[ARVADOS] updated: 2.1.0-813-gc33ff9b83

Git user git at public.arvados.org
Tue May 18 21:00:32 UTC 2021


Summary of changes:
 .../config_examples/multi_host/aws/certs/README.md         |  2 +-
 .../config_examples/multi_host/aws/pillars/arvados.sls     |  2 +-
 .../config_examples/multi_host/aws/pillars/letsencrypt.sls | 14 ++------------
 .../aws/pillars/letsencrypt_keepweb_configuration.sls      |  1 +
 .../aws/pillars/nginx_controller_configuration.sls         |  1 -
 .../aws/pillars/nginx_keepproxy_configuration.sls          |  1 -
 .../multi_host/aws/pillars/nginx_keepweb_configuration.sls |  5 ++---
 .../aws/pillars/nginx_webshell_configuration.sls           |  1 -
 .../aws/pillars/nginx_websocket_configuration.sls          |  1 -
 .../aws/pillars/nginx_workbench2_configuration.sls         |  1 -
 .../aws/pillars/nginx_workbench_configuration.sls          |  1 -
 tools/salt-install/provision.sh                            |  6 +++---
 12 files changed, 10 insertions(+), 26 deletions(-)

       via  c33ff9b8343639cb000df03cfd2d2e2f35d11d58 (commit)
       via  65d25630f34296f30c50cd78f232713f23f70bc3 (commit)
       via  7c0fcad91b7ed31ebec9c9ca07269aaa4fa9d1df (commit)
      from  4b281cbb08215ba079841e796de4bdb483098164 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.


commit c33ff9b8343639cb000df03cfd2d2e2f35d11d58
Merge: 4b281cbb0 65d25630f
Author: Javier Bértoli <jbertoli at curii.com>
Date:   Tue May 18 18:00:08 2021 -0300

    Merge branch '17604-change-collections-urls'
    
    closes #17604
    Arvados-DCO-1.1-Signed-off-by: Javier Bértoli <jbertoli at curii.com>


commit 65d25630f34296f30c50cd78f232713f23f70bc3
Author: Javier Bértoli <jbertoli at curii.com>
Date:   Tue May 18 10:50:44 2021 -0300

    feat(provision): use LE wildcard cert for *.collections
    
    refs #17604
    Arvados-DCO-1.1-Signed-off-by: Javier Bértoli <jbertoli at curii.com>

diff --git a/tools/salt-install/config_examples/multi_host/aws/certs/README.md b/tools/salt-install/config_examples/multi_host/aws/certs/README.md
index 00d486e1c..dc9043217 100644
--- a/tools/salt-install/config_examples/multi_host/aws/certs/README.md
+++ b/tools/salt-install/config_examples/multi_host/aws/certs/README.md
@@ -7,7 +7,7 @@ The nodes requiring certificates are:
 
 * CLUSTER.DOMAIN
 * collections.CLUSTER.DOMAIN
-* \*\-\-collections.CLUSTER.DOMAIN
+* \*.collections.CLUSTER.DOMAIN
 * download.CLUSTER.DOMAIN
 * keep.CLUSTER.DOMAIN
 * workbench.CLUSTER.DOMAIN
diff --git a/tools/salt-install/config_examples/multi_host/aws/pillars/arvados.sls b/tools/salt-install/config_examples/multi_host/aws/pillars/arvados.sls
index 4ecc65e28..f7052efc1 100644
--- a/tools/salt-install/config_examples/multi_host/aws/pillars/arvados.sls
+++ b/tools/salt-install/config_examples/multi_host/aws/pillars/arvados.sls
@@ -175,7 +175,7 @@ arvados:
         InternalURLs:
           'http://localhost:8004': {}
       WebDAV:
-        ExternalURL: 'https://*--collections.__CLUSTER__.__DOMAIN__:__KEEPWEB_EXT_SSL_PORT__/'
+        ExternalURL: 'https://*.collections.__CLUSTER__.__DOMAIN__:__KEEPWEB_EXT_SSL_PORT__/'
         InternalURLs:
           'http://localhost:9002': {}
       WebDAVDownload:
diff --git a/tools/salt-install/config_examples/multi_host/aws/pillars/letsencrypt.sls b/tools/salt-install/config_examples/multi_host/aws/pillars/letsencrypt.sls
index 6ba8b9b09..90593307d 100644
--- a/tools/salt-install/config_examples/multi_host/aws/pillars/letsencrypt.sls
+++ b/tools/salt-install/config_examples/multi_host/aws/pillars/letsencrypt.sls
@@ -8,23 +8,13 @@ letsencrypt:
   use_package: true
   pkgs:
     - certbot: latest
-    - python3-certbot-nginx
+    - python3-certbot-dns-route53
   config:
     server: https://acme-v02.api.letsencrypt.org/directory
     email: __INITIAL_USER_EMAIL__
-    authenticator: nginx
-    webroot-path: /var/www
+    authenticator: dns-route53
     agree-tos: true
     keep-until-expiring: true
     expand: true
     max-log-backups: 0
     deploy-hook: systemctl reload nginx
-
-### NGINX
-nginx:
-  ### SNIPPETS
-  snippets:
-    ### LETSENCRYPT DEFAULT PATH
-    letsencrypt_well_known.conf:
-      - location /.well-known:
-        - root: /var/www
diff --git a/tools/salt-install/config_examples/multi_host/aws/pillars/letsencrypt_keepweb_configuration.sls b/tools/salt-install/config_examples/multi_host/aws/pillars/letsencrypt_keepweb_configuration.sls
index dc34ea6fd..35ec9b0da 100644
--- a/tools/salt-install/config_examples/multi_host/aws/pillars/letsencrypt_keepweb_configuration.sls
+++ b/tools/salt-install/config_examples/multi_host/aws/pillars/letsencrypt_keepweb_configuration.sls
@@ -10,6 +10,7 @@ letsencrypt:
       - download.__CLUSTER__.__DOMAIN__
     collections.__CLUSTER__.__DOMAIN__:
       - collections.__CLUSTER__.__DOMAIN__
+      - *.collections.__CLUSTER__.__DOMAIN__
 
