### TOKENS
tokens:
- system_root: changemesystemroottoken
- management: changememanagementtoken
- rails_secret: changemerailssecrettoken
- anonymous_user: changemeanonymoususertoken
+ system_root: __SYSTEM_ROOT_TOKEN__
+ management: __MANAGEMENT_TOKEN__
+ rails_secret: __RAILS_SECRET_TOKEN__
+ anonymous_user: __ANONYMOUS_USER_TOKEN__
### KEYS
secrets:
- blob_signing_key: changemeblobsigningkey
- workbench_secret_key: changemeworkbenchsecretkey
- dispatcher_access_key: changemedispatcheraccesskey
- dispatcher_secret_key: changeme_dispatchersecretkey
- keep_access_key: changemekeepaccesskey
- keep_secret_key: changemekeepsecretkey
+ blob_signing_key: __BLOB_SIGNING_KEY__
+ workbench_secret_key: __WORKBENCH_SECRET_KEY__
Login:
Test:
### TOKENS
tokens:
- system_root: changemesystemroottoken
- management: changememanagementtoken
- rails_secret: changemerailssecrettoken
- anonymous_user: changemeanonymoususertoken
+ system_root: __SYSTEM_ROOT_TOKEN__
+ management: __MANAGEMENT_TOKEN__
+ rails_secret: __RAILS_SECRET_TOKEN__
+ anonymous_user: __ANONYMOUS_USER_TOKEN__
### KEYS
secrets:
- blob_signing_key: changemeblobsigningkey
- workbench_secret_key: changemeworkbenchsecretkey
- dispatcher_access_key: changemedispatcheraccesskey
- dispatcher_secret_key: changeme_dispatchersecretkey
- keep_access_key: changemekeepaccesskey
- keep_secret_key: changemekeepsecretkey
+ blob_signing_key: __BLOB_SIGNING_KEY__
+ workbench_secret_key: __WORKBENCH_SECRET_KEY__
Login:
Test:
# <cluster>-nyw5e-<volume>
__CLUSTER__-nyw5e-000000000000000:
AccessViaHosts:
- 'http://__HOSTNAME__:25107':
+ 'http://__HOSTNAME_INT__:25107':
ReadOnly: false
Replication: 2
Driver: Directory
Services:
Controller:
- ExternalURL: 'https://__HOSTNAME__:__CONTROLLER_EXT_SSL_PORT__'
+ ExternalURL: 'https://__HOSTNAME_EXT__:__CONTROLLER_EXT_SSL_PORT__'
InternalURLs:
- 'http://controller.internal:8003': {}
- DispatchCloud:
- InternalURLs:
- 'http://__HOSTNAME__:9006': {}
- Keepbalance:
- InternalURLs:
- 'http://__HOSTNAME__:9005': {}
+ 'http://__HOSTNAME_INT__:8003': {}
Keepproxy:
- ExternalURL: 'https://__HOSTNAME__:__KEEP_EXT_SSL_PORT__'
+ ExternalURL: 'https://__HOSTNAME_EXT__:__KEEP_EXT_SSL_PORT__'
InternalURLs:
- 'http://keep.internal:25100': {}
+ 'http://__HOSTNAME_INT__:25100': {}
Keepstore:
InternalURLs:
- 'http://keep0.internal:25107': {}
+ 'http://__HOSTNAME_INT__:25107': {}
RailsAPI:
InternalURLs:
- 'http://api.internal:8004': {}
+ 'http://__HOSTNAME_INT__:8004': {}
WebDAV:
- ExternalURL: 'https://__HOSTNAME__:__KEEPWEB_EXT_SSL_PORT__'
+ ExternalURL: 'https://__HOSTNAME_EXT__:__KEEPWEB_EXT_SSL_PORT__'
InternalURLs:
- 'http://collections.internal:9002': {}
+ 'http://__HOSTNAME_INT__:9003': {}
WebDAVDownload:
- ExternalURL: 'https://__HOSTNAME__:__KEEPWEB_EXT_SSL_PORT__'
+ ExternalURL: 'https://__HOSTNAME_EXT__:__KEEPWEB_EXT_SSL_PORT__'
WebShell:
- ExternalURL: 'https://__HOSTNAME__:__WEBSHELL_EXT_SSL_PORT__'
+ ExternalURL: 'https://__HOSTNAME_EXT__:__WEBSHELL_EXT_SSL_PORT__'
Websocket:
