[ARVADOS] updated: 2.1.0-2109-g07440bacc

Git user git at public.arvados.org
Thu Mar 31 00:16:33 UTC 2022


Summary of changes:
 tools/salt-install/Vagrantfile                     |  2 +-
 .../aws/states/shell_cron_add_login_sync.sls       | 34 +++-------------------
 2 files changed, 5 insertions(+), 31 deletions(-)

       via  07440bacc85564c7e2e03008336d395480333ff7 (commit)
       via  1105e279fd18b4dabff36f125978213d8c7a08ac (commit)
      from  809668479c6ab182d879ed2aa0cfcae051a5eda7 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.


commit 07440bacc85564c7e2e03008336d395480333ff7
Author: Javier Bértoli <jbertoli at curii.com>
Date:   Wed Mar 30 21:15:29 2022 -0300

    18631: use SystemRootToken for login-sync
    
    Arvados-DCO-1.1-Signed-off-by: Javier Bértoli <jbertoli at curii.com>

diff --git a/tools/salt-install/config_examples/multi_host/aws/states/shell_cron_add_login_sync.sls b/tools/salt-install/config_examples/multi_host/aws/states/shell_cron_add_login_sync.sls
index 70fbe5a62..1f33ca69b 100644
--- a/tools/salt-install/config_examples/multi_host/aws/states/shell_cron_add_login_sync.sls
+++ b/tools/salt-install/config_examples/multi_host/aws/states/shell_cron_add_login_sync.sls
@@ -4,8 +4,8 @@
 
 # This state tries to query the controller using the parameters set in
 # the `arvados.cluster.resources.virtual_machines` pillar, to get the
-# scoped_token for the host and configure the arvados login-sync cron
-# as described in https://doc.arvados.org/v2.0/install/install-shell-server.html
+# ARVADOS_VIRTUAL_MACHINE_UUID for the host and configure the arvados login-sync cron
+# as described in https://doc.arvados.org/main/install/install-shell-server.html
 
 {%- set curr_tpldir = tpldir %}
 {%- set tpldir = 'arvados' %}
@@ -35,15 +35,11 @@ extra_shell_cron_add_login_sync_add_jq_pkg_installed:
          vm_params.backend in [grains['id'], grains['host'], grains['fqdn'], grains['nodename']] +
                                grains['ipv4'] + grains['ipv6'] %}
 
+    # We need to query the VM UUID
     {%- set cmd_query_vm_uuid = 'arv --short virtual_machine list' ~
                                 ' --filters \'[["hostname", "=", "' ~ vm_name ~ '"]]\''
     %}
 
-# We need to use the UUID generated in the previous command to see if there's a
-# scoped token for it. There's no easy way to pass the value from a shellout
-# to another state, so we store it in a temp file and use that in the next
-# command. Flaky, mostly because the `unless` clause is just checking that
-# the file content is a token uuid :|
 extra_shell_cron_add_login_sync_add_{{ vm }}_get_vm_uuid_cmd_run:
   cmd.run:
     - env:
@@ -56,28 +52,6 @@ extra_shell_cron_add_login_sync_add_{{ vm }}_get_vm_uuid_cmd_run:
     - unless:
       - /bin/grep -qE "[a-z0-9]{5}-2x53u-[a-z0-9]{15}" /tmp/vm_uuid_{{ vm }}
 
-  # There's no direct way to query the scoped_token for a given virtual_machine
-  # so we need to parse the api_client_authorization list through some jq
-  {%- set cmd_query_scoped_token_url = 'VM_UUID=$(cat /tmp/vm_uuid_' ~ vm ~ ') && ' ~
-                                       'arv api_client_authorization list | ' ~
-                                       '/usr/bin/jq -e \'.items[]| select(.scopes[] == "GET ' ~
-                                       '/arvados/v1/virtual_machines/\'${VM_UUID}\'/logins") | ' ~
-                                       '.api_token\' | head -1 | tee /tmp/scoped_token_' ~ vm ~ ' && ' ~
-                                       'unset VM_UUID'
-  %}
-
-extra_shell_cron_add_login_sync_add_{{ vm }}_get_scoped_token_cmd_run:
-  cmd.run:
-    - env:
-      - ARVADOS_API_TOKEN: {{ api_token }}
-      - ARVADOS_API_HOST: {{ api_host }}
-      - ARVADOS_API_HOST_INSECURE: {{ arvados.cluster.tls.insecure | default(false) }}
-    - name: {{ cmd_query_scoped_token_url }}
-    - require:
-      - cmd: extra_shell_cron_add_login_sync_add_{{ vm }}_get_vm_uuid_cmd_run
-    - unless:
-      - test -s /tmp/scoped_token_{{ vm }}
-
 extra_shell_cron_add_login_sync_add_{{ vm }}_arvados_api_host_cron_env_present:
   cron.env_present:
     - name: ARVADOS_API_HOST
@@ -86,7 +60,7 @@ extra_shell_cron_add_login_sync_add_{{ vm }}_arvados_api_host_cron_env_present:
 extra_shell_cron_add_login_sync_add_{{ vm }}_arvados_api_token_cron_env_present:
   cron.env_present:
     - name: ARVADOS_API_TOKEN
-    - value: __slot__:salt:cmd.run("cat /tmp/scoped_token_{{ vm }}")
+    - value: {{ api_token }}
 
 extra_shell_cron_add_login_sync_add_{{ vm }}_arvados_api_host_insecure_cron_env_present:
   cron.env_present:
diff --git a/tools/salt-install/config_examples/single_host/single_hostname/states/shell_cron_add_login_sync.sls b/tools/salt-install/config_examples/single_host/single_hostname/states/shell_cron_add_login_sync.sls
index 70fbe5a62..1f33ca69b 100644
--- a/tools/salt-install/config_examples/single_host/single_hostname/states/shell_cron_add_login_sync.sls
+++ b/tools/salt-install/config_examples/single_host/single_hostname/states/shell_cron_add_login_sync.sls
@@ -4,8 +4,8 @@
 
 # This state tries to query the controller using the parameters set in
 # the `arvados.cluster.resources.virtual_machines` pillar, to get the
-# scoped_token for the host and configure the arvados login-sync cron
-# as described in https://doc.arvados.org/v2.0/install/install-shell-server.html
+# ARVADOS_VIRTUAL_MACHINE_UUID for the host and configure the arvados login-sync cron
+# as described in https://doc.arvados.org/main/install/install-shell-server.html
 
 {%- set curr_tpldir = tpldir %}
 {%- set tpldir = 'arvados' %}
@@ -35,15 +35,11 @@ extra_shell_cron_add_login_sync_add_jq_pkg_installed:
          vm_params.backend in [grains['id'], grains['host'], grains['fqdn'], grains['nodename']] +
                                grains['ipv4'] + grains['ipv6'] %}
 
+    # We need to query the VM UUID
     {%- set cmd_query_vm_uuid = 'arv --short virtual_machine list' ~
                                 ' --filters \'[["hostname", "=", "' ~ vm_name ~ '"]]\''
     %}
 
-# We need to use the UUID generated in the previous command to see if there's a
-# scoped token for it. There's no easy way to pass the value from a shellout
-# to another state, so we store it in a temp file and use that in the next
-# command. Flaky, mostly because the `unless` clause is just checking that
-# the file content is a token uuid :|
 extra_shell_cron_add_login_sync_add_{{ vm }}_get_vm_uuid_cmd_run:
   cmd.run:
     - env:
@@ -56,28 +52,6 @@ extra_shell_cron_add_login_sync_add_{{ vm }}_get_vm_uuid_cmd_run:
     - unless:
       - /bin/grep -qE "[a-z0-9]{5}-2x53u-[a-z0-9]{15}" /tmp/vm_uuid_{{ vm }}
 
-  # There's no direct way to query the scoped_token for a given virtual_machine
-  # so we need to parse the api_client_authorization list through some jq
-  {%- set cmd_query_scoped_token_url = 'VM_UUID=$(cat /tmp/vm_uuid_' ~ vm ~ ') && ' ~
-                                       'arv api_client_authorization list | ' ~
-                                       '/usr/bin/jq -e \'.items[]| select(.scopes[] == "GET ' ~
-                                       '/arvados/v1/virtual_machines/\'${VM_UUID}\'/logins") | ' ~
-                                       '.api_token\' | head -1 | tee /tmp/scoped_token_' ~ vm ~ ' && ' ~
-                                       'unset VM_UUID'
-  %}
-
-extra_shell_cron_add_login_sync_add_{{ vm }}_get_scoped_token_cmd_run:
-  cmd.run:
-    - env:
-      - ARVADOS_API_TOKEN: {{ api_token }}
-      - ARVADOS_API_HOST: {{ api_host }}
-      - ARVADOS_API_HOST_INSECURE: {{ arvados.cluster.tls.insecure | default(false) }}
-    - name: {{ cmd_query_scoped_token_url }}
-    - require:
-      - cmd: extra_shell_cron_add_login_sync_add_{{ vm }}_get_vm_uuid_cmd_run
-    - unless:
-      - test -s /tmp/scoped_token_{{ vm }}
-
 extra_shell_cron_add_login_sync_add_{{ vm }}_arvados_api_host_cron_env_present:
   cron.env_present:
     - name: ARVADOS_API_HOST
@@ -86,7 +60,7 @@ extra_shell_cron_add_login_sync_add_{{ vm }}_arvados_api_host_cron_env_present:
 extra_shell_cron_add_login_sync_add_{{ vm }}_arvados_api_token_cron_env_present:
   cron.env_present:
     - name: ARVADOS_API_TOKEN
-    - value: __slot__:salt:cmd.run("cat /tmp/scoped_token_{{ vm }}")
+    - value: {{ api_token }}
 
 extra_shell_cron_add_login_sync_add_{{ vm }}_arvados_api_host_insecure_cron_env_present:
   cron.env_present:

commit 1105e279fd18b4dabff36f125978213d8c7a08ac
Author: Javier Bértoli <jbertoli at curii.com>
Date:   Wed Mar 30 21:14:33 2022 -0300

    Revert "18631: use SystemRootToken for login-sync"
    
    This reverts commit 809668479c6ab182d879ed2aa0cfcae051a5eda7.
    Arvados-DCO-1.1-Signed-off-by: Javier Bértoli <jbertoli at curii.com>

diff --git a/tools/salt-install/Vagrantfile b/tools/salt-install/Vagrantfile
index 52ba4fefd..b08ff8ffa 100644
--- a/tools/salt-install/Vagrantfile
+++ b/tools/salt-install/Vagrantfile
@@ -89,7 +89,7 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
                                     s#HOSTNAME_EXT=\"hostname_ext_fixme_or_this_wont_work\"#HOSTNAME_EXT=\"cnts7.local\"#g;
                                     s#IP_INT=\"ip_int_fixme_or_this_wont_work\"#IP_INT=\"127.0.0.1\"#g;
                                     s#RELEASE=\"production\"#RELEASE=\"development\"#g;
-                                    s/# BRANCH=\"main\"/BRANCH=\"18631-shell-login-sync\"/g;
+                                    s/# BRANCH=\"main\"/BRANCH=\"main\"/g;
                                     s/# VERSION=.*$/VERSION=\"latest\"/g' \
                                     /vagrant/local.params.example.single_host_single_hostname > /tmp/local.params.single_host_single_hostname"
 
diff --git a/tools/salt-install/config_examples/single_host/single_hostname/states/shell_cron_add_login_sync.sls b/tools/salt-install/config_examples/single_host/single_hostname/states/shell_cron_add_login_sync.sls
index 1f33ca69b..70fbe5a62 100644
--- a/tools/salt-install/config_examples/single_host/single_hostname/states/shell_cron_add_login_sync.sls
+++ b/tools/salt-install/config_examples/single_host/single_hostname/states/shell_cron_add_login_sync.sls
@@ -4,8 +4,8 @@
 
 # This state tries to query the controller using the parameters set in
 # the `arvados.cluster.resources.virtual_machines` pillar, to get the
-# ARVADOS_VIRTUAL_MACHINE_UUID for the host and configure the arvados login-sync cron
-# as described in https://doc.arvados.org/main/install/install-shell-server.html
+# scoped_token for the host and configure the arvados login-sync cron
+# as described in https://doc.arvados.org/v2.0/install/install-shell-server.html
 
 {%- set curr_tpldir = tpldir %}
 {%- set tpldir = 'arvados' %}
@@ -35,11 +35,15 @@ extra_shell_cron_add_login_sync_add_jq_pkg_installed:
          vm_params.backend in [grains['id'], grains['host'], grains['fqdn'], grains['nodename']] +
                                grains['ipv4'] + grains['ipv6'] %}
 
-    # We need to query the VM UUID
     {%- set cmd_query_vm_uuid = 'arv --short virtual_machine list' ~
                                 ' --filters \'[["hostname", "=", "' ~ vm_name ~ '"]]\''
     %}
 
+# We need to use the UUID generated in the previous command to see if there's a
+# scoped token for it. There's no easy way to pass the value from a shellout
+# to another state, so we store it in a temp file and use that in the next
+# command. Flaky, mostly because the `unless` clause is just checking that
+# the file content is a token uuid :|
 extra_shell_cron_add_login_sync_add_{{ vm }}_get_vm_uuid_cmd_run:
   cmd.run:
     - env:
@@ -52,6 +56,28 @@ extra_shell_cron_add_login_sync_add_{{ vm }}_get_vm_uuid_cmd_run:
     - unless:
       - /bin/grep -qE "[a-z0-9]{5}-2x53u-[a-z0-9]{15}" /tmp/vm_uuid_{{ vm }}
 
+  # There's no direct way to query the scoped_token for a given virtual_machine
+  # so we need to parse the api_client_authorization list through some jq
+  {%- set cmd_query_scoped_token_url = 'VM_UUID=$(cat /tmp/vm_uuid_' ~ vm ~ ') && ' ~
+                                       'arv api_client_authorization list | ' ~
+                                       '/usr/bin/jq -e \'.items[]| select(.scopes[] == "GET ' ~
+                                       '/arvados/v1/virtual_machines/\'${VM_UUID}\'/logins") | ' ~
+                                       '.api_token\' | head -1 | tee /tmp/scoped_token_' ~ vm ~ ' && ' ~
+                                       'unset VM_UUID'
+  %}
+
+extra_shell_cron_add_login_sync_add_{{ vm }}_get_scoped_token_cmd_run:
+  cmd.run:
+    - env:
+      - ARVADOS_API_TOKEN: {{ api_token }}
+      - ARVADOS_API_HOST: {{ api_host }}
+      - ARVADOS_API_HOST_INSECURE: {{ arvados.cluster.tls.insecure | default(false) }}
+    - name: {{ cmd_query_scoped_token_url }}
+    - require:
+      - cmd: extra_shell_cron_add_login_sync_add_{{ vm }}_get_vm_uuid_cmd_run
+    - unless:
+      - test -s /tmp/scoped_token_{{ vm }}
+
 extra_shell_cron_add_login_sync_add_{{ vm }}_arvados_api_host_cron_env_present:
   cron.env_present:
     - name: ARVADOS_API_HOST
@@ -60,7 +86,7 @@ extra_shell_cron_add_login_sync_add_{{ vm }}_arvados_api_host_cron_env_present:
 extra_shell_cron_add_login_sync_add_{{ vm }}_arvados_api_token_cron_env_present:
   cron.env_present:
     - name: ARVADOS_API_TOKEN
-    - value: {{ api_token }}
+    - value: __slot__:salt:cmd.run("cat /tmp/scoped_token_{{ vm }}")
 
 extra_shell_cron_add_login_sync_add_{{ vm }}_arvados_api_host_insecure_cron_env_present:
   cron.env_present:

-----------------------------------------------------------------------


hooks/post-receive
-- 




More information about the arvados-commits mailing list