 ### NGINX
 nginx:
diff --git a/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_controller_configuration.sls b/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_controller_configuration.sls
index 3be169660..aa11cca74 100644
--- a/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_controller_configuration.sls
+++ b/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_controller_configuration.sls
@@ -29,7 +29,6 @@ nginx:
             - server_name: __CLUSTER__.__DOMAIN__
             - listen:
               - 80 default
-            - include: snippets/letsencrypt_well_known.conf
             - location /:
               - return: '301 https://$host$request_uri'
 
diff --git a/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_keepproxy_configuration.sls b/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_keepproxy_configuration.sls
index 5d8b37e59..fac97f3c6 100644
--- a/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_keepproxy_configuration.sls
+++ b/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_keepproxy_configuration.sls
@@ -24,7 +24,6 @@ nginx:
             - server_name: keep.__CLUSTER__.__DOMAIN__
             - listen:
               - 80
-            - include: snippets/letsencrypt_well_known.conf
             - location /:
               - return: '301 https://$host$request_uri'
 
diff --git a/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_keepweb_configuration.sls b/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_keepweb_configuration.sls
index fca421607..5a25ae899 100644
--- a/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_keepweb_configuration.sls
+++ b/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_keepweb_configuration.sls
@@ -21,10 +21,9 @@ nginx:
         overwrite: true
         config:
           - server:
-            - server_name: '~^((.*--)?collections|download)\.__CLUSTER__\.__DOMAIN__'
+            - server_name: '~^((.*\.)?collections|download)\.__CLUSTER__\.__DOMAIN__'
             - listen:
               - 80
-            - include: snippets/letsencrypt_well_known.conf
             - location /:
               - return: '301 https://$host$request_uri'
 
@@ -36,7 +35,7 @@ nginx:
           cmd: create-initial-cert-collections.__CLUSTER__.__DOMAIN__-collections.__CLUSTER__.__DOMAIN__
         config:
           - server:
-            - server_name: '~^(.*--)?collections\.__CLUSTER__\.__DOMAIN__'
+            - server_name: '*.collections.__CLUSTER__.__DOMAIN__'
             - listen:
               - __CONTROLLER_EXT_SSL_PORT__ http2 ssl
             - index: index.html index.htm
diff --git a/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_webshell_configuration.sls b/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_webshell_configuration.sls
index 46f8ad038..49c86dd31 100644
--- a/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_webshell_configuration.sls
+++ b/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_webshell_configuration.sls
@@ -25,7 +25,6 @@ nginx:
             - server_name: webshell.__CLUSTER__.__DOMAIN__
             - listen:
               - 80
-            - include: snippets/letsencrypt_well_known.conf
             - location /:
               - return: '301 https://$host$request_uri'
 
diff --git a/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_websocket_configuration.sls b/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_websocket_configuration.sls
index e89b780da..c9671cd0c 100644
--- a/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_websocket_configuration.sls
+++ b/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_websocket_configuration.sls
@@ -24,7 +24,6 @@ nginx:
             - server_name: ws.__CLUSTER__.__DOMAIN__
             - listen:
               - 80
-            - include: snippets/letsencrypt_well_known.conf
             - location /:
               - return: '301 https://$host$request_uri'
 
diff --git a/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_workbench2_configuration.sls b/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_workbench2_configuration.sls
index a3e58e2e2..bd4123539 100644
--- a/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_workbench2_configuration.sls
+++ b/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_workbench2_configuration.sls
@@ -22,7 +22,6 @@ nginx:
             - server_name: workbench2.__CLUSTER__.__DOMAIN__
             - listen:
               - 80
-            - include: snippets/letsencrypt_well_known.conf
             - location /:
               - return: '301 https://$host$request_uri'
 
diff --git a/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_workbench_configuration.sls b/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_workbench_configuration.sls
index 38e59cc1b..ec28b98c6 100644
--- a/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_workbench_configuration.sls
+++ b/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_workbench_configuration.sls
@@ -31,7 +31,6 @@ nginx:
             - server_name: workbench.__CLUSTER__.__DOMAIN__
             - listen:
               - 80
-            - include: snippets/letsencrypt_well_known.conf
             - location /:
               - return: '301 https://$host$request_uri'
 

-----------------------------------------------------------------------


hooks/post-receive
-- 




More information about the arvados-commits mailing list