# vim: ft=yaml
---
exclude_paths: []
-rules: {}
+rules:
+ 204: # Lines should be no longer that 160 chars
+ ignore: |
+ arvados/shell/config/files/default/shell-libpam-arvados.tmpl.jinja
+ test/salt/pillar/examples/nginx_webshell_configuration.sls
skip_list:
# Using `salt-lint` for linting other files as well, such as Jinja macros/templates
- 205 # Use ".sls" as a Salt State file extension
# Run all of the linters in a single job
- language: 'node_js'
node_js: 'lts/*'
+ cache:
+ directories:
+ - $HOME/.cache/pre-commit
env: 'Lint'
name: 'Lint: salt-lint, yamllint, rubocop, shellcheck & commitlint'
before_install: 'skip'
- npm i -D @commitlint/config-conventional
@commitlint/travis-cli
- commitlint-travis
+ # Install and run `pre-commit`
+ - pip install pre-commit
+ - pre-commit run --all-files --verbose
+ - pre-commit run --hook-stage manual --verbose commitlint-travis
## Define the rest of the matrix based on Kitchen testing
# Make sure the instances listed below match up with
# the `platforms` defined in `kitchen.yml`
- - env: INSTANCE=api-debian-10-3000-3-py3
- - env: INSTANCE=workbench-debian-10-3000-3-py3
- - env: INSTANCE=shell-debian-10-3000-3-py3
- - env: INSTANCE=keepstore-debian-10-3000-3-py3
- # - env: INSTANCE=default-ubuntu-1804-3000-3-py3
- # - env: INSTANCE=default-centos-7-2019-2-py3
+
+ # - env: INSTANCE=api-debian-10-tiamat-py3
+ # - env: INSTANCE=api-debian-9-tiamat-py3
+ # - env: INSTANCE=api-ubuntu-2004-tiamat-py3
+ # - env: INSTANCE=api-ubuntu-1804-tiamat-py3
+ # - env: INSTANCE=api-centos-7-tiamat-py3
+ # - env: INSTANCE=api-debian-10-master-py3
+ # - env: INSTANCE=api-ubuntu-2004-master-py3
+ # - env: INSTANCE=api-ubuntu-1804-master-py3
+ - env: INSTANCE=api-debian-10-3001-py3
+ # - env: INSTANCE=api-debian-9-3001-py3
+ # - env: INSTANCE=api-ubuntu-2004-3001-py3
+ # - env: INSTANCE=api-ubuntu-1804-3001-py3
+ # - env: INSTANCE=api-centos-7-3001-py3
+ # - env: INSTANCE=api-debian-10-3000-3-py3
+ # - env: INSTANCE=api-debian-9-3000-3-py3
+ # - env: INSTANCE=api-ubuntu-1804-3000-3-py3
+ # - env: INSTANCE=api-centos-7-3000-3-py3
+ # - env: INSTANCE=api-ubuntu-1804-3000-3-py2
+ # - env: INSTANCE=workbench-debian-10-tiamat-py3
+ # - env: INSTANCE=workbench-debian-9-tiamat-py3
+ # - env: INSTANCE=workbench-ubuntu-2004-tiamat-py3
+ # - env: INSTANCE=workbench-ubuntu-1804-tiamat-py3
+ # - env: INSTANCE=workbench-centos-7-tiamat-py3
+ # - env: INSTANCE=workbench-debian-10-master-py3
+ # - env: INSTANCE=workbench-ubuntu-2004-master-py3
+ - env: INSTANCE=workbench-ubuntu-1804-master-py3
+ # - env: INSTANCE=workbench-debian-10-3001-py3
+ # - env: INSTANCE=workbench-debian-9-3001-py3
+ # - env: INSTANCE=workbench-ubuntu-2004-3001-py3
+ # - env: INSTANCE=workbench-ubuntu-1804-3001-py3
+ # - env: INSTANCE=workbench-centos-7-3001-py3
+ # - env: INSTANCE=workbench-debian-10-3000-3-py3
+ # - env: INSTANCE=workbench-debian-9-3000-3-py3
+ # - env: INSTANCE=workbench-ubuntu-1804-3000-3-py3
+ # - env: INSTANCE=workbench-centos-7-3000-3-py3
+ # - env: INSTANCE=workbench-ubuntu-1804-3000-3-py2
+ # - env: INSTANCE=shell-debian-10-tiamat-py3
+ # - env: INSTANCE=shell-debian-9-tiamat-py3
+ # - env: INSTANCE=shell-ubuntu-2004-tiamat-py3
+ # - env: INSTANCE=shell-ubuntu-1804-tiamat-py3
+ # - env: INSTANCE=shell-centos-7-tiamat-py3
+ # - env: INSTANCE=shell-debian-10-master-py3
+ # - env: INSTANCE=shell-ubuntu-2004-master-py3
+ # - env: INSTANCE=shell-ubuntu-1804-master-py3
+ - env: INSTANCE=shell-debian-10-3001-py3
+ # - env: INSTANCE=shell-debian-9-3001-py3
+ # - env: INSTANCE=shell-ubuntu-2004-3001-py3
+ # - env: INSTANCE=shell-ubuntu-1804-3001-py3
+ # - env: INSTANCE=shell-centos-7-3001-py3
+ # - env: INSTANCE=shell-debian-10-3000-3-py3
+ # - env: INSTANCE=shell-debian-9-3000-3-py3
+ # - env: INSTANCE=shell-ubuntu-1804-3000-3-py3
+ # - env: INSTANCE=shell-centos-7-3000-3-py3
+ # - env: INSTANCE=shell-ubuntu-1804-3000-3-py2
+ # - env: INSTANCE=keepstore-debian-10-tiamat-py3
+ # - env: INSTANCE=keepstore-debian-9-tiamat-py3
+ # - env: INSTANCE=keepstore-ubuntu-2004-tiamat-py3
+ # - env: INSTANCE=keepstore-ubuntu-1804-tiamat-py3
+ # - env: INSTANCE=keepstore-centos-7-tiamat-py3
+ # - env: INSTANCE=keepstore-debian-10-master-py3
+ # - env: INSTANCE=keepstore-ubuntu-2004-master-py3
+ # - env: INSTANCE=keepstore-ubuntu-1804-master-py3
+ # - env: INSTANCE=keepstore-debian-10-3001-py3
+ # - env: INSTANCE=keepstore-debian-9-3001-py3
+ # - env: INSTANCE=keepstore-ubuntu-2004-3001-py3
+ # - env: INSTANCE=keepstore-ubuntu-1804-3001-py3
+ # - env: INSTANCE=keepstore-centos-7-3001-py3
+ # - env: INSTANCE=keepstore-debian-10-3000-3-py3
+ # - env: INSTANCE=keepstore-debian-9-3000-3-py3
+ # - env: INSTANCE=keepstore-ubuntu-1804-3000-3-py3
+ # - env: INSTANCE=keepstore-centos-7-3000-3-py3
+ - env: INSTANCE=keepstore-ubuntu-1804-3000-3-py2
## Define the release stage that runs `semantic-release`
- stage: 'release'
edge: true
# Run `semantic-release`
script: 'npx semantic-release@15.14'
-
-# Notification options: `always`, `never` or `change`
-notifications:
- webhooks:
- if: 'repo = saltstack-formulas/arvados-formula'
- urls:
- - https://saltstack-formulas.zulipchat.com/api/v1/external/travis?api_key=HsIq3o5QmLxdnVCKF9is0FUIpkpAY79P&stream=CI&topic=saltstack-formulas%2Farvados-formula&ignore_pull_requests=true
- on_success: always # default: always
- on_failure: always # default: always
- on_start: always # default: never
- on_cancel: always # default: always
- on_error: always # default: always
arvados-api-package-clean-gems-deps-pkg-removed:
pkg.removed:
- pkgs: {{ arvados.ruby.gems_deps | json }}
- - only_if: {{ arvados.ruby.manage_gems_deps }}
+ - only_if: test "{{ arvados.ruby.manage_gems_deps | lower }}" = "true"
arvados-api-package-clean-pkg-removed:
pkg.removed:
arvados-api-package-clean-ruby-pkg-removed:
pkg.removed:
- name: {{ arvados.ruby.pkg }}
- - only_if: {{ arvados.ruby.manage_ruby }}
+ - only_if: test "{{ arvados.ruby.manage_ruby | lower }}" = "true"
arvados-api-package-install-ruby-pkg-installed:
pkg.installed:
- name: {{ arvados.ruby.pkg }}
- - only_if: {{ arvados.ruby.manage_ruby }}
+ - only_if: test "{{ arvados.ruby.manage_ruby | lower }}" = "true"
arvados-api-package-install-gems-deps-pkg-installed:
pkg.installed:
- - pkgs: {{ arvados.ruby.gems_deps | json }}
- - only_if: {{ arvados.ruby.manage_gems_deps }}
+ - pkgs: {{ arvados.ruby.gems_deps | unique | json }}
+ - only_if: test "{{ arvados.ruby.manage_gems_deps | lower }}" = "true"
-{% for gm in arvados.api.gem.name %}
+{% for gm in arvados.api.gem.name | unique %}
arvados-api-package-install-gem-{{ gm }}-installed:
gem.installed:
- name: {{ gm }}
arvados-api-package-install-pkg-installed:
pkg.installed:
- - pkgs: {{ arvados.api.pkg.name | json }}
+ - name: {{ arvados.api.pkg.name }}
+ - version: {{ arvados.version }}
- require:
- sls: {{ sls_config_file }}
{%- from tplroot ~ "/map.jinja" import arvados with context %}
{%- from tplroot ~ "/libtofs.jinja" import files_switch with context %}
+include:
+ - .package
+
arvados-config-file-file-managed:
file.managed:
- name: {{ arvados.config.file }}
- template: jinja
- context:
arvados: {{ arvados | json }}
+ - check_cmd: /usr/bin/arvados-server config-dump -config
+ - require:
+ - pkg: arvados-config-package-install-pkg-installed
# vim: ft=sls
include:
+ - .package
- .file
--- /dev/null
+# -*- coding: utf-8 -*-
+# vim: ft=sls
+
+{#- Get the `tplroot` from `tpldir` #}
+{%- set tplroot = tpldir.split('/')[0] %}
+{%- from tplroot ~ "/map.jinja" import arvados with context %}
+
+arvados-config-package-clean-pkg-removed:
+ pkg.removed:
+ - name: arvados-server
--- /dev/null
+# -*- coding: utf-8 -*-
+# vim: ft=sls
+
+include:
+ - .install
--- /dev/null
+# -*- coding: utf-8 -*-
+# vim: ft=sls
+
+{#- Get the `tplroot` from `tpldir` #}
+{%- set tplroot = tpldir.split('/')[0] %}
+{%- from tplroot ~ "/map.jinja" import arvados with context %}
+
+arvados-config-package-install-pkg-installed:
+ pkg.installed:
+ - name: arvados-server
+ - version: {{ arvados.version }}
arvados-controller-package-install-pkg-installed:
pkg.installed:
- name: {{ arvados.controller.pkg.name }}
+ - version: {{ arvados.version }}
# vim: ft=yaml
---
arvados:
- version: '2.0.2'
+ version: 'latest'
+ # Release: one of production, testing, development
+ # Used to select the repository to use
+ release: production # defaults to production
use_upstream_repo: true
repo:
humanname: Arvados Official Repository
manage_ruby: false
pkg: ruby
manage_gems_deps: false
+
gems_deps:
- bundler
- curl
- libxml2
- libxml2-dev
- make
- - python-dev
+ - python3-dev
- ruby-dev
- zlib1g-dev
group: root
mode: 640
+ # Experimental feature
+ # only available when 'release: development'
+ auto_reload_config: false
+
cluster:
+ force_legacy_api14: false
+
database:
connection_pool_max: 32
key: ''
insecure: false
- ### SERVICES
+ Login:
+ # Google:
+ # ClientID: 94....apps.googleusercontent.com
+ # ClientSecret: FL....r
+
+ PAM:
+ Enable: true
+
+ ### THESE ARE THE PACKAGES AND DAEMONS BASIC CONFIGS
##### API
api:
pkg:
- name:
- - arvados-api-server
+ name: arvados-api-server
gem:
name:
- arvados-cli
##### DISPATCHER
dispatcher:
pkg:
- name:
- - crunch-dispatch-local
- # - arvados-dispatch-cloud
- # - crunch-dispatch-slurm
- service:
name: crunch-dispatch-local
- port: 9006
+ # alternative dispatchers:
+ # arvados-dispatch-cloud
+ # crunch-dispatch-slurm
+ service:
+ name: ''
+ port: ''
##### KEEPPROXY
keepproxy:
pkg:
name: keepproxy
service:
name: keepproxy
- port: 25107
+ port: 25100
##### KEEPWEB
keepweb:
pkg:
service:
name: keep-web
# webdav
- port: 9002
+ port: 9003
##### KEEPSTORE
keepstore:
pkg:
name:
- arvados-client
- arvados-src
- - libpam-arvados
- - python-arvados-fuse
- - python-arvados-python-client
+ - libpam-arvados-go
+ - python3-arvados-fuse
+ - python3-arvados-python-client
- python3-arvados-cwl-runner
+ - shellinabox
gem:
name:
- arvados-cli
- arvados-login-sync
+ shellinabox:
+ config: /etc/default/shellinabox
+ service:
+ name: shellinabox
+ port: 4200
+ libpam_arvados:
+ config: /etc/pam.d/arvados
+
##### WORKBENCH
workbench:
pkg:
service:
name: arvados-ws
port: 8005
- ##### SSO
- sso:
- pkg:
- name: arvados-sso
- service:
- name: arvados-sso
- port: 8900
--- /dev/null
+# -*- coding: utf-8 -*-
+# vim: ft=sls
+
+include:
+ - .service.clean
+ - .package.clean
--- /dev/null
+# -*- coding: utf-8 -*-
+# vim: ft=sls
+
+include:
+ - .package
+ - ..config
+ - .service
--- /dev/null
+# -*- coding: utf-8 -*-
+# vim: ft=sls
+
+{#- Get the `tplroot` from `tpldir` #}
+{%- set tplroot = tpldir.split('/')[0] %}
+{%- from tplroot ~ "/map.jinja" import arvados with context %}
+
+arvados-dispatcher-package-clean-pkg-removed:
+ pkg.removed:
+ - name: {{ arvados.dispatcher.pkg.name }}
--- /dev/null
+# -*- coding: utf-8 -*-
+# vim: ft=sls
+
+include:
+ - .install
--- /dev/null
+# -*- coding: utf-8 -*-
+# vim: ft=sls
+
+{#- Get the `tplroot` from `tpldir` #}
+{%- set tplroot = tpldir.split('/')[0] %}
+{%- from tplroot ~ "/map.jinja" import arvados with context %}
+
+arvados-dispatcher-package-install-pkg-installed:
+ pkg.installed:
+ - name: {{ arvados.dispatcher.pkg.name }}
+ - version: {{ arvados.version }}
--- /dev/null
+# -*- coding: utf-8 -*-
+# vim: ft=sls
+
+{#- Get the `tplroot` from `tpldir` #}
+{%- set tplroot = tpldir.split('/')[0] %}
+{%- from tplroot ~ "/map.jinja" import arvados with context %}
+
+arvados-dispatcher-service-clean-service-dead:
+ service.dead:
+ - name: {{ arvados.service.name }}
+ - enable: False
+ - require_in:
+ - pkg: arvados-dispatcher-package-clean-pkg-removed
--- /dev/null
+# -*- coding: utf-8 -*-
+# vim: ft=sls
+
+include:
+ - .running
--- /dev/null
+# -*- coding: utf-8 -*-
+# vim: ft=sls
+
+{#- Get the `tplroot` from `tpldir` #}
+{%- set tplroot = tpldir.split('/')[0] %}
+{%- set sls_config_file = tplroot ~ '.config.file' %}
+{%- from tplroot ~ "/map.jinja" import arvados with context %}
+
+{%- if arvados.dispatcher.pkg.name != 'crunch-dispatch-local' %}
+include:
+ - ..package
+ - {{ sls_config_file }}
+
+arvados-dispatcher-service-running-service-running:
+ service.running:
+ - name: {{ arvados.dispatcher.service.name }}
+ - enable: true
+ - watch:
+ - sls: {{ sls_config_file }}
+ - require:
+ - pkg: arvados-dispatcher-package-install-pkg-installed
+ - only_if: test "{{ arvados.dispatcher.pkg.name }}" != "crunch-dispatch-local"
+{%- endif %}
# File managed by Salt at <{{ source }}>.
# Your changes will be overwritten.
#
-# Please check https://doc.arvados.org/master/admin/config.html for
+# Please check https://doc.arvados.org/master/admin/config.html for
# documentation about the parameters configured here.
########################################################################
+{%- if arvados.release == 'development' %}
+# (Experimental) Restart services automatically when config file
+# changes are detected. Only supported by `arvados-server boot` in
+# dev mode.
+AutoReloadConfig: {{ arvados.auto_reload_config }}
+{%- endif %}
+
Clusters:
{{ arvados.cluster.name }}:
- SystemRootToken: "{{ arvados.cluster.tokens.system_root }}"
- ManagementToken: "{{ arvados.cluster.tokens.management }}"
+
+ SystemRootToken: {{ arvados.cluster.tokens.system_root | yaml_encode }}
+ ManagementToken: {{ arvados.cluster.tokens.management | yaml_encode }}
+
+ ForceLegacyAPI14: {{ arvados.cluster.force_legacy_api14 }}
API:
- RailsSessionSecretToken: "{{ arvados.cluster.tokens.rails_secret }}"
+ RailsSessionSecretToken: {{ arvados.cluster.tokens.rails_secret | yaml_encode }}
+ {%- if 'API' in arvados.cluster %}
+ {{ arvados.cluster.API | default('') | yaml(False) | indent(6) }}
+ {%- endif %}
Collections:
- BlobSigningKey: "{{ arvados.cluster.secrets.blob_signing_key }}"
- ForwardSlashNameSubstitution: "%2f"
- DefaultReplication: 1
- TrustAllContent: true
+ BlobSigningKey: {{ arvados.cluster.secrets.blob_signing_key | yaml_encode }}
+ {%- if 'Collections' in arvados.cluster %}
+ {{ arvados.cluster.Collections | yaml(False) | indent(6) }}
+ {%- endif %}
Login:
- ProviderAppSecret: "{{ arvados.cluster.tokens.provider_secret }}"
- ProviderAppID: arvados-server
+ {{ arvados.cluster.Login | yaml(False) | indent(6) }}
Users:
- NewUsersAreActive: true
- AutoAdminFirstUser: true
- AutoSetupNewUsers: true
- AutoSetupNewUsersWithVmUUID: x2jbo-2x53u-6maueyy9if4u7vq
- AutoSetupNewUsersWithRepository: true
+ {{ arvados.cluster.Users | yaml(False) | indent(6) }}
TLS:
- Certificate: "{{ arvados.cluster.tls.certificate }}"
- Key: "{{ arvados.cluster.tls.key }}"
+ Certificate: {{ arvados.cluster.tls.certificate | yaml_encode }}
+ Key: {{ arvados.cluster.tls.key | yaml_encode }}
Insecure: {{ arvados.cluster.tls.insecure }}
Workbench:
- SecretKeyBase: {{ arvados.cluster.secrets.workbench_secret_key }}
- SiteName: {{ arvados.cluster.name | upper }}
-
- # FIXME!!!!
- # Git:
- # GitCommand: /usr/share/gitolite3/gitolite-shell
- # GitoliteHome: /var/lib/arvados/git
- # Repositories: /var/lib/arvados/git/repositories
+ SecretKeyBase: {{ arvados.cluster.secrets.workbench_secret_key | yaml_encode }}
+ SiteName: {{ arvados.cluster.name | upper }}
+ {%- if 'Workbench' in arvados.cluster %}
+ {{ arvados.cluster.Workbench | yaml(False) | indent(6) }}
+ {%- endif %}
- Volumes:
- {% for v, p in arvados.cluster.volumes.items() -%}
- ### {{ v | upper }}
- {{ p.cluster }}-nyw5e-{{ p.volume_id }}:
- Driver: {{ p.driver }}
- DriverParameters: {{ p.driver_parameters | yaml }}
- AccessViaHosts: {{ p.access_via_hosts | yaml }}
- Replication: {{ p.replication }}
- {% endfor -%}
+ {%- for section in [
+ 'AuditLogs',
+ 'Containers',
+ 'Git',
+ 'InstanceTypes',
+ 'Mail',
+ 'RemoteClusters',
+ 'SystemLogs',
+ 'Volumes'
+ ]
+ %}
+ {%- if section in arvados.cluster %}
+ {{ section }}:
+ {{ arvados.cluster[section] | yaml(False) | indent(6) }}
+ {%- endif %}
+ {%- endfor %}
### DATABASE CONFIGURATION
PostgreSQL:
+ # FIXME!!!!!! ALL as database or using Arvados' PostgreSQL ??
ConnectionPool: {{ arvados.cluster.database.connection_pool_max }}
Connection:
# All parameters here are passed to the PG client library in a connection string;
# see https://www.postgresql.org/docs/current/static/libpq-connect.html#LIBPQ-PARAMKEYWORDS
dbname: {{ arvados.cluster.database.name }}
host: {{ arvados.cluster.database.host }}
- password: {{ arvados.cluster.database.password }}
+ password: {{ arvados.cluster.database.password | yaml_encode }}
user: {{ arvados.cluster.database.user }}
client_encoding: {{ arvados.cluster.database.client_encoding }}
+ {%- if 'PostgreSQL' in arvados.cluster %}
+ {{ arvados.cluster.PostgreSQL | yaml(False) | indent(6) }}
+ {%- endif %}
### SERVICES URLs
- # This could probably made into a loop, but some consistency check needs to be done
- # on the arvados side before that's possible
Services:
- # Composer: FIXME!!!
- Controller:
- ExternalURL: "https://{{ arvados.cluster.domain }}"
- InternalURLs:
- "http://localhost:{{ arvados.controller.service.port }}": {}
- DispatchCloud:
- InternalURLs:
- "http://localhost:{{ arvados.dispatcher.service.port }}": {}
- # GitSSH: FIXME!!!
- # Health: FIXME!!!
- # Keepbalance: FIXME!!!
- # Keepproxy: FIXME!!!
- # Keepstore: FIXME!!!
- # Nodemanager: FIXME!!!
- RailsAPI:
- InternalURLs:
- "http://localhost:{{ arvados.api.service.port }}": {}
- SSO:
- ExternalURL: "https://sso.{{ arvados.cluster.domain }}"
- WebDAV:
- ExternalURL: https://collections.{{ arvados.cluster.domain }}
- InternalURLs:
- "http://localhost:{{ arvados.keepweb.service.port }}": {}
- WebDAVDownload:
- ExternalURL: https://download.{{ arvados.cluster.domain }}
- # WebShell: FIXME!!!
- Websocket:
- ExternalURL: wss://ws.{{ arvados.cluster.domain }}/websocket
- InternalURLs:
- "http://localhost:{{ arvados.websocket.service.port }}": {}
- Workbench1:
- ExternalURL: "https://workbench.{{ arvados.cluster.domain }}"
- Workbench2:
- ExternalURL: "https://workbench2.{{ arvados.cluster.domain }}"
- Keepproxy:
- ExternalURL: https://keep.{{ arvados.cluster.domain }}
- InternalURLs:
- "http://localhost:{{ arvados.keepproxy.service.port }}": {}
- Keepstore:
- InternalURLs:
- "http://keep0.{{ arvados.cluster.domain }}:{{ arvados.keepstore.service.port }}/": {}
+ {%- for service in [
+ 'Composer',
+ 'Controller',
+ 'DispatchCloud',
+ 'GitHTTP',
+ 'GitSSH',
+ 'Health',
+ 'Keepbalance',
+ 'Keepproxy',
+ 'Keepstore',
+ 'Nodemanager',
+ 'RailsAPI',
+ 'SSO',
+ 'WebDAV',
+ 'WebDAVDownload',
+ 'WebShell',
+ 'Websocket',
+ 'Workbench1',
+ 'Workbench2',
+ ]
+ %}
+ {%- if service in arvados.cluster.Services %}
+ {{ service }}:
+ {{ arvados.cluster.Services[service] | yaml(False) | indent(8) }}
+ {%- endif %}
+ {%- endfor %}
include:
- .repo
- .config
+ - .ruby
- .api
+ - .controller
- .keepstore
- .websocket
- .keepweb
- .keepproxy
- .shell
- .workbench
+ - .dispatcher
arvados-keepproxy-package-install-pkg-installed:
pkg.installed:
- name: {{ arvados.keepproxy.pkg.name }}
+ - version: {{ arvados.version }}
arvados-keepstore-package-install-pkg-installed:
pkg.installed:
- name: {{ arvados.keepstore.pkg.name }}
+ - version: {{ arvados.version }}
arvados-keepweb-package-install-pkg-installed:
pkg.installed:
- name: {{ arvados.keepweb.pkg.name }}
+ - version: {{ arvados.version }}
url_base: 'http://rpm.arvados.org/CentOS/$releasever/os/$basearch/'
file: /etc/yum.repos.d/arvados.repo
key_url: 'http://rpm.arvados.org/CentOS/RPM-GPG-KEY-curoverse'
+
+ ruby:
+ manage_ruby: true
+
+ pkg: ruby-2.5.7
+ gems_deps:
+ - rubygem-bundler
+ - curl
+ - gcc
+ - git
+ - libcurl
+ - libcurl-devel
+ - pam-devel
+ - postgresql-devel
+ - libxml2
+ - libxml2-devel
+ - make
+ - python3-devel
+ - ruby-devel
+ - zlib-devel
arvados-repo-clean-repo-absent:
pkgrepo.absent:
- file: {{ arvados.repo.file }}
- - gpgkey: {{ arvados.repo.gpgkey }}
{%- else %}
arvados_repo-clean-repo-absent: {}
{%- set tplroot = tpldir.split('/')[0] %}
{%- from tplroot ~ "/map.jinja" import arvados with context %}
-{% if arvados.use_upstream_repo -%}
- {% if grains.get('os_family') == 'Debian' -%}
+{%- if arvados.use_upstream_repo -%}
+ {%- if grains.get('os_family') == 'Debian' -%}
+ {%- if arvados.release == 'testing' %}
+ {%- set release = grains.get('lsb_distrib_codename') ~ '-testing' %}
+ {%- elif arvados.release == 'development' %}
+ {%- set release = grains.get('lsb_distrib_codename') ~ '-dev' %}
+ {%- else %}
+ {%- set release = grains.get('lsb_distrib_codename') %}
+ {%- endif %}
arvados-repo-install-pkgrepo-managed:
pkgrepo.managed:
- humanname: {{ arvados.repo.humanname }}
- - name: deb {{ arvados.repo.url_base }}/ {{ grains.get('lsb_distrib_codename') }} main
+ - name: deb {{ arvados.repo.url_base }}/ {{ release }} main
- file: {{ arvados.repo.file }}
- key_url: {{ arvados.repo.key_url }}
{%- elif grains.get('os_family') == 'RedHat' %}
+ {%- if arvados.release == 'testing' %}
+ {%- set repo_url = 'http://rpm.arvados.org/CentOS/$releasever/testing/$basearch/' %}
+ {%- elif arvados.release == 'development' %}
+ {%- set repo_url = 'http://rpm.arvados.org/CentOS/$releasever/dev/$basearch/' %}
+ {%- else %}
+ {%- set repo_url = arvados.repo.url_base %}
+ {%- endif %}
arvados-repo-install-pkgrepo-managed:
pkgrepo.managed:
- name: arvados
- file: {{ arvados.repo.file }}
- humanname: {{ arvados.repo.humanname }}
- - baseurl: {{ arvados.repo.url_base }}
+ - baseurl: {{ repo_url }}
- gpgcheck: 1
- - gpgkey: {{ arvados.repo.gpgkey }}
+ - gpgkey: {{ arvados.repo.key_url }}
{%- else %}
arvados-repo-install-pkgrepo-managed: {}
--- /dev/null
+# -*- coding: utf-8 -*-
+# vim: ft=sls
+
+include:
+ - .package.clean
--- /dev/null
+# -*- coding: utf-8 -*-
+# vim: ft=sls
+
+include:
+ - .package
--- /dev/null
+# -*- coding: utf-8 -*-
+# vim: ft=sls
+
+{#- Get the `tplroot` from `tpldir` #}
+{%- set tplroot = tpldir.split('/')[0] %}
+{%- from tplroot ~ "/map.jinja" import arvados with context %}
+
+{% for gm in arvados.shell.gem.name %}
+arvados-shell-package-clean-gem-{{ gm }}-removed:
+ gem.removed:
+ - name: {{ gm }}
+ - require_in:
+ - pkg: arvados-shell-package-clean-gems-deps-pkg-removed
+{% endfor %}
+
+arvados-shell-package-clean-gems-deps-pkg-removed:
+ pkg.removed:
+ - pkgs: {{ arvados.ruby.gems_deps | json }}
+ - only_if: test "{{ arvados.ruby.manage_gems_deps | lower }}" = "true"
+
+arvados-shell-package-clean-pkg-removed:
+ pkg.removed:
+ - pkgs: {{ arvados.shell.pkg.name | json }}
+
+arvados-shell-package-clean-ruby-pkg-removed:
+ pkg.removed:
+ - name: {{ arvados.ruby.pkg }}
+ - only_if: test "{{ arvados.ruby.manage_ruby | lower }}" = "true"
--- /dev/null
+# -*- coding: utf-8 -*-
+# vim: ft=sls
+
+include:
+ - .install
--- /dev/null
+# -*- coding: utf-8 -*-
+# vim: ft=sls
+
+{#- Get the `tplroot` from `tpldir` #}
+{%- set tplroot = tpldir.split('/')[0] %}
+{%- from tplroot ~ "/map.jinja" import arvados with context %}
+
+{%- if arvados.ruby.manage_ruby %}
+arvados-ruby-package-install-ruby-pkg-installed:
+ pkg.installed:
+ - name: {{ arvados.ruby.pkg }}
+ - require_in: arvados-ruby-package-install-ruby-profile-installed
+{%- endif %}
# vim: ft=sls
include:
+ - .service.clean
+ - .config.clean
- .package.clean
--- /dev/null
+# -*- coding: utf-8 -*-
+# vim: ft=sls
+
+{#- Get the `tplroot` from `tpldir` #}
+{%- set tplroot = tpldir.split('/')[0] %}
+{%- from tplroot ~ "/map.jinja" import arvados with context %}
+
+arvados-shell-config-clean-file-shellinabox-absent:
+ file.absent:
+ - name: {{ arvados.shell.shellinabox.config }}
+ - watch_in:
+ - sls: {{ sls_service_clean }}
+
+arvados-shell-config-clean-file-libpam-arvados-absent:
+ file.absent:
+ - name: {{ arvados.shell.libpam-arvados.config }}
+ - watch_in:
+ - sls: {{ sls_service_clean }}
--- /dev/null
+# -*- coding: utf-8 -*-
+# vim: ft=sls
+
+{#- Get the `tplroot` from `tpldir` #}
+{%- set tplroot = tpldir.split('/')[0] %}
+{%- set sls_package_install = tplroot ~ '.shell.package.install' %}
+{%- from tplroot ~ "/map.jinja" import arvados with context %}
+{%- from tplroot ~ "/libtofs.jinja" import files_switch with context %}
+
+include:
+ - {{ sls_package_install }}
+
+arvados-shell-config-file-shellinabox-file-managed:
+ file.managed:
+ - name: {{ arvados.shell.shellinabox.config }}
+ - source: {{ files_switch(['shell-shellinabox.tmpl.jinja'],
+ lookup='arvados-shell-config-file-shellinabox-file-managed',
+ use_subpath=True
+ )
+ }}
+ - mode: 644
+ - user: root
+ - group: root
+ - makedirs: true
+ - template: jinja
+ - require:
+ - sls: {{ sls_package_install }}
+ - context:
+ arvados: {{ arvados | json }}
+
+arvados-shell-config-file-libpam-arvados-file-managed:
+ file.managed:
+ - name: {{ arvados.shell.libpam_arvados.config }}
+ - source: {{ files_switch(['shell-libpam-arvados.tmpl.jinja'],
+ lookup='arvados-shell-config-file-libpam-arvados-file-managed',
+ use_subpath=True
+ )
+ }}
+ - mode: 644
+ - user: root
+ - group: root
+ - makedirs: true
+ - template: jinja
+ - require:
+ - sls: {{ sls_package_install }}
+ - context:
+ arvados: {{ arvados | json }}
--- /dev/null
+########################################################################
+# File managed by Salt at <{{ source }}>.
+# Your changes will be overwritten.
+########################################################################
+auth optional pam_faildelay.so delay=3000000
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+auth requisite pam_nologin.so
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+session required pam_env.so readenv=1
+session required pam_env.so readenv=1 envfile=/etc/default/locale
+
+# yamllint disable rule:line-length
+auth [success=1 default=ignore] /usr/lib/pam_arvados.so {{ arvados.cluster.name }}.{{ arvados.cluster.domain }} shell.{{ arvados.cluster.name }}.{{ arvados.cluster.domain }}
+# yamllint enable rule:line-length
+auth requisite pam_deny.so
+auth required pam_permit.so
+
+auth optional pam_group.so
+session required pam_limits.so
+session optional pam_lastlog.so
+session optional pam_motd.so motd=/run/motd.dynamic
+session optional pam_motd.so
+session optional pam_mail.so standard
+
+@include common-account
+@include common-session
+@include common-password
+
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
--- /dev/null
+########################################################################
+# File managed by Salt at <{{ source }}>.
+# Your changes will be overwritten.
+########################################################################
+# Should shellinaboxd start automatically
+SHELLINABOX_DAEMON_START=1
+# TCP port that shellinboxd's webserver listens on
+SHELLINABOX_PORT={{ arvados.shell.shellinabox.service.port }}
+# SSL is disabled because it is terminated in Nginx. Adjust as needed.
+SHELLINABOX_ARGS="--disable-ssl --no-beep --service=/shell.{{ arvados.cluster.name }}.{{ arvados.cluster.domain }}:AUTH:HOME:SHELL"
--- /dev/null
+# -*- coding: utf-8 -*-
+# vim: ft=sls
+
+include:
+ - .file
include:
- .package
+ - .config
+ - .service
arvados-shell-package-clean-gems-deps-pkg-removed:
pkg.removed:
- pkgs: {{ arvados.ruby.gems_deps | json }}
- - only_if: {{ arvados.ruby.manage_gems_deps }}
+ - only_if: test "{{ arvados.ruby.manage_gems_deps | lower }}" = "true"
arvados-shell-package-clean-pkg-removed:
pkg.removed:
arvados-shell-package-clean-ruby-pkg-removed:
pkg.removed:
- name: {{ arvados.ruby.pkg }}
- - only_if: {{ arvados.ruby.manage_ruby }}
+ - only_if: test "{{ arvados.ruby.manage_ruby | lower }}" = "true"
# vim: ft=sls
include:
+ - ...ruby
- .install
{#- Get the `tplroot` from `tpldir` #}
{%- set tplroot = tpldir.split('/')[0] %}
+{%- set sls_ruby_install = tplroot ~ '.ruby.package.install' %}
{%- from tplroot ~ "/map.jinja" import arvados with context %}
-arvados-shell-package-install-pkg-installed:
- pkg.installed:
- - pkgs: {{ arvados.shell.pkg.name | json }}
+include:
+ - {{ sls_ruby_install }}
-arvados-shell-package-install-ruby-pkg-installed:
+arvados-shell-package-install-pkg-installed:
pkg.installed:
- - name: {{ arvados.ruby.pkg }}
- - only_if: {{ arvados.ruby.manage_ruby }}
+ - pkgs:
+ {%- for package in arvados.shell.pkg.name %}
+ # We use version for our Arvados packages only
+ {%- if package in [
+ 'arvados-client',
+ 'arvados-src',
+ 'libpam-arvados-go',
+ 'python3-arvados-fuse',
+ 'python3-arvados-python-client',
+ 'python3-arvados-cwl-runner',
+ ] %}
+ - {{ package }}: {{ arvados.version }}
+ {%- else %}
+ - {{ package }}
+ {%- endif %}
+ {%- endfor %}
arvados-shell-package-install-gems-deps-pkg-installed:
pkg.installed:
- pkgs: {{ arvados.ruby.gems_deps | json }}
- - only_if: {{ arvados.ruby.manage_gems_deps }}
+ - only_if: test "{{ arvados.ruby.manage_gems_deps | lower }}" = "true"
{% for gm in arvados.shell.gem.name %}
arvados-shell-package-install-gem-{{ gm }}-installed:
- name: {{ gm }}
- require:
- pkg: arvados-shell-package-install-gems-deps-pkg-installed
+ {%- if arvados.ruby.manage_ruby %}
+ {%- if salt['grains.get']('osfinger') != 'CentOS Linux-7' %}
+ - pkg: arvados-ruby-package-install-ruby-pkg-installed
+ {%- else %}
+ # - rvm: arvados-ruby-package-install-ruby-gemset-present
+ - rvm: arvados-ruby-package-install-ruby-rvm-installed
+ # - rvm: gemset_present
+ # - ruby: ruby-2.5.7@arvados
+ {%- endif %}
+ {%- endif %}
{% endfor %}
--- /dev/null
+# -*- coding: utf-8 -*-
+# vim: ft=sls
+
+{#- Get the `tplroot` from `tpldir` #}
+{%- set tplroot = tpldir.split('/')[0] %}
+{%- from tplroot ~ "/map.jinja" import arvados with context %}
+
+arvados-shell-shellinabox-service-clean-service-dead:
+ service.dead:
+ - name: {{ arvados.service.name }}
+ - enable: False
+ - require_in:
+ - pkg: arvados-shell-package-clean-pkg-removed
--- /dev/null
+# -*- coding: utf-8 -*-
+# vim: ft=sls
+
+include:
+ - .running
--- /dev/null
+# -*- coding: utf-8 -*-
+# vim: ft=sls
+
+{#- Get the `tplroot` from `tpldir` #}
+{%- set tplroot = tpldir.split('/')[0] %}
+{%- from tplroot ~ "/map.jinja" import arvados with context %}
+
+include:
+ - ..package
+ - ..config
+
+arvados-shell-shellinabox-service-running-service-running:
+ service.running:
+ - name: {{ arvados.shell.shellinabox.service.name }}
+ - enable: True
+ - watch:
+ - file: arvados-shell-config-file-shellinabox-file-managed
+ - require:
+ - pkg: arvados-shell-package-install-pkg-installed
arvados-websocket-package-install-pkg-installed:
pkg.installed:
- name: {{ arvados.websocket.pkg.name }}
+ - version: {{ arvados.version }}
arvados-workbench-package-clean-gems-deps-pkg-removed:
pkg.removed:
- pkgs: {{ arvados.ruby.gems_deps | json }}
- - only_if: {{ arvados.ruby.manage_gems_deps }}
+ - only_if: test "{{ arvados.ruby.manage_gems_deps | lower }}" = "true"
arvados-workbench-package-clean-pkg-removed:
pkg.removed:
arvados-workbench-package-clean-ruby-pkg-removed:
pkg.removed:
- name: {{ arvados.ruby.pkg }}
- - only_if: {{ arvados.ruby.manage_ruby }}
+ - only_if: test "{{ arvados.ruby.manage_ruby | lower }}" = "true"
{%- set sls_config_file = tplroot ~ '.config.file' %}
{%- from tplroot ~ "/map.jinja" import arvados with context %}
-# The API server requires a valid config BEFORE installing...
