
WORKBENCH_ACTIVATION_CONTACT_LINK: mailto:arvados at curoverse.com
-WORKBENCH_ARVADOS_LOGIN_BASE: https://@@API_HOSTNAME@@.@@ARVADOS_DOMAIN@@/login
-WORKBENCH_ARVADOS_V1_BASE: https://@@API_HOSTNAME@@.@@ARVADOS_DOMAIN@@/arvados/v1
WORKBENCH_SECRET:
# ==============================
@@ -89,11 +87,5 @@ WORKBENCH_SECRET:
SSO_HOSTNAME: sso
SSO_SECRET:
SSO_CLIENT_NAME: devsandbox
-# ==============================
-# Default to using auth.curoverse.com as SSO server
-# To use your a local Docker SSO server, set OMNIAUTH_URL and SSO_CLIENT_SECRET
-# to the empty string
-# ==============================
-OMNIAUTH_URL: https://auth.curoverse.com
SSO_CLIENT_APP_ID: local_docker_installation
-SSO_CLIENT_SECRET: yohbai4eecohshoo1Yoot7tea9zoca9Eiz3Tajahweo9eePaeshaegh9meiye2ph
+SSO_CLIENT_SECRET:
diff --git a/docker/doc/Dockerfile b/docker/doc/Dockerfile
index aa51a38..d890710 100644
--- a/docker/doc/Dockerfile
+++ b/docker/doc/Dockerfile
@@ -14,10 +14,11 @@ ADD generated/doc.tar.gz /usr/src/arvados/
RUN /usr/local/rvm/bin/rvm-exec default bundle install --gemfile=/usr/src/arvados/doc/Gemfile && \
/bin/sed -ri 's/^baseurl: .*$/baseurl: /' /usr/src/arvados/doc/_config.yml && \
cd /usr/src/arvados/doc && \
- LANG="en_US.UTF-8" LC_ALL="en_US.UTF-8" /usr/local/rvm/bin/rvm-exec default bundle exec rake
+ LANG="en_US.UTF-8" LC_ALL="en_US.UTF-8" /usr/local/rvm/bin/rvm-exec default bundle exec rake generate arvados_api_host=api.dev.arvados arvados_workbench_host=workbench.dev.arvados
+
# Configure Apache
-ADD apache2_vhost /etc/apache2/sites-available/doc
+ADD generated/apache2_vhost /etc/apache2/sites-available/doc
RUN \
a2dissite default && \
a2ensite doc
diff --git a/docker/doc/apache2_vhost b/docker/doc/apache2_vhost.in
similarity index 62%
rename from docker/doc/apache2_vhost
rename to docker/doc/apache2_vhost.in
index 3a07776..76da6d0 100644
--- a/docker/doc/apache2_vhost
+++ b/docker/doc/apache2_vhost.in
@@ -1,12 +1,11 @@
-ServerName doc.arvados.org
+ServerName doc.@@ARVADOS_DOMAIN@@
<VirtualHost *:80>
ServerAdmin sysadmin at curoverse.com
- ServerName doc.arvados.org
+ ServerName doc.@@ARVADOS_DOMAIN@@
DocumentRoot /usr/src/arvados/doc/.site/
</VirtualHost>
-
diff --git a/docker/workbench/Dockerfile b/docker/workbench/Dockerfile
index 94d9f87..2e2a782 100644
--- a/docker/workbench/Dockerfile
+++ b/docker/workbench/Dockerfile
@@ -28,10 +28,10 @@ ADD generated/apache2_vhost /etc/apache2/sites-available/workbench
RUN \
a2dissite default && \
a2ensite workbench && \
- a2enmod rewrite
+ a2enmod rewrite && \
+ /bin/mkdir /var/run/apache2
ADD apache2_foreground.sh /etc/apache2/foreground.sh
# Start Apache
CMD ["/etc/apache2/foreground.sh"]
-
diff --git a/docker/workbench/apache2_vhost.in b/docker/workbench/apache2_vhost.in
index 05376ea..f929781 100644
--- a/docker/workbench/apache2_vhost.in
+++ b/docker/workbench/apache2_vhost.in
@@ -1,6 +1,7 @@
+
<VirtualHost *:80>
- ServerName workbench.@@API_HOSTNAME@@.@@ARVADOS_DOMAIN@@
+ ServerName workbench.@@ARVADOS_DOMAIN@@
ServerAdmin sysadmin at curoverse.com
RailsEnv @@WORKBENCH_RAILS_MODE@@
@@ -22,5 +23,15 @@
allow from all
</Directory>
-</VirtualHost>
+ <IfModule mod_ssl.c>
+ SSLEngine off
+ # SSLCertificateChainFile /etc/ssl/certs/startcom.sub.class1.server.ca.pem
+ # SSLCACertificateFile /etc/ssl/certs/startcom.ca.pem
+ # SSLCertificateFile /etc/ssl/certs/qr1hi.arvadosapi.com.crt.pem
+ # SSLCertificateKeyFile /etc/ssl/private/qr1hi.arvadosapi.com.key.pem
+ SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
+ SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
+ SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
+ </IfModule>
+</VirtualHost>
diff --git a/docker/workbench/application.yml.in b/docker/workbench/application.yml.in
index c517c5c..c0720b4 100644
--- a/docker/workbench/application.yml.in
+++ b/docker/workbench/application.yml.in
@@ -15,8 +15,8 @@ common:
secret_token: @@WORKBENCH_SECRET@@
# You probably also want to point to your API server.
- arvados_login_base: 'https://api.dev.arvados/login'
- arvados_v1_base: 'https://api.dev.arvados/arvados/v1'
+ arvados_login_base: 'https://api.@@ARVADOS_DOMAIN@@/login'
+ arvados_v1_base: 'https://api.@@ARVADOS_DOMAIN@@/arvados/v1'
arvados_insecure_https: @@WORKBENCH_INSECURE_HTTPS@@
data_import_dir: @@WORKBENCH_DATA_IMPORT_DIR@@
@@ -24,3 +24,5 @@ common:
site_name: @@WORKBENCH_SITE_NAME@@
activation_contact_link: @@WORKBENCH_ACTIVATION_CONTACT_LINK@@
+
+ arvados_docsite: http://doc.@@ARVADOS_DOMAIN@@
\ No newline at end of file
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list