[ARVADOS] updated: 1.3.0-854-g81ca884e5
Git user
git at public.curoverse.com
Tue May 14 18:12:47 UTC 2019
Summary of changes:
doc/admin/merge-remote-account.html.textile.liquid | 4 ++--
sdk/python/arvados/commands/federation_migrate.py | 22 +++++++++++++++++++---
2 files changed, 21 insertions(+), 5 deletions(-)
via 81ca884e5ca26bec3bba79c94286e7923f3be82b (commit)
from 05bfa9a17e8d46d9a388fea130b7df33b7aa15c6 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
commit 81ca884e5ca26bec3bba79c94286e7923f3be82b
Author: Peter Amstutz <pamstutz at veritasgenetics.com>
Date: Tue May 14 14:12:25 2019 -0400
15061: Check well-connectedness. Fix typos.
Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <pamstutz at veritasgenetics.com>
diff --git a/doc/admin/merge-remote-account.html.textile.liquid b/doc/admin/merge-remote-account.html.textile.liquid
index 14899f37f..c6188095e 100644
--- a/doc/admin/merge-remote-account.html.textile.liquid
+++ b/doc/admin/merge-remote-account.html.textile.liquid
@@ -11,7 +11,7 @@ SPDX-License-Identifier: CC-BY-SA-3.0
When using multiple Arvados clusters, prior to federation capabilities described here, a user would have to create a separate account on each cluster. Unfortunately, because each account represents a separate "identity", in this system permissions granted to a user on one cluster do not transfer to another cluster, even if the accounts are associated with the same user.
-To address this, Arvados supports "federated user accounts". A federated user account is associated with a specific "home" cluster, and can be used access other clusters in the federation that trust the home cluster. When a user arrives at another cluster's Workbench, they select and log in to their home cluster, and then are returned to the starting cluster logged in with the federated user account.
+To address this, Arvados supports "federated user accounts". A federated user account is associated with a specific "home" cluster, and can be used to access other clusters in the federation that trust the home cluster. When a user arrives at another cluster's Workbench, they select and log in to their home cluster, and then are returned to the starting cluster logged in with the federated user account.
When setting up federation capabilities on existing clusters, some users might already have accounts on multiple clusters. In order to have a single federated identity, users should be assigned a "home" cluster, and accounts associated with that user on the other (non-home) clusters should be migrated to the new federated user account. The @arv-federation-migrate@ tool assists with this.
@@ -55,7 +55,7 @@ person_b at example.com,x3982-tpzed-1vl3k7knf7qihbe,
person_b at example.com,x6b1s-tpzed-w4nhkx2rmrhlr54,
</pre>
-The third column describes that user's home cluster. If a user only has one account (identified by email address), the column will be filled in and there is nothing to do. If the column is blank, that means there is more than one Arvados account associated with the user. Edit the file and provide the desired home cluster for each user. In this example, @person_b at example.com@ is assigned the home cluster @x3982 at .
+The third column describes that user's home cluster. If a user only has one account (identified by email address), the column will be filled in and there is nothing to do. If the column is blank, that means there is more than one Arvados account associated with the user. Edit the file and provide the desired home cluster for each user. In this example, <code>person_b at example.com</code> is assigned the home cluster @x3982 at .
_users.csv_
diff --git a/sdk/python/arvados/commands/federation_migrate.py b/sdk/python/arvados/commands/federation_migrate.py
index e04c0f7f9..829d0d899 100755
--- a/sdk/python/arvados/commands/federation_migrate.py
+++ b/sdk/python/arvados/commands/federation_migrate.py
@@ -12,11 +12,12 @@ import hmac
def main():
- parser = argparse.ArgumentParser(description='Migrate users to federated identity, see https://doc.arvados.org/admin/???')
+ parser = argparse.ArgumentParser(description='Migrate users to federated identity, see https://doc.arvados.org/admin/merge-remote-account.html')
parser.add_argument('--tokens', type=str, required=True)
group = parser.add_mutually_exclusive_group(required=True)
- group.add_argument('--report', type=str)
- group.add_argument('--migrate', type=str)
+ group.add_argument('--report', type=str, help="Generate report .csv file listing users by email address and their associated Arvados accounts")
+ group.add_argument('--migrate', type=str, help="Consume report .csv and migrate users to designated Arvados accounts")
+ group.add_argument('--check', action="store_true", help="Check that tokens are usable and the federation is well connected")
args = parser.parse_args()
clusters = {}
@@ -26,12 +27,27 @@ def main():
for r in csv.reader(f):
host = r[0]
token = r[1]
+ print("Contacting %s" % (host))
arv = arvados.api(host=host, token=token)
clusters[arv._rootDesc["uuidPrefix"]] = arv
cur = arv.users().current().execute()
if not cur["is_admin"]:
raise Exception("Not admin of %s" % host)
+ print("Checking that the federation is well connected")
+ fail = False
+ for v in clusters.values():
+ for r in clusters:
+ if r != v._rootDesc["uuidPrefix"] and r not in v._rootDesc["remoteHosts"]:
+ print("%s is missing from remoteHosts on %s" % (r, v._rootDesc["uuidPrefix"]))
+ fail = True
+
+ if fail:
+ exit(1)
+
+ if args.check:
+ exit(0)
+
if args.report:
users = []
for c, arv in clusters.items():
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list