From 67d842388bc0542a7c3d8843635c3ccf5add20c7 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Javier=20B=C3=A9rtoli?= Date: Thu, 21 Oct 2021 15:59:04 -0300 Subject: [PATCH] 17742: update documentation addressing review suggestions MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Arvados-DCO-1.1-Signed-off-by: Javier Bértoli --- .../_install_custom_certificates.liquid | 26 +++++++++++++++++++ .../salt-multi-host.html.textile.liquid | 23 ++-------------- .../salt-single-host.html.textile.liquid | 23 ++-------------- 3 files changed, 30 insertions(+), 42 deletions(-) create mode 100644 doc/_includes/_install_custom_certificates.liquid diff --git a/doc/_includes/_install_custom_certificates.liquid b/doc/_includes/_install_custom_certificates.liquid new file mode 100644 index 0000000000..74bc009b89 --- /dev/null +++ b/doc/_includes/_install_custom_certificates.liquid @@ -0,0 +1,26 @@ +{% comment %} +Copyright (C) The Arvados Authors. All rights reserved. + +SPDX-License-Identifier: CC-BY-SA-3.0 +{% endcomment %} + +If you plan to use custom certificates, please set the variable USE_LETSENCRYPT=no and copy your certificates to the directory specified with the variable @CUSTOM_CERTS_DIR@ (usually "./certs") in the remote directory where you copied the @provision.sh@ script. From this dir, the provision script will install the certificates required for the role you're installing. + +The script expects cert/key files with these basenames (matching the role except for keepweb, which is split in both download / collections): + +* "controller" +* "websocket" +* "workbench" +* "workbench2" +* "webshell" +* "download" # Part of keepweb +* "collections" # Part of keepweb +* "keepproxy" + +Ie., for 'keepproxy', the script will lookup for + + +
${CUSTOM_CERTS_DIR}/keepproxy.crt
+${CUSTOM_CERTS_DIR}/keepproxy.key
+
+ diff --git a/doc/install/salt-multi-host.html.textile.liquid b/doc/install/salt-multi-host.html.textile.liquid index da86c443af..ab36035a84 100644 --- a/doc/install/salt-multi-host.html.textile.liquid +++ b/doc/install/salt-multi-host.html.textile.liquid @@ -106,28 +106,9 @@ cp -r config_examples/multi_host/aws local_config_dir Edit the variables in the local.params file. Pay attention to the *_INT_IP, *_TOKEN and *KEY variables. Those variables will be used to do a search and replace on the pillars/* in place of any matching __VARIABLE__. -The multi_host example includes LetsEncrypt salt code to automatically request and install the certificates for the public-facing hosts (API/controller, Workbench, Keepproxy/Keepweb) using AWS' Route53. +The multi_host example includes Let's Encrypt salt code to automatically request and install the certificates for the public-facing hosts (API/controller, Workbench, Keepproxy/Keepweb) using AWS' Route53. -If you plan to use custom certificates, please set the variable USE_LETSENCRYPT=no and copy your certificates to the directory specified with the variable @CUSTOM_CERTS_DIR@ (usually "./certs") in the remote directory where you copied the @provision.sh@ script. From this dir, the provision script will install the certificates required for the role you're installing. - -The script expects cert/key files with these basenames (matching the role except for keepweb, which is split in both download / collections): - -* "controller" -* "websocket" -* "workbench" -* "workbench2" -* "webshell" -* "download" # Part of keepweb -* "collections" # Part of keepweb -* "keepproxy" - -Ie., for 'keepproxy', the script will lookup for - - -
${CUSTOM_CERTS_DIR}/keepproxy.crt
-${CUSTOM_CERTS_DIR}/keepproxy.key
-
- +{% include 'install_custom_certificates' %} h3(#further_customization). Further customization of the installation (modifying the salt pillars and states) diff --git a/doc/install/salt-single-host.html.textile.liquid b/doc/install/salt-single-host.html.textile.liquid index 11c8991e9a..9147f25a19 100644 --- a/doc/install/salt-single-host.html.textile.liquid +++ b/doc/install/salt-single-host.html.textile.liquid @@ -57,28 +57,9 @@ Edit the variables in the local.params file. Pay attention to the *_PO The single_host examples use self-signed SSL certificates, which are deployed using the same mechanism used to deploy custom certificates. -If you plan to use custom certificates, please set the variable USE_LETSENCRYPT=no and copy your certificates to the directory specified with the variable @CUSTOM_CERTS_DIR@ (usually "./certs") in the remote directory where you copied the @provision.sh@ script. From this dir, the provision script will install the certificates required for the role you're installing. +{% include 'install_custom_certificates' %} -The script expects cert/key files with these basenames (matching the role except for keepweb, which is split in both download / collections): - -* "controller" -* "websocket" -* "workbench" -* "workbench2" -* "webshell" -* "download" # Part of keepweb -* "collections" # Part of keepweb -* "keepproxy" - -Ie., for 'keepproxy', the script will lookup for - - -
${CUSTOM_CERTS_DIR}/keepproxy.crt
-${CUSTOM_CERTS_DIR}/keepproxy.key
-
- - -If you want to use valid certificates provided by LetsEncrypt, please set the variable USE_LETSENCRYPT=yes and make sure that all the FQDNs that you will use for the public-facing applications (API/controller, Workbench, Keepproxy/Keepweb) are reachable. +If you want to use valid certificates provided by Let's Encrypt, please set the variable USE_LETSENCRYPT=yes and make sure that all the FQDNs that you will use for the public-facing applications (API/controller, Workbench, Keepproxy/Keepweb) are reachable. h3(#single_host_multiple_hostnames). Single host / multiple hostnames (Alternative configuration) -- 2.30.2