[ARVADOS] updated: 2.3.2-32-g2afa29549
Git user
git at public.arvados.org
Fri Feb 25 16:42:32 UTC 2022
Summary of changes:
.gitignore | 1 -
AUTHORS | 3 +-
CONTRIBUTING.md | 12 +-
apps/workbench/Gemfile | 12 +-
apps/workbench/Gemfile.lock | 23 +
apps/workbench/app/assets/javascripts/bootstrap.js | 11 -
.../app/assets/javascripts/bootstrap.js.coffee | 8 +
.../workbench/app/assets/javascripts/keep_disks.js | 43 --
.../app/assets/javascripts/keep_disks.js.coffee | 32 +
apps/workbench/config/initializers/lograge.rb | 1 -
build/get-package-version.sh | 64 --
build/libcloud-pin.sh | 12 +
build/package-build-dockerfiles/Makefile | 16 +-
.../build-all-build-containers.sh | 2 +-
build/package-build-dockerfiles/centos7/Dockerfile | 47 +-
.../package-build-dockerfiles/debian10/Dockerfile | 46 +-
.../package-build-dockerfiles/debian11/Dockerfile | 50 +-
.../ubuntu1804/Dockerfile | 48 +-
.../ubuntu2004/Dockerfile | 54 +-
.../ubuntu2004/ports.list | 8 -
.../common-test-rails-server-package.sh | 24 -
build/run-build-packages-one-target.sh | 12 +-
build/run-build-packages.sh | 255 ++++--
build/run-build-test-packages-one-target.sh | 20 +-
build/run-library.sh | 433 ++---------
build/run-tests.sh | 21 +-
cmd/arvados-client/container_gateway.go | 31 +-
cmd/arvados-package/cmd.go | 32 +-
cmd/arvados-package/install.go | 8 +-
doc/_config.yml | 3 +
.../_container_runtime_constraints.liquid | 8 -
doc/_includes/_install_cuda.liquid | 21 -
doc/_includes/_install_custom_certificates.liquid | 4 +-
.../collection-versioning.html.textile.liquid | 4 +-
doc/admin/keep-recovering-data.html.textile.liquid | 2 +-
doc/admin/metadata-vocabulary.html.textile.liquid | 70 +-
doc/admin/spot-instances.html.textile.liquid | 6 +-
doc/admin/upgrading.html.textile.liquid | 23 +-
doc/api/permission-model.html.textile.liquid | 1 -
doc/install/arvbox.html.textile.liquid | 4 +-
.../install-compute-node.html.textile.liquid | 10 +-
.../install-dispatch-cloud.html.textile.liquid | 21 -
.../install-dispatch.html.textile.liquid | 26 +-
...install-compute-node-docker.html.textile.liquid | 2 -
...ll-compute-node-singularity.html.textile.liquid | 19 -
doc/install/install-keep-web.html.textile.liquid | 9 +-
.../install-workbench2-app.html.textile.liquid | 4 +-
doc/install/packages.html.textile.liquid | 2 +-
doc/install/salt-multi-host.html.textile.liquid | 2 +
doc/install/salt-single-host.html.textile.liquid | 49 +-
doc/install/salt.html.textile.liquid | 2 -
doc/sdk/index.html.textile.liquid | 1 +
doc/sdk/java/example.html.textile.liquid | 83 ++
doc/sdk/java/index.html.textile.liquid | 146 ++++
doc/user/cwl/cwl-extensions.html.textile.liquid | 17 -
doc/user/cwl/cwl-style.html.textile.liquid | 33 +-
go.mod | 111 +--
go.sum | 855 ++-------------------
lib/boot/cmd.go | 15 +-
lib/boot/seed.go | 4 +
lib/cloud/cloudtest/cmd.go | 14 +-
lib/cmd/parseflags.go | 50 --
lib/config/cmd.go | 63 +-
lib/config/cmd_test.go | 57 +-
lib/config/config.default.yml | 93 +--
lib/config/deprecated_test.go | 4 +-
lib/config/export.go | 178 +++--
lib/config/generate.go | 73 ++
.../{config.default.yml => generated_config.go} | 106 +--
lib/config/load.go | 89 +--
lib/config/load_test.go | 12 -
.../remove_file_api.js => lib/config/uptodate.go | 4 +-
lib/controller/federation.go | 7 +-
lib/controller/federation/conn.go | 33 -
lib/controller/federation/generate.go | 2 +-
lib/controller/federation/generated.go | 41 -
lib/controller/federation_test.go | 2 +-
lib/controller/handler.go | 2 -
lib/controller/handler_test.go | 25 +-
lib/controller/integration_test.go | 99 +--
lib/controller/localdb/conn.go | 2 +-
lib/controller/localdb/login.go | 4 +-
lib/controller/localdb/login_oidc.go | 9 +-
lib/controller/router/response.go | 9 -
lib/controller/router/router.go | 42 -
lib/controller/rpc/conn.go | 30 -
lib/costanalyzer/cmd.go | 9 +-
lib/costanalyzer/costanalyzer.go | 46 +-
lib/costanalyzer/costanalyzer_test.go | 29 +-
lib/crunchrun/background.go | 54 +-
lib/crunchrun/bufthenwrite.go | 34 -
lib/crunchrun/crunchrun.go | 273 ++-----
lib/crunchrun/crunchrun_test.go | 51 +-
lib/crunchrun/cuda.go | 69 --
lib/crunchrun/docker.go | 44 +-
lib/crunchrun/docker_test.go | 33 -
lib/crunchrun/executor.go | 27 +-
lib/crunchrun/executor_test.go | 16 -
lib/crunchrun/integration_test.go | 82 +-
lib/crunchrun/logging.go | 51 --
lib/crunchrun/logging_test.go | 34 -
lib/crunchrun/singularity.go | 32 +-
lib/crunchrun/singularity_test.go | 23 -
lib/deduplicationreport/report.go | 44 +-
lib/diagnostics/cmd.go | 11 +-
lib/dispatchcloud/node_size.go | 36 +-
lib/dispatchcloud/node_size_test.go | 87 ---
lib/dispatchcloud/test/stub_driver.go | 11 +-
lib/dispatchcloud/worker/pool.go | 2 -
lib/dispatchcloud/worker/pool_test.go | 70 +-
lib/dispatchcloud/worker/runner.go | 20 +-
lib/dispatchcloud/worker/worker_test.go | 21 +-
lib/install/deps.go | 14 +-
lib/install/init.go | 11 +-
lib/lsf/dispatch.go | 11 +-
lib/lsf/dispatch_test.go | 58 +-
lib/lsf/lsfqueue.go | 2 +-
lib/mount/command.go | 14 +-
lib/mount/command_test.go | 2 +-
lib/mount/fs.go | 23 +-
lib/recovercollection/cmd.go | 18 +-
lib/service/cmd.go | 11 +-
sdk/cli/bin/arv | 25 +-
sdk/cwl/arvados_cwl/__init__.py | 3 +-
sdk/cwl/arvados_cwl/arv-cwl-schema-v1.0.yml | 40 -
sdk/cwl/arvados_cwl/arv-cwl-schema-v1.1.yml | 40 -
sdk/cwl/arvados_cwl/arv-cwl-schema-v1.2.yml | 40 -
sdk/cwl/arvados_cwl/arvcontainer.py | 8 -
sdk/cwl/setup.py | 2 +-
sdk/cwl/tests/test_container.py | 177 +----
sdk/go/arvados/api.go | 10 -
sdk/go/arvados/api_client_authorization.go | 22 +-
sdk/go/arvados/blob_signature.go | 19 -
sdk/go/arvados/config.go | 41 +-
sdk/go/arvados/container.go | 15 +-
sdk/go/arvados/fs_base.go | 63 +-
sdk/go/arvados/fs_collection.go | 352 +--------
sdk/go/arvados/fs_collection_test.go | 105 ---
sdk/go/arvados/fs_deferred.go | 2 -
sdk/go/arvados/fs_filehandle.go | 15 -
sdk/go/arvados/fs_getternode.go | 2 +-
sdk/go/arvados/fs_lookup.go | 6 +-
sdk/go/arvados/fs_project_test.go | 34 +-
sdk/go/arvados/fs_site.go | 6 +-
sdk/go/arvados/fs_site_test.go | 232 +-----
sdk/go/arvados/vocabulary.go | 108 +--
sdk/go/arvados/vocabulary_test.go | 80 +-
sdk/go/arvadostest/api.go | 20 -
sdk/go/dispatch/dispatch.go | 38 +-
.../client/api/client/KeepWebApiClient.java | 9 -
.../client/api/model/argument/ListArgument.java | 18 +-
sdk/java/.classpath | 21 +
sdk/java/.project | 14 +
sdk/java/.settings/org.eclipse.jdt.core.prefs | 5 +
sdk/java/ArvadosSDKJavaExample.java | 84 ++
sdk/java/ArvadosSDKJavaExampleWithPrompt.java | 127 +++
sdk/java/README | 4 +
sdk/java/pom.xml | 106 +++
.../src/main/java/org/arvados/sdk/Arvados.java | 465 +++++++++++
.../main/java/org/arvados/sdk/MethodDetails.java | 26 +
sdk/java/src/main/resources/log4j.properties | 11 +
.../java/org/arvados/sdk/java/ArvadosTest.java | 467 +++++++++++
sdk/java/src/test/resources/first_pipeline.json | 15 +
sdk/ruby/Gemfile | 1 -
sdk/ruby/lib/arvados.rb | 25 +-
sdk/ruby/test/test_request_id.rb | 22 -
services/api/Gemfile | 5 +
services/api/Gemfile.lock | 24 +
.../api/app/controllers/application_controller.rb | 5 +
.../controllers/arvados/v1/groups_controller.rb | 2 +-
.../api/app/models/api_client_authorization.rb | 31 -
services/api/app/models/arvados_model.rb | 26 +-
services/api/app/models/container.rb | 16 +-
services/api/app/models/container_request.rb | 77 +-
services/api/app/models/database_seeds.rb | 1 -
services/api/config/arvados_config.rb | 3 +-
services/api/config/initializers/lograge.rb | 1 -
services/api/lib/current_api_client.rb | 10 -
services/api/script/get_anonymous_user_token.rb | 85 ++
.../test/fixtures/api_client_authorizations.yml | 7 -
services/api/test/fixtures/container_requests.yml | 4 -
services/api/test/fixtures/containers.yml | 31 -
.../arvados/v1/groups_controller_test.rb | 33 +-
services/api/test/integration/remote_user_test.rb | 1 -
services/api/test/unit/container_request_test.rb | 184 ++---
services/api/test/unit/container_test.rb | 33 +-
services/api/test/unit/permission_test.rb | 1 -
services/arv-git-httpd/main.go | 9 +-
.../crunch-dispatch-local/crunch-dispatch-local.go | 40 +-
.../crunch-dispatch-slurm/crunch-dispatch-slurm.go | 15 +-
services/crunch-dispatch-slurm/usage.go | 5 +-
services/crunchstat/crunchstat.go | 30 +-
services/keep-balance/main.go | 14 +-
services/keep-balance/main_test.go | 1 -
services/keep-web/handler_test.go | 32 +-
services/keep-web/main.go | 55 +-
services/keep-web/s3.go | 2 +-
services/keep-web/s3_test.go | 2 +-
services/keep-web/server.go | 5 +-
services/keep-web/server_test.go | 5 +-
services/keepproxy/keepproxy.go | 92 +--
services/keepstore/azure_blob_volume.go | 3 -
services/keepstore/command.go | 28 +-
services/keepstore/count.go | 26 -
services/keepstore/handler_test.go | 31 +-
services/keepstore/handlers.go | 38 +-
services/keepstore/s3aws_volume.go | 99 ++-
services/keepstore/unix_volume.go | 7 +-
tools/arvbox/bin/arvbox | 14 +-
tools/arvbox/lib/arvbox/docker/Dockerfile.base | 3 +
tools/arvbox/lib/arvbox/docker/api-setup.sh | 6 +-
tools/arvbox/lib/arvbox/docker/common.sh | 19 +-
tools/arvbox/lib/arvbox/docker/createusers.sh | 8 +-
.../lib/arvbox/docker/service/api/run-service | 8 +-
.../lib/arvbox/docker/service/doc/run-service | 2 +-
.../lib/arvbox/docker/service/gitolite/run-service | 2 +-
.../lib/arvbox/docker/service/ready/run-service | 2 +-
.../lib/arvbox/docker/service/sdk/run-service | 3 +-
tools/arvbox/lib/arvbox/docker/service/vm/run | 2 +-
.../lib/arvbox/docker/service/vm/run-service | 3 +-
.../arvbox/lib/arvbox/docker/service/workbench/run | 2 +-
.../arvbox/docker/service/workbench/run-service | 12 +-
tools/compute-images/arvados-images-aws.json | 11 +-
tools/compute-images/arvados-images-azure.json | 3 +-
tools/compute-images/build.sh | 16 +-
tools/compute-images/scripts/base.sh | 68 --
tools/keep-block-check/keep-block-check.go | 38 +-
tools/keep-block-check/keep-block-check_test.go | 33 +-
tools/keep-exercise/keep-exercise.go | 12 +-
tools/keep-rsync/keep-rsync.go | 11 +-
tools/salt-install/Vagrantfile | 13 +-
.../multiple_hostnames/pillars/aws_credentials.sls | 9 -
.../multiple_hostnames/states/snakeoil_certs.sls | 2 +-
.../single_hostname/pillars/aws_credentials.sls | 9 -
.../single_hostname/pillars/letsencrypt.sls | 24 -
.../single_hostname/states/snakeoil_certs.sls | 2 +-
.../local.params.example.multiple_hosts | 25 +-
...l.params.example.single_host_multiple_hostnames | 25 +-
...ocal.params.example.single_host_single_hostname | 34 +-
tools/salt-install/provision.sh | 123 +--
tools/salt-install/tests/run-test.sh | 2 +-
tools/sync-groups/sync-groups.go | 15 +-
242 files changed, 3603 insertions(+), 6311 deletions(-)
delete mode 100644 apps/workbench/app/assets/javascripts/bootstrap.js
create mode 100644 apps/workbench/app/assets/javascripts/bootstrap.js.coffee
delete mode 100644 apps/workbench/app/assets/javascripts/keep_disks.js
create mode 100644 apps/workbench/app/assets/javascripts/keep_disks.js.coffee
delete mode 100755 build/get-package-version.sh
create mode 100644 build/libcloud-pin.sh
delete mode 100644 build/package-build-dockerfiles/ubuntu2004/ports.list
delete mode 100644 doc/_includes/_install_cuda.liquid
create mode 100644 doc/sdk/java/example.html.textile.liquid
create mode 100644 doc/sdk/java/index.html.textile.liquid
delete mode 100644 lib/cmd/parseflags.go
create mode 100644 lib/config/generate.go
copy lib/config/{config.default.yml => generated_config.go} (94%)
copy apps/workbench/test/support/remove_file_api.js => lib/config/uptodate.go (67%)
delete mode 100644 lib/crunchrun/bufthenwrite.go
delete mode 100644 lib/crunchrun/cuda.go
create mode 100644 sdk/java/.classpath
create mode 100644 sdk/java/.project
create mode 100644 sdk/java/.settings/org.eclipse.jdt.core.prefs
create mode 100644 sdk/java/ArvadosSDKJavaExample.java
create mode 100644 sdk/java/ArvadosSDKJavaExampleWithPrompt.java
create mode 100644 sdk/java/README
create mode 100644 sdk/java/pom.xml
create mode 100644 sdk/java/src/main/java/org/arvados/sdk/Arvados.java
create mode 100644 sdk/java/src/main/java/org/arvados/sdk/MethodDetails.java
create mode 100644 sdk/java/src/main/resources/log4j.properties
create mode 100644 sdk/java/src/test/java/org/arvados/sdk/java/ArvadosTest.java
create mode 100644 sdk/java/src/test/resources/first_pipeline.json
delete mode 100644 sdk/ruby/test/test_request_id.rb
create mode 100755 services/api/script/get_anonymous_user_token.rb
delete mode 100644 tools/salt-install/config_examples/single_host/multiple_hostnames/pillars/aws_credentials.sls
delete mode 100644 tools/salt-install/config_examples/single_host/single_hostname/pillars/aws_credentials.sls
delete mode 100644 tools/salt-install/config_examples/single_host/single_hostname/pillars/letsencrypt.sls
discards 1abfd2d5fdecd07dea3351c9c840cd61813e0007 (commit)
discards 61fb59bb562b5edb085e5978a47b1a6bc4f47849 (commit)
discards e96d74f79c6e05cc73a131c9e797c06421f109d4 (commit)
discards 77f70e68b72bd0325621eaac5da88c58e99ddfeb (commit)
discards 75906f69902fd15c559df303aea7b54b4490f391 (commit)
discards b6031fa89be6c679ce23d21954de80fe4894d415 (commit)
discards 608e8f79c3fb5cb7077fce4a0b497c5c93d6d6d0 (commit)
discards 3d7125ec931701fa7367234f480da5a9fd81ca78 (commit)
discards 4752421d3d4b3a0f6afe93ce3356961d1d81b494 (commit)
discards d571b37981a225d93ded87d042aef652ba04afe2 (commit)
discards a9ffac64364fafe598c1e6af0468b9139cdd8083 (commit)
discards a66462de44bf709365aaa562570c9b6b68dd92b7 (commit)
discards 63645c871246a61a2148b259f10d2fedf30e8df8 (commit)
discards f2388f1bdad27efd2816533aa7da80735ed5ec3f (commit)
discards ca0b6ff3d75f68b7a2f1821d605fadd49481038e (commit)
discards d6c1841ea8d87238fa18a673fb524985e826ae19 (commit)
discards 70d4cba7d4aef3063fb549a77b45951c339cc57c (commit)
discards 09c022661e08acbb560b4969f1127012d987b94e (commit)
discards d4e10c0482b28a1c2fb7ef48e69a673d2c6ea15a (commit)
discards 1fc3e6081d1d016184f328af84c1aaf330920be0 (commit)
discards 438c39ee7bef019d33e90a6de9313381abacae68 (commit)
discards be278ca4fbb020c06c6f6168ebc8a5adfe161307 (commit)
discards c5c94eebf3fd8690ce32f98d9950fd9efcfbc67f (commit)
discards 3e2c6bb988d3819fadb15f6446fbdfee0046600d (commit)
discards b14d0a0ac78eac7d074ca81411d456605f61bb24 (commit)
discards fd9342c42faaf2c6aa2a6800fe91172bf24e2916 (commit)
discards 32030bce1b67218c91a8ed2a0287ec973221c5f7 (commit)
discards 629cd91ffca67d6de5ad4dbe9854a064f9e26820 (commit)
discards 4475c4d80d00615a8feb24e3483a43f19736b373 (commit)
discards e2b3ed63a292537ec7bf37a904ad2925d6afa0bf (commit)
discards cadf55f2a09546812a650668770249d0f23ec9a5 (commit)
discards 0101431170b0ce317d665822326eac0c66cd2632 (commit)
discards 053f74285455278bed87cd4b3dc0df2adffb3b9c (commit)
discards b2259d67bedad8431e8a513ce0bc46ffeb8ffdbd (commit)
discards 01877c7b5119d29384490adceb862da30b4e81f5 (commit)
discards 668e4f412e70817059fa093b4739c06c50705e79 (commit)
discards 0494b40a03348e584dbc255d93615a4ef01afaf9 (commit)
discards 3c3d72f3076f164c79a10e089b80a098ecec5ff8 (commit)
discards a3c509e8eca36f1291f7547999f16d9fd127c4a0 (commit)
discards ad2851bce9be401f8feac6570b3958ce93732cfd (commit)
discards 85e4b825947790d9cde66cb8c390dc2e216dac9a (commit)
discards 06c2c19bfe18a52348b72d93db59df4b03a4fcaa (commit)
discards 23bad0a705b1809a73ffbd5f6866e14dde5dd52e (commit)
discards abd8c34dc8a21ff75fda2e60d6f2be9ef5722cb3 (commit)
discards 3ad4e88f87ab4943be712a82d1d8269657b41f8a (commit)
discards 0892f09aed1cfdef038c90afdb8c8a9031c994a0 (commit)
discards ca31778a3f4ceb99031f65a1b4bda601b8ce3135 (commit)
discards 82baf2fc853329a602119a72b73b752621e2888a (commit)
discards 846e3037de341d73e593a670b0d0e77bc3e893c1 (commit)
discards 17ffdf2077227c1b235fd97a06af805fb8207b59 (commit)
discards f4554a781a3f6806783cbc6f116c3d7e974c6952 (commit)
discards fba386bcea1c003760fa23daff1ecabc14a476ca (commit)
discards 5e26583b1c64dabc4181938a6826088ef2f1ddef (commit)
discards f12012fc721b4eeb5a72d3cee471cbd24264ec4d (commit)
discards 0f1064526171ef869ded3cb7b7f4bebdb6c084ba (commit)
discards 32c9d4466e043cbf8133df61d3c4b4b41d67242b (commit)
discards 6bee9f6a6be594a7bcda9ec4062d56e325b2efc6 (commit)
discards 6549d7f1234bb6c8cf3ae5032b8105a5e8229e7a (commit)
discards a0dbcda78d2ce2d78d4b88ce024787a5437e3533 (commit)
discards 8323dcbfe4833a0303286991dc64cdb0b0c0fa60 (commit)
discards 40aff12f447f1d4c314972e85531b4a9bb835d95 (commit)
discards 16bb0d2584757280f2a2de102f1bc53fa92179b7 (commit)
discards d82ee3ca5711d81dbc2e3d8e97e91a4fe65408a7 (commit)
discards 97ace0ab8a33f488715909ba1058c790aeb0900b (commit)
discards ca56c80b05906c110d63b724505684c450c098d5 (commit)
discards 37c053157cb11792bcb523ac7482a4cba9f5bde4 (commit)
discards eb1f89d86c0f942c9351ae13b944d3d11f51e35e (commit)
discards f1661f6f3eae17076c4604fcef5eda4555de7f02 (commit)
discards 5537e5bf057097f4f059ceabee3cdd381eb3985e (commit)
discards d702b6f48fd4463084b7e0654520e6b319a19d21 (commit)
discards 08acb72dd180391007554783a08d9213e5d6d6c0 (commit)
discards 7439eed0806fd8096f61fc751224f9696adf615e (commit)
discards 8685251f024c4519c5f61413b9dcb66a86e3efd6 (commit)
discards 40120fd953bb5b9624519c42fd81ee2be2efe20f (commit)
discards c17f2d583c08f7cd7b163fa57746affff2e029f8 (commit)
discards 12c1c51313e897abd0e9d1801b42bc8dc3b8d1d9 (commit)
discards 038585ecce8564f8ebd5f5b28b3909593b1b45ec (commit)
discards ac52d7ee23b39779712c702945eb9db7e17dd814 (commit)
discards 165916c813a0f7b86c0b0e9384ad18433f60b9cb (commit)
discards 447e80a6adedcba754215a95a96378548bd110ff (commit)
discards e414e9d90df8756ab4fc9dab4d2a5729a51a525c (commit)
discards 1a3377dd99a593f4bdec0456609119ec103bf699 (commit)
discards 1f98e3819b3ba145e4e537c25a23283242f10514 (commit)
discards 9d095072a57089b4858b632199f3b57871458dee (commit)
discards 64eeb3536c7b3ce082bc98cfc48ef045952f69e8 (commit)
discards 4e270c803d0b1d00ab138db9f4eaf20233d1f74d (commit)
discards 4cf58c672f91a0e4fec3ea3d4a1934c01b1fe214 (commit)
discards 9f442d51f9ee07be3b25e461847bae58fe1cd126 (commit)
discards 37013ae307a426e28dd3a7784e3bd95ef6ddc57e (commit)
discards addf38844896e204083c1e0eb69e5466c4733c02 (commit)
discards e23f03950b82e72de23c4c44112785a9e92ea235 (commit)
discards c1e7f148bf3340300ae2f41d1ba7588cdfbb3b42 (commit)
discards 1789aa86c580495f0a722289cec41c4e31872e26 (commit)
discards f94304578d5691b574bca55c96a1d3a393235f14 (commit)
discards e04a4d073890b5bc2ca5817c154acf3a344a7849 (commit)
discards 712c3dceaf1d08c3221798b6288e247292738fce (commit)
discards b0da24b7eee60752ba3f9203e6b05638a5e1c121 (commit)
discards 107af77a83788ebdd0cbcfdcae91fed44deec11d (commit)
discards c361e51569e28f30bd034ac240b936346224a0d0 (commit)
discards 4f1341cf015b21d95ec3475cbfe0ae82e73d8b2b (commit)
discards e372194dc9b4b14dffd383f190e8b15185b82b43 (commit)
discards d8fd5586c3c4a5f9717fd1fbf277345095901bf6 (commit)
discards 0b89b2747dc6a2fdbfd84b0cb27690e781c61d07 (commit)
discards 3c18a9d8e2ebb6483413085ce6e0eb2fa382f06f (commit)
discards 96333dffe4b0aaf58c368ed590697fc3ed5e4b48 (commit)
discards 434244494013a1e9d0cf56a7398fcd49fb75aaf1 (commit)
discards 4f5540fdd686522e73f2c4416bd11d1000f99004 (commit)
discards 94942f7b2f35a775aea5b22d2be637022e6b4fb7 (commit)
discards c598d0afc20deec62c6af58a8b0cb1da26d861c4 (commit)
discards 2459f83fafbad9a8969324ff5aef11fc47cbd142 (commit)
discards 729843af064ef140dc046b3009a9230626e23bf4 (commit)
discards e3e6b374664f92aa6b48c8572e70f3ba5f723b4c (commit)
discards b701b0f381b46844559c87c235656333b5628dcf (commit)
discards 4ffe3382ff35cebce873668dfdfad2eef2def3d3 (commit)
discards da58ec28659f5167f9658be5714731acee57dfb1 (commit)
discards 78dff0eb731f126c59d92e56c90110e561b24340 (commit)
discards 43536303547784d11d190e2cfdadda954005ae5d (commit)
discards af44b96bc1f843c1b7878049e161602fef839d1d (commit)
discards adee1c1a7902de81df8cfd5064c3fa9f377faa47 (commit)
discards dd056538060528e6f7b7b48183dfcaeac7882638 (commit)
discards 3b9c4641a985a53347696b7a77bcde28a92d6e79 (commit)
discards 3f127283eabb55e64f1135c7b6ed0180b16255a2 (commit)
discards 3f21facc44a04c6e67a25cd37407b569b965bb65 (commit)
discards 736e7cb4e93b2e8fbb7d8ed0948bb11ddd5f065b (commit)
discards 1125f71d2adf4f797b6869e870ef3cf56ea98569 (commit)
discards 7f2bd2f6ed4081252e650ad0e6c0eea35433e132 (commit)
discards 12d5c5197da939a41bc59cd1a4bf6db9dc0e7df0 (commit)
discards a9e76e7542f621f034119e7d62b79a475b3a9755 (commit)
discards e065d5863b9b36c1cd221f676baffa57e20e7498 (commit)
discards d75310b342941005e469c6d087fe368dd03e268e (commit)
discards 5e06ca0b451f36be33396f8e83bdaa4f9d6f74bb (commit)
discards bf2066b3b386944419a45108d1d404560ca0db35 (commit)
discards 43be77c2f1b4b972113202bcd3d543fe0428778a (commit)
discards b184dd95ae72a5c72692e3b750f6d48c4dcc9a81 (commit)
discards c595d3cd2d9f117bc09cf66762d3698c95aebf86 (commit)
discards 15f6e58f3b7c158aa735ce78597cf22c6ef3543b (commit)
discards 213252bdc6ecb17484f5dfca10a8aba875768183 (commit)
discards 83864f0f77a37ef8212fd4c3eca268ae9bad4bbb (commit)
discards 042f47a2c6b5f3db80142164b6493c873aca0b26 (commit)
discards 640e63a9968114bb300e7e7acb2a71662e53f576 (commit)
discards 936ba2824bc791490f7320452c2afa7d68739ac1 (commit)
discards 229952c156b8d031e4b5f8a9e58f2327c4884daa (commit)
discards a3c592154fa8117e97d1092b2f1c7d01f9b8ed8f (commit)
discards 4a4e8d3eaa86d08e8fa76d569855247b5131e4bd (commit)
discards e2d8cb447c7b5f7b5800e9982ca9178c689a8142 (commit)
discards fe7d00b033c675b647b5d4946dd3640165ec9f17 (commit)
discards f30e59af90558e47a4156566d0209bc8efacd85a (commit)
discards 56c4d0c08266cacbca73e77aa82939e00a0bb69e (commit)
discards 3bfa2cd709a860d161326e66b8bf511f650d3f0e (commit)
discards a371c7f1c7ea0d67572b025f9f2e590d2e1fbe01 (commit)
discards c31f885b1bc1be61bcbca7ec3a2eed007718c93b (commit)
discards 565612fd40474044e2afaa4fcb993c8c0197ca8e (commit)
discards 8c9c451ce03f5af75719064db4442eba74c51120 (commit)
discards 0c53ada0b541823dea1cec479d4cd5dbd7abce5b (commit)
discards b6cbf9d7dc789ce57cc324ad02569187c8db8c54 (commit)
discards 836a871b3a985e74004d709de8ca80db7705180c (commit)
discards 6e14b7d45fb47a654966b528ede41add437215e0 (commit)
discards 7b69c2a7f763190954cb767aa2cd26dc87c727fe (commit)
discards 2d2fcf8e83870114fe6ee20746aac362927d92aa (commit)
discards 98d63ca62daada9803edfdd5ad72304cae19b92c (commit)
discards cdd8c956123711e6752582132e1efb67b1a8880d (commit)
discards 7547041bbe6d25232c59ea842d1d2be49d94d28b (commit)
discards dec8b52c3b3ff10ca63fe4b0bd2bf16cd9f8809d (commit)
discards 25cf4518ef59c42652f4692ccc4e4208cf42155a (commit)
discards 1154089b34acd6e4d1426132456e1cf6bde9a241 (commit)
discards 3c034a63249b94b07449407ad5c4f4115a1ef974 (commit)
discards 964c763379e2ea98e46584267342ced694e3349a (commit)
discards 00f1f05789316936db75b4723b1c3d99196c252a (commit)
discards 4db7a388ce1543d013ac5bfe97f7431eae95d422 (commit)
discards b5440693dd818e382aad912ef0c1a8f813eb6131 (commit)
discards 43af94d367b231d23da4a21ad07ea30057fb0247 (commit)
discards be060104e769405a61068260e95c2a6816c4d2bf (commit)
discards e0e14eaefd15e7e81e0c5a7694886ac262f200c2 (commit)
discards a84ab41802835786e188b11e61f64f0db16d54c1 (commit)
discards 0c14b79d003d6e1fda00cea3dcbdfca3b6d31014 (commit)
discards 87f5edeeb1ec8c03a71c2cfa1656176735bfedca (commit)
discards af62d78f8d288dc61992575c01f0484debb7694f (commit)
discards a4a1420766c6e2e84e61f1d5e8cbb319521af31e (commit)
discards 0a08f54c405dff0dbda5d6dbc14c1f1c6eeecd39 (commit)
discards f4bd850b58cf8977960e3d18ced17fa1dd842747 (commit)
discards 892bc7d2dd548812f6dc6f7a407fcca43713b71e (commit)
discards 9946e935db217d6d470bd2aea79a49b155d982ac (commit)
discards 9e9917f7423b719d1eaf1ca62b2deade25fea55a (commit)
discards 534b7df510b99923a7dc273a2f8cacfd0c599800 (commit)
discards 7085a21aa0c3c7d874c836bd6f8e65bc2c243ed3 (commit)
discards 63b40a5af92aef28d8416c945ffc7c9805ae8d7d (commit)
discards bed472363447f572f9664ff8b3d5a056fc87ec4f (commit)
discards f4593eec39e8d2d4804c0a0197b510cfd760087d (commit)
discards 3203561dd0affdcaa1d34ae9b44c07f28201043a (commit)
discards b65cf0f95944c8f86802ad0c74ee29e35b6a0a90 (commit)
discards a498b0016598ed34b2c957bf11830a52f6ab3931 (commit)
discards 927524f1be454de021180b74999d682780b8cb6b (commit)
discards 2c39f766745e853ae216d5489236a98a766f46b9 (commit)
discards e2dcac3a5cb4488848f4ea4ca12f78cd57c3a40d (commit)
discards 01d58550f246b94a8e8c4f2fb1ee3e721f5f9510 (commit)
discards 7696fe3db2dcf03fe8b4528080100bec2196da91 (commit)
discards 81f4e0b2f8614062ba471c72fdd236c5fce023dc (commit)
discards 6ab97c819cd92a212f804a0895fed88c935ff92b (commit)
discards 6fe152024269d838e31bc224adbd518c43cbfee5 (commit)
discards 00cee49e2c3cfa62e7ec8a58437a7d432013c4c3 (commit)
discards 4ccc5dd789830129173030ebd4e1eb4dfa0ef603 (commit)
discards 564d715cd2c6ab8649c33d76111ed2d02891f137 (commit)
discards 9ae161e844e602b5e02503f7acd47d33e907bd66 (commit)
discards 454613a6eb904bb9035eb3b2df0b665adfcd3a67 (commit)
discards 7f88afd565b76903ad4b27fb896ff0cd844dfb7f (commit)
discards bcbf1b4b03f67a03e4bdefa67d8241af6b18aa38 (commit)
discards adfb76eacbb5677ae1db2efd102c674481a3b065 (commit)
discards cb2d522176c17f2d388098b70fdbaa90fb30e682 (commit)
discards ec5a52d3551e558e6df50c50e94118d84b0cde08 (commit)
discards fcbfddb10723cb876a1c83e883ce3bfb4f6a2565 (commit)
discards f07d3baa67d172c7b606b0382013193e8c4f265d (commit)
discards 2e1049531cb7389cc5633b47d8a41e602da295f3 (commit)
discards e67d7d52092ba61e272a597e2fa9d98aee65c004 (commit)
discards 69a34fc0050898ca7dfc33303d2846db1a339aca (commit)
discards 49ef11e68168170d3ba4bebf17a428d99759178f (commit)
discards 2f344e8b8dde661e74307ed7e561a758809382e1 (commit)
discards c993ea58e27c093e61ce652250c62a9e82b90e20 (commit)
discards df2f210843fecec06a0b966e7051393d1e22fe28 (commit)
discards 06adeb3ba56a3a7d62c3e598ad1bec0f3a03f1cb (commit)
discards 76f82a555481de947be1ee70530e61266b7dcbf7 (commit)
discards 16eeed9a44d37e2662f1fa762edc881243cae676 (commit)
discards 5a93a81476cb8515663515f573ca3c76b4dae194 (commit)
discards 49a8f11dc32bf1d7d5282d5bdb0b66493df90277 (commit)
discards 7519cf2beb1d81ce578dd2ef0624d77b9588ce70 (commit)
discards 9908d25991d607687c7691548a862d1fb73788d5 (commit)
discards b05ec24843655e162c8c3207e1695debdca9725e (commit)
discards d7c8ef4e435b88e9a45e5cd9fc2365fb82c9ab36 (commit)
discards f06e73c6aa74c076d2a263442542b628e640307b (commit)
discards 58ea9370fa7b38382dfa9eea4c42a616e0a699f3 (commit)
discards 87a18ef2c05487c4330e6fb6ce6c7934f6bea5a6 (commit)
discards dde7a01a8dba17936f6100de09a0203aaf9225b8 (commit)
discards f04d5211ed026a4e0cbdca77dad447700eb88772 (commit)
discards 7be9cb0ae8aeb5a49d5450aa38ff9f652761c2d3 (commit)
discards da7b5d99516353f6408e5a9bf640374cf3126e2e (commit)
discards d3716fbfea120893e1a23915c5f9bcb7ca96c371 (commit)
discards 96d284a1f12ff0bdf9c376c937181b97105fba22 (commit)
discards b7fb5c4593dcc679f5343f0f55b3774a7bcfe499 (commit)
discards 3993c04f1811a28399adc350511c4397e3d15321 (commit)
discards c64732191fe3a14a5919759af8568130d21b1db3 (commit)
discards 89cab1faedd4c4209ac642ffd442b0085d9da593 (commit)
discards 17a3d6e7fbc8941ad67b3b6cf344ff369ddd6e66 (commit)
discards c6b9122dbed5a301b5084992df695a1182141479 (commit)
discards 2a1062755c5a83e765963c8dbfd223ebd61530cc (commit)
discards 214ad40ef2c70a9a13817059073521f1ae4ef338 (commit)
discards 920307882b3fe52a08b366a1c81e62f44ee639b9 (commit)
discards 24e333637a1ecf1fd01ad501d62778a24985948f (commit)
discards 1f626bc3482d258dc16f4e972b0008a7da7d7bbd (commit)
discards 601b2fc51374b4ae678fc515ecabebf33f49fa70 (commit)
discards 9d49af75f45c083a2752b58071072f383ca689b5 (commit)
discards 24f140f9ed1a2180541c0c7cebf7572c5155fe27 (commit)
discards 56ad44152bba3fd909f15856dcab834725eda7e3 (commit)
discards 8a353bafe477a114c008b64bd25445266d2cf43c (commit)
discards 5ce5bf966dfabbc0beb7330d4c976a23fde3fd83 (commit)
discards fb429aa6a8dd1d28d08038abd8de8b9206a1d51e (commit)
discards e16866d0f398f6c61f11e2ecdf473d47100329c0 (commit)
discards 2bd768d4d0b06a2a1d3e3ce95ab686164b1d713a (commit)
discards 464c1562415ac7b5b5503f41b20c3183610dc899 (commit)
discards 9d7a33774d0302faece857b195f5062d10f4a4e6 (commit)
discards b0654eb575e9b914999c34984f3f47b3918e9e5e (commit)
discards d86b27a0d966287ef454492da6327d876fc116a9 (commit)
discards af2b71f33797d13896cef7a591ef28cfc09159c4 (commit)
discards f33aef679ff66f8623e0a9ccb9f3fc0a81322507 (commit)
discards 350a728ce9757d4db39d66ef4a5fe1cb304d1156 (commit)
discards 4a598dbcd3e910bf82c95406c919470d0c4a43ce (commit)
discards 2a7f6192e2b619f8e9760b7b937e29bf33791aa3 (commit)
discards e163d0f19b52b4c15adb3d97f49bcacdbaf8dc89 (commit)
discards 9ed314b7a585970c03c87959286fc1e582d769f7 (commit)
discards bc3637c90f8e4e3d1bdc61546c3d7fc53da135f6 (commit)
discards 26aa25c76d3ea4285e724fe874c76aa9da03b4c9 (commit)
discards d69ebd24d729ec50a20194a3c831babd0db0895e (commit)
discards 9c8a812148e6b989fd7ab6aac49168276f5d5b9f (commit)
discards 10397a28667ac68a174c916124a80c04fb16062c (commit)
discards ee12db851d6e7933b6dbfda90e3cab8ccac7c896 (commit)
discards 087fe7a4f739949cbc687508f4eeb7611c5083fa (commit)
discards b87497a3d21d6cbec394a4c595bf62f9d1f11019 (commit)
discards 47982d37d1124c7615508ca17b299b6f31a654d7 (commit)
discards d9c9f862f9bec00285d39dd64d2b677af9aabe92 (commit)
discards 1bc24f2dea52a1df8bb9587d3070399540ec229e (commit)
discards 9a1056497d7b7ad18769336489d3a6822547b65a (commit)
discards e39da1ce43d8e695290a50493dc0f7b3c8a739c1 (commit)
discards 7336a9c38456e1ab7b8f39b210987c641e844399 (commit)
discards 8529a9c53dae3a457f6dbce8aab22571b5837fac (commit)
discards 1f56c3fa3ecb12a252d77ab45b81e7a27015bd4f (commit)
discards db8fac04e5a7fb21bb91be59c507d6771e50c85a (commit)
discards f608029e1aec903bc35a4748ef51e6f076dae0aa (commit)
discards bfdecdcaf7dbeabfacc0efefb864e0024dbef9ab (commit)
discards 2956751f97f95fcead06410f11330e8e1fc650f8 (commit)
discards f6e8d7c2cada1570bac3e98f0712ad8651b8d9fd (commit)
discards ccc7d1cab2d29e117be187cb23a86f98ece38102 (commit)
discards e6769d20505e2c8c74b2d7e3f9c2f33f2a2db092 (commit)
discards 5e7bfcf5cd8b1450e01e4f129bebde8456c814f7 (commit)
discards f7278a4238a687ba4b8203417133bc9add5e166b (commit)
discards 8a33f7899da36343e687febb63678d90e83b7d63 (commit)
discards a2d44a516ca802e3b648313e8de268ddc1492341 (commit)
discards 0f42105b1b59d1b5da764f34e6eb6a1137d7e1cb (commit)
discards 125fbfaa8e76a230567fad4eafd629690e60a4cb (commit)
discards ebb0b9fe48fa2922867537a59f1d0e9dd83e2c28 (commit)
discards 4d68e45dff39d6635658ec85079422bab942fda2 (commit)
discards fa74a8d2176d115f21554e1e929a35729173a3c3 (commit)
discards 972272c42f7ad8daaef29d3d981968e566f3f087 (commit)
discards eafbd28d0a866807471951e133a8132dbdfa9cfc (commit)
discards 4a48f422ba726ab873a00ccd121432fb0f42ce11 (commit)
discards 3134405ebc155a8a51738b7c6d0d4be348c65087 (commit)
discards 69c08bb019277b158fc2f568b7de7483caa2875d (commit)
discards cd595132cceecb3ab12af7731f643f3662af54dd (commit)
discards 55b5ec75a3f6c9154778c8836a99db37e3250abf (commit)
discards a1c3ad1a6a68e893457e93f936d4a8aacc707d87 (commit)
discards aa3efa4aa2749e9c20f6b889ce5968b84db283ba (commit)
discards 16b8b12040790937b5efa8fbb21522d5f31475b0 (commit)
discards 2a13c742cdca6fbae46a9ce1c6ae044633d03ce3 (commit)
discards c57327b6428ba6f44f6dd121eeb6e6853c0f7052 (commit)
discards 9d74b115e05fac77b49d080d9c89699b12f3c433 (commit)
discards 43d9cc591e4207501d608d7b2ca1e7687d92825e (commit)
discards 02025c4fde1336313bb1428707245a05bd8b8a29 (commit)
discards 4da9342911fe66e526079d48dfaccbe0f0e396d8 (commit)
discards 5d04b15c92633b926456766f88cd8c6eccdc5fc9 (commit)
discards 153d9954cbe21a0e98bf5cf364898e2bc10fcabd (commit)
discards b24cc8345bb814d0df60ca9504eaeb1572af3095 (commit)
discards aa3d4030686f5db784dcaf2d7f28225eb98c4267 (commit)
discards 63c38a33171c1811c8f46895ecd2f68a9dbce701 (commit)
discards fb96637bf76fe8779e7a7e58f052b8f55ed76f4f (commit)
discards fce3aab6c0dce1b3a940ec2f276b39837f5d4724 (commit)
discards 6e0b8fe3e7a9ee4834dc454d6f0c5a409590ce6d (commit)
discards 3849ee94bbe65ef79df8f50c87b5445a5b1d4877 (commit)
discards 528b929e84319067df7bc49162307ee82a9d852c (commit)
discards 39ce50e472535737446a54b2187ab4b38727a79c (commit)
discards b1a88ceac8f65aaf90076827120e233cb52976d6 (commit)
discards f23f5689eac6354eb9567c91f2ff8586e2118e92 (commit)
discards fdf081b663b91c1d0af669e0224e67a47b8497a3 (commit)
discards a02b821d78d93bd814d8bf2b8b532b8940e93ecf (commit)
discards 365b9ca0ea4291d9864297593d185aeef66457ba (commit)
discards a4d47d01dbbca45545353cee14f6a0aa2424c149 (commit)
discards b2a37066e5db9bccd75290adb833f4452e0f9657 (commit)
discards d3ffe252f9d7cbbad9a7bf61ccf5d26129720f43 (commit)
discards 685db28b50225cde7dbb03aa2275f7a165d888a3 (commit)
discards 9f4fd542a9fc94e9f48387e90fd70b614458c1f2 (commit)
discards a969c0d3e97c2aeff0b64f9f0c8052f71eefa576 (commit)
discards ee0b90f8e2e9fc75ea810336dc398d8365752e79 (commit)
discards 1c36c7a9d4cb3829e57aab9ac84a6b85ec35459c (commit)
discards d0a50cd1fafca2a931f35f7997bd40f01a295ee0 (commit)
discards 2437c9eb78db1fbeb5365bd403dc791096a03a2b (commit)
discards 615722f1097cb80e085f959fa2e6cad94a02cf07 (commit)
discards 47c3faf1e26be21190eeee7f266d44eb33a0aeb6 (commit)
discards 37d9f94b06ff367a3514b58ec6f0e4d4d0116030 (commit)
discards d35c1a7499cabedf0e2b6e592e0abf039fb8450f (commit)
discards 9df4cad4500d092bb07909b6f49e4eaaa6d31984 (commit)
discards a78762353971ea3707bcf92960a12557d66fb9af (commit)
discards f1b121ccb36483304fc6debdab62e680f84dc98f (commit)
discards e60cae2f887a433b2bae0921bfdfed4096c9cbd6 (commit)
discards 54d36a634def086f5c3b16e897489ee84cbd27f4 (commit)
discards a4886639d07503f3101800feb7deaf7aae025312 (commit)
discards 00900388c9704a4fe76a459934a2b9f73a3cec1a (commit)
discards 617d783980943ac7cda84d94a5a43e06adeb838e (commit)
discards 613b22c08b3fb2fb24a15b17ce7de04e3f7ebc35 (commit)
discards 69a9857a37007723c17007b0c2f960b87e95bc02 (commit)
discards c51e85a536ec9520ce9c8784bf26b639f7e4ce0a (commit)
discards e7aec8c18af9ae99d0a43c1d172d8598ee8bf577 (commit)
discards f827088cc812a217bfb46aca66be62b79b7ed973 (commit)
discards d1af1ede3314ec5ae9b7dbbe51f8a8a7314ba651 (commit)
discards d75bcd1e8bb8c5b312ccd6c86136d0c1e1d7b904 (commit)
discards 79870ba994f0606c8ed13806f00cb8b23d9b2c83 (commit)
discards 1f7f3f7f49d3e2d44b77472bfc1f204ae0496a70 (commit)
discards 40f551004ab4e5f1d8ab02ddb55dca225ee8f6ac (commit)
discards 7b7de0ba345c02103bbaa9fb981424c59d440d55 (commit)
discards 36b4a526be01a76eeb2ef2db645598f45f1de992 (commit)
discards 733d05ba984089553428a40a74478fa6700b4e9f (commit)
discards 29f32bb5c13c5a9667d12455013ba24b7a8725b1 (commit)
discards d60aa7ad3fec08ffd158ab88c2e0758627e4928b (commit)
discards 8b042997093ad9aa96c159ca952746449bd5b315 (commit)
discards 3f32ceb98c74d4c1ad056615c3dac359ad0c0bce (commit)
discards 13dea78ff8ad72bd8a406843bb702aef0d0f569a (commit)
discards 1cd689f0355b29be7d0e4b316369eed5c228f92a (commit)
discards 88a28473710c28f36cf8fab178697dd5e0d7a6ac (commit)
discards 7e85063ebffe3a6d990fb0b2eac62b1906660a21 (commit)
discards d98a3ad49469f33e01e35776afff55e1452a2321 (commit)
discards 7dcbe06182de70d158835e400d61fa026eac6384 (commit)
discards 5fc1dcfcb58c70b8347cc74dab2a9e0501f26cca (commit)
discards 3b6a4a8e1dc7614216bae1177e6a646f366a048d (commit)
discards 5e864400e2f82db117c15eaac4c7c5c3ad913bd6 (commit)
discards c3f165fd3fa7a39643af96e6c7b5095ee8c43f9d (commit)
discards 3a822f9f2f0907fd1bdb530390772b7e0f46c9cb (commit)
discards a357f5f197dbe54314608d4c5acbdd9e1959afba (commit)
discards 54781f3d3c1dea0e14542d129b1c8e061ad406fc (commit)
discards 9ff58642c2c1eaae8d6dd7c01e8fb85a030c2dfc (commit)
discards cc9925788396b37cc64527257f8737a3dfcd7ab4 (commit)
discards 3ce7895505f99de703ec750e4b0bf10334522b2d (commit)
discards 0c9dda66d44f466c6ef4b2c0a8b3c4e685b74143 (commit)
discards f138dab54f33e4247f21c26dd938b11646597b28 (commit)
discards 4a264f6333b34ecc364d2a6f9e18c7f3e35a076d (commit)
discards 59d3e00f4b7459a8c94185cda6cf163ef05bd2fa (commit)
discards 5e4b8ac7997c68ffa45471b9879789c96068885d (commit)
discards c8757ec7b90a55988224e45a523a6528c952eeb3 (commit)
discards 94c0345781dcb2a7fca6931bcd35a87766d65996 (commit)
discards e230982830132e278122f873d5f7434a63533362 (commit)
discards 8392d11d7b9db3006831eb2314c2c5d0b9eb8459 (commit)
discards c84e8e6141220ff088f489cb1be3af699b5398cf (commit)
discards 3060f30851f5e6a8127cd1a057e8aa7581632567 (commit)
discards 66a089434f38163273c3a5b9138f9c4347873b69 (commit)
discards e12de76fbd6aace9d03309c0ac3e19470ee2efe7 (commit)
discards 4816e450e1d71ba23c1b4c53053c0341120c2415 (commit)
discards b9dfa440d0ca7547f8e403cb513e300c4d405cba (commit)
discards f2788dd5fc3ef725969d6c0fcc4ddee3754829fc (commit)
discards 54836b787450bf23abcf7be291831799093a17b0 (commit)
discards e1e1a215d954c3337a969019da7f7becc8d14012 (commit)
discards deb104b3706fab06bf21a70fb9d85d2717f4f0c1 (commit)
discards 808a32f8d2b174b293154257a72c687cbb8bb280 (commit)
discards bad2728b2ed147badcd67ff0d21be20d17f0c9ea (commit)
discards b7ec820ac297bc316ef9ffa36242e7928acbc0b4 (commit)
discards 39a723673e92b842233b1da5fde27aa595fcc59f (commit)
discards 83c996d75698093446fbfff89ea4abeb36cbc8c4 (commit)
discards 623ffe7320d0a159ba9a5912fc1948cac12ad505 (commit)
discards 1e8731c242c2e2926819e24856743d0ec7e70a56 (commit)
discards aaabfc20e05a635a36be0049b38b2034f041398d (commit)
discards 1f23032c8a10c03e9f4ff00b45576ad5c5e5afd9 (commit)
discards e31979e7ef752c9adef3d3fa6096a47d720d524e (commit)
discards 22516d3663a3c11384824dad0e052dc0630f08f0 (commit)
discards 39464fc833e3ee2fb771f83dce9f94e3856c1075 (commit)
discards 125dd3b1e5f34156b002951f504f5346cc5d7e8d (commit)
discards 2582dc22a24ee7cdaf1a68c6b4b1c639f88c2efe (commit)
discards c5e4fb5838d2f447ae126159a71340b90cfea33c (commit)
discards 3dcd4659f10710621f429066f11ab7b67cd6e878 (commit)
discards 01698bea4703ce073425e2080c7cad83e2f873cc (commit)
discards 9f6f07fe6790e7c3a8f1b57990c16447c9d2713f (commit)
discards 58df9c45cc6288b4424c6571b35373de8837a85f (commit)
discards b03d26d7607c11e45f49a960ce147bbb2ebfb53c (commit)
discards 169a7755916e1f3227ab9c3959447149ecb99503 (commit)
discards 3c3cae35fe5b3cf0371e1cbb1ff295baf555f77a (commit)
discards 9539317a22d8ea16f94b0e086507ab595d758216 (commit)
discards 67d842388bc0542a7c3d8843635c3ccf5add20c7 (commit)
discards dd5a2a0c2da55c95cb94cb67538c6693cf989bf9 (commit)
discards 242e740db430759c3a09de3bf9ece89987c6b9b0 (commit)
discards 332c20ac4de0d2706a7e6c9e3a96f1d4287eb4c5 (commit)
discards 0bfda57681195c431e3b6063577fdab23ff40cd5 (commit)
discards e1c4967befc7b4dd273b3d9d047a4e4262f5ba2f (commit)
discards 0d9bc75b61d5227917ef43e4c716ae284d548644 (commit)
discards ccb603fe5a8ca989d6db97cc723ccfcaba2781f5 (commit)
discards 68259bcde57277cb709296fc24e86826d9c131d5 (commit)
discards b7aa839c669f1c2055ade415b99378e5c9ba0baa (commit)
discards a0080bdf353bcc107eb80a5755958c6c276d49eb (commit)
discards d68c3776fee61329f665ede740cca51946395d1c (commit)
discards 089aaca1ed6fe672f01c5049f1bf3956bdd35065 (commit)
discards 53b2e5895715c73febffb563ebc89153339e02ab (commit)
discards c8d252f51c23484484e4aa023fcd1f86ee961eab (commit)
discards f54cc984969657be50c093b917feb49a19d78c22 (commit)
discards 3b0f80205c1942cc954eb891691c7c382aa9c87c (commit)
discards 2eeaf4eacf23e166b60cf95562ea2727a68e1e08 (commit)
discards bda9093be4d24d45a6fff29148fbb5438e283897 (commit)
discards 6b39f96311c832de21bcacc3f17a611682d522a9 (commit)
discards 5f95bfc2c5c7706c7961aeca3aabd90ea5661f0a (commit)
discards e04586707b923f857c61a17ad38a9ce795e9af14 (commit)
discards f968e4a8eeb562964f265d7555eaf295f8bac7f6 (commit)
discards 146c1e2c5d12f478e4dbf35c5a675f05a793f5b7 (commit)
discards c6e6a2531ef791e7fdae10b440c778244dd62019 (commit)
discards 9a615740476541185073f98d8bc6e69e06ecf340 (commit)
discards 6b3a880d607ee3e3dd273f019981fd6cae62373c (commit)
discards 6f84dbb74b46470e937a52cbbb5de4c5b825e122 (commit)
discards 03338fd9d7416560331bb96fd356f3d35de6760f (commit)
discards b4bb4815b9e23c54d6bbf7ec166acdf7ddfcb10b (commit)
discards ab42005d9a8a4bbfae9d96ce320662a958decfcc (commit)
via 2afa29549ab969524c1758cc2ef5867993abbf05 (commit)
via 6fc73fc47f81b90889bcacdd54c16c7715b0abfd (commit)
via 9015155cfdd845ce6a6bdceda8b0ae078cdd3103 (commit)
via 365351eade89d3a7d3340d114a329089599c1cd8 (commit)
via ae1bc35bb0dc05711eaa5d2d959e3c2752c4f34b (commit)
via cae62c46be5f3d665d920f2400c1929b4ece4799 (commit)
via 45901152993875c48ed68c4d1b30a3f73eac4030 (commit)
via d09550506dbd31b92e53b4e861924e49027acabb (commit)
via c364f8b4010adb72c952b7a1c47011675c42fae5 (commit)
via ce4962218956e42058d6084f71d54bfa869b5ed4 (commit)
via dc032a8b37d9360a3ba90752e1a2412c9838e1fa (commit)
via fc415fd3128c5f3772a7f1a1376007c75b588b4c (commit)
via b6ff0066e51f63b2b48c4889d2af2fa037d18f3a (commit)
via ec3948a8a1473102ff8ee62be8625327398f4726 (commit)
via 0c82d98fb3d1bde830166e8ef8384d6314a3c8b7 (commit)
via 94ff4727707e36a9da901804d66b5f3f39cad0b7 (commit)
via da3b2b9f1736d90a2cea996c526aea5465bad85f (commit)
via a864c117932288aac876ca3ba4b2087da191b6b6 (commit)
via 41e6ddfb673652c14020145e122d54dc6d5ba8ec (commit)
via 696f8623133576ddb3fc61f00fbdcccfecdf4fb2 (commit)
via f985928367bd3638e68d613b232010b4f587f1e2 (commit)
via b287377976ce841cd99d9f8ef1c881722a0dc0b4 (commit)
via ed695eb01f9e63463685312962dbbbda293348f0 (commit)
via a8d04e784a6b4b76f15c4f063fcdca85625e96b1 (commit)
via 50cedb091f840e62821bd2bb0304f22d238691b1 (commit)
via 8df9179dd953831f0c5c251d4221567c77818760 (commit)
via 14dfc54412cac4cf0cb257599e19642e73f5f248 (commit)
via 28d250e3a5ea54c3a6bcda6e5600f9fd8e3dbcf4 (commit)
via 49d8a8f2e36d5c33577c0887d9f4482ca7b6e00d (commit)
via b54a01daf24713143ba7f5f85dafd1d9d0c78a0f (commit)
via d1828fefa997bcd6257c39ca6f6f605a5a32707a (commit)
via 5a1ba930d6c3c61dfe2dbce127954c57f78bff1f (commit)
via e8a8cadb6035fa8c03589b9ab5ac1a382407c6a1 (commit)
via 4dce2661e80da9b65e5a548c863d61239233d6b0 (commit)
via ae313a75753fb34781db0bfe776e855cab924dc3 (commit)
via b0d0360b250bed8e6e5a30f7ee057da0600bc99c (commit)
via 56c37ef9b76b992dad59524cae6c34b86bb911d0 (commit)
via 11864d817434e1f3e36cf3c0ef9ab37736938f65 (commit)
via b008c44eaf5c6b45c9f36116601918748aeb8323 (commit)
via 51c1bbb2f68e1046e8684985935fce932df08667 (commit)
via 5c7b5f03de13e259ccedd2d09d5626c1eabdc934 (commit)
via affe6b0a9bb79572dae80c5e3a3383fea66801eb (commit)
via b97c5edf08a9dea2b447459909d3e08c8abdf82f (commit)
via dad25927277573fd93cc3f7308c4ebe015194b10 (commit)
via a0b4442a02e4767ee63f03bc355538f16fffccb1 (commit)
via 9e1fd027953d2d25f395144057dc9b95750a13f9 (commit)
via c13a243a950af570fba7b89e690d85f1004de20d (commit)
via 5484ed74fd1721568841ba13f392c8382ac9e46a (commit)
via dc70662c5d9cfd7f5cb05b9540a7bb2825de6bff (commit)
via eb5b089f8e296b2b9575fa8fbb59724508e9342b (commit)
via 88648f2b3f9e85fe4094af7d2805439c1a99b9de (commit)
via 82691f82adecc3baf60b392b2d295ab2381f85bc (commit)
via a48908445762d574b41d611021a537c805f7f3ad (commit)
via 771804a86a5ac53be1142735995dbec6f6949289 (commit)
via ba3dfca2da03a57a5f732dd6fb7bbaf744add9a5 (commit)
via 2b70210eedf5ed0cec12a904d04e4c3b33def073 (commit)
via 949b55d6419e0de7c2386278cb17d11b3beb3b20 (commit)
via cd034042a1ea9950ebea9109ce857eee72adc249 (commit)
via bbc934a55d42bcd46ad0a7d33456b37c0be18f61 (commit)
via c73a78ead6b493df1f4b44cd1e1a43d6c268f6fa (commit)
via 6a7233ad1f3afc8b128c647810d38ad9cd158f69 (commit)
via 59240220e48bcf508daebcf980c1e2db20ccc0e7 (commit)
via b9b43736e711f10fcf9c031bafba2464bb2ce386 (commit)
via ca0dd0691c1d5053794681bbfb063926e49c039a (commit)
via 595af530fb6a19152421af0f7134953bb366f668 (commit)
via 9e3e3bcd81a4fc80e1aaa33e7a1711a74099e0e4 (commit)
via bd8ee613953e8cbcbb572b648e87602397ba31bb (commit)
via 773413b6decf25e4ab669881e00c507aa8a1486f (commit)
via 28e35c535b8fd442dce3a286c4503517dc848848 (commit)
via 1dc17e4eee5367c7684888c8dcaa6445b576537c (commit)
via bc9d8d1e4caeef8c4b2da02f9a134fc7b57148d7 (commit)
via ac92153c3aa05af1755b1afe225d3355fcca160d (commit)
via 73d113eab7fef74d9519be5236e89b48aeb2eab2 (commit)
via dcd9dd1ec965190dcece4b8ef3f9379776a309e8 (commit)
via 7dd7f8d08b1bbf4692b2f1678d78047489b6fd37 (commit)
via a6f94a674bdbb99cc3fb19cff6a7ffbf4c3520ee (commit)
via 5c4316723fda70348f841a3ad1a7d8385f9e3c4a (commit)
via 7de380d5e7dbc3361c15d48d92619b222b77f6f8 (commit)
via 4c53d93b1c9356aea2c509fcfc79cc48aa0e2fa1 (commit)
via 17bf8752a8b110a95cde3683bc0a6c586fae3ac9 (commit)
via c0ba291cfb28192b1a3255008aefaf13583fea97 (commit)
via 7d39fd29dbf5b6b9bad90cee69dce24498f3e5ed (commit)
via d588e6bca2e886dc978d3cd8ca17002d41fbe585 (commit)
via 6c8a0923515a0c9e085fa852de3a48f849a742fe (commit)
via fb39000148809df935ada41cd3be373fde268c57 (commit)
via f0449aa6f4d490de26e5240202a8e77113d4c471 (commit)
via 067a68b5e9dfa1c7d5e68fd64553e0ced89cad36 (commit)
via d415db42e227d2f309d942486b7d2fcb431da628 (commit)
via 308c90af198f5dd6b25ac284fe24aa8e648bc6d8 (commit)
via 0b8994f341459e4e6f3ed7cfb9e38109529d632e (commit)
via 2e921a511f4c5fb93f5bd1299b7a66b830440a8e (commit)
via 1b95927d6b17cfa2a4c8a8f20bee7dafa59e3d34 (commit)
via 1e008042ac7a5b7dfe4a11a8f33f71c57ee2666a (commit)
via bcb56b17389d162a53546c5efaf288ba446b7f84 (commit)
via 547fae4ba065b99e2a2832f441b745dc7cd59889 (commit)
via a66c119e7198d95969fbcbcde48a05c92dbc07ac (commit)
via 644d62c8bb6528713db56a8464ffaba94740e0e5 (commit)
via ea8114022b55a158e1df2bfbdfa29d0703940708 (commit)
via a598bba05ec26c8103bd7f8cf9e4dcf451469531 (commit)
This update added new revisions after undoing existing revisions. That is
to say, the old revision is not a strict subset of the new revision. This
situation occurs when you --force push a change and generate a repository
containing something like this:
* -- * -- B -- O -- O -- O (1abfd2d5fdecd07dea3351c9c840cd61813e0007)
\
N -- N -- N (2afa29549ab969524c1758cc2ef5867993abbf05)
When this happens we assume that you've already had alert emails for all
of the O revisions, and so we here report only the revisions in the N
branch from the common base, B.
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
commit 2afa29549ab969524c1758cc2ef5867993abbf05
Author: Javier Bértoli <jbertoli at curii.com>
Date: Fri Feb 25 13:40:15 2022 -0300
18791: allow single-host-single-hostname to manage LE certs
Arvados-DCO-1.1-Signed-off-by: Javier Bértoli <jbertoli at curii.com>
diff --git a/tools/salt-install/Vagrantfile b/tools/salt-install/Vagrantfile
index f5759c482..27f1591c8 100644
--- a/tools/salt-install/Vagrantfile
+++ b/tools/salt-install/Vagrantfile
@@ -37,9 +37,9 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
s#domain_fixme_or_this_wont_work#local#g;
s#CONTROLLER_EXT_SSL_PORT=443#CONTROLLER_EXT_SSL_PORT=8443#g;
s#RELEASE=\"production\"#RELEASE=\"development\"#g;
- s/# VERSION=.*$/VERSION=\"latest\"/g;
- s/#\ BRANCH=\"main\"/\ BRANCH=\"main\"/g' \
+ s/# VERSION=.*$/VERSION=\"latest\"/g;' \
/vagrant/local.params.example.single_host_multiple_hostnames > /tmp/local.params.single_host_multiple_hostnames"
+ # s/#\ BRANCH=\"main\"/\ BRANCH=\"main\"/g;' \
arv.vm.provision "shell",
path: "provision.sh",
@@ -54,7 +54,7 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
# A single_host single_hostname example
config.vm.define "arvados-sh-sn" do |arv|
- arv.vm.box = "bento/debian-10"
+ arv.vm.box = "bento/debian-11"
arv.vm.hostname = "zeppo"
# CPU/RAM
config.vm.provider :virtualbox do |v|
@@ -80,15 +80,15 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
arv.vm.provision "shell",
inline: "cp -vr /vagrant/config_examples/single_host/single_hostname /home/vagrant/local_config_dir;
cp -vr /vagrant/tests /home/vagrant/tests;
- sed 's#HOSTNAME_EXT=\"\"#HOSTNAME_EXT=\"zeppo.local\"#g;
+ sed 's#HOSTNAME_EXT=\"hostname_ext_fixme_or_this_wont_work\"#HOSTNAME_EXT=\"zeppo.local\"#g;
s#cluster_fixme_or_this_wont_work#zeppo#g;
- s/#\ BRANCH=\"main\"/\ BRANCH=\"main\"/g;
s#domain_fixme_or_this_wont_work#local#g;' \
/vagrant/local.params.example.single_host_single_hostname > /tmp/local.params.single_host_single_hostname"
+ # s/#\ BRANCH=\"main\"/\ BRANCH=\"main\"/g;
arv.vm.provision "shell",
path: "provision.sh",
args: [
- # "--debug",
+ "--debug",
"--config /tmp/local.params.single_host_single_hostname",
"--test",
"--vagrant"
diff --git a/tools/salt-install/config_examples/single_host/single_hostname/pillars/arvados.sls b/tools/salt-install/config_examples/single_host/single_hostname/pillars/arvados.sls
index 78a5a938f..bdf9c578c 100644
--- a/tools/salt-install/config_examples/single_host/single_hostname/pillars/arvados.sls
+++ b/tools/salt-install/config_examples/single_host/single_hostname/pillars/arvados.sls
@@ -68,6 +68,7 @@ arvados:
password: "__DATABASE_PASSWORD__"
user: __CLUSTER___arvados
encoding: en_US.utf8
+ client_encoding: UTF8
tls:
# certificate: ''
@@ -80,7 +81,6 @@ arvados:
system_root: __SYSTEM_ROOT_TOKEN__
management: __MANAGEMENT_TOKEN__
anonymous_user: __ANONYMOUS_USER_TOKEN__
- rails_secret: YDLxHf4GqqmLXYAMgndrAmFEdqgC0sBqX7TEjMN2rw9D6EVwgx
### KEYS
secrets:
diff --git a/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_api_configuration.sls b/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_api_configuration.sls
index 18f09af50..e603bcb21 100644
--- a/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_api_configuration.sls
+++ b/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_api_configuration.sls
@@ -13,7 +13,7 @@ nginx:
### SITES
servers:
managed:
- arvados_api:
+ arvados_api.conf:
enabled: true
overwrite: true
config:
diff --git a/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_controller_configuration.sls b/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_controller_configuration.sls
index b7b75ab9c..7e7bc5ece 100644
--- a/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_controller_configuration.sls
+++ b/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_controller_configuration.sls
@@ -20,7 +20,7 @@ nginx:
servers:
managed:
### DEFAULT
- arvados_controller_default:
+ arvados_controller_default.conf:
enabled: true
overwrite: true
config:
@@ -33,9 +33,11 @@ nginx:
- location /:
- return: '301 https://$host$request_uri'
- arvados_controller_ssl:
+ arvados_controller_ssl.conf:
enabled: true
overwrite: true
+ requires:
+ __CERT_REQUIRES__
config:
- server:
- server_name: __HOSTNAME_EXT__
@@ -52,7 +54,9 @@ nginx:
- proxy_set_header: 'X-Real-IP $remote_addr'
- proxy_set_header: 'X-Forwarded-For $proxy_add_x_forwarded_for'
- proxy_set_header: 'X-External-Client $external_client'
- - include: 'snippets/arvados-snakeoil.conf'
+ - include: snippets/ssl_hardening_default.conf
+ - ssl_certificate: __CERT_PEM__
+ - ssl_certificate_key: __CERT_KEY__
- access_log: /var/log/nginx/__CLUSTER__.__DOMAIN__.access.log combined
- error_log: /var/log/nginx/__CLUSTER__.__DOMAIN__.error.log
- client_max_body_size: 128m
diff --git a/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_keepproxy_configuration.sls b/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_keepproxy_configuration.sls
index 81d72aac7..b5c68c7e3 100644
--- a/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_keepproxy_configuration.sls
+++ b/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_keepproxy_configuration.sls
@@ -15,9 +15,23 @@ nginx:
servers:
managed:
- arvados_keepproxy_ssl:
+ ### DEFAULT
+ arvados_keepproxy_default.conf:
enabled: true
overwrite: true
+ config:
+ - server:
+ - server_name: keep.__CLUSTER__.__DOMAIN__
+ - listen:
+ - 80
+ - location /:
+ - return: '301 https://$host$request_uri'
+
+ arvados_keepproxy_ssl.conf:
+ enabled: true
+ overwrite: true
+ requires:
+ __CERT_REQUIRES__
config:
- server:
- server_name: __HOSTNAME_EXT__
@@ -38,6 +52,8 @@ nginx:
- client_max_body_size: 64M
- proxy_http_version: '1.1'
- proxy_request_buffering: 'off'
- - include: 'snippets/arvados-snakeoil.conf'
+ - include: snippets/ssl_hardening_default.conf
+ - ssl_certificate: __CERT_PEM__
+ - ssl_certificate_key: __CERT_KEY__
- access_log: /var/log/nginx/keepproxy.__CLUSTER__.__DOMAIN__.access.log combined
- error_log: /var/log/nginx/keepproxy.__CLUSTER__.__DOMAIN__.error.log
diff --git a/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_keepweb_configuration.sls b/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_keepweb_configuration.sls
index fcb56c994..3f62a5741 100644
--- a/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_keepweb_configuration.sls
+++ b/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_keepweb_configuration.sls
@@ -16,9 +16,11 @@ nginx:
servers:
managed:
### COLLECTIONS / DOWNLOAD
- arvados_collections_download_ssl:
+ arvados_collections_download_ssl.conf:
enabled: true
overwrite: true
+ requires:
+ __CERT_REQUIRES__
config:
- server:
- server_name: __HOSTNAME_EXT__
@@ -38,6 +40,8 @@ nginx:
- client_max_body_size: 0
- proxy_http_version: '1.1'
- proxy_request_buffering: 'off'
- - include: 'snippets/arvados-snakeoil.conf'
+ - include: snippets/ssl_hardening_default.conf
+ - ssl_certificate: __CERT_PEM__
+ - ssl_certificate_key: __CERT_KEY__
- access_log: /var/log/nginx/keepweb.__CLUSTER__.__DOMAIN__.access.log combined
- error_log: /var/log/nginx/keepweb.__CLUSTER__.__DOMAIN__.error.log
diff --git a/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_webshell_configuration.sls b/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_webshell_configuration.sls
index 1b21aaaeb..7b1712d53 100644
--- a/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_webshell_configuration.sls
+++ b/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_webshell_configuration.sls
@@ -17,9 +17,11 @@ nginx:
### SITES
servers:
managed:
- arvados_webshell_ssl:
+ arvados_webshell_ssl.conf:
enabled: true
overwrite: true
+ requires:
+ __CERT_REQUIRES__
config:
- server:
- server_name: __HOSTNAME_EXT__
@@ -55,7 +57,9 @@ nginx:
- add_header: "'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'"
- add_header: "'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'"
- - include: 'snippets/arvados-snakeoil.conf'
+ - include: snippets/ssl_hardening_default.conf
+ - ssl_certificate: __CERT_PEM__
+ - ssl_certificate_key: __CERT_KEY__
- access_log: /var/log/nginx/webshell.__CLUSTER__.__DOMAIN__.access.log combined
- error_log: /var/log/nginx/webshell.__CLUSTER__.__DOMAIN__.error.log
diff --git a/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_websocket_configuration.sls b/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_websocket_configuration.sls
index 7c4ff7835..0aefaed84 100644
--- a/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_websocket_configuration.sls
+++ b/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_websocket_configuration.sls
@@ -15,9 +15,11 @@ nginx:
servers:
managed:
- arvados_websocket_ssl:
+ arvados_websocket_ssl.conf:
enabled: true
overwrite: true
+ requires:
+ __CERT_REQUIRES__
config:
- server:
- server_name: __HOSTNAME_EXT__
@@ -39,6 +41,8 @@ nginx:
- client_max_body_size: 64M
- proxy_http_version: '1.1'
- proxy_request_buffering: 'off'
- - include: 'snippets/arvados-snakeoil.conf'
+ - include: snippets/ssl_hardening_default.conf
+ - ssl_certificate: __CERT_PEM__
+ - ssl_certificate_key: __CERT_KEY__
- access_log: /var/log/nginx/ws.__CLUSTER__.__DOMAIN__.access.log combined
- error_log: /var/log/nginx/ws.__CLUSTER__.__DOMAIN__.error.log
diff --git a/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_workbench2_configuration.sls b/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_workbench2_configuration.sls
index 462443c1f..8e4b9b4aa 100644
--- a/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_workbench2_configuration.sls
+++ b/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_workbench2_configuration.sls
@@ -13,9 +13,11 @@ nginx:
### SITES
servers:
managed:
- arvados_workbench2_ssl:
+ arvados_workbench2_ssl.conf:
enabled: true
overwrite: true
+ requires:
+ __CERT_REQUIRES__
config:
- server:
- server_name: __HOSTNAME_EXT__
@@ -29,6 +31,8 @@ nginx:
- return: 503
- location /config.json:
- return: {{ "200 '" ~ '{"API_HOST":"__HOSTNAME_EXT__:__CONTROLLER_EXT_SSL_PORT__"}' ~ "'" }}
- - include: 'snippets/arvados-snakeoil.conf'
+ - include: snippets/ssl_hardening_default.conf
+ - ssl_certificate: __CERT_PEM__
+ - ssl_certificate_key: __CERT_KEY__
- access_log: /var/log/nginx/workbench2.__CLUSTER__.__DOMAIN__.access.log combined
- error_log: /var/log/nginx/workbench2.__CLUSTER__.__DOMAIN__.error.log
diff --git a/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_workbench_configuration.sls b/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_workbench_configuration.sls
index 9ed6e3b87..cb7feeab1 100644
--- a/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_workbench_configuration.sls
+++ b/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_workbench_configuration.sls
@@ -22,9 +22,11 @@ nginx:
### SITES
servers:
managed:
- arvados_workbench_ssl:
+ arvados_workbench_ssl.conf:
enabled: true
overwrite: true
+ requires:
+ __CERT_REQUIRES__
config:
- server:
- server_name: __HOSTNAME_EXT__
@@ -40,7 +42,9 @@ nginx:
- proxy_set_header: 'Host $http_host'
- proxy_set_header: 'X-Real-IP $remote_addr'
- proxy_set_header: 'X-Forwarded-For $proxy_add_x_forwarded_for'
- - include: 'snippets/arvados-snakeoil.conf'
+ - include: snippets/ssl_hardening_default.conf
+ - ssl_certificate: __CERT_PEM__
+ - ssl_certificate_key: __CERT_KEY__
- access_log: /var/log/nginx/workbench.__CLUSTER__.__DOMAIN__.access.log combined
- error_log: /var/log/nginx/workbench.__CLUSTER__.__DOMAIN__.error.log
diff --git a/tools/salt-install/config_examples/single_host/single_hostname/states/custom_certs.sls b/tools/salt-install/config_examples/single_host/single_hostname/states/custom_certs.sls
new file mode 100644
index 000000000..3b2be59f3
--- /dev/null
+++ b/tools/salt-install/config_examples/single_host/single_hostname/states/custom_certs.sls
@@ -0,0 +1,33 @@
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: Apache-2.0
+
+{%- set orig_cert_dir = salt['pillar.get']('extra_custom_certs_dir', '/srv/salt/certs') %}
+{%- set dest_cert_dir = '/etc/nginx/ssl' %}
+{%- set certs = salt['pillar.get']('extra_custom_certs', []) %}
+
+{% if certs %}
+extra_custom_certs_file_directory_certs_dir:
+ file.directory:
+ - name: /etc/nginx/ssl
+ - require:
+ - pkg: nginx_install
+
+ {%- for cert in certs %}
+ {%- set cert_file = 'arvados-' ~ cert ~ '.pem' %}
+ {#- set csr_file = 'arvados-' ~ cert ~ '.csr' #}
+ {%- set key_file = 'arvados-' ~ cert ~ '.key' %}
+ {% for c in [cert_file, key_file] %}
+extra_custom_certs_file_copy_{{ c }}:
+ file.copy:
+ - name: {{ dest_cert_dir }}/{{ c }}
+ - source: {{ orig_cert_dir }}/{{ c }}
+ - force: true
+ - user: root
+ - group: root
+ - unless: cmp {{ dest_cert_dir }}/{{ c }} {{ orig_cert_dir }}/{{ c }}
+ - require:
+ - file: extra_custom_certs_file_directory_certs_dir
+ {%- endfor %}
+ {%- endfor %}
+{%- endif %}
diff --git a/tools/salt-install/config_examples/single_host/single_hostname/states/snakeoil_certs.sls b/tools/salt-install/config_examples/single_host/single_hostname/states/snakeoil_certs.sls
index b6929fb88..e97da2386 100644
--- a/tools/salt-install/config_examples/single_host/single_hostname/states/snakeoil_certs.sls
+++ b/tools/salt-install/config_examples/single_host/single_hostname/states/snakeoil_certs.sls
@@ -2,11 +2,16 @@
#
# SPDX-License-Identifier: Apache-2.0
+# WARNING: This file is only used for testing purposes, and should not be used
+# in a production environment
+
{%- set curr_tpldir = tpldir %}
{%- set tpldir = 'arvados' %}
{%- from "arvados/map.jinja" import arvados with context %}
{%- set tpldir = curr_tpldir %}
+{%- set orig_cert_dir = salt['pillar.get']('extra_custom_certs_dir', '/srv/salt/certs') %}
+
include:
- nginx.passenger
- nginx.config
@@ -16,31 +21,49 @@ include:
