[arvados] updated: 2.1.0-2948-geb809e6d4

git repository hosting git at public.arvados.org
Mon Oct 17 19:34:38 UTC 2022


Summary of changes:
 doc/_includes/_download_installer.liquid           |  4 +--
 doc/install/salt-single-host.html.textile.liquid   | 34 ++++++++++++----------
 .../multi_host/aws/states/custom_certs.sls         |  2 +-
 .../multiple_hostnames/pillars/keep_volume.sls     |  7 +++--
 .../single_hostname/pillars/keep_volume.sls        |  7 +++--
 ...l.params.example.single_host_multiple_hostnames |  2 +-
 tools/salt-install/provision.sh                    |  2 +-
 7 files changed, 34 insertions(+), 24 deletions(-)

       via  eb809e6d4f4d81575cf95ee78fc3cf7f2926b3b7 (commit)
      from  87fc5d92f58c370ceeba762abbe2a80ebea450e5 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.


commit eb809e6d4f4d81575cf95ee78fc3cf7f2926b3b7
Author: Peter Amstutz <peter.amstutz at curii.com>
Date:   Mon Oct 17 15:34:25 2022 -0400

    19215: Review fixes
    
    Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <peter.amstutz at curii.com>

diff --git a/doc/_includes/_download_installer.liquid b/doc/_includes/_download_installer.liquid
index d8b6fe0d3..f4ebb68e7 100644
--- a/doc/_includes/_download_installer.liquid
+++ b/doc/_includes/_download_installer.liquid
@@ -9,7 +9,7 @@ SPDX-License-Identifier: CC-BY-SA-3.0
 This is a package-based installation method, however the installation script is currently distributed in source form via @git at . We recommend checking out the git tree on your local workstation, not directly on the target(s) where you want to install and run Arvados.
 
 <notextile>
-<pre><code>git clone https://git.arvados.org/arvados.git
+<pre><code>git clone https://github.com/arvados/arvados.git
 cd arvados
 git checkout {{ branchname }}
 cd tools/salt-install
@@ -29,6 +29,6 @@ cd ~/setup-arvados-${CLUSTER}
 </code></pre>
 </notextile>
 
-This creates a git repository in @~/setup-arvados-xarv1 at .  The @installer.sh@ will record all the configuration changes you make, as well as using @git push@ to synchronize configuration edits across all the nodes.
+This creates a git repository in @~/setup-arvados-xarv1 at .  The @installer.sh@ will record all the configuration changes you make, as well as using @git push@ to synchronize configuration edits if you have multiple nodes.
 
 Important!  All further commands must be run in the @~/setup-arvados-xarv1@
diff --git a/doc/install/salt-single-host.html.textile.liquid b/doc/install/salt-single-host.html.textile.liquid
index 9e61e8d39..47208de6d 100644
--- a/doc/install/salt-single-host.html.textile.liquid
+++ b/doc/install/salt-single-host.html.textile.liquid
@@ -20,8 +20,8 @@ SPDX-License-Identifier: CC-BY-SA-3.0
 # "Configure your authentication provider":#authentication
 # "Further customization of the installation":#further_customization
 # "Begin installation":#installation
-# "Confirm the cluster is working":#test-install
 # "Install the CA root certificate":#ca_root_certificate
+# "Confirm the cluster is working":#test-install
 # "Initial user and login":#initial_user
 # "After the installation":#post_install
 
@@ -87,7 +87,7 @@ h3. Additional prerequisites
 
 # root or passwordless @sudo@ access on the account where you are doing the install
 this usually means adding the account to the @sudo@ group and having a rule like this in @/etc/sudoers.d/arvados_passwordless@ that allows members of group @sudo@ to execute any command without entering a password.
-<pre>%sudo all=(all:all) nopasswd:all</pre>
+<pre>%sudo ALL=(ALL:ALL) NOPASSWD:ALL</pre>
 # @git@ installed on the machine
 # Port 443 reachable by clients
 # For the single-host install, ports 8800-8805 also need to be reachable from your client (configurable in @local.params@, see below)
@@ -145,9 +145,25 @@ Run this in the @~/arvados-setup-xarv1@ directory:
 ./installer.sh deploy
 </pre>
 
+h2(#ca_root_certificate). Install the CA root certificate (SSL_MODE=self-signed only)
+
+*If you are not using self-signed certificates (you selected SSL_MODE=lets-encrypt or SSL_MODE=bring-your-own), skip this section.*
+
+Arvados uses SSL to encrypt communications. The web interface uses AJAX which will silently fail if the certificate is not valid or signed by an unknown Certification Authority.
+
+For this reason, the installer has the option to create its own a root certificate to authorize Arvados services. The installer script will leave a copy of the generated CA's certificate  (something like @xarv1.example.com-arvados-snakeoil-ca.crt@) in the script's directory so you can add it to your workstation.
+
+{% assign ca_cert_name = 'xarv1.example.com-arvados-snakeoil-ca.crt' %}
+
+{% include 'install_ca_cert' %}
+
 h2(#test-install). Confirm the cluster is working
 
-When everything has finished, you can run the diagnostics.
+When everything has finished, you can run the diagnostics.  This requires the `arvados-client` package:
+
+<pre>
+apt-get install arvados-client
+</pre>
 
 Depending on where you are running the installer, you need to provide @-internal-client@ or @-external-client at .
 
@@ -199,18 +215,6 @@ If this happens, you need to
 <pre>dpkg-reconfigure arvados-api-server</pre>
 # Re-run @./installer.sh deploy@ again to synchronize everything, and so that the install steps that need to contact the API server are run successfully.
 
-h2(#ca_root_certificate). Install the CA root certificate (SSL_MODE=self-signed only)
-
-*If you are not using self-signed certificates (you selected SSL_MODE=lets-encrypt or SSL_MODE=bring-your-own), skip this section.*
-
-Arvados uses SSL to encrypt communications. The web interface uses AJAX which will silently fail if the certificate is not valid or signed by an unknown Certification Authority.
-
-For this reason, the installer has the option to create its own a root certificate to authorize Arvados services. The installer script will leave a copy of the generated CA's certificate  (something like @xarv1.example.com-arvados-snakeoil-ca.crt@) in the script's directory so you can add it to your workstation.
-
-{% assign ca_cert_name = 'xarv1.example.com-arvados-snakeoil-ca.crt' %}
-
-{% include 'install_ca_cert' %}
-
 h2(#initial_user). Initial user and login
 
 At this point you should be able to log into the Arvados cluster. The initial URL for the single hostname install will use the hostname or IP address you put in @HOSTNAME_EXT@:
diff --git a/tools/salt-install/config_examples/multi_host/aws/states/custom_certs.sls b/tools/salt-install/config_examples/multi_host/aws/states/custom_certs.sls
index 3b2be59f3..81352ed0d 100644
--- a/tools/salt-install/config_examples/multi_host/aws/states/custom_certs.sls
+++ b/tools/salt-install/config_examples/multi_host/aws/states/custom_certs.sls
@@ -12,7 +12,7 @@ extra_custom_certs_file_directory_certs_dir:
     - name: /etc/nginx/ssl
     - require:
       - pkg: nginx_install
-
+l
   {%- for cert in certs %}
     {%- set cert_file = 'arvados-' ~ cert ~ '.pem' %}
     {#- set csr_file = 'arvados-' ~ cert ~ '.csr' #}
diff --git a/tools/salt-install/config_examples/single_host/multiple_hostnames/pillars/keep_volume.sls b/tools/salt-install/config_examples/single_host/multiple_hostnames/pillars/keep_volume.sls
index 9af20eb9a..6f3d7730e 100644
--- a/tools/salt-install/config_examples/single_host/multiple_hostnames/pillars/keep_volume.sls
+++ b/tools/salt-install/config_examples/single_host/multiple_hostnames/pillars/keep_volume.sls
@@ -2,9 +2,12 @@
 #
 # SPDX-License-Identifier: AGPL-3.0
 
-/var/lib/arvados/keep:
+var_lib_arvados_keep_dir:
   file.directory:
+    - name: /var/lib/arvados/keep
     - user: root
     - group: root
     - mode: '0770'
-    - makedirs: True
+    - makedirs: true
+    - require_in:
+      - pkg: {{ arvados.keepstore.pkg.name }}
diff --git a/tools/salt-install/config_examples/single_host/single_hostname/pillars/keep_volume.sls b/tools/salt-install/config_examples/single_host/single_hostname/pillars/keep_volume.sls
index 9af20eb9a..6f3d7730e 100644
--- a/tools/salt-install/config_examples/single_host/single_hostname/pillars/keep_volume.sls
+++ b/tools/salt-install/config_examples/single_host/single_hostname/pillars/keep_volume.sls
@@ -2,9 +2,12 @@
 #
 # SPDX-License-Identifier: AGPL-3.0
 
-/var/lib/arvados/keep:
+var_lib_arvados_keep_dir:
   file.directory:
+    - name: /var/lib/arvados/keep
     - user: root
     - group: root
     - mode: '0770'
-    - makedirs: True
+    - makedirs: true
+    - require_in:
+      - pkg: {{ arvados.keepstore.pkg.name }}
diff --git a/tools/salt-install/local.params.example.single_host_multiple_hostnames b/tools/salt-install/local.params.example.single_host_multiple_hostnames
index de2fb4e04..b89ced9b5 100644
--- a/tools/salt-install/local.params.example.single_host_multiple_hostnames
+++ b/tools/salt-install/local.params.example.single_host_multiple_hostnames
@@ -19,7 +19,7 @@ DEPLOY_USER=root
 # installer.sh will log in to each of these nodes and then provision
 # it for the specified roles.
 NODES=(
-  [localhost]=database,api,controller,websocket,dispatcher,keepbalance,keepstore,keepproxy,keepweb,workbench,workbench2,webshell,shell
+  [localhost]=''
 )
 
 # External ports used by the Arvados services
diff --git a/tools/salt-install/provision.sh b/tools/salt-install/provision.sh
index 74bc16493..f9566a03d 100755
--- a/tools/salt-install/provision.sh
+++ b/tools/salt-install/provision.sh
@@ -831,7 +831,7 @@ if [ "${DUMP_CONFIG}" = "yes" ]; then
 fi
 
 # Now run the install
-salt-call --local state.apply -l ${LOG_LEVEL}
+salt-call --state-output=mixed --local state.apply -l ${LOG_LEVEL}
 
 # Finally, make sure that /etc/hosts is not overwritten on reboot
 if [ -d /etc/cloud/cloud.cfg.d ]; then

-----------------------------------------------------------------------


hooks/post-receive
-- 




More information about the arvados-commits mailing list