[ARVADOS] updated: 2.1.0-1955-g1abfd2d5f
Git user
git at public.arvados.org
Wed Feb 23 19:41:19 UTC 2022
Summary of changes:
tools/salt-install/Vagrantfile | 5 +-
.../pillars/aws_credentials.sls | 0
.../multiple_hostnames/states/snakeoil_certs.sls | 2 +-
.../pillars/nginx_controller_configuration.sls | 2 +-
.../pillars/nginx_keepproxy_configuration.sls | 12 ++
.../single_hostname}/states/custom_certs.sls | 0
.../single_hostname/states/snakeoil_certs.sls | 13 ++-
.../local.params.example.multiple_hosts | 11 +-
...l.params.example.single_host_multiple_hostnames | 11 +-
...ocal.params.example.single_host_single_hostname | 11 +-
tools/salt-install/provision.sh | 130 +++++++++++----------
11 files changed, 127 insertions(+), 70 deletions(-)
copy tools/salt-install/config_examples/{multi_host/aws => single_host/multiple_hostnames}/pillars/aws_credentials.sls (100%)
copy tools/salt-install/config_examples/{multi_host/aws => single_host/single_hostname}/states/custom_certs.sls (100%)
via 1abfd2d5fdecd07dea3351c9c840cd61813e0007 (commit)
from 61fb59bb562b5edb085e5978a47b1a6bc4f47849 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
commit 1abfd2d5fdecd07dea3351c9c840cd61813e0007
Author: Javier Bértoli <jbertoli at curii.com>
Date: Wed Feb 23 16:40:23 2022 -0300
18785: make logic on different choices more consistent
Arvados-DCO-1.1-Signed-off-by: Javier Bértoli <jbertoli at curii.com>
diff --git a/tools/salt-install/Vagrantfile b/tools/salt-install/Vagrantfile
index f5759c482..281c6e7e0 100644
--- a/tools/salt-install/Vagrantfile
+++ b/tools/salt-install/Vagrantfile
@@ -82,13 +82,16 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
cp -vr /vagrant/tests /home/vagrant/tests;
sed 's#HOSTNAME_EXT=\"\"#HOSTNAME_EXT=\"zeppo.local\"#g;
s#cluster_fixme_or_this_wont_work#zeppo#g;
+ s#RELEASE=\"production\"#RELEASE=\"development\"#g;
s/#\ BRANCH=\"main\"/\ BRANCH=\"main\"/g;
s#domain_fixme_or_this_wont_work#local#g;' \
/vagrant/local.params.example.single_host_single_hostname > /tmp/local.params.single_host_single_hostname"
+
arv.vm.provision "shell",
path: "provision.sh",
args: [
- # "--debug",
+ "--debug",
+ "--development",
"--config /tmp/local.params.single_host_single_hostname",
"--test",
"--vagrant"
diff --git a/tools/salt-install/config_examples/single_host/multiple_hostnames/pillars/aws_credentials.sls b/tools/salt-install/config_examples/single_host/multiple_hostnames/pillars/aws_credentials.sls
new file mode 100644
index 000000000..35cdbf7bd
--- /dev/null
+++ b/tools/salt-install/config_examples/single_host/multiple_hostnames/pillars/aws_credentials.sls
@@ -0,0 +1,9 @@
+---
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: AGPL-3.0
+
+aws_credentials:
+ region: __LE_AWS_REGION__
+ access_key_id: __LE_AWS_ACCESS_KEY_ID__
+ secret_access_key: __LE_AWS_SECRET_ACCESS_KEY__
diff --git a/tools/salt-install/config_examples/single_host/multiple_hostnames/states/snakeoil_certs.sls b/tools/salt-install/config_examples/single_host/multiple_hostnames/states/snakeoil_certs.sls
index 8f2fda45b..047c3225e 100644
--- a/tools/salt-install/config_examples/single_host/multiple_hostnames/states/snakeoil_certs.sls
+++ b/tools/salt-install/config_examples/single_host/multiple_hostnames/states/snakeoil_certs.sls
@@ -177,7 +177,7 @@ extra_snakeoil_certs_arvados_snakeoil_cert_{{ vh }}_cmd_run:
- file: extra_custom_certs_file_copy_arvados-{{ vh }}.key
{%- if grains.get('os_family') == 'Debian' %}
-extra_snakeoil_certs_certs_permissions_{{ vh}}_cmd_run:
+extra_snakeoil_certs_certs_permissions_{{ vh }}_cmd_run:
file.managed:
- name: {{ arvados_key_file }}
- owner: root
diff --git a/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_controller_configuration.sls b/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_controller_configuration.sls
index 746591ca3..7e7bc5ece 100644
--- a/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_controller_configuration.sls
+++ b/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_controller_configuration.sls
@@ -36,7 +36,7 @@ nginx:
arvados_controller_ssl.conf:
enabled: true
overwrite: true
- requires:
+ requires:
__CERT_REQUIRES__
config:
- server:
diff --git a/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_keepproxy_configuration.sls b/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_keepproxy_configuration.sls
index 177738c50..b5c68c7e3 100644
--- a/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_keepproxy_configuration.sls
+++ b/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_keepproxy_configuration.sls
@@ -15,6 +15,18 @@ nginx:
servers:
managed:
+ ### DEFAULT
+ arvados_keepproxy_default.conf:
+ enabled: true
+ overwrite: true
+ config:
+ - server:
+ - server_name: keep.__CLUSTER__.__DOMAIN__
+ - listen:
+ - 80
+ - location /:
+ - return: '301 https://$host$request_uri'
+
arvados_keepproxy_ssl.conf:
enabled: true
overwrite: true
diff --git a/tools/salt-install/config_examples/single_host/single_hostname/states/custom_certs.sls b/tools/salt-install/config_examples/single_host/single_hostname/states/custom_certs.sls
new file mode 100644
index 000000000..3b2be59f3
--- /dev/null
+++ b/tools/salt-install/config_examples/single_host/single_hostname/states/custom_certs.sls
@@ -0,0 +1,33 @@
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: Apache-2.0
+
+{%- set orig_cert_dir = salt['pillar.get']('extra_custom_certs_dir', '/srv/salt/certs') %}
+{%- set dest_cert_dir = '/etc/nginx/ssl' %}
+{%- set certs = salt['pillar.get']('extra_custom_certs', []) %}
+
+{% if certs %}
+extra_custom_certs_file_directory_certs_dir:
+ file.directory:
+ - name: /etc/nginx/ssl
+ - require:
+ - pkg: nginx_install
+
+ {%- for cert in certs %}
+ {%- set cert_file = 'arvados-' ~ cert ~ '.pem' %}
+ {#- set csr_file = 'arvados-' ~ cert ~ '.csr' #}
+ {%- set key_file = 'arvados-' ~ cert ~ '.key' %}
+ {% for c in [cert_file, key_file] %}
+extra_custom_certs_file_copy_{{ c }}:
+ file.copy:
+ - name: {{ dest_cert_dir }}/{{ c }}
+ - source: {{ orig_cert_dir }}/{{ c }}
+ - force: true
+ - user: root
+ - group: root
+ - unless: cmp {{ dest_cert_dir }}/{{ c }} {{ orig_cert_dir }}/{{ c }}
+ - require:
+ - file: extra_custom_certs_file_directory_certs_dir
+ {%- endfor %}
+ {%- endfor %}
+{%- endif %}
diff --git a/tools/salt-install/config_examples/single_host/single_hostname/states/snakeoil_certs.sls b/tools/salt-install/config_examples/single_host/single_hostname/states/snakeoil_certs.sls
index e76c1a96b..5292f9d03 100644
--- a/tools/salt-install/config_examples/single_host/single_hostname/states/snakeoil_certs.sls
+++ b/tools/salt-install/config_examples/single_host/single_hostname/states/snakeoil_certs.sls
@@ -86,6 +86,10 @@ extra_snakeoil_certs_arvados_snakeoil_ca_cmd_run:
- require:
- pkg: extra_snakeoil_certs_dependencies_pkg_installed
+{%- set arvados_cert_file = orig_cert_dir ~ '/arvados-__HOSTNAME_EXT__.pem' %}
+{%- set arvados_csr_file = orig_cert_dir ~ '/arvadoos-__HOSTNAME_EXT__.csr' %}
+{%- set arvados_key_file = orig_cert_dir ~ '/arvados-__HOSTNAME_EXT__.key' %}
+
extra_snakeoil_certs_arvados_snakeoil_cert___HOSTNAME_EXT___cmd_run:
cmd.run:
- name: |
@@ -143,17 +147,16 @@ extra_snakeoil_certs_arvados_snakeoil_cert___HOSTNAME_EXT___cmd_run:
- pkg: extra_snakeoil_certs_dependencies_pkg_installed
- cmd: extra_snakeoil_certs_arvados_snakeoil_ca_cmd_run
- require_in:
- - file: extra_custom_certs_file_copy_arvados-{{ vh }}.pem
- - file: extra_custom_certs_file_copy_arvados-{{ vh }}.key
+ - file: extra_custom_certs_file_copy_arvados-__HOSTNAME_EXT__.pem
+ - file: extra_custom_certs_file_copy_arvados-__HOSTNAME_EXT__.key
{%- if grains.get('os_family') == 'Debian' %}
-extra_snakeoil_certs_certs_permissions_{{ vh}}_cmd_run:
+extra_snakeoil_certs_certs_permissions___HOSTNAME_EXT___cmd_run:
file.managed:
- name: {{ arvados_key_file }}
- owner: root
- group: ssl-cert
- require:
- - cmd: extra_snakeoil_certs_arvados_snakeoil_cert_{{ vh }}_cmd_run
+ - cmd: extra_snakeoil_certs_arvados_snakeoil_cert___HOSTNAME_EXT___cmd_run
- pkg: extra_snakeoil_certs_ssl_cert_pkg_installed
{%- endif %}
-{%- endfor %}
diff --git a/tools/salt-install/local.params.example.multiple_hosts b/tools/salt-install/local.params.example.multiple_hosts
index 380ce5ae7..84b06f1c1 100644
--- a/tools/salt-install/local.params.example.multiple_hosts
+++ b/tools/salt-install/local.params.example.multiple_hosts
@@ -3,6 +3,15 @@
#
# SPDX-License-Identifier: CC-BY-SA-3.0
+# THIS PARAMETER CONTROLS THE TYPE OF DEPLOYMENT. MODIFYING IT
+# MEANS MANY VARIABLES WILL NEED TO BE MODIFIED TOO.
+# THE VALUE IS A TUPLE <host>-<hostname>-<certs>
+# WHERE THE VALID VALUES ARE
+# HOST = single | multiple
+# HOSTNAME = single | multiple
+# CERTS = le | custom | snakeoil
+DEPLOYMENT_TYPE="multiple-multiple-letsencrypt"
+
# These are the basic parameters to configure the installation
# The FIVE ALPHANUMERIC CHARACTERS name you want to give your cluster
@@ -120,7 +129,7 @@ RELEASE="production"
# Formulas versions
# ARVADOS_TAG="2.2.0"
# POSTGRES_TAG="v0.43.0"
-# NGINX_TAG="temp-fix-missing-statements-in-pillar"
+# NGINX_TAG="v2.8.0"
# DOCKER_TAG="v2.0.7"
# LOCALE_TAG="v0.3.4"
# LETSENCRYPT_TAG="v2.1.0"
diff --git a/tools/salt-install/local.params.example.single_host_multiple_hostnames b/tools/salt-install/local.params.example.single_host_multiple_hostnames
index ef47467e5..65c911668 100644
--- a/tools/salt-install/local.params.example.single_host_multiple_hostnames
+++ b/tools/salt-install/local.params.example.single_host_multiple_hostnames
@@ -3,6 +3,15 @@
#
# SPDX-License-Identifier: CC-BY-SA-3.0
+# THIS PARAMETER CONTROLS THE TYPE OF DEPLOYMENT. MODIFYING IT
+# MEANS MANY VARIABLES WILL NEED TO BE MODIFIED TOO.