# we'll keep it simple here.
{%- set arvados_ca_cert_file = '/etc/ssl/private/arvados-snakeoil-ca.pem' %}
{%- set arvados_ca_key_file = '/etc/ssl/private/arvados-snakeoil-ca.key' %}
-{%- set arvados_cert_file = '/etc/ssl/private/arvados-snakeoil-cert.pem' %}
-{%- set arvados_csr_file = '/etc/ssl/private/arvados-snakeoil-cert.csr' %}
-{%- set arvados_key_file = '/etc/ssl/private/arvados-snakeoil-cert.key' %}
{%- if grains.get('os_family') == 'Debian' %}
{%- set arvados_ca_cert_dest = '/usr/local/share/ca-certificates/arvados-snakeoil-ca.crt' %}
{%- set update_ca_cert = '/usr/sbin/update-ca-certificates' %}
{%- set openssl_conf = '/etc/ssl/openssl.cnf' %}
+
+extra_snakeoil_certs_ssl_cert_pkg_installed:
+ pkg.installed:
+ - name: ssl-cert
+ - require_in:
+ - sls: postgres
+
{%- else %}
{%- set arvados_ca_cert_dest = '/etc/pki/ca-trust/source/anchors/arvados-snakeoil-ca.pem' %}
{%- set update_ca_cert = '/usr/bin/update-ca-trust' %}
{%- set openssl_conf = '/etc/pki/tls/openssl.cnf' %}
+
{%- endif %}
-arvados_test_salt_states_examples_single_host_snakeoil_certs_dependencies_pkg_installed:
+extra_snakeoil_certs_dependencies_pkg_installed:
pkg.installed:
- pkgs:
- openssl
- ca-certificates
-arvados_test_salt_states_examples_single_host_snakeoil_certs_arvados_snake_oil_ca_cmd_run:
+# Remove the RANDFILE parameter in openssl.cnf as it makes openssl fail in Ubuntu 18.04
+# Saving and restoring the rng state is not necessary anymore in the openssl 1.1.1
+# random generator, cf
+# https://github.com/openssl/openssl/issues/7754
+#
+extra_snakeoil_certs_file_comment_etc_openssl_conf:
+ file.comment:
+ - name: /etc/ssl/openssl.cnf
+ - regex: ^RANDFILE.*
+ - onlyif: grep -q ^RANDFILE /etc/ssl/openssl.cnf
+ - require_in:
+ - cmd: extra_snakeoil_certs_arvados_snakeoil_ca_cmd_run
+
+extra_snakeoil_certs_arvados_snakeoil_ca_cmd_run:
# Taken from https://github.com/arvados/arvados/blob/master/tools/arvbox/lib/arvbox/docker/service/certificate/run
cmd.run:
- name: |
- # These dirs are not to CentOS-ish, but this is a helper script
+ # These dirs are not too CentOS-ish, but this is a helper script
# and they should be enough
mkdir -p /etc/ssl/certs/ /etc/ssl/private/ && \
openssl req \
@@ -61,64 +84,56 @@ arvados_test_salt_states_examples_single_host_snakeoil_certs_arvados_snake_oil_c
- test -f {{ arvados_ca_cert_file }}
- openssl verify -CAfile {{ arvados_ca_cert_file }} {{ arvados_ca_cert_file }}
- require:
- - pkg: arvados_test_salt_states_examples_single_host_snakeoil_certs_dependencies_pkg_installed
+ - pkg: extra_snakeoil_certs_dependencies_pkg_installed
+
+{%- set arvados_cert_file = orig_cert_dir ~ '/arvados-__HOSTNAME_EXT__.pem' %}
+{%- set arvados_csr_file = orig_cert_dir ~ '/arvadoos-__HOSTNAME_EXT__.csr' %}
+{%- set arvados_key_file = orig_cert_dir ~ '/arvados-__HOSTNAME_EXT__.key' %}
-arvados_test_salt_states_examples_single_host_snakeoil_certs_arvados_snake_oil_cert_cmd_run:
+extra_snakeoil_certs_arvados_snakeoil_cert___HOSTNAME_EXT___cmd_run:
cmd.run:
- name: |
- cat > /tmp/openssl.cnf <<-CNF
+ cat > /tmp/__HOSTNAME_EXT__.openssl.cnf <<-CNF
[req]
default_bits = 2048
prompt = no
default_md = sha256
- req_extensions = rext
distinguished_name = dn
+ req_extensions = rext
+ [rext]
+ subjectAltName = @alt_names
[dn]
C = CC
ST = Some State
L = Some Location
- O = Arvados Formula
- OU = arvados-formula
+ O = Arvados Provision Example Single Host / Single Hostname
+ OU = arvados-provision-example-single_host_single_hostname
CN = {{ arvados.cluster.name }}.{{ arvados.cluster.domain }}
emailAddress = admin@{{ arvados.cluster.name }}.{{ arvados.cluster.domain }}
- [rext]
- subjectAltName = @alt_names
[alt_names]
{%- for entry in grains.get('ipv4') %}
IP.{{ loop.index }} = {{ entry }}
{%- endfor %}
- {%- for entry in [
- 'keep',
- 'collections',
- 'download',
- 'keepweb',
- 'ws',
- 'workbench',
- 'workbench2',
- ]
- %}
- DNS.{{ loop.index }} = {{ entry }}
- {%- endfor %}
- DNS.8 = {{ arvados.cluster.name }}.{{ arvados.cluster.domain }}
- DNS.9 = '__HOSTNAME_EXT__'
- DNS.10 = '__HOSTNAME_INT__'
+ DNS.1 = {{ arvados.cluster.name }}.{{ arvados.cluster.domain }}
+ DNS.2 = '__HOSTNAME_EXT__'
+ DNS.3 = '__HOSTNAME_INT__'
CNF
# The req
openssl req \
- -config /tmp/openssl.cnf \
+ -config /tmp/__HOSTNAME_EXT__.openssl.cnf \
-new \
-nodes \
-sha256 \
-out {{ arvados_csr_file }} \
- -keyout {{ arvados_key_file }} > /tmp/snake_oil_certs.output 2>&1 && \
+ -keyout {{ arvados_key_file }} > /tmp/snake_oil_certs.__HOSTNAME_EXT__.output 2>&1 && \
# The cert
openssl x509 \
-req \
-days 365 \
-in {{ arvados_csr_file }} \
-out {{ arvados_cert_file }} \
- -extfile /tmp/openssl.cnf \
+ -extfile /tmp/__HOSTNAME_EXT__.openssl.cnf \
-extensions rext \
-CA {{ arvados_ca_cert_file }} \
-CAkey {{ arvados_ca_key_file }} \
@@ -129,27 +144,19 @@ arvados_test_salt_states_examples_single_host_snakeoil_certs_arvados_snake_oil_c
- test -f {{ arvados_key_file }}
- openssl verify -CAfile {{ arvados_ca_cert_file }} {{ arvados_cert_file }}
- require:
- - pkg: arvados_test_salt_states_examples_single_host_snakeoil_certs_dependencies_pkg_installed
- - cmd: arvados_test_salt_states_examples_single_host_snakeoil_certs_arvados_snake_oil_ca_cmd_run
- # We need this before we can add the nginx's snippet
- - require_in:
- - file: nginx_snippet_arvados-snakeoil.conf
-
-{%- if grains.get('os_family') == 'Debian' %}
-arvados_test_salt_states_examples_single_host_snakeoil_certs_ssl_cert_pkg_installed:
- pkg.installed:
- - name: ssl-cert
+ - pkg: extra_snakeoil_certs_dependencies_pkg_installed
+ - cmd: extra_snakeoil_certs_arvados_snakeoil_ca_cmd_run
- require_in:
- - sls: postgres
+ - file: extra_custom_certs_file_copy_arvados-__HOSTNAME_EXT__.pem
+ - file: extra_custom_certs_file_copy_arvados-__HOSTNAME_EXT__.key
-arvados_test_salt_states_examples_single_host_snakeoil_certs_certs_permissions_cmd_run:
+ {%- if grains.get('os_family') == 'Debian' %}
+extra_snakeoil_certs_certs_permissions___HOSTNAME_EXT___cmd_run:
file.managed:
- name: {{ arvados_key_file }}
- owner: root
- group: ssl-cert
- require:
- - cmd: arvados_test_salt_states_examples_single_host_snakeoil_certs_arvados_snake_oil_cert_cmd_run
- - pkg: arvados_test_salt_states_examples_single_host_snakeoil_certs_ssl_cert_pkg_installed
- - require_in:
- - file: nginx_snippet_arvados-snakeoil.conf
-{%- endif %}
+ - cmd: extra_snakeoil_certs_arvados_snakeoil_cert___HOSTNAME_EXT___cmd_run
+ - pkg: extra_snakeoil_certs_ssl_cert_pkg_installed
+ {%- endif %}
diff --git a/tools/salt-install/local.params.example.multiple_hosts b/tools/salt-install/local.params.example.multiple_hosts
index cf960df70..221e7b35e 100644
--- a/tools/salt-install/local.params.example.multiple_hosts
+++ b/tools/salt-install/local.params.example.multiple_hosts
@@ -65,7 +65,7 @@ DATABASE_PASSWORD=please_set_this_to_some_secure_value
#
# See https://doc.arvados.org/intall/salt-multi-host.html for more information.
SSL_MODE="lets-encrypt"
-USE_LETSENCRYPT_IAM_USER="yes"
+USE_LETSENCRYPT_ROUTE53="yes"
# For collections, we need to obtain a wildcard certificate for
# '*.collections.<cluster>.<domain>'. This is only possible through a DNS-01 challenge.
# For that reason, you'll need to provide AWS credentials with permissions to manage
@@ -120,7 +120,7 @@ RELEASE="production"
# Formulas versions
# ARVADOS_TAG="2.2.0"
# POSTGRES_TAG="v0.43.0"
-# NGINX_TAG="temp-fix-missing-statements-in-pillar"
+# NGINX_TAG="v2.8.0"
# DOCKER_TAG="v2.0.7"
# LOCALE_TAG="v0.3.4"
# LETSENCRYPT_TAG="v2.1.0"
diff --git a/tools/salt-install/local.params.example.single_host_multiple_hostnames b/tools/salt-install/local.params.example.single_host_multiple_hostnames
index 0fca600ef..a77cb2457 100644
--- a/tools/salt-install/local.params.example.single_host_multiple_hostnames
+++ b/tools/salt-install/local.params.example.single_host_multiple_hostnames
@@ -92,7 +92,7 @@ RELEASE="production"
# Formulas versions
# ARVADOS_TAG="2.2.0"
# POSTGRES_TAG="v0.43.0"
-# NGINX_TAG="temp-fix-missing-statements-in-pillar"
+# NGINX_TAG="v2.8.0"
# DOCKER_TAG="v2.0.7"
# LOCALE_TAG="v0.3.4"
# LETSENCRYPT_TAG="v2.1.0"
diff --git a/tools/salt-install/local.params.example.single_host_single_hostname b/tools/salt-install/local.params.example.single_host_single_hostname
index de5af681e..1c29a9ef2 100644
--- a/tools/salt-install/local.params.example.single_host_single_hostname
+++ b/tools/salt-install/local.params.example.single_host_single_hostname
@@ -15,8 +15,7 @@ DOMAIN="domain_fixme_or_this_wont_work"
# to access all the instances. Not used in the other examples.
# When using virtualization (ie AWS), this should be
# the EXTERNAL/PUBLIC hostname for the instance.
-# If empty, ${CLUSTER}.${DOMAIN} will be used
-HOSTNAME_EXT=""
+HOSTNAME_EXT="hostname_ext_fixme_or_this_wont_work"
# The internal hostname for the host. In the example files, only used in the
# single_host/single_hostname example
HOSTNAME_INT="127.0.1.1"
@@ -56,6 +55,14 @@ DATABASE_PASSWORD=please_set_this_to_some_secure_value
# See https://doc.arvados.org/intall/salt-single-host.html#certificates for more information.
SSL_MODE="self-signed"
+# If you want to use letsencrypt, set SSL_MODE="lets-encrypt"
+# A single certificate for the external hostname of the host will be retrieved, using
+# "standalone" mode of LE.
+
+# If you going to provide your own certificates for Arvados, the provision script can
+# help you deploy them. In order to do that, you need to set `SSL_MODE=bring-your-own` above,
+# and copy the required certificates under the directory specified in the next line.
+# The certs will be copied from this directory by the provision script.