- ExternalURL: 'wss://__HOSTNAME__:__WEBSOCKET_EXT_SSL_PORT__/websocket'
+ ExternalURL: 'wss://__HOSTNAME_EXT__:__WEBSOCKET_EXT_SSL_PORT__/websocket'
InternalURLs:
- 'http://ws.internal:8005': {}
+ 'http://__HOSTNAME_INT__:8005': {}
Workbench1:
- ExternalURL: 'https://__HOSTNAME__:__WORKBENCH1_EXT_SSL_PORT__'
+ ExternalURL: 'https://__HOSTNAME_EXT__:__WORKBENCH1_EXT_SSL_PORT__'
Workbench2:
- ExternalURL: 'https://__HOSTNAME__:__WORKBENCH2_EXT_SSL_PORT__'
+ ExternalURL: 'https://__HOSTNAME_EXT__:__WORKBENCH2_EXT_SSL_PORT__'
overwrite: true
config:
- server:
- - listen: 'api.internal:8004'
+ - listen: '__HOSTNAME_INT__:8004'
- server_name: api
- root: /var/www/arvados-api/current/public
- index: index.html index.htm
default: 1
'127.0.0.0/8': 0
upstream controller_upstream:
- - server: 'controller.internal:8003 fail_timeout=10s'
+ - server: '__HOSTNAME_INT__:8003 fail_timeout=10s'
### SITES
servers:
overwrite: true
config:
- server:
- - server_name: __HOSTNAME__
+ - server_name: _
- listen:
- - 80 default
+ - 80 default_server
- location /.well-known:
- root: /var/www
- location /:
overwrite: true
config:
- server:
- - server_name: __HOSTNAME__
+ - server_name: __HOSTNAME_EXT__
- listen:
- - __CONTROLLER_EXT_SSL_PORT__ http2 ssl
+ - __CONTROLLER_EXT_SSL_PORT__ http2 ssl default_server
- index: index.html index.htm
- location /:
- proxy_pass: 'http://controller_upstream'
### STREAMS
http:
upstream keepproxy_upstream:
- - server: 'keep.internal:25100 fail_timeout=10s'
+ - server: '__HOSTNAME_INT__:25100 fail_timeout=10s'
servers:
managed:
- ### DEFAULT
- arvados_keepproxy_default:
- enabled: true
- overwrite: true
- config:
- - server:
- - server_name: __HOSTNAME__
- - listen:
- - __KEEP_EXT_SSL_PORT__
- - location /.well-known:
- - root: /var/www
- - location /:
- - return: '301 https://$host$request_uri'
-
arvados_keepproxy_ssl:
enabled: true
overwrite: true
config:
- server:
- - server_name: __HOSTNAME__
+ - server_name: __HOSTNAME_EXT__
- listen:
- __KEEP_EXT_SSL_PORT__ http2 ssl
- index: index.html index.htm
### STREAMS
http:
upstream collections_downloads_upstream:
- - server: 'collections.internal:9002 fail_timeout=10s'
+ - server: '__HOSTNAME_INT__:9003 fail_timeout=10s'
servers:
managed:
- ### COLLECTIONS / DOWNLOAD
- arvados_collections_download_default:
- enabled: true
- overwrite: true
- config:
- - server:
- - server_name: __HOSTNAME__
- - listen:
- - __KEEPWEB_EXT_SSL_PORT__
- - location /.well-known:
- - root: /var/www
- - location /:
- - return: '301 https://$host$request_uri'
-
### COLLECTIONS / DOWNLOAD
arvados_collections_download_ssl:
enabled: true
overwrite: true
config:
- server:
- - server_name: __HOSTNAME__
+ - server_name: __HOSTNAME_EXT__
- listen:
- __KEEPWEB_EXT_SSL_PORT__ http2 ssl
- index: index.html index.htm
### STREAMS
http:
upstream webshell_upstream:
- - server: 'shell.internal:4200 fail_timeout=10s'
+ - server: '__HOSTNAME_INT__:4200 fail_timeout=10s'
### SITES
servers:
managed:
- arvados_webshell_default:
- enabled: true
