[ARVADOS] updated: 1.3.0-844-g7881bce47

Git user git at public.curoverse.com
Wed May 8 19:47:23 UTC 2019 

Summary of changes:
 tools/arvbox/bin/arvbox                             |  2 +-
 .../lib/arvbox/docker/service/certificate/run       |  6 ++++--
 .../service/crunch-dispatch-local/run-service       |  2 +-
 .../arvbox/docker/service/workbench2/run-service    | 21 +++++++++++++++++++++
 4 files changed, 27 insertions(+), 4 deletions(-)

       via  7881bce47e7bce5375778b185f598ba53b6a64c6 (commit)
      from  d23014650ec0f90a3ffdf748cde8ee10c7ba365b (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.


commit 7881bce47e7bce5375778b185f598ba53b6a64c6
Author: Peter Amstutz <pamstutz at veritasgenetics.com>
Date:   Fri May 3 16:21:06 2019 -0400

    arvbox crunch-run and certificate fixes
    
    arvbox crunch-run change to -container-enable-networking=default
    
    Previously was "always" which causes CWL tests that checked that
    networking was disabled to fail.
    
    arvbox root-cert creates file with .crt instead of .pem, because
    that's the file extension update-ca-certificates looks for.
    
    Add cluster id and timestamp to arvbox test certificate common name to
    prevents collisions on the certificate subject.
    
    Arvbox sets trusted api_client for workbench2.
    
    refs #15028 refs #15061
    
    Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <pamstutz at veritasgenetics.com>

diff --git a/tools/arvbox/bin/arvbox b/tools/arvbox/bin/arvbox
index 878119634..3e829522a 100755
--- a/tools/arvbox/bin/arvbox
+++ b/tools/arvbox/bin/arvbox
@@ -564,7 +564,7 @@ case "$subcmd" in
         ;;
 
     root-cert)
-	CERT=$PWD/${ARVBOX_CONTAINER}-root-cert.pem
+	CERT=$PWD/${ARVBOX_CONTAINER}-root-cert.crt
 	if test -n "$1" ; then
 	    CERT="$1"
 	fi
diff --git a/tools/arvbox/lib/arvbox/docker/service/certificate/run b/tools/arvbox/lib/arvbox/docker/service/certificate/run
index 1b062ad8d..6cd2de501 100755
--- a/tools/arvbox/lib/arvbox/docker/service/certificate/run
+++ b/tools/arvbox/lib/arvbox/docker/service/certificate/run
@@ -8,6 +8,8 @@ set -ex -o pipefail
 
 . /usr/local/lib/arvbox/common.sh
 
+uuid_prefix=$(cat /var/lib/arvados/api_uuid_prefix)
+
 if test ! -s /var/lib/arvados/root-cert.pem ; then
     # req           signing request sub-command
     # -new          new certificate request
@@ -26,7 +28,7 @@ if test ! -s /var/lib/arvados/root-cert.pem ; then
 	    -nodes \
 	    -sha256 \
 	    -x509 \
-	    -subj "/C=US/ST=MA/O=Arvados testing/OU=arvbox/CN=arvbox testing root CA for ${uuid_prefix}" \
+	    -subj "/C=US/ST=MA/O=Arvados testing/OU=arvbox/CN=test root CA for ${uuid_prefix} generated $(date --rfc-3339=seconds)" \
 	    -extensions x509_ext \
 	    -config <(cat /etc/ssl/openssl.cnf \
 			  <(printf "\n[x509_ext]\nbasicConstraints=critical,CA:true,pathlen:0\nkeyUsage=critical,keyCertSign,cRLSign")) \
@@ -59,7 +61,7 @@ if test ! -s /var/lib/arvados/server-cert-${localip}.pem ; then
 	    -new \
 	    -nodes \
 	    -sha256 \
-	    -subj "/C=US/ST=MA/O=Arvados testing for ${uuid_prefix}/OU=arvbox/CN=localhost" \
+	    -subj "/C=US/ST=MA/O=Arvados testing/OU=arvbox/CN=test server cert for ${uuid_prefix} generated $(date --rfc-3339=seconds)" \
 	    -reqexts x509_ext \
 	    -extensions x509_ext \
 	    -config <(cat /etc/ssl/openssl.cnf \
diff --git a/tools/arvbox/lib/arvbox/docker/service/crunch-dispatch-local/run-service b/tools/arvbox/lib/arvbox/docker/service/crunch-dispatch-local/run-service
index 87c427cd2..433015793 100755
--- a/tools/arvbox/lib/arvbox/docker/service/crunch-dispatch-local/run-service
+++ b/tools/arvbox/lib/arvbox/docker/service/crunch-dispatch-local/run-service
@@ -19,7 +19,7 @@ fi
 
 cat > /usr/local/bin/crunch-run.sh <<EOF
 #!/bin/sh
-exec /usr/local/bin/crunch-run -container-enable-networking=always -container-network-mode=host \$@
+exec /usr/local/bin/crunch-run -container-enable-networking=default -container-network-mode=host \$@
 EOF
 chmod +x /usr/local/bin/crunch-run.sh
 
diff --git a/tools/arvbox/lib/arvbox/docker/service/workbench2/run-service b/tools/arvbox/lib/arvbox/docker/service/workbench2/run-service
index 2dbef4ab8..e9e1ca4f8 100755
--- a/tools/arvbox/lib/arvbox/docker/service/workbench2/run-service
+++ b/tools/arvbox/lib/arvbox/docker/service/workbench2/run-service
@@ -26,6 +26,27 @@ cat <<EOF > /usr/src/workbench2/public/config.json
 }
 EOF
 
+export ARVADOS_API_HOST=$localip:${services[controller-ssl]}
+export ARVADOS_API_TOKEN=$(cat /var/lib/arvados/superuser_token)
+
+url_prefix="https://$localip:${services[workbench2-ssl]}/"
+
+set +e
+read -rd $'\000' apiclient <<EOF
+{
+   "url_prefix": "$url_prefix",
+   "is_trusted": true
+}
+EOF
+set -e
+
+clientuuid=$(arv --format=uuid api_client list --filters '[["url_prefix", "=", "'$url_prefix'"]]')
+if [[ -n "$clientuuid" ]] ; then
+    arv api_client update --uuid $clientuuid --api-client "$apiclient"
+else
+    arv api_client create --api-client "$apiclient"
+fi
+
 export HTTPS=false
 # Can't use "yarn start", need to run the dev server script
 # directly so that the TERM signal from "sv restart" gets to the

-----------------------------------------------------------------------


hooks/post-receive
--

More information about the arvados-commits mailing list