[ARVADOS] updated: 2.1.0-1955-g1abfd2d5f

Git user git at public.arvados.org
Wed Feb 23 19:41:19 UTC 2022


Summary of changes:
 tools/salt-install/Vagrantfile                     |   5 +-
 .../pillars/aws_credentials.sls                    |   0
 .../multiple_hostnames/states/snakeoil_certs.sls   |   2 +-
 .../pillars/nginx_controller_configuration.sls     |   2 +-
 .../pillars/nginx_keepproxy_configuration.sls      |  12 ++
 .../single_hostname}/states/custom_certs.sls       |   0
 .../single_hostname/states/snakeoil_certs.sls      |  13 ++-
 .../local.params.example.multiple_hosts            |  11 +-
 ...l.params.example.single_host_multiple_hostnames |  11 +-
 ...ocal.params.example.single_host_single_hostname |  11 +-
 tools/salt-install/provision.sh                    | 130 +++++++++++----------
 11 files changed, 127 insertions(+), 70 deletions(-)
 copy tools/salt-install/config_examples/{multi_host/aws => single_host/multiple_hostnames}/pillars/aws_credentials.sls (100%)
 copy tools/salt-install/config_examples/{multi_host/aws => single_host/single_hostname}/states/custom_certs.sls (100%)

       via  1abfd2d5fdecd07dea3351c9c840cd61813e0007 (commit)
      from  61fb59bb562b5edb085e5978a47b1a6bc4f47849 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.


commit 1abfd2d5fdecd07dea3351c9c840cd61813e0007
Author: Javier Bértoli <jbertoli at curii.com>
Date:   Wed Feb 23 16:40:23 2022 -0300

    18785: make logic on different choices more consistent
    
    Arvados-DCO-1.1-Signed-off-by: Javier Bértoli <jbertoli at curii.com>

diff --git a/tools/salt-install/Vagrantfile b/tools/salt-install/Vagrantfile
index f5759c482..281c6e7e0 100644
--- a/tools/salt-install/Vagrantfile
+++ b/tools/salt-install/Vagrantfile
@@ -82,13 +82,16 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
                                cp -vr /vagrant/tests /home/vagrant/tests;
                                sed 's#HOSTNAME_EXT=\"\"#HOSTNAME_EXT=\"zeppo.local\"#g;
                                     s#cluster_fixme_or_this_wont_work#zeppo#g;
+                                    s#RELEASE=\"production\"#RELEASE=\"development\"#g;
                                     s/#\ BRANCH=\"main\"/\ BRANCH=\"main\"/g;
                                     s#domain_fixme_or_this_wont_work#local#g;' \
                                     /vagrant/local.params.example.single_host_single_hostname > /tmp/local.params.single_host_single_hostname"
+
      arv.vm.provision "shell",
                       path: "provision.sh",
                       args: [
-                        # "--debug",
+                        "--debug",
+                        "--development",
                         "--config /tmp/local.params.single_host_single_hostname",
                         "--test",
                         "--vagrant"
diff --git a/tools/salt-install/config_examples/single_host/multiple_hostnames/pillars/aws_credentials.sls b/tools/salt-install/config_examples/single_host/multiple_hostnames/pillars/aws_credentials.sls
new file mode 100644
index 000000000..35cdbf7bd
--- /dev/null
+++ b/tools/salt-install/config_examples/single_host/multiple_hostnames/pillars/aws_credentials.sls
@@ -0,0 +1,9 @@
+---
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: AGPL-3.0
+
+aws_credentials:
+  region: __LE_AWS_REGION__
+  access_key_id: __LE_AWS_ACCESS_KEY_ID__
+  secret_access_key: __LE_AWS_SECRET_ACCESS_KEY__
diff --git a/tools/salt-install/config_examples/single_host/multiple_hostnames/states/snakeoil_certs.sls b/tools/salt-install/config_examples/single_host/multiple_hostnames/states/snakeoil_certs.sls
index 8f2fda45b..047c3225e 100644
--- a/tools/salt-install/config_examples/single_host/multiple_hostnames/states/snakeoil_certs.sls
+++ b/tools/salt-install/config_examples/single_host/multiple_hostnames/states/snakeoil_certs.sls
@@ -177,7 +177,7 @@ extra_snakeoil_certs_arvados_snakeoil_cert_{{ vh }}_cmd_run:
       - file: extra_custom_certs_file_copy_arvados-{{ vh }}.key
 
