[ARVADOS] updated: 2.1.0-485-g1e67d66fd

Git user git at public.arvados.org
Fri Apr 16 22:11:42 UTC 2021


Summary of changes:
 tools/salt-install/.gitignore                      |   2 +
 tools/salt-install/Vagrantfile                     | 150 +++++++++++----------
 .../multiple_hostnames/pillars/arvados.sls         |   6 +-
 .../states/host_entries.sls                        |   6 +-
 .../states/snakeoil_certs.sls                      |  18 +--
 .../single_hostname/pillars/arvados.sls            |   7 +-
 .../single_hostname/pillars/postgresql.sls         |   2 +-
 .../single_hostname/states/host_entries.sls        |   5 +-
 .../single_hostname/states/snakeoil_certs.sls      |   8 +-
 ...stnames => local.params.example.multiple_hosts} |  58 ++++----
 ...l.params.example.single_host_multiple_hostnames |  31 ++---
 ...ocal.params.example.single_host_single_hostname |  31 ++---
 tools/salt-install/provision.sh                    |  32 ++++-
 13 files changed, 192 insertions(+), 164 deletions(-)
 create mode 100644 tools/salt-install/.gitignore
 copy tools/salt-install/config_examples/single_host/{single_hostname => multiple_hostnames}/states/host_entries.sls (87%)
 copy tools/salt-install/config_examples/single_host/{single_hostname => multiple_hostnames}/states/snakeoil_certs.sls (92%)
 copy tools/salt-install/{local.params.example.single_host_multiple_hostnames => local.params.example.multiple_hosts} (70%)

       via  1e67d66fd6df5d0299cdf2d3735023c1d68ce89b (commit)
       via  8a5388bba6ce2342495e62176cff0b10ecc94036 (commit)
       via  317c18d0c4405a59d913d8c5c32189223b752096 (commit)
       via  cd391a3bc3f2dc63e2f97bf7a6180c40c771c837 (commit)
       via  895072918d1326f83f73cad4f532aa4471bfe4c2 (commit)
       via  13e45cca55ed8919b64071fdcd61c116ccae8131 (commit)
       via  f47b71a433e656f70c2d1e09c493446d112b0177 (commit)
       via  cf249360d8533e35612ab8e8ec0d5da831ebf48e (commit)
       via  4c4af3ff971cf0eef521b9be0b8e08f685e7fd36 (commit)
       via  c281c35395ae31135687be23a9b8ca26485a83e1 (commit)
       via  5fe88faee0519fbec09b372d2323da3fe3ccb00b (commit)
       via  77da50d7dbcf00394545d8a0c2acea0c3311ec53 (commit)
       via  9f1a7c27ae16a2e77325f72b8695cfe89cab70ae (commit)
       via  f5ed56bfd9ff9282ee8e65e552b491b7fe088f8b (commit)
      from  675a683db2d878c5336f9f8c21d91e79dfe7a57e (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.


commit 1e67d66fd6df5d0299cdf2d3735023c1d68ce89b
Author: Javier Bértoli <jbertoli at curii.com>
Date:   Fri Apr 16 19:05:34 2021 -0300

    refactor(provision): add snakeoil certs in single host multiple hostnames
    
    We could use the example states in the formula, but added them here
    for the sake of completeness
    
    refs #17246
    Arvados-DCO-1.1-Signed-off-by: Javier Bértoli <jbertoli at curii.com>