- overwrite: true
- config:
- - server:
- - server_name: __HOSTNAME__
- - listen:
- - __WEBSHELL_EXT_SSL_PORT__
- - location /.well-known:
- - root: /var/www
- - location /:
- - return: '301 https://$host$request_uri'
-
arvados_webshell_ssl:
enabled: true
overwrite: true
config:
- server:
- - server_name: __HOSTNAME__
+ - server_name: __HOSTNAME__EXT__
- listen:
- __WEBSHELL_EXT_SSL_PORT__ http2 ssl
- index: index.html index.htm
### STREAMS
http:
upstream websocket_upstream:
- - server: 'ws.internal:8005 fail_timeout=10s'
+ - server: '__HOSTNAME_INT__:8005 fail_timeout=10s'
servers:
managed:
- ### DEFAULT
- arvados_websocket_default:
- enabled: true
- overwrite: true
- config:
- - server:
- - server_name: __HOSTNAME__
- - listen:
- - __WEBSOCKET_EXT_SSL_PORT__
- - location /.well-known:
- - root: /var/www
- - location /:
- - return: '301 https://$host$request_uri'
-
arvados_websocket_ssl:
enabled: true
overwrite: true
config:
- server:
- - server_name: __HOSTNAME__
+ - server_name: __HOSTNAME_EXT__
- listen:
- __WEBSOCKET_EXT_SSL_PORT__ http2 ssl
- index: index.html index.htm
### SITES
servers:
managed:
- ### DEFAULT
- arvados_workbench2_default:
- enabled: true
- overwrite: true
- config:
- - server:
- - server_name: __HOSTNAME__
- - listen:
- - __WORKBENCH2_EXT_SSL_PORT__
- - location /.well-known:
- - root: /var/www
- - location /:
- - return: '301 https://$host$request_uri'
-
arvados_workbench2_ssl:
enabled: true
overwrite: true
config:
- server:
- - server_name: workbench2.__HOSTNAME__
+ - server_name: __HOSTNAME_EXT__
- listen:
- __WORKBENCH2_EXT_SSL_PORT__ http2 ssl
- index: index.html index.htm
### STREAMS
http:
upstream workbench_upstream:
- - server: 'workbench.internal:9000 fail_timeout=10s'
+ - server: '__HOSTNAME_INT__:9000 fail_timeout=10s'
### SITES
servers:
managed:
- ### DEFAULT
- arvados_workbench_default:
- enabled: true
- overwrite: true
- config:
- - server:
- - server_name: __HOSTNAME__
- - listen:
- - __WORKBENCH_EXT_SSL_PORT__
- - location /.well-known:
- - root: /var/www
- - location /:
- - return: '301 https://$host$request_uri'
-
arvados_workbench_ssl:
enabled: true
overwrite: true
config:
- server:
- - server_name: workbench.__HOSTNAME__
+ - server_name: __HOSTNAME_EXT__
- listen:
- __WORKBENCH1_EXT_SSL_PORT__ http2 ssl
- index: index.html index.htm
overwrite: true
config:
- server:
- - listen: 'workbench.internal:9000'
+ - listen: '__HOSTNAME_INT__:9000'
- server_name: workbench
- root: /var/www/arvados-workbench/current/public
- index: index.html index.htm
--- /dev/null
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: AGPL-3.0
+
+{%- set curr_tpldir = tpldir %}
+{%- set tpldir = 'arvados' %}
+{%- from "arvados/map.jinja" import arvados with context %}
+{%- set tpldir = curr_tpldir %}
+
+arvados_test_salt_states_examples_single_host_etc_hosts_host_present:
+ host.present:
+ - ip: 127.0.0.2
+ - names:
+ - {{ arvados.cluster.name }}.{{ arvados.cluster.domain }}
+ # FIXME! This just works for our testings.