   {%- if grains.get('os_family') == 'Debian' %}
-extra_snakeoil_certs_certs_permissions_{{ vh}}_cmd_run:
+extra_snakeoil_certs_certs_permissions_{{ vh }}_cmd_run:
   file.managed:
     - name: {{ arvados_key_file }}
     - owner: root
diff --git a/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_controller_configuration.sls b/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_controller_configuration.sls
index 746591ca3..7e7bc5ece 100644
--- a/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_controller_configuration.sls
+++ b/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_controller_configuration.sls
@@ -36,7 +36,7 @@ nginx:
       arvados_controller_ssl.conf:
         enabled: true
         overwrite: true
-            requires:
+        requires:
           __CERT_REQUIRES__
         config:
           - server:
diff --git a/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_keepproxy_configuration.sls b/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_keepproxy_configuration.sls
index 177738c50..b5c68c7e3 100644
--- a/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_keepproxy_configuration.sls
+++ b/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_keepproxy_configuration.sls
@@ -15,6 +15,18 @@ nginx:
 
   servers:
     managed:
+      ### DEFAULT
+      arvados_keepproxy_default.conf:
+        enabled: true
+        overwrite: true
+        config:
+          - server:
+            - server_name: keep.__CLUSTER__.__DOMAIN__
+            - listen:
+              - 80
+            - location /:
+              - return: '301 https://$host$request_uri'
+
       arvados_keepproxy_ssl.conf:
         enabled: true
         overwrite: true
diff --git a/tools/salt-install/config_examples/single_host/single_hostname/states/custom_certs.sls b/tools/salt-install/config_examples/single_host/single_hostname/states/custom_certs.sls
new file mode 100644
index 000000000..3b2be59f3
--- /dev/null
+++ b/tools/salt-install/config_examples/single_host/single_hostname/states/custom_certs.sls
@@ -0,0 +1,33 @@
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: Apache-2.0
+
+{%- set orig_cert_dir = salt['pillar.get']('extra_custom_certs_dir', '/srv/salt/certs')  %}
+{%- set dest_cert_dir = '/etc/nginx/ssl' %}
+{%- set certs = salt['pillar.get']('extra_custom_certs', [])  %}
+
+{% if certs %}
+extra_custom_certs_file_directory_certs_dir:
+  file.directory:
+    - name: /etc/nginx/ssl
+    - require:
+      - pkg: nginx_install
+
+  {%- for cert in certs %}
+    {%- set cert_file = 'arvados-' ~ cert ~ '.pem' %}
+    {#- set csr_file = 'arvados-' ~ cert ~ '.csr' #}
+    {%- set key_file = 'arvados-' ~ cert ~ '.key' %}
+    {% for c in [cert_file, key_file] %}
+extra_custom_certs_file_copy_{{ c }}:
+  file.copy:
+    - name: {{ dest_cert_dir }}/{{ c }}
+    - source: {{ orig_cert_dir }}/{{ c }}
+    - force: true
+    - user: root
+    - group: root
+    - unless: cmp {{ dest_cert_dir }}/{{ c }} {{ orig_cert_dir }}/{{ c }}
+    - require:
+      - file: extra_custom_certs_file_directory_certs_dir
+    {%- endfor %}
+  {%- endfor %}
+{%- endif %}
diff --git a/tools/salt-install/config_examples/single_host/single_hostname/states/snakeoil_certs.sls b/tools/salt-install/config_examples/single_host/single_hostname/states/snakeoil_certs.sls
index e76c1a96b..5292f9d03 100644
--- a/tools/salt-install/config_examples/single_host/single_hostname/states/snakeoil_certs.sls
+++ b/tools/salt-install/config_examples/single_host/single_hostname/states/snakeoil_certs.sls
@@ -86,6 +86,10 @@ extra_snakeoil_certs_arvados_snakeoil_ca_cmd_run:
     - require:
       - pkg: extra_snakeoil_certs_dependencies_pkg_installed
 
+{%- set arvados_cert_file = orig_cert_dir ~ '/arvados-__HOSTNAME_EXT__.pem' %}
+{%- set arvados_csr_file = orig_cert_dir ~ '/arvadoos-__HOSTNAME_EXT__.csr' %}
+{%- set arvados_key_file = orig_cert_dir ~ '/arvados-__HOSTNAME_EXT__.key' %}
+
 extra_snakeoil_certs_arvados_snakeoil_cert___HOSTNAME_EXT___cmd_run:
   cmd.run:
     - name: |
@@ -143,17 +147,16 @@ extra_snakeoil_certs_arvados_snakeoil_cert___HOSTNAME_EXT___cmd_run:
       - pkg: extra_snakeoil_certs_dependencies_pkg_installed
       - cmd: extra_snakeoil_certs_arvados_snakeoil_ca_cmd_run
     - require_in:
-      - file: extra_custom_certs_file_copy_arvados-{{ vh }}.pem
-      - file: extra_custom_certs_file_copy_arvados-{{ vh }}.key
+      - file: extra_custom_certs_file_copy_arvados-__HOSTNAME_EXT__.pem
+      - file: extra_custom_certs_file_copy_arvados-__HOSTNAME_EXT__.key
 
   {%- if grains.get('os_family') == 'Debian' %}
-extra_snakeoil_certs_certs_permissions_{{ vh}}_cmd_run:
+extra_snakeoil_certs_certs_permissions___HOSTNAME_EXT___cmd_run:
   file.managed:
     - name: {{ arvados_key_file }}
     - owner: root
     - group: ssl-cert
     - require:
-      - cmd: extra_snakeoil_certs_arvados_snakeoil_cert_{{ vh }}_cmd_run
+      - cmd: extra_snakeoil_certs_arvados_snakeoil_cert___HOSTNAME_EXT___cmd_run
       - pkg: extra_snakeoil_certs_ssl_cert_pkg_installed
   {%- endif %}
-{%- endfor %}
diff --git a/tools/salt-install/local.params.example.multiple_hosts b/tools/salt-install/local.params.example.multiple_hosts
index 380ce5ae7..84b06f1c1 100644
--- a/tools/salt-install/local.params.example.multiple_hosts
+++ b/tools/salt-install/local.params.example.multiple_hosts
@@ -3,6 +3,15 @@
 #
 # SPDX-License-Identifier: CC-BY-SA-3.0
 
+# THIS PARAMETER CONTROLS THE TYPE OF DEPLOYMENT. MODIFYING IT
+# MEANS MANY VARIABLES WILL NEED TO BE MODIFIED TOO.
+# THE VALUE IS A TUPLE <host>-<hostname>-<certs>
+# WHERE THE VALID VALUES ARE
+# HOST = single | multiple
+# HOSTNAME = single | multiple
+# CERTS = le | custom | snakeoil
+DEPLOYMENT_TYPE="multiple-multiple-letsencrypt"
+
 # These are the basic parameters to configure the installation
 
 # The FIVE ALPHANUMERIC CHARACTERS name you want to give your cluster
@@ -120,7 +129,7 @@ RELEASE="production"
 # Formulas versions
 # ARVADOS_TAG="2.2.0"
 # POSTGRES_TAG="v0.43.0"
-# NGINX_TAG="temp-fix-missing-statements-in-pillar"
+# NGINX_TAG="v2.8.0"
 # DOCKER_TAG="v2.0.7"
 # LOCALE_TAG="v0.3.4"
 # LETSENCRYPT_TAG="v2.1.0"
diff --git a/tools/salt-install/local.params.example.single_host_multiple_hostnames b/tools/salt-install/local.params.example.single_host_multiple_hostnames
index ef47467e5..65c911668 100644
--- a/tools/salt-install/local.params.example.single_host_multiple_hostnames
+++ b/tools/salt-install/local.params.example.single_host_multiple_hostnames
@@ -3,6 +3,15 @@
 #
 # SPDX-License-Identifier: CC-BY-SA-3.0
 
+# THIS PARAMETER CONTROLS THE TYPE OF DEPLOYMENT. MODIFYING IT
+# MEANS MANY VARIABLES WILL NEED TO BE MODIFIED TOO.
+# THE VALUE IS A TUPLE <host>-<hostname>-<certs>
+# WHERE THE VALID VALUES ARE
+# HOST = single | multiple
+# HOSTNAME = single | multiple
+# CERTS = le | custom | snakeoil
+DEPLOYMENT_TYPE="single-multiple-snakeoil"
+
 # These are the basic parameters to configure the installation
 
 # The FIVE ALPHANUMERIC CHARACTERS name you want to give your cluster
@@ -96,7 +105,7 @@ RELEASE="production"
 # Formulas versions
 # ARVADOS_TAG="2.2.0"
 # POSTGRES_TAG="v0.43.0"
-# NGINX_TAG="temp-fix-missing-statements-in-pillar"
+# NGINX_TAG="v2.8.0"
 # DOCKER_TAG="v2.0.7"
 # LOCALE_TAG="v0.3.4"
 # LETSENCRYPT_TAG="v2.1.0"
diff --git a/tools/salt-install/local.params.example.single_host_single_hostname b/tools/salt-install/local.params.example.single_host_single_hostname
index d09cdb2ef..641f2cf1d 100644
--- a/tools/salt-install/local.params.example.single_host_single_hostname
+++ b/tools/salt-install/local.params.example.single_host_single_hostname
@@ -3,6 +3,15 @@
 #
 # SPDX-License-Identifier: CC-BY-SA-3.0
 
+# THIS PARAMETER CONTROLS THE TYPE OF DEPLOYMENT. MODIFYING IT
+# MEANS MANY VARIABLES WILL NEED TO BE MODIFIED TOO.
+# THE VALUE IS A TUPLE <host>-<hostname>-<certs>
+# WHERE THE VALID VALUES ARE
+# HOST = single | multiple
+# HOSTNAME = single | multiple
+# CERTS = le | custom | snakeoil
+DEPLOYMENT_TYPE="single-single-snakeoil"
+
 # These are the basic parameters to configure the installation
 
 # The FIVE ALPHANUMERIC CHARACTERS name you want to give your cluster
@@ -83,7 +92,7 @@ RELEASE="production"
 # Formulas versions
 # ARVADOS_TAG="2.2.0"
 # POSTGRES_TAG="v0.43.0"
-# NGINX_TAG="temp-fix-missing-statements-in-pillar"
+# NGINX_TAG="v2.8.0"
 # DOCKER_TAG="v2.0.7"
 # LOCALE_TAG="v0.3.4"
 # LETSENCRYPT_TAG="v2.1.0"
diff --git a/tools/salt-install/provision.sh b/tools/salt-install/provision.sh
index 4b72246b9..77ed8de9f 100755
--- a/tools/salt-install/provision.sh
+++ b/tools/salt-install/provision.sh
@@ -156,6 +156,16 @@ copy_custom_cert() {
   fi
 }
 
+# THIS PARAMETER CONTROLS THE TYPE OF DEPLOYMENT. MODIFYING IT
+# MEANS MANY VARIABLES WILL NEED TO BE MODIFIED TOO.
+# THE VALUE IS A TUPLE <host>-<hostname>-<certs>
+# WHERE THE VALID VALUES ARE
+# HOST = single | multiple
+# HOSTNAME = single | multiple
+# CERTS = lesencrypt | custom | snakeoil
+# We default to
+DEPLOYMENT_TYPE="single-multiple-snakeoil"
+
 DEV_MODE="no"
 CONFIG_FILE="${SCRIPT_DIR}/local.params"
 CONFIG_DIR="local_config_dir"
@@ -167,7 +177,7 @@ TESTS_DIR="tests"
 CLUSTER=""
 DOMAIN=""
 
-# Hostnames/IPs used for single-host deploys
+# Hostnames/IPs used for single-host/single hostname deploys
 HOSTNAME_EXT=""
 HOSTNAME_INT="127.0.1.1"
 
@@ -188,6 +198,11 @@ WORKBENCH2_EXT_SSL_PORT=3001
 USE_LETSENCRYPT="no"
 CUSTOM_CERTS_DIR="${SCRIPT_DIR}/certs"
 
+# These parameters depend on the DEPLOYMENT_TYPE selected
+if (echo ${DEPLOYMENT_TYPE} | grep -q letsencrypt); then
+  USE_LETSENCRYPT="yes"
+fi
+
 ## These are ARVADOS-related parameters
 # For a stable release, change RELEASE "production" and VERSION to the
 # package version (including the iteration, e.g. X.Y.Z-1) of the
@@ -205,7 +220,7 @@ VERSION="latest"
 
 # Other formula versions we depend on
 POSTGRES_TAG="v0.43.0"
-NGINX_TAG="temp-fix-missing-statements-in-pillar"
+NGINX_TAG="v2.8.0"
 DOCKER_TAG="v2.0.7"
 LOCALE_TAG="v0.3.4"
 LETSENCRYPT_TAG="v2.1.0"
@@ -254,8 +269,10 @@ if ! grep -qE '^[[:alnum:]]{5}$' <<<${CLUSTER} ; then
 fi
 
 # Only used in single_host/single_name deploys
-if [ "x${HOSTNAME_EXT}" = "x" ] ; then
-  HOSTNAME_EXT="${CLUSTER}.${DOMAIN}"
+if (echo ${DEPLOYMENT_TYPE} | grep -q ^single-single); then
+  if [ -z "${HOSTNAME_EXT}" ] ; then
+    HOSTNAME_EXT="${CLUSTER}.${DOMAIN}"
+  fi
 fi
 
 if [ "${DUMP_CONFIG}" = "yes" ]; then
@@ -334,7 +351,7 @@ elif [ "x${ARVADOS_TAG}" != "x" ]; then
 ( cd ${F_DIR}/arvados && git checkout --quiet tags/"${ARVADOS_TAG}" -b "${ARVADOS_TAG}" )
 fi
 
-if [ "x${VAGRANT}" = "xyes" ]; then
+if [ "${VAGRANT}" = "yes" ]; then
   EXTRA_STATES_DIR="/home/vagrant/${CONFIG_DIR}/states"
   SOURCE_PILLARS_DIR="/home/vagrant/${CONFIG_DIR}/pillars"
   SOURCE_TESTS_DIR="/home/vagrant/${TESTS_DIR}"
@@ -395,7 +412,7 @@ for f in $(ls "${SOURCE_PILLARS_DIR}"/*); do
   "${f}" > "${P_DIR}"/$(basename "${f}")
 done
 
-if [ "x${TEST}" = "xyes" ] && [ ! -d "${SOURCE_TESTS_DIR}" ]; then
+if [ "${TEST}" = "yes" ] && [ ! -d "${SOURCE_TESTS_DIR}" ]; then
   echo "You requested to run tests, but ${SOURCE_TESTS_DIR} does not exist or is not a directory. Exiting."
   exit 1
 fi
@@ -487,10 +504,10 @@ if [ -d "${F_DIR}"/extra/extra ]; then
   fi
   # We simply skip the snake-oil certs based on $SKIP_SNAKE_OIL
   for f in $(ls "${F_DIR}"/extra/extra/*.sls | grep -v ${SKIP_SNAKE_OIL}); do
-  echo "    - extra.$(basename ${f} | sed 's/.sls$//g')" >> ${S_DIR}/top.sls
+    echo "    - extra.$(basename ${f} | sed 's/.sls$//g')" >> ${S_DIR}/top.sls
   done
   # Use custom certs
-  if [ "x${USE_LETSENCRYPT}" != "xyes" ]; then
+  if [ "${USE_LETSENCRYPT}" != "yes" ]; then
     mkdir -p "${F_DIR}"/extra/extra/files
   fi
 fi
@@ -499,11 +516,11 @@ fi
 if [ -z "${ROLES}" ]; then
   # States
   echo "    - nginx.passenger" >> ${S_DIR}/top.sls
-  if [ "x${USE_LETSENCRYPT}" = "xyes" ]; then
-    if [ "x${USE_LETSENCRYPT_ROUTE53}" == "xyes" ]; then
+  if [ "${USE_LETSENCRYPT}" = "yes" ]; then
+    if [ "${USE_LETSENCRYPT_ROUTE53}" = "yes" ]; then
       grep -q "aws_credentials" ${S_DIR}/top.sls || echo "    - extra.aws_credentials" >> ${S_DIR}/top.sls
     fi
-    grep -q "letsencrypt"     ${S_DIR}/top.sls || echo "    - letsencrypt" >> ${S_DIR}/top.sls
+    grep -q "letsencrypt" ${S_DIR}/top.sls || echo "    - letsencrypt" >> ${S_DIR}/top.sls
   else
     # Use custom certs
     # Copy certs to formula extra/files
@@ -532,54 +549,50 @@ if [ -z "${ROLES}" ]; then
   echo "    - nginx_workbench_configuration" >> ${P_DIR}/top.sls
   echo "    - postgresql" >> ${P_DIR}/top.sls
 
-  # Currently, only available on config_examples/multi_host/aws
-  if [ "x${USE_LETSENCRYPT}" = "xyes" ]; then
-    if [ "x${USE_LETSENCRYPT_ROUTE53}" == "xyes" ]; then
+  if [ "${USE_LETSENCRYPT}" = "yes" ]; then
+    if [ "${USE_LETSENCRYPT_ROUTE53}" = "yes" ]; then
       grep -q "aws_credentials" ${P_DIR}/top.sls || echo "    - aws_credentials" >> ${P_DIR}/top.sls
     fi
-    grep -q "letsencrypt"     ${P_DIR}/top.sls || echo "    - letsencrypt" >> ${P_DIR}/top.sls
+    grep -q "letsencrypt" ${P_DIR}/top.sls || echo "    - letsencrypt" >> ${P_DIR}/top.sls
 
     # As the pillar differ whether we use LE or custom certs, we need to do a final edition on them
-    # Are we in a single-host-single-hostname env?
-    if [ "x${HOSTNAME_EXT}" != "x" ] then;
-      sed -i "s/__CERT_REQUIRES__/cmd: create-initial-cert-${HOSTNAME_EXT}*/g;
-              s#__CERT_PEM__#/etc/letsencrypt/live/${HOSTNAME_EXT}/fullchain.pem#g;
-              s#__CERT_KEY__#/etc/letsencrypt/live/${HOSTNAME_EXT}/privkey.pem#g" \
-      ${P_DIR}/nginx_${HOSTNAME_EXT}_configuration.sls
-    else
-      # We are in a single-host-multiple-hostnames env
-      for c in controller websocket workbench workbench2 webshell download collections keepproxy; do
-        sed -i "s/__CERT_REQUIRES__/cmd: create-initial-cert-${c}.${CLUSTER}.${DOMAIN}*/g;
-                s#__CERT_PEM__#/etc/letsencrypt/live/${c}.${CLUSTER}.${DOMAIN}/fullchain.pem#g;
-                s#__CERT_KEY__#/etc/letsencrypt/live/${c}.${CLUSTER}.${DOMAIN}/privkey.pem#g" \
-        ${P_DIR}/nginx_${c}_configuration.sls
-      done
-    fi
-  else
-    # Use custom certs (either dev mode or prod)
+    for c in controller websocket workbench workbench2 webshell keepweb keepproxy; do
+      if (echo ${DEPLOYMENT_TYPE} | grep -q ^single-single); then
+        # Are we in a single-host-single-hostname env?
+        CERT_NAME=${HOSTNAME_EXT}
+      else
+        # We are in a single-host-multiple-hostnames env
+        CERT_NAME=${c}.${CLUSTER}.${DOMAIN}
+      fi
+
+      sed -i "s/__CERT_REQUIRES__/cmd: create-initial-cert-${CERT_NAME}*/g;
+              s#__CERT_PEM__#/etc/letsencrypt/live/${CERT_NAME}/fullchain.pem#g;
+              s#__CERT_KEY__#/etc/letsencrypt/live/${CERT_NAME}/privkey.pem#g" \
+      ${P_DIR}/nginx_${c}_configuration.sls
+    done
+  else # Use custom certs (either dev mode or prod)
     grep -q "extra_custom_certs" ${P_DIR}/top.sls || echo "    - extra_custom_certs" >> ${P_DIR}/top.sls
     # And add the certs in the custom_certs pillar
     echo "extra_custom_certs_dir: /srv/salt/certs" > ${P_DIR}/extra_custom_certs.sls
     echo "extra_custom_certs:" >> ${P_DIR}/extra_custom_certs.sls
 
     # Are we in a single-host-single-hostname env?
-    if [ "x${HOSTNAME_EXT}" != "x" ] then;
-      sed -i "s/__CERT_REQUIRES__/file: extra_custom_certs_file_copy_arvados-${HOSTNAME_EXT}.pem/g;
-              s#__CERT_PEM__#/etc/nginx/ssl/arvados-${HOSTNAME_EXT}.pem#g;
-              s#__CERT_KEY__#/etc/nginx/ssl/arvados-${HOSTNAME_EXT}.key#g" \
-      ${P_DIR}/nginx_${HOSTNAME_EXT}_configuration.sls
+    if (echo ${DEPLOYMENT_TYPE} | grep -q ^single-single); then
+      # Are we in a single-host-single-hostname env?
+      CERT_NAME=${HOSTNAME_EXT}
     else
-      # We are in a single-host-multiple-hostnames env
-      for c in controller websocket workbench workbench2 webshell download collections keepproxy; do
-        grep -q ${c} ${P_DIR}/extra_custom_certs.sls || echo "  - ${c}" >> ${P_DIR}/extra_custom_certs.sls
-
-        # As the pillar differ whether we use LE or custom certs, we need to do a final edition on them
-        sed -i "s/__CERT_REQUIRES__/file: extra_custom_certs_file_copy_arvados-${c}.pem/g;
-                s#__CERT_PEM__#/etc/nginx/ssl/arvados-${c}.pem#g;
-                s#__CERT_KEY__#/etc/nginx/ssl/arvados-${c}.key#g" \
-        ${P_DIR}/nginx_${c}_configuration.sls
-      done
+      # We are in a multiple-hostnames env
+      CERT_NAME=${c}
     fi
+    for c in controller websocket workbench workbench2 webshell keepweb keepproxy; do
+      grep -q ${CERT_NAME} ${P_DIR}/extra_custom_certs.sls || echo "  - ${CERT_NAME}" >> ${P_DIR}/extra_custom_certs.sls
+
+      # As the pillar differs whether we use LE or custom certs, we need to do a final edition on them
+      sed -i "s/__CERT_REQUIRES__/file: extra_custom_certs_file_copy_arvados-${CERT_NAME}.pem/g;
+              s#__CERT_PEM__#/etc/nginx/ssl/arvados-${CERT_NAME}.pem#g;
+              s#__CERT_KEY__#/etc/nginx/ssl/arvados-${CERT_NAME}.key#g" \
+      ${P_DIR}/nginx_${c}_configuration.sls
+    done
   fi
 else
   # If we add individual roles, make sure we add the repo first
@@ -588,7 +601,7 @@ else
   grep -q "custom_certs"    ${S_DIR}/top.sls || echo "    - extra.custom_certs" >> ${S_DIR}/top.sls
 