+# THE VALUE IS A TUPLE <host>-<hostname>-<certs>
+# WHERE THE VALID VALUES ARE
+# HOST = single | multiple
+# HOSTNAME = single | multiple
+# CERTS = le | custom | snakeoil
+DEPLOYMENT_TYPE="single-multiple-snakeoil"
+
# These are the basic parameters to configure the installation
# The FIVE ALPHANUMERIC CHARACTERS name you want to give your cluster
@@ -96,7 +105,7 @@ RELEASE="production"
# Formulas versions
# ARVADOS_TAG="2.2.0"
# POSTGRES_TAG="v0.43.0"
-# NGINX_TAG="temp-fix-missing-statements-in-pillar"
+# NGINX_TAG="v2.8.0"
# DOCKER_TAG="v2.0.7"
# LOCALE_TAG="v0.3.4"
# LETSENCRYPT_TAG="v2.1.0"
diff --git a/tools/salt-install/local.params.example.single_host_single_hostname b/tools/salt-install/local.params.example.single_host_single_hostname
index d09cdb2ef..641f2cf1d 100644
--- a/tools/salt-install/local.params.example.single_host_single_hostname
+++ b/tools/salt-install/local.params.example.single_host_single_hostname
@@ -3,6 +3,15 @@
#
# SPDX-License-Identifier: CC-BY-SA-3.0
+# THIS PARAMETER CONTROLS THE TYPE OF DEPLOYMENT. MODIFYING IT
+# MEANS MANY VARIABLES WILL NEED TO BE MODIFIED TOO.
+# THE VALUE IS A TUPLE <host>-<hostname>-<certs>
+# WHERE THE VALID VALUES ARE
+# HOST = single | multiple
+# HOSTNAME = single | multiple
+# CERTS = le | custom | snakeoil
+DEPLOYMENT_TYPE="single-single-snakeoil"
+
# These are the basic parameters to configure the installation
# The FIVE ALPHANUMERIC CHARACTERS name you want to give your cluster
@@ -83,7 +92,7 @@ RELEASE="production"
# Formulas versions
# ARVADOS_TAG="2.2.0"
# POSTGRES_TAG="v0.43.0"
-# NGINX_TAG="temp-fix-missing-statements-in-pillar"
+# NGINX_TAG="v2.8.0"
# DOCKER_TAG="v2.0.7"
# LOCALE_TAG="v0.3.4"
# LETSENCRYPT_TAG="v2.1.0"
diff --git a/tools/salt-install/provision.sh b/tools/salt-install/provision.sh
index 4b72246b9..77ed8de9f 100755
--- a/tools/salt-install/provision.sh
+++ b/tools/salt-install/provision.sh
@@ -156,6 +156,16 @@ copy_custom_cert() {
fi
}
+# THIS PARAMETER CONTROLS THE TYPE OF DEPLOYMENT. MODIFYING IT
+# MEANS MANY VARIABLES WILL NEED TO BE MODIFIED TOO.