+ # Won't work if the cluster name != host name
+ {%- for entry in [
+ 'api',
+ 'collections',
+ 'controller',
+ 'download',
+ 'keep',
+ 'keepweb',
+ 'keep0',
+ 'shell',
+ 'workbench',
+ 'workbench2',
+ 'ws',
+ ]
+ %}
+ - {{ entry }}
+ {%- endfor %}
--- /dev/null
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: AGPL-3.0
+
+{%- set curr_tpldir = tpldir %}
+{%- set tpldir = 'arvados' %}
+{%- from "arvados/map.jinja" import arvados with context %}
+{%- set tpldir = curr_tpldir %}
+
+include:
+ - nginx.service
+
+{%- set arvados_ca_cert_file = '/etc/ssl/certs/arvados-snakeoil-ca.pem' %}
+{%- set arvados_ca_key_file = '/etc/ssl/private/arvados-snakeoil-ca.key' %}
+{%- set arvados_cert_file = '/etc/ssl/certs/arvados-snakeoil-cert.pem' %}
+{%- set arvados_csr_file = '/etc/ssl/private/arvados-snakeoil-cert.csr' %}
+{%- set arvados_key_file = '/etc/ssl/private/arvados-snakeoil-cert.key' %}
+
+{%- if grains.get('os_family') == 'Debian' %}
+ {%- set arvados_ca_cert_dest = '/usr/local/share/ca-certificates/arvados-snakeoil-ca.crt' %}
+ {%- set update_ca_cert = '/usr/sbin/update-ca-certificates' %}
+ {%- set openssl_conf = '/etc/ssl/openssl.cnf' %}
+{%- else %}
+ {%- set arvados_ca_cert_dest = '/etc/pki/ca-trust/source/anchors/arvados-snakeoil-ca.pem' %}
+ {%- set update_ca_cert = '/usr/bin/update-ca-trust' %}
+ {%- set openssl_conf = '/etc/pki/tls/openssl.cnf' %}
+{%- endif %}
+
+arvados_test_salt_states_examples_single_host_snakeoil_certs_dependencies_pkg_installed:
+ pkg.installed:
+ - pkgs:
+ - openssl
+ - ca-certificates
+
+arvados_test_salt_states_examples_single_host_snakeoil_certs_arvados_snake_oil_ca_cmd_run:
+ # Taken from https://github.com/arvados/arvados/blob/master/tools/arvbox/lib/arvbox/docker/service/certificate/run
+ cmd.run:
+ - name: |
+ # These dirs are not to CentOS-ish, but this is a helper script
+ # and they should be enough
+ mkdir -p /etc/ssl/certs/ /etc/ssl/private/ && \
+ openssl req \
+ -new \
+ -nodes \
+ -sha256 \
+ -x509 \
+ -subj "/C=CC/ST=Some State/O=Arvados Formula/OU=arvados-formula/CN=snakeoil-ca-{{ arvados.cluster.name }}.{{ arvados.cluster.domain }}" \
+ -extensions x509_ext \
+ -config <(cat {{ openssl_conf }} \
+ <(printf "\n[x509_ext]\nbasicConstraints=critical,CA:true,pathlen:0\nkeyUsage=critical,keyCertSign,cRLSign")) \
+ -out {{ arvados_ca_cert_file }} \
+ -keyout {{ arvados_ca_key_file }} \
+ -days 365 && \
+ cp {{ arvados_ca_cert_file }} {{ arvados_ca_cert_dest }} && \
+ {{ update_ca_cert }}
+ - unless:
+ - test -f {{ arvados_ca_cert_file }}
+ - openssl verify -CAfile {{ arvados_ca_cert_file }} {{ arvados_ca_cert_file }}
+ - require:
+ - pkg: arvados_test_salt_states_examples_single_host_snakeoil_certs_dependencies_pkg_installed
+
+arvados_test_salt_states_examples_single_host_snakeoil_certs_arvados_snake_oil_cert_cmd_run:
+ cmd.run:
+ - name: |
+ cat > /tmp/openssl.cnf <<-CNF
+ [req]
+ default_bits = 2048
+ prompt = no
+ default_md = sha256
+ req_extensions = rext
+ distinguished_name = dn
+ [dn]
+ C = CC
+ ST = Some State
+ L = Some Location
+ O = Arvados Formula
+ OU = arvados-formula
+ CN = {{ arvados.cluster.name }}.{{ arvados.cluster.domain }}
+ emailAddress = admin@{{ arvados.cluster.name }}.{{ arvados.cluster.domain }}
+ [rext]
+ subjectAltName = @alt_names
+ [alt_names]
+ {%- for entry in grains.get('ipv4') %}
+ IP.{{ loop.index }} = {{ entry }}
+ {%- endfor %}
+ {%- for entry in [
+ 'keep',
+ 'collections',
+ 'download',
+ 'keepweb',
+ 'ws',
+ 'workbench',
+ 'workbench2',
+ ]
+ %}
+ DNS.{{ loop.index }} = {{ entry }}
+ {%- endfor %}
+ DNS.8 = {{ arvados.cluster.name }}.{{ arvados.cluster.domain }}
+ DNS.9 = '__HOSTNAME_EXT__'
+ DNS.10 = '__HOSTNAME_INT__'
+ CNF
+
+ # The req
+ openssl req \
+ -config /tmp/openssl.cnf \
+ -new \
+ -nodes \
+ -sha256 \
+ -out {{ arvados_csr_file }} \
+ -keyout {{ arvados_key_file }} > /tmp/snake_oil_certs.output 2>&1 && \
+ # The cert
+ openssl x509 \
+ -req \
+ -days 365 \
+ -in {{ arvados_csr_file }} \
+ -out {{ arvados_cert_file }} \
+ -extfile /tmp/openssl.cnf \
+ -extensions rext \
+ -CA {{ arvados_ca_cert_file }} \
+ -CAkey {{ arvados_ca_key_file }} \
+ -set_serial $(date +%s) && \
+ chmod 0644 {{ arvados_cert_file }} && \
+ chmod 0640 {{ arvados_key_file }}
+ - unless:
+ - test -f {{ arvados_key_file }}
+ - openssl verify -CAfile {{ arvados_ca_cert_file }} {{ arvados_cert_file }}
+ - require:
+ - pkg: arvados_test_salt_states_examples_single_host_snakeoil_certs_dependencies_pkg_installed
+ - cmd: arvados_test_salt_states_examples_single_host_snakeoil_certs_arvados_snake_oil_ca_cmd_run
+
+{%- if grains.get('os_family') == 'Debian' %}
+arvados_test_salt_states_examples_single_host_snakeoil_certs_ssl_cert_pkg_installed:
+ pkg.installed:
+ - name: ssl-cert
+ - require_in:
+ - sls: postgres
+
+arvados_test_salt_states_examples_single_host_snakeoil_certs_certs_permissions_cmd_run:
+ cmd.run:
+ - name: |
+ chown root:ssl-cert {{ arvados_key_file }}
+ - require:
+ - cmd: arvados_test_salt_states_examples_single_host_snakeoil_certs_arvados_snake_oil_cert_cmd_run
+ - pkg: arvados_test_salt_states_examples_single_host_snakeoil_certs_ssl_cert_pkg_installed
+{%- endif %}
+
+arvados_test_salt_states_examples_single_host_snakeoil_certs_nginx_snakeoil_file_managed:
+ file.managed:
+ - name: /etc/nginx/snippets/arvados-snakeoil.conf
+ - contents: |
+ ssl_certificate {{ arvados_cert_file }};
+ ssl_certificate_key {{ arvados_key_file }};
+ - watch_in:
+ - service: nginx_service
+
+
# When setting the cluster in a single host, you can use a single hostname
# to access all the instances. When using virtualization (ie AWS), this should be
-# the EXTERNAL hostname for the instance.
+# the EXTERNAL/PUBLIC hostname for the instance.
# If empty, the INTERNAL HOST IP will be used
-HOSTNAME=""
+HOSTNAME_EXT=""
+# The internal hostname for the host
+HOSTNAME_INT="127.0.1.1"
CONTROLLER_EXT_SSL_PORT=8000
KEEP_EXT_SSL_PORT=25101
# Both for collections and downloads
INITIAL_USER_EMAIL="admin@fixme.localdomain"
INITIAL_USER_PASSWORD="password"
+# YOU SHOULD CHANGE THESE TO SOME RANDOM STRINGS
+BLOB_SIGNING_KEY=blobsigningkeymushaveatleast32characters
+MANAGEMENT_TOKEN=managementtokenmushaveatleast32characters
+SYSTEM_ROOT_TOKEN=systemroottokenmushaveatleast32characters
+RAILS_SECRET_TOKEN=railssecrettokenmushaveatleast32characters
+ANONYMOUS_USER_TOKEN=anonymoususertokenmushaveatleast32characters
+WORKBENCH_SECRET_KEY=workbenchsecretkeymushaveatleast32characters
+
# The example config files you want to use. There are a few examples
# under 'config_examples'
CONFIG_DIR="config_examples/single_host/single_hostname"
CLUSTER=""
DOMAIN=""
-HOSTNAME=""
+HOSTNAME_EXT=""
+HOSTNAME_INT="127.0.1.1"
INITIAL_USER=""
INITIAL_USER_EMAIL=""
INITIAL_USER_PASSWORD=""
fi
if [ "x${VAGRANT}" = "xyes" ]; then
- SOURCE_PILLARS_DIR="/vagrant/${CONFIG_DIR}"
+ SOURCE_PILLARS_DIR="/vagrant/${CONFIG_DIR}/pillars"
+ SOURCE_STATES_DIR="/vagrant/${CONFIG_DIR}/states"
TESTS_DIR="/vagrant/${TESTS_DIR}"
else
- SOURCE_PILLARS_DIR="${SCRIPT_DIR}/${CONFIG_DIR}"
+ SOURCE_PILLARS_DIR="${SCRIPT_DIR}/${CONFIG_DIR}/pillars"
+ SOURCE_STATES_DIR="${SCRIPT_DIR}/${CONFIG_DIR}/states"
TESTS_DIR="${SCRIPT_DIR}/${TESTS_DIR}"
fi
-# Replace cluster and domain name in the example pillars and test files
+# Replace cluster and domain name in the example pillars
for f in "${SOURCE_PILLARS_DIR}"/*; do
sed "s/__CLUSTER__/${CLUSTER}/g;
s/__DOMAIN__/${DOMAIN}/g;
s/__CONTROLLER_EXT_SSL_PORT__/${CONTROLLER_EXT_SSL_PORT}/g;
s/__KEEP_EXT_SSL_PORT__/${KEEP_EXT_SSL_PORT}/g;
s/__WEBSHELL_EXT_SSL_PORT__/${WEBSHELL_EXT_SSL_PORT}/g;
- s/__WORKBENCH1_EXT__SSL_PORT__/${WORKBENCH1_EXT__SSL_PORT}/g;
- s/__WORKBENCH2_EXT__SSL_PORT__/${WORKBENCH2_EXT__SSL_PORT}/g;
+ s/__WORKBENCH1_EXT_SSL_PORT__/${WORKBENCH1_EXT_SSL_PORT}/g;
+ s/__WORKBENCH2_EXT_SSL_PORT__/${WORKBENCH2_EXT_SSL_PORT}/g;
s/__WEBSOCKET_EXT_SSL_PORT__/${WEBSOCKET_EXT_SSL_PORT}/g;
- s/__HOSTNAME__/${HOSTNAME}/g;
+ s/__HOSTNAME_EXT__/${HOSTNAME_EXT}/g;
+ s/__HOSTNAME_INT__/${HOSTNAME_INT}/g;
s/__KEEPWEB_EXT_SSL_PORT__/${KEEPWEB_EXT_SSL_PORT}/g;
s/__HOST_SSL_PORT__/${HOST_SSL_PORT}/g;
s/__INITIAL_USER__/${INITIAL_USER}/g;
s/__INITIAL_USER_EMAIL__/${INITIAL_USER_EMAIL}/g;
s/__INITIAL_USER_PASSWORD__/${INITIAL_USER_PASSWORD}/g;
+ s/__BLOB_SIGNING_KEY__/${BLOB_SIGNING_KEY}/g;
+ s/__MANAGEMENT_TOKEN__/${MANAGEMENT_TOKEN}/g;
+ s/__SYSTEM_ROOT_TOKEN__/${SYSTEM_ROOT_TOKEN}/g;
