[arvados] updated: 2.6.0-351-g89da894c2
git repository hosting
git at public.arvados.org
Thu Jul 27 21:27:00 UTC 2023
Summary of changes:
.../multi_host/aws/pillars/nginx_balancer_configuration.sls | 5 +++++
.../multi_host/aws/pillars/nginx_controller_configuration.sls | 5 +++++
tools/salt-install/installer.sh | 8 ++++----
tools/salt-install/local.params.example.multiple_hosts | 1 +
tools/salt-install/provision.sh | 4 ++++
5 files changed, 19 insertions(+), 4 deletions(-)
via 89da894c27064b96186de343d421e6422ff1c7d6 (commit)
via f2511051643bbbdbfcfe26c4d9b009903dc8f5de (commit)
via dc15f94ae63b217a09ee0a8b8f4e024d134fcbdd (commit)
from 3664b849b6f4f12a11f7ea9509b28c0a9a74fac1 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
commit 89da894c27064b96186de343d421e6422ff1c7d6
Author: Lucas Di Pentima <lucas.dipentima at curii.com>
Date: Thu Jul 27 18:17:09 2023 -0300
20610: Fixes deployment order to avoid failures.
Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas.dipentima at curii.com>
diff --git a/tools/salt-install/installer.sh b/tools/salt-install/installer.sh
index cfa7b1454..3c583a0e6 100755
--- a/tools/salt-install/installer.sh
+++ b/tools/salt-install/installer.sh
@@ -307,8 +307,8 @@ case "$subcmd" in
for NODE in "${!NODES[@]}"
do
- # then 'api' or 'controller' roles
- if [[ "${NODES[$NODE]}" =~ (api|controller) ]] ; then
+ # then 'balancer' role
+ if [[ "${NODES[$NODE]}" =~ (balancer) ]] ; then
deploynode $NODE "${NODES[$NODE]}"
unset NODES[$NODE]
fi
@@ -316,8 +316,8 @@ case "$subcmd" in
for NODE in "${!NODES[@]}"
do
- # then 'balancer' role
- if [[ "${NODES[$NODE]}" =~ (balancer) ]] ; then
+ # then 'api' or 'controller' roles
+ if [[ "${NODES[$NODE]}" =~ (api|controller) ]] ; then
deploynode $NODE "${NODES[$NODE]}"
unset NODES[$NODE]
fi
commit f2511051643bbbdbfcfe26c4d9b009903dc8f5de
Author: Lucas Di Pentima <lucas.dipentima at curii.com>
Date: Thu Jul 27 16:32:36 2023 -0300
20610: Allows disabling backend controllers for rolling updates.
Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas.dipentima at curii.com>
diff --git a/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_balancer_configuration.sls b/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_balancer_configuration.sls
index 92ad3af2e..73ae9ca30 100644
--- a/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_balancer_configuration.sls
+++ b/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_balancer_configuration.sls
@@ -6,6 +6,7 @@
{%- import_yaml "ssl_key_encrypted.sls" as ssl_key_encrypted_pillar %}
{%- set domain = "__DOMAIN__" %}
{%- set balancer_backends = "__CONTROLLER_NODES__".split(",") %}
+{%- set disabled_controller = "__DISABLED_CONTROLLER__" %}
### NGINX
nginx:
@@ -20,7 +21,11 @@ nginx:
'__CLUSTER_INT_CIDR__': 0
upstream controller_upstream:
{%- for backend in balancer_backends %}
+ {%- if disabled_controller == "" or not backend.startswith(disabled_controller) %}
'server {{ backend }}:80': ''
+ {%- else %}
+ 'server {{ backend }}:80 down': ''
+ {% endif %}
{%- endfor %}
### SNIPPETS
diff --git a/tools/salt-install/local.params.example.multiple_hosts b/tools/salt-install/local.params.example.multiple_hosts
index 4234a965d..b70ad747a 100644
--- a/tools/salt-install/local.params.example.multiple_hosts
+++ b/tools/salt-install/local.params.example.multiple_hosts
@@ -165,6 +165,7 @@ SHELL_INT_IP=10.1.2.17
# Load balancing settings
ENABLE_BALANCER="no"
+DISABLED_CONTROLLER=""
# Performance tuning parameters
#CONTROLLER_NGINX_WORKERS=
diff --git a/tools/salt-install/provision.sh b/tools/salt-install/provision.sh
index 610134cf3..09edaa05f 100755
--- a/tools/salt-install/provision.sh
+++ b/tools/salt-install/provision.sh
@@ -466,6 +466,7 @@ for f in $(ls "${SOURCE_PILLARS_DIR}"/*); do
s#__MONITORING_PASSWORD__#${MONITORING_PASSWORD}#g;
s#__DISPATCHER_SSH_PRIVKEY__#${DISPATCHER_SSH_PRIVKEY//$'\n'/\\n}#g;
s#__ENABLE_BALANCER__#${ENABLE_BALANCER}#g;
+ s#__DISABLED_CONTROLLER__#${DISABLED_CONTROLLER}#g;
s#__BALANCER_NODENAME__#${ROLES['balancer']}#g;
s#__PROMETHEUS_NODENAME__#${ROLES['monitoring']}#g;
s#__CONTROLLER_NODES__#${ROLES['controller']}#g;
@@ -559,6 +560,7 @@ if [ -d "${SOURCE_STATES_DIR}" ]; then
s#__MONITORING_PASSWORD__#${MONITORING_PASSWORD}#g;
s#__DISPATCHER_SSH_PRIVKEY__#${DISPATCHER_SSH_PRIVKEY//$'\n'/\\n}#g;
s#__ENABLE_BALANCER__#${ENABLE_BALANCER}#g;
+ s#__DISABLED_CONTROLLER__#${DISABLED_CONTROLLER}#g;
s#__BALANCER_NODENAME__#${ROLES['balancer']}#g;
s#__PROMETHEUS_NODENAME__#${ROLES['monitoring']}#g;
s#__CONTROLLER_NODES__#${ROLES['controller']}#g;
commit dc15f94ae63b217a09ee0a8b8f4e024d134fcbdd
Author: Lucas Di Pentima <lucas.dipentima at curii.com>
Date: Thu Jul 27 15:39:56 2023 -0300
20610: Restricts backends' HTTP access by nginx rules.
I think this is better than implementing those controls through security
groups via Terraform, because the node's role information is already available
on the salt code.
Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas.dipentima at curii.com>
diff --git a/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_controller_configuration.sls b/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_controller_configuration.sls
index d87f55f4e..5bd67a6ce 100644
--- a/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_controller_configuration.sls
+++ b/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_controller_configuration.sls
@@ -36,8 +36,13 @@ nginx:
- location /.well-known:
- root: /var/www
{%- if balanced_controller %}
+ {%- set balancer_ip = salt['cmd.run']("getent hosts __BALANCER_NODENAME__ | awk '{print $1 ; exit}'", python_shell=True) %}
+ {%- set prometheus_ip = salt['cmd.run']("getent hosts __PROMETHEUS_NODENAME__ | awk '{print $1 ; exit}'", python_shell=True) %}
- index: index.html index.htm
- location /:
+ - allow: {{ balancer_ip }}
+ - allow: {{ prometheus_ip }}
+ - deny: all
- proxy_pass: 'http://controller_upstream'
- proxy_read_timeout: 300
- proxy_connect_timeout: 90
diff --git a/tools/salt-install/provision.sh b/tools/salt-install/provision.sh
index 78bd976e6..610134cf3 100755
--- a/tools/salt-install/provision.sh
+++ b/tools/salt-install/provision.sh
@@ -467,6 +467,7 @@ for f in $(ls "${SOURCE_PILLARS_DIR}"/*); do
s#__DISPATCHER_SSH_PRIVKEY__#${DISPATCHER_SSH_PRIVKEY//$'\n'/\\n}#g;
s#__ENABLE_BALANCER__#${ENABLE_BALANCER}#g;
s#__BALANCER_NODENAME__#${ROLES['balancer']}#g;
+ s#__PROMETHEUS_NODENAME__#${ROLES['monitoring']}#g;
s#__CONTROLLER_NODES__#${ROLES['controller']}#g;
s#__NODELIST__#${NODELIST}#g;
s#__DISPATCHER_INT_IP__#${DISPATCHER_INT_IP}#g;
@@ -559,6 +560,7 @@ if [ -d "${SOURCE_STATES_DIR}" ]; then
s#__DISPATCHER_SSH_PRIVKEY__#${DISPATCHER_SSH_PRIVKEY//$'\n'/\\n}#g;
s#__ENABLE_BALANCER__#${ENABLE_BALANCER}#g;
s#__BALANCER_NODENAME__#${ROLES['balancer']}#g;
+ s#__PROMETHEUS_NODENAME__#${ROLES['monitoring']}#g;
s#__CONTROLLER_NODES__#${ROLES['controller']}#g;
s#__NODELIST__#${NODELIST}#g;
s#__DISPATCHER_INT_IP__#${DISPATCHER_INT_IP}#g;
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list