From: Javier Bértoli <javier@netmanagers.com.ar>
Date: Thu, 19 Nov 2020 10:40:12 +0000 (-0300)
Subject: fix(dispatcher): add missing crunch-dispatch-local config file
X-Git-Url: https://git.arvados.org/arvados-formula.git/commitdiff_plain/91e5896ec5fad6edbb8cc2574cd02f6ddd5f3a1c

fix(dispatcher): add missing crunch-dispatch-local config file
---

diff --git a/arvados/dispatcher/service/file.sls b/arvados/dispatcher/service/file.sls
index df75286..0e2d276 100644
--- a/arvados/dispatcher/service/file.sls
+++ b/arvados/dispatcher/service/file.sls
@@ -13,15 +13,15 @@ include:
   - .running
 
 {%- if arvados.dispatcher.pkg.name == 'crunch-dispatch-local' %}
-arvados-dispatcher-service-file-file-managed-crunch-run-sh:
+arvados-dispatcher-service-file-file-managed-crunch-dispatch-local-credentials:
   file.managed:
-    - name: /usr/local/bin/crunch-run.sh
-    - source: {{ files_switch(['crunch-run-sh.tmpl'],
-                              lookup='arvados-dispatcher-service-file-file-managed-crunch-run-sh',
+    - name: /etc/arvados/crunch-dispatch-local-credentials
+    - source: {{ files_switch(['crunch-dispatch-local-credentials.tmpl'],
+                              lookup='arvados-dispatcher-service-file-file-managed-crunch-dispatch-local-credentials',
                               use_subpath=True
                  )
               }}
-    - mode: '0755'
+    - mode: '0640'
     - user: root
     - group: root
     - makedirs: True
@@ -47,7 +47,7 @@ arvados-dispatcher-service-file-file-managed-crunch-dispatch-local-service:
     - context:
         arvados: {{ arvados | json }}
     - require:
-      - file: arvados-dispatcher-service-file-file-managed-crunch-run-sh
+      - file: arvados-dispatcher-service-file-file-managed-crunch-dispatch-local-credentials
       - pkg: arvados-dispatcher-package-install-pkg-installed
   cmd.run:
     - name: systemctl daemon-reload
diff --git a/arvados/dispatcher/service/files/default/crunch-dispatch-local-credentials.tmpl b/arvados/dispatcher/service/files/default/crunch-dispatch-local-credentials.tmpl
new file mode 100644
index 0000000..b1ae942
--- /dev/null
+++ b/arvados/dispatcher/service/files/default/crunch-dispatch-local-credentials.tmpl
@@ -0,0 +1,9 @@
+########################################################################
+# File managed by Salt at <{{ source }}>.
+# Your changes will be overwritten.
+########################################################################
+# ARVADOS_API_HOST= arvados.cluster.Services.RailsAPI.InternalURLs:main 
+# ARVADOS_API_HOST={% for key in arvados.cluster.Services.Controller.InternalURLs %}{{ key | regex_replace('^http(s?)://', '', ignorecase=true) }}{% endfor %}
+ARVADOS_API_HOST={{ arvados.cluster.Services.Controller.ExternalURL | regex_replace('^http(s?)://', '', ignorecase=true) }}
+ARVADOS_API_HOST_INSECURE={{ '1' if arvados.cluster.tls.insecure | default('0') }}
+ARVADOS_API_TOKEN={{ arvados.cluster.tokens.system_root }}
diff --git a/arvados/dispatcher/service/files/default/crunch-dispatch-local-service.tmpl b/arvados/dispatcher/service/files/default/crunch-dispatch-local-service.tmpl
index f0cda3e..4d908a6 100644
--- a/arvados/dispatcher/service/files/default/crunch-dispatch-local-service.tmpl
+++ b/arvados/dispatcher/service/files/default/crunch-dispatch-local-service.tmpl
@@ -15,8 +15,8 @@ StartLimitIntervalSec=0
 
 [Service]
 Type=simple
-EnvironmentFile=-/etc/arvados/environment
-ExecStart=/usr/bin/crunch-dispatch-local -poll-interval=1 -crunch-run-command=/usr/local/bin/crunch-run.sh
+EnvironmentFile=-/etc/arvados/crunch-dispatch-local-credentials
+ExecStart=/usr/bin/crunch-dispatch-local -poll-interval=1 -crunch-run-command=/usr/bin/crunch-run
 # Set a reasonable default for the open file limit
 LimitNOFILE=65536
 Restart=always
diff --git a/arvados/dispatcher/service/files/default/crunch-run-sh.tmpl b/arvados/dispatcher/service/files/default/crunch-run-sh.tmpl
deleted file mode 100644
index 5c15293..0000000
--- a/arvados/dispatcher/service/files/default/crunch-run-sh.tmpl
+++ /dev/null
@@ -1,6 +0,0 @@
-########################################################################
-# File managed by Salt at <{{ source }}>.
-# Your changes will be overwritten.
-########################################################################
-#!/bin/sh
-exec /usr/bin/crunch-run -container-enable-networking=default -container-network-mode=host $@
diff --git a/test/salt/pillar/examples/nginx_passenger.sls b/test/salt/pillar/examples/nginx_passenger.sls
index 1cc9cce..8c41acb 100644
--- a/test/salt/pillar/examples/nginx_passenger.sls
+++ b/test/salt/pillar/examples/nginx_passenger.sls
@@ -39,8 +39,9 @@ nginx:
       - add_header: 'Strict-Transport-Security "max-age=63072000" always'
 
       # OCSP stapling
-      - ssl_stapling: 'on'
-      - ssl_stapling_verify: 'on'
+      # FIXME! Stapling does not work with self-signed certificates, so disabling for tests
+      # - ssl_stapling: 'on'
+      # - ssl_stapling_verify: 'on'
 
       # verify chain of trust of OCSP response using Root CA and Intermediate certs
       # - ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates