[ARVADOS] updated: 1.3.0-619-g5220b3dad
Git user
git at public.curoverse.com
Mon Apr 1 18:58:55 UTC 2019
Summary of changes:
doc/install/arvbox.html.textile.liquid | 37 ++++++++++++++++------
tools/arvbox/bin/arvbox | 12 ++++---
tools/arvbox/lib/arvbox/docker/Dockerfile.base | 4 +--
tools/arvbox/lib/arvbox/docker/api-setup.sh | 3 --
.../docker/service/slurmctld/log/main/.gitstub | 0
.../lib/arvbox/docker/service/slurmctld/log/run | 1 -
.../arvbox/lib/arvbox/docker/service/slurmctld/run | 34 --------------------
.../arvbox/docker/service/slurmd/log/main/.gitstub | 0
.../lib/arvbox/docker/service/slurmd/log/run | 1 -
tools/arvbox/lib/arvbox/docker/service/slurmd/run | 9 ------
.../lib/arvbox/docker/service/sso/run-service | 6 ++--
11 files changed, 41 insertions(+), 66 deletions(-)
delete mode 100644 tools/arvbox/lib/arvbox/docker/service/slurmctld/log/main/.gitstub
delete mode 120000 tools/arvbox/lib/arvbox/docker/service/slurmctld/log/run
delete mode 100755 tools/arvbox/lib/arvbox/docker/service/slurmctld/run
delete mode 100644 tools/arvbox/lib/arvbox/docker/service/slurmd/log/main/.gitstub
delete mode 120000 tools/arvbox/lib/arvbox/docker/service/slurmd/log/run
delete mode 100755 tools/arvbox/lib/arvbox/docker/service/slurmd/run
via 5220b3dada5038eab78ed309d055a8b3e22877eb (commit)
via 710a784b64e6192770d42a5a27c8f7b167905f4a (commit)
from 82d4b75769f5cc33001dcc016762651a911f7297 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
commit 5220b3dada5038eab78ed309d055a8b3e22877eb
Merge: 82d4b7576 710a784b6
Author: Peter Amstutz <pamstutz at veritasgenetics.com>
Date: Mon Apr 1 14:58:40 2019 -0400
Merge branch 'arvbox-cert-docs' no issue #
Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <pamstutz at veritasgenetics.com>
commit 710a784b64e6192770d42a5a27c8f7b167905f4a
Author: Peter Amstutz <pamstutz at veritasgenetics.com>
Date: Mon Apr 1 12:28:12 2019 -0400
Update arvbox docs to describe how to install root cert
Remove slurm from arvbox
Arvbox cluster ids now always start with 'x' to be consistent with
cluster identifier guidelines for "experimental/local-only/private clusters"
no issue #
Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <pamstutz at veritasgenetics.com>
diff --git a/doc/install/arvbox.html.textile.liquid b/doc/install/arvbox.html.textile.liquid
index 8827cf8ab..2d94d32ac 100644
--- a/doc/install/arvbox.html.textile.liquid
+++ b/doc/install/arvbox.html.textile.liquid
@@ -31,17 +31,19 @@ h2. Usage
$ arvbox
Arvados-in-a-box http://arvados.org
-build <config> build arvbox Docker image
-rebuild <config> build arvbox Docker image, no layer cache
-start|run <config> start arvbox container
-open open arvbox workbench in a web browser
-shell enter arvbox shell
-ip print arvbox docker container ip address
-host print arvbox published host
-status print some information about current arvbox
+start|run <config> [tag] start arvbox container
stop stop arvbox container
restart <config> stop, then run again
-reboot <config> stop, build arvbox Docker image, run
+status print some information about current arvbox
+ip print arvbox docker container ip address
+host print arvbox published host
+shell enter arvbox shell
+open open arvbox workbench in a web browser
+root-cert get copy of root certificate
+update <config> stop, pull latest image, run
+build <config> build arvbox Docker image
+reboot <config> stop, build arvbox Docker image, run
+rebuild <config> build arvbox Docker image, no layer cache
reset delete arvbox arvados data (be careful!)
destroy delete all arvbox code and data (be careful!)
log <service> tail log of specified service
@@ -52,6 +54,23 @@ sv <start|stop|restart> <service> change state of service inside arvbox
clone <from> <to> clone an arvbox
</pre>
+h2. Install root certificate
+
+Arvbox creates root certificate to authorize Arvbox services. Installing the root certificate into your web browser will prevent security errors when accessing Arvbox services with your web browser. Every Arvbox instance generates a new root signing key.
+
+# Export the certificate using @arvbox root-cert@
+# Go to the certificate manager in your browser.
+#* In Chrome, this can be found under "Settings → Advanced → Manage Certificates" or by entering @chrome://settings/certificates@ in the URL bar.
+#* In Firefox, this can be found under "Preferences → Privacy & Security" or entering @about:preferences#privacy@ in the URL bar and then choosing "View Certificates...".
+# Select the "Authorities" tab, then press the "Import" button. Choose @arvbox-root-cert.pem@
+
+The certificate will be added under the "Arvados testing" organization as "arvbox testing root CA".
+
+To access your Arvbox instance using command line clients (such as arv-get and arv-put) without security errors, install the certificate into the OS certificate storage (instructions for Debian/Ubuntu):
+
+# copy @arvbox-root-cert.pem@ to @/usr/local/share/ca-certificates/@
+# run @/usr/sbin/update-ca-certificates@
+
h2. Configs
h3. dev
diff --git a/tools/arvbox/bin/arvbox b/tools/arvbox/bin/arvbox
index a9c85a960..74933718c 100755
--- a/tools/arvbox/bin/arvbox
+++ b/tools/arvbox/bin/arvbox
@@ -515,10 +515,13 @@ case "$subcmd" in
fi
;;
- install-root-cert)
- set -x
- sudo cp $VAR_DATA/root-cert.pem /usr/local/share/ca-certificates/${ARVBOX_CONTAINER}-testing-cert.crt
- sudo update-ca-certificates
+ root-cert)
+ CERT=$PWD/${ARVBOX_CONTAINER}-root-cert.pem
+ if test -n "$1" ; then
+ CERT="$1"
+ fi
+ docker exec $ARVBOX_CONTAINER cat /var/lib/arvados/root-cert.pem > "$CERT"
+ echo "Certificate copied to $CERT"
;;
devenv)
@@ -566,6 +569,7 @@ case "$subcmd" in
echo "host print arvbox published host"
echo "shell enter arvbox shell"
echo "open open arvbox workbench in a web browser"
+ echo "root-cert get copy of root certificate"
echo "update <config> stop, pull latest image, run"
echo "build <config> build arvbox Docker image"
echo "reboot <config> stop, build arvbox Docker image, run"
diff --git a/tools/arvbox/lib/arvbox/docker/Dockerfile.base b/tools/arvbox/lib/arvbox/docker/Dockerfile.base
index 1949af435..741bd33c4 100644
--- a/tools/arvbox/lib/arvbox/docker/Dockerfile.base
+++ b/tools/arvbox/lib/arvbox/docker/Dockerfile.base
@@ -16,11 +16,11 @@ RUN apt-get update && \
pkg-config libattr1-dev python-llfuse python-pycurl \
libwww-perl libio-socket-ssl-perl libcrypt-ssleay-perl \
libjson-perl nginx gitolite3 lsof libreadline-dev \
- apt-transport-https ca-certificates slurm-wlm \
+ apt-transport-https ca-certificates \
linkchecker python3-virtualenv python-virtualenv xvfb iceweasel \
libgnutls28-dev python3-dev vim cadaver cython gnupg dirmngr \
libsecret-1-dev r-base r-cran-testthat libxml2-dev pandoc \
- python3-setuptools python3-pip openjdk-8-jdk && \
+ python3-setuptools python3-pip openjdk-8-jdk bsdmainutils && \
apt-get clean
ENV RUBYVERSION_MINOR 2.3
diff --git a/tools/arvbox/lib/arvbox/docker/api-setup.sh b/tools/arvbox/lib/arvbox/docker/api-setup.sh
index 0f283830f..482934c91 100755
--- a/tools/arvbox/lib/arvbox/docker/api-setup.sh
+++ b/tools/arvbox/lib/arvbox/docker/api-setup.sh
@@ -18,9 +18,6 @@ fi
set -u
-if ! test -s /var/lib/arvados/api_uuid_prefix ; then
- ruby -e 'puts "#{rand(2**64).to_s(36)[0,5]}"' > /var/lib/arvados/api_uuid_prefix
-fi
uuid_prefix=$(cat /var/lib/arvados/api_uuid_prefix)
if ! test -s /var/lib/arvados/api_secret_token ; then
diff --git a/tools/arvbox/lib/arvbox/docker/service/slurmctld/log/main/.gitstub b/tools/arvbox/lib/arvbox/docker/service/slurmctld/log/main/.gitstub
deleted file mode 100644
index e69de29bb..000000000
diff --git a/tools/arvbox/lib/arvbox/docker/service/slurmctld/log/run b/tools/arvbox/lib/arvbox/docker/service/slurmctld/log/run
deleted file mode 120000
index d6aef4a77..000000000
--- a/tools/arvbox/lib/arvbox/docker/service/slurmctld/log/run
+++ /dev/null
@@ -1 +0,0 @@
-/usr/local/lib/arvbox/logger
\ No newline at end of file
diff --git a/tools/arvbox/lib/arvbox/docker/service/slurmctld/run b/tools/arvbox/lib/arvbox/docker/service/slurmctld/run
deleted file mode 100755
index bb500a5c3..000000000
--- a/tools/arvbox/lib/arvbox/docker/service/slurmctld/run
+++ /dev/null
@@ -1,34 +0,0 @@
-#!/bin/bash
-# Copyright (C) The Arvados Authors. All rights reserved.
-#
-# SPDX-License-Identifier: AGPL-3.0
-
-exec 2>&1
-set -eux -o pipefail
-
-. /usr/local/lib/arvbox/common.sh
-
-cat > /etc/slurm-llnl/slurm.conf <<EOF
-ControlMachine=$HOSTNAME
-ControlAddr=$HOSTNAME
-AuthType=auth/munge
-DefaultStorageLoc=/var/log/slurm-llnl
-SelectType=select/cons_res
-SelectTypeParameters=CR_CPU_Memory
-SlurmUser=arvbox
-SlurmdUser=arvbox
-SlurmctldPort=7002
-SlurmctldTimeout=300
-SlurmdPort=7003
-SlurmdSpoolDir=/var/tmp/slurmd.spool
-SlurmdTimeout=300
-StateSaveLocation=/var/tmp/slurm.state
-NodeName=$HOSTNAME
-PartitionName=compute State=UP Default=YES Nodes=$HOSTNAME
-EOF
-
-mkdir -p /var/run/munge
-
-/usr/sbin/munged -f
-
-exec /usr/sbin/slurmctld -v -D
diff --git a/tools/arvbox/lib/arvbox/docker/service/slurmd/log/main/.gitstub b/tools/arvbox/lib/arvbox/docker/service/slurmd/log/main/.gitstub
deleted file mode 100644
index e69de29bb..000000000
diff --git a/tools/arvbox/lib/arvbox/docker/service/slurmd/log/run b/tools/arvbox/lib/arvbox/docker/service/slurmd/log/run
deleted file mode 120000
index d6aef4a77..000000000
--- a/tools/arvbox/lib/arvbox/docker/service/slurmd/log/run
+++ /dev/null
@@ -1 +0,0 @@
-/usr/local/lib/arvbox/logger
\ No newline at end of file
diff --git a/tools/arvbox/lib/arvbox/docker/service/slurmd/run b/tools/arvbox/lib/arvbox/docker/service/slurmd/run
deleted file mode 100755
index 8656b2780..000000000
--- a/tools/arvbox/lib/arvbox/docker/service/slurmd/run
+++ /dev/null
@@ -1,9 +0,0 @@
-#!/bin/bash
-# Copyright (C) The Arvados Authors. All rights reserved.
-#
-# SPDX-License-Identifier: AGPL-3.0
-
-exec 2>&1
-set -eux -o pipefail
-
-exec /usr/local/lib/arvbox/runsu.sh /usr/sbin/slurmd -v -D
diff --git a/tools/arvbox/lib/arvbox/docker/service/sso/run-service b/tools/arvbox/lib/arvbox/docker/service/sso/run-service
index af49d4b3c..cbd3b2fbe 100755
--- a/tools/arvbox/lib/arvbox/docker/service/sso/run-service
+++ b/tools/arvbox/lib/arvbox/docker/service/sso/run-service
@@ -25,10 +25,10 @@ fi
set -u
-if ! test -s /var/lib/arvados/sso_uuid_prefix ; then
- ruby -e 'puts "#{rand(2**64).to_s(36)[0,5]}"' > /var/lib/arvados/sso_uuid_prefix
+if ! test -s /var/lib/arvados/api_uuid_prefix ; then
+ ruby -e 'puts "x#{rand(2**64).to_s(36)[0,4]}"' > /var/lib/arvados/api_uuid_prefix
fi
-uuid_prefix=$(cat /var/lib/arvados/sso_uuid_prefix)
+uuid_prefix=$(cat /var/lib/arvados/api_uuid_prefix)
if ! test -s /var/lib/arvados/sso_secret_token ; then
ruby -e 'puts rand(2**400).to_s(36)' > /var/lib/arvados/sso_secret_token
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list