+# The workbench server requires a valid config BEFORE installing...
include:
- {{ sls_config_file }}
arvados-workbench-package-install-ruby-pkg-installed:
pkg.installed:
- name: {{ arvados.ruby.pkg }}
- - only_if: {{ arvados.ruby.manage_ruby }}
+ - only_if: test "{{ arvados.ruby.manage_ruby | lower }}" = "true"
arvados-workbench-package-install-gems-deps-pkg-installed:
pkg.installed:
- pkgs: {{ arvados.ruby.gems_deps | json }}
- - only_if: {{ arvados.ruby.manage_gems_deps }}
+ - only_if: test "{{ arvados.ruby.manage_gems_deps | lower }}" = "true"
arvados-workbench-package-install-pkg-installed:
pkg.installed:
- name: {{ arvados.workbench.pkg.name }}
+ - version: {{ arvados.version }}
- require:
- sls: {{ sls_config_file }}
arvados-workbench2-package-install-pkg-installed:
pkg.installed:
- name: {{ arvados.workbench2.pkg.name }}
+ - version: {{ arvados.version }}
- require:
- sls: {{ sls_config_file }}
# Make sure the platforms listed below match up with
# the `env.matrix` instances defined in `.travis.yml`
platforms:
+ ## SALT `tiamat`
+ - name: debian-10-tiamat-py3
+ driver:
+ image: saltimages/salt-tiamat-py3:debian-10
+ - name: debian-9-tiamat-py3
+ driver:
+ image: saltimages/salt-tiamat-py3:debian-9
+ - name: ubuntu-2004-tiamat-py3
+ driver:
+ image: saltimages/salt-tiamat-py3:ubuntu-20.04
+ - name: ubuntu-1804-tiamat-py3
+ driver:
+ image: saltimages/salt-tiamat-py3:ubuntu-18.04
+ - name: centos-7-tiamat-py3
+ driver:
+ image: saltimages/salt-tiamat-py3:centos-7
+
+ ## SALT `master`
+ - name: debian-10-master-py3
+ driver:
+ image: saltimages/salt-master-py3:debian-10
+ - name: ubuntu-2004-master-py3
+ driver:
+ image: saltimages/salt-master-py3:ubuntu-20.04
+ - name: ubuntu-1804-master-py3
+ driver:
+ image: saltimages/salt-master-py3:ubuntu-18.04
+
+ ## SALT `3001`
+ - name: debian-10-3001-py3
+ driver:
+ image: saltimages/salt-3001-py3:debian-10
+ - name: debian-9-3001-py3
+ driver:
+ image: saltimages/salt-3001-py3:debian-9
+ - name: ubuntu-2004-3001-py3
+ driver:
+ image: saltimages/salt-3001-py3:ubuntu-20.04
+ - name: ubuntu-1804-3001-py3
+ driver:
+ image: saltimages/salt-3001-py3:ubuntu-18.04
+ - name: centos-7-3001-py3
+ driver:
+ image: saltimages/salt-3001-py3:centos-7
+
## SALT `3000.3`
- name: debian-10-3000-3-py3
driver:
image: saltimages/salt-3000.3-py3:debian-10
-
-# - name: ubuntu-1804-3000-3-py3
-# driver:
-# image: saltimages/salt-3000.3-py3:ubuntu-18.04
-
-# ## SALT `2019.2`
-# - name: centos-7-2019-2-py3
-# driver:
-# image: saltimages/salt-2019.2-py3:centos-7
+ - name: debian-9-3000-3-py3
+ driver:
+ image: saltimages/salt-3000.3-py3:debian-9
+ - name: ubuntu-1804-3000-3-py3
+ driver:
+ image: saltimages/salt-3000.3-py3:ubuntu-18.04
+ - name: centos-7-3000-3-py3
+ driver:
+ image: saltimages/salt-3000.3-py3:centos-7
+ - name: ubuntu-1804-3000-3-py2
+ driver:
+ image: saltimages/salt-3000.3-py2:ubuntu-18.04
provisioner:
name: salt_solo
#### api,websocket,keepproxy,keepweb,controller
- name: api
driver:
- hostname: example.net
+ hostname: fixme.example.net
provisioner:
state_top:
base:
'*':
- example_add_snakeoil_certs
+ - locale
- nginx.passenger
- postgres
- arvados.repo
+ # - arvados.config
+ # - arvados.ruby
- arvados.api
- arvados.websocket
# keepproxy complains when using snakeoil certs, so we can't
# - arvados.keepproxy
- arvados.keepweb
- arvados.controller
+ - arvados.dispatcher
pillars:
top.sls:
base:
'*':
- arvados
+ - example_locale
- example_postgres
- example_nginx
- example_nginx_api
# - example_nginx_keepproxy
pillars_from_files:
# yamllint disable rule:line-length
- arvados.sls: pillar.example
+ arvados.sls: test/salt/pillar/arvados.sls
+ example_locale.sls: test/salt/pillar/examples/locale.sls
example_postgres.sls: test/salt/pillar/examples/postgresql.sls
example_nginx.sls: test/salt/pillar/examples/nginx_passenger.sls
example_nginx_api.sls: test/salt/pillar/examples/nginx_api_configuration.sls
dependencies:
- name: example_add_snakeoil_certs
path: test/salt/states
+ - name: locale
+ repo: git
+ source: https://github.com/saltstack-formulas/locale-formula.git
- name: postgres
repo: git
source: https://github.com/saltstack-formulas/postgres-formula.git
- name: nginx
repo: git
- source: https://github.com/saltstack-formulas/nginx-formula.git
+ source: https://github.com/netmanagers/nginx-formula.git
verifier:
inspec_tests:
- path: test/integration/api
#### workbench,workbench2
- name: workbench
driver:
- hostname: workbench.example.net
+ hostname: workbench.fixme.example.net
provisioner:
state_top:
base:
- example_nginx_workbench2
pillars_from_files:
# yamllint disable rule:line-length
- arvados.sls: pillar.example
+ arvados.sls: test/salt/pillar/arvados.sls
example_nginx.sls: test/salt/pillar/examples/nginx_passenger.sls
example_nginx_workbench.sls: test/salt/pillar/examples/nginx_workbench_configuration.sls
example_nginx_workbench2.sls: test/salt/pillar/examples/nginx_workbench2_configuration.sls
#### shell
- name: shell
driver:
- hostname: shell.example.net
+ hostname: shell.fixme.example.net
provisioner:
state_top:
base:
'*':
- arvados
pillars_from_files:
- arvados.sls: pillar.example
+ arvados.sls: test/salt/pillar/arvados_dev.sls
verifier:
inspec_tests:
- - path: test/integration/repo
- path: test/integration/shell
#### keepstore
- name: keepstore
driver:
- hostname: keep0.example.net
+ hostname: keep0.fixme.example.net
provisioner:
state_top:
base:
'*':
- arvados.repo
- - arvados.keepstore.service
+ - arvados.keepstore
# - arvados.clean
pillars:
top.sls:
'*':
- arvados
pillars_from_files:
- arvados.sls: pillar.example
+ arvados.sls: test/salt/pillar/arvados.sls
verifier:
inspec_tests:
