[ARVADOS] updated: 2.3.2-14-g41e6ddfb6
Git user
git at public.arvados.org
Fri Jan 21 20:25:44 UTC 2022
Summary of changes:
doc/_includes/_install_custom_certificates.liquid | 2 +-
doc/install/salt-multi-host.html.textile.liquid | 2 ++
doc/install/salt-single-host.html.textile.liquid | 2 ++
.../local.params.example.single_host_multiple_hostnames | 15 +++++++++------
.../local.params.example.single_host_single_hostname | 15 +++++++++------
5 files changed, 23 insertions(+), 13 deletions(-)
via 41e6ddfb673652c14020145e122d54dc6d5ba8ec (commit)
from 696f8623133576ddb3fc61f00fbdcccfecdf4fb2 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
commit 41e6ddfb673652c14020145e122d54dc6d5ba8ec
Author: Ward Vandewege <ward at curii.com>
Date: Fri Jan 21 15:16:32 2022 -0500
Documentation tweaks for the Salt installer.
refs #18658
Arvados-DCO-1.1-Signed-off-by: Ward Vandewege <ward at curii.com>
diff --git a/doc/_includes/_install_custom_certificates.liquid b/doc/_includes/_install_custom_certificates.liquid
index 74bc009b8..4a4aff5cf 100644
--- a/doc/_includes/_install_custom_certificates.liquid
+++ b/doc/_includes/_install_custom_certificates.liquid
@@ -17,7 +17,7 @@ The script expects cert/key files with these basenames (matching the role except
* "collections" # Part of keepweb
* "keepproxy"
-Ie., for 'keepproxy', the script will lookup for
+Ie., for 'keepproxy', the script will look for
<notextile>
<pre><code>${CUSTOM_CERTS_DIR}/keepproxy.crt
diff --git a/doc/install/salt-multi-host.html.textile.liquid b/doc/install/salt-multi-host.html.textile.liquid
index 83a60c9fe..c3d6a92b5 100644
--- a/doc/install/salt-multi-host.html.textile.liquid
+++ b/doc/install/salt-multi-host.html.textile.liquid
@@ -121,6 +121,8 @@ When you finished customizing the configuration, you are ready to copy the files
<notextile>
<pre><code>scp -r provision.sh local* user at host:
+# if you use custom certificates (not Let's Encrypt), make sure to copy those too:
+# scp -r certs user at host:
ssh user at host sudo ./provision.sh --roles comma,separated,list,of,roles,to,apply
</code></pre>
</notextile>
diff --git a/doc/install/salt-single-host.html.textile.liquid b/doc/install/salt-single-host.html.textile.liquid
index 9147f25a1..ce70a30d4 100644
--- a/doc/install/salt-single-host.html.textile.liquid
+++ b/doc/install/salt-single-host.html.textile.liquid
@@ -80,6 +80,8 @@ When you finished customizing the configuration, you are ready to copy the files
<notextile>
<pre><code>scp -r provision.sh local* tests user at host:
+# if you use custom certificates (not Let's Encrypt), make sure to copy those too:
+# scp -r certs user at host:
ssh user at host sudo ./provision.sh
</code></pre>
</notextile>
diff --git a/tools/salt-install/local.params.example.single_host_multiple_hostnames b/tools/salt-install/local.params.example.single_host_multiple_hostnames
index 11ebc119f..76e88786b 100644
--- a/tools/salt-install/local.params.example.single_host_multiple_hostnames
+++ b/tools/salt-install/local.params.example.single_host_multiple_hostnames
@@ -40,12 +40,15 @@ WORKBENCH_SECRET_KEY=workbenchsecretkeymushaveatleast32characters
DATABASE_PASSWORD=please_set_this_to_some_secure_value
# SSL CERTIFICATES
-# Arvados REQUIRES valid SSL to work correctly. Otherwise, some components will fail
-# to communicate and can silently drop traffic. You can try to use the Letsencrypt
-# salt formula (https://github.com/saltstack-formulas/letsencrypt-formula) to try to
-# automatically obtain and install SSL certificates for your instances or set this
-# variable to "no", provide and upload your own certificates to the instances and
-# modify the 'nginx_*' salt pillars accordingly (see CUSTOM_CERTS_DIR below)
+# Arvados REQUIRES valid SSL to work correctly. Otherwise, some components will
+# fail to communicate and can silently drop traffic. Set USE_LETSENCRYPT="yes"
+# to use the Let's Encrypt salt formula
+# (https://github.com/saltstack-formulas/letsencrypt-formula) to automatically
+# obtain and install SSL certificates for your hostname(s).
+#
+# Alternatively, set this variable to "no" and provide and upload your own
+# certificates to the instances and modify the 'nginx_*' salt pillars
+# accordingly
USE_LETSENCRYPT="no"
# If you going to provide your own certificates for Arvados, the provision script can
diff --git a/tools/salt-install/local.params.example.single_host_single_hostname b/tools/salt-install/local.params.example.single_host_single_hostname
index ae9804863..fc2db58c0 100644
--- a/tools/salt-install/local.params.example.single_host_single_hostname
+++ b/tools/salt-install/local.params.example.single_host_single_hostname
@@ -49,12 +49,15 @@ WORKBENCH_SECRET_KEY=workbenchsecretkeymushaveatleast32characters
DATABASE_PASSWORD=please_set_this_to_some_secure_value
# SSL CERTIFICATES
-# Arvados REQUIRES valid SSL to work correctly. Otherwise, some components will fail
-# to communicate and can silently drop traffic. You can try to use the Letsencrypt
-# salt formula (https://github.com/saltstack-formulas/letsencrypt-formula) to try to
-# automatically obtain and install SSL certificates for your instances or set this
-# variable to "no", provide and upload your own certificates to the instances and
-# modify the 'nginx_*' salt pillars accordingly
+# Arvados REQUIRES valid SSL to work correctly. Otherwise, some components will
+# fail to communicate and can silently drop traffic. Set USE_LETSENCRYPT="yes"
+# to use the Let's Encrypt salt formula
+# (https://github.com/saltstack-formulas/letsencrypt-formula) to automatically
+# obtain and install SSL certificates for your hostname(s).
+#
+# Alternatively, set this variable to "no" and provide and upload your own
+# certificates to the instances and modify the 'nginx_*' salt pillars
+# accordingly
USE_LETSENCRYPT="no"
# The directory to check for the config files (pillars, states) you want to use.
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list