From 3b0f80205c1942cc954eb891691c7c382aa9c87c Mon Sep 17 00:00:00 2001
From: =?utf8?q?Javier=20B=C3=A9rtoli?= <jbertoli@curii.com>
Date: Mon, 11 Oct 2021 21:49:43 -0300
Subject: [PATCH] 17742: add custom certs to the local.params files
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

Arvados-DCO-1.1-Signed-off-by: Javier Bértoli <jbertoli@curii.com>
---
 tools/salt-install/Vagrantfile                |  8 +++++--
 .../local.params.example.multiple_hosts       | 22 +++++++++++++++++--
 ...ams.example.single_host_multiple_hostnames |  3 +--
 3 files changed, 27 insertions(+), 6 deletions(-)

diff --git a/tools/salt-install/Vagrantfile b/tools/salt-install/Vagrantfile
index a3463bfc5c..f7f8da3b16 100644
--- a/tools/salt-install/Vagrantfile
+++ b/tools/salt-install/Vagrantfile
@@ -35,14 +35,18 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
                                cp -vr /vagrant/tests /home/vagrant/tests;
                                sed 's#cluster_fixme_or_this_wont_work#harpo#g;
                                     s#domain_fixme_or_this_wont_work#local#g;
-                                    s/#\ BRANCH=\"main\"/\ BRANCH=\"main\"/g;
-                                    s#CONTROLLER_EXT_SSL_PORT=443#CONTROLLER_EXT_SSL_PORT=8443#g' \
+                                    s#CONTROLLER_EXT_SSL_PORT=443#CONTROLLER_EXT_SSL_PORT=8443#g;
+                                    s#RELEASE=\"production\"#RELEASE=\"development\"#g;
+                                    s/# VERSION=.*$/VERSION=\"latest\"/g;
+                                    s/#\ BRANCH=\"main\"/\ BRANCH=\"main\"/g' \
                                     /vagrant/local.params.example.single_host_multiple_hostnames > /tmp/local.params.single_host_multiple_hostnames"
+
      arv.vm.provision "shell",
                       path: "provision.sh",
                       args: [
                         # "--debug",
                         "--config /tmp/local.params.single_host_multiple_hostnames",
+                        "--development",
                         "--test",
                         "--vagrant"
                       ].join(" ")
diff --git a/tools/salt-install/local.params.example.multiple_hosts b/tools/salt-install/local.params.example.multiple_hosts
index 283c631ec5..fdba88dbe0 100644
--- a/tools/salt-install/local.params.example.multiple_hosts
+++ b/tools/salt-install/local.params.example.multiple_hosts
@@ -43,7 +43,6 @@ DATABASE_INT_IP=10.0.0.6
 SHELL_INT_IP=10.0.0.7
 
 INITIAL_USER="admin"
-INITIAL_USER_PASSWORD="password"
 
 # If not specified, the initial user email will be composed as
 # INITIAL_USER@CLUSTER.DOMAIN
@@ -64,7 +63,7 @@ DATABASE_PASSWORD=please_set_this_to_some_secure_value
 # salt formula (https://github.com/saltstack-formulas/letsencrypt-formula) to try to
 # automatically obtain and install SSL certificates for your instances or set this
 # variable to "no", provide and upload your own certificates to the instances and
-# modify the 'nginx_*' salt pillars accordingly
+# modify the 'nginx_*' salt pillars accordingly (see CUSTOM_CERTS_DIR below) 
 USE_LETSENCRYPT="yes"
 USE_LETSENCRYPT_IAM_USER="yes"
 # For collections, we need to obtain a wildcard certificate for
@@ -76,6 +75,25 @@ LE_AWS_REGION="us-east-1"
 LE_AWS_ACCESS_KEY_ID="AKIABCDEFGHIJKLMNOPQ"
 LE_AWS_SECRET_ACCESS_KEY="thisistherandomstringthatisyoursecretkey"
 
+# If you going to provide your own certificates for Arvados, the provision script can
+# help you deploy them. In order to do that, you need to set `USE_LETSENCRYPT=no` above,
+# and copy the required certificates under the directory specified in the next line.
+# The certs will be copied from this directory by the provision script.
+CUSTOM_CERTS_DIR="./certs"
+# The script expects cert/key files with these basenames (matching the role except for
+# keepweb, which is split in both downoad/collections):
+#  "controller"
+#  "websocket"
+#  "workbench"
+#  "workbench2"
+#  "webshell"
+#  "download"         # Part of keepweb
+#  "collections"      # Part of keepweb
+#  "keep"             # Keepproxy
+# Ie., 'keep', the script will lookup for
+# ${CUSTOM_CERTS_DIR}/keep.crt
+# ${CUSTOM_CERTS_DIR}/keep.key
+
 # The directory to check for the config files (pillars, states) you want to use.
 # There are a few examples under 'config_examples'.
 # CONFIG_DIR="local_config_dir"
diff --git a/tools/salt-install/local.params.example.single_host_multiple_hostnames b/tools/salt-install/local.params.example.single_host_multiple_hostnames
index 46ac881870..cf79fe244c 100644
--- a/tools/salt-install/local.params.example.single_host_multiple_hostnames
+++ b/tools/salt-install/local.params.example.single_host_multiple_hostnames
@@ -45,7 +45,7 @@ DATABASE_PASSWORD=please_set_this_to_some_secure_value
 # salt formula (https://github.com/saltstack-formulas/letsencrypt-formula) to try to
 # automatically obtain and install SSL certificates for your instances or set this
 # variable to "no", provide and upload your own certificates to the instances and
-# modify the 'nginx_*' salt pillars accordingly (see below, param CUSTOM_CERTS_DIR)
+# modify the 'nginx_*' salt pillars accordingly (see CUSTOM_CERTS_DIR below)
 USE_LETSENCRYPT="no"
 
 # If you going to provide your own certificates for Arvados, the provision script can
@@ -55,7 +55,6 @@ USE_LETSENCRYPT="no"
 CUSTOM_CERTS_DIR="./certs"
 # The script expects cert/key files with these basenames (matching the role except for
 # keepweb, which is split in both downoad/collections):
-# CUSTOM_CERTS_DIR.
 #  "controller"
 #  "websocket"
 #  "workbench"
-- 
2.30.2