+ - path: test/integration/repo
- path: test/integration/keepstore
# this formula will fail.
arvados:
### GENERAL CONFIG
- # version: '2.0.2'
+ # version: '2.1.0'
+ # release: production
## It makes little sense to disable this flag, but you can, if you want :)
# use_upstream_repo: true
# - libxml2
# - libxml2-dev
# - make
- # - python-dev
+ # - python3-dev
# - ruby-dev
# - zlib1g-dev
management: changeme_management_token
rails_secret: changeme_rails_secret_token
anonymous_user: changeme_anonymous_user_token
- provider_secret: changeme_provider_secret_token
### KEYS
secrets:
keep_access_key: changeme_keep_access_key
keep_secret_key: changeme_keep_secret_key
+ AuditLogs:
+ Section_to_ignore:
+ - some_random_value
+
### VOLUMES
## This should usually match all your `keepstore` instances
- volumes:
- volume_one:
- # the volume name will be composed with
- # <cluster>-nyw5e-<volume>
- cluster: fixme
- volume_id: '000000000000000'
- access_via_hosts:
- "http://keep0.example.net:25107/": {}
- replication: 2
- driver: Directory
- driver_parameters:
+ Volumes:
+ # the volume name will be composed with
+ # <cluster>-nyw5e-<volume>
+ fixme-nyw5e-000000000000000:
+ AccessViaHosts:
+ http://keep0.fixme.example.net:25107:
+ ReadOnly: false
+ Replication: 2
+ Driver: Directory
+ DriverParameters:
Root: /tmp
-# ## SERVICES
+ Users:
+ NewUsersAreActive: true
+ AutoAdminFirstUser: true
+ AutoSetupNewUsers: true
+ AutoSetupNewUsersWithRepository: true
+
+ Services:
+ Controller:
+ ExternalURL: https://fixme.example.net
+ InternalURLs:
+ http://localhost:8003: {}
+ DispatchCloud:
+ InternalURLs:
+ http://fixme.example.net:9006: {}
+ Keepbalance:
+ InternalURLs:
+ http://fixme.example.net:9005: {}
+ Keepproxy:
+ ExternalURL: https://keep.fixme.example.net
+ InternalURLs:
+ http://localhost:25100: {}
+ Keepstore:
+ InternalURLs:
+ http://keep0.fixme.example.net:25107: {}
+ RailsAPI:
+ InternalURLs:
+ http://localhost:8004: {}
+ WebDAV:
+ ExternalURL: https://collections.fixme.example.net
+ InternalURLs:
+ http://localhost:9002: {}
+ WebDAVDownload:
+ ExternalURL: https://download.fixme.example.net
+ WebShell:
+ ExternalURL: https://webshell.fixme.example.net
+ Websocket:
+ ExternalURL: wss://ws.fixme.example.net/websocket
+ InternalURLs:
+ http://localhost:8005: {}
+ Workbench1:
+ ExternalURL: https://workbench.fixme.example.net
+ Workbench2:
+ ExternalURL: https://workbench2.fixme.example.net
+
+# ### THESE ARE THE PACKAGES AND DAEMONS BASIC CONFIGS
# #### API
# api:
# pkg:
# name:
# - arvados-client
# - arvados-src
-# - libpam-arvados
-# - python-arvados-fuse
-# - python-arvados-python-client
+# - libpam-arvados-go
+# - python3-arvados-fuse
+# - python3-arvados-python-client
# - python3-arvados-cwl-runner
# gem:
# name:
# - arvados-cli
# - arvados-login-sync
+# shellinabox:
+# config: /etc/default/shellinabox
+# service:
+# name: shellinabox
+# port: 4200
+# libpam_arvados:
+# config: /etc/pam.d/arvados
# #### WORKBENCH
# workbench:
# pkg:
rails_stanza = <<-RAILS_STANZA
RailsAPI:
InternalURLs:
- "http://localhost:8004": {}
+ http://127.0.0.2:8004: {}
RAILS_STANZA
control 'arvados configuration' do
controller_stanza = <<-CONTROLLER_STANZA
Keepstore:
InternalURLs:
- "http://keep0.example.net:25107/": {}
+ http://keep0.fixme.example.net:25107: {}
CONTROLLER_STANZA
volumes_stanza = <<-VOLUMES_STANZA
Volumes:
- ### VOLUME_ONE
fixme-nyw5e-000000000000000:
+ AccessViaHosts:
+ http://keep0.fixme.example.net:25107:
+ ReadOnly: false
Driver: Directory
- DriverParameters: {Root: /tmp}
- AccessViaHosts: {'http://keep0.example.net:25107/': {}}
+ DriverParameters:
+ Root: /tmp
Replication: 2
VOLUMES_STANZA
impact 0.5
title 'should be running and enabled'
- describe service('keep-web') do
+ describe service('arvados-controller') do
it { should be_enabled }
it { should be_running }
end
- describe port(9002) do
+ describe port(8003) do
it { should be_listening }
- its('processes') { should include 'keep-web' }
+ # The undelying tools inspec uses to get the process truncates their names
+ its('processes') { should include 'arvados-control' }
end
end
keepproxy_stanza = <<-KEEPPROXY_STANZA
Keepstore:
InternalURLs:
- "http://keep0.example.net:25107/": {}
+ http://keep0.fixme.example.net:25107: {}
KEEPPROXY_STANZA
volumes_stanza = <<-VOLUMES_STANZA
Volumes:
- ### VOLUME_ONE
fixme-nyw5e-000000000000000:
+ AccessViaHosts:
+ http://keep0.fixme.example.net:25107:
+ ReadOnly: false
Driver: Directory
- DriverParameters: {Root: /tmp}
- AccessViaHosts: {'http://keep0.example.net:25107/': {}}
+ DriverParameters:
+ Root: /tmp
Replication: 2
VOLUMES_STANZA
keepstore_stanza = <<-KEEPSTORE_STANZA
Keepstore:
InternalURLs:
- "http://keep0.example.net:25107/": {}
+ http://keep0.fixme.example.net:25107: {}
KEEPSTORE_STANZA
volumes_stanza = <<-VOLUMES_STANZA
Volumes:
- ### VOLUME_ONE
fixme-nyw5e-000000000000000:
+ AccessViaHosts:
+ http://keep0.fixme.example.net:25107:
+ ReadOnly: false
Driver: Directory
- DriverParameters: {Root: /tmp}
- AccessViaHosts: {'http://keep0.example.net:25107/': {}}
+ DriverParameters:
+ Root: /tmp
Replication: 2
VOLUMES_STANZA
keepweb_stanza = <<-KEEPWEB_STANZA
WebDAV:
- ExternalURL: https://collections.example.net
+ ExternalURL: https://collections.fixme.example.net
InternalURLs:
- "http://localhost:9002": {}
+ http://127.0.0.2:9002: {}
WebDAVDownload:
- ExternalURL: https://download.example.net
+ ExternalURL: https://download.fixme.example.net
KEEPWEB_STANZA
control 'arvados configuration' do
case os[:name]
when 'centos'
repo_file = '/etc/yum.repos.d/arvados.repo'
+
repo_url = 'baseurl=http://rpm.arvados.org/CentOS/$releasever/os/$basearch/'
when 'debian'
repo_file = '/etc/apt/sources.list.d/arvados.list'
--- /dev/null
+# frozen_string_literal: true
+
+siab_stanza = <<~SIAB_STANZA
+ SHELLINABOX_PORT=4200
+ # SSL is disabled because it is terminated in Nginx. Adjust as needed.
+ SHELLINABOX_ARGS="--disable-ssl --no-beep --service=/shell.fixme.example.net:AUTH:HOME:SHELL"
+SIAB_STANZA
+
+libpam_stanza = <<~LIBPAM_STANZA
+ auth [success=1 default=ignore] /usr/lib/pam_arvados.so fixme.example.net shell.fixme.example.net
+LIBPAM_STANZA
+
+control 'shellinabox configuration' do
+ title 'should match desired lines'
+
+ describe file('/etc/default/shellinabox') do
+ it { should be_file }
+ it { should be_owned_by 'root' }
+ it { should be_grouped_into 'root' }
+ its('mode') { should cmp '0644' }
+ its('content') do
+ should include(
+ # rubocop:disable Metrics/LineLength
+ 'File managed by Salt at <salt://arvados/shell/config/files/default/shell-shellinabox.tmpl.jinja>.'
+ # rubocop:enable Metrics/LineLength
+ )
+ end
+ its('content') { should include(siab_stanza) }
+ end
+end
+
+control 'libpam-arvados configuration' do
+ title 'should match desired lines'
+
+ describe file('/etc/pam.d/arvados') do
+ it { should be_file }
+ it { should be_owned_by 'root' }
+ it { should be_grouped_into 'root' }
+ its('mode') { should cmp '0644' }
+ its('content') do
+ should include(
+ # rubocop:disable Metrics/LineLength
+ 'File managed by Salt at <salt://arvados/shell/config/files/default/shell-libpam-arvados.tmpl.jinja>.'
+ # rubocop:enable Metrics/LineLength
+ )
+ end
+ its('content') { should include(libpam_stanza) }
+ end
+end
packages_list = %w[
arvados-client
arvados-src
- libpam-arvados
- python-arvados-fuse
- python-arvados-python-client
+ libpam-arvados-go
+ python3-arvados-fuse
+ python3-arvados-python-client
python3-arvados-cwl-runner
+ shellinabox
]
gems_list = %w[
--- /dev/null
+# frozen_string_literal: true
+
+case os[:name]
+when 'centos'
+ repo_file = '/etc/yum.repos.d/arvados.repo'
+
+ repo_url = 'baseurl=http://rpm.arvados.org/CentOS/$releasever/dev/$basearch/'
+when 'debian'
+ repo_file = '/etc/apt/sources.list.d/arvados.list'
+ repo_url = 'deb http://apt.arvados.org buster-dev main'
+end
+
+control 'arvados repository' do
+ impact 1
+ title 'should be configured'
+ desc 'Ensures arvados source is correctly configured'
+ describe file(repo_file) do
+ its('content') { should match repo_url }
+ end
+end
--- /dev/null
+# frozen_string_literal: true
+
+control 'arvados shellinabox service' do
+ impact 0.5
+ title 'should be running and enabled'
+
+ describe service('shellinabox') do
+ it { should be_enabled }
+ it { should be_running }
+ end
+
+ describe port(4200) do
+ it { should be_listening }
+ its('processes') { should include 'shellinaboxd' }
+ end
+end
websocket_stanza = <<-WEBSOCKET_STANZA
Websocket:
- ExternalURL: wss://ws.example.net/websocket
+ ExternalURL: wss://ws.fixme.example.net/websocket
InternalURLs:
- "http://localhost:8005": {}
+ http://127.0.0.2:8005: {}
WEBSOCKET_STANZA
control 'arvados configuration' do
workbench_config = <<-WORKBENCH_STANZA
Workbench:
- SecretKeyBase: changeme_workbench_secret_key
- SiteName: FIXME
+ SecretKeyBase: "changeme_workbench_secret_key"
+ SiteName: FIXME
WORKBENCH_STANZA
workbench_service = <<-WORKBENCH_SERVICE_STANZA
Workbench1:
- ExternalURL: "https://workbench.example.net"
+ ExternalURL: https://workbench.fixme.example.net
WORKBENCH_SERVICE_STANZA
control 'arvados configuration' do
workbench2_service = <<-WORKBENCH2_STANZA
Workbench2:
- ExternalURL: "https://workbench2.example.net"
+ ExternalURL: https://workbench2.fixme.example.net
WORKBENCH2_STANZA
control 'arvados configuration' do
--- /dev/null
+# -*- coding: utf-8 -*-
+# vim: ft=yaml
+---
+# The variables commented out are the default values that the formula uses.
+# The uncommented values are REQUIRED values. If you don't set them, running
+# this formula will fail.
+arvados:
+ ### GENERAL CONFIG
+ # version: '2.0.4'
+ ## It makes little sense to disable this flag, but you can, if you want :)
+ # use_upstream_repo: true
+
+ ## Repo URL is built with grains values. If desired, it can be completely
+ ## overwritten with the pillar parameter 'repo_url'
+ # repo:
+ # humanname: Arvados Official Repository
+
+ ## IMPORTANT!!!!!
