[ARVADOS] updated: 1.3.0-2002-g9d47c912d

Git user git at public.arvados.org
Wed Dec 18 18:22:38 UTC 2019 

Summary of changes:
 doc/install/install-dispatch-cloud.html.textile.liquid | 6 ++++++
 doc/install/install-keep-web.html.textile.liquid       | 8 ++++----
 2 files changed, 10 insertions(+), 4 deletions(-)

       via  9d47c912d10ba901521fd74e2d1a8918c2f733c3 (commit)
      from  c88fddd8b4850196a4cd3cd724eb25f8b375e646 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.


commit 9d47c912d10ba901521fd74e2d1a8918c2f733c3
Author: Peter Amstutz <peter.amstutz at curii.com>
Date:   Wed Dec 18 13:22:18 2019 -0500

    15572: Add notes about keep-web and compute node image configuration
    
    Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <peter.amstutz at curii.com>

diff --git a/doc/install/install-dispatch-cloud.html.textile.liquid b/doc/install/install-dispatch-cloud.html.textile.liquid
index af75b8779..5709e5aaa 100644
--- a/doc/install/install-dispatch-cloud.html.textile.liquid
+++ b/doc/install/install-dispatch-cloud.html.textile.liquid
@@ -27,6 +27,12 @@ h2(#create-image). Create compute node VM image
 
 Create a VM image following the steps "to set up a compute node":crunch2-slurm/install-compute-node.html
 
+On the compute VM image, add the API server's internal IP address to @/etc/hosts@, this will ensure that it contacts the API server on the private network and not through the public interface.  For example:
+
+<pre>
+10.20.30.40     ClusterID.example.com
+</pre>
+
 h2(#update-config). Update config.yml
 
 h3. Create a private key
diff --git a/doc/install/install-keep-web.html.textile.liquid b/doc/install/install-keep-web.html.textile.liquid
index b79082fd1..9daa90ec3 100644
--- a/doc/install/install-keep-web.html.textile.liquid
+++ b/doc/install/install-keep-web.html.textile.liquid
@@ -48,7 +48,7 @@ If @WebDAVDownload@ is blank, and @WebDAV@ has a single origin (not wildcard, se
 
 h3. Collections preview URL
 
-Collections will be served using the URL pattern in @Services.WebDAV.ExternalURL@ .  If blank, use @Services.WebDAVDownload.ExternalURL@ instead, and disable inline preview.  If both are empty, downloading collections from workbench will be impossible.
+Collections will be served using the URL pattern in @Services.WebDAV.ExternalURL@ .  If blank, use @Services.WebDAVDownload.ExternalURL@ instead, and disable inline preview.  If both are empty, downloading collections from workbench will be impossible.  When wildcard domains configured, credentials are still required to access non-public data.
 
 h4. In their own subdomain
 
@@ -57,7 +57,7 @@ Collections can be served from their own subdomain:
 <notextile>
 <pre><code>    Services:
       WebDAV:
-        ExternalURL: <span class="userinput">https://*.collections.ClusterID.example.com</span>
+        ExternalURL: <span class="userinput">https://*.collections.ClusterID.example.com/</span>
 </code></pre>
 </notextile>
 
@@ -68,13 +68,13 @@ Alternately, they can go under the main domain by including @--@:
 <notextile>
 <pre><code>    Services:
       WebDAV:
-        ExternalURL: <span class="userinput">https://*--collections.ClusterID.example.com</span>
+        ExternalURL: <span class="userinput">https://*--collections.ClusterID.example.com/</span>
 </code></pre>
 </notextile>
 
 h4. From a single domain
 
-Serve preview links from a single domain, setting uuid or pdh in the path (similar to downloads).  This configuration only allows previews of public data or collection-sharing links, because these use the anonymous user token or the token is already embedded in the URL.  Authenticated requests will always result in file downloads from @Services.WebDAVDownload.ExternalURL at .
+Serve preview links from a single domain, setting uuid or pdh in the path (similar to downloads).  This configuration only allows previews of public data (data accessible by the anonymous user) and collection-sharing links (where the token is already embedded in the URL); it will ignore authorization headers, so a request for non-public data may return "404 Not Found" even if normally valid credentials were provided.
 
 <notextile>
 <pre><code>    Services:

-----------------------------------------------------------------------


hooks/post-receive
--

More information about the arvados-commits mailing list