### SERVER
server:
config:
+ # Needed for RVM, harmless otherwise. Cf. https://dev.arvados.org/issues/19015
+ env: GEM_HOME
# As we now differentiate where passenger is required or not, we need to
# load this module conditionally, so we add this conditional just to use
# the same pillar file
--- /dev/null
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: Apache-2.0
+
+{%- if grains.os_family in ('RedHat',) %}
+ {%- set group = 'nginx' %}
+{%- else %}
+ {%- set group = 'www-data' %}
+{%- endif %}
+
+# Make sure that /var/www/.passenger exists with the proper ownership
+# so that passenger can build passenger_native_support.so
+extra_var_www_passenger:
+ file.directory:
+ - name: /var/www/.passenger
+ - user: {{ group }}
+ - group: {{ group }}
+ - mode: '0755'
+ - makedirs: True
+
+{%- if grains.osfinger in ('CentOS Linux-7', 'Ubuntu-18.04', 'Debian-10') %}
+# Work around passenger issue when RVM is in use, cf
+# https://dev.arvados.org/issues/19015
+extra_nginx_set_gem_home:
+ file.managed:
+ - name: /etc/systemd/system/nginx.service.d/override.conf
+ - mode: '0644'
+ - user: root
+ - group: root
+ - makedirs: True
+ - replace: False
+ - contents: |
+ [Service]
+ ExecStart=
+ ExecStart=/bin/bash -a -c "GEM_HOME=`[ -x /usr/local/rvm/bin/rvm-exec ] && /usr/local/rvm/bin/rvm-exec default env |grep GEM_HOME=|cut -f2 -d= || true` && /usr/sbin/nginx -g 'daemon on; master_process on;'"
+ cmd.run:
+ - name: systemctl daemon-reload
+ - require:
+ - file: extra_nginx_set_gem_home
+ - file: extra_var_www_passenger
+ - onchanges:
+ - file: extra_nginx_set_gem_home
+{%- endif -%}
### SERVER
server:
config:
+ # Needed for RVM, harmless otherwise. Cf. https://dev.arvados.org/issues/19015
+ env: GEM_HOME
# As we now differentiate where passenger is required or not, we need to
# load this module conditionally, so we add this conditional just to use
# the same pillar file
--- /dev/null
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: Apache-2.0
+
+{%- if grains.os_family in ('RedHat',) %}
+ {%- set group = 'nginx' %}
+{%- else %}
+ {%- set group = 'www-data' %}
+{%- endif %}
+
+# Make sure that /var/www/.passenger exists with the proper ownership
+# so that passenger can build passenger_native_support.so
+extra_var_www_passenger:
+ file.directory:
+ - name: /var/www/.passenger
+ - user: {{ group }}
+ - group: {{ group }}
+ - mode: '0755'
+ - makedirs: True
+
+{%- if grains.osfinger in ('CentOS Linux-7', 'Ubuntu-18.04', 'Debian-10') %}
+# Work around passenger issue when RVM is in use, cf
+# https://dev.arvados.org/issues/19015
+extra_nginx_set_gem_home:
+ file.managed:
+ - name: /etc/systemd/system/nginx.service.d/override.conf
+ - mode: '0644'
+ - user: root
+ - group: root
+ - makedirs: True
+ - replace: False
+ - contents: |
+ [Service]
+ ExecStart=
+ ExecStart=/bin/bash -a -c "GEM_HOME=`[ -x /usr/local/rvm/bin/rvm-exec ] && /usr/local/rvm/bin/rvm-exec default env |grep GEM_HOME=|cut -f2 -d= || true` && /usr/sbin/nginx -g 'daemon on; master_process on;'"
+ cmd.run:
+ - name: systemctl daemon-reload
+ - require:
+ - file: extra_nginx_set_gem_home
+ - file: extra_var_www_passenger
+ - onchanges:
+ - file: extra_nginx_set_gem_home
+{%- endif -%}
### SERVER
server:
config:
+ # Needed for RVM, harmless otherwise. Cf. https://dev.arvados.org/issues/19015
+ env: GEM_HOME
# As we now differentiate where passenger is required or not, we need to
# load this module conditionally, so we add this conditional just to use
# the same pillar file
--- /dev/null
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: Apache-2.0
+
+{%- if grains.os_family in ('RedHat',) %}
+ {%- set group = 'nginx' %}
+{%- else %}
+ {%- set group = 'www-data' %}
+{%- endif %}
+
+# Make sure that /var/www/.passenger exists with the proper ownership
+# so that passenger can build passenger_native_support.so
+extra_var_www_passenger:
+ file.directory:
+ - name: /var/www/.passenger
+ - user: {{ group }}
+ - group: {{ group }}
+ - mode: '0755'
+ - makedirs: True
+
+{%- if grains.osfinger in ('CentOS Linux-7', 'Ubuntu-18.04', 'Debian-10') %}
+# Work around passenger issue when RVM is in use, cf
+# https://dev.arvados.org/issues/19015
+extra_nginx_set_gem_home:
+ file.managed:
+ - name: /etc/systemd/system/nginx.service.d/override.conf
+ - mode: '0644'
+ - user: root
+ - group: root
+ - makedirs: True
+ - replace: False
+ - contents: |
+ [Service]
+ ExecStart=
+ ExecStart=/bin/bash -a -c "GEM_HOME=`[ -x /usr/local/rvm/bin/rvm-exec ] && /usr/local/rvm/bin/rvm-exec default env |grep GEM_HOME=|cut -f2 -d= || true` && /usr/sbin/nginx -g 'daemon on; master_process on;'"
+ cmd.run:
+ - name: systemctl daemon-reload
+ - require:
+ - file: extra_nginx_set_gem_home
+ - file: extra_var_www_passenger
+ - onchanges:
+ - file: extra_nginx_set_gem_home
+{%- endif -%}
# Make sure that the value configured as IP_INT is a real IP on the system.
# If we don't error out early here when there is a mismatch, the formula will
# fail with hard to interpret nginx errors later on.
- ip addr list |grep -q "${IP_INT}/"
+ ip addr list |grep "${IP_INT}/" >/dev/null
if [[ $? -ne 0 ]]; then
echo "Unable to find the IP_INT address '${IP_INT}' on the system, please correct the value in local.params. Exiting..."
exit 1
yum install -y curl git jq
;;
"debian"|"ubuntu")
- DEBIAN_FRONTEND=noninteractive apt update
+ # Wait 2 minutes for any apt locks to clear
+ # This option is supported from apt 1.9.1 and ignored in older apt versions.
+ # Cf. https://blog.sinjakli.co.uk/2021/10/25/waiting-for-apt-locks-without-the-hacky-bash-scripts/
+ DEBIAN_FRONTEND=noninteractive apt -o DPkg::Lock::Timeout=120 update
DEBIAN_FRONTEND=noninteractive apt install -y curl git jq
;;
esac
echo " - arvados" >> ${S_DIR}/top.sls
echo " - extra.shell_sudo_passwordless" >> ${S_DIR}/top.sls
echo " - extra.shell_cron_add_login_sync" >> ${S_DIR}/top.sls
+ echo " - extra.passenger_rvm" >> ${S_DIR}/top.sls
# Pillars
echo " - docker" >> ${P_DIR}/top.sls
else
echo " - nginx.passenger" >> ${S_DIR}/top.sls
fi
+ echo " - extra.passenger_rvm" >> ${S_DIR}/top.sls
### If we don't install and run LE before arvados-api-server, it fails and breaks everything
### after it. So we add this here as we are, after all, sharing the host for api and controller
if [ "${SSL_MODE}" = "lets-encrypt" ]; then