+ ## api, workbench and shell require some gems, so you need to make sure ruby
+ ## and deps are installed in order to install and compile the gems.
+ ## We default to `false` in these two variables as it's expected you already
+ ## manage OS packages with some other tool and you don't want us messing up
+ ## with your setup.
+ ruby:
+ ## We set these to `true` here for testing purposes.
+ ## They both default to `false`.
+ manage_ruby: true
+ manage_gems_deps: true
+
+ ### ARVADOS CLUSTER CONFIG
+ cluster:
+ name: fixme
+ domain: example.net
+
+ database:
+ # max concurrent connections per arvados server daemon
+ # connection_pool_max: 32
+ name: arvados
+ host: 127.0.0.1
+ password: changeme_arvados
+ user: arvados
+ encoding: en_US.utf8
+ client_encoding: UTF8
+
+ tls:
+ # certificate: ''
+ # key: ''
+ # required to test with snakeoil certs
+ insecure: true
+
+ ### TOKENS
+ tokens:
+ system_root: changeme_system_root_token
+ management: changeme_management_token
+ rails_secret: changeme_rails_secret_token
+ anonymous_user: changeme_anonymous_user_token
+
+ ### KEYS
+ secrets:
+ blob_signing_key: changeme_blob_signing_key
+ workbench_secret_key: changeme_workbench_secret_key
+ dispatcher_access_key: changeme_dispatcher_access_key
+ dispatcher_secret_key: changeme_dispatcher_secret_key
+ keep_access_key: changeme_keep_access_key
+ keep_secret_key: changeme_keep_secret_key
+
+ AuditLogs:
+ Section_to_ignore:
+ - some_random_value
+
+ ### VOLUMES
+ ## This should usually match all your `keepstore` instances
+ Volumes:
+ # the volume name will be composed with
+ # <cluster>-nyw5e-<volume>
+ fixme-nyw5e-000000000000000:
+ AccessViaHosts:
+ http://keep0.fixme.example.net:25107:
+ ReadOnly: false
+ Replication: 2
+ Driver: Directory
+ DriverParameters:
+ Root: /tmp
+
+ Users:
+ NewUsersAreActive: true
+ AutoAdminFirstUser: true
+ AutoSetupNewUsers: true
+ AutoSetupNewUsersWithRepository: true
+
+ Services:
+ Controller:
+ ExternalURL: https://fixme.example.net
+ InternalURLs:
+ http://127.0.0.2:8003: {}
+ DispatchCloud:
+ InternalURLs:
+ http://fixme.example.net:9006: {}
+ Keepbalance:
+ InternalURLs:
+ http://fixme.example.net:9005: {}
+ Keepproxy:
+ ExternalURL: https://keep.fixme.example.net
+ InternalURLs:
+ http://127.0.0.2:25100: {}
+ Keepstore:
+ InternalURLs:
+ http://keep0.fixme.example.net:25107: {}
+ RailsAPI:
+ InternalURLs:
+ http://127.0.0.2:8004: {}
+ WebDAV:
+ ExternalURL: https://collections.fixme.example.net
+ InternalURLs:
+ http://127.0.0.2:9002: {}
+ WebDAVDownload:
+ ExternalURL: https://download.fixme.example.net
+ WebShell:
+ ExternalURL: https://webshell.fixme.example.net
+ Websocket:
+ ExternalURL: wss://ws.fixme.example.net/websocket
+ InternalURLs:
+ http://127.0.0.2:8005: {}
+ Workbench1:
+ ExternalURL: https://workbench.fixme.example.net
+ Workbench2:
+ ExternalURL: https://workbench2.fixme.example.net
--- /dev/null
+# -*- coding: utf-8 -*-
+# vim: ft=yaml
+---
+# The variables commented out are the default values that the formula uses.
+# The uncommented values are REQUIRED values. If you don't set them, running
+# this formula will fail.
+arvados:
+ ### GENERAL CONFIG
+ # version: '2.0.4'
+ ## It makes little sense to disable this flag, but you can, if you want :)
+ # use_upstream_repo: true
+
+ ## Repo URL is built with grains values. If desired, it can be completely
+ ## overwritten with the pillar parameter 'repo_url'
+ # repo:
+ # humanname: Arvados Official Repository
+
+ release: development
+
+ ## IMPORTANT!!!!!
+ ## api, workbench and shell require some gems, so you need to make sure ruby
+ ## and deps are installed in order to install and compile the gems.
+ ## We default to `false` in these two variables as it's expected you already
+ ## manage OS packages with some other tool and you don't want us messing up
+ ## with your setup.
+ ruby:
+ ## We set these to `true` here for testing purposes.
+ ## They both default to `false`.
+ manage_ruby: true
+ manage_gems_deps: true
+ # pkg: ruby
+ # gems_deps:
+ # - curl
+ # - g++
+ # - gcc
+ # - git
+ # - libcurl4
+ # - libcurl4-gnutls-dev
+ # - libpq-dev
+ # - libxml2
+ # - libxml2-dev
+ # - make
+ # - python3-dev
+ # - ruby-dev
+ # - zlib1g-dev
+
+ # config:
+ # file: /etc/arvados/config.yml
+ # user: root
+ ## IMPORTANT!!!!!
+ ## If you're intalling any of the rails apps (api, workbench), the group
+ ## should be set to that of the web server, usually `www-data`
+ # group: root
+ # mode: 640
+
+ ### ARVADOS CLUSTER CONFIG
+ cluster:
+ name: fixme
+ domain: example.net
+
+ database:
+ # max concurrent connections per arvados server daemon
+ # connection_pool_max: 32
+ name: arvados
+ host: 127.0.0.1
+ password: changeme_arvados
+ user: arvados
+ encoding: en_US.utf8
+ client_encoding: UTF8
+
+ tls:
+ # certificate: ''
+ # key: ''
+ # required to test with snakeoil certs
+ insecure: true
+
+ ### TOKENS
+ tokens:
+ system_root: changeme_system_root_token
+ management: changeme_management_token
+ rails_secret: changeme_rails_secret_token
+ anonymous_user: changeme_anonymous_user_token
+
+ ### KEYS
+ secrets:
+ blob_signing_key: changeme_blob_signing_key
+ workbench_secret_key: changeme_workbench_secret_key
+ dispatcher_access_key: changeme_dispatcher_access_key
+ dispatcher_secret_key: changeme_dispatcher_secret_key
+ keep_access_key: changeme_keep_access_key
+ keep_secret_key: changeme_keep_secret_key
+
+ AuditLogs:
+ Section_to_ignore:
+ - some_random_value
+
+ ### VOLUMES
+ ## This should usually match all your `keepstore` instances
+ Volumes:
+ # the volume name will be composed with
+ # <cluster>-nyw5e-<volume>
+ fixme-nyw5e-000000000000000:
+ AccessViaHosts:
+ http://keep0.fixme.example.net:25107:
+ ReadOnly: false
+ Replication: 2
+ Driver: Directory
+ DriverParameters:
+ Root: /tmp
+
+ Users:
+ NewUsersAreActive: true
+ AutoAdminFirstUser: true
+ AutoSetupNewUsers: true
+ AutoSetupNewUsersWithRepository: true
+
+ Services:
+ Controller:
+ ExternalURL: https://fixme.example.net
+ InternalURLs:
+ http://127.0.0.2:8003: {}
+ DispatchCloud:
+ InternalURLs:
+ http://fixme.example.net:9006: {}
+ Keepbalance:
+ InternalURLs:
+ http://fixme.example.net:9005: {}
+ Keepproxy:
+ ExternalURL: https://keep.fixme.example.net
+ InternalURLs:
+ http://127.0.0.2:25100: {}
+ Keepstore:
+ InternalURLs:
+ http://keep0.fixme.example.net:25107: {}
+ RailsAPI:
+ InternalURLs:
+ http://127.0.0.2:8004: {}
+ WebDAV:
+ ExternalURL: https://collections.fixme.example.net
+ InternalURLs:
+ http://127.0.0.2:9002: {}
+ WebDAVDownload:
+ ExternalURL: https://download.fixme.example.net
+ WebShell:
+ ExternalURL: https://webshell.fixme.example.net
+ Websocket:
+ ExternalURL: wss://ws.fixme.example.net/websocket
+ InternalURLs:
+ http://127.0.0.2:8005: {}
+ Workbench1:
+ ExternalURL: https://workbench.fixme.example.net
+ Workbench2:
+ ExternalURL: https://workbench2.fixme.example.net
--- /dev/null
+---
+locale:
+ present:
+ - "en_US.UTF-8 UTF-8"
+ default:
+ # Note: On debian systems don't write the second 'UTF-8' here or you will
+ # experience salt problems like: LookupError: unknown encoding: utf_8_utf_8
+ # Restart the minion after you corrected this!
+ name: 'en_US.UTF-8'
+ requires: 'en_US.UTF-8 UTF-8'
---
-{% set nginx_log = '/var/log/nginx' %}
-
### ARVADOS
arvados:
config:
overwrite: true
config:
- server:
- - listen: '127.0.0.1:8004'
+ - listen: '127.0.0.2:8004'
- server_name: api
- root: /var/www/arvados-api/current/public
- index: index.html index.htm
- - access_log: {{ nginx_log }}/api.example.net-upstream.access.log combined
- - error_log: {{ nginx_log }}/api.example.net-upstream.error.log
+ - access_log: /var/log/nginx/api.fixme.example.net-upstream.access.log combined
+ - error_log: /var/log/nginx/api.fixme.example.net-upstream.error.log
- passenger_enabled: 'on'
- client_max_body_size: 128m
---
-{% set nginx_log = '/var/log/nginx' %}
-
### NGINX
nginx:
### SERVER
server:
config:
-
### STREAMS
http:
'geo $external_client':
default: 1
- '127.0.0.0/24': 0
+ '127.0.0.0/8': 0
upstream controller_upstream:
- - server: 'localhost:8003 fail_timeout=10s'
+ - server: '127.0.0.2:8003 fail_timeout=10s'
### SITES
servers:
overwrite: true
config:
- server:
- - server_name: example.net api.example.net
+ - server_name: fixme.example.net
- listen:
- 80 default
- location /.well-known:
overwrite: true
config:
- server:
- - server_name: example.net
+ - server_name: fixme.example.net
- listen:
- 443 http2 ssl
- index: index.html index.htm
- proxy_set_header: 'X-External-Client $external_client'
# - include: 'snippets/letsencrypt.conf'
- include: 'snippets/snakeoil.conf'
- - access_log: {{ nginx_log }}/example.net.access.log combined
- - error_log: {{ nginx_log }}/example.net.error.log
+ - access_log: /var/log/nginx/fixme.example.net.access.log combined
+ - error_log: /var/log/nginx/fixme.example.net.error.log
- client_max_body_size: 128m
---
-{% set nginx_log = '/var/log/nginx' %}
-
### NGINX
nginx:
### SERVER
### STREAMS
http:
upstream keepproxy_upstream:
- - server: '127.0.0.1:25107 fail_timeout=10s'
+ - server: '127.0.0.2:25100 fail_timeout=10s'
servers:
managed:
overwrite: true
config:
- server:
- - server_name: keep.example.net
+ - server_name: keep.fixme.example.net
- listen:
- 80
- location /.well-known:
overwrite: true
config:
- server:
- - server_name: keep.example.net
+ - server_name: keep.fixme.example.net
- listen:
- 443 http2 ssl
- index: index.html index.htm
- proxy_request_buffering: 'off'
# - include: 'snippets/letsencrypt.conf'
- include: 'snippets/snakeoil.conf'
- - access_log: {{ nginx_log }}/keepproxy.example.net.access.log combined
- - error_log: {{ nginx_log }}/keepproxy.example.net.error.log
+ - access_log: /var/log/nginx/keepproxy.fixme.example.net.access.log combined
+ - error_log: /var/log/nginx/keepproxy.fixme.example.net.error.log
---
-{% set nginx_log = '/var/log/nginx' %}
-
### NGINX
nginx:
### SERVER
### STREAMS
http:
upstream collections_downloads_upstream:
- - server: '127.0.0.1:9002 fail_timeout=10s'
+ - server: '127.0.0.2:9002 fail_timeout=10s'
servers:
managed:
overwrite: true
config:
- server:
- - server_name: collections.example.net download.example.net
+ - server_name: collections.fixme.example.net download.fixme.example.net
- listen:
- 80
- location /.well-known:
overwrite: true
config:
- server:
- - server_name: collections.example.net download.example.net
+ - server_name: collections.fixme.example.net download.fixme.example.net
- listen:
- 443 http2 ssl
- index: index.html index.htm
- proxy_request_buffering: 'off'
# - include: 'snippets/letsencrypt.conf'
- include: 'snippets/snakeoil.conf'
- - access_log: {{ nginx_log }}/collections.example.net.access.log combined
- - error_log: {{ nginx_log }}/collections.example.net.error.log
+ - access_log: /var/log/nginx/collections.fixme.example.net.access.log combined
+ - error_log: /var/log/nginx/collections.fixme.example.net.error.log
---
-states:
- - nginx.passenger
-
-{% set nginx_log = '/var/log/nginx' %}
-
### NGINX
nginx:
install_from_phusionpassenger: true
--- /dev/null
+---
+### NGINX
+nginx:
+ ### SERVER
+ server:
+ config:
+
+ ### STREAMS
+ http:
+ upstream webshell_upstream:
+ - server: '127.0.0.2:4200 fail_timeout=10s'
+
+ ### SITES
+ servers:
+ managed:
+ arvados_webshell:
+ enabled: true
+ overwrite: true
+ config:
+ - server:
+ - server_name: webshell.fixme.example.net
+ - listen:
+ - 80
+ - location /.well-known:
+ - root: /var/www
+ - location /:
+ - return: '301 https://$host$request_uri'
+
+ arvados_webshell-ssl:
+ enabled: true
+ overwrite: true
+ config:
+ - server:
+ - server_name: webshell.fixme.example.net
+ - listen:
+ - 443 http2 ssl
+ - index: index.html index.htm
+ - location /shell.fixme.example.net:
+ - proxy_pass: 'http://webshell_upstream'
+ - proxy_read_timeout: 90
+ - proxy_connect_timeout: 90
+ - proxy_set_header: 'Host $http_host'
+ - proxy_set_header: 'X-Real-IP $remote_addr'
+ - proxy_set_header: X-Forwarded-Proto https
+ - proxy_set_header: 'X-Forwarded-For $proxy_add_x_forwarded_for'
+ - proxy_ssl_session_reuse: 'off'
+
+ - "if ($request_method = 'OPTIONS')":
+ - add_header: "'Access-Control-Allow-Origin' '*'"
+ - add_header: "'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'"
+ - add_header: "'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'"
+ - add_header: "'Access-Control-Max-Age' 1728000"
+ - add_header: "'Content-Type' 'text/plain charset=UTF-8'"
+ - add_header: "'Content-Length' 0"
+ - return: 204
+
+ - "if ($request_method = 'POST')":
+ - add_header: "'Access-Control-Allow-Origin' '*'"
+ - add_header: "'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'"
+ - add_header: "'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'"
+
+ - "if ($request_method = 'GET')":
+ - add_header: "'Access-Control-Allow-Origin' '*'"
+ - add_header: "'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'"
+ - add_header: "'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'"
+
+ # - include: 'snippets/letsencrypt.conf'
+ - include: 'snippets/snakeoil.conf'
+ - access_log: /var/log/nginx/webshell.fixme.example.net.access.log combined
+ - error_log: /var/log/nginx/webshell.fixme.example.net.error.log
+
---
-{% set nginx_log = '/var/log/nginx' %}
-
### NGINX
nginx:
### SERVER
### STREAMS
http:
upstream websocket_upstream:
- - server: '127.0.0.1:8005 fail_timeout=10s'
+ - server: '127.0.0.2:8005 fail_timeout=10s'
servers:
managed:
overwrite: true
config:
- server:
- - server_name: ws.example.net
+ - server_name: ws.fixme.example.net
- listen:
- 80
- location /.well-known:
overwrite: true
config:
- server:
- - server_name: ws.example.net
+ - server_name: ws.fixme.example.net
- listen:
- 443 http2 ssl
- index: index.html index.htm
- proxy_request_buffering: 'off'
# - include: 'snippets/letsencrypt.conf'
- include: 'snippets/snakeoil.conf'
- - access_log: {{ nginx_log }}/ws.example.net.access.log combined
- - error_log: {{ nginx_log }}/ws.example.net.error.log
+ - access_log: /var/log/nginx/ws.fixme.example.net.access.log combined
+ - error_log: /var/log/nginx/ws.fixme.example.net.error.log
---
-{% set nginx_log = '/var/log/nginx' %}
-
### ARVADOS
arvados:
config:
overwrite: true
config:
- server:
- - server_name: workbench2.example.net
+ - server_name: workbench2.fixme.example.net
- listen:
- 80
- location /.well-known:
overwrite: true
config:
- server:
- - server_name: workbench2.example.net
+ - server_name: workbench2.fixme.example.net
- listen:
- 443 http2 ssl
- index: index.html index.htm
- try_files: '$uri $uri/ /index.html'
- 'if (-f $document_root/maintenance.html)':
- return: 503
+ - location /config.json:
+ - return: {{ "200 '" ~ '{"API_HOST":"fixme.example.net"}' ~ "'" }}
# - include: 'snippets/letsencrypt.conf'
- include: 'snippets/snakeoil.conf'
- - access_log: {{ nginx_log }}/workbench2.example.net.access.log combined
- - error_log: {{ nginx_log }}/workbench2.example.net.error.log
+ - access_log: /var/log/nginx/workbench2.fixme.example.net.access.log combined
+ - error_log: /var/log/nginx/workbench2.fixme.example.net.error.log
---
-{% set nginx_log = '/var/log/nginx' %}
-
### ARVADOS
arvados:
config:
### STREAMS
http:
upstream workbench_upstream:
- - server: '127.0.0.1:9000 fail_timeout=10s'
+ - server: '127.0.0.2:9000 fail_timeout=10s'
### SITES
servers:
overwrite: true
config:
- server:
- - server_name: workbench.example.net
+ - server_name: workbench.fixme.example.net
- listen:
- 80
- location /.well-known:
overwrite: true
config:
- server:
- - server_name: workbench.example.net
+ - server_name: workbench.fixme.example.net
- listen:
- 443 http2 ssl
- index: index.html index.htm
- proxy_set_header: 'X-Forwarded-For $proxy_add_x_forwarded_for'
# - include: 'snippets/letsencrypt.conf'
- include: 'snippets/snakeoil.conf'
- - access_log: {{ nginx_log }}/workbench.example.net.access.log combined
- - error_log: {{ nginx_log }}/workbench.example.net.error.log
+ - access_log: /var/log/nginx/workbench.fixme.example.net.access.log combined
+ - error_log: /var/log/nginx/workbench.fixme.example.net.error.log
arvados_workbench_upstream:
enabled: true
overwrite: true
config:
- server:
- - listen: '127.0.0.1:9000'
+ - listen: '127.0.0.2:9000'
- server_name: workbench
- root: /var/www/arvados-workbench/current/public
- index: index.html index.htm
+ - passenger_enabled: 'on'
# yamllint disable-line rule:line-length
- - access_log: {{ nginx_log }}/workbench.example.net-upstream.access.log combined
- - error_log: {{ nginx_log }}/workbench.example.net-upstream.error.log
+ - access_log: /var/log/nginx/workbench.fixme.example.net-upstream.access.log combined
+ - error_log: /var/log/nginx/workbench.fixme.example.net-upstream.error.log
---
-states:
- - postgres
-
### POSTGRESQL
postgres:
use_upstream_repo: false