[ARVADOS] updated: 2.1.0-815-gb9dab5537
Git user
git at public.arvados.org
Wed May 26 10:44:33 UTC 2021
Summary of changes:
tools/salt-install/local.params.example.multiple_hosts | 2 +-
tools/salt-install/provision.sh | 10 +++++-----
2 files changed, 6 insertions(+), 6 deletions(-)
discards 6c358fb1bea1f54b54deb37477b4e4e95875b45a (commit)
via b9dab553775db66389023c4af4166edc38fd9129 (commit)
This update added new revisions after undoing existing revisions. That is
to say, the old revision is not a strict subset of the new revision. This
situation occurs when you --force push a change and generate a repository
containing something like this:
* -- * -- B -- O -- O -- O (6c358fb1bea1f54b54deb37477b4e4e95875b45a)
\
N -- N -- N (b9dab553775db66389023c4af4166edc38fd9129)
When this happens we assume that you've already had alert emails for all
of the O revisions, and so we here report only the revisions in the N
branch from the common base, B.
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
commit b9dab553775db66389023c4af4166edc38fd9129
Author: Javier Bértoli <jbertoli at curii.com>
Date: Thu May 20 18:52:36 2021 -0300
17605: allow to use a IAM user for letsencrypt
Arvados-DCO-1.1-Signed-off-by: Javier Bértoli <jbertoli at curii.com>
diff --git a/tools/salt-install/config_examples/multi_host/aws/states/aws_credentials.sls b/tools/salt-install/config_examples/multi_host/aws/states/aws_credentials.sls
index 15a517a81..ec9fc409a 100644
--- a/tools/salt-install/config_examples/multi_host/aws/states/aws_credentials.sls
+++ b/tools/salt-install/config_examples/multi_host/aws/states/aws_credentials.sls
@@ -4,6 +4,7 @@
{%- set aws_credentials = pillar.get('aws_credentials', {}) %}
+{%- if aws_credentials %}
extra_extra_aws_credentials_root_aws_config_file_managed:
file.managed:
- name: /root/.aws/config
@@ -28,3 +29,4 @@ extra_extra_aws_credentials_root_aws_credentials_file_managed:
[default]
aws_access_key_id = {{ aws_credentials.access_key_id }}
aws_secret_access_key = {{ aws_credentials.secret_access_key }}
+{%- endif %}
diff --git a/tools/salt-install/local.params.example.multiple_hosts b/tools/salt-install/local.params.example.multiple_hosts
index 07af7cf7c..86f28be37 100644
--- a/tools/salt-install/local.params.example.multiple_hosts
+++ b/tools/salt-install/local.params.example.multiple_hosts
@@ -62,6 +62,7 @@ DATABASE_PASSWORD=please_set_this_to_some_secure_value
# variable to "no", provide and upload your own certificates to the instances and
# modify the 'nginx_*' salt pillars accordingly
USE_LETSENCRYPT="yes"
+USE_LETSENCRYPT_IAM_USER="yes"
