[ARVADOS] updated: 1.3.0-2971-gda7a2e35f

Tue Nov 10 14:37:41 UTC 2020

Summary of changes:
 lib/boot/nginx.go      |  4 ++--
 lib/boot/supervisor.go | 41 +++++++++++++++++++++--------------------
 2 files changed, 23 insertions(+), 22 deletions(-)

  discards  21ce993258db6724a946d646207eec5012925618 (commit)
  discards  8fedd6362dd97202b938bcfa3832e4bb1b3770dc (commit)
       via  da7a2e35f1c53a64a360c66db0c260a9ab2190f2 (commit)
       via  0b6013ac5520b7508474705d654f1384994d10e5 (commit)

This update added new revisions after undoing existing revisions.  That is
to say, the old revision is not a strict subset of the new revision.  This
situation occurs when you --force push a change and generate a repository
containing something like this:

 * -- * -- B -- O -- O -- O (21ce993258db6724a946d646207eec5012925618)
            \
             N -- N -- N (da7a2e35f1c53a64a360c66db0c260a9ab2190f2)

When this happens we assume that you've already had alert emails for all
of the O revisions, and so we here report only the revisions in the N
branch from the common base, B.

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.


commit da7a2e35f1c53a64a360c66db0c260a9ab2190f2
Author: Ward Vandewege <ward at curii.com>
Date:   Mon Nov 9 15:57:47 2020 -0500

    16306: in cmd/arvados-dev/docker-build-install.sh, make sure nginx is
           configured to listen on all IPs.
    
    Arvados-DCO-1.1-Signed-off-by: Ward Vandewege <ward at curii.com>

diff --git a/cmd/arvados-dev/docker-build-install.sh b/cmd/arvados-dev/docker-build-install.sh
index 78b08d7dc..ff514a3b6 100755
--- a/cmd/arvados-dev/docker-build-install.sh
+++ b/cmd/arvados-dev/docker-build-install.sh
@@ -125,4 +125,4 @@ docker run -it --rm \
        -v /tmp/pkg:/pkg:ro \
        -v ${sourcesfile}:/etc/apt/sources.list.d/arvados-local.list:ro \
        "${installimage}" \
-       bash -c 'apt update && DEBIAN_FRONTEND=noninteractive apt install --reinstall -y arvados-server-easy postgresql && /etc/init.d/postgresql start && /var/lib/arvados/bin/arvados-server init -cluster-id x1234 && /var/lib/arvados/bin/arvados-server boot'
+       bash -c 'apt update && DEBIAN_FRONTEND=noninteractive apt install --reinstall -y arvados-server-easy postgresql && /etc/init.d/postgresql start && /var/lib/arvados/bin/arvados-server init -cluster-id x1234 && /var/lib/arvados/bin/arvados-server boot -listen-host 0.0.0.0'

commit 0b6013ac5520b7508474705d654f1384994d10e5
Author: Ward Vandewege <ward at curii.com>
Date:   Mon Nov 9 13:23:35 2020 -0500

    16306: Make sure that the non-passenger nginx process runs as the
    www-data user, not the default 'nobody' user. Make sure that process
    uses the wwwtmp directory as its temp directory. Make sure that
    arvados-boot in production mode uses /etc/arvados/config.yml.
    
    Arvados-DCO-1.1-Signed-off-by: Ward Vandewege <ward at curii.com>

diff --git a/lib/boot/nginx.go b/lib/boot/nginx.go
index b11d9fd49..07ff1fc1d 100644
--- a/lib/boot/nginx.go
+++ b/lib/boot/nginx.go
@@ -37,7 +37,7 @@ func (runNginx) Run(ctx context.Context, fail func(error), super *Supervisor) er
 		"SSLKEY":     filepath.Join(super.tempdir, "server.key"),
 		"ACCESSLOG":  filepath.Join(super.tempdir, "nginx_access.log"),
 		"ERRORLOG":   filepath.Join(super.tempdir, "nginx_error.log"),
-		"TMPDIR":     super.tempdir,
+		"TMPDIR":     super.wwwtempdir,
 	}
 	for _, cmpt := range []struct {
 		varname string
@@ -105,7 +105,7 @@ func (runNginx) Run(ctx context.Context, fail func(error), super *Supervisor) er
 		defer super.waitShutdown.Done()
 		fail(super.RunProgram(ctx, ".", nil, nil, nginx,
 			"-g", "error_log stderr info;",
-			"-g", "pid "+filepath.Join(super.tempdir, "nginx.pid")+";",
+			"-g", "user www-data; pid "+filepath.Join(super.wwwtempdir, "nginx.pid")+";",
 			"-c", conffile))
 	}()
 	// Choose one of the ports where Nginx should listen, and wait
diff --git a/lib/boot/supervisor.go b/lib/boot/supervisor.go
index 51f5c8bfd..417f09d23 100644
--- a/lib/boot/supervisor.go
+++ b/lib/boot/supervisor.go
@@ -143,6 +143,7 @@ func (super *Supervisor) run(cfg *arvados.Config) error {
 		super.tempdir = "/var/lib/arvados/tmp"
 		super.wwwtempdir = "/var/lib/arvados/wwwtmp"
 		super.bindir = "/var/lib/arvados/bin"
+		super.configfile = "/etc/arvados/config.yml"
 	} else {
 		super.tempdir, err = ioutil.TempDir("", "arvados-server-boot-")
 		if err != nil {
@@ -154,28 +155,28 @@ func (super *Supervisor) run(cfg *arvados.Config) error {
 		if err := os.Mkdir(super.bindir, 0755); err != nil {
 			return err
 		}
-	}
 
-	// Fill in any missing config keys, and write the resulting
-	// config in the temp dir for child services to use.
-	err = super.autofillConfig(cfg)
-	if err != nil {
-		return err
-	}
-	conffile, err := os.OpenFile(filepath.Join(super.tempdir, "config.yml"), os.O_CREATE|os.O_WRONLY, 0644)
-	if err != nil {
-		return err
-	}
-	defer conffile.Close()
-	err = json.NewEncoder(conffile).Encode(cfg)
-	if err != nil {
-		return err
-	}
-	err = conffile.Close()
-	if err != nil {
-		return err
+		// Fill in any missing config keys, and write the resulting
+		// config in the temp dir for child services to use.
+		err = super.autofillConfig(cfg)
+		if err != nil {
+			return err
+		}
+		conffile, err := os.OpenFile(filepath.Join(super.tempdir, "config.yml"), os.O_CREATE|os.O_WRONLY, 0644)
+		if err != nil {
+			return err
+		}
+		defer conffile.Close()
+		err = json.NewEncoder(conffile).Encode(cfg)
+		if err != nil {
+			return err
+		}
+		err = conffile.Close()
+		if err != nil {
+			return err
+		}
+		super.configfile = conffile.Name()
 	}
-	super.configfile = conffile.Name()
 
 	super.environ = os.Environ()
 	super.cleanEnv([]string{"ARVADOS_"})

-----------------------------------------------------------------------


hooks/post-receive
-- 


