[ARVADOS] updated: 2.1.0-240-ga622b6980

Git user git at public.arvados.org
Wed Jan 6 21:39:40 UTC 2021 

Summary of changes:
 .../install-shell-server.html.textile.liquid       | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

       via  a622b6980539db9563b6a92e0996197b61dae862 (commit)
      from  f53363ea4642dd165decc6786b835979a1dc9f73 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.


commit a622b6980539db9563b6a92e0996197b61dae862
Author: Peter Amstutz <peter.amstutz at curii.com>
Date:   Wed Jan 6 16:39:19 2021 -0500

    17224: Document LoginCluster configuration for login-sync
    
    Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <peter.amstutz at curii.com>

diff --git a/doc/install/install-shell-server.html.textile.liquid b/doc/install/install-shell-server.html.textile.liquid
index 97854e524..43a4cdc72 100644
--- a/doc/install/install-shell-server.html.textile.liquid
+++ b/doc/install/install-shell-server.html.textile.liquid
@@ -24,7 +24,7 @@ Arvados support for shell nodes allows you to use Arvados permissions to grant L
 
 A shell node runs the @arvados-login-sync@ service to manage user accounts, and typically has Arvados utilities and SDKs pre-installed.  Users are allowed to log in and run arbitrary programs.  For optimal performance, the Arvados shell server should be on the same LAN as the Arvados cluster.
 
-Because it _contains secrets_ shell nodes should *not* have a copy of the Arvados @config.yml at .
+Because Arvados @config.yml@ _contains secrets_ it should not *not* be present on shell nodes.
 
 Shell nodes should be separate virtual machines from the VMs running other Arvados services.  You may choose to grant root access to users so that they can customize the node, for example, installing new programs.  This has security considerations depending on whether a shell node is single-user or multi-user.
 
@@ -89,6 +89,8 @@ If this is a multi-user shell node, then @ARVADOS_API_TOKEN@ should be an admini
 
 Set @ARVADOS_VIRTUAL_MACHINE_UUID@ to the UUID from "Create record for VM":#vm-record
 
+h3. Standalone cluster
+
 <notextile>
 <pre>
 <code>shellserver:# <span class="userinput">umask 0700; tee /etc/cron.d/arvados-login-sync <<EOF
@@ -100,6 +102,24 @@ EOF</span></code>
 </pre>
 </notextile>
 
+h3. Part of a LoginCLuster federation
+
+If this cluster is part of a "federation with centralized user management":../admin/federation.html#LoginCluster , the login sync script also needs to be given the host and user token for the login cluster.
+
+<notextile>
+<pre>
+<code>shellserver:# <span class="userinput">umask 0700; tee /etc/cron.d/arvados-login-sync <<EOF
+ARVADOS_API_HOST="<strong>ClusterID.example.com</strong>"
+ARVADOS_API_TOKEN="<strong>xxxxxxxxxxxxxxxxx</strong>"
+LOGINCLUSTER_ARVADOS_API_HOST="<strong>LoginClusterID.example.com</strong>"
+LOGINCLUSTER_ARVADOS_API_TOKEN="<strong>yyyyyyyyyyyyyyyyy</strong>"
+ARVADOS_VIRTUAL_MACHINE_UUID="<strong>zzzzz-2x53u-zzzzzzzzzzzzzzz</strong>"
+*/2 * * * * root arvados-login-sync
+EOF</span></code>
+</pre>
+</notextile>
+
+
 h2(#confirm-working). Confirm working installation
 
 A user should be able to log in to the shell server when the following conditions are satisfied:

-----------------------------------------------------------------------


hooks/post-receive
--

More information about the arvados-commits mailing list