[arvados] updated: 2.7.0-5943-g2eebf1fa4a

git repository hosting git at public.arvados.org
Mon Jan 29 15:38:26 UTC 2024 

Summary of changes:
 .../single_host/multiple_hostnames/pillars/arvados.sls   |  7 -------
 .../multiple_hostnames/pillars/postgresql.sls            | 16 ----------------
 .../multiple_hostnames/states/snakeoil_certs.sls         | 15 +--------------
 .../single_host/single_hostname/pillars/arvados.sls      |  7 -------
 .../single_host/single_hostname/pillars/postgresql.sls   | 16 ----------------
 .../single_hostname/states/snakeoil_certs.sls            | 13 -------------
 6 files changed, 1 insertion(+), 73 deletions(-)

       via  2eebf1fa4aab44cf47e5b44f17ecce2e8c2c208c (commit)
       via  d50e8d0470d2ee46b736642bdd111a6688ecbd55 (commit)
       via  c998e2caf03e6e5cddeeb72684ddfb420d85c7fa (commit)
      from  3fb5484fc63925e35cd4025f5daf56b372e9897d (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.


commit 2eebf1fa4aab44cf47e5b44f17ecce2e8c2c208c
Author: Brett Smith <brett.smith at curii.com>
Date:   Mon Jan 29 10:31:27 2024 -0500

    21361: Remove Ubuntu 18.04 exception from Salt installer
    
    Arvados-DCO-1.1-Signed-off-by: Brett Smith <brett.smith at curii.com>

diff --git a/tools/salt-install/config_examples/single_host/multiple_hostnames/states/snakeoil_certs.sls b/tools/salt-install/config_examples/single_host/multiple_hostnames/states/snakeoil_certs.sls
index 06af05b2df..a8b487e29a 100644
--- a/tools/salt-install/config_examples/single_host/multiple_hostnames/states/snakeoil_certs.sls
+++ b/tools/salt-install/config_examples/single_host/multiple_hostnames/states/snakeoil_certs.sls
@@ -46,19 +46,6 @@ extra_snakeoil_certs_dependencies_pkg_installed:
       - openssl
       - ca-certificates
 
-# Remove the RANDFILE parameter in openssl.cnf as it makes openssl fail in Ubuntu 18.04
-# Saving and restoring the rng state is not necessary anymore in the openssl 1.1.1
-# random generator, cf
-#   https://github.com/openssl/openssl/issues/7754
-#
-extra_snakeoil_certs_file_comment_etc_openssl_conf:
-  file.comment:
-    - name: /etc/ssl/openssl.cnf
-    - regex: ^RANDFILE.*
-    - onlyif: grep -q ^RANDFILE /etc/ssl/openssl.cnf
-    - require_in:
-      - cmd: extra_snakeoil_certs_arvados_snakeoil_ca_cmd_run
-
 extra_snakeoil_certs_arvados_snakeoil_ca_cmd_run:
   # Taken from https://github.com/arvados/arvados/blob/master/tools/arvbox/lib/arvbox/docker/service/certificate/run
   cmd.run:
diff --git a/tools/salt-install/config_examples/single_host/single_hostname/states/snakeoil_certs.sls b/tools/salt-install/config_examples/single_host/single_hostname/states/snakeoil_certs.sls
index 2cee5c9b49..df8dcc7f30 100644
--- a/tools/salt-install/config_examples/single_host/single_hostname/states/snakeoil_certs.sls
+++ b/tools/salt-install/config_examples/single_host/single_hostname/states/snakeoil_certs.sls
@@ -43,19 +43,6 @@ extra_snakeoil_certs_dependencies_pkg_installed:
       - openssl
       - ca-certificates
 
-# Remove the RANDFILE parameter in openssl.cnf as it makes openssl fail in Ubuntu 18.04
-# Saving and restoring the rng state is not necessary anymore in the openssl 1.1.1
-# random generator, cf
-#   https://github.com/openssl/openssl/issues/7754
-#
-extra_snakeoil_certs_file_comment_etc_openssl_conf:
-  file.comment:
-    - name: /etc/ssl/openssl.cnf
-    - regex: ^RANDFILE.*
-    - onlyif: grep -q ^RANDFILE /etc/ssl/openssl.cnf
-    - require_in:
-      - cmd: extra_snakeoil_certs_arvados_snakeoil_ca_cmd_run
-
 extra_snakeoil_certs_arvados_snakeoil_ca_cmd_run:
   # Taken from https://github.com/arvados/arvados/blob/master/tools/arvbox/lib/arvbox/docker/service/certificate/run
   cmd.run:

commit d50e8d0470d2ee46b736642bdd111a6688ecbd55
Author: Brett Smith <brett.smith at curii.com>
Date:   Mon Jan 29 10:28:49 2024 -0500

    21361: Remove CentOS 7 exceptions from Salt installer
    
    This does leave behind some exceptions that look like they're for CentOS
    7 but I believe are meant to be exceptions for Red Hat-family distros
    generally. That refinement can happen as part of #21425.
    
