16749: Command line user management for arvbox

[arvados.git] / tools / arvbox / lib / arvbox / docker / cluster-config.sh

diff --git a/tools/arvbox/lib/arvbox/docker/cluster-config.sh b/tools/arvbox/lib/arvbox/docker/cluster-config.sh
index 622871ac5fac757bb8f1519cdf6902e521d93031..3ae1abe62eaa4af14e461be9a787f2afee1786e0 100755 (executable)
--- a/tools/arvbox/lib/arvbox/docker/cluster-config.sh
+++ b/tools/arvbox/lib/arvbox/docker/cluster-config.sh
@@ -6,7 +6,7 @@
 exec 2>&1
 set -ex -o pipefail
 
-if [[ -s /etc/arvados/config.yml ]] ; then
+if [[ -s /etc/arvados/config.yml ]] && [[ /var/lib/arvados/cluster_config.yml.override -ot /etc/arvados/config.yml ]] ; then
    exit
 fi
 
@@ -34,10 +34,10 @@ if ! test -s /var/lib/arvados/management_token ; then
 fi
 management_token=$(cat /var/lib/arvados/management_token)
 
-if ! test -s /var/lib/arvados/sso_app_secret ; then
-    ruby -e 'puts rand(2**400).to_s(36)' > /var/lib/arvados/sso_app_secret
+if ! test -s /var/lib/arvados/system_root_token ; then
+    ruby -e 'puts rand(2**400).to_s(36)' > /var/lib/arvados/system_root_token
 fi
-sso_app_secret=$(cat /var/lib/arvados/sso_app_secret)
+system_root_token=$(cat /var/lib/arvados/system_root_token)
 
 if ! test -s /var/lib/arvados/vm-uuid ; then
     echo $uuid_prefix-2x53u-$(ruby -e 'puts rand(2**400).to_s(36)[0,15]') > /var/lib/arvados/vm-uuid
@@ -68,6 +68,7 @@ fi
 cat >/var/lib/arvados/cluster_config.yml <<EOF
 Clusters:
   ${uuid_prefix}:
+    SystemRootToken: $system_root_token
     ManagementToken: $management_token
     Services:
       RailsAPI:
@@ -77,8 +78,6 @@ Clusters:
         ExternalURL: "https://$localip:${services[workbench]}"
       Workbench2:
         ExternalURL: "https://$localip:${services[workbench2-ssl]}"
-      SSO:
-        ExternalURL: "https://$localip:${services[sso]}"
       Keepproxy:
         ExternalURL: "https://$localip:${services[keepproxy-ssl]}"
         InternalURLs:
@@ -133,15 +132,14 @@ Clusters:
       DefaultReplication: 1
       TrustAllContent: true
     Login:
-      ProviderAppSecret: $sso_app_secret
-      ProviderAppID: arvados-server
+      Test:
+        Enable: true
     Users:
       NewUsersAreActive: true
-      AutoAdminFirstUser: true
+      AutoAdminUserWithEmail: admin@example.com
       AutoSetupNewUsers: true
       AutoSetupNewUsersWithVmUUID: $vm_uuid
       AutoSetupNewUsersWithRepository: true
-      AnonymousUserToken: $(cat /var/lib/arvados/superuser_token)
     Workbench:
       SecretKeyBase: $workbench_secret_key_base
       ArvadosDocsite: http://$localip:${services[doc]}/
@@ -168,6 +166,18 @@ EOF
 
 cp /var/lib/arvados/cluster_config.yml /etc/arvados/config.yml
 
+chmod og-rw \
+      /var/lib/arvados/cluster_config.yml.override \
+      /var/lib/arvados/cluster_config.yml \
+      /etc/arvados/config.yml \
+      /var/lib/arvados/api_secret_token \
+      /var/lib/arvados/blob_signing_key \
+      /var/lib/arvados/management_token \
+      /var/lib/arvados/system_root_token \
+      /var/lib/arvados/api_database_pw \
+      /var/lib/arvados/workbench_secret_token \
+      /var/lib/arvados/superuser_token \
+
 mkdir -p /var/lib/arvados/run_tests
 cat >/var/lib/arvados/run_tests/config.yml <<EOF
 Clusters: