[ARVADOS] updated: 2.1.0-266-g3aa47e60e
Git user
git at public.arvados.org
Wed Jan 27 12:56:56 UTC 2021
Summary of changes:
.../pillars}/arvados.sls | 50 +++----
.../multiple_hostnames/{ => pillars}/docker.sls | 0
.../multiple_hostnames/{ => pillars}/locale.sls | 0
.../{ => pillars}/nginx_api_configuration.sls | 0
.../nginx_controller_configuration.sls | 0
.../nginx_keepproxy_configuration.sls | 0
.../{ => pillars}/nginx_keepweb_configuration.sls | 0
.../{ => pillars}/nginx_passenger.sls | 0
.../{ => pillars}/nginx_webshell_configuration.sls | 0
.../nginx_websocket_configuration.sls | 0
.../nginx_workbench2_configuration.sls | 0
.../nginx_workbench_configuration.sls | 0
.../{ => pillars}/postgresql.sls | 0
.../pillars}/arvados.sls | 52 +++----
.../single_hostname/{ => pillars}/docker.sls | 0
.../single_hostname/{ => pillars}/locale.sls | 0
.../{ => pillars}/nginx_api_configuration.sls | 2 +-
.../nginx_controller_configuration.sls | 10 +-
.../nginx_keepproxy_configuration.sls | 18 +--
.../{ => pillars}/nginx_keepweb_configuration.sls | 18 +--
.../{ => pillars}/nginx_passenger.sls | 0
.../{ => pillars}/nginx_webshell_configuration.sls | 17 +--
.../nginx_websocket_configuration.sls | 18 +--
.../nginx_workbench2_configuration.sls | 16 +--
.../nginx_workbench_configuration.sls | 20 +--
.../single_hostname/{ => pillars}/postgresql.sls | 0
.../single_hostname/states/host_entries.sls | 32 +++++
.../single_hostname/states/snakeoil_certs.sls | 156 +++++++++++++++++++++
tools/salt-install/local.params.example | 14 +-
tools/salt-install/provision.sh | 57 ++++++--
tools/salt-install/tests/run-test.sh | 4 +-
31 files changed, 313 insertions(+), 171 deletions(-)
rename tools/salt-install/config_examples/single_host/{single_hostname => multiple_hostnames/pillars}/arvados.sls (70%)
rename tools/salt-install/config_examples/single_host/multiple_hostnames/{ => pillars}/docker.sls (100%)
rename tools/salt-install/config_examples/single_host/multiple_hostnames/{ => pillars}/locale.sls (100%)
rename tools/salt-install/config_examples/single_host/multiple_hostnames/{ => pillars}/nginx_api_configuration.sls (100%)
rename tools/salt-install/config_examples/single_host/multiple_hostnames/{ => pillars}/nginx_controller_configuration.sls (100%)
rename tools/salt-install/config_examples/single_host/multiple_hostnames/{ => pillars}/nginx_keepproxy_configuration.sls (100%)
rename tools/salt-install/config_examples/single_host/multiple_hostnames/{ => pillars}/nginx_keepweb_configuration.sls (100%)
rename tools/salt-install/config_examples/single_host/multiple_hostnames/{ => pillars}/nginx_passenger.sls (100%)
rename tools/salt-install/config_examples/single_host/multiple_hostnames/{ => pillars}/nginx_webshell_configuration.sls (100%)
rename tools/salt-install/config_examples/single_host/multiple_hostnames/{ => pillars}/nginx_websocket_configuration.sls (100%)
rename tools/salt-install/config_examples/single_host/multiple_hostnames/{ => pillars}/nginx_workbench2_configuration.sls (100%)
rename tools/salt-install/config_examples/single_host/multiple_hostnames/{ => pillars}/nginx_workbench_configuration.sls (100%)
rename tools/salt-install/config_examples/single_host/multiple_hostnames/{ => pillars}/postgresql.sls (100%)
rename tools/salt-install/config_examples/single_host/{multiple_hostnames => single_hostname/pillars}/arvados.sls (66%)
rename tools/salt-install/config_examples/single_host/single_hostname/{ => pillars}/docker.sls (100%)
rename tools/salt-install/config_examples/single_host/single_hostname/{ => pillars}/locale.sls (100%)
rename tools/salt-install/config_examples/single_host/single_hostname/{ => pillars}/nginx_api_configuration.sls (93%)
rename tools/salt-install/config_examples/single_host/single_hostname/{ => pillars}/nginx_controller_configuration.sls (87%)
rename tools/salt-install/config_examples/single_host/single_hostname/{ => pillars}/nginx_keepproxy_configuration.sls (73%)
rename tools/salt-install/config_examples/single_host/single_hostname/{ => pillars}/nginx_keepweb_configuration.sls (72%)
rename tools/salt-install/config_examples/single_host/single_hostname/{ => pillars}/nginx_passenger.sls (100%)
rename tools/salt-install/config_examples/single_host/single_hostname/{ => pillars}/nginx_webshell_configuration.sls (84%)
rename tools/salt-install/config_examples/single_host/single_hostname/{ => pillars}/nginx_websocket_configuration.sls (74%)
rename tools/salt-install/config_examples/single_host/single_hostname/{ => pillars}/nginx_workbench2_configuration.sls (70%)
rename tools/salt-install/config_examples/single_host/single_hostname/{ => pillars}/nginx_workbench_configuration.sls (76%)
rename tools/salt-install/config_examples/single_host/single_hostname/{ => pillars}/postgresql.sls (100%)
create mode 100644 tools/salt-install/config_examples/single_host/single_hostname/states/host_entries.sls
create mode 100644 tools/salt-install/config_examples/single_host/single_hostname/states/snakeoil_certs.sls
discards 90980819ababbcef1c85cd589b9a52d3a1994554 (commit)
via 3aa47e60ebd104793c52c1b4e5145f73b51571e3 (commit)
via 2a662b839254ff1ba35641834e4546c013aba2bd (commit)
This update added new revisions after undoing existing revisions. That is
to say, the old revision is not a strict subset of the new revision. This
situation occurs when you --force push a change and generate a repository
containing something like this:
* -- * -- B -- O -- O -- O (90980819ababbcef1c85cd589b9a52d3a1994554)
\
N -- N -- N (3aa47e60ebd104793c52c1b4e5145f73b51571e3)
When this happens we assume that you've already had alert emails for all
of the O revisions, and so we here report only the revisions in the N
branch from the common base, B.
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
commit 3aa47e60ebd104793c52c1b4e5145f73b51571e3
Author: Javier Bértoli <jbertoli at curii.com>
Date: Wed Jan 27 09:54:49 2021 -0300
feat(provision): refactor to add other setup examples
refs #17246
Arvados-DCO-1.1-Signed-off-by: Javier Bértoli <jbertoli at curii.com>
diff --git a/tools/salt-install/config_examples/single_host/multiple_hostnames/arvados.sls b/tools/salt-install/config_examples/single_host/multiple_hostnames/pillars/arvados.sls
similarity index 90%
rename from tools/salt-install/config_examples/single_host/multiple_hostnames/arvados.sls
rename to tools/salt-install/config_examples/single_host/multiple_hostnames/pillars/arvados.sls
index 4aa4735d8..6c6dec26f 100644
--- a/tools/salt-install/config_examples/single_host/multiple_hostnames/arvados.sls
+++ b/tools/salt-install/config_examples/single_host/multiple_hostnames/pillars/arvados.sls
@@ -78,19 +78,15 @@ arvados:
### TOKENS
tokens:
- system_root: changemesystemroottoken
- management: changememanagementtoken
- rails_secret: changemerailssecrettoken
- anonymous_user: changemeanonymoususertoken
+ system_root: __SYSTEM_ROOT_TOKEN__
+ management: __MANAGEMENT_TOKEN__
+ rails_secret: __RAILS_SECRET_TOKEN__
+ anonymous_user: __ANONYMOUS_USER_TOKEN__
### KEYS
secrets:
- blob_signing_key: changemeblobsigningkey
- workbench_secret_key: changemeworkbenchsecretkey
- dispatcher_access_key: changemedispatcheraccesskey
- dispatcher_secret_key: changeme_dispatchersecretkey
- keep_access_key: changemekeepaccesskey
- keep_secret_key: changemekeepsecretkey
+ blob_signing_key: __BLOB_SIGNING_KEY__
+ workbench_secret_key: __WORKBENCH_SECRET_KEY__
Login:
Test:
diff --git a/tools/salt-install/config_examples/single_host/multiple_hostnames/docker.sls b/tools/salt-install/config_examples/single_host/multiple_hostnames/pillars/docker.sls
similarity index 100%
rename from tools/salt-install/config_examples/single_host/multiple_hostnames/docker.sls
rename to tools/salt-install/config_examples/single_host/multiple_hostnames/pillars/docker.sls
diff --git a/tools/salt-install/config_examples/single_host/multiple_hostnames/locale.sls b/tools/salt-install/config_examples/single_host/multiple_hostnames/pillars/locale.sls
similarity index 100%
rename from tools/salt-install/config_examples/single_host/multiple_hostnames/locale.sls
rename to tools/salt-install/config_examples/single_host/multiple_hostnames/pillars/locale.sls
diff --git a/tools/salt-install/config_examples/single_host/multiple_hostnames/nginx_api_configuration.sls b/tools/salt-install/config_examples/single_host/multiple_hostnames/pillars/nginx_api_configuration.sls
similarity index 100%
rename from tools/salt-install/config_examples/single_host/multiple_hostnames/nginx_api_configuration.sls
rename to tools/salt-install/config_examples/single_host/multiple_hostnames/pillars/nginx_api_configuration.sls
diff --git a/tools/salt-install/config_examples/single_host/multiple_hostnames/nginx_controller_configuration.sls b/tools/salt-install/config_examples/single_host/multiple_hostnames/pillars/nginx_controller_configuration.sls
similarity index 100%
rename from tools/salt-install/config_examples/single_host/multiple_hostnames/nginx_controller_configuration.sls
rename to tools/salt-install/config_examples/single_host/multiple_hostnames/pillars/nginx_controller_configuration.sls
diff --git a/tools/salt-install/config_examples/single_host/multiple_hostnames/nginx_keepproxy_configuration.sls b/tools/salt-install/config_examples/single_host/multiple_hostnames/pillars/nginx_keepproxy_configuration.sls
similarity index 100%
rename from tools/salt-install/config_examples/single_host/multiple_hostnames/nginx_keepproxy_configuration.sls
rename to tools/salt-install/config_examples/single_host/multiple_hostnames/pillars/nginx_keepproxy_configuration.sls