diff --git a/tools/salt-install/config_examples/single_host/multiple_hostnames/states/snakeoil_certs.sls b/tools/salt-install/config_examples/single_host/multiple_hostnames/states/snakeoil_certs.sls
new file mode 100644
index 000000000..466d41d42
--- /dev/null
+++ b/tools/salt-install/config_examples/single_host/multiple_hostnames/states/snakeoil_certs.sls
@@ -0,0 +1,158 @@
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: AGPL-3.0
+
+{%- set curr_tpldir = tpldir %}
+{%- set tpldir = 'arvados' %}
+{%- from "arvados/map.jinja" import arvados with context %}
+{%- set tpldir = curr_tpldir %}
+
+{%- set arvados_ca_cert_file = '/etc/ssl/certs/arvados-snakeoil-ca.pem' %}
+{%- set arvados_ca_key_file = '/etc/ssl/private/arvados-snakeoil-ca.key' %}
+{%- set arvados_cert_file = '/etc/ssl/certs/arvados-snakeoil-cert.pem' %}
+{%- set arvados_csr_file = '/etc/ssl/private/arvados-snakeoil-cert.csr' %}
+{%- set arvados_key_file = '/etc/ssl/private/arvados-snakeoil-cert.key' %}
+
+{%- if grains.get('os_family') == 'Debian' %}
+  {%- set arvados_ca_cert_dest = '/usr/local/share/ca-certificates/arvados-snakeoil-ca.crt' %}
+  {%- set update_ca_cert = '/usr/sbin/update-ca-certificates' %}
+  {%- set openssl_conf = '/etc/ssl/openssl.cnf' %}
+{%- else %}
+  {%- set arvados_ca_cert_dest = '/etc/pki/ca-trust/source/anchors/arvados-snakeoil-ca.pem' %}
+  {%- set update_ca_cert = '/usr/bin/update-ca-trust' %}
+  {%- set openssl_conf = '/etc/pki/tls/openssl.cnf' %}
+{%- endif %}
+
+arvados_test_salt_states_examples_single_host_snakeoil_certs_dependencies_pkg_installed:
+  pkg.installed:
+    - pkgs:
+      - openssl
+      - ca-certificates
+
+arvados_test_salt_states_examples_single_host_snakeoil_certs_arvados_snake_oil_ca_cmd_run:
+  # Taken from https://github.com/arvados/arvados/blob/master/tools/arvbox/lib/arvbox/docker/service/certificate/run
+  cmd.run:
+    - name: |
+        # These dirs are not to CentOS-ish, but this is a helper script
+        # and they should be enough
+        mkdir -p /etc/ssl/certs/ /etc/ssl/private/ && \
+        openssl req \
+          -new \
+          -nodes \
+          -sha256 \
+          -x509 \
+          -subj "/C=CC/ST=Some State/O=Arvados Formula/OU=arvados-formula/CN=snakeoil-ca-{{ arvados.cluster.name }}.{{ arvados.cluster.domain }}" \
+          -extensions x509_ext \
+          -config <(cat {{ openssl_conf }} \
+                  <(printf "\n[x509_ext]\nbasicConstraints=critical,CA:true,pathlen:0\nkeyUsage=critical,keyCertSign,cRLSign")) \
+          -out {{ arvados_ca_cert_file }} \
+          -keyout {{ arvados_ca_key_file }} \
+          -days 365 && \
+        cp {{ arvados_ca_cert_file }} {{ arvados_ca_cert_dest }} && \
+        {{ update_ca_cert }}
+    - unless:
+      - test -f {{ arvados_ca_cert_file }}
+      - openssl verify -CAfile {{ arvados_ca_cert_file }} {{ arvados_ca_cert_file }}
+    - require:
+      - pkg: arvados_test_salt_states_examples_single_host_snakeoil_certs_dependencies_pkg_installed
+
+arvados_test_salt_states_examples_single_host_snakeoil_certs_arvados_snake_oil_cert_cmd_run:
+  cmd.run:
+    - name: |
+        cat > /tmp/openssl.cnf <<-CNF
+        [req]
+        default_bits = 2048
+        prompt = no
+        default_md = sha256
+        req_extensions = rext
+        distinguished_name = dn
+        [dn]
+        C   = CC
+        ST  = Some State
+        L   = Some Location
+        O   = Arvados Formula
+        OU  = arvados-formula
+        CN  = {{ arvados.cluster.name }}.{{ arvados.cluster.domain }}
+        emailAddress = admin@{{ arvados.cluster.name }}.{{ arvados.cluster.domain }}
+        [rext]
+        subjectAltName = @alt_names
+        [alt_names]
+        {%- for entry in grains.get('ipv4') %}
+        IP.{{ loop.index }} = {{ entry }}
+        {%- endfor %}
+        {%- for entry in [
+            'keep',
+            'collections',
+            'download',
+            'ws',
+            'workbench',
+            'workbench2',
+          ]
+        %}
+        DNS.{{ loop.index }} = {{ entry }}.{{ arvados.cluster.name }}.{{ arvados.cluster.domain }}
+        {%- endfor %}
+        DNS.7 = {{ arvados.cluster.name }}.{{ arvados.cluster.domain }}
+        CNF
+
+        # The req
+        openssl req \
+          -config /tmp/openssl.cnf \
+          -new \
+          -nodes \
+          -sha256 \
+          -out {{ arvados_csr_file }} \
+          -keyout {{ arvados_key_file }} > /tmp/snake_oil_certs.output 2>&1 && \
+        # The cert
+        openssl x509 \
+          -req \
+          -days 365 \
+          -in {{ arvados_csr_file }} \
+          -out {{ arvados_cert_file }} \
+          -extfile /tmp/openssl.cnf \
+          -extensions rext \
+          -CA {{ arvados_ca_cert_file }} \
+          -CAkey {{ arvados_ca_key_file }} \
+          -set_serial $(date +%s) && \
+        chmod 0644 {{ arvados_cert_file }} && \
+        chmod 0640 {{ arvados_key_file }}
+    - unless:
+      - test -f {{ arvados_key_file }}
+      - openssl verify -CAfile {{ arvados_ca_cert_file }} {{ arvados_cert_file }}
+    - require:
+      - pkg: arvados_test_salt_states_examples_single_host_snakeoil_certs_dependencies_pkg_installed
+      - cmd: arvados_test_salt_states_examples_single_host_snakeoil_certs_arvados_snake_oil_ca_cmd_run
+
+{%- if grains.get('os_family') == 'Debian' %}
+arvados_test_salt_states_examples_single_host_snakeoil_certs_ssl_cert_pkg_installed:
+  pkg.installed:
+    - name: ssl-cert
+    - require_in:
+      - sls: postgres
+
+arvados_test_salt_states_examples_single_host_snakeoil_certs_certs_permissions_cmd_run:
+  cmd.run:
+    - name: |
+        chown root:ssl-cert {{ arvados_key_file }}
+    - require:
+      - cmd: arvados_test_salt_states_examples_single_host_snakeoil_certs_arvados_snake_oil_cert_cmd_run
+      - pkg: arvados_test_salt_states_examples_single_host_snakeoil_certs_ssl_cert_pkg_installed
+{%- endif %}
+
+arvados_test_salt_states_examples_single_host_snakeoil_certs_nginx_snakeoil_file_managed:
+  file.managed:
+    - name: /etc/nginx/snippets/arvados-snakeoil.conf
+    - contents: |
+        ssl_certificate {{ arvados_cert_file }};
+        ssl_certificate_key {{ arvados_key_file }};
+    - watch_in:
+      - service: nginx_service
+    - require:
+      - pkg: passenger_install
+      - cmd: arvados_test_salt_states_examples_single_host_snakeoil_certs_certs_permissions_cmd_run
+    - require_in:
+      - file: nginx_config
+      - service: nginx_service
+    - watch_in:
+      - service: nginx_service
+
+

commit 8a5388bba6ce2342495e62176cff0b10ecc94036
Author: Javier Bértoli <jbertoli at curii.com>
Date:   Fri Apr 16 19:02:27 2021 -0300

    docs(provision): improve the documentation in the examples
    
    refs #17246
    Arvados-DCO-1.1-Signed-off-by: Javier Bértoli <jbertoli at curii.com>

diff --git a/tools/salt-install/local.params.example.multiple_hosts b/tools/salt-install/local.params.example.multiple_hosts
index a476decc1..ffe60baec 100644
--- a/tools/salt-install/local.params.example.multiple_hosts
+++ b/tools/salt-install/local.params.example.multiple_hosts
@@ -5,20 +5,12 @@
 
 # These are the basic parameters to configure the installation
 
-# The 5 letters name you want to give your cluster
-CLUSTER="fixme"
+# The FIVE ALPHANUMERIC CHARACTERS name you want to give your cluster
+CLUSTER="cluster_fixme_or_this_wont_work"
 
 # The domainname you want tou give to your cluster's hosts
-DOMAIN="some.domain"
+DOMAIN="domain_fixme_or_this_wont_work"
 
-# When setting the cluster in a single host, you can use a single hostname
-# to access all the instances. When using virtualization (ie AWS), this should be
-# the EXTERNAL/PUBLIC hostname for the instance.
-# If empty, the INTERNAL HOST IP will be used
-HOSTNAME_EXT=""
-# The internal hostname for the host. In the example files, only used in the
-# single_host/single_hostname example
-HOSTNAME_INT="127.0.1.1"
 # Host SSL port where you want to point your browser to access Arvados
 # Defaults to 443 for regular runs, and to 8443 when called in Vagrant.
 # You can point it to another port if desired
@@ -51,7 +43,8 @@ INITIAL_USER_PASSWORD="password"
 
 # If not specified, the initial user email will be composed as
 # INITIAL_USER at CLUSTER.DOMAIN
-INITIAL_USER_EMAIL="admin at fixme.some.domain"
+INITIAL_USER_EMAIL="admin at cluster_fixme_or_this_wont_work.domain_fixme_or_this_wont_work"
+INITIAL_USER_PASSWORD="password"
 
 # YOU SHOULD CHANGE THESE TO SOME RANDOM STRINGS
 BLOB_SIGNING_KEY=blobsigningkeymushaveatleast32characters
@@ -71,14 +64,9 @@ DATABASE_PASSWORD=please_set_this_to_some_secure_value
 USE_LETSENCRYPT="yes"
 
 # The directory to check for the config files (pillars, states) you want to use.
-# There are a few examples under 'config_examples'. If you don't change this
-# variable, the single_host, multiple_hostnames config will be used
-# CONFIG_DIR="config_examples/single_host/single_hostname"
-CONFIG_DIR="config_examples/multi_host/aws"
+# There are a few examples under 'config_examples'.
+# CONFIG_DIR="local_config_dir"
 # Extra states to apply. If you use your own subdir, change this value accordingly
-EXTRA_STATES_DIR="${CONFIG_DIR}/states"
-
-# When using the single_host/single_hostname example, change to this one
 # EXTRA_STATES_DIR="${CONFIG_DIR}/states"
 
 # Which release of Arvados repo you want to use
@@ -90,7 +78,7 @@ VERSION="latest"
 # This is an arvados-formula setting.
 # If branch is set, the script will switch to it before running salt
 # Usually not needed, only used for testing
-BRANCH="master"
+# BRANCH="master"
 
 ##########################################################
 # Usually there's no need to modify things below this line
diff --git a/tools/salt-install/local.params.example.single_host_multiple_hostnames b/tools/salt-install/local.params.example.single_host_multiple_hostnames
index 73630defc..929159259 100644
--- a/tools/salt-install/local.params.example.single_host_multiple_hostnames
+++ b/tools/salt-install/local.params.example.single_host_multiple_hostnames
@@ -11,14 +11,6 @@ CLUSTER="cluster_fixme_or_this_wont_work"
 # The domainname you want tou give to your cluster's hosts
 DOMAIN="domain_fixme_or_this_wont_work"
 
-# When setting the cluster in a single host, you can use a single hostname
-# to access all the instances. When using virtualization (ie AWS), this should be
-# the EXTERNAL/PUBLIC hostname for the instance.
-# If empty, the INTERNAL HOST IP will be used
-HOSTNAME_EXT=""
-# The internal hostname for the host. In the example files, only used in the
-# single_host/single_hostname example
-HOSTNAME_INT="127.0.1.1"
 # Host SSL port where you want to point your browser to access Arvados
 # Defaults to 443 for regular runs, and to 8443 when called in Vagrant.
 # You can point it to another port if desired
@@ -57,13 +49,10 @@ DATABASE_PASSWORD=please_set_this_to_some_secure_value
 USE_LETSENCRYPT="no"
 
 # The directory to check for the config files (pillars, states) you want to use.
-# There are a few examples under 'config_examples'. If you don't change this
-# variable, the single_host, multiple_hostnames config will be used
-# CONFIG_DIR="config_examples/single_host/single_hostname"
-CONFIG_DIR="local_config_dir"
+# There are a few examples under 'config_examples'.
+# CONFIG_DIR="local_config_dir"
 # Extra states to apply. If you use your own subdir, change this value accordingly
-# This is the value for the single_host/multiple_hostnames example
-EXTRA_STATES_DIR="${F_DIR}/arvados-formula/test/salt/states/examples/single_host"
+# EXTRA_STATES_DIR="${CONFIG_DIR}/states"
 
 # Which release of Arvados repo you want to use
 RELEASE="production"
@@ -74,7 +63,7 @@ VERSION="latest"
 # This is an arvados-formula setting.
 # If branch is set, the script will switch to it before running salt
 # Usually not needed, only used for testing
-BRANCH="master"
+# BRANCH="master"
 
 ##########################################################
 # Usually there's no need to modify things below this line

commit 317c18d0c4405a59d913d8c5c32189223b752096
Author: Javier Bértoli <jbertoli at curii.com>
Date:   Fri Apr 16 19:01:12 2021 -0300

    refactor(provision): add host entries in single host multiple hostnames
    
    We could use the example states in the formula, but added them here
    for the sake of completeness
    
    refs #17246
    Arvados-DCO-1.1-Signed-off-by: Javier Bértoli <jbertoli at curii.com>

diff --git a/tools/salt-install/config_examples/single_host/multiple_hostnames/states/host_entries.sls b/tools/salt-install/config_examples/single_host/multiple_hostnames/states/host_entries.sls
index 53a9148cc..379f4765c 100644
--- a/tools/salt-install/config_examples/single_host/multiple_hostnames/states/host_entries.sls
+++ b/tools/salt-install/config_examples/single_host/multiple_hostnames/states/host_entries.sls
@@ -29,6 +29,7 @@ arvados_test_salt_states_examples_single_host_etc_hosts_host_present:
         ]
       %}
       - {{ entry }}
+      - {{ entry }}.internal
       - {{ entry }}.{{ arvados.cluster.name }}.{{ arvados.cluster.domain }}
       {%- endfor %}
     - require_in:

commit cd391a3bc3f2dc63e2f97bf7a6180c40c771c837
Author: Javier Bértoli <jbertoli at curii.com>
Date:   Fri Apr 16 19:00:07 2021 -0300

    chore(provision): enable both examples in vagrant
    
    refs #17246
    Arvados-DCO-1.1-Signed-off-by: Javier Bértoli <jbertoli at curii.com>

diff --git a/tools/salt-install/Vagrantfile b/tools/salt-install/Vagrantfile
index 809f0261c..3019a9fb1 100644
--- a/tools/salt-install/Vagrantfile
+++ b/tools/salt-install/Vagrantfile
@@ -11,74 +11,83 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
   config.ssh.insert_key = false
   config.ssh.forward_x11 = true
 
-##   # A single_host multiple_hostnames example
-##   config.vm.define "arvados-sh-mn" do |arv|
-##     arv.vm.box = "bento/debian-10"
-##     arv.vm.hostname = "harpo"
-##     # CPU/RAM
-##     config.vm.provider :virtualbox do |v|
-##       v.memory = 2048
-##       v.cpus = 2
-##     end
-##
-##     # Networking
-##     # WEBUI PORT
-##     arv.vm.network "forwarded_port", guest: 8443, host: 8443
-##     # KEEPPROXY
-##     arv.vm.network "forwarded_port", guest: 25101, host: 25101
-##     # KEEPWEB
-##     arv.vm.network "forwarded_port", guest: 9002, host: 9002
-##     # WEBSOCKET
-##     arv.vm.network "forwarded_port", guest: 8002, host: 8002
-##     arv.vm.provision "shell",
-##                      inline: "sed 's#cluster_fixme_or_this_wont_work#harpo#g;
-##                                    s#domain_fixme_or_this_wont_work#local#g;
-##                                    s#CONTROLLER_EXT_SSL_PORT=443#CONTROLLER_EXT_SSL_PORT=8443#g' \
-##                                    /vagrant/local.params.example.single_host_multiple_hostnames > /tmp/local.params.single_host_multiple_hostnames"
-##                                    # s#production#development#g;
-##     arv.vm.provision "shell",
-##                      path: "provision.sh",
-##                      args: [
-##                        # "--debug",
-##                        "--config /tmp/local.params.single_host_multiple_hostnames",
-##                        "--test",
-##                        "--vagrant"
-##                      ].join(" ")
-##   end
+   # A single_host multiple_hostnames example
+   config.vm.define "arvados-sh-mn" do |arv|
+     arv.vm.box = "bento/debian-10"
+     arv.vm.hostname = "harpo"
+     # CPU/RAM
+     config.vm.provider :virtualbox do |v|
+       v.memory = 2048
+       v.cpus = 2
+     end
 
