X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/22fcbed20b2691bcdfa5854004dcb95aa1f2e40d..3b0f80205c1942cc954eb891691c7c382aa9c87c:/tools/salt-install/local.params.example.multiple_hosts diff --git a/tools/salt-install/local.params.example.multiple_hosts b/tools/salt-install/local.params.example.multiple_hosts index 283c631ec5..fdba88dbe0 100644 --- a/tools/salt-install/local.params.example.multiple_hosts +++ b/tools/salt-install/local.params.example.multiple_hosts @@ -43,7 +43,6 @@ DATABASE_INT_IP=10.0.0.6 SHELL_INT_IP=10.0.0.7 INITIAL_USER="admin" -INITIAL_USER_PASSWORD="password" # If not specified, the initial user email will be composed as # INITIAL_USER@CLUSTER.DOMAIN @@ -64,7 +63,7 @@ DATABASE_PASSWORD=please_set_this_to_some_secure_value # salt formula (https://github.com/saltstack-formulas/letsencrypt-formula) to try to # automatically obtain and install SSL certificates for your instances or set this # variable to "no", provide and upload your own certificates to the instances and -# modify the 'nginx_*' salt pillars accordingly +# modify the 'nginx_*' salt pillars accordingly (see CUSTOM_CERTS_DIR below) USE_LETSENCRYPT="yes" USE_LETSENCRYPT_IAM_USER="yes" # For collections, we need to obtain a wildcard certificate for @@ -76,6 +75,25 @@ LE_AWS_REGION="us-east-1" LE_AWS_ACCESS_KEY_ID="AKIABCDEFGHIJKLMNOPQ" LE_AWS_SECRET_ACCESS_KEY="thisistherandomstringthatisyoursecretkey" +# If you going to provide your own certificates for Arvados, the provision script can +# help you deploy them. In order to do that, you need to set `USE_LETSENCRYPT=no` above, +# and copy the required certificates under the directory specified in the next line. +# The certs will be copied from this directory by the provision script. +CUSTOM_CERTS_DIR="./certs" +# The script expects cert/key files with these basenames (matching the role except for +# keepweb, which is split in both downoad/collections): +# "controller" +# "websocket" +# "workbench" +# "workbench2" +# "webshell" +# "download" # Part of keepweb +# "collections" # Part of keepweb +# "keep" # Keepproxy +# Ie., 'keep', the script will lookup for +# ${CUSTOM_CERTS_DIR}/keep.crt +# ${CUSTOM_CERTS_DIR}/keep.key + # The directory to check for the config files (pillars, states) you want to use. # There are a few examples under 'config_examples'. # CONFIG_DIR="local_config_dir"