# The directory to check for the config files (pillars, states) you want to use.
# There are a few examples under 'config_examples'.
# CONFIG_DIR="local_config_dir"
@@ -79,7 +86,7 @@ RELEASE="production"
# Formulas versions
# ARVADOS_TAG="2.2.0"
# POSTGRES_TAG="v0.43.0"
-# NGINX_TAG="temp-fix-missing-statements-in-pillar"
+# NGINX_TAG="v2.8.0"
# DOCKER_TAG="v2.0.7"
# LOCALE_TAG="v0.3.4"
# LETSENCRYPT_TAG="v2.1.0"
diff --git a/tools/salt-install/provision.sh b/tools/salt-install/provision.sh
index 91865ef5d..80a123ff0 100755
--- a/tools/salt-install/provision.sh
+++ b/tools/salt-install/provision.sh
@@ -168,7 +168,6 @@ CLUSTER=""
DOMAIN=""
# Hostnames/IPs used for single-host deploys
-HOSTNAME_EXT=""
HOSTNAME_INT="127.0.1.1"
# Initial user setup
@@ -186,6 +185,7 @@ WORKBENCH1_EXT_SSL_PORT=443
WORKBENCH2_EXT_SSL_PORT=3001
SSL_MODE="self-signed"
+USE_LETSENCRYPT_ROUTE53="no"
CUSTOM_CERTS_DIR="${SCRIPT_DIR}/certs"
## These are ARVADOS-related parameters
@@ -205,7 +205,7 @@ BRANCH="2.3-release"
# Other formula versions we depend on
POSTGRES_TAG="v0.43.0"
-NGINX_TAG="temp-fix-missing-statements-in-pillar"
+NGINX_TAG="v2.8.0"
DOCKER_TAG="v2.0.7"
LOCALE_TAG="v0.3.4"
LETSENCRYPT_TAG="v2.1.0"
@@ -254,7 +254,13 @@ if ! grep -qE '^[[:alnum:]]{5}$' <<<${CLUSTER} ; then
fi
# Only used in single_host/single_name deploys
-if [ "x${HOSTNAME_EXT}" = "x" ] ; then
+if [ ! -z "${HOSTNAME_EXT}" ] ; then
+ # We need to add some extra control vars to manage a single certificate vs. multiple
+ USE_SINGLE_HOSTNAME="yes"
+else
+ USE_SINGLE_HOSTNAME="no"
+ # We set this variable, anyway, so sed lines do not fail and we don't need to add more
+ # conditionals
HOSTNAME_EXT="${CLUSTER}.${DOMAIN}"
fi
@@ -313,18 +319,23 @@ rm -rf ${F_DIR}/* || exit 1
git clone --quiet https://github.com/saltstack-formulas/docker-formula.git ${F_DIR}/docker
( cd docker && git checkout --quiet tags/"${DOCKER_TAG}" -b "${DOCKER_TAG}" )
+echo "...locale"
git clone --quiet https://github.com/saltstack-formulas/locale-formula.git ${F_DIR}/locale
( cd locale && git checkout --quiet tags/"${LOCALE_TAG}" -b "${LOCALE_TAG}" )
-git clone --quiet https://github.com/netmanagers/nginx-formula.git ${F_DIR}/nginx
+echo "...nginx"
+git clone --quiet https://github.com/saltstack-formulas/nginx-formula.git ${F_DIR}/nginx
( cd nginx && git checkout --quiet tags/"${NGINX_TAG}" -b "${NGINX_TAG}" )
+echo "...postgres"
git clone --quiet https://github.com/saltstack-formulas/postgres-formula.git ${F_DIR}/postgres
( cd postgres && git checkout --quiet tags/"${POSTGRES_TAG}" -b "${POSTGRES_TAG}" )
+echo "...letsencrypt"
git clone --quiet https://github.com/saltstack-formulas/letsencrypt-formula.git ${F_DIR}/letsencrypt
( cd letsencrypt && git checkout --quiet tags/"${LETSENCRYPT_TAG}" -b "${LETSENCRYPT_TAG}" )
+echo "...arvados"
git clone --quiet https://git.arvados.org/arvados-formula.git ${F_DIR}/arvados
# If we want to try a specific branch of the formula
@@ -484,7 +495,7 @@ if [ -d "${F_DIR}"/extra/extra ]; then
# In dev mode, we create some snake oil certs that we'll
# use as CUSTOM_CERTS, so we don't skip the states file.
# Same when using self-signed certificates.
- SKIP_SNAKE_OIL="dont_snakeoil_certs"
+ SKIP_SNAKE_OIL="dont_add_snakeoil_certs"
fi
for f in $(ls "${F_DIR}"/extra/extra/*.sls | grep -v ${SKIP_SNAKE_OIL}); do
echo " - extra.$(basename ${f} | sed 's/.sls$//g')" >> ${S_DIR}/top.sls
@@ -502,7 +513,7 @@ if [ -z "${ROLES}" ]; then
echo " - nginx.passenger" >> ${S_DIR}/top.sls
# Currently, only available on config_examples/multi_host/aws
if [ "${SSL_MODE}" = "lets-encrypt" ]; then
- if [ "${USE_LETSENCRYPT_IAM_USER}" != "yes" ]; then
+ if [ "${USE_LETSENCRYPT_ROUTE53}" = "yes" ]; then
grep -q "aws_credentials" ${S_DIR}/top.sls || echo " - extra.aws_credentials" >> ${S_DIR}/top.sls
fi
grep -q "letsencrypt" ${S_DIR}/top.sls || echo " - letsencrypt" >> ${S_DIR}/top.sls
@@ -534,18 +545,25 @@ if [ -z "${ROLES}" ]; then
echo " - nginx_workbench_configuration" >> ${P_DIR}/top.sls
echo " - postgresql" >> ${P_DIR}/top.sls
- # Currently, only available on config_examples/multi_host/aws
if [ "${SSL_MODE}" = "lets-encrypt" ]; then
- if [ "${USE_LETSENCRYPT_IAM_USER}" != "yes" ]; then
+ if [ "${USE_LETSENCRYPT_ROUTE53}" = "yes" ]; then
grep -q "aws_credentials" ${P_DIR}/top.sls || echo " - aws_credentials" >> ${P_DIR}/top.sls
fi
- grep -q "letsencrypt" ${P_DIR}/top.sls || echo " - letsencrypt" >> ${P_DIR}/top.sls
+ grep -q "letsencrypt" ${P_DIR}/top.sls || echo " - letsencrypt" >> ${P_DIR}/top.sls
# As the pillar differ whether we use LE or custom certs, we need to do a final edition on them
- for c in controller websocket workbench workbench2 webshell download collections keepproxy; do
- sed -i "s/__CERT_REQUIRES__/cmd: create-initial-cert-${c}.${CLUSTER}.${DOMAIN}*/g;
- s#__CERT_PEM__#/etc/letsencrypt/live/${c}.${CLUSTER}.${DOMAIN}/fullchain.pem#g;
- s#__CERT_KEY__#/etc/letsencrypt/live/${c}.${CLUSTER}.${DOMAIN}/privkey.pem#g" \
+ for c in controller websocket workbench workbench2 webshell keepweb keepproxy; do
+ if [ "${USE_SINGLE_HOSTNAME}" = "yes" ]; then
+ # Are we in a single-host-single-hostname env?
+ CERT_NAME=${HOSTNAME_EXT}
+ else
+ # We are in a single-host-multiple-hostnames env
+ CERT_NAME=${c}.${CLUSTER}.${DOMAIN}
+ fi
+
+ sed -i "s/__CERT_REQUIRES__/cmd: create-initial-cert-${CERT_NAME}*/g;
+ s#__CERT_PEM__#/etc/letsencrypt/live/${CERT_NAME}/fullchain.pem#g;
+ s#__CERT_KEY__#/etc/letsencrypt/live/${CERT_NAME}/privkey.pem#g" \
${P_DIR}/nginx_${c}_configuration.sls
done
else
@@ -555,14 +573,24 @@ if [ -z "${ROLES}" ]; then
echo "extra_custom_certs_dir: /srv/salt/certs" > ${P_DIR}/extra_custom_certs.sls
echo "extra_custom_certs:" >> ${P_DIR}/extra_custom_certs.sls
- for c in controller websocket workbench workbench2 webshell download collections keepproxy; do
- copy_custom_cert ${CUSTOM_CERTS_DIR} $c
- grep -q ${c} ${P_DIR}/extra_custom_certs.sls || echo " - ${c}" >> ${P_DIR}/extra_custom_certs.sls
-
- # As the pillar differ whether we use LE or custom certs, we need to do a final edition on them
- sed -i "s/__CERT_REQUIRES__/file: extra_custom_certs_file_copy_arvados-${c}.pem/g;
- s#__CERT_PEM__#/etc/nginx/ssl/arvados-${c}.pem#g;
- s#__CERT_KEY__#/etc/nginx/ssl/arvados-${c}.key#g" \
+ # Are we in a single-host-single-hostname env?
+ if [ "${USE_SINGLE_HOSTNAME}" = "yes" ]; then
+ # Are we in a single-host-single-hostname env?
+ CERT_NAME=${HOSTNAME_EXT}
+ else
+ # We are in a multiple-hostnames env
+ CERT_NAME=${c}
+ fi
+ for c in controller websocket workbench workbench2 webshell keepweb keepproxy; do
+ if [ "${SSL_MODE}" = "bring-your-own" ]; then
+ copy_custom_cert ${CUSTOM_CERTS_DIR} $c
+ fi
+ grep -q ${CERT_NAME} ${P_DIR}/extra_custom_certs.sls || echo " - ${CERT_NAME}" >> ${P_DIR}/extra_custom_certs.sls
+
+ # As the pillar differs whether we use LE or custom certs, we need to do a final edition on them
+ sed -i "s/__CERT_REQUIRES__/file: extra_custom_certs_file_copy_arvados-${CERT_NAME}.pem/g;
+ s#__CERT_PEM__#/etc/nginx/ssl/arvados-${CERT_NAME}.pem#g;
+ s#__CERT_KEY__#/etc/nginx/ssl/arvados-${CERT_NAME}.key#g" \
${P_DIR}/nginx_${c}_configuration.sls
done
fi
@@ -597,13 +625,15 @@ else
### after it. So we add this here as we are, after all, sharing the host for api and controller
# Currently, only available on config_examples/multi_host/aws
if [ "${SSL_MODE}" = "lets-encrypt" ]; then
- if [ "${USE_LETSENCRYPT_IAM_USER}" != "yes" ]; then
+ if [ "${USE_LETSENCRYPT_ROUTE53}" = "yes" ]; then
grep -q "aws_credentials" ${S_DIR}/top.sls || echo " - aws_credentials" >> ${S_DIR}/top.sls
fi
grep -q "letsencrypt" ${S_DIR}/top.sls || echo " - letsencrypt" >> ${S_DIR}/top.sls
else
# Use custom certs
- copy_custom_cert ${CUSTOM_CERTS_DIR} controller
+ if [ "${SSL_MODE}" = "bring-your-own" ]; then
+ copy_custom_cert ${CUSTOM_CERTS_DIR} controller
+ fi
grep -q controller ${P_DIR}/extra_custom_certs.sls || echo " - controller" >> ${P_DIR}/extra_custom_certs.sls
fi
grep -q "arvados.${R}" ${S_DIR}/top.sls || echo " - arvados.${R}" >> ${S_DIR}/top.sls
@@ -618,17 +648,21 @@ else
grep -q "nginx.passenger" ${S_DIR}/top.sls || echo " - nginx.passenger" >> ${S_DIR}/top.sls
# Currently, only available on config_examples/multi_host/aws
if [ "${SSL_MODE}" = "lets-encrypt" ]; then
- if [ "x${USE_LETSENCRYPT_IAM_USER}" != "xyes" ]; then
+ if [ "x${USE_LETSENCRYPT_ROUTE53}" = "xyes" ]; then
grep -q "aws_credentials" ${S_DIR}/top.sls || echo " - aws_credentials" >> ${S_DIR}/top.sls
fi
grep -q "letsencrypt" ${S_DIR}/top.sls || echo " - letsencrypt" >> ${S_DIR}/top.sls
else
# Use custom certs, special case for keepweb
if [ ${R} = "keepweb" ]; then
- copy_custom_cert ${CUSTOM_CERTS_DIR} download
- copy_custom_cert ${CUSTOM_CERTS_DIR} collections
+ if [ "${SSL_MODE}" = "bring-your-own" ]; then
+ copy_custom_cert ${CUSTOM_CERTS_DIR} download
+ copy_custom_cert ${CUSTOM_CERTS_DIR} collections
+ fi
else
- copy_custom_cert ${CUSTOM_CERTS_DIR} ${R}
+ if [ "${SSL_MODE}" = "bring-your-own" ]; then
+ copy_custom_cert ${CUSTOM_CERTS_DIR} ${R}
+ fi
fi
fi
# webshell role is just a nginx vhost, so it has no state
@@ -646,7 +680,7 @@ else
# Currently, only available on config_examples/multi_host/aws
if [ "${SSL_MODE}" = "lets-encrypt" ]; then
- if [ "${USE_LETSENCRYPT_IAM_USER}" != "yes" ]; then
+ if [ "${USE_LETSENCRYPT_ROUTE53}" = "yes" ]; then
grep -q "aws_credentials" ${P_DIR}/top.sls || echo " - aws_credentials" >> ${P_DIR}/top.sls
fi
grep -q "letsencrypt" ${P_DIR}/top.sls || echo " - letsencrypt" >> ${P_DIR}/top.sls
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list