-  # A single_host single_hostname example
-  config.vm.define "arvados-sh-sn" do |arv|
-    arv.vm.box = "bento/debian-10"
-    arv.vm.hostname = "zeppo"
-    # CPU/RAM
-    config.vm.provider :virtualbox do |v|
-      v.memory = 2048
-      v.cpus = 2
-    end
+     # Networking
+     # WEBUI PORT
+     arv.vm.network "forwarded_port", guest: 8443, host: 8443
+     # KEEPPROXY
+     arv.vm.network "forwarded_port", guest: 25101, host: 25101
+     # KEEPWEB
+     arv.vm.network "forwarded_port", guest: 9002, host: 9002
+     # WEBSOCKET
+     arv.vm.network "forwarded_port", guest: 8002, host: 8002
+     arv.vm.provision "shell",
+                      inline: "cp -vr /vagrant/config_examples/single_host/multiple_hostnames /home/vagrant/local_config_dir;
+                               cp -vr /vagrant/tests /home/vagrant/tests;
+                               sed 's#cluster_fixme_or_this_wont_work#harpo#g;
+                                    s#domain_fixme_or_this_wont_work#local#g;
+                                    s/#\ BRANCH=\"master\"/\ BRANCH=\"master\"/g;
+                                    s#CONTROLLER_EXT_SSL_PORT=443#CONTROLLER_EXT_SSL_PORT=8443#g' \
+                                    /vagrant/local.params.example.single_host_multiple_hostnames > /tmp/local.params.single_host_multiple_hostnames"
+     arv.vm.provision "shell",
+                      path: "provision.sh",
+                      args: [
+                        # "--debug",
+                        "--config /tmp/local.params.single_host_multiple_hostnames",
+                        "--test",
+                        "--vagrant"
+                      ].join(" ")
+   end
 
-    # Networking
-    arv.vm.network "forwarded_port", guest: 9443, host: 9443
-    arv.vm.network "forwarded_port", guest: 9444, host: 9444
-    arv.vm.network "forwarded_port", guest: 9445, host: 9445
-    arv.vm.network "forwarded_port", guest: 35101, host: 35101
-    arv.vm.network "forwarded_port", guest: 10002, host: 10002
-    arv.vm.network "forwarded_port", guest: 14202, host: 14202
-    arv.vm.network "forwarded_port", guest: 18002, host: 18002
-    arv.vm.provision "shell",
-                     inline: "cp -vr /vagrant/config_examples/single_host/single_hostname /home/vagrant/local_config_dir;
-                              cp -vr /vagrant/tests /home/vagrant/tests;
-                              sed 's#HOSTNAME_EXT=\"\"#HOSTNAME_EXT=\"zeppo.local\"#g;
-                                   s#cluster_fixme_or_this_wont_work#zeppo#g;
-                                   s/#\ BRANCH=\"master\"/\ BRANCH=\"master\"/g;
-                                   s#domain_fixme_or_this_wont_work#local#g;' \
-                                   /vagrant/local.params.example.single_host_single_hostname > /tmp/local.params.single_host_single_hostname"
-    arv.vm.provision "shell",
-                     path: "provision.sh",
-                     args: [
-                       # "--debug",
-                       "--config /tmp/local.params.single_host_single_hostname",
-                       "--test",
-                       "--vagrant"
-                     ].join(" ")
-  end
+   # A single_host single_hostname example
+   config.vm.define "arvados-sh-sn" do |arv|
+     arv.vm.box = "bento/debian-10"
+     arv.vm.hostname = "zeppo"
+     # CPU/RAM
+     config.vm.provider :virtualbox do |v|
+       v.memory = 2048
+       v.cpus = 2
+     end
+ 
+     # Networking
+     # WEBUI PORT
+     arv.vm.network "forwarded_port", guest: 9443, host: 9443
+     # WORKBENCH1
+     arv.vm.network "forwarded_port", guest: 9444, host: 9444
+     # WORKBENCH2
+     arv.vm.network "forwarded_port", guest: 9445, host: 9445
+     # KEEPPROXY
+     arv.vm.network "forwarded_port", guest: 35101, host: 35101
+     # KEEPWEB
+     arv.vm.network "forwarded_port", guest: 11002, host: 11002
+     # WEBSHELL
+     arv.vm.network "forwarded_port", guest: 14202, host: 14202
+     # WEBSOCKET
+     arv.vm.network "forwarded_port", guest: 18002, host: 18002
+     arv.vm.provision "shell",
+                      inline: "cp -vr /vagrant/config_examples/single_host/single_hostname /home/vagrant/local_config_dir;
+                               cp -vr /vagrant/tests /home/vagrant/tests;
+                               sed 's#HOSTNAME_EXT=\"\"#HOSTNAME_EXT=\"zeppo.local\"#g;
+                                    s#cluster_fixme_or_this_wont_work#zeppo#g;
+                                    s/#\ BRANCH=\"master\"/\ BRANCH=\"master\"/g;
+                                    s#domain_fixme_or_this_wont_work#local#g;' \
+                                    /vagrant/local.params.example.single_host_single_hostname > /tmp/local.params.single_host_single_hostname"
+     arv.vm.provision "shell",
+                      path: "provision.sh",
+                      args: [
+                        # "--debug",
+                        "--config /tmp/local.params.single_host_single_hostname",
+                        "--test",
+                        "--vagrant"
+                      ].join(" ")
+   end
 end

commit 895072918d1326f83f73cad4f532aa4471bfe4c2
Author: Javier Bértoli <jbertoli at curii.com>
Date:   Fri Apr 16 16:09:13 2021 -0300

    docs(provision): explain options in config examples
    
    refs #17246
    Arvados-DCO-1.1-Signed-off-by: Javier Bértoli <jbertoli at curii.com>

diff --git a/tools/salt-install/local.params.example.single_host_single_hostname b/tools/salt-install/local.params.example.single_host_single_hostname
index 0bc96e3e1..ffdb9ecc4 100644
--- a/tools/salt-install/local.params.example.single_host_single_hostname
+++ b/tools/salt-install/local.params.example.single_host_single_hostname
@@ -11,10 +11,11 @@ CLUSTER="cluster_fixme_or_this_wont_work"
 # The domainname you want tou give to your cluster's hosts
 DOMAIN="domain_fixme_or_this_wont_work"
 
-# When setting the cluster in a single host, you can use a single hostname
-# to access all the instances. When using virtualization (ie AWS), this should be
+# Set this value when installing a cluster in a single host with a single hostname
+# to access all the instances. Not used in the other examples.
+# When using virtualization (ie AWS), this should be
 # the EXTERNAL/PUBLIC hostname for the instance.
-# If empty, the INTERNAL HOST IP will be used
+# If empty, ${CLUSTER}.${DOMAIN} will be used
 HOSTNAME_EXT=""
 # The internal hostname for the host. In the example files, only used in the
 # single_host/single_hostname example
@@ -57,16 +58,10 @@ DATABASE_PASSWORD=please_set_this_to_some_secure_value
 USE_LETSENCRYPT="no"
 
 # The directory to check for the config files (pillars, states) you want to use.
-# There are a few examples under 'config_examples'. If you don't change this
-# variable, the single_host, multiple_hostnames config will be used
-# CONFIG_DIR="config_examples/single_host/single_hostname"
-CONFIG_DIR="local_config_dir"
+# There are a few examples under 'config_examples'.
+# CONFIG_DIR="local_config_dir"
 # Extra states to apply. If you use your own subdir, change this value accordingly
-# This is the value for the single_host/multiple_hostnames example
-# EXTRA_STATES_DIR="${F_DIR}/arvados-formula/test/salt/states/examples/single_host"
-
-# When using the single_host/single_hostname example, change to this one
-EXTRA_STATES_DIR="${CONFIG_DIR}/states"
+# EXTRA_STATES_DIR="${CONFIG_DIR}/states"
 
 # Which release of Arvados repo you want to use
 RELEASE="production"

commit 13e45cca55ed8919b64071fdcd61c116ccae8131
Author: Javier Bértoli <jbertoli at curii.com>
Date:   Fri Apr 16 16:07:57 2021 -0300

    feat(provision): add some checks before run
    
    refs #17246
    Arvados-DCO-1.1-Signed-off-by: Javier Bértoli <jbertoli at curii.com>

diff --git a/tools/salt-install/provision.sh b/tools/salt-install/provision.sh
index 81abc257f..c98faced1 100755
--- a/tools/salt-install/provision.sh
+++ b/tools/salt-install/provision.sh
@@ -100,7 +100,7 @@ arguments() {
 }
 
 CONFIG_FILE="${SCRIPT_DIR}/local.params"
-CONFIG_DIR="config_examples/single_host/multiple_hostnames"
+CONFIG_DIR="local_config_dir"
 LOG_LEVEL="info"
 CONTROLLER_EXT_SSL_PORT=443
 TESTS_DIR="tests"
@@ -130,7 +130,7 @@ RELEASE="production"
 VERSION="latest"
 
 # Formulas versions
-ARVADOS_TAG="v.1.1.4"
+ARVADOS_TAG="v1.1.4"
 POSTGRES_TAG="v0.41.6"
 NGINX_TAG="temp-fix-missing-statements-in-pillar"
 DOCKER_TAG="v1.0.0"
@@ -156,6 +156,13 @@ else
   exit 1
 fi
 
+if [ ! -d ${CONFIG_DIR} ]; then
+  echo >&2 "Please create a '${CONFIG_DIR}' with initial values, as described in"
+  echo >&2 "  * https://doc.arvados.org/install/salt-single-host.html#single_host, or"
+  echo >&2 "  * https://doc.arvados.org/install/salt-multi-host.html#multi_host_multi_hostnames"
+  exit 1
+fi
+
 if grep -q 'fixme_or_this_wont_work' ${CONFIG_FILE} ; then
   echo >&2 "The config file ${CONFIG_FILE} has some parameters that need to be modified."
   echo >&2 "Please, fix them and re-run the provision script."
@@ -168,6 +175,11 @@ if ! grep -E '^[[:alnum:]]{5}$' <<<${CLUSTER} ; then
   exit 1
 fi
 
+# Only used in single_host/single_name deploys
+if [ "x${HOSTNAME_EXT}" = "x" ] ; then
+  HOSTNAME_EXT="${CLUSTER}.${DOMAIN}"
+fi
+
 apt-get update
 apt-get install -y curl git jq
 
@@ -213,9 +225,11 @@ if [ "x${BRANCH}" != "x" ]; then
 fi
 
 if [ "x${VAGRANT}" = "xyes" ]; then
-  SOURCE_PILLARS_DIR="/vagrant/${CONFIG_DIR}/pillars"
-  SOURCE_TESTS_DIR="/vagrant/${TESTS_DIR}"
+  EXTRA_STATES_DIR="/home/vagrant/${CONFIG_DIR}/states"
+  SOURCE_PILLARS_DIR="/home/vagrant/${CONFIG_DIR}/pillars"
+  SOURCE_TESTS_DIR="/home/vagrant/${TESTS_DIR}"
 else
+  EXTRA_STATES_DIR="${SCRIPT_DIR}/${CONFIG_DIR}/states"
   SOURCE_PILLARS_DIR="${SCRIPT_DIR}/${CONFIG_DIR}/pillars"
   SOURCE_TESTS_DIR="${SCRIPT_DIR}/${TESTS_DIR}"
 fi
@@ -224,6 +238,10 @@ SOURCE_STATES_DIR="${EXTRA_STATES_DIR}"
 
 # Replace variables (cluster,  domain, etc) in the pillars, states and tests
 # to ease deployment for newcomers
+if [ ! -d "${SOURCE_PILLARS_DIR}" ]; then
+  echo "${SOURCE_PILLARS_DIR} does not exist or is not a directory. Exiting."
+  exit 1
+fi
 for f in "${SOURCE_PILLARS_DIR}"/*; do
   sed "s#__ANONYMOUS_USER_TOKEN__#${ANONYMOUS_USER_TOKEN}#g;
        s#__BLOB_SIGNING_KEY__#${BLOB_SIGNING_KEY}#g;
@@ -261,6 +279,10 @@ for f in "${SOURCE_PILLARS_DIR}"/*; do
   "${f}" > "${P_DIR}"/$(basename "${f}")
 done
 
