Brett Smith [Sat, 1 Aug 2015 19:03:15 +0000 (15:03 -0400)]
6591: Improve install docs around $external_client variable.
Our Nginx configuration uses this variable to automatically set
X-External-Client: 1 in API request headers when clients don't have
direct access to Keep stores.
* Document the variable definition, and how to customize it, in the
suggested API server configuration.
* Remove the variable from the Workbench configuration. Workbench
does not currently read this header, so it isn't necessary.
Brett Smith [Sun, 2 Aug 2015 14:07:16 +0000 (10:07 -0400)]
6847: Handle Docker DNS in Docker daemon configuration.
crunch-job currently uses the host's public IP address as a DNS
resolver for containers. This requires all compute nodes to run DNS,
which isn't strictly necessary. Remove this code, and document how to
set nameservers in the Docker daemon configuration.
Brett Smith [Sat, 1 Aug 2015 20:24:54 +0000 (16:24 -0400)]
Merge branch '6590-api-config-docs'
I am breaking our own rules here, since this merge includes a
non-trivial commit from me that hasn't been reviewed. I'm going ahead
with it because I understand the driving motivation of branch reviews
is to make sure two sets of eyes see changes that could impact future
work, and I think that's been accomplished here. My changes only
touch what Peter had already changed.
Plus, with Peter out for a week, the benefits of merging outweigh the
value of holding back. Users get the benefit of improved
documentation immediately; we'll look better at sprint review; and
documentation mistakes are comparatively easy to fix after the fact.
Brett Smith [Sat, 1 Aug 2015 20:02:15 +0000 (16:02 -0400)]
6590: Aesthetic improvements to the API install guide.
This implements the flow and grammar fixes requested in
<https://arvados.org/issues/6590#note-7>. It also separates the
documentation for git_repositories_dir and git_internal_dir, and adds
a note that git_internal_dir should not be a subdirectory of
git_repositories_dir.
Brett Smith [Fri, 31 Jul 2015 14:26:42 +0000 (10:26 -0400)]
Fix type checks in arv-copy recursive collection copying.
This is necessary follow-up from 79564b0ac7d03327cc351bbd6df544ab1f776380. API objects are now
OrderedDicts instead of dicts, so `type(obj) == dict` is never true,
and calling this function on an API object is a noop.
No issue #. I found this after receiving a user report that arv-copy
did not copy dependent collections from a pipeline template.
Adds a new environment variable (CRUNCH_JOB_DOCKER_BIN) that
crunch-dispatch.rb passes along to crunch-job (or if unset, it
defaults to "/usr/bin/docker.io" which is already the default for
crunch-job).
Instruments the find_commit_range function such that it logs an
explanatory warning in any case when it fails to find any refs.
When no refs are found, find_commit_range returns an empty list
which typically causes its caller to throw an exception. Without
these added warnings, that exception is not at all helpful in
tracking down the underlying issue.
Brett Smith [Thu, 30 Jul 2015 21:34:50 +0000 (17:34 -0400)]
RVM setup instructions tell you to install Bundler after activation.
On hosts that do not have any Ruby installed, the previous
instructions won't work, because the `gem` tool is only available
through RVM. RVM needs to be activated in the shell first.
Tom Clegg [Thu, 30 Jul 2015 14:04:02 +0000 (10:04 -0400)]
6663: Admins and repository owners can_manage, not just can_write
(even though that might not translate to any additional functions with
the current gitolite config).
Tom Clegg [Tue, 28 Jul 2015 22:11:59 +0000 (18:11 -0400)]
6663: Fix repository permissions.
Users with is_active==false (except anonymous_user) are not listed by
get_all_permissions.
A repository that is shared with a group is only shared with users who
have permissions on that group, not all users who have permissions on
*any* group.
{User --can_write--> group --can_read--> repo} is correctly listed as
{User --can_read--> repo}, not can_write.
Tests check that the permissions reported by get_all_permissions do
not exceed the API server's interpretation of the current permission
set.
projects / arvados.git / log