+# THE VALUE IS A TUPLE <host>-<hostname>-<certs>
+# WHERE THE VALID VALUES ARE
+# HOST = single | multiple
+# HOSTNAME = single | multiple
+# CERTS = lesencrypt | custom | snakeoil
+# We default to
+DEPLOYMENT_TYPE="single-multiple-snakeoil"
+
DEV_MODE="no"
CONFIG_FILE="${SCRIPT_DIR}/local.params"
CONFIG_DIR="local_config_dir"
@@ -167,7 +177,7 @@ TESTS_DIR="tests"
CLUSTER=""
DOMAIN=""
-# Hostnames/IPs used for single-host deploys
+# Hostnames/IPs used for single-host/single hostname deploys
HOSTNAME_EXT=""
HOSTNAME_INT="127.0.1.1"
@@ -188,6 +198,11 @@ WORKBENCH2_EXT_SSL_PORT=3001
USE_LETSENCRYPT="no"
CUSTOM_CERTS_DIR="${SCRIPT_DIR}/certs"
+# These parameters depend on the DEPLOYMENT_TYPE selected
+if (echo ${DEPLOYMENT_TYPE} | grep -q letsencrypt); then
+ USE_LETSENCRYPT="yes"
+fi
+
## These are ARVADOS-related parameters
# For a stable release, change RELEASE "production" and VERSION to the
# package version (including the iteration, e.g. X.Y.Z-1) of the
@@ -205,7 +220,7 @@ VERSION="latest"
# Other formula versions we depend on
POSTGRES_TAG="v0.43.0"
-NGINX_TAG="temp-fix-missing-statements-in-pillar"
+NGINX_TAG="v2.8.0"
DOCKER_TAG="v2.0.7"
LOCALE_TAG="v0.3.4"
LETSENCRYPT_TAG="v2.1.0"
@@ -254,8 +269,10 @@ if ! grep -qE '^[[:alnum:]]{5}$' <<<${CLUSTER} ; then
fi
# Only used in single_host/single_name deploys
-if [ "x${HOSTNAME_EXT}" = "x" ] ; then
- HOSTNAME_EXT="${CLUSTER}.${DOMAIN}"
+if (echo ${DEPLOYMENT_TYPE} | grep -q ^single-single); then
+ if [ -z "${HOSTNAME_EXT}" ] ; then
+ HOSTNAME_EXT="${CLUSTER}.${DOMAIN}"
+ fi
fi
if [ "${DUMP_CONFIG}" = "yes" ]; then
@@ -334,7 +351,7 @@ elif [ "x${ARVADOS_TAG}" != "x" ]; then
( cd ${F_DIR}/arvados && git checkout --quiet tags/"${ARVADOS_TAG}" -b "${ARVADOS_TAG}" )
fi
-if [ "x${VAGRANT}" = "xyes" ]; then
+if [ "${VAGRANT}" = "yes" ]; then
EXTRA_STATES_DIR="/home/vagrant/${CONFIG_DIR}/states"
SOURCE_PILLARS_DIR="/home/vagrant/${CONFIG_DIR}/pillars"
SOURCE_TESTS_DIR="/home/vagrant/${TESTS_DIR}"
@@ -395,7 +412,7 @@ for f in $(ls "${SOURCE_PILLARS_DIR}"/*); do
"${f}" > "${P_DIR}"/$(basename "${f}")
done
-if [ "x${TEST}" = "xyes" ] && [ ! -d "${SOURCE_TESTS_DIR}" ]; then
+if [ "${TEST}" = "yes" ] && [ ! -d "${SOURCE_TESTS_DIR}" ]; then
echo "You requested to run tests, but ${SOURCE_TESTS_DIR} does not exist or is not a directory. Exiting."
