[ARVADOS] updated: 2.1.0-1512-g9539317a2
Git user
git at public.arvados.org
Thu Oct 21 19:00:33 UTC 2021
Summary of changes:
doc/_includes/_install_custom_certificates.liquid | 26 ++++
doc/install/salt-multi-host.html.textile.liquid | 4 +-
doc/install/salt-single-host.html.textile.liquid | 6 +
tools/salt-install/Vagrantfile | 8 +-
.../letsencrypt_controller_configuration.sls | 10 +-
.../letsencrypt_keepproxy_configuration.sls | 10 +-
.../pillars/letsencrypt_keepweb_configuration.sls | 11 --
.../pillars/letsencrypt_webshell_configuration.sls | 8 --
.../letsencrypt_websocket_configuration.sls | 10 +-
.../letsencrypt_workbench2_configuration.sls | 8 --
.../letsencrypt_workbench_configuration.sls | 8 --
.../aws/pillars/nginx_api_configuration.sls | 2 +-
.../pillars/nginx_collections_configuration.sls} | 27 ++--
.../aws/pillars/nginx_controller_configuration.sls | 11 +-
.../aws/pillars/nginx_download_configuration.sls} | 31 ++---
.../aws/pillars/nginx_keepproxy_configuration.sls | 11 +-
.../aws/pillars/nginx_keepweb_configuration.sls | 75 +---------
.../aws/pillars/nginx_webshell_configuration.sls | 11 +-
.../aws/pillars/nginx_websocket_configuration.sls | 9 +-
.../aws/pillars/nginx_workbench2_configuration.sls | 9 +-
.../aws/pillars/nginx_workbench_configuration.sls | 9 +-
.../multiple_hostnames/pillars/arvados.sls | 4 +-
.../pillars/nginx_controller_configuration.sls | 9 +-
.../pillars/nginx_keepproxy_configuration.sls | 5 +-
.../pillars/nginx_keepweb_configuration.sls | 19 ++-
.../multiple_hostnames/pillars/nginx_passenger.sls | 4 -
.../pillars/nginx_webshell_configuration.sls | 5 +-
.../pillars/nginx_websocket_configuration.sls | 5 +-
.../pillars/nginx_workbench2_configuration.sls | 5 +-
.../pillars/nginx_workbench_configuration.sls | 5 +-
.../multiple_hostnames/states/custom_certs.sls | 31 +++++
.../multiple_hostnames/states/snakeoil_certs.sls | 116 +++++++++-------
.../single_hostname/pillars/arvados.sls | 2 +-
.../local.params.example.multiple_hosts | 22 ++-
...l.params.example.single_host_multiple_hostnames | 21 ++-
tools/salt-install/provision.sh | 153 ++++++++++++++++++---
36 files changed, 410 insertions(+), 300 deletions(-)
create mode 100644 doc/_includes/_install_custom_certificates.liquid
copy tools/salt-install/config_examples/{single_host/multiple_hostnames/pillars/nginx_keepweb_configuration.sls => multi_host/aws/pillars/nginx_collections_configuration.sls} (65%)
copy tools/salt-install/config_examples/{single_host/multiple_hostnames/pillars/nginx_keepweb_configuration.sls => multi_host/aws/pillars/nginx_download_configuration.sls} (57%)
create mode 100644 tools/salt-install/config_examples/single_host/multiple_hostnames/states/custom_certs.sls
via 9539317a22d8ea16f94b0e086507ab595d758216 (commit)
via 67d842388bc0542a7c3d8843635c3ccf5add20c7 (commit)
via d68c3776fee61329f665ede740cca51946395d1c (commit)
via 089aaca1ed6fe672f01c5049f1bf3956bdd35065 (commit)
via f54cc984969657be50c093b917feb49a19d78c22 (commit)
via 3b0f80205c1942cc954eb891691c7c382aa9c87c (commit)
via 2eeaf4eacf23e166b60cf95562ea2727a68e1e08 (commit)
via 6f84dbb74b46470e937a52cbbb5de4c5b825e122 (commit)
via 03338fd9d7416560331bb96fd356f3d35de6760f (commit)
via b4bb4815b9e23c54d6bbf7ec166acdf7ddfcb10b (commit)
from dd5a2a0c2da55c95cb94cb67538c6693cf989bf9 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
commit 9539317a22d8ea16f94b0e086507ab595d758216
Merge: dd5a2a0c2 67d842388
Author: Javier Bértoli <jbertoli at curii.com>
Date: Thu Oct 21 16:00:13 2021 -0300
Merge branch '17742-provide-custom-certs'
closes #17742
Arvados-DCO-1.1-Signed-off-by: Javier Bértoli <jbertoli at curii.com>
commit 67d842388bc0542a7c3d8843635c3ccf5add20c7
Author: Javier Bértoli <jbertoli at curii.com>
Date: Thu Oct 21 15:59:04 2021 -0300
17742: update documentation addressing review suggestions
Arvados-DCO-1.1-Signed-off-by: Javier Bértoli <jbertoli at curii.com>
diff --git a/doc/_includes/_install_custom_certificates.liquid b/doc/_includes/_install_custom_certificates.liquid
new file mode 100644
index 000000000..74bc009b8
--- /dev/null
+++ b/doc/_includes/_install_custom_certificates.liquid
@@ -0,0 +1,26 @@
+{% comment %}
+Copyright (C) The Arvados Authors. All rights reserved.
+
+SPDX-License-Identifier: CC-BY-SA-3.0
+{% endcomment %}
+
+If you plan to use custom certificates, please set the variable <i>USE_LETSENCRYPT=no</i> and copy your certificates to the directory specified with the variable @CUSTOM_CERTS_DIR@ (usually "./certs") in the remote directory where you copied the @provision.sh@ script. From this dir, the provision script will install the certificates required for the role you're installing.
+
+The script expects cert/key files with these basenames (matching the role except for <i>keepweb</i>, which is split in both <i>download / collections</i>):
+
+* "controller"
+* "websocket"
+* "workbench"
+* "workbench2"
+* "webshell"
+* "download" # Part of keepweb
+* "collections" # Part of keepweb
+* "keepproxy"
+
+Ie., for 'keepproxy', the script will lookup for
+
+<notextile>
+<pre><code>${CUSTOM_CERTS_DIR}/keepproxy.crt
+${CUSTOM_CERTS_DIR}/keepproxy.key
+</code></pre>
+</notextile>
diff --git a/doc/install/salt-multi-host.html.textile.liquid b/doc/install/salt-multi-host.html.textile.liquid
index da86c443a..ab36035a8 100644
--- a/doc/install/salt-multi-host.html.textile.liquid
+++ b/doc/install/salt-multi-host.html.textile.liquid
@@ -106,28 +106,9 @@ cp -r config_examples/multi_host/aws local_config_dir
Edit the variables in the <i>local.params</i> file. Pay attention to the <b>*_INT_IP, *_TOKEN</b> and <b>*KEY</b> variables. Those variables will be used to do a search and replace on the <i>pillars/*</i> in place of any matching __VARIABLE__.
-The <i>multi_host</i> example includes LetsEncrypt salt code to automatically request and install the certificates for the public-facing hosts (API/controller, Workbench, Keepproxy/Keepweb) using AWS' Route53.
+The <i>multi_host</i> example includes Let's Encrypt salt code to automatically request and install the certificates for the public-facing hosts (API/controller, Workbench, Keepproxy/Keepweb) using AWS' Route53.
-If you plan to use custom certificates, please set the variable <i>USE_LETSENCRYPT=no</i> and copy your certificates to the directory specified with the variable @CUSTOM_CERTS_DIR@ (usually "./certs") in the remote directory where you copied the @provision.sh@ script. From this dir, the provision script will install the certificates required for the role you're installing.
-
-The script expects cert/key files with these basenames (matching the role except for <i>keepweb</i>, which is split in both <i>download / collections</i>):
-
-* "controller"
-* "websocket"
-* "workbench"
-* "workbench2"
-* "webshell"
-* "download" # Part of keepweb
-* "collections" # Part of keepweb
-* "keepproxy"
-
-Ie., for 'keepproxy', the script will lookup for
-
-<notextile>
-<pre><code>${CUSTOM_CERTS_DIR}/keepproxy.crt
-${CUSTOM_CERTS_DIR}/keepproxy.key
-</code></pre>
-</notextile>
+{% include 'install_custom_certificates' %}
h3(#further_customization). Further customization of the installation (modifying the salt pillars and states)
diff --git a/doc/install/salt-single-host.html.textile.liquid b/doc/install/salt-single-host.html.textile.liquid
index 11c8991e9..9147f25a1 100644
--- a/doc/install/salt-single-host.html.textile.liquid
+++ b/doc/install/salt-single-host.html.textile.liquid
@@ -57,28 +57,9 @@ Edit the variables in the <i>local.params</i> file. Pay attention to the <b>*_PO
The <i>single_host</i> examples use self-signed SSL certificates, which are deployed using the same mechanism used to deploy custom certificates.
-If you plan to use custom certificates, please set the variable <i>USE_LETSENCRYPT=no</i> and copy your certificates to the directory specified with the variable @CUSTOM_CERTS_DIR@ (usually "./certs") in the remote directory where you copied the @provision.sh@ script. From this dir, the provision script will install the certificates required for the role you're installing.
+{% include 'install_custom_certificates' %}
-The script expects cert/key files with these basenames (matching the role except for <i>keepweb</i>, which is split in both <i>download / collections</i>):
-
-* "controller"
-* "websocket"
-* "workbench"
-* "workbench2"
-* "webshell"
-* "download" # Part of keepweb
-* "collections" # Part of keepweb
-* "keepproxy"
-
-Ie., for 'keepproxy', the script will lookup for
-
-<notextile>
-<pre><code>${CUSTOM_CERTS_DIR}/keepproxy.crt
-${CUSTOM_CERTS_DIR}/keepproxy.key
-</code></pre>
-</notextile>
-
-If you want to use valid certificates provided by LetsEncrypt, please set the variable <i>USE_LETSENCRYPT=yes</i> and make sure that all the FQDNs that you will use for the public-facing applications (API/controller, Workbench, Keepproxy/Keepweb) are reachable.
+If you want to use valid certificates provided by Let's Encrypt, please set the variable <i>USE_LETSENCRYPT=yes</i> and make sure that all the FQDNs that you will use for the public-facing applications (API/controller, Workbench, Keepproxy/Keepweb) are reachable.
h3(#single_host_multiple_hostnames). Single host / multiple hostnames (Alternative configuration)
<notextile>
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list