diff --git a/tools/salt-install/config_examples/single_host/multiple_hostnames/nginx_keepweb_configuration.sls b/tools/salt-install/config_examples/single_host/multiple_hostnames/pillars/nginx_keepweb_configuration.sls
similarity index 100%
rename from tools/salt-install/config_examples/single_host/multiple_hostnames/nginx_keepweb_configuration.sls
rename to tools/salt-install/config_examples/single_host/multiple_hostnames/pillars/nginx_keepweb_configuration.sls
diff --git a/tools/salt-install/config_examples/single_host/multiple_hostnames/nginx_passenger.sls b/tools/salt-install/config_examples/single_host/multiple_hostnames/pillars/nginx_passenger.sls
similarity index 100%
rename from tools/salt-install/config_examples/single_host/multiple_hostnames/nginx_passenger.sls
rename to tools/salt-install/config_examples/single_host/multiple_hostnames/pillars/nginx_passenger.sls
diff --git a/tools/salt-install/config_examples/single_host/multiple_hostnames/nginx_webshell_configuration.sls b/tools/salt-install/config_examples/single_host/multiple_hostnames/pillars/nginx_webshell_configuration.sls
similarity index 100%
rename from tools/salt-install/config_examples/single_host/multiple_hostnames/nginx_webshell_configuration.sls
rename to tools/salt-install/config_examples/single_host/multiple_hostnames/pillars/nginx_webshell_configuration.sls
diff --git a/tools/salt-install/config_examples/single_host/multiple_hostnames/nginx_websocket_configuration.sls b/tools/salt-install/config_examples/single_host/multiple_hostnames/pillars/nginx_websocket_configuration.sls
similarity index 100%
rename from tools/salt-install/config_examples/single_host/multiple_hostnames/nginx_websocket_configuration.sls
rename to tools/salt-install/config_examples/single_host/multiple_hostnames/pillars/nginx_websocket_configuration.sls
diff --git a/tools/salt-install/config_examples/single_host/multiple_hostnames/nginx_workbench2_configuration.sls b/tools/salt-install/config_examples/single_host/multiple_hostnames/pillars/nginx_workbench2_configuration.sls
similarity index 100%
rename from tools/salt-install/config_examples/single_host/multiple_hostnames/nginx_workbench2_configuration.sls
rename to tools/salt-install/config_examples/single_host/multiple_hostnames/pillars/nginx_workbench2_configuration.sls
diff --git a/tools/salt-install/config_examples/single_host/multiple_hostnames/nginx_workbench_configuration.sls b/tools/salt-install/config_examples/single_host/multiple_hostnames/pillars/nginx_workbench_configuration.sls
similarity index 100%
rename from tools/salt-install/config_examples/single_host/multiple_hostnames/nginx_workbench_configuration.sls
rename to tools/salt-install/config_examples/single_host/multiple_hostnames/pillars/nginx_workbench_configuration.sls
diff --git a/tools/salt-install/config_examples/single_host/multiple_hostnames/postgresql.sls b/tools/salt-install/config_examples/single_host/multiple_hostnames/pillars/postgresql.sls
similarity index 100%
rename from tools/salt-install/config_examples/single_host/multiple_hostnames/postgresql.sls
rename to tools/salt-install/config_examples/single_host/multiple_hostnames/pillars/postgresql.sls
diff --git a/tools/salt-install/config_examples/single_host/single_hostname/arvados.sls b/tools/salt-install/config_examples/single_host/single_hostname/pillars/arvados.sls
similarity index 68%
rename from tools/salt-install/config_examples/single_host/single_hostname/arvados.sls
rename to tools/salt-install/config_examples/single_host/single_hostname/pillars/arvados.sls
index e5e458665..f3d2bcb9e 100644
--- a/tools/salt-install/config_examples/single_host/single_hostname/arvados.sls
+++ b/tools/salt-install/config_examples/single_host/single_hostname/pillars/arvados.sls
@@ -78,19 +78,15 @@ arvados:
### TOKENS
tokens:
- system_root: changemesystemroottoken
- management: changememanagementtoken
- rails_secret: changemerailssecrettoken
- anonymous_user: changemeanonymoususertoken
+ system_root: __SYSTEM_ROOT_TOKEN__
+ management: __MANAGEMENT_TOKEN__
+ rails_secret: __RAILS_SECRET_TOKEN__
+ anonymous_user: __ANONYMOUS_USER_TOKEN__
### KEYS
secrets:
- blob_signing_key: changemeblobsigningkey
- workbench_secret_key: changemeworkbenchsecretkey
- dispatcher_access_key: changemedispatcheraccesskey
- dispatcher_secret_key: changeme_dispatchersecretkey
- keep_access_key: changemekeepaccesskey
- keep_secret_key: changemekeepsecretkey
+ blob_signing_key: __BLOB_SIGNING_KEY__
+ workbench_secret_key: __WORKBENCH_SECRET_KEY__
Login:
Test:
@@ -107,7 +103,7 @@ arvados:
# <cluster>-nyw5e-<volume>
__CLUSTER__-nyw5e-000000000000000:
AccessViaHosts:
- 'http://__HOSTNAME__:25107':
+ 'http://__HOSTNAME_INT__:25107':
ReadOnly: false
Replication: 2
Driver: Directory
@@ -122,38 +118,32 @@ arvados:
Services:
Controller:
- ExternalURL: 'https://__HOSTNAME__:__CONTROLLER_EXT_SSL_PORT__'
+ ExternalURL: 'https://__HOSTNAME_EXT__:__CONTROLLER_EXT_SSL_PORT__'
InternalURLs:
- 'http://controller.internal:8003': {}
- DispatchCloud:
- InternalURLs:
- 'http://__HOSTNAME__:9006': {}
- Keepbalance:
- InternalURLs:
- 'http://__HOSTNAME__:9005': {}
+ 'http://__HOSTNAME_INT__:8003': {}
Keepproxy:
- ExternalURL: 'https://__HOSTNAME__:__KEEP_EXT_SSL_PORT__'
+ ExternalURL: 'https://__HOSTNAME_EXT__:__KEEP_EXT_SSL_PORT__'
InternalURLs:
- 'http://keep.internal:25100': {}
+ 'http://__HOSTNAME_INT__:25100': {}
Keepstore:
InternalURLs:
- 'http://keep0.internal:25107': {}
+ 'http://__HOSTNAME_INT__:25107': {}
RailsAPI:
InternalURLs:
- 'http://api.internal:8004': {}
+ 'http://__HOSTNAME_INT__:8004': {}
WebDAV:
- ExternalURL: 'https://__HOSTNAME__:__KEEPWEB_EXT_SSL_PORT__'
+ ExternalURL: 'https://__HOSTNAME_EXT__:__KEEPWEB_EXT_SSL_PORT__'
InternalURLs:
- 'http://collections.internal:9002': {}
+ 'http://__HOSTNAME_INT__:9003': {}
WebDAVDownload:
- ExternalURL: 'https://__HOSTNAME__:__KEEPWEB_EXT_SSL_PORT__'
+ ExternalURL: 'https://__HOSTNAME_EXT__:__KEEPWEB_EXT_SSL_PORT__'
WebShell:
- ExternalURL: 'https://__HOSTNAME__:__WEBSHELL_EXT_SSL_PORT__'
+ ExternalURL: 'https://__HOSTNAME_EXT__:__WEBSHELL_EXT_SSL_PORT__'
Websocket:
- ExternalURL: 'wss://__HOSTNAME__:__WEBSOCKET_EXT_SSL_PORT__/websocket'
+ ExternalURL: 'wss://__HOSTNAME_EXT__:__WEBSOCKET_EXT_SSL_PORT__/websocket'
InternalURLs:
- 'http://ws.internal:8005': {}
+ 'http://__HOSTNAME_INT__:8005': {}
Workbench1:
- ExternalURL: 'https://__HOSTNAME__:__WORKBENCH1_EXT_SSL_PORT__'
+ ExternalURL: 'https://__HOSTNAME_EXT__:__WORKBENCH1_EXT_SSL_PORT__'
Workbench2:
- ExternalURL: 'https://__HOSTNAME__:__WORKBENCH2_EXT_SSL_PORT__'
+ ExternalURL: 'https://__HOSTNAME_EXT__:__WORKBENCH2_EXT_SSL_PORT__'
diff --git a/tools/salt-install/config_examples/single_host/single_hostname/docker.sls b/tools/salt-install/config_examples/single_host/single_hostname/pillars/docker.sls
similarity index 100%
rename from tools/salt-install/config_examples/single_host/single_hostname/docker.sls
rename to tools/salt-install/config_examples/single_host/single_hostname/pillars/docker.sls
diff --git a/tools/salt-install/config_examples/single_host/single_hostname/locale.sls b/tools/salt-install/config_examples/single_host/single_hostname/pillars/locale.sls
similarity index 100%
rename from tools/salt-install/config_examples/single_host/single_hostname/locale.sls
rename to tools/salt-install/config_examples/single_host/single_hostname/pillars/locale.sls
diff --git a/tools/salt-install/config_examples/single_host/single_hostname/nginx_api_configuration.sls b/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_api_configuration.sls
similarity index 93%
rename from tools/salt-install/config_examples/single_host/single_hostname/nginx_api_configuration.sls
rename to tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_api_configuration.sls
index b2f12c773..18f09af50 100644
--- a/tools/salt-install/config_examples/single_host/single_hostname/nginx_api_configuration.sls
+++ b/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_api_configuration.sls
@@ -18,7 +18,7 @@ nginx:
overwrite: true
config:
- server:
- - listen: 'api.internal:8004'
+ - listen: '__HOSTNAME_INT__:8004'
- server_name: api
- root: /var/www/arvados-api/current/public
- index: index.html index.htm
diff --git a/tools/salt-install/config_examples/single_host/single_hostname/nginx_controller_configuration.sls b/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_controller_configuration.sls
similarity index 87%
rename from tools/salt-install/config_examples/single_host/single_hostname/nginx_controller_configuration.sls
rename to tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_controller_configuration.sls
index 2eb33b835..b7b75ab9c 100644
--- a/tools/salt-install/config_examples/single_host/single_hostname/nginx_controller_configuration.sls
+++ b/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_controller_configuration.sls
@@ -14,7 +14,7 @@ nginx:
default: 1
'127.0.0.0/8': 0
upstream controller_upstream:
- - server: 'controller.internal:8003 fail_timeout=10s'
+ - server: '__HOSTNAME_INT__:8003 fail_timeout=10s'
### SITES
servers:
@@ -25,9 +25,9 @@ nginx:
overwrite: true
config:
- server:
- - server_name: __HOSTNAME__
+ - server_name: _
- listen:
- - 80 default
+ - 80 default_server
- location /.well-known:
- root: /var/www
- location /:
@@ -38,9 +38,9 @@ nginx:
overwrite: true
config:
- server:
- - server_name: __HOSTNAME__
+ - server_name: __HOSTNAME_EXT__
- listen:
- - __CONTROLLER_EXT_SSL_PORT__ http2 ssl
+ - __CONTROLLER_EXT_SSL_PORT__ http2 ssl default_server
- index: index.html index.htm
- location /:
- proxy_pass: 'http://controller_upstream'
diff --git a/tools/salt-install/config_examples/single_host/single_hostname/nginx_keepproxy_configuration.sls b/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_keepproxy_configuration.sls
similarity index 73%
rename from tools/salt-install/config_examples/single_host/single_hostname/nginx_keepproxy_configuration.sls
rename to tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_keepproxy_configuration.sls
index b26de2710..81d72aac7 100644
--- a/tools/salt-install/config_examples/single_host/single_hostname/nginx_keepproxy_configuration.sls
+++ b/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_keepproxy_configuration.sls
@@ -11,30 +11,16 @@ nginx:
### STREAMS
http:
upstream keepproxy_upstream:
- - server: 'keep.internal:25100 fail_timeout=10s'
+ - server: '__HOSTNAME_INT__:25100 fail_timeout=10s'
servers:
managed:
- ### DEFAULT
- arvados_keepproxy_default:
- enabled: true
- overwrite: true
- config:
- - server:
- - server_name: __HOSTNAME__
- - listen:
- - __KEEP_EXT_SSL_PORT__
- - location /.well-known:
- - root: /var/www
- - location /:
- - return: '301 https://$host$request_uri'
-
arvados_keepproxy_ssl:
enabled: true
overwrite: true
config:
- server:
- - server_name: __HOSTNAME__
+ - server_name: __HOSTNAME_EXT__
- listen:
- __KEEP_EXT_SSL_PORT__ http2 ssl
- index: index.html index.htm
diff --git a/tools/salt-install/config_examples/single_host/single_hostname/nginx_keepweb_configuration.sls b/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_keepweb_configuration.sls
similarity index 72%
rename from tools/salt-install/config_examples/single_host/single_hostname/nginx_keepweb_configuration.sls
rename to tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_keepweb_configuration.sls
index 98a3cdf94..fcb56c994 100644
--- a/tools/salt-install/config_examples/single_host/single_hostname/nginx_keepweb_configuration.sls
+++ b/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_keepweb_configuration.sls
@@ -11,31 +11,17 @@ nginx:
### STREAMS
http:
upstream collections_downloads_upstream:
- - server: 'collections.internal:9002 fail_timeout=10s'
+ - server: '__HOSTNAME_INT__:9003 fail_timeout=10s'
servers:
managed:
- ### COLLECTIONS / DOWNLOAD
- arvados_collections_download_default:
- enabled: true
- overwrite: true
- config:
- - server:
- - server_name: __HOSTNAME__
- - listen:
- - __KEEPWEB_EXT_SSL_PORT__
- - location /.well-known:
- - root: /var/www
- - location /:
- - return: '301 https://$host$request_uri'
-
### COLLECTIONS / DOWNLOAD
arvados_collections_download_ssl:
enabled: true
overwrite: true
config:
- server:
- - server_name: __HOSTNAME__
+ - server_name: __HOSTNAME_EXT__
- listen:
- __KEEPWEB_EXT_SSL_PORT__ http2 ssl
- index: index.html index.htm
diff --git a/tools/salt-install/config_examples/single_host/single_hostname/nginx_passenger.sls b/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_passenger.sls
similarity index 100%
rename from tools/salt-install/config_examples/single_host/single_hostname/nginx_passenger.sls
rename to tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_passenger.sls
diff --git a/tools/salt-install/config_examples/single_host/single_hostname/nginx_webshell_configuration.sls b/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_webshell_configuration.sls
similarity index 84%
rename from tools/salt-install/config_examples/single_host/single_hostname/nginx_webshell_configuration.sls
rename to tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_webshell_configuration.sls
index dac606123..f0e7a19a4 100644
--- a/tools/salt-install/config_examples/single_host/single_hostname/nginx_webshell_configuration.sls
+++ b/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_webshell_configuration.sls
@@ -12,30 +12,17 @@ nginx:
### STREAMS
http:
upstream webshell_upstream:
- - server: 'shell.internal:4200 fail_timeout=10s'
+ - server: '__HOSTNAME_INT__:4200 fail_timeout=10s'
### SITES
servers:
managed:
- arvados_webshell_default:
- enabled: true
- overwrite: true
- config:
- - server:
- - server_name: __HOSTNAME__
- - listen:
- - __WEBSHELL_EXT_SSL_PORT__
- - location /.well-known:
- - root: /var/www
- - location /:
- - return: '301 https://$host$request_uri'
-
arvados_webshell_ssl:
enabled: true
overwrite: true
config:
- server:
- - server_name: __HOSTNAME__
+ - server_name: __HOSTNAME__EXT__
- listen:
- __WEBSHELL_EXT_SSL_PORT__ http2 ssl
- index: index.html index.htm
diff --git a/tools/salt-install/config_examples/single_host/single_hostname/nginx_websocket_configuration.sls b/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_websocket_configuration.sls
similarity index 74%
rename from tools/salt-install/config_examples/single_host/single_hostname/nginx_websocket_configuration.sls
rename to tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_websocket_configuration.sls
index 827524cbe..7c4ff7835 100644
--- a/tools/salt-install/config_examples/single_host/single_hostname/nginx_websocket_configuration.sls
+++ b/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_websocket_configuration.sls
@@ -11,30 +11,16 @@ nginx:
### STREAMS
http:
upstream websocket_upstream:
- - server: 'ws.internal:8005 fail_timeout=10s'
+ - server: '__HOSTNAME_INT__:8005 fail_timeout=10s'
servers:
managed:
- ### DEFAULT
- arvados_websocket_default:
- enabled: true
- overwrite: true
- config:
- - server:
- - server_name: __HOSTNAME__
- - listen:
- - __WEBSOCKET_EXT_SSL_PORT__
- - location /.well-known:
- - root: /var/www
- - location /:
- - return: '301 https://$host$request_uri'
-
arvados_websocket_ssl:
enabled: true
overwrite: true
config:
- server:
- - server_name: __HOSTNAME__
+ - server_name: __HOSTNAME_EXT__
- listen:
- __WEBSOCKET_EXT_SSL_PORT__ http2 ssl
- index: index.html index.htm
diff --git a/tools/salt-install/config_examples/single_host/single_hostname/nginx_workbench2_configuration.sls b/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_workbench2_configuration.sls
similarity index 70%
rename from tools/salt-install/config_examples/single_host/single_hostname/nginx_workbench2_configuration.sls
rename to tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_workbench2_configuration.sls
index 7f90cbc82..f783e523f 100644
--- a/tools/salt-install/config_examples/single_host/single_hostname/nginx_workbench2_configuration.sls
+++ b/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_workbench2_configuration.sls
@@ -13,26 +13,12 @@ nginx:
### SITES
servers:
managed:
- ### DEFAULT
- arvados_workbench2_default:
- enabled: true
- overwrite: true
- config:
- - server:
- - server_name: __HOSTNAME__
- - listen:
- - __WORKBENCH2_EXT_SSL_PORT__
- - location /.well-known:
- - root: /var/www
- - location /:
- - return: '301 https://$host$request_uri'
-
arvados_workbench2_ssl:
enabled: true
overwrite: true
config:
- server:
- - server_name: workbench2.__HOSTNAME__
+ - server_name: __HOSTNAME_EXT__
- listen:
- __WORKBENCH2_EXT_SSL_PORT__ http2 ssl
- index: index.html index.htm
diff --git a/tools/salt-install/config_examples/single_host/single_hostname/nginx_workbench_configuration.sls b/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_workbench_configuration.sls
similarity index 76%
rename from tools/salt-install/config_examples/single_host/single_hostname/nginx_workbench_configuration.sls
rename to tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_workbench_configuration.sls
index 0cbd3e14a..9ed6e3b87 100644
--- a/tools/salt-install/config_examples/single_host/single_hostname/nginx_workbench_configuration.sls
+++ b/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_workbench_configuration.sls
@@ -17,31 +17,17 @@ nginx:
### STREAMS
http:
upstream workbench_upstream:
- - server: 'workbench.internal:9000 fail_timeout=10s'
+ - server: '__HOSTNAME_INT__:9000 fail_timeout=10s'
### SITES
servers:
managed:
- ### DEFAULT
- arvados_workbench_default:
- enabled: true
- overwrite: true
- config:
- - server:
- - server_name: __HOSTNAME__
- - listen:
- - __WORKBENCH_EXT_SSL_PORT__
- - location /.well-known:
- - root: /var/www
- - location /:
- - return: '301 https://$host$request_uri'
-
arvados_workbench_ssl:
enabled: true
overwrite: true
config:
- server:
- - server_name: workbench.__HOSTNAME__
+ - server_name: __HOSTNAME_EXT__
- listen:
- __WORKBENCH1_EXT_SSL_PORT__ http2 ssl
- index: index.html index.htm
@@ -63,7 +49,7 @@ nginx:
overwrite: true
config:
- server:
- - listen: 'workbench.internal:9000'
+ - listen: '__HOSTNAME_INT__:9000'
- server_name: workbench
- root: /var/www/arvados-workbench/current/public
- index: index.html index.htm
diff --git a/tools/salt-install/config_examples/single_host/single_hostname/postgresql.sls b/tools/salt-install/config_examples/single_host/single_hostname/pillars/postgresql.sls
similarity index 100%
rename from tools/salt-install/config_examples/single_host/single_hostname/postgresql.sls
rename to tools/salt-install/config_examples/single_host/single_hostname/pillars/postgresql.sls
diff --git a/tools/salt-install/config_examples/single_host/single_hostname/states/host_entries.sls b/tools/salt-install/config_examples/single_host/single_hostname/states/host_entries.sls
new file mode 100644
index 000000000..7e3957c57
--- /dev/null
+++ b/tools/salt-install/config_examples/single_host/single_hostname/states/host_entries.sls
@@ -0,0 +1,32 @@
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: AGPL-3.0
+
+{%- set curr_tpldir = tpldir %}
+{%- set tpldir = 'arvados' %}
+{%- from "arvados/map.jinja" import arvados with context %}
+{%- set tpldir = curr_tpldir %}
+
+arvados_test_salt_states_examples_single_host_etc_hosts_host_present:
+ host.present:
+ - ip: 127.0.0.2
+ - names:
+ - {{ arvados.cluster.name }}.{{ arvados.cluster.domain }}
+ # FIXME! This just works for our testings.