    Arvados-DCO-1.1-Signed-off-by: Brett Smith <brett.smith at curii.com>

diff --git a/tools/salt-install/config_examples/single_host/multiple_hostnames/pillars/arvados.sls b/tools/salt-install/config_examples/single_host/multiple_hostnames/pillars/arvados.sls
index 275c2c78ab..271ab50290 100644
--- a/tools/salt-install/config_examples/single_host/multiple_hostnames/pillars/arvados.sls
+++ b/tools/salt-install/config_examples/single_host/multiple_hostnames/pillars/arvados.sls
@@ -77,13 +77,6 @@ arvados:
       user: {{ database_user }}
       extra_conn_params:
         client_encoding: UTF8
-      # Centos7 does not enable SSL by default, so we disable
-      # it here just for testing of the formula purposes only.
-      # You should not do this in production, and should
-      # configure Postgres certificates correctly
-      {%- if grains.os_family in ('RedHat',) %}
-        sslmode: disable
-      {%- endif %}
 
     tls:
       # certificate: ''
diff --git a/tools/salt-install/config_examples/single_host/multiple_hostnames/pillars/postgresql.sls b/tools/salt-install/config_examples/single_host/multiple_hostnames/pillars/postgresql.sls
index edb961ebaa..ade544764a 100644
--- a/tools/salt-install/config_examples/single_host/multiple_hostnames/pillars/postgresql.sls
+++ b/tools/salt-install/config_examples/single_host/multiple_hostnames/pillars/postgresql.sls
@@ -5,25 +5,9 @@
 
 ### POSTGRESQL
 postgres:
-  # Centos-7's postgres package is too old, so we need to force using upstream's
-  # This is not required in Debian's family as they already ship with PG +11
-  {%- if salt['grains.get']('os_family') == 'RedHat' %}
-  use_upstream_repo: true
-  version: '12'
-
-  pkgs_deps:
-    - libicu
-    - libxslt
-    - systemd-sysv
-
-  pkgs_extra:
-    - postgresql12-contrib
-
-  {%- else %}
   use_upstream_repo: false
   pkgs_extra:
     - postgresql-contrib
-  {%- endif %}
   postgresconf: |-
     listen_addresses = '*'  # listen on all interfaces
     #ssl = on
diff --git a/tools/salt-install/config_examples/single_host/single_hostname/pillars/arvados.sls b/tools/salt-install/config_examples/single_host/single_hostname/pillars/arvados.sls
index f83984b01a..9e3a293110 100644
--- a/tools/salt-install/config_examples/single_host/single_hostname/pillars/arvados.sls
+++ b/tools/salt-install/config_examples/single_host/single_hostname/pillars/arvados.sls
@@ -77,13 +77,6 @@ arvados:
       user: {{ database_user }}
       extra_conn_params:
         client_encoding: UTF8
-      # Centos7 does not enable SSL by default, so we disable
-      # it here just for testing of the formula purposes only.
-      # You should not do this in production, and should
-      # configure Postgres certificates correctly
-      {%- if grains.os_family in ('RedHat',) %}
-        sslmode: disable
-      {%- endif %}
 
     tls:
       # certificate: ''
diff --git a/tools/salt-install/config_examples/single_host/single_hostname/pillars/postgresql.sls b/tools/salt-install/config_examples/single_host/single_hostname/pillars/postgresql.sls
index 14452a9905..82a4f7120a 100644
--- a/tools/salt-install/config_examples/single_host/single_hostname/pillars/postgresql.sls
+++ b/tools/salt-install/config_examples/single_host/single_hostname/pillars/postgresql.sls
@@ -5,25 +5,9 @@
 
 ### POSTGRESQL
 postgres:
-  # Centos-7's postgres package is too old, so we need to force using upstream's
-  # This is not required in Debian's family as they already ship with PG +11
-  {%- if salt['grains.get']('os_family') == 'RedHat' %}
-  use_upstream_repo: true
-  version: '12'
-
-  pkgs_deps:
-    - libicu
-    - libxslt
-    - systemd-sysv
-
-  pkgs_extra:
-    - postgresql12-contrib
-
-  {%- else %}
   use_upstream_repo: false
   pkgs_extra:
     - postgresql-contrib
-  {%- endif %}
   postgresconf: |-
     listen_addresses = '*'  # listen on all interfaces
     # If you want to enable communications' encryption to the DB server,

commit c998e2caf03e6e5cddeeb72684ddfb420d85c7fa
Author: Brett Smith <brett.smith at curii.com>
Date:   Mon Jan 29 10:27:15 2024 -0500

    21361: Fix comment typo
    
    Arvados-DCO-1.1-Signed-off-by: Brett Smith <brett.smith at curii.com>

diff --git a/tools/salt-install/config_examples/single_host/multiple_hostnames/states/snakeoil_certs.sls b/tools/salt-install/config_examples/single_host/multiple_hostnames/states/snakeoil_certs.sls
index 6518646a74..06af05b2df 100644
--- a/tools/salt-install/config_examples/single_host/multiple_hostnames/states/snakeoil_certs.sls
+++ b/tools/salt-install/config_examples/single_host/multiple_hostnames/states/snakeoil_certs.sls
@@ -63,7 +63,7 @@ extra_snakeoil_certs_arvados_snakeoil_ca_cmd_run:
   # Taken from https://github.com/arvados/arvados/blob/master/tools/arvbox/lib/arvbox/docker/service/certificate/run
   cmd.run:
     - name: |
-        # These dirs are not to CentOS-ish, but this is a helper script
+        # These dirs are not too CentOS-ish, but this is a helper script
         # and they should be enough
         /bin/bash -c "mkdir -p /etc/ssl/certs/ /etc/ssl/private/ && \
         openssl req \

-----------------------------------------------------------------------


hooks/post-receive
--

More information about the arvados-commits mailing list