# For collections, we need to obtain a wildcard certificate for
# '*.collections.<cluster>.<domain>'. This is only possible through a DNS-01 challenge.
# For that reason, you'll need to provide AWS credentials with permissions to manage
diff --git a/tools/salt-install/provision.sh b/tools/salt-install/provision.sh
index a2cc01e5d..ae4fb16c8 100755
--- a/tools/salt-install/provision.sh
+++ b/tools/salt-install/provision.sh
@@ -377,7 +377,9 @@ if [ -z "${ROLES}" ]; then
echo " - nginx.passenger" >> ${S_DIR}/top.sls
# Currently, only available on config_examples/multi_host/aws
if [ "x${USE_LETSENCRYPT}" = "xyes" ]; then
- grep -q "aws_credentials" ${S_DIR}/top.sls || echo " - aws_credentials" >> ${S_DIR}/top.sls
+ if [ "x${USE_LETSENCRYPT_IAM_USER}" = "xno" ]; then
+ grep -q "aws_credentials" ${S_DIR}/top.sls || echo " - aws_credentials" >> ${S_DIR}/top.sls
+ fi
grep -q "letsencrypt" ${S_DIR}/top.sls || echo " - letsencrypt" >> ${S_DIR}/top.sls
fi
echo " - postgres" >> ${S_DIR}/top.sls
@@ -398,7 +400,9 @@ if [ -z "${ROLES}" ]; then
echo " - postgresql" >> ${P_DIR}/top.sls
# Currently, only available on config_examples/multi_host/aws
if [ "x${USE_LETSENCRYPT}" = "xyes" ]; then
- grep -q "aws_credentials" ${P_DIR}/top.sls || echo " - aws_credentials" >> ${P_DIR}/top.sls
+ if [ "x${USE_LETSENCRYPT_IAM_USER}" = "xno" ]; then
+ grep -q "aws_credentials" ${P_DIR}/top.sls || echo " - aws_credentials" >> ${P_DIR}/top.sls
+ fi
grep -q "letsencrypt" ${P_DIR}/top.sls || echo " - letsencrypt" >> ${P_DIR}/top.sls
fi
else
@@ -421,7 +425,9 @@ else
### after it so we add this here, as we are, after all, sharing the host for api and controller
# Currently, only available on config_examples/multi_host/aws
if [ "x${USE_LETSENCRYPT}" = "xyes" ]; then
- grep -q "aws_credentials" ${S_DIR}/top.sls || echo " - aws_credentials" >> ${S_DIR}/top.sls
+ if [ "x${USE_LETSENCRYPT_IAM_USER}" = "xno" ]; then
+ grep -q "aws_credentials" ${S_DIR}/top.sls || echo " - aws_credentials" >> ${S_DIR}/top.sls
+ fi
grep -q "letsencrypt" ${S_DIR}/top.sls || echo " - letsencrypt" >> ${S_DIR}/top.sls
fi
grep -q "arvados.${R}" ${S_DIR}/top.sls || echo " - arvados.${R}" >> ${S_DIR}/top.sls
@@ -437,7 +443,9 @@ else
grep -q "nginx.passenger" ${S_DIR}/top.sls || echo " - nginx.passenger" >> ${S_DIR}/top.sls
# Currently, only available on config_examples/multi_host/aws
if [ "x${USE_LETSENCRYPT}" = "xyes" ]; then
- grep -q "aws_credentials" ${S_DIR}/top.sls || echo " - aws_credentials" >> ${S_DIR}/top.sls
+ if [ "x${USE_LETSENCRYPT_IAM_USER}" = "xno" ]; then
+ grep -q "aws_credentials" ${S_DIR}/top.sls || echo " - aws_credentials" >> ${S_DIR}/top.sls
+ fi
grep -q "letsencrypt" ${S_DIR}/top.sls || echo " - letsencrypt" >> ${S_DIR}/top.sls
fi
grep -q "arvados.${R}" ${S_DIR}/top.sls || echo " - arvados.${R}" >> ${S_DIR}/top.sls
@@ -446,7 +454,9 @@ else
grep -q "nginx_${R}_configuration" ${P_DIR}/top.sls || echo " - nginx_${R}_configuration" >> ${P_DIR}/top.sls
# Currently, only available on config_examples/multi_host/aws
if [ "x${USE_LETSENCRYPT}" = "xyes" ]; then
- grep -q "aws_credentials" ${P_DIR}/top.sls || echo " - aws_credentials" >> ${P_DIR}/top.sls
+ if [ "x${USE_LETSENCRYPT_IAM_USER}" = "xno" ]; then
+ grep -q "aws_credentials" ${P_DIR}/top.sls || echo " - aws_credentials" >> ${P_DIR}/top.sls
+ fi
grep -q "letsencrypt" ${P_DIR}/top.sls || echo " - letsencrypt" >> ${P_DIR}/top.sls
grep -q "letsencrypt_${R}_configuration" ${P_DIR}/top.sls || echo " - letsencrypt_${R}_configuration" >> ${P_DIR}/top.sls
fi
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list