fix(dispatcher): add missing crunch-dispatch-local config file

diff --git a/arvados/dispatcher/service/file.sls b/arvados/dispatcher/service/file.sls
index df752863d3b0eedfe76e53b190e5307016f64d31..0e2d2764d027dbbde3f31a2fcea6a2cbab080336 100644 (file)
--- a/arvados/dispatcher/service/file.sls
+++ b/arvados/dispatcher/service/file.sls
@@ -13,15 +13,15 @@ include:
   - .running
 
 {%- if arvados.dispatcher.pkg.name == 'crunch-dispatch-local' %}
   - .running
 
 {%- if arvados.dispatcher.pkg.name == 'crunch-dispatch-local' %}

-arvados-dispatcher-service-file-file-managed-crunch-run-sh:
+arvados-dispatcher-service-file-file-managed-crunch-dispatch-local-credentials:

   file.managed:
   file.managed:

-    - name: /usr/local/bin/crunch-run.sh
-    - source: {{ files_switch(['crunch-run-sh.tmpl'],
-                              lookup='arvados-dispatcher-service-file-file-managed-crunch-run-sh',
+    - name: /etc/arvados/crunch-dispatch-local-credentials
+    - source: {{ files_switch(['crunch-dispatch-local-credentials.tmpl'],
+                              lookup='arvados-dispatcher-service-file-file-managed-crunch-dispatch-local-credentials',

                               use_subpath=True
                  )
               }}
                               use_subpath=True
                  )
               }}

-    - mode: '0755'
+    - mode: '0640'

     - user: root
     - group: root
     - makedirs: True
     - user: root
     - group: root
     - makedirs: True


@@ -47,7 +47,7 @@ arvados-dispatcher-service-file-file-managed-crunch-dispatch-local-service:
     - context:
         arvados: {{ arvados | json }}
     - require:
     - context:
         arvados: {{ arvados | json }}
     - require:

-      - file: arvados-dispatcher-service-file-file-managed-crunch-run-sh
+      - file: arvados-dispatcher-service-file-file-managed-crunch-dispatch-local-credentials

       - pkg: arvados-dispatcher-package-install-pkg-installed
   cmd.run:
     - name: systemctl daemon-reload
       - pkg: arvados-dispatcher-package-install-pkg-installed
   cmd.run:
     - name: systemctl daemon-reload

diff --git a/arvados/dispatcher/service/files/default/crunch-dispatch-local-credentials.tmpl b/arvados/dispatcher/service/files/default/crunch-dispatch-local-credentials.tmpl
new file mode 100644 (file)
index 0000000..b1ae942
--- /dev/null
+++ b/arvados/dispatcher/service/files/default/crunch-dispatch-local-credentials.tmpl
@@ -0,0 +1,9 @@
+########################################################################
+# File managed by Salt at <{{ source }}>.
+# Your changes will be overwritten.
+########################################################################
+# ARVADOS_API_HOST= arvados.cluster.Services.RailsAPI.InternalURLs:main 
+# ARVADOS_API_HOST={% for key in arvados.cluster.Services.Controller.InternalURLs %}{{ key | regex_replace('^http(s?)://', '', ignorecase=true) }}{% endfor %}
+ARVADOS_API_HOST={{ arvados.cluster.Services.Controller.ExternalURL | regex_replace('^http(s?)://', '', ignorecase=true) }}
+ARVADOS_API_HOST_INSECURE={{ '1' if arvados.cluster.tls.insecure | default('0') }}
+ARVADOS_API_TOKEN={{ arvados.cluster.tokens.system_root }}

diff --git a/arvados/dispatcher/service/files/default/crunch-dispatch-local-service.tmpl b/arvados/dispatcher/service/files/default/crunch-dispatch-local-service.tmpl
index f0cda3ef864c69a75e82a9fe54ac17e7c9211aaf..4d908a6e1d7f6ddd5f3f4dc037045174b0416d11 100644 (file)
--- a/arvados/dispatcher/service/files/default/crunch-dispatch-local-service.tmpl
+++ b/arvados/dispatcher/service/files/default/crunch-dispatch-local-service.tmpl
@@ -15,8 +15,8 @@ StartLimitIntervalSec=0
 
 [Service]
 Type=simple
 
 [Service]
 Type=simple

-EnvironmentFile=-/etc/arvados/environment
-ExecStart=/usr/bin/crunch-dispatch-local -poll-interval=1 -crunch-run-command=/usr/local/bin/crunch-run.sh
+EnvironmentFile=-/etc/arvados/crunch-dispatch-local-credentials
+ExecStart=/usr/bin/crunch-dispatch-local -poll-interval=1 -crunch-run-command=/usr/bin/crunch-run

 # Set a reasonable default for the open file limit
 LimitNOFILE=65536
 Restart=always
 # Set a reasonable default for the open file limit
 LimitNOFILE=65536
 Restart=always

diff --git a/arvados/dispatcher/service/files/default/crunch-run-sh.tmpl b/arvados/dispatcher/service/files/default/crunch-run-sh.tmpl
deleted file mode 100644 (file)
index 5c15293..0000000
--- a/arvados/dispatcher/service/files/default/crunch-run-sh.tmpl
+++ /dev/null
@@ -1,6 +0,0 @@
-########################################################################
-# File managed by Salt at <{{ source }}>.
-# Your changes will be overwritten.
-########################################################################
-#!/bin/sh
-exec /usr/bin/crunch-run -container-enable-networking=default -container-network-mode=host $@

diff --git a/test/salt/pillar/examples/nginx_passenger.sls b/test/salt/pillar/examples/nginx_passenger.sls
index 1cc9cce5dd663864428c09b21d2920fac44db180..8c41acbd461040c3f86479e02e4f041ddc5cb604 100644 (file)
--- a/test/salt/pillar/examples/nginx_passenger.sls
+++ b/test/salt/pillar/examples/nginx_passenger.sls
@@ -39,8 +39,9 @@ nginx:
       - add_header: 'Strict-Transport-Security "max-age=63072000" always'
 
       # OCSP stapling
       - add_header: 'Strict-Transport-Security "max-age=63072000" always'
 
       # OCSP stapling

-      - ssl_stapling: 'on'
-      - ssl_stapling_verify: 'on'
+      # FIXME! Stapling does not work with self-signed certificates, so disabling for tests
+      # - ssl_stapling: 'on'
+      # - ssl_stapling_verify: 'on'

 
       # verify chain of trust of OCSP response using Root CA and Intermediate certs
       # - ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates
 
       # verify chain of trust of OCSP response using Root CA and Intermediate certs
       # - ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates