[ARVADOS] updated: 2.3.2-47-g5e1b2e671

Git user git at public.arvados.org
Tue Mar 1 17:51:19 UTC 2022


Summary of changes:
 doc/_includes/_install_custom_certificates.liquid | 2 ++
 tools/salt-install/provision.sh                   | 8 ++++++++
 2 files changed, 10 insertions(+)

       via  5e1b2e671d0e5a6d219b71711cfb4b028ef1e233 (commit)
       via  d08b31d38ffa0c749970d180e609bc2a82f9915e (commit)
      from  ec3e2323aa4f6e452d60f7dfa1f33840a5772c63 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.


commit 5e1b2e671d0e5a6d219b71711cfb4b028ef1e233
Author: Ward Vandewege <ward at curii.com>
Date:   Tue Mar 1 12:50:55 2022 -0500

    18785: add explicit test that IP_INT is set correctly in the single host
           case.
    
    Arvados-DCO-1.1-Signed-off-by: Ward Vandewege <ward at curii.com>

diff --git a/tools/salt-install/provision.sh b/tools/salt-install/provision.sh
index e1f6db0ed..ca857af25 100755
--- a/tools/salt-install/provision.sh
+++ b/tools/salt-install/provision.sh
@@ -257,6 +257,14 @@ fi
 if [ ! -z "${HOSTNAME_EXT}" ] ; then
   # We need to add some extra control vars to manage a single certificate vs. multiple
   USE_SINGLE_HOSTNAME="yes"
+  # Make sure that the value configured as IP_INT is a real IP on the system.
+  # If we don't error out early here when there is a mismatch, the formula will
+  # fail with hard to interpret nginx errors later on.
+  ip addr list |grep -q " ${IP_INT}/"
+  if [[ $? -ne 0 ]]; then
+    echo "Unable to find the IP_INT address '${IP_INT}' on the system, please correct the value in local.params. Exiting..."
+    exit 1
+  fi
 else
   USE_SINGLE_HOSTNAME="no"
   # We set this variable, anyway, so sed lines do not fail and we don't need to add more

commit d08b31d38ffa0c749970d180e609bc2a82f9915e
Author: Ward Vandewege <ward at curii.com>
Date:   Tue Mar 1 12:44:25 2022 -0500

    18785: documentation: mention the possible need for chained certificates
           in the bring-your-own certificates case.
    
    Arvados-DCO-1.1-Signed-off-by: Ward Vandewege <ward at curii.com>

diff --git a/doc/_includes/_install_custom_certificates.liquid b/doc/_includes/_install_custom_certificates.liquid
index 80878c049..da6725976 100644
--- a/doc/_includes/_install_custom_certificates.liquid
+++ b/doc/_includes/_install_custom_certificates.liquid
@@ -35,4 +35,6 @@ ${CUSTOM_CERTS_DIR}/keepproxy.key
 </code></pre>
 </notextile>
 
+All certificate files will be used by nginx. You may need to include intermediate certificates in your certificate files. See "the nginx documentation":http://nginx.org/en/docs/http/configuring_https_servers.html#chains for more details.
+
 Make sure that all the FQDNs that you will use for the public-facing applications (API/controller, Workbench, Keepproxy/Keepweb) are reachable.

-----------------------------------------------------------------------


hooks/post-receive
-- 




More information about the arvados-commits mailing list