[ARVADOS] updated: 2.1.0-2030-gc110a9aee
Git user
git at public.arvados.org
Fri Mar 4 22:57:51 UTC 2022
Summary of changes:
tools/salt-install/Vagrantfile | 1 +
.../single_hostname/pillars/arvados.sls | 20 ++++++++++++++++--
.../pillars/nginx_api_configuration.sls | 8 +++++++-
.../pillars/nginx_workbench2_configuration.sls | 24 ++++++++++++++++++++--
.../pillars/nginx_workbench_configuration.sls | 22 +++++++++++++++++++-
.../single_hostname/pillars/postgresql.sls | 21 +++++++++++++++++++
6 files changed, 90 insertions(+), 6 deletions(-)
via c110a9aeed738f1b2dd456950a8ee3018cd97fed (commit)
via 04a56574e56f19b7479385d05ab1d9253c240550 (commit)
via 4d6c3aec922838e8ad25b6b8ce229bf607a14de0 (commit)
via f258b604f831bb3bd7fab506c670b975ae8e4118 (commit)
from a4e945b6d279443e53af95cdf806a1c1339a76b8 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
commit c110a9aeed738f1b2dd456950a8ee3018cd97fed
Merge: a4e945b6d 04a56574e
Author: Javier Bértoli <jbertoli at curii.com>
Date: Fri Mar 4 19:55:40 2022 -0300
Merge branch '18830-fix-centos-7-provisioning'
closes #18830
Arvados-DCO-1.1-Signed-off-by: Javier Bértoli <jbertoli at curii.com>
commit 04a56574e56f19b7479385d05ab1d9253c240550
Author: Javier Bértoli <jbertoli at curii.com>
Date: Fri Mar 4 17:37:17 2022 -0300
18830: address review comments
Arvados-DCO-1.1-Signed-off-by: Javier Bértoli <jbertoli at curii.com>
diff --git a/tools/salt-install/config_examples/single_host/single_hostname/pillars/postgresql.sls b/tools/salt-install/config_examples/single_host/single_hostname/pillars/postgresql.sls
index 7f4a9ca71..a69b88cb1 100644
--- a/tools/salt-install/config_examples/single_host/single_hostname/pillars/postgresql.sls
+++ b/tools/salt-install/config_examples/single_host/single_hostname/pillars/postgresql.sls
@@ -26,9 +26,11 @@ postgres:
{%- endif %}
postgresconf: |-
listen_addresses = '*' # listen on all interfaces
- #ssl = on
- #ssl_cert_file = '/etc/ssl/certs/arvados-snakeoil-cert.pem'
- #ssl_key_file = '/etc/ssl/private/arvados-snakeoil-cert.key'
+ # If you want to enable communications' encryption to the DB server,
+ # uncomment these entries
+ # ssl = on
+ # ssl_cert_file = '/etc/ssl/certs/arvados-snakeoil-cert.pem'
+ # ssl_key_file = '/etc/ssl/private/arvados-snakeoil-cert.key'
acls:
- ['local', 'all', 'postgres', 'peer']
- ['local', 'all', 'all', 'peer']
commit 4d6c3aec922838e8ad25b6b8ce229bf607a14de0
Author: Javier Bértoli <jbertoli at curii.com>
Date: Thu Mar 3 20:27:48 2022 -0300
18830: fix installer's postgresql pillar for single-host / single-hostname
Arvados-DCO-1.1-Signed-off-by: Javier Bértoli <jbertoli at curii.com>
diff --git a/tools/salt-install/config_examples/single_host/single_hostname/pillars/postgresql.sls b/tools/salt-install/config_examples/single_host/single_hostname/pillars/postgresql.sls
index caafb7b2d..7f4a9ca71 100644
--- a/tools/salt-install/config_examples/single_host/single_hostname/pillars/postgresql.sls
+++ b/tools/salt-install/config_examples/single_host/single_hostname/pillars/postgresql.sls
@@ -5,11 +5,30 @@
### POSTGRESQL
postgres:
+ # Centos-7's postgres package is too old, so we need to force using upstream's
+ # This is not required in Debian's family as they already ship with PG +11
+ {%- if salt['grains.get']('os_family') == 'RedHat' %}
+ use_upstream_repo: true
+ version: '12'
+
+ pkgs_deps:
+ - libicu
+ - libxslt
+ - systemd-sysv
+
+ pkgs_extra:
+ - postgresql12-contrib
+
+ {%- else %}
use_upstream_repo: false
pkgs_extra:
- postgresql-contrib
+ {%- endif %}
postgresconf: |-
listen_addresses = '*' # listen on all interfaces
+ #ssl = on
+ #ssl_cert_file = '/etc/ssl/certs/arvados-snakeoil-cert.pem'
+ #ssl_key_file = '/etc/ssl/private/arvados-snakeoil-cert.key'
acls:
- ['local', 'all', 'postgres', 'peer']
- ['local', 'all', 'all', 'peer']
commit f258b604f831bb3bd7fab506c670b975ae8e4118
Author: Javier Bértoli <jbertoli at curii.com>
Date: Thu Mar 3 15:52:24 2022 -0300
18830: fix nginx parameters for single-host/single-hostname provisioning
Arvados-DCO-1.1-Signed-off-by: Javier Bértoli <jbertoli at curii.com>
diff --git a/tools/salt-install/Vagrantfile b/tools/salt-install/Vagrantfile
index 27f1591c8..a8dd34534 100644
--- a/tools/salt-install/Vagrantfile
+++ b/tools/salt-install/Vagrantfile
@@ -81,6 +81,7 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
inline: "cp -vr /vagrant/config_examples/single_host/single_hostname /home/vagrant/local_config_dir;
cp -vr /vagrant/tests /home/vagrant/tests;
sed 's#HOSTNAME_EXT=\"hostname_ext_fixme_or_this_wont_work\"#HOSTNAME_EXT=\"zeppo.local\"#g;
+ 's#IP_INT=\"ip_int_fixme_or_this_wont_work\"#IP_INT=\"127.0.0.1\"#g;
s#cluster_fixme_or_this_wont_work#zeppo#g;
s#domain_fixme_or_this_wont_work#local#g;' \
/vagrant/local.params.example.single_host_single_hostname > /tmp/local.params.single_host_single_hostname"
diff --git a/tools/salt-install/config_examples/single_host/single_hostname/pillars/arvados.sls b/tools/salt-install/config_examples/single_host/single_hostname/pillars/arvados.sls
index 334edb946..8b8e4f7f9 100644
--- a/tools/salt-install/config_examples/single_host/single_hostname/pillars/arvados.sls
+++ b/tools/salt-install/config_examples/single_host/single_hostname/pillars/arvados.sls
@@ -1,3 +1,5 @@
+# -*- coding: utf-8 -*-
+# vim: ft=yaml
---
# Copyright (C) The Arvados Authors. All rights reserved.
#
@@ -67,8 +69,15 @@ arvados:
host: 127.0.0.1
password: "__DATABASE_PASSWORD__"
user: __CLUSTER___arvados
- encoding: en_US.utf8
- client_encoding: UTF8
+ extra_conn_params:
+ client_encoding: UTF8
+ # Centos7 does not enable SSL by default, so we disable
+ # it here just for testing of the formula purposes only.
+ # You should not do this in production, and should
+ # configure Postgres certificates correctly
+ {%- if grains.os_family in ('RedHat',) %}
+ sslmode: disable
+ {%- endif %}
tls:
# certificate: ''
@@ -76,6 +85,13 @@ arvados:
# When using arvados-snakeoil certs set insecure: true
insecure: true
+ resources:
+ virtual_machines:
+ shell:
+ name: webshell
+ backend: 127.0.1.1
+ port: 4200
+
### TOKENS
tokens:
system_root: __SYSTEM_ROOT_TOKEN__
diff --git a/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_api_configuration.sls b/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_api_configuration.sls
index ac3ba99f1..04195ae5b 100644
--- a/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_api_configuration.sls
+++ b/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_api_configuration.sls
@@ -3,10 +3,16 @@
#
# SPDX-License-Identifier: AGPL-3.0
+{%- if grains.os_family in ('RedHat',) %}
+ {%- set group = 'nginx' %}
+{%- else %}
+ {%- set group = 'www-data' %}
+{%- endif %}
+
### ARVADOS
arvados:
config:
- group: www-data
+ group: {{ group }}
### NGINX
nginx:
diff --git a/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_workbench2_configuration.sls b/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_workbench2_configuration.sls
index 8e4b9b4aa..d28fe8027 100644
--- a/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_workbench2_configuration.sls
+++ b/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_workbench2_configuration.sls
@@ -1,18 +1,38 @@
---
# Copyright (C) The Arvados Authors. All rights reserved.
#
-# SPDX-License-Identifier: AGPL-3.0
+# SPDX-License-Identifier: Apache-2.0
+
+{%- if grains.os_family in ('RedHat',) %}
+ {%- set group = 'nginx' %}
+{%- else %}
+ {%- set group = 'www-data' %}
+{%- endif %}
### ARVADOS
arvados:
config:
- group: www-data
+ group: {{ group }}
### NGINX
nginx:
### SITES
servers:
managed:
+ ### DEFAULT
+ arvados_workbench2_default.conf:
+ enabled: true
+ overwrite: true
+ config:
+ - server:
+ - server_name: workbench2.__CLUSTER__.__DOMAIN__
+ - listen:
+ - 80
+ - location /.well-known:
+ - root: /var/www
+ - location /:
+ - return: '301 https://$host$request_uri'
+
arvados_workbench2_ssl.conf:
enabled: true
overwrite: true
diff --git a/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_workbench_configuration.sls b/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_workbench_configuration.sls
index 3477c0275..59fb43e57 100644
--- a/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_workbench_configuration.sls
+++ b/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_workbench_configuration.sls
@@ -3,10 +3,16 @@
#
# SPDX-License-Identifier: AGPL-3.0
+{%- if grains.os_family in ('RedHat',) %}
+ {%- set group = 'nginx' %}
+{%- else %}
+ {%- set group = 'www-data' %}
+{%- endif %}
+
### ARVADOS
arvados:
config:
- group: www-data
+ group: {{ group }}
### NGINX
nginx:
@@ -22,6 +28,20 @@ nginx:
### SITES
servers:
managed:
+ ### DEFAULT
+ arvados_workbench_default.conf:
+ enabled: true
+ overwrite: true
+ config:
+ - server:
+ - server_name: workbench.__CLUSTER__.__DOMAIN__
+ - listen:
+ - 80
+ - location /.well-known:
+ - root: /var/www
+ - location /:
+ - return: '301 https://$host$request_uri'
+
arvados_workbench_ssl.conf:
enabled: true
overwrite: true
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list