test(examples): nginx config examples for webshells

diff --git a/test/integration/controller/controls/resources_spec.rb b/test/integration/controller/controls/resources_spec.rb
index 2d05a1ed30851256da1c051ce676aa7239624580..8d2175267da745ad17bca40e72fc8365482c5a08 100644 (file)
--- a/test/integration/controller/controls/resources_spec.rb
+++ b/test/integration/controller/controls/resources_spec.rb
@@ -20,7 +20,7 @@ control 'arvados api resources' do
 
   %w[
     webshell1
 
   %w[
     webshell1

-    webshell2
+    shell.internal

     webshell3
   ].each do |vm|
     describe "virtual machine #{vm}" do
     webshell3
   ].each do |vm|
     describe "virtual machine #{vm}" do

diff --git a/test/salt/pillar/arvados.sls b/test/salt/pillar/arvados.sls
index 81d22d41a7a692818e88e77cdf7d60d6c56706a1..6ba0d1f9b8aaf4753a082ce3a3ae3250ff8428fa 100644 (file)
--- a/test/salt/pillar/arvados.sls
+++ b/test/salt/pillar/arvados.sls
@@ -61,7 +61,7 @@ arvados:
           name: webshell1
           backend: 1.2.3.4
           port: 4200
           name: webshell1
           backend: 1.2.3.4
           port: 4200

-        webshell2: {}
+        shell.internal: {}

         webshell3:
           backend: 4.3.2.1
           port: 4500
         webshell3:
           backend: 4.3.2.1
           port: 4500

diff --git a/test/salt/pillar/examples/nginx_webshell_configuration.sls b/test/salt/pillar/examples/nginx_webshell_configuration.sls
index e28fb9a67c3b036dfdd297d432a2db417cbfa729..050adf999bde465103c8c489106cde45d352719d 100644 (file)
--- a/test/salt/pillar/examples/nginx_webshell_configuration.sls
+++ b/test/salt/pillar/examples/nginx_webshell_configuration.sls
@@ -1,15 +1,39 @@
 ---
 ---

+# This parameter will be used here to generate a list of upstreams and vhosts.
+# This dict is here for convenience and should be managed some other way, but the
+# different ways of orchestration that can be used for this are outside the scope
+# of this formula and their examples.
+# These upstreams should match those defined in `arvados:cluster:resources:virtual_machines`
+{% set webshell_virtual_machines = {
+  'shell1': {
+    'name': 'webshell1',
+    'backend': '1.2.3.4',
+    'port': 4200,
+  },
+  'shell.internal': {},
+  'webshell3': {
+    'backend': '4.3.2.1',
+    'port': 4500,
+  }
+}
+%}
+

 ### NGINX
 nginx:
   ### SERVER
   server:
     config:
 ### NGINX
 nginx:
   ### SERVER
   server:
     config:

-

       ### STREAMS
       http:
       ### STREAMS
       http:

-        {%- for shell_node, params in %}
-        upstream webshell_upstream:
-          - server: 'shell.internal:4200 fail_timeout=10s'
+        {%- for vm, params in webshell_virtual_machines.items() %}
+          {%- set vm_name = params.name | default(vm) %}
+          {%- set vm_backend = params.backend | default(vm_name) %}
+          {%- set vm_port = params.port | default(4200) %}
+
+        upstream {{ vm_name }}_upstream:
+          - server: '{{ vm_backend }}:{{ vm_port }} fail_timeout=10s'
+
+        {%- endfor %}

 
   ### SITES
   servers:
 
   ### SITES
   servers:


@@ -36,8 +60,10 @@ nginx:
             - listen:
               - 443 http2 ssl
             - index: index.html index.htm
             - listen:
               - 443 http2 ssl
             - index: index.html index.htm

-            - location /shell.fixme.example.net:
-              - proxy_pass: 'http://webshell_upstream'
+            {%- for vm, params in webshell_virtual_machines.items() %}
+              {%- set vm_name = params.name | default(vm) %}
+            - location /{{ vm_name }}:
+              - proxy_pass: 'http://{{ vm_name }}_upstream'

               - proxy_read_timeout: 90
               - proxy_connect_timeout: 90
               - proxy_set_header: 'Host $http_host'
               - proxy_read_timeout: 90
               - proxy_connect_timeout: 90
               - proxy_set_header: 'Host $http_host'


@@ -64,6 +90,7 @@ nginx:
                 - add_header: "'Access-Control-Allow-Origin' '*'"
                 - add_header: "'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'"
                 - add_header: "'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'"
                 - add_header: "'Access-Control-Allow-Origin' '*'"
                 - add_header: "'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'"
                 - add_header: "'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'"

+            {%- endfor %}

             - include: 'snippets/ssl_hardening_default.conf'
             # - include: 'snippets/letsencrypt.conf'
             - include: 'snippets/ssl_snakeoil.conf'
             - include: 'snippets/ssl_hardening_default.conf'
             # - include: 'snippets/letsencrypt.conf'
             - include: 'snippets/ssl_snakeoil.conf'

diff --git a/test/salt/pillar/examples/nginx_workbench_configuration.sls b/test/salt/pillar/examples/nginx_workbench_configuration.sls
index e34ad2dc329bf7d8a3eb51444f9792fbd428ff6e..34d82213bc74d5b60e4f96bf566b801e1147cc68 100644 (file)
--- a/test/salt/pillar/examples/nginx_workbench_configuration.sls
+++ b/test/salt/pillar/examples/nginx_workbench_configuration.sls
@@ -37,10 +37,9 @@ nginx:
             - server_name: workbench.fixme.example.net
             - listen:
               - 443 http2 ssl
             - server_name: workbench.fixme.example.net
             - listen:
               - 443 http2 ssl

-            - index: index.html index.htm
-            - location /:

             - root: /var/www/arvados-workbench/current/public
             - passenger_enabled: 'on'
             - root: /var/www/arvados-workbench/current/public
             - passenger_enabled: 'on'

+            - index: index.html index.htm

             - include: 'snippets/ssl_hardening_default.conf'
             # - include: 'snippets/letsencrypt.conf'
             - include: 'snippets/ssl_snakeoil.conf'
             - include: 'snippets/ssl_hardening_default.conf'
             # - include: 'snippets/letsencrypt.conf'
             - include: 'snippets/ssl_snakeoil.conf'