exit 1
fi
@@ -487,10 +504,10 @@ if [ -d "${F_DIR}"/extra/extra ]; then
fi
# We simply skip the snake-oil certs based on $SKIP_SNAKE_OIL
for f in $(ls "${F_DIR}"/extra/extra/*.sls | grep -v ${SKIP_SNAKE_OIL}); do
- echo " - extra.$(basename ${f} | sed 's/.sls$//g')" >> ${S_DIR}/top.sls
+ echo " - extra.$(basename ${f} | sed 's/.sls$//g')" >> ${S_DIR}/top.sls
done
# Use custom certs
- if [ "x${USE_LETSENCRYPT}" != "xyes" ]; then
+ if [ "${USE_LETSENCRYPT}" != "yes" ]; then
mkdir -p "${F_DIR}"/extra/extra/files
fi
fi
@@ -499,11 +516,11 @@ fi
if [ -z "${ROLES}" ]; then
# States
echo " - nginx.passenger" >> ${S_DIR}/top.sls
- if [ "x${USE_LETSENCRYPT}" = "xyes" ]; then
- if [ "x${USE_LETSENCRYPT_ROUTE53}" == "xyes" ]; then
+ if [ "${USE_LETSENCRYPT}" = "yes" ]; then
+ if [ "${USE_LETSENCRYPT_ROUTE53}" = "yes" ]; then
grep -q "aws_credentials" ${S_DIR}/top.sls || echo " - extra.aws_credentials" >> ${S_DIR}/top.sls
fi
- grep -q "letsencrypt" ${S_DIR}/top.sls || echo " - letsencrypt" >> ${S_DIR}/top.sls
+ grep -q "letsencrypt" ${S_DIR}/top.sls || echo " - letsencrypt" >> ${S_DIR}/top.sls
else
# Use custom certs
# Copy certs to formula extra/files
@@ -532,54 +549,50 @@ if [ -z "${ROLES}" ]; then
echo " - nginx_workbench_configuration" >> ${P_DIR}/top.sls
echo " - postgresql" >> ${P_DIR}/top.sls
- # Currently, only available on config_examples/multi_host/aws
- if [ "x${USE_LETSENCRYPT}" = "xyes" ]; then
- if [ "x${USE_LETSENCRYPT_ROUTE53}" == "xyes" ]; then
+ if [ "${USE_LETSENCRYPT}" = "yes" ]; then
+ if [ "${USE_LETSENCRYPT_ROUTE53}" = "yes" ]; then
grep -q "aws_credentials" ${P_DIR}/top.sls || echo " - aws_credentials" >> ${P_DIR}/top.sls
fi
- grep -q "letsencrypt" ${P_DIR}/top.sls || echo " - letsencrypt" >> ${P_DIR}/top.sls
+ grep -q "letsencrypt" ${P_DIR}/top.sls || echo " - letsencrypt" >> ${P_DIR}/top.sls
# As the pillar differ whether we use LE or custom certs, we need to do a final edition on them
- # Are we in a single-host-single-hostname env?
- if [ "x${HOSTNAME_EXT}" != "x" ] then;
- sed -i "s/__CERT_REQUIRES__/cmd: create-initial-cert-${HOSTNAME_EXT}*/g;
- s#__CERT_PEM__#/etc/letsencrypt/live/${HOSTNAME_EXT}/fullchain.pem#g;
- s#__CERT_KEY__#/etc/letsencrypt/live/${HOSTNAME_EXT}/privkey.pem#g" \
- ${P_DIR}/nginx_${HOSTNAME_EXT}_configuration.sls
- else
- # We are in a single-host-multiple-hostnames env
- for c in controller websocket workbench workbench2 webshell download collections keepproxy; do
- sed -i "s/__CERT_REQUIRES__/cmd: create-initial-cert-${c}.${CLUSTER}.${DOMAIN}*/g;
- s#__CERT_PEM__#/etc/letsencrypt/live/${c}.${CLUSTER}.${DOMAIN}/fullchain.pem#g;
- s#__CERT_KEY__#/etc/letsencrypt/live/${c}.${CLUSTER}.${DOMAIN}/privkey.pem#g" \
- ${P_DIR}/nginx_${c}_configuration.sls
- done
- fi
- else
- # Use custom certs (either dev mode or prod)
+ for c in controller websocket workbench workbench2 webshell keepweb keepproxy; do
+ if (echo ${DEPLOYMENT_TYPE} | grep -q ^single-single); then
+ # Are we in a single-host-single-hostname env?
+ CERT_NAME=${HOSTNAME_EXT}
+ else
+ # We are in a single-host-multiple-hostnames env
+ CERT_NAME=${c}.${CLUSTER}.${DOMAIN}
+ fi
+
+ sed -i "s/__CERT_REQUIRES__/cmd: create-initial-cert-${CERT_NAME}*/g;
+ s#__CERT_PEM__#/etc/letsencrypt/live/${CERT_NAME}/fullchain.pem#g;
+ s#__CERT_KEY__#/etc/letsencrypt/live/${CERT_NAME}/privkey.pem#g" \
+ ${P_DIR}/nginx_${c}_configuration.sls
+ done
+ else # Use custom certs (either dev mode or prod)
grep -q "extra_custom_certs" ${P_DIR}/top.sls || echo " - extra_custom_certs" >> ${P_DIR}/top.sls
# And add the certs in the custom_certs pillar
echo "extra_custom_certs_dir: /srv/salt/certs" > ${P_DIR}/extra_custom_certs.sls
echo "extra_custom_certs:" >> ${P_DIR}/extra_custom_certs.sls
# Are we in a single-host-single-hostname env?
- if [ "x${HOSTNAME_EXT}" != "x" ] then;
- sed -i "s/__CERT_REQUIRES__/file: extra_custom_certs_file_copy_arvados-${HOSTNAME_EXT}.pem/g;
- s#__CERT_PEM__#/etc/nginx/ssl/arvados-${HOSTNAME_EXT}.pem#g;
- s#__CERT_KEY__#/etc/nginx/ssl/arvados-${HOSTNAME_EXT}.key#g" \
- ${P_DIR}/nginx_${HOSTNAME_EXT}_configuration.sls
+ if (echo ${DEPLOYMENT_TYPE} | grep -q ^single-single); then
+ # Are we in a single-host-single-hostname env?
+ CERT_NAME=${HOSTNAME_EXT}
else
- # We are in a single-host-multiple-hostnames env
- for c in controller websocket workbench workbench2 webshell download collections keepproxy; do
- grep -q ${c} ${P_DIR}/extra_custom_certs.sls || echo " - ${c}" >> ${P_DIR}/extra_custom_certs.sls
-
- # As the pillar differ whether we use LE or custom certs, we need to do a final edition on them
- sed -i "s/__CERT_REQUIRES__/file: extra_custom_certs_file_copy_arvados-${c}.pem/g;
- s#__CERT_PEM__#/etc/nginx/ssl/arvados-${c}.pem#g;
- s#__CERT_KEY__#/etc/nginx/ssl/arvados-${c}.key#g" \
- ${P_DIR}/nginx_${c}_configuration.sls
- done
+ # We are in a multiple-hostnames env
+ CERT_NAME=${c}
fi
+ for c in controller websocket workbench workbench2 webshell keepweb keepproxy; do
+ grep -q ${CERT_NAME} ${P_DIR}/extra_custom_certs.sls || echo " - ${CERT_NAME}" >> ${P_DIR}/extra_custom_certs.sls
+
+ # As the pillar differs whether we use LE or custom certs, we need to do a final edition on them
+ sed -i "s/__CERT_REQUIRES__/file: extra_custom_certs_file_copy_arvados-${CERT_NAME}.pem/g;
+ s#__CERT_PEM__#/etc/nginx/ssl/arvados-${CERT_NAME}.pem#g;
+ s#__CERT_KEY__#/etc/nginx/ssl/arvados-${CERT_NAME}.key#g" \
+ ${P_DIR}/nginx_${c}_configuration.sls
+ done
fi
else
# If we add individual roles, make sure we add the repo first
@@ -588,7 +601,7 @@ else
grep -q "custom_certs" ${S_DIR}/top.sls || echo " - extra.custom_certs" >> ${S_DIR}/top.sls
# And we add the basic part for the certs pillar
- if [ "x${USE_LETSENCRYPT}" != "xyes" ]; then
+ if [ "${USE_LETSENCRYPT}" != "yes" ]; then
# And add the certs in the custom_certs pillar
echo "extra_custom_certs_dir: /srv/salt/certs" > ${P_DIR}/extra_custom_certs.sls
echo "extra_custom_certs:" >> ${P_DIR}/extra_custom_certs.sls
@@ -611,8 +624,8 @@ else
### If we don't install and run LE before arvados-api-server, it fails and breaks everything
### after it. So we add this here as we are, after all, sharing the host for api and controller
# Currently, only available on config_examples/multi_host/aws
- if [ "x${USE_LETSENCRYPT}" = "xyes" ]; then
- if [ "x${USE_LETSENCRYPT_ROUTE53}" == "xyes" ]; then
+ if [ "${USE_LETSENCRYPT}" = "yes" ]; then
+ if [ "${USE_LETSENCRYPT_ROUTE53}" = "yes" ]; then
grep -q "aws_credentials" ${S_DIR}/top.sls || echo " - aws_credentials" >> ${S_DIR}/top.sls
fi
grep -q "letsencrypt" ${S_DIR}/top.sls || echo " - letsencrypt" >> ${S_DIR}/top.sls
@@ -632,8 +645,8 @@ else
# States
grep -q "nginx.passenger" ${S_DIR}/top.sls || echo " - nginx.passenger" >> ${S_DIR}/top.sls
# Currently, only available on config_examples/multi_host/aws
- if [ "x${USE_LETSENCRYPT}" = "xyes" ]; then
- if [ "x${USE_LETSENCRYPT_ROUTE53}" == "xyes" ]; then
+ if [ "${USE_LETSENCRYPT}" = "yes" ]; then
+ if [ "${USE_LETSENCRYPT_ROUTE53}" = "yes" ]; then
grep -q "aws_credentials" ${S_DIR}/top.sls || echo " - aws_credentials" >> ${S_DIR}/top.sls
fi
grep -q "letsencrypt" ${S_DIR}/top.sls || echo " - letsencrypt" >> ${S_DIR}/top.sls
@@ -659,9 +672,8 @@ else
grep -q "nginx_collections_configuration" ${P_DIR}/top.sls || echo " - nginx_collections_configuration" >> ${P_DIR}/top.sls
fi
- # Currently, only available on config_examples/multi_host/aws
- if [ "x${USE_LETSENCRYPT}" = "xyes" ]; then
- if [ "x${USE_LETSENCRYPT_ROUTE53}" == "xyes" ]; then
+ if [ "${USE_LETSENCRYPT}" = "yes" ]; then
+ if [ "${USE_LETSENCRYPT_ROUTE53}" = "yes" ]; then
grep -q "aws_credentials" ${P_DIR}/top.sls || echo " - aws_credentials" >> ${P_DIR}/top.sls
fi
grep -q "letsencrypt" ${P_DIR}/top.sls || echo " - letsencrypt" >> ${P_DIR}/top.sls
@@ -751,12 +763,12 @@ echo '\pset pager off' >> /root/.psqlrc
salt-call --local state.apply -l ${LOG_LEVEL}
# FIXME! #16992 Temporary fix for psql call in arvados-api-server
-if [ "x${DELETE_PSQL}" = "xyes" ]; then
+if [ "${DELETE_PSQL}" = "yes" ]; then
echo "Removing .psql file"
rm /root/.psqlrc
fi
-if [ "x${RESTORE_PSQL}" = "xyes" ]; then
+if [ "${RESTORE_PSQL}" = "yes" ]; then
echo "Restoring .psql file"
mv -v /root/.psqlrc.provision.backup /root/.psqlrc
fi
@@ -766,7 +778,7 @@ fi
if [ "$DEV_MODE" = "yes" ]; then
echo "Copying the Arvados CA certificate to the installer dir, so you can import it"
# If running in a vagrant VM, also add default user to docker group
- if [ "x${VAGRANT}" = "xyes" ]; then
+ if [ "${VAGRANT}" = "yes" ]; then
cp /etc/ssl/certs/arvados-snakeoil-ca.pem /vagrant/${CLUSTER}.${DOMAIN}-arvados-snakeoil-ca.pem
echo "Adding the vagrant user to the docker group"
@@ -777,7 +789,7 @@ if [ "$DEV_MODE" = "yes" ]; then
fi
# Test that the installation finished correctly
-if [ "x${TEST}" = "xyes" ]; then
+if [ "${TEST}" = "yes" ]; then
cd ${T_DIR}
# If we use RVM, we need to run this with it, or most ruby commands will fail
RVM_EXEC=""
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list