+ s/__RAILS_SECRET_TOKEN__/${RAILS_SECRET_TOKEN}/g;
+ s/__ANONYMOUS_USER_TOKEN__/${ANONYMOUS_USER_TOKEN}/g;
+ s/__WORKBENCH_SECRET_KEY__/${WORKBENCH_SECRET_KEY}/g;
s/__VERSION__/${VERSION}/g" \
"${f}" > "${P_DIR}"/$(basename "${f}")
done
mkdir -p /tmp/cluster_tests
-# Replace cluster and domain name in the example pillars and test files
+# Replace cluster and domain name in the test files
for f in "${TESTS_DIR}"/*; do
sed "s/__CLUSTER__/${CLUSTER}/g;
s/__DOMAIN__/${DOMAIN}/g;
+ s/__HOSTNAME_INT__/${HOSTNAME_INT}/g;
s/__HOST_SSL_PORT__/${HOST_SSL_PORT}/g;
+ s/__CONTROLLER_EXT_SSL_PORT__/${CONTROLLER_EXT_SSL_PORT}/g;
+ s/__SYSTEM_ROOT_TOKEN__/${SYSTEM_ROOT_TOKEN}/g;
s/__INITIAL_USER__/${INITIAL_USER}/g;
s/__INITIAL_USER_EMAIL__/${INITIAL_USER_EMAIL}/g;
s/__INITIAL_USER_PASSWORD__/${INITIAL_USER_PASSWORD}/g" \
done
chmod 755 /tmp/cluster_tests/run-test.sh
+# Replace helper state files that differ from the formula's examples
+for f in "${SOURCE_STATES_DIR}"/*; do
+ sed "s/__CLUSTER__/${CLUSTER}/g;
+ s/__DOMAIN__/${DOMAIN}/g;
+ s/__RELEASE__/${RELEASE}/g;
+ s/__CONTROLLER_EXT_SSL_PORT__/${CONTROLLER_EXT_SSL_PORT}/g;
+ s/__KEEP_EXT_SSL_PORT__/${KEEP_EXT_SSL_PORT}/g;
+ s/__WEBSHELL_EXT_SSL_PORT__/${WEBSHELL_EXT_SSL_PORT}/g;
+ s/__WORKBENCH1_EXT_SSL_PORT__/${WORKBENCH1_EXT_SSL_PORT}/g;
+ s/__WORKBENCH2_EXT_SSL_PORT__/${WORKBENCH2_EXT_SSL_PORT}/g;
+ s/__WEBSOCKET_EXT_SSL_PORT__/${WEBSOCKET_EXT_SSL_PORT}/g;
+ s/__HOSTNAME_EXT__/${HOSTNAME_EXT}/g;
+ s/__HOSTNAME_INT__/${HOSTNAME_INT}/g;
+ s/__KEEPWEB_EXT_SSL_PORT__/${KEEPWEB_EXT_SSL_PORT}/g;
+ s/__HOST_SSL_PORT__/${HOST_SSL_PORT}/g;
+ s/__INITIAL_USER__/${INITIAL_USER}/g;
+ s/__INITIAL_USER_EMAIL__/${INITIAL_USER_EMAIL}/g;
+ s/__INITIAL_USER_PASSWORD__/${INITIAL_USER_PASSWORD}/g;
+ s/__BLOB_SIGNING_KEY__/${BLOB_SIGNING_KEY}/g;
+ s/__MANAGEMENT_TOKEN__/${MANAGEMENT_TOKEN}/g;
+ s/__SYSTEM_ROOT_TOKEN__/${SYSTEM_ROOT_TOKEN}/g;
+ s/__RAILS_SECRET_TOKEN__/${RAILS_SECRET_TOKEN}/g;
+ s/__ANONYMOUS_USER_TOKEN__/${ANONYMOUS_USER_TOKEN}/g;
+ s/__WORKBENCH_SECRET_KEY__/${WORKBENCH_SECRET_KEY}/g;
+ s/__VERSION__/${VERSION}/g" \
+ "${f}" > "${F_DIR}"/arvados-formula/test/salt/states/examples/single_host/$(basename "${f}")
+done
+
# FIXME! #16992 Temporary fix for psql call in arvados-api-server
if [ -e /root/.psqlrc ]; then
if ! ( grep 'pset pager off' /root/.psqlrc ); then
#
# SPDX-License-Identifier: Apache-2.0
-export ARVADOS_API_TOKEN=changemesystemroottoken
-export ARVADOS_API_HOST=__CLUSTER__.__DOMAIN__:__HOST_SSL_PORT__
+export ARVADOS_API_TOKEN=__SYSTEM_ROOT_TOKEN__
+export ARVADOS_API_HOST=__HOSTNAME_INT__:__CONTROLLER_EXT_SSL_PORT__
export ARVADOS_API_HOST_INSECURE=true
set -o pipefail