   # And we add the basic part for the certs pillar
-  if [ "x${USE_LETSENCRYPT}" != "xyes" ]; then
+  if [ "${USE_LETSENCRYPT}" != "yes" ]; then
     # And add the certs in the custom_certs pillar
     echo "extra_custom_certs_dir: /srv/salt/certs" > ${P_DIR}/extra_custom_certs.sls
     echo "extra_custom_certs:" >> ${P_DIR}/extra_custom_certs.sls
@@ -611,8 +624,8 @@ else
         ### If we don't install and run LE before arvados-api-server, it fails and breaks everything
         ### after it. So we add this here as we are, after all, sharing the host for api and controller
         # Currently, only available on config_examples/multi_host/aws
-        if [ "x${USE_LETSENCRYPT}" = "xyes" ]; then
-          if [ "x${USE_LETSENCRYPT_ROUTE53}" == "xyes" ]; then
+        if [ "${USE_LETSENCRYPT}" = "yes" ]; then
+          if [ "${USE_LETSENCRYPT_ROUTE53}" = "yes" ]; then
             grep -q "aws_credentials" ${S_DIR}/top.sls || echo "    - aws_credentials" >> ${S_DIR}/top.sls
           fi
           grep -q "letsencrypt" ${S_DIR}/top.sls || echo "    - letsencrypt" >> ${S_DIR}/top.sls
@@ -632,8 +645,8 @@ else
         # States
         grep -q "nginx.passenger" ${S_DIR}/top.sls || echo "    - nginx.passenger" >> ${S_DIR}/top.sls
         # Currently, only available on config_examples/multi_host/aws
-        if [ "x${USE_LETSENCRYPT}" = "xyes" ]; then
-          if [ "x${USE_LETSENCRYPT_ROUTE53}" == "xyes" ]; then
+        if [ "${USE_LETSENCRYPT}" = "yes" ]; then
+          if [ "${USE_LETSENCRYPT_ROUTE53}" = "yes" ]; then
             grep -q "aws_credentials" ${S_DIR}/top.sls || echo "    - aws_credentials" >> ${S_DIR}/top.sls
           fi
           grep -q "letsencrypt"     ${S_DIR}/top.sls || echo "    - letsencrypt" >> ${S_DIR}/top.sls
@@ -659,9 +672,8 @@ else
           grep -q "nginx_collections_configuration" ${P_DIR}/top.sls || echo "    - nginx_collections_configuration" >> ${P_DIR}/top.sls
         fi
 
-        # Currently, only available on config_examples/multi_host/aws
-        if [ "x${USE_LETSENCRYPT}" = "xyes" ]; then
-          if [ "x${USE_LETSENCRYPT_ROUTE53}" == "xyes" ]; then
+        if [ "${USE_LETSENCRYPT}" = "yes" ]; then
+          if [ "${USE_LETSENCRYPT_ROUTE53}" = "yes" ]; then
             grep -q "aws_credentials" ${P_DIR}/top.sls || echo "    - aws_credentials" >> ${P_DIR}/top.sls
           fi
           grep -q "letsencrypt"     ${P_DIR}/top.sls || echo "    - letsencrypt" >> ${P_DIR}/top.sls
@@ -751,12 +763,12 @@ echo '\pset pager off' >> /root/.psqlrc
 salt-call --local state.apply -l ${LOG_LEVEL}
 
 # FIXME! #16992 Temporary fix for psql call in arvados-api-server
-if [ "x${DELETE_PSQL}" = "xyes" ]; then
+if [ "${DELETE_PSQL}" = "yes" ]; then
   echo "Removing .psql file"
   rm /root/.psqlrc
 fi
 
-if [ "x${RESTORE_PSQL}" = "xyes" ]; then
+if [ "${RESTORE_PSQL}" = "yes" ]; then
   echo "Restoring .psql file"
   mv -v /root/.psqlrc.provision.backup /root/.psqlrc
 fi
@@ -766,7 +778,7 @@ fi
 if [ "$DEV_MODE" = "yes" ]; then
   echo "Copying the Arvados CA certificate to the installer dir, so you can import it"
   # If running in a vagrant VM, also add default user to docker group
-  if [ "x${VAGRANT}" = "xyes" ]; then
+  if [ "${VAGRANT}" = "yes" ]; then
     cp /etc/ssl/certs/arvados-snakeoil-ca.pem /vagrant/${CLUSTER}.${DOMAIN}-arvados-snakeoil-ca.pem
 
     echo "Adding the vagrant user to the docker group"
@@ -777,7 +789,7 @@ if [ "$DEV_MODE" = "yes" ]; then
 fi
 
 # Test that the installation finished correctly
-if [ "x${TEST}" = "xyes" ]; then
+if [ "${TEST}" = "yes" ]; then
   cd ${T_DIR}
   # If we use RVM, we need to run this with it, or most ruby commands will fail
   RVM_EXEC=""

-----------------------------------------------------------------------


hooks/post-receive
-- 




More information about the arvados-commits mailing list