- .running
{%- if arvados.dispatcher.pkg.name == 'crunch-dispatch-local' %}
-arvados-dispatcher-service-file-file-managed-crunch-run-sh:
+arvados-dispatcher-service-file-file-managed-crunch-dispatch-local-credentials:
file.managed:
- - name: /usr/local/bin/crunch-run.sh
- - source: {{ files_switch(['crunch-run-sh.tmpl'],
- lookup='arvados-dispatcher-service-file-file-managed-crunch-run-sh',
+ - name: /etc/arvados/crunch-dispatch-local-credentials
+ - source: {{ files_switch(['crunch-dispatch-local-credentials.tmpl'],
+ lookup='arvados-dispatcher-service-file-file-managed-crunch-dispatch-local-credentials',
use_subpath=True
)
}}
- - mode: '0755'
+ - mode: '0640'
- user: root
- group: root
- makedirs: True
- context:
arvados: {{ arvados | json }}
- require:
- - file: arvados-dispatcher-service-file-file-managed-crunch-run-sh
+ - file: arvados-dispatcher-service-file-file-managed-crunch-dispatch-local-credentials
- pkg: arvados-dispatcher-package-install-pkg-installed
cmd.run:
- name: systemctl daemon-reload
--- /dev/null
+########################################################################
+# File managed by Salt at <{{ source }}>.
+# Your changes will be overwritten.
+########################################################################
+# ARVADOS_API_HOST= arvados.cluster.Services.RailsAPI.InternalURLs:main
+# ARVADOS_API_HOST={% for key in arvados.cluster.Services.Controller.InternalURLs %}{{ key | regex_replace('^http(s?)://', '', ignorecase=true) }}{% endfor %}
+ARVADOS_API_HOST={{ arvados.cluster.Services.Controller.ExternalURL | regex_replace('^http(s?)://', '', ignorecase=true) }}
+ARVADOS_API_HOST_INSECURE={{ '1' if arvados.cluster.tls.insecure | default('0') }}
+ARVADOS_API_TOKEN={{ arvados.cluster.tokens.system_root }}
[Service]
Type=simple
-EnvironmentFile=-/etc/arvados/environment
-ExecStart=/usr/bin/crunch-dispatch-local -poll-interval=1 -crunch-run-command=/usr/local/bin/crunch-run.sh
+EnvironmentFile=-/etc/arvados/crunch-dispatch-local-credentials
+ExecStart=/usr/bin/crunch-dispatch-local -poll-interval=1 -crunch-run-command=/usr/bin/crunch-run
# Set a reasonable default for the open file limit
LimitNOFILE=65536
Restart=always
+++ /dev/null
-########################################################################
-# File managed by Salt at <{{ source }}>.
-# Your changes will be overwritten.
-########################################################################
-#!/bin/sh
-exec /usr/bin/crunch-run -container-enable-networking=default -container-network-mode=host $@
- add_header: 'Strict-Transport-Security "max-age=63072000" always'
# OCSP stapling
- - ssl_stapling: 'on'
- - ssl_stapling_verify: 'on'
+ # FIXME! Stapling does not work with self-signed certificates, so disabling for tests
+ # - ssl_stapling: 'on'
+ # - ssl_stapling_verify: 'on'
# verify chain of trust of OCSP response using Root CA and Intermediate certs
# - ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates