From f258b604f831bb3bd7fab506c670b975ae8e4118 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Javier=20B=C3=A9rtoli?= Date: Thu, 3 Mar 2022 15:52:24 -0300 Subject: [PATCH] 18830: fix nginx parameters for single-host/single-hostname provisioning MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Arvados-DCO-1.1-Signed-off-by: Javier Bértoli --- tools/salt-install/Vagrantfile | 1 + .../single_hostname/pillars/arvados.sls | 20 ++++++++++++++-- .../pillars/nginx_api_configuration.sls | 8 ++++++- .../nginx_workbench2_configuration.sls | 24 +++++++++++++++++-- .../pillars/nginx_workbench_configuration.sls | 22 ++++++++++++++++- 5 files changed, 69 insertions(+), 6 deletions(-) diff --git a/tools/salt-install/Vagrantfile b/tools/salt-install/Vagrantfile index 27f1591c8f..a8dd345343 100644 --- a/tools/salt-install/Vagrantfile +++ b/tools/salt-install/Vagrantfile @@ -81,6 +81,7 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| inline: "cp -vr /vagrant/config_examples/single_host/single_hostname /home/vagrant/local_config_dir; cp -vr /vagrant/tests /home/vagrant/tests; sed 's#HOSTNAME_EXT=\"hostname_ext_fixme_or_this_wont_work\"#HOSTNAME_EXT=\"zeