16306: Fixup nginx in arvados-boot production mode.

author Tom Clegg <tom@tomclegg.ca>

Thu, 30 Jul 2020 15:30:08 +0000 (11:30 -0400)

committer Tom Clegg <tom@tomclegg.ca>

Fri, 21 Aug 2020 17:55:33 +0000 (13:55 -0400)
author Tom Clegg <tom@tomclegg.ca>
Thu, 30 Jul 2020 15:30:08 +0000 (11:30 -0400)
committer Tom Clegg <tom@tomclegg.ca>
Fri, 21 Aug 2020 17:55:33 +0000 (13:55 -0400)
diff --git a/cmd/arvados-dev/docker-boot.sh b/cmd/arvados-dev/docker-boot.sh

index 0b9874295c58af71da7fc846255c413e3f9d8e1c..7eca33e79944629ae8a20073cef71ebd86b92109 100755 (executable)
--- a/cmd/arvados-dev/docker-boot.sh
+++ b/cmd/arvados-dev/docker-boot.sh
@@ -40,11 +40,18 @@ tmpdir=$(mktemp -d)
  version=$(git describe --tag --dirty)
  
  declare -a volargs=()
-for srcdir in "$@"; do
-    echo >&2 "building $srcdir..."
-    (cd $srcdir && GOBIN=$tmpdir go install -ldflags "-X git.arvados.org/arvados.git/lib/cmd.version=${version} -X main.version=${version}")
-    cmd="$(basename "$srcdir")"
-    volargs+=(-v "$tmpdir/$cmd:/var/lib/arvados/bin/$cmd:ro")
+for inject in "$@"; do
+    case "$inject" in
+        nginx.conf)
+            volargs+=(-v "$(pwd)/sdk/python/tests/$inject:/var/lib/arvados/share/$inject:ro")
+            ;;
+        *)
+            echo >&2 "building $inject..."
+            (cd $inject && GOBIN=$tmpdir go install -ldflags "-X git.arvados.org/arvados.git/lib/cmd.version=${version} -X main.version=${version}")
+            cmd="$(basename "$inject")"
+            volargs+=(-v "$tmpdir/$cmd:/var/lib/arvados/bin/$cmd:ro")
+            ;;
+    esac
  done
  
  osbase=debian:10
diff --git a/lib/boot/nginx.go b/lib/boot/nginx.go

index c1da7d18d1bf8ed287b2b55c66b2ffa890842532..a7c09a7227913ca66ed43d8040c6e0dd1919583f 100644 (file)
--- a/lib/boot/nginx.go
+++ b/lib/boot/nginx.go
@@ -69,7 +69,13 @@ func (runNginx) Run(ctx context.Context, fail func(error), super *Supervisor) er
                 }
                 vars[cmpt.varname+"SSLPORT"] = port
         }
-       tmpl, err := ioutil.ReadFile(filepath.Join(super.SourcePath, "sdk", "python", "tests", "nginx.conf"))
+       var conftemplate string
+       if super.ClusterType == "production" {
+               conftemplate = "/var/lib/arvados/share/nginx.conf"
+       } else {
+               conftemplate = filepath.Join(super.SourcePath, "sdk", "python", "tests", "nginx.conf")
+       }
+       tmpl, err := ioutil.ReadFile(conftemplate)
         if err != nil {
                 return err
         }
diff --git a/lib/boot/supervisor.go b/lib/boot/supervisor.go

index 5f92a65692623e76b065cbc1e248ebed579d2673..51f5c8bfd29f7533ca028c563fd1bd68840cd71f 100644 (file)
--- a/lib/boot/supervisor.go
+++ b/lib/boot/supervisor.go
@@ -252,7 +252,7 @@ func (super *Supervisor) run(cfg *arvados.Config) error {
         }
         if super.ClusterType != "test" {
                 tasks = append(tasks,
-                       runServiceCommand{name: "dispatch-cloud", svc: super.cluster.Services.Controller},
+                       runServiceCommand{name: "dispatch-cloud", svc: super.cluster.Services.DispatchCloud},
                         runGoProgram{src: "services/keep-balance", svc: super.cluster.Services.Keepbalance},
                 )
         }
diff --git a/lib/install/deps.go b/lib/install/deps.go

index 3f19aa1a82e0df51f3d1a0194a03a0b5eba371df..c5596d1046996eead661a4e20898138ebc082096 100644 (file)
--- a/lib/install/deps.go
+++ b/lib/install/deps.go
@@ -486,6 +486,15 @@ rm ${zip}
                                 return 1
                         }
                 }
+
+               // Copy assets from source tree to /var/lib/arvados/share
+               cmd := exec.Command("install", "-v", "-t", "/var/lib/arvados/share", filepath.Join(inst.SourcePath, "sdk/python/tests/nginx.conf"))
+               cmd.Stdout = stdout
+               cmd.Stderr = stderr
+               err = cmd.Run()
+               if err != nil {
+                       return 1
+               }
         }
  
         return 0
diff --git a/lib/install/init.go b/lib/install/init.go

index 6d4f197576bc6013d8428f15d5aa1886b325c4a9..ca8d4da9244181a7d81dfc196f3a91120663e04f 100644 (file)
--- a/lib/install/init.go
+++ b/lib/install/init.go
@@ -170,6 +170,8 @@ func (initcmd *initCommand) RunCommand(prog string, args []string, stdin io.Read
          user: arvados
          password: {{printf "%q" .PostgreSQLPassword}}
      SystemRootToken: {{printf "%q" ( .RandomHex 50 )}}
+    TLS:
+      Insecure: true
      Volumes:
        {{.ClusterID}}-nyw5e-000000000000000:
          Driver: Directory
diff --git a/sdk/python/tests/nginx.conf b/sdk/python/tests/nginx.conf

index 85b4f5b37bc619b3da2076c130b2494d9f977956..cdca68dd6738e77ab65b6b0feb051708c1c939ba 100644 (file)
--- a/sdk/python/tests/nginx.conf
+++ b/sdk/python/tests/nginx.conf
@@ -16,12 +16,28 @@ http {
    fastcgi_temp_path "{{TMPDIR}}";
    uwsgi_temp_path "{{TMPDIR}}";
    scgi_temp_path "{{TMPDIR}}";
+  upstream controller {
+    server {{LISTENHOST}}:{{CONTROLLERPORT}};
+  }
+  server {
+    listen {{LISTENHOST}}:{{CONTROLLERSSLPORT}} ssl;
+    server_name controller ~.*;
+    ssl_certificate "{{SSLCERT}}";
+    ssl_certificate_key "{{SSLKEY}}";
+    location  / {
+      proxy_pass http://controller;
+      proxy_set_header Host $http_host;
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto https;
+      proxy_redirect off;
+    }
+  }
    upstream arv-git-http {
      server {{LISTENHOST}}:{{GITPORT}};
    }
    server {
-    listen {{LISTENHOST}}:{{GITSSLPORT}} ssl default_server;
-    server_name arv-git-http;
+    listen {{LISTENHOST}}:{{GITSSLPORT}} ssl;
+    server_name arv-git-http git.*;
      ssl_certificate "{{SSLCERT}}";
      ssl_certificate_key "{{SSLKEY}}";
      location  / {
@@ -36,8 +52,8 @@ http {
      server {{LISTENHOST}}:{{KEEPPROXYPORT}};
    }
    server {
-    listen {{LISTENHOST}}:{{KEEPPROXYSSLPORT}} ssl default_server;
-    server_name keepproxy;
+    listen {{LISTENHOST}}:{{KEEPPROXYSSLPORT}} ssl;
+    server_name keepproxy keep.*;
      ssl_certificate "{{SSLCERT}}";
      ssl_certificate_key "{{SSLKEY}}";
      location  / {
@@ -55,8 +71,8 @@ http {
      server {{LISTENHOST}}:{{KEEPWEBPORT}};
    }
    server {
-    listen {{LISTENHOST}}:{{KEEPWEBSSLPORT}} ssl default_server;
-    server_name keep-web;
+    listen {{LISTENHOST}}:{{KEEPWEBSSLPORT}} ssl;
+    server_name keep-web collections.* ~\.collections\.;
      ssl_certificate "{{SSLCERT}}";
      ssl_certificate_key "{{SSLKEY}}";
      location  / {
@@ -75,8 +91,8 @@ http {
      server {{LISTENHOST}}:{{HEALTHPORT}};
    }
    server {
-    listen {{LISTENHOST}}:{{HEALTHSSLPORT}} ssl default_server;
-    server_name health;
+    listen {{LISTENHOST}}:{{HEALTHSSLPORT}} ssl;
+    server_name health health.*;
      ssl_certificate "{{SSLCERT}}";
      ssl_certificate_key "{{SSLKEY}}";
      location  / {
@@ -91,8 +107,8 @@ http {
      }
    }
    server {
-    listen {{LISTENHOST}}:{{KEEPWEBDLSSLPORT}} ssl default_server;
-    server_name keep-web-dl ~.*;
+    listen {{LISTENHOST}}:{{KEEPWEBDLSSLPORT}} ssl;
+    server_name keep-web-dl download.* ~.*;
      ssl_certificate "{{SSLCERT}}";
      ssl_certificate_key "{{SSLKEY}}";
      location  / {
@@ -111,8 +127,8 @@ http {
      server {{LISTENHOST}}:{{WSPORT}};
    }
    server {
-    listen {{LISTENHOST}}:{{WSSSLPORT}} ssl default_server;
-    server_name websocket;
+    listen {{LISTENHOST}}:{{WSSSLPORT}} ssl;
+    server_name websocket ws.*;
      ssl_certificate "{{SSLCERT}}";
      ssl_certificate_key "{{SSLKEY}}";
      location  / {
@@ -129,8 +145,8 @@ http {
      server {{LISTENHOST}}:{{WORKBENCH1PORT}};
    }
    server {
-    listen {{LISTENHOST}}:{{WORKBENCH1SSLPORT}} ssl default_server;
-    server_name workbench1;
+    listen {{LISTENHOST}}:{{WORKBENCH1SSLPORT}} ssl;
+    server_name workbench1 workbench.*;
      ssl_certificate "{{SSLCERT}}";
      ssl_certificate_key "{{SSLKEY}}";
      location  / {
@@ -141,20 +157,4 @@ http {
        proxy_redirect off;
      }
    }
-  upstream controller {
-    server {{LISTENHOST}}:{{CONTROLLERPORT}};
-  }
-  server {
-    listen {{LISTENHOST}}:{{CONTROLLERSSLPORT}} ssl default_server;
-    server_name controller;
-    ssl_certificate "{{SSLCERT}}";
-    ssl_certificate_key "{{SSLKEY}}";
-    location  / {
-      proxy_pass http://controller;
-      proxy_set_header Host $http_host;
-      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-      proxy_set_header X-Forwarded-Proto https;
-      proxy_redirect off;
-    }
-  }
  }
author	Tom Clegg <tom@tomclegg.ca>
	Thu, 30 Jul 2020 15:30:08 +0000 (11:30 -0400)
committer	Tom Clegg <tom@tomclegg.ca>
	Fri, 21 Aug 2020 17:55:33 +0000 (13:55 -0400)
cmd/arvados-dev/docker-boot.sh		patch \| blob \| history
lib/boot/nginx.go		patch \| blob \| history
lib/boot/supervisor.go		patch \| blob \| history
lib/install/deps.go		patch \| blob \| history
lib/install/init.go		patch \| blob \| history
sdk/python/tests/nginx.conf		patch \| blob \| history