[ARVADOS] updated: 2.1.0-1483-gd68c3776f
Git user
git at public.arvados.org
Thu Oct 21 18:30:00 UTC 2021
Summary of changes:
doc/install/salt-multi-host.html.textile.liquid | 4 ++--
doc/install/salt-single-host.html.textile.liquid | 6 +++++-
.../single_host/multiple_hostnames/pillars/arvados.sls | 2 +-
.../config_examples/single_host/single_hostname/pillars/arvados.sls | 2 +-
tools/salt-install/provision.sh | 2 +-
5 files changed, 10 insertions(+), 6 deletions(-)
via d68c3776fee61329f665ede740cca51946395d1c (commit)
via 089aaca1ed6fe672f01c5049f1bf3956bdd35065 (commit)
from f54cc984969657be50c093b917feb49a19d78c22 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
commit d68c3776fee61329f665ede740cca51946395d1c
Author: Javier Bértoli <jbertoli at curii.com>
Date: Mon Oct 18 19:47:27 2021 -0300
17742: update script addressing review suggestions
Arvados-DCO-1.1-Signed-off-by: Javier Bértoli <jbertoli at curii.com>
diff --git a/tools/salt-install/config_examples/single_host/multiple_hostnames/pillars/arvados.sls b/tools/salt-install/config_examples/single_host/multiple_hostnames/pillars/arvados.sls
index 5a1a0f475..81d324fcb 100644
--- a/tools/salt-install/config_examples/single_host/multiple_hostnames/pillars/arvados.sls
+++ b/tools/salt-install/config_examples/single_host/multiple_hostnames/pillars/arvados.sls
@@ -83,7 +83,7 @@ arvados:
tls:
# certificate: ''
# key: ''
- # required to test with arvados-snakeoil certs
+ # When using arvados-snakeoil certs set insecure: true
insecure: false
resources:
diff --git a/tools/salt-install/config_examples/single_host/single_hostname/pillars/arvados.sls b/tools/salt-install/config_examples/single_host/single_hostname/pillars/arvados.sls
index a45ac8d81..78a5a938f 100644
--- a/tools/salt-install/config_examples/single_host/single_hostname/pillars/arvados.sls
+++ b/tools/salt-install/config_examples/single_host/single_hostname/pillars/arvados.sls
@@ -72,7 +72,7 @@ arvados:
tls:
# certificate: ''
# key: ''
- # required to test with arvados-snakeoil certs
+ # When using arvados-snakeoil certs set insecure: true
insecure: true
### TOKENS
diff --git a/tools/salt-install/provision.sh b/tools/salt-install/provision.sh
index 310e09499..537f087b6 100755
--- a/tools/salt-install/provision.sh
+++ b/tools/salt-install/provision.sh
@@ -641,7 +641,7 @@ else
fi
else
grep -q ${R} ${P_DIR}/extra_custom_certs.sls || echo " - ${R}" >> ${P_DIR}/extra_custom_certs.sls
-
+
# As the pillar differ whether we use LE or custom certs, we need to do a final edition on them
# Special case for keepweb
if [ ${R} = "keepweb" ]; then
commit 089aaca1ed6fe672f01c5049f1bf3956bdd35065
Author: Javier Bértoli <jbertoli at curii.com>
Date: Mon Oct 18 19:42:43 2021 -0300
17742: update docs addressing review suggestions
Arvados-DCO-1.1-Signed-off-by: Javier Bértoli <jbertoli at curii.com>
diff --git a/doc/install/salt-multi-host.html.textile.liquid b/doc/install/salt-multi-host.html.textile.liquid
index f3afcd503..da86c443a 100644
--- a/doc/install/salt-multi-host.html.textile.liquid
+++ b/doc/install/salt-multi-host.html.textile.liquid
@@ -106,11 +106,11 @@ cp -r config_examples/multi_host/aws local_config_dir
Edit the variables in the <i>local.params</i> file. Pay attention to the <b>*_INT_IP, *_TOKEN</b> and <b>*KEY</b> variables. Those variables will be used to do a search and replace on the <i>pillars/*</i> in place of any matching __VARIABLE__.
-The <i>multi_host</i> include LetsEncrypt salt code to automatically request and install the certificates for the public-facing hosts (API/controller, Workbench, Keepproxy/Keepweb) using AWS' Route53.
+The <i>multi_host</i> example includes LetsEncrypt salt code to automatically request and install the certificates for the public-facing hosts (API/controller, Workbench, Keepproxy/Keepweb) using AWS' Route53.
If you plan to use custom certificates, please set the variable <i>USE_LETSENCRYPT=no</i> and copy your certificates to the directory specified with the variable @CUSTOM_CERTS_DIR@ (usually "./certs") in the remote directory where you copied the @provision.sh@ script. From this dir, the provision script will install the certificates required for the role you're installing.
-The script expects cert/key files with these basenames (matching the role except for <i>keepweb</i>, which is split in both <i>downoad / collections</i>):
+The script expects cert/key files with these basenames (matching the role except for <i>keepweb</i>, which is split in both <i>download / collections</i>):
* "controller"
* "websocket"
diff --git a/doc/install/salt-single-host.html.textile.liquid b/doc/install/salt-single-host.html.textile.liquid
index 857cdb0dc..11c8991e9 100644
--- a/doc/install/salt-single-host.html.textile.liquid
+++ b/doc/install/salt-single-host.html.textile.liquid
@@ -55,9 +55,11 @@ cp -r config_examples/single_host/single_hostname local_config_dir
Edit the variables in the <i>local.params</i> file. Pay attention to the <b>*_PORT, *_TOKEN</b> and <b>*KEY</b> variables.
+The <i>single_host</i> examples use self-signed SSL certificates, which are deployed using the same mechanism used to deploy custom certificates.
+
If you plan to use custom certificates, please set the variable <i>USE_LETSENCRYPT=no</i> and copy your certificates to the directory specified with the variable @CUSTOM_CERTS_DIR@ (usually "./certs") in the remote directory where you copied the @provision.sh@ script. From this dir, the provision script will install the certificates required for the role you're installing.
-The script expects cert/key files with these basenames (matching the role except for <i>keepweb</i>, which is split in both <i>downoad / collections</i>):
+The script expects cert/key files with these basenames (matching the role except for <i>keepweb</i>, which is split in both <i>download / collections</i>):
* "controller"
* "websocket"
@@ -76,6 +78,8 @@ ${CUSTOM_CERTS_DIR}/keepproxy.key
</code></pre>
</notextile>
+If you want to use valid certificates provided by LetsEncrypt, please set the variable <i>USE_LETSENCRYPT=yes</i> and make sure that all the FQDNs that you will use for the public-facing applications (API/controller, Workbench, Keepproxy/Keepweb) are reachable.
+
h3(#single_host_multiple_hostnames). Single host / multiple hostnames (Alternative configuration)
<notextile>
<pre><code>cp local.params.example.single_host_multiple_hostnames local.params
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list