X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/c2aceca339ec3a6f3d853865cebd0efe348ff518..41455a27d35a716f2f15cb60c282fe33696688a0:/tools/salt-install/local.params.example.single_host_multiple_hostnames diff --git a/tools/salt-install/local.params.example.single_host_multiple_hostnames b/tools/salt-install/local.params.example.single_host_multiple_hostnames index ae54e7437a..a77cb24575 100644 --- a/tools/salt-install/local.params.example.single_host_multiple_hostnames +++ b/tools/salt-install/local.params.example.single_host_multiple_hostnames @@ -40,13 +40,34 @@ WORKBENCH_SECRET_KEY=workbenchsecretkeymushaveatleast32characters DATABASE_PASSWORD=please_set_this_to_some_secure_value # SSL CERTIFICATES -# Arvados REQUIRES valid SSL to work correctly. Otherwise, some components will fail -# to communicate and can silently drop traffic. You can try to use the Letsencrypt -# salt formula (https://github.com/saltstack-formulas/letsencrypt-formula) to try to -# automatically obtain and install SSL certificates for your instances or set this -# variable to "no", provide and upload your own certificates to the instances and -# modify the 'nginx_*' salt pillars accordingly -USE_LETSENCRYPT="no" +# Arvados requires SSL certificates to work correctly. This installer supports these options: +# * self-signed: let the installer create self-signed certificate(s) +# * bring-your-own: supply your own certificate(s) in the `certs` directory +# +# See https://doc.arvados.org/intall/salt-single-host.html#certificates for more information. +SSL_MODE="self-signed" + +# If you going to provide your own certificates for Arvados, the provision script can +# help you deploy them. In order to do that, you need to set `SSL_MODE=bring-your-own` above, +# and copy the required certificates under the directory specified in the next line. +# The certs will be copied from this directory by the provision script. +# Please set it to the FULL PATH to the certs dir if you're going to use a different dir +# Default is "${SCRIPT_DIR}/certs", where the variable "SCRIPT_DIR" has the path to the +# directory where the "provision.sh" script was copied in the destination host. +# CUSTOM_CERTS_DIR="${SCRIPT_DIR}/certs" +# The script expects cert/key files with these basenames (matching the role except for +# keepweb, which is split in both download/collections): +# "controller" +# "websocket" +# "workbench" +# "workbench2" +# "webshell" +# "download" # Part of keepweb +# "collections" # Part of keepweb +# "keepproxy" +# Ie., 'keepproxy', the script will lookup for +# ${CUSTOM_CERTS_DIR}/keepproxy.crt +# ${CUSTOM_CERTS_DIR}/keepproxy.key # The directory to check for the config files (pillars, states) you want to use. # There are a few examples under 'config_examples'. @@ -70,8 +91,8 @@ RELEASE="production" # Formulas versions # ARVADOS_TAG="2.2.0" -# POSTGRES_TAG="v0.41.6" -# NGINX_TAG="temp-fix-missing-statements-in-pillar" -# DOCKER_TAG="v1.0.0" +# POSTGRES_TAG="v0.43.0" +# NGINX_TAG="v2.8.0" +# DOCKER_TAG="v2.0.7" # LOCALE_TAG="v0.3.4" # LETSENCRYPT_TAG="v2.1.0"