+ # Won't work if the cluster name != host name
+ {%- for entry in [
+ 'api',
+ 'collections',
+ 'controller',
+ 'download',
+ 'keep',
+ 'keepweb',
+ 'keep0',
+ 'shell',
+ 'workbench',
+ 'workbench2',
+ 'ws',
+ ]
+ %}
+ - {{ entry }}
+ {%- endfor %}
diff --git a/tools/salt-install/config_examples/single_host/single_hostname/states/snakeoil_certs.sls b/tools/salt-install/config_examples/single_host/single_hostname/states/snakeoil_certs.sls
new file mode 100644
index 000000000..375cc84eb
--- /dev/null
+++ b/tools/salt-install/config_examples/single_host/single_hostname/states/snakeoil_certs.sls
@@ -0,0 +1,156 @@
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: AGPL-3.0
+
+{%- set curr_tpldir = tpldir %}
+{%- set tpldir = 'arvados' %}
+{%- from "arvados/map.jinja" import arvados with context %}
+{%- set tpldir = curr_tpldir %}
+
+include:
+ - nginx.service
+
+{%- set arvados_ca_cert_file = '/etc/ssl/certs/arvados-snakeoil-ca.pem' %}
+{%- set arvados_ca_key_file = '/etc/ssl/private/arvados-snakeoil-ca.key' %}
+{%- set arvados_cert_file = '/etc/ssl/certs/arvados-snakeoil-cert.pem' %}
+{%- set arvados_csr_file = '/etc/ssl/private/arvados-snakeoil-cert.csr' %}
+{%- set arvados_key_file = '/etc/ssl/private/arvados-snakeoil-cert.key' %}
+
+{%- if grains.get('os_family') == 'Debian' %}
+ {%- set arvados_ca_cert_dest = '/usr/local/share/ca-certificates/arvados-snakeoil-ca.crt' %}
+ {%- set update_ca_cert = '/usr/sbin/update-ca-certificates' %}
+ {%- set openssl_conf = '/etc/ssl/openssl.cnf' %}
+{%- else %}
+ {%- set arvados_ca_cert_dest = '/etc/pki/ca-trust/source/anchors/arvados-snakeoil-ca.pem' %}
+ {%- set update_ca_cert = '/usr/bin/update-ca-trust' %}
+ {%- set openssl_conf = '/etc/pki/tls/openssl.cnf' %}
+{%- endif %}
+
+arvados_test_salt_states_examples_single_host_snakeoil_certs_dependencies_pkg_installed:
+ pkg.installed:
+ - pkgs:
+ - openssl
+ - ca-certificates
+
+arvados_test_salt_states_examples_single_host_snakeoil_certs_arvados_snake_oil_ca_cmd_run:
+ # Taken from https://github.com/arvados/arvados/blob/master/tools/arvbox/lib/arvbox/docker/service/certificate/run
+ cmd.run:
+ - name: |
+ # These dirs are not to CentOS-ish, but this is a helper script
+ # and they should be enough
+ mkdir -p /etc/ssl/certs/ /etc/ssl/private/ && \
+ openssl req \
+ -new \
+ -nodes \
+ -sha256 \
+ -x509 \
+ -subj "/C=CC/ST=Some State/O=Arvados Formula/OU=arvados-formula/CN=snakeoil-ca-{{ arvados.cluster.name }}.{{ arvados.cluster.domain }}" \
+ -extensions x509_ext \
+ -config <(cat {{ openssl_conf }} \
+ <(printf "\n[x509_ext]\nbasicConstraints=critical,CA:true,pathlen:0\nkeyUsage=critical,keyCertSign,cRLSign")) \
+ -out {{ arvados_ca_cert_file }} \
+ -keyout {{ arvados_ca_key_file }} \
+ -days 365 && \
+ cp {{ arvados_ca_cert_file }} {{ arvados_ca_cert_dest }} && \
+ {{ update_ca_cert }}
+ - unless:
+ - test -f {{ arvados_ca_cert_file }}
+ - openssl verify -CAfile {{ arvados_ca_cert_file }} {{ arvados_ca_cert_file }}
+ - require:
+ - pkg: arvados_test_salt_states_examples_single_host_snakeoil_certs_dependencies_pkg_installed
+
+arvados_test_salt_states_examples_single_host_snakeoil_certs_arvados_snake_oil_cert_cmd_run:
+ cmd.run:
+ - name: |
+ cat > /tmp/openssl.cnf <<-CNF
+ [req]
+ default_bits = 2048
+ prompt = no
+ default_md = sha256
+ req_extensions = rext
+ distinguished_name = dn
+ [dn]
+ C = CC
+ ST = Some State
+ L = Some Location
+ O = Arvados Formula
+ OU = arvados-formula
+ CN = {{ arvados.cluster.name }}.{{ arvados.cluster.domain }}
+ emailAddress = admin@{{ arvados.cluster.name }}.{{ arvados.cluster.domain }}
+ [rext]
+ subjectAltName = @alt_names
+ [alt_names]
+ {%- for entry in grains.get('ipv4') %}
+ IP.{{ loop.index }} = {{ entry }}
+ {%- endfor %}
+ {%- for entry in [
+ 'keep',
+ 'collections',
+ 'download',
+ 'keepweb',
+ 'ws',
+ 'workbench',
+ 'workbench2',
+ ]
+ %}
+ DNS.{{ loop.index }} = {{ entry }}
+ {%- endfor %}
+ DNS.8 = {{ arvados.cluster.name }}.{{ arvados.cluster.domain }}
+ DNS.9 = '__HOSTNAME_EXT__'
+ DNS.10 = '__HOSTNAME_INT__'
+ CNF
+
+ # The req
+ openssl req \
+ -config /tmp/openssl.cnf \
+ -new \
+ -nodes \
+ -sha256 \
+ -out {{ arvados_csr_file }} \
+ -keyout {{ arvados_key_file }} > /tmp/snake_oil_certs.output 2>&1 && \
+ # The cert
+ openssl x509 \
+ -req \
+ -days 365 \
+ -in {{ arvados_csr_file }} \
+ -out {{ arvados_cert_file }} \
+ -extfile /tmp/openssl.cnf \
+ -extensions rext \
+ -CA {{ arvados_ca_cert_file }} \
+ -CAkey {{ arvados_ca_key_file }} \
+ -set_serial $(date +%s) && \
+ chmod 0644 {{ arvados_cert_file }} && \
+ chmod 0640 {{ arvados_key_file }}
+ - unless:
+ - test -f {{ arvados_key_file }}
+ - openssl verify -CAfile {{ arvados_ca_cert_file }} {{ arvados_cert_file }}
+ - require:
+ - pkg: arvados_test_salt_states_examples_single_host_snakeoil_certs_dependencies_pkg_installed
+ - cmd: arvados_test_salt_states_examples_single_host_snakeoil_certs_arvados_snake_oil_ca_cmd_run
+
+{%- if grains.get('os_family') == 'Debian' %}
+arvados_test_salt_states_examples_single_host_snakeoil_certs_ssl_cert_pkg_installed:
+ pkg.installed:
+ - name: ssl-cert
+ - require_in:
+ - sls: postgres
+
+arvados_test_salt_states_examples_single_host_snakeoil_certs_certs_permissions_cmd_run:
+ cmd.run:
+ - name: |
+ chown root:ssl-cert {{ arvados_key_file }}
+ - require:
+ - cmd: arvados_test_salt_states_examples_single_host_snakeoil_certs_arvados_snake_oil_cert_cmd_run
+ - pkg: arvados_test_salt_states_examples_single_host_snakeoil_certs_ssl_cert_pkg_installed
+{%- endif %}
+
+arvados_test_salt_states_examples_single_host_snakeoil_certs_nginx_snakeoil_file_managed:
+ file.managed:
+ - name: /etc/nginx/snippets/arvados-snakeoil.conf
+ - contents: |
+ ssl_certificate {{ arvados_cert_file }};
+ ssl_certificate_key {{ arvados_key_file }};
+ - watch_in:
+ - service: nginx_service
+
+
diff --git a/tools/salt-install/local.params.example b/tools/salt-install/local.params.example
index a88301b2a..bd9b1c411 100644
--- a/tools/salt-install/local.params.example
+++ b/tools/salt-install/local.params.example
@@ -13,9 +13,11 @@ DOMAIN="some.domain"
# When setting the cluster in a single host, you can use a single hostname
# to access all the instances. When using virtualization (ie AWS), this should be
-# the EXTERNAL hostname for the instance.
+# the EXTERNAL/PUBLIC hostname for the instance.
# If empty, the INTERNAL HOST IP will be used
-HOSTNAME=""
+HOSTNAME_EXT=""
+# The internal hostname for the host
+HOSTNAME_INT="127.0.1.1"
CONTROLLER_EXT_SSL_PORT=8000
KEEP_EXT_SSL_PORT=25101
# Both for collections and downloads
@@ -32,6 +34,14 @@ INITIAL_USER="admin"
INITIAL_USER_EMAIL="admin at fixme.localdomain"
INITIAL_USER_PASSWORD="password"
+# YOU SHOULD CHANGE THESE TO SOME RANDOM STRINGS
+BLOB_SIGNING_KEY=blobsigningkeymushaveatleast32characters
+MANAGEMENT_TOKEN=managementtokenmushaveatleast32characters
+SYSTEM_ROOT_TOKEN=systemroottokenmushaveatleast32characters
+RAILS_SECRET_TOKEN=railssecrettokenmushaveatleast32characters
+ANONYMOUS_USER_TOKEN=anonymoususertokenmushaveatleast32characters
+WORKBENCH_SECRET_KEY=workbenchsecretkeymushaveatleast32characters
+
# The example config files you want to use. There are a few examples
# under 'config_examples'
CONFIG_DIR="config_examples/single_host/single_hostname"
diff --git a/tools/salt-install/provision.sh b/tools/salt-install/provision.sh
index f3df4109a..facb2e88e 100755
--- a/tools/salt-install/provision.sh
+++ b/tools/salt-install/provision.sh
@@ -107,7 +107,8 @@ TESTS_DIR="tests"
CLUSTER=""
DOMAIN=""
-HOSTNAME=""
+HOSTNAME_EXT=""
+HOSTNAME_INT="127.0.1.1"
INITIAL_USER=""
INITIAL_USER_EMAIL=""
INITIAL_USER_PASSWORD=""
@@ -229,14 +230,16 @@ if [ "x${BRANCH}" != "x" ]; then
fi
if [ "x${VAGRANT}" = "xyes" ]; then
- SOURCE_PILLARS_DIR="/vagrant/${CONFIG_DIR}"
+ SOURCE_PILLARS_DIR="/vagrant/${CONFIG_DIR}/pillars"
+ SOURCE_STATES_DIR="/vagrant/${CONFIG_DIR}/states"
TESTS_DIR="/vagrant/${TESTS_DIR}"
else
- SOURCE_PILLARS_DIR="${SCRIPT_DIR}/${CONFIG_DIR}"
+ SOURCE_PILLARS_DIR="${SCRIPT_DIR}/${CONFIG_DIR}/pillars"
+ SOURCE_STATES_DIR="${SCRIPT_DIR}/${CONFIG_DIR}/states"
TESTS_DIR="${SCRIPT_DIR}/${TESTS_DIR}"
fi
-# Replace cluster and domain name in the example pillars and test files
+# Replace cluster and domain name in the example pillars
for f in "${SOURCE_PILLARS_DIR}"/*; do
sed "s/__CLUSTER__/${CLUSTER}/g;
s/__DOMAIN__/${DOMAIN}/g;
@@ -244,25 +247,35 @@ for f in "${SOURCE_PILLARS_DIR}"/*; do
s/__CONTROLLER_EXT_SSL_PORT__/${CONTROLLER_EXT_SSL_PORT}/g;
s/__KEEP_EXT_SSL_PORT__/${KEEP_EXT_SSL_PORT}/g;
s/__WEBSHELL_EXT_SSL_PORT__/${WEBSHELL_EXT_SSL_PORT}/g;
- s/__WORKBENCH1_EXT__SSL_PORT__/${WORKBENCH1_EXT__SSL_PORT}/g;
- s/__WORKBENCH2_EXT__SSL_PORT__/${WORKBENCH2_EXT__SSL_PORT}/g;
+ s/__WORKBENCH1_EXT_SSL_PORT__/${WORKBENCH1_EXT_SSL_PORT}/g;
+ s/__WORKBENCH2_EXT_SSL_PORT__/${WORKBENCH2_EXT_SSL_PORT}/g;
s/__WEBSOCKET_EXT_SSL_PORT__/${WEBSOCKET_EXT_SSL_PORT}/g;
- s/__HOSTNAME__/${HOSTNAME}/g;
+ s/__HOSTNAME_EXT__/${HOSTNAME_EXT}/g;
+ s/__HOSTNAME_INT__/${HOSTNAME_INT}/g;
s/__KEEPWEB_EXT_SSL_PORT__/${KEEPWEB_EXT_SSL_PORT}/g;
s/__HOST_SSL_PORT__/${HOST_SSL_PORT}/g;
s/__INITIAL_USER__/${INITIAL_USER}/g;
s/__INITIAL_USER_EMAIL__/${INITIAL_USER_EMAIL}/g;
s/__INITIAL_USER_PASSWORD__/${INITIAL_USER_PASSWORD}/g;
+ s/__BLOB_SIGNING_KEY__/${BLOB_SIGNING_KEY}/g;
+ s/__MANAGEMENT_TOKEN__/${MANAGEMENT_TOKEN}/g;
+ s/__SYSTEM_ROOT_TOKEN__/${SYSTEM_ROOT_TOKEN}/g;
+ s/__RAILS_SECRET_TOKEN__/${RAILS_SECRET_TOKEN}/g;
+ s/__ANONYMOUS_USER_TOKEN__/${ANONYMOUS_USER_TOKEN}/g;
+ s/__WORKBENCH_SECRET_KEY__/${WORKBENCH_SECRET_KEY}/g;
s/__VERSION__/${VERSION}/g" \
"${f}" > "${P_DIR}"/$(basename "${f}")
done
mkdir -p /tmp/cluster_tests
-# Replace cluster and domain name in the example pillars and test files
+# Replace cluster and domain name in the test files
for f in "${TESTS_DIR}"/*; do
sed "s/__CLUSTER__/${CLUSTER}/g;
s/__DOMAIN__/${DOMAIN}/g;
+ s/__HOSTNAME_INT__/${HOSTNAME_INT}/g;
s/__HOST_SSL_PORT__/${HOST_SSL_PORT}/g;
+ s/__CONTROLLER_EXT_SSL_PORT__/${CONTROLLER_EXT_SSL_PORT}/g;
+ s/__SYSTEM_ROOT_TOKEN__/${SYSTEM_ROOT_TOKEN}/g;
s/__INITIAL_USER__/${INITIAL_USER}/g;
s/__INITIAL_USER_EMAIL__/${INITIAL_USER_EMAIL}/g;
s/__INITIAL_USER_PASSWORD__/${INITIAL_USER_PASSWORD}/g" \
@@ -270,6 +283,34 @@ for f in "${TESTS_DIR}"/*; do
done
chmod 755 /tmp/cluster_tests/run-test.sh
+# Replace helper state files that differ from the formula's examples
+for f in "${SOURCE_STATES_DIR}"/*; do
+ sed "s/__CLUSTER__/${CLUSTER}/g;
+ s/__DOMAIN__/${DOMAIN}/g;
+ s/__RELEASE__/${RELEASE}/g;
+ s/__CONTROLLER_EXT_SSL_PORT__/${CONTROLLER_EXT_SSL_PORT}/g;
+ s/__KEEP_EXT_SSL_PORT__/${KEEP_EXT_SSL_PORT}/g;
+ s/__WEBSHELL_EXT_SSL_PORT__/${WEBSHELL_EXT_SSL_PORT}/g;
+ s/__WORKBENCH1_EXT_SSL_PORT__/${WORKBENCH1_EXT_SSL_PORT}/g;
+ s/__WORKBENCH2_EXT_SSL_PORT__/${WORKBENCH2_EXT_SSL_PORT}/g;
+ s/__WEBSOCKET_EXT_SSL_PORT__/${WEBSOCKET_EXT_SSL_PORT}/g;
+ s/__HOSTNAME_EXT__/${HOSTNAME_EXT}/g;
+ s/__HOSTNAME_INT__/${HOSTNAME_INT}/g;
+ s/__KEEPWEB_EXT_SSL_PORT__/${KEEPWEB_EXT_SSL_PORT}/g;
+ s/__HOST_SSL_PORT__/${HOST_SSL_PORT}/g;
+ s/__INITIAL_USER__/${INITIAL_USER}/g;
+ s/__INITIAL_USER_EMAIL__/${INITIAL_USER_EMAIL}/g;
+ s/__INITIAL_USER_PASSWORD__/${INITIAL_USER_PASSWORD}/g;
+ s/__BLOB_SIGNING_KEY__/${BLOB_SIGNING_KEY}/g;
+ s/__MANAGEMENT_TOKEN__/${MANAGEMENT_TOKEN}/g;
+ s/__SYSTEM_ROOT_TOKEN__/${SYSTEM_ROOT_TOKEN}/g;
+ s/__RAILS_SECRET_TOKEN__/${RAILS_SECRET_TOKEN}/g;
+ s/__ANONYMOUS_USER_TOKEN__/${ANONYMOUS_USER_TOKEN}/g;
+ s/__WORKBENCH_SECRET_KEY__/${WORKBENCH_SECRET_KEY}/g;
+ s/__VERSION__/${VERSION}/g" \
+ "${f}" > "${F_DIR}"/arvados-formula/test/salt/states/examples/single_host/$(basename "${f}")
+done
+
# FIXME! #16992 Temporary fix for psql call in arvados-api-server
if [ -e /root/.psqlrc ]; then
if ! ( grep 'pset pager off' /root/.psqlrc ); then
diff --git a/tools/salt-install/tests/run-test.sh b/tools/salt-install/tests/run-test.sh
index 8d9de6fdf..16ee2851e 100755
--- a/tools/salt-install/tests/run-test.sh
+++ b/tools/salt-install/tests/run-test.sh
@@ -3,8 +3,8 @@
#
# SPDX-License-Identifier: Apache-2.0
-export ARVADOS_API_TOKEN=changemesystemroottoken
-export ARVADOS_API_HOST=__CLUSTER__.__DOMAIN__:__HOST_SSL_PORT__
+export ARVADOS_API_TOKEN=__SYSTEM_ROOT_TOKEN__
+export ARVADOS_API_HOST=__HOSTNAME_INT__:__CONTROLLER_EXT_SSL_PORT__
export ARVADOS_API_HOST_INSECURE=true
set -o pipefail
commit 2a662b839254ff1ba35641834e4546c013aba2bd
Author: Javier Bértoli <jbertoli at curii.com>
Date: Tue Jan 26 08:58:07 2021 -0300
feat(provision): refactor to add other setup examples
refs #17246
Arvados-DCO-1.1-Signed-off-by: Javier Bértoli <jbertoli at curii.com>
diff --git a/tools/salt-install/config_examples/single_host/multiple_hostnames/README.md b/tools/salt-install/config_examples/single_host/multiple_hostnames/README.md
new file mode 100644
index 000000000..17ca89a9f
--- /dev/null
+++ b/tools/salt-install/config_examples/single_host/multiple_hostnames/README.md
@@ -0,0 +1,20 @@
+Single host with multiple hostnames
+===================================
+
+These files let you setup Arvados on a single host using different hostnames
+for each of its components nginx's virtualhosts.
+
+The hostnames are composed after the variables "CLUSTER" and "DOMAIN" set in
+the `local.params` file.
+
+The virtual hosts' hostnames that will be used are:
+
+* CLUSTER.DOMAIN
+* collections.CLUSTER.DOMAIN
+* download.CLUSTER.DOMAIN
+* keep.CLUSTER.DOMAIN
+* keep0.CLUSTER.DOMAIN
+* webshell.CLUSTER.DOMAIN
+* workbench.CLUSTER.DOMAIN
+* workbench2.CLUSTER.DOMAIN
+* ws.CLUSTER.DOMAIN
diff --git a/tools/salt-install/single_host/arvados.sls b/tools/salt-install/config_examples/single_host/multiple_hostnames/arvados.sls
similarity index 78%
copy from tools/salt-install/single_host/arvados.sls
copy to tools/salt-install/config_examples/single_host/multiple_hostnames/arvados.sls
index a06244270..4aa4735d8 100644
--- a/tools/salt-install/single_host/arvados.sls
+++ b/tools/salt-install/config_examples/single_host/multiple_hostnames/arvados.sls
@@ -107,7 +107,7 @@ arvados:
# <cluster>-nyw5e-<volume>
__CLUSTER__-nyw5e-000000000000000:
AccessViaHosts:
- http://keep0.__CLUSTER__.__DOMAIN__:25107:
+ 'http://keep0.__CLUSTER__.__DOMAIN__:25107':
ReadOnly: false
Replication: 2
Driver: Directory
@@ -122,38 +122,38 @@ arvados:
Services:
Controller:
- ExternalURL: https://__CLUSTER__.__DOMAIN__:__HOST_SSL_PORT__
+ ExternalURL: 'https://__CLUSTER__.__DOMAIN__:__HOST_SSL_PORT__'
InternalURLs:
- http://controller.internal:8003: {}
+ 'http://controller.internal:8003': {}
DispatchCloud:
InternalURLs:
- http://__CLUSTER__.__DOMAIN__:9006: {}
+ 'http://__CLUSTER__.__DOMAIN__:9006': {}
Keepbalance:
InternalURLs:
- http://__CLUSTER__.__DOMAIN__:9005: {}
+ 'http://__CLUSTER__.__DOMAIN__:9005': {}
Keepproxy:
- ExternalURL: https://keep.__CLUSTER__.__DOMAIN__:__HOST_SSL_PORT__
+ ExternalURL: 'https://keep.__CLUSTER__.__DOMAIN__:__HOST_SSL_PORT__'
InternalURLs:
- http://keep.internal:25100: {}
+ 'http://keep.internal:25100': {}
Keepstore:
InternalURLs:
- http://keep0.__CLUSTER__.__DOMAIN__:25107: {}
+ 'http://keep0.__CLUSTER__.__DOMAIN__:25107': {}
RailsAPI:
InternalURLs:
- http://api.internal:8004: {}
+ 'http://api.internal:8004': {}
WebDAV:
- ExternalURL: https://collections.__CLUSTER__.__DOMAIN__:__HOST_SSL_PORT__
+ ExternalURL: 'https://collections.__CLUSTER__.__DOMAIN__:__HOST_SSL_PORT__'
InternalURLs:
- http://collections.internal:9002: {}
+ 'http://collections.internal:9002': {}
WebDAVDownload:
- ExternalURL: https://download.__CLUSTER__.__DOMAIN__:__HOST_SSL_PORT__
+ ExternalURL: 'https://download.__CLUSTER__.__DOMAIN__:__HOST_SSL_PORT__'
WebShell:
- ExternalURL: https://webshell.__CLUSTER__.__DOMAIN__:__HOST_SSL_PORT__
+ ExternalURL: 'https://webshell.__CLUSTER__.__DOMAIN__:__HOST_SSL_PORT__'
Websocket:
- ExternalURL: wss://ws.__CLUSTER__.__DOMAIN__/websocket
+ ExternalURL: 'wss://ws.__CLUSTER__.__DOMAIN__/websocket'
InternalURLs:
- http://ws.internal:8005: {}
+ 'http://ws.internal:8005': {}
Workbench1:
- ExternalURL: https://workbench.__CLUSTER__.__DOMAIN__:__HOST_SSL_PORT__
+ ExternalURL: 'https://workbench.__CLUSTER__.__DOMAIN__:__HOST_SSL_PORT__'
Workbench2:
- ExternalURL: https://workbench2.__CLUSTER__.__DOMAIN__:__HOST_SSL_PORT__
+ ExternalURL: 'https://workbench2.__CLUSTER__.__DOMAIN__:__HOST_SSL_PORT__'
diff --git a/tools/salt-install/single_host/docker.sls b/tools/salt-install/config_examples/single_host/multiple_hostnames/docker.sls
similarity index 100%
copy from tools/salt-install/single_host/docker.sls
copy to tools/salt-install/config_examples/single_host/multiple_hostnames/docker.sls
diff --git a/tools/salt-install/single_host/locale.sls b/tools/salt-install/config_examples/single_host/multiple_hostnames/locale.sls
similarity index 100%
copy from tools/salt-install/single_host/locale.sls
copy to tools/salt-install/config_examples/single_host/multiple_hostnames/locale.sls
diff --git a/tools/salt-install/single_host/nginx_api_configuration.sls b/tools/salt-install/config_examples/single_host/multiple_hostnames/nginx_api_configuration.sls
similarity index 100%
copy from tools/salt-install/single_host/nginx_api_configuration.sls
copy to tools/salt-install/config_examples/single_host/multiple_hostnames/nginx_api_configuration.sls
diff --git a/tools/salt-install/single_host/nginx_controller_configuration.sls b/tools/salt-install/config_examples/single_host/multiple_hostnames/nginx_controller_configuration.sls
similarity index 100%
copy from tools/salt-install/single_host/nginx_controller_configuration.sls
copy to tools/salt-install/config_examples/single_host/multiple_hostnames/nginx_controller_configuration.sls
diff --git a/tools/salt-install/single_host/nginx_keepproxy_configuration.sls b/tools/salt-install/config_examples/single_host/multiple_hostnames/nginx_keepproxy_configuration.sls
similarity index 100%
copy from tools/salt-install/single_host/nginx_keepproxy_configuration.sls
copy to tools/salt-install/config_examples/single_host/multiple_hostnames/nginx_keepproxy_configuration.sls
diff --git a/tools/salt-install/single_host/nginx_keepweb_configuration.sls b/tools/salt-install/config_examples/single_host/multiple_hostnames/nginx_keepweb_configuration.sls
similarity index 100%
copy from tools/salt-install/single_host/nginx_keepweb_configuration.sls
copy to tools/salt-install/config_examples/single_host/multiple_hostnames/nginx_keepweb_configuration.sls
diff --git a/tools/salt-install/single_host/nginx_passenger.sls b/tools/salt-install/config_examples/single_host/multiple_hostnames/nginx_passenger.sls
similarity index 100%
copy from tools/salt-install/single_host/nginx_passenger.sls
copy to tools/salt-install/config_examples/single_host/multiple_hostnames/nginx_passenger.sls
diff --git a/tools/salt-install/single_host/nginx_webshell_configuration.sls b/tools/salt-install/config_examples/single_host/multiple_hostnames/nginx_webshell_configuration.sls
similarity index 100%
copy from tools/salt-install/single_host/nginx_webshell_configuration.sls
copy to tools/salt-install/config_examples/single_host/multiple_hostnames/nginx_webshell_configuration.sls
diff --git a/tools/salt-install/single_host/nginx_websocket_configuration.sls b/tools/salt-install/config_examples/single_host/multiple_hostnames/nginx_websocket_configuration.sls
similarity index 100%
copy from tools/salt-install/single_host/nginx_websocket_configuration.sls
copy to tools/salt-install/config_examples/single_host/multiple_hostnames/nginx_websocket_configuration.sls
diff --git a/tools/salt-install/single_host/nginx_workbench2_configuration.sls b/tools/salt-install/config_examples/single_host/multiple_hostnames/nginx_workbench2_configuration.sls
similarity index 100%
copy from tools/salt-install/single_host/nginx_workbench2_configuration.sls
copy to tools/salt-install/config_examples/single_host/multiple_hostnames/nginx_workbench2_configuration.sls
diff --git a/tools/salt-install/single_host/nginx_workbench_configuration.sls b/tools/salt-install/config_examples/single_host/multiple_hostnames/nginx_workbench_configuration.sls
similarity index 100%
copy from tools/salt-install/single_host/nginx_workbench_configuration.sls
copy to tools/salt-install/config_examples/single_host/multiple_hostnames/nginx_workbench_configuration.sls
diff --git a/tools/salt-install/single_host/postgresql.sls b/tools/salt-install/config_examples/single_host/multiple_hostnames/postgresql.sls
similarity index 100%
copy from tools/salt-install/single_host/postgresql.sls
copy to tools/salt-install/config_examples/single_host/multiple_hostnames/postgresql.sls
diff --git a/tools/salt-install/config_examples/single_host/single_hostname/README.md b/tools/salt-install/config_examples/single_host/single_hostname/README.md
new file mode 100644
index 000000000..9c7ab96c3
--- /dev/null
+++ b/tools/salt-install/config_examples/single_host/single_hostname/README.md
@@ -0,0 +1,23 @@
+Single host with a single hostname
+==================================
+
+These files let you setup Arvados on a single host using a single hostname
+for all of its components nginx's virtualhosts.
+
+The hostname MUST be given in the `local.params` file. The script won't try
+to guess it because, depending on the network architecture where you're
+installing Arvados, things might not work as expected.
+
+The services will be available on the same hostname but different ports,
+which can be given on the `local.params` file or will default to the following
+values:
+
+* CLUSTER.DOMAIN
+* collections
+* download
+* keep
+* keep0
+* webshell
+* workbench
+* workbench2
+* ws
diff --git a/tools/salt-install/single_host/arvados.sls b/tools/salt-install/config_examples/single_host/single_hostname/arvados.sls
similarity index 78%
rename from tools/salt-install/single_host/arvados.sls
rename to tools/salt-install/config_examples/single_host/single_hostname/arvados.sls
index a06244270..e5e458665 100644
--- a/tools/salt-install/single_host/arvados.sls
+++ b/tools/salt-install/config_examples/single_host/single_hostname/arvados.sls
@@ -107,7 +107,7 @@ arvados:
# <cluster>-nyw5e-<volume>
__CLUSTER__-nyw5e-000000000000000:
AccessViaHosts:
- http://keep0.__CLUSTER__.__DOMAIN__:25107:
+ 'http://__HOSTNAME__:25107':
ReadOnly: false
Replication: 2
Driver: Directory
@@ -122,38 +122,38 @@ arvados:
Services:
Controller:
- ExternalURL: https://__CLUSTER__.__DOMAIN__:__HOST_SSL_PORT__
+ ExternalURL: 'https://__HOSTNAME__:__CONTROLLER_EXT_SSL_PORT__'
InternalURLs:
- http://controller.internal:8003: {}
+ 'http://controller.internal:8003': {}
DispatchCloud:
InternalURLs:
- http://__CLUSTER__.__DOMAIN__:9006: {}
+ 'http://__HOSTNAME__:9006': {}
Keepbalance:
InternalURLs:
- http://__CLUSTER__.__DOMAIN__:9005: {}
+ 'http://__HOSTNAME__:9005': {}
Keepproxy:
- ExternalURL: https://keep.__CLUSTER__.__DOMAIN__:__HOST_SSL_PORT__
+ ExternalURL: 'https://__HOSTNAME__:__KEEP_EXT_SSL_PORT__'
InternalURLs:
- http://keep.internal:25100: {}
+ 'http://keep.internal:25100': {}
Keepstore:
InternalURLs:
- http://keep0.__CLUSTER__.__DOMAIN__:25107: {}
+ 'http://keep0.internal:25107': {}
RailsAPI:
InternalURLs:
- http://api.internal:8004: {}
+ 'http://api.internal:8004': {}
WebDAV:
- ExternalURL: https://collections.__CLUSTER__.__DOMAIN__:__HOST_SSL_PORT__
+ ExternalURL: 'https://__HOSTNAME__:__KEEPWEB_EXT_SSL_PORT__'
InternalURLs:
- http://collections.internal:9002: {}
+ 'http://collections.internal:9002': {}
WebDAVDownload:
- ExternalURL: https://download.__CLUSTER__.__DOMAIN__:__HOST_SSL_PORT__
+ ExternalURL: 'https://__HOSTNAME__:__KEEPWEB_EXT_SSL_PORT__'
WebShell:
- ExternalURL: https://webshell.__CLUSTER__.__DOMAIN__:__HOST_SSL_PORT__
+ ExternalURL: 'https://__HOSTNAME__:__WEBSHELL_EXT_SSL_PORT__'
Websocket:
- ExternalURL: wss://ws.__CLUSTER__.__DOMAIN__/websocket
+ ExternalURL: 'wss://__HOSTNAME__:__WEBSOCKET_EXT_SSL_PORT__/websocket'
InternalURLs:
- http://ws.internal:8005: {}
+ 'http://ws.internal:8005': {}
Workbench1:
- ExternalURL: https://workbench.__CLUSTER__.__DOMAIN__:__HOST_SSL_PORT__
+ ExternalURL: 'https://__HOSTNAME__:__WORKBENCH1_EXT_SSL_PORT__'
Workbench2:
- ExternalURL: https://workbench2.__CLUSTER__.__DOMAIN__:__HOST_SSL_PORT__
+ ExternalURL: 'https://__HOSTNAME__:__WORKBENCH2_EXT_SSL_PORT__'
diff --git a/tools/salt-install/single_host/docker.sls b/tools/salt-install/config_examples/single_host/single_hostname/docker.sls
similarity index 100%
rename from tools/salt-install/single_host/docker.sls
rename to tools/salt-install/config_examples/single_host/single_hostname/docker.sls
diff --git a/tools/salt-install/single_host/locale.sls b/tools/salt-install/config_examples/single_host/single_hostname/locale.sls
similarity index 100%
rename from tools/salt-install/single_host/locale.sls
rename to tools/salt-install/config_examples/single_host/single_hostname/locale.sls
diff --git a/tools/salt-install/single_host/nginx_api_configuration.sls b/tools/salt-install/config_examples/single_host/single_hostname/nginx_api_configuration.sls
similarity index 100%
rename from tools/salt-install/single_host/nginx_api_configuration.sls
rename to tools/salt-install/config_examples/single_host/single_hostname/nginx_api_configuration.sls
diff --git a/tools/salt-install/single_host/nginx_controller_configuration.sls b/tools/salt-install/config_examples/single_host/single_hostname/nginx_controller_configuration.sls
similarity index 92%
rename from tools/salt-install/single_host/nginx_controller_configuration.sls
rename to tools/salt-install/config_examples/single_host/single_hostname/nginx_controller_configuration.sls
index 00c3b3a13..2eb33b835 100644
--- a/tools/salt-install/single_host/nginx_controller_configuration.sls
+++ b/tools/salt-install/config_examples/single_host/single_hostname/nginx_controller_configuration.sls
@@ -25,7 +25,7 @@ nginx:
overwrite: true
config:
- server:
- - server_name: __CLUSTER__.__DOMAIN__
+ - server_name: __HOSTNAME__
- listen:
- 80 default
- location /.well-known:
@@ -38,9 +38,9 @@ nginx:
overwrite: true
config:
- server:
- - server_name: __CLUSTER__.__DOMAIN__
+ - server_name: __HOSTNAME__
- listen:
- - __HOST_SSL_PORT__ http2 ssl
+ - __CONTROLLER_EXT_SSL_PORT__ http2 ssl
- index: index.html index.htm
- location /:
- proxy_pass: 'http://controller_upstream'
diff --git a/tools/salt-install/single_host/nginx_keepproxy_configuration.sls b/tools/salt-install/config_examples/single_host/single_hostname/nginx_keepproxy_configuration.sls
similarity index 90%
rename from tools/salt-install/single_host/nginx_keepproxy_configuration.sls
rename to tools/salt-install/config_examples/single_host/single_hostname/nginx_keepproxy_configuration.sls
index 6554f79a7..b26de2710 100644
--- a/tools/salt-install/single_host/nginx_keepproxy_configuration.sls
+++ b/tools/salt-install/config_examples/single_host/single_hostname/nginx_keepproxy_configuration.sls
@@ -21,9 +21,9 @@ nginx:
overwrite: true
config:
- server:
- - server_name: keep.__CLUSTER__.__DOMAIN__
+ - server_name: __HOSTNAME__
- listen:
- - 80
+ - __KEEP_EXT_SSL_PORT__
- location /.well-known:
- root: /var/www
- location /:
@@ -34,9 +34,9 @@ nginx:
overwrite: true
config:
- server:
- - server_name: keep.__CLUSTER__.__DOMAIN__
+ - server_name: __HOSTNAME__
- listen:
- - __HOST_SSL_PORT__ http2 ssl
+ - __KEEP_EXT_SSL_PORT__ http2 ssl
- index: index.html index.htm
- location /:
- proxy_pass: 'http://keepproxy_upstream'
diff --git a/tools/salt-install/single_host/nginx_keepweb_configuration.sls b/tools/salt-install/config_examples/single_host/single_hostname/nginx_keepweb_configuration.sls
similarity index 77%
rename from tools/salt-install/single_host/nginx_keepweb_configuration.sls
rename to tools/salt-install/config_examples/single_host/single_hostname/nginx_keepweb_configuration.sls
index cc871b9da..98a3cdf94 100644
--- a/tools/salt-install/single_host/nginx_keepweb_configuration.sls
+++ b/tools/salt-install/config_examples/single_host/single_hostname/nginx_keepweb_configuration.sls
@@ -15,15 +15,15 @@ nginx:
servers:
managed:
- ### DEFAULT
+ ### COLLECTIONS / DOWNLOAD
arvados_collections_download_default:
enabled: true
overwrite: true
config:
- server:
- - server_name: collections.__CLUSTER__.__DOMAIN__ download.__CLUSTER__.__DOMAIN__
+ - server_name: __HOSTNAME__
- listen:
- - 80
+ - __KEEPWEB_EXT_SSL_PORT__
- location /.well-known:
- root: /var/www
- location /:
@@ -35,9 +35,9 @@ nginx:
overwrite: true
config:
- server:
- - server_name: collections.__CLUSTER__.__DOMAIN__ download.__CLUSTER__.__DOMAIN__
+ - server_name: __HOSTNAME__
- listen:
- - __HOST_SSL_PORT__ http2 ssl
+ - __KEEPWEB_EXT_SSL_PORT__ http2 ssl
- index: index.html index.htm
- location /:
- proxy_pass: 'http://collections_downloads_upstream'
@@ -53,5 +53,5 @@ nginx:
- proxy_http_version: '1.1'
- proxy_request_buffering: 'off'
- include: 'snippets/arvados-snakeoil.conf'
- - access_log: /var/log/nginx/collections.__CLUSTER__.__DOMAIN__.access.log combined
- - error_log: /var/log/nginx/collections.__CLUSTER__.__DOMAIN__.error.log
+ - access_log: /var/log/nginx/keepweb.__CLUSTER__.__DOMAIN__.access.log combined
+ - error_log: /var/log/nginx/keepweb.__CLUSTER__.__DOMAIN__.error.log
diff --git a/tools/salt-install/single_host/nginx_passenger.sls b/tools/salt-install/config_examples/single_host/single_hostname/nginx_passenger.sls
similarity index 100%
rename from tools/salt-install/single_host/nginx_passenger.sls
rename to tools/salt-install/config_examples/single_host/single_hostname/nginx_passenger.sls
diff --git a/tools/salt-install/single_host/nginx_webshell_configuration.sls b/tools/salt-install/config_examples/single_host/single_hostname/nginx_webshell_configuration.sls
similarity index 92%
rename from tools/salt-install/single_host/nginx_webshell_configuration.sls
rename to tools/salt-install/config_examples/single_host/single_hostname/nginx_webshell_configuration.sls
index a0756b7ce..dac606123 100644
--- a/tools/salt-install/single_host/nginx_webshell_configuration.sls
+++ b/tools/salt-install/config_examples/single_host/single_hostname/nginx_webshell_configuration.sls
@@ -22,9 +22,9 @@ nginx:
overwrite: true
config:
- server:
- - server_name: webshell.__CLUSTER__.__DOMAIN__
+ - server_name: __HOSTNAME__
- listen:
- - 80
+ - __WEBSHELL_EXT_SSL_PORT__
- location /.well-known:
- root: /var/www
- location /:
@@ -35,11 +35,11 @@ nginx:
overwrite: true
config:
- server:
- - server_name: webshell.__CLUSTER__.__DOMAIN__
+ - server_name: __HOSTNAME__
- listen:
- - __HOST_SSL_PORT__ http2 ssl
+ - __WEBSHELL_EXT_SSL_PORT__ http2 ssl
- index: index.html index.htm
- - location /shell.__CLUSTER__.__DOMAIN__:
+ - location /__HOSTNAME__:
- proxy_pass: 'http://webshell_upstream'
- proxy_read_timeout: 90
- proxy_connect_timeout: 90
diff --git a/tools/salt-install/single_host/nginx_websocket_configuration.sls b/tools/salt-install/config_examples/single_host/single_hostname/nginx_websocket_configuration.sls
similarity index 90%
rename from tools/salt-install/single_host/nginx_websocket_configuration.sls
rename to tools/salt-install/config_examples/single_host/single_hostname/nginx_websocket_configuration.sls
index ebe03f733..827524cbe 100644
--- a/tools/salt-install/single_host/nginx_websocket_configuration.sls
+++ b/tools/salt-install/config_examples/single_host/single_hostname/nginx_websocket_configuration.sls
@@ -21,9 +21,9 @@ nginx:
overwrite: true
config:
- server:
- - server_name: ws.__CLUSTER__.__DOMAIN__
+ - server_name: __HOSTNAME__
- listen:
- - 80
+ - __WEBSOCKET_EXT_SSL_PORT__
- location /.well-known:
- root: /var/www
- location /:
@@ -34,9 +34,9 @@ nginx:
overwrite: true
config:
- server:
- - server_name: ws.__CLUSTER__.__DOMAIN__
+ - server_name: __HOSTNAME__
- listen:
- - __HOST_SSL_PORT__ http2 ssl
+ - __WEBSOCKET_EXT_SSL_PORT__ http2 ssl
- index: index.html index.htm
- location /:
- proxy_pass: 'http://websocket_upstream'
diff --git a/tools/salt-install/single_host/nginx_workbench2_configuration.sls b/tools/salt-install/config_examples/single_host/single_hostname/nginx_workbench2_configuration.sls
similarity index 80%
rename from tools/salt-install/single_host/nginx_workbench2_configuration.sls
rename to tools/salt-install/config_examples/single_host/single_hostname/nginx_workbench2_configuration.sls
index 8930be408..7f90cbc82 100644
--- a/tools/salt-install/single_host/nginx_workbench2_configuration.sls
+++ b/tools/salt-install/config_examples/single_host/single_hostname/nginx_workbench2_configuration.sls
@@ -19,9 +19,9 @@ nginx:
overwrite: true
config:
- server:
- - server_name: workbench2.__CLUSTER__.__DOMAIN__
+ - server_name: __HOSTNAME__
- listen:
- - 80
+ - __WORKBENCH2_EXT_SSL_PORT__
- location /.well-known:
- root: /var/www
- location /:
@@ -32,9 +32,9 @@ nginx:
overwrite: true
config:
- server:
- - server_name: workbench2.__CLUSTER__.__DOMAIN__
+ - server_name: workbench2.__HOSTNAME__
- listen:
- - __HOST_SSL_PORT__ http2 ssl
+ - __WORKBENCH2_EXT_SSL_PORT__ http2 ssl
- index: index.html index.htm
- location /:
- root: /var/www/arvados-workbench2/workbench2
@@ -42,7 +42,7 @@ nginx:
- 'if (-f $document_root/maintenance.html)':
- return: 503
- location /config.json:
- - return: {{ "200 '" ~ '{"API_HOST":"__CLUSTER__.__DOMAIN__:__HOST_SSL_PORT__"}' ~ "'" }}
+ - return: {{ "200 '" ~ '{"API_HOST":"__HOSTNAME__:__CONTROLLER_EXT_SSL_PORT__"}' ~ "'" }}
- include: 'snippets/arvados-snakeoil.conf'
- access_log: /var/log/nginx/workbench2.__CLUSTER__.__DOMAIN__.access.log combined
- error_log: /var/log/nginx/workbench2.__CLUSTER__.__DOMAIN__.error.log
diff --git a/tools/salt-install/single_host/nginx_workbench_configuration.sls b/tools/salt-install/config_examples/single_host/single_hostname/nginx_workbench_configuration.sls
similarity index 91%
rename from tools/salt-install/single_host/nginx_workbench_configuration.sls
rename to tools/salt-install/config_examples/single_host/single_hostname/nginx_workbench_configuration.sls
index be571ca77..0cbd3e14a 100644
--- a/tools/salt-install/single_host/nginx_workbench_configuration.sls
+++ b/tools/salt-install/config_examples/single_host/single_hostname/nginx_workbench_configuration.sls
@@ -28,9 +28,9 @@ nginx:
overwrite: true
config:
- server:
- - server_name: workbench.__CLUSTER__.__DOMAIN__
+ - server_name: __HOSTNAME__
- listen:
- - 80
+ - __WORKBENCH_EXT_SSL_PORT__
- location /.well-known:
- root: /var/www
- location /:
@@ -41,9 +41,9 @@ nginx:
overwrite: true
config:
- server:
- - server_name: workbench.__CLUSTER__.__DOMAIN__
+ - server_name: workbench.__HOSTNAME__
- listen:
- - __HOST_SSL_PORT__ http2 ssl
+ - __WORKBENCH1_EXT_SSL_PORT__ http2 ssl
- index: index.html index.htm
- location /:
- proxy_pass: 'http://workbench_upstream'
diff --git a/tools/salt-install/single_host/postgresql.sls b/tools/salt-install/config_examples/single_host/single_hostname/postgresql.sls
similarity index 100%
rename from tools/salt-install/single_host/postgresql.sls
rename to tools/salt-install/config_examples/single_host/single_hostname/postgresql.sls
diff --git a/tools/salt-install/local.params.example b/tools/salt-install/local.params.example
new file mode 100644
index 000000000..a88301b2a
--- /dev/null
+++ b/tools/salt-install/local.params.example
@@ -0,0 +1,64 @@
+##########################################################
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: CC-BY-SA-3.0
+
+# These are the basic parameters to configure the installation
+
+# The 5 letters name you want to give your cluster
+CLUSTER="fixme"
+
+# The domainname you want tou give to your cluster's hosts
+DOMAIN="some.domain"
+
+# When setting the cluster in a single host, you can use a single hostname
+# to access all the instances. When using virtualization (ie AWS), this should be
+# the EXTERNAL hostname for the instance.
+# If empty, the INTERNAL HOST IP will be used
+HOSTNAME=""
+CONTROLLER_EXT_SSL_PORT=8000
+KEEP_EXT_SSL_PORT=25101
+# Both for collections and downloads
+KEEPWEB_EXT_SSL_PORT=9002
+WEBSHELL_EXT_SSL_PORT=4202
+WEBSOCKET_EXT_SSL_PORT=8002
+WORKBENCH1_EXT_SSL_PORT=443
+WORKBENCH2_EXT_SSL_PORT=3001
+
+INITIAL_USER="admin"
+
+# If not specified, the initial user email will be composed as
+# INITIAL_USER at CLUSTER.DOMAIN
+INITIAL_USER_EMAIL="admin at fixme.localdomain"
+INITIAL_USER_PASSWORD="password"
+
+# The example config files you want to use. There are a few examples
+# under 'config_examples'
+CONFIG_DIR="config_examples/single_host/single_hostname"
+
+# Which release of Arvados repo you want to use
+RELEASE="production"
+# Which version of Arvados you want to install. Defaults to 'latest'
+# in the desired repo
+VERSION="latest"
+
+# Host SSL port where you want to point your browser to access Arvados
+# Defaults to 443 for regular runs, and to 8443 when called in Vagrant.
+# You can point it to another port if desired
+# In Vagrant, make sure it matches what you set in the Vagrantfile
+HOST_SSL_PORT=443
+
+# This is an arvados-formula setting.
+# If branch is set, the script will switch to it before running salt
+# Usually not needed, only used for testing
+BRANCH="master"
+
+##########################################################
+# Usually there's no need to modify things below this line
+
+# Formulas versions
+ARVADOS_TAG="v1.1.4"
+POSTGRES_TAG="v0.41.3"
+NGINX_TAG="v2.4.0"
+DOCKER_TAG="v1.0.0"
+LOCALE_TAG="v0.3.4"
diff --git a/tools/salt-install/provision.sh b/tools/salt-install/provision.sh
index b97d71965..f3df4109a 100755
--- a/tools/salt-install/provision.sh
+++ b/tools/salt-install/provision.sh
@@ -15,15 +15,6 @@ set -o pipefail
# capture the directory that the script is running from
SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
-CONFIG_DIR="single_host"
-RELEASE="production"
-VERSION="latest"
-ARVADOS_TAG="v1.1.4"
-POSTGRES_TAG="v0.41.3"
-NGINX_TAG="v2.4.0"
-DOCKER_TAG="v1.0.0"
-LOCALE_TAG="v0.3.4"
-
usage() {
echo >&2
echo >&2 "Usage: ${0} [-h] [-h]"
@@ -109,10 +100,35 @@ arguments() {
}
CONFIG="${SCRIPT_DIR}/local.params"
+CONFIG_DIR="config_examples/single_host/multiple_hostnames"
LOG_LEVEL="info"
HOST_SSL_PORT=443
TESTS_DIR="tests"
+CLUSTER=""
+DOMAIN=""
+HOSTNAME=""
+INITIAL_USER=""
+INITIAL_USER_EMAIL=""
+INITIAL_USER_PASSWORD=""
+
+CONTROLLER_EXT_SSL_PORT=8000
+KEEP_EXT_SSL_PORT=25101
+# Both for collections and downloads
+KEEPWEB_EXT_SSL_PORT=9002
+WEBSHELL_EXT_SSL_PORT=4202
+WEBSOCKET_EXT_SSL_PORT=8002
+WORKBENCH1_EXT_SSL_PORT=443
+WORKBENCH2_EXT_SSL_PORT=3001
+
+RELEASE="production"
+VERSION="latest"
+ARVADOS_TAG="v1.1.4"
+POSTGRES_TAG="v0.41.3"
+NGINX_TAG="v2.4.0"
+DOCKER_TAG="v1.0.0"
+LOCALE_TAG="v0.3.4"
+
arguments ${@}
if [ -s ${CONFIG} ]; then
@@ -156,9 +172,7 @@ pillar_roots:
- ${P_DIR}
EOFSM
-mkdir -p ${S_DIR}
-mkdir -p ${F_DIR}
-mkdir -p ${P_DIR}
+mkdir -p ${S_DIR} ${F_DIR} ${P_DIR}
# States
cat > ${S_DIR}/top.sls << EOFTSLS
@@ -227,8 +241,15 @@ for f in "${SOURCE_PILLARS_DIR}"/*; do
sed "s/__CLUSTER__/${CLUSTER}/g;
s/__DOMAIN__/${DOMAIN}/g;
s/__RELEASE__/${RELEASE}/g;
+ s/__CONTROLLER_EXT_SSL_PORT__/${CONTROLLER_EXT_SSL_PORT}/g;
+ s/__KEEP_EXT_SSL_PORT__/${KEEP_EXT_SSL_PORT}/g;
+ s/__WEBSHELL_EXT_SSL_PORT__/${WEBSHELL_EXT_SSL_PORT}/g;
+ s/__WORKBENCH1_EXT__SSL_PORT__/${WORKBENCH1_EXT__SSL_PORT}/g;
+ s/__WORKBENCH2_EXT__SSL_PORT__/${WORKBENCH2_EXT__SSL_PORT}/g;
+ s/__WEBSOCKET_EXT_SSL_PORT__/${WEBSOCKET_EXT_SSL_PORT}/g;
+ s/__HOSTNAME__/${HOSTNAME}/g;
+ s/__KEEPWEB_EXT_SSL_PORT__/${KEEPWEB_EXT_SSL_PORT}/g;
s/__HOST_SSL_PORT__/${HOST_SSL_PORT}/g;
- s/__GUEST_SSL_PORT__/${GUEST_SSL_PORT}/g;
s/__INITIAL_USER__/${INITIAL_USER}/g;
s/__INITIAL_USER_EMAIL__/${INITIAL_USER_EMAIL}/g;
s/__INITIAL_USER_PASSWORD__/${INITIAL_USER_PASSWORD}/g;
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list