+if [ "x${TEST}" = "xyes" ] && [ ! -d "${SOURCE_TESTS_DIR}" ]; then
+  echo "You requested to run tests, but ${SOURCE_TESTS_DIR} does not exist or is not a directory. Exiting."
+  exit 1
+fi
 mkdir -p /tmp/cluster_tests
 # Replace cluster and domain name in the test files
 for f in "${SOURCE_TESTS_DIR}"/*; do

commit f47b71a433e656f70c2d1e09c493446d112b0177
Author: Javier Bértoli <jbertoli at curii.com>
Date:   Fri Apr 16 16:06:08 2021 -0300

    refactor(provision): delete parameters moved to config files
    
    refs #17246
    Arvados-DCO-1.1-Signed-off-by: Javier Bértoli <jbertoli at curii.com>

diff --git a/tools/salt-install/Vagrantfile b/tools/salt-install/Vagrantfile
index 6a093b152..809f0261c 100644
--- a/tools/salt-install/Vagrantfile
+++ b/tools/salt-install/Vagrantfile
@@ -65,17 +65,12 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
     arv.vm.network "forwarded_port", guest: 14202, host: 14202
     arv.vm.network "forwarded_port", guest: 18002, host: 18002
     arv.vm.provision "shell",
-                     inline: "sed 's#HOSTNAME_EXT=\"\"#HOSTNAME_EXT=\"zeppo.local\"#g;
-                                   s#cluster_fixme_or_this_wont_work#harpo#g;
-                                   s#domain_fixme_or_this_wont_work#local#g;
-                                   s#CONFIG_DIR=\"config_examples/single_host/multiple_hostnames\"#CONFIG_DIR=\"config_examples/single_host/single_hostname\"#g;
-                                   s#CONTROLLER_EXT_SSL_PORT=443#CONTROLLER_EXT_SSL_PORT=9443#g;
-                                   s#KEEP_EXT_SSL_PORT=25101#KEEP_EXT_SSL_PORT=35101#g;
-                                   s#KEEPWEB_EXT_SSL_PORT=9002#KEEPWEB_EXT_SSL_PORT=11002#g;
-                                   s#WEBSHELL_EXT_SSL_PORT=4202#WEBSHELL_EXT_SSL_PORT=14202#g;
-                                   s#WEBSOCKET_EXT_SSL_PORT=8002#WEBSOCKET_EXT_SSL_PORT=18002#g;
-                                   s#WORKBENCH1_EXT_SSL_PORT=443#WORKBENCH1_EXT_SSL_PORT=9444#g;
-                                   s#WORKBENCH2_EXT_SSL_PORT=3001#WORKBENCH2_EXT_SSL_PORT=9445#g;' \
+                     inline: "cp -vr /vagrant/config_examples/single_host/single_hostname /home/vagrant/local_config_dir;
+                              cp -vr /vagrant/tests /home/vagrant/tests;
+                              sed 's#HOSTNAME_EXT=\"\"#HOSTNAME_EXT=\"zeppo.local\"#g;
+                                   s#cluster_fixme_or_this_wont_work#zeppo#g;
+                                   s/#\ BRANCH=\"master\"/\ BRANCH=\"master\"/g;
+                                   s#domain_fixme_or_this_wont_work#local#g;' \
                                    /vagrant/local.params.example.single_host_single_hostname > /tmp/local.params.single_host_single_hostname"
     arv.vm.provision "shell",
                      path: "provision.sh",

commit cf249360d8533e35612ab8e8ec0d5da831ebf48e
Author: Javier Bértoli <jbertoli at curii.com>
Date:   Fri Apr 16 16:04:15 2021 -0300

    chore(provision): ignore some files in git
    
    refs #17246
    Arvados-DCO-1.1-Signed-off-by: Javier Bértoli <jbertoli at curii.com>

diff --git a/tools/salt-install/.gitignore b/tools/salt-install/.gitignore
new file mode 100644
index 000000000..df7452e2c
--- /dev/null
+++ b/tools/salt-install/.gitignore
@@ -0,0 +1,2 @@
+local_config_dir
+local.params

commit 4c4af3ff971cf0eef521b9be0b8e08f685e7fd36
Author: Javier Bértoli <jbertoli at curii.com>
Date:   Fri Apr 16 16:01:52 2021 -0300

    refactor(provision): use uniform database parameters across examples
    
    refs #17246
    Arvados-DCO-1.1-Signed-off-by: Javier Bértoli <jbertoli at curii.com>

diff --git a/tools/salt-install/config_examples/single_host/multiple_hostnames/pillars/arvados.sls b/tools/salt-install/config_examples/single_host/multiple_hostnames/pillars/arvados.sls
index de9cd9648..23e007650 100644
--- a/tools/salt-install/config_examples/single_host/multiple_hostnames/pillars/arvados.sls
+++ b/tools/salt-install/config_examples/single_host/multiple_hostnames/pillars/arvados.sls
@@ -63,10 +63,10 @@ arvados:
     database:
       # max concurrent connections per arvados server daemon
       # connection_pool_max: 32
-      name: arvados
+      name: __CLUSTER___arvados
       host: 127.0.0.1
-      password: changeme_arvados
-      user: arvados
+      password: "__DATABASE_PASSWORD__"
+      user: __CLUSTER___arvados
       encoding: en_US.utf8
       client_encoding: UTF8
 
diff --git a/tools/salt-install/config_examples/single_host/multiple_hostnames/states/host_entries.sls b/tools/salt-install/config_examples/single_host/multiple_hostnames/states/host_entries.sls
new file mode 100644
index 000000000..53a9148cc
--- /dev/null
+++ b/tools/salt-install/config_examples/single_host/multiple_hostnames/states/host_entries.sls
@@ -0,0 +1,36 @@
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: AGPL-3.0
+
+{%- set curr_tpldir = tpldir %}
+{%- set tpldir = 'arvados' %}
+{%- from "arvados/map.jinja" import arvados with context %}
+{%- set tpldir = curr_tpldir %}
+
+arvados_test_salt_states_examples_single_host_etc_hosts_host_present:
+  host.present:
+    - ip: 127.0.1.1
+    - names:
+      - {{ arvados.cluster.name }}.{{ arvados.cluster.domain }}
+      # FIXME! This just works for our testings.
+      # Won't work if the cluster name != host name
+      {%- for entry in [
+          'api',
+          'collections',
+          'controller',
+          'download',
+          'keep',
+          'keepweb',
+          'keep0',
+          'shell',
+          'workbench',
+          'workbench2',
+          'ws',
+        ]
+      %}
+      - {{ entry }}
+      - {{ entry }}.{{ arvados.cluster.name }}.{{ arvados.cluster.domain }}
+      {%- endfor %}
+    - require_in:
+      - file: nginx_config
+      - service: nginx_service

commit c281c35395ae31135687be23a9b8ca26485a83e1
Author: Javier Bértoli <jbertoli at curii.com>
Date:   Fri Apr 16 15:58:34 2021 -0300

    fix(provision): run hosts/snakeoil states before nginx so it does not fail on missing deps
    
    refs #17246
    Arvados-DCO-1.1-Signed-off-by: Javier Bértoli <jbertoli at curii.com>

diff --git a/tools/salt-install/config_examples/single_host/single_hostname/states/host_entries.sls b/tools/salt-install/config_examples/single_host/single_hostname/states/host_entries.sls
index eac854523..53a9148cc 100644
--- a/tools/salt-install/config_examples/single_host/single_hostname/states/host_entries.sls
+++ b/tools/salt-install/config_examples/single_host/single_hostname/states/host_entries.sls
@@ -9,7 +9,7 @@
 
 arvados_test_salt_states_examples_single_host_etc_hosts_host_present:
   host.present:
-    - ip: 127.0.0.2
+    - ip: 127.0.1.1
     - names:
       - {{ arvados.cluster.name }}.{{ arvados.cluster.domain }}
       # FIXME! This just works for our testings.
@@ -31,3 +31,6 @@ arvados_test_salt_states_examples_single_host_etc_hosts_host_present:
       - {{ entry }}
       - {{ entry }}.{{ arvados.cluster.name }}.{{ arvados.cluster.domain }}
       {%- endfor %}
+    - require_in:
+      - file: nginx_config
+      - service: nginx_service
diff --git a/tools/salt-install/config_examples/single_host/single_hostname/states/snakeoil_certs.sls b/tools/salt-install/config_examples/single_host/single_hostname/states/snakeoil_certs.sls
index 375cc84eb..d88adbc53 100644
--- a/tools/salt-install/config_examples/single_host/single_hostname/states/snakeoil_certs.sls
+++ b/tools/salt-install/config_examples/single_host/single_hostname/states/snakeoil_certs.sls
@@ -7,9 +7,6 @@
 {%- from "arvados/map.jinja" import arvados with context %}
 {%- set tpldir = curr_tpldir %}
 
-include:
-  - nginx.service
-
 {%- set arvados_ca_cert_file = '/etc/ssl/certs/arvados-snakeoil-ca.pem' %}
 {%- set arvados_ca_key_file = '/etc/ssl/private/arvados-snakeoil-ca.key' %}
 {%- set arvados_cert_file = '/etc/ssl/certs/arvados-snakeoil-cert.pem' %}
@@ -150,6 +147,11 @@ arvados_test_salt_states_examples_single_host_snakeoil_certs_nginx_snakeoil_file
     - contents: |
         ssl_certificate {{ arvados_cert_file }};
         ssl_certificate_key {{ arvados_key_file }};
+    - require:
+      - pkg: nginx_install
+    - require_in:
+      - file: nginx_config
+      - service: nginx_service
     - watch_in:
       - service: nginx_service
 

commit 5fe88faee0519fbec09b372d2323da3fe3ccb00b
Author: Javier Bértoli <jbertoli at curii.com>
Date:   Fri Apr 16 15:37:07 2021 -0300

    chore(provision): set postgresql cidr in single host examples
    
    refs #17246
    Arvados-DCO-1.1-Signed-off-by: Javier Bértoli <jbertoli at curii.com>

diff --git a/tools/salt-install/config_examples/single_host/single_hostname/pillars/postgresql.sls b/tools/salt-install/config_examples/single_host/single_hostname/pillars/postgresql.sls
index 71e712cad..caafb7b2d 100644
--- a/tools/salt-install/config_examples/single_host/single_hostname/pillars/postgresql.sls
+++ b/tools/salt-install/config_examples/single_host/single_hostname/pillars/postgresql.sls
@@ -15,7 +15,7 @@ postgres:
     - ['local', 'all', 'all', 'peer']
     - ['host', 'all', 'all', '127.0.0.1/32', 'md5']
     - ['host', 'all', 'all', '::1/128', 'md5']
-    - ['host', '__CLUSTER___arvados', '__CLUSTER___arvados', '127.0.0.1/32']
+    - ['host', '__CLUSTER___arvados', '__CLUSTER___arvados', '127.0.0.0/8']
   users:
     __CLUSTER___arvados:
       ensure: present

commit 77da50d7dbcf00394545d8a0c2acea0c3311ec53
Author: Javier Bértoli <jbertoli at curii.com>
Date:   Fri Apr 16 15:36:18 2021 -0300

    fix(provision): use uniform database parameters across examples
    
    refs #17246
    Arvados-DCO-1.1-Signed-off-by: Javier Bértoli <jbertoli at curii.com>

diff --git a/tools/salt-install/config_examples/single_host/single_hostname/pillars/arvados.sls b/tools/salt-install/config_examples/single_host/single_hostname/pillars/arvados.sls
index 8fcad0116..a45ac8d81 100644
--- a/tools/salt-install/config_examples/single_host/single_hostname/pillars/arvados.sls
+++ b/tools/salt-install/config_examples/single_host/single_hostname/pillars/arvados.sls
@@ -63,12 +63,11 @@ arvados:
     database:
       # max concurrent connections per arvados server daemon
       # connection_pool_max: 32
-      name: arvados
+      name: __CLUSTER___arvados
       host: 127.0.0.1
-      password: changeme_arvados
-      user: arvados
+      password: "__DATABASE_PASSWORD__"
+      user: __CLUSTER___arvados
       encoding: en_US.utf8
-      client_encoding: UTF8
 
     tls:
       # certificate: ''

commit 9f1a7c27ae16a2e77325f72b8695cfe89cab70ae
Author: Javier Bértoli <jbertoli at curii.com>
Date:   Tue Apr 13 18:20:12 2021 -0300

    fix(provision): temp fix for nginx formula issue with snippets
    
    refs #17246
    Arvados-DCO-1.1-Signed-off-by: Javier Bértoli <jbertoli at curii.com>

diff --git a/tools/salt-install/local.params.example.single_host_multiple_hostnames b/tools/salt-install/local.params.example.single_host_multiple_hostnames
index e64423aa8..73630defc 100644
--- a/tools/salt-install/local.params.example.single_host_multiple_hostnames
+++ b/tools/salt-install/local.params.example.single_host_multiple_hostnames
@@ -80,9 +80,9 @@ BRANCH="master"
 # Usually there's no need to modify things below this line
 
 # Formulas versions
-ARVADOS_TAG="v1.1.4"
-POSTGRES_TAG="v0.41.6"
-NGINX_TAG="master"
-DOCKER_TAG="v1.0.0"
-LOCALE_TAG="v0.3.4"
-LETSENCRYPT_TAG="v2.1.0"
+# ARVADOS_TAG="v1.1.4"
+# POSTGRES_TAG="v0.41.6"
+# NGINX_TAG="temp-fix-missing-statements-in-pillar"
+# DOCKER_TAG="v1.0.0"
+# LOCALE_TAG="v0.3.4"
+# LETSENCRYPT_TAG="v2.1.0"
diff --git a/tools/salt-install/local.params.example.single_host_single_hostname b/tools/salt-install/local.params.example.single_host_single_hostname
index 264f2a72e..0bc96e3e1 100644
--- a/tools/salt-install/local.params.example.single_host_single_hostname
+++ b/tools/salt-install/local.params.example.single_host_single_hostname
@@ -83,9 +83,9 @@ VERSION="latest"
 # Usually there's no need to modify things below this line
 
 # Formulas versions
-ARVADOS_TAG="v1.1.4"
-POSTGRES_TAG="v0.41.6"
-NGINX_TAG="v2.5.0"
-DOCKER_TAG="v1.0.0"
-LOCALE_TAG="v0.3.4"
-LETSENCRYPT_TAG="v2.1.0"
+# ARVADOS_TAG="v1.1.4"
+# POSTGRES_TAG="v0.41.6"
+# NGINX_TAG="temp-fix-missing-statements-in-pillar"
+# DOCKER_TAG="v1.0.0"
+# LOCALE_TAG="v0.3.4"
+# LETSENCRYPT_TAG="v2.1.0"
diff --git a/tools/salt-install/provision.sh b/tools/salt-install/provision.sh
index 51acc8e4a..81abc257f 100755
--- a/tools/salt-install/provision.sh
+++ b/tools/salt-install/provision.sh
@@ -128,9 +128,11 @@ WORKBENCH2_EXT_SSL_PORT=3001
 
 RELEASE="production"
 VERSION="latest"
-ARVADOS_TAG="v1.1.4"
+
+# Formulas versions
+ARVADOS_TAG="v.1.1.4"
 POSTGRES_TAG="v0.41.6"
-NGINX_TAG="v2.5.0"
+NGINX_TAG="temp-fix-missing-statements-in-pillar"
 DOCKER_TAG="v1.0.0"
 LOCALE_TAG="v0.3.4"
 LETSENCRYPT_TAG="v2.1.0"

commit f5ed56bfd9ff9282ee8e65e552b491b7fe088f8b
Author: Javier Bértoli <jbertoli at curii.com>
Date:   Tue Apr 13 18:19:29 2021 -0300

    feat(provision): add local.params example for multi-host
    
    refs #17246
    Arvados-DCO-1.1-Signed-off-by: Javier Bértoli <jbertoli at curii.com>

diff --git a/tools/salt-install/local.params.example.multiple_hosts b/tools/salt-install/local.params.example.multiple_hosts
new file mode 100644
index 000000000..a476decc1
--- /dev/null
+++ b/tools/salt-install/local.params.example.multiple_hosts
@@ -0,0 +1,104 @@
+##########################################################
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: CC-BY-SA-3.0
+
+# These are the basic parameters to configure the installation
+
+# The 5 letters name you want to give your cluster
+CLUSTER="fixme"
+
+# The domainname you want tou give to your cluster's hosts
+DOMAIN="some.domain"
+
+# When setting the cluster in a single host, you can use a single hostname
+# to access all the instances. When using virtualization (ie AWS), this should be
+# the EXTERNAL/PUBLIC hostname for the instance.
+# If empty, the INTERNAL HOST IP will be used
+HOSTNAME_EXT=""
+# The internal hostname for the host. In the example files, only used in the
+# single_host/single_hostname example
+HOSTNAME_INT="127.0.1.1"
+# Host SSL port where you want to point your browser to access Arvados
+# Defaults to 443 for regular runs, and to 8443 when called in Vagrant.
+# You can point it to another port if desired
+# In Vagrant, make sure it matches what you set in the Vagrantfile (8443)
+CONTROLLER_EXT_SSL_PORT=443
+KEEP_EXT_SSL_PORT=443
+# Both for collections and downloads
+KEEPWEB_EXT_SSL_PORT=443
+WEBSHELL_EXT_SSL_PORT=443
+WEBSOCKET_EXT_SSL_PORT=443
+WORKBENCH1_EXT_SSL_PORT=443
+WORKBENCH2_EXT_SSL_PORT=443
+
+# Internal IPs for the configuration
+CLUSTER_INT_CIDR=10.0.0.0/16
+CONTROLLER_INT_IP=10.0.0.1
+WEBSOCKET_INT_IP=10.0.0.1
+KEEP_INT_IP=10.0.0.2
+KEEPSTORE0_INT_IP=10.0.0.3
+KEEPSTORE1_INT_IP=10.0.0.4
+# Both for collections and downloads
+KEEPWEB_INT_IP=10.0.0.5
+WEBSHELL_INT_IP=10.0.0.6
+WORKBENCH1_INT_IP=10.0.0.7
+WORKBENCH2_INT_IP=10.0.0.7
+DATABASE_INT_IP=10.0.0.8
+
+INITIAL_USER="admin"
+INITIAL_USER_PASSWORD="password"
+
+# If not specified, the initial user email will be composed as
+# INITIAL_USER at CLUSTER.DOMAIN
+INITIAL_USER_EMAIL="admin at fixme.some.domain"
+
+# YOU SHOULD CHANGE THESE TO SOME RANDOM STRINGS
+BLOB_SIGNING_KEY=blobsigningkeymushaveatleast32characters
+MANAGEMENT_TOKEN=managementtokenmushaveatleast32characters
+SYSTEM_ROOT_TOKEN=systemroottokenmushaveatleast32characters
+ANONYMOUS_USER_TOKEN=anonymoususertokenmushaveatleast32characters
+WORKBENCH_SECRET_KEY=workbenchsecretkeymushaveatleast32characters
+DATABASE_PASSWORD=please_set_this_to_some_secure_value
+
+# SSL CERTIFICATES
+# Arvados REQUIRES valid SSL to work correctly. Otherwise, some components will fail
+# to communicate and can silently drop traffic. You can try to use the Letsencrypt
+# salt formula (https://github.com/saltstack-formulas/letsencrypt-formula) to try to
+# automatically obtain and install SSL certificates for your instances or set this
+# variable to "no", provide and upload your own certificates to the instances and
+# modify the 'nginx_*' salt pillars accordingly
+USE_LETSENCRYPT="yes"
+
+# The directory to check for the config files (pillars, states) you want to use.
+# There are a few examples under 'config_examples'. If you don't change this
+# variable, the single_host, multiple_hostnames config will be used
+# CONFIG_DIR="config_examples/single_host/single_hostname"
+CONFIG_DIR="config_examples/multi_host/aws"
+# Extra states to apply. If you use your own subdir, change this value accordingly
+EXTRA_STATES_DIR="${CONFIG_DIR}/states"
+
+# When using the single_host/single_hostname example, change to this one
+# EXTRA_STATES_DIR="${CONFIG_DIR}/states"
+
+# Which release of Arvados repo you want to use
+RELEASE="production"
+# Which version of Arvados you want to install. Defaults to 'latest'
+# in the desired repo
+VERSION="latest"
+
+# This is an arvados-formula setting.
+# If branch is set, the script will switch to it before running salt
+# Usually not needed, only used for testing
+BRANCH="master"
+
+##########################################################
+# Usually there's no need to modify things below this line
+
+# Formulas versions
+# ARVADOS_TAG="v1.1.4"
+# POSTGRES_TAG="v0.41.6"
+# NGINX_TAG="temp-fix-missing-statements-in-pillar"
+# DOCKER_TAG="v1.0.0"
+# LOCALE_TAG="v0.3.4"
+# LETSENCRYPT_TAG="v2.1.0"

-----------------------------------------------------------------------


hooks/post-receive
-- 




More information about the arvados-commits mailing list