<div class="releasenotes">
</notextile>
-h2(#main). development main (as of 2022-12-22)
+h2(#main). development main (as of 2023-01-16)
"previous: Upgrading to 2.5.0":#v2_5_0
+h3. Slow migration on upgrade
+
+This upgrade includes a database schema update (changing an integer column in each table from 32-bit to 64-bit) that may be slow on a large installation. Expect the arvados-api-server package upgrade to take longer than usual.
+
h2(#v2_5_0). v2.5.0 (2022-12-22)
"previous: Upgrading to 2.4.4":#v2_4_4
+h3. Dispatchers require PostgreSQL database access
+
+All dispatchers (cloud, LSF, and Slurm) now connect directly to the PostgreSQL database. Make sure these connections are supported by your network firewall rules, PostgreSQL connection settings, and PostgreSQL server configuration (in @pg_hba.conf@) as shown in the "PostgreSQL install instructions":{{site.baseurl}}/install/install-postgresql.html.
+
h3. Google or OpenID Connect login restricted to trusted clients
If you use OpenID Connect or Google login, and your cluster serves as the @LoginCluster@ in a federation _or_ your users log in from a web application other than the Workbench1 and Workbench2 @ExternalURL@ addresses in your configuration file, the additional web application URLs (e.g., the other clusters' Workbench addresses) must be listed explicitly in @Login.TrustedClients@, otherwise login will fail. Previously, login would succeed with a less-privileged token.
~$ <span class="userinput">scl enable rh-postgresql12 bash</span></pre></notextile>
# Initialize the database
<notextile><pre># <span class="userinput">postgresql-setup initdb</span></pre></notextile>
-# Configure the database to accept password connections
+# Configure the database to accept password connections from localhost
<notextile><pre><code># <span class="userinput">sed -ri -e 's/^(host +all +all +(127\.0\.0\.1\/32|::1\/128) +)ident$/\1md5/' /var/lib/pgsql/data/pg_hba.conf</span></code></pre></notextile>
+# Configure the database to accept password connections from the local network (replace @10.9.8.0/24@ with your private network mask)
+ <notextile><pre><code># <span class="userinput">echo 'host all all 10.9.8.0/24 md5' | tee -a /var/lib/pgsql/data/pg_hba.conf</span></code></pre></notextile>
# Configure the database to launch at boot and start now
<notextile><pre># <span class="userinput">systemctl enable --now rh-postgresql12-postgresql</span></pre></notextile>
Debian 10 (Buster) and Ubuntu 16.04 (Xenial) and later versions include a sufficiently recent version of Postgres.
# Install PostgreSQL
- <notextile><pre># <span class="userinput">apt-get --no-install-recommends install postgresql postgresql-contrib</span></pre></notextile>
+<notextile><pre># <span class="userinput">apt-get --no-install-recommends install postgresql postgresql-contrib</span></pre></notextile>
+# Configure PostgreSQL to accept password connections from the local network (replace @10.9.8.0/24@ with your private network mask)
+<notextile><pre># <span class="userinput">echo 'host all all 10.9.8.0/24 md5' | tee -a /etc/postgresql/*/main/pg_hba.conf</span></pre></notextile>
# Configure the database to launch at boot and start now
<notextile><pre># <span class="userinput">systemctl enable --now postgresql</span></pre></notextile>
// If the request has a parameter whose name is attrsKey (e.g.,
// "collection"), it is renamed to "attrs".
func (rtr *router) loadRequestParams(req *http.Request, attrsKey string) (map[string]interface{}, error) {
+ // Here we call ParseForm and ParseMultipartForm explicitly
+ // (even though ParseMultipartForm calls ParseForm if
+ // necessary) to ensure we catch errors encountered in
+ // ParseForm. In the non-multipart-form case,
+ // ParseMultipartForm returns ErrNotMultipart and hides the
+ // ParseForm error.
err := req.ParseForm()
+ if err == nil {
+ err = req.ParseMultipartForm(int64(rtr.config.MaxRequestSize))
+ if err == http.ErrNotMultipart {
+ err = nil
+ }
+ }
if err != nil {
if err.Error() == "http: request body too large" {
return nil, httpError(http.StatusRequestEntityTooLarge, err)
"bytes"
"encoding/json"
"io"
+ "mime/multipart"
"net/http"
"net/http/httptest"
"net/url"
}
if tr.json {
req.Header.Set("Content-Type", "application/json")
- } else {
+ } else if tr.header.Get("Content-Type") == "" {
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
}
for k, v := range tr.header {
func (s *RouterSuite) TestAttrsInBody(c *check.C) {
attrs := map[string]interface{}{"foo": "bar"}
+
+ multipartBody := new(bytes.Buffer)
+ multipartWriter := multipart.NewWriter(multipartBody)
+ multipartWriter.WriteField("attrs", `{"foo":"bar"}`)
+ multipartWriter.Close()
+
for _, tr := range []testReq{
{attrsKey: "model_name", json: true, attrs: attrs},
{attrsKey: "model_name", json: true, attrs: attrs, jsonAttrsTop: true},
{attrsKey: "model_name", json: true, attrs: attrs, jsonAttrsTop: true, jsonStringParam: true},
{attrsKey: "model_name", json: true, attrs: attrs, jsonAttrsTop: false, jsonStringParam: true},
+ {body: multipartBody, header: http.Header{"Content-Type": []string{multipartWriter.FormDataContentType()}}},
} {
c.Logf("tr: %#v", tr)
req := tr.Request()
'ciso8601 >=2.0.0',
'future',
'google-api-core <2.11.0', # 2.11.0rc1 is incompatible with google-auth<2
- 'google-api-python-client >=1.6.2, <2',
+ 'google-api-python-client >=2.1.0',
'google-auth<2',
'httplib2 >=0.9.2, <0.20.2',
'pycurl >=7.19.5.1, <7.45.0',
--- /dev/null
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: AGPL-3.0
+
+class BigintId < ActiveRecord::Migration[5.2]
+ disable_ddl_transaction!
+ def up
+ change_column :api_client_authorizations, :id, :bigint
+ change_column :api_client_authorizations, :api_client_id, :bigint
+ change_column :api_client_authorizations, :user_id, :bigint
+ change_column :api_clients, :id, :bigint
+ change_column :authorized_keys, :id, :bigint
+ change_column :collections, :id, :bigint
+ change_column :container_requests, :id, :bigint
+ change_column :containers, :id, :bigint
+ change_column :groups, :id, :bigint
+ change_column :humans, :id, :bigint
+ change_column :job_tasks, :id, :bigint
+ change_column :jobs, :id, :bigint
+ change_column :keep_disks, :id, :bigint
+ change_column :keep_services, :id, :bigint
+ change_column :links, :id, :bigint
+ change_column :logs, :id, :bigint
+ change_column :nodes, :id, :bigint
+ change_column :users, :id, :bigint
+ change_column :pipeline_instances, :id, :bigint
+ change_column :pipeline_templates, :id, :bigint
+ change_column :repositories, :id, :bigint
+ change_column :specimens, :id, :bigint
+ change_column :traits, :id, :bigint
+ change_column :virtual_machines, :id, :bigint
+ change_column :workflows, :id, :bigint
+ end
+
+ def down
+ end
+end
--
CREATE TABLE public.api_client_authorizations (
- id integer NOT NULL,
+ id bigint NOT NULL,
api_token character varying(255) NOT NULL,
- api_client_id integer NOT NULL,
- user_id integer NOT NULL,
+ api_client_id bigint NOT NULL,
+ user_id bigint NOT NULL,
created_by_ip_address character varying(255),
last_used_by_ip_address character varying(255),
last_used_at timestamp without time zone,
--
CREATE TABLE public.api_clients (
- id integer NOT NULL,
+ id bigint NOT NULL,
uuid character varying(255),
owner_uuid character varying(255),
modified_by_client_uuid character varying(255),
--
CREATE TABLE public.authorized_keys (
- id integer NOT NULL,
+ id bigint NOT NULL,
uuid character varying(255) NOT NULL,
owner_uuid character varying(255) NOT NULL,
modified_by_client_uuid character varying(255),
--
CREATE TABLE public.collections (
- id integer NOT NULL,
+ id bigint NOT NULL,
owner_uuid character varying(255),
created_at timestamp without time zone NOT NULL,
modified_by_client_uuid character varying(255),
--
CREATE TABLE public.container_requests (
- id integer NOT NULL,
+ id bigint NOT NULL,
uuid character varying(255),
owner_uuid character varying(255),
created_at timestamp without time zone NOT NULL,
--
CREATE TABLE public.containers (
- id integer NOT NULL,
+ id bigint NOT NULL,
uuid character varying(255),
owner_uuid character varying(255),
created_at timestamp without time zone NOT NULL,
--
CREATE TABLE public.groups (
- id integer NOT NULL,
+ id bigint NOT NULL,
uuid character varying(255),
owner_uuid character varying(255),
created_at timestamp without time zone NOT NULL,
--
CREATE TABLE public.humans (
- id integer NOT NULL,
+ id bigint NOT NULL,
uuid character varying(255) NOT NULL,
owner_uuid character varying(255) NOT NULL,
modified_by_client_uuid character varying(255),
--
CREATE TABLE public.job_tasks (
- id integer NOT NULL,
+ id bigint NOT NULL,
uuid character varying(255),
owner_uuid character varying(255),
modified_by_client_uuid character varying(255),
--
CREATE TABLE public.jobs (
- id integer NOT NULL,
+ id bigint NOT NULL,
uuid character varying(255),
owner_uuid character varying(255),
modified_by_client_uuid character varying(255),
--
CREATE TABLE public.keep_disks (
- id integer NOT NULL,
+ id bigint NOT NULL,
uuid character varying(255) NOT NULL,
owner_uuid character varying(255) NOT NULL,
modified_by_client_uuid character varying(255),
--
CREATE TABLE public.keep_services (
- id integer NOT NULL,
+ id bigint NOT NULL,
uuid character varying(255) NOT NULL,
owner_uuid character varying(255) NOT NULL,
modified_by_client_uuid character varying(255),
--
CREATE TABLE public.links (
- id integer NOT NULL,
+ id bigint NOT NULL,
uuid character varying(255),
owner_uuid character varying(255),
created_at timestamp without time zone NOT NULL,
--
CREATE TABLE public.logs (
- id integer NOT NULL,
+ id bigint NOT NULL,
uuid character varying(255),
owner_uuid character varying(255),
modified_by_client_uuid character varying(255),
--
CREATE TABLE public.nodes (
- id integer NOT NULL,
+ id bigint NOT NULL,
uuid character varying(255),
owner_uuid character varying(255),
created_at timestamp without time zone NOT NULL,
--
CREATE TABLE public.users (
- id integer NOT NULL,
+ id bigint NOT NULL,
uuid character varying(255),
owner_uuid character varying(255) NOT NULL,
created_at timestamp without time zone NOT NULL,
--
CREATE TABLE public.pipeline_instances (
- id integer NOT NULL,
+ id bigint NOT NULL,
uuid character varying(255),
owner_uuid character varying(255),
created_at timestamp without time zone NOT NULL,
--
CREATE TABLE public.pipeline_templates (
- id integer NOT NULL,
+ id bigint NOT NULL,
uuid character varying(255),
owner_uuid character varying(255),
created_at timestamp without time zone NOT NULL,
--
CREATE TABLE public.repositories (
- id integer NOT NULL,
+ id bigint NOT NULL,
uuid character varying(255) NOT NULL,
owner_uuid character varying(255) NOT NULL,
modified_by_client_uuid character varying(255),
--
CREATE TABLE public.specimens (
- id integer NOT NULL,
+ id bigint NOT NULL,
uuid character varying(255),
owner_uuid character varying(255),
created_at timestamp without time zone NOT NULL,
--
CREATE TABLE public.traits (
- id integer NOT NULL,
+ id bigint NOT NULL,
uuid character varying(255) NOT NULL,
owner_uuid character varying(255) NOT NULL,
modified_by_client_uuid character varying(255),
--
CREATE TABLE public.virtual_machines (
- id integer NOT NULL,
+ id bigint NOT NULL,
uuid character varying(255) NOT NULL,
owner_uuid character varying(255) NOT NULL,
modified_by_client_uuid character varying(255),
--
CREATE TABLE public.workflows (
- id integer NOT NULL,
+ id bigint NOT NULL,
uuid character varying(255),
owner_uuid character varying(255),
created_at timestamp without time zone NOT NULL,
('20220401153101'),
('20220505112900'),
('20220726034131'),
-('20220804133317');
+('20220804133317'),
+('20221230155924');
+
assert_nil user.identity_url
end
+ test "id overflows int32" do
+ uuid = users(:active).uuid
+ ActiveRecord::Base.connection.execute "update users set id=333222111000 where uuid='#{uuid}'"
+ u = User.find_by_uuid(uuid)
+ assert_equal 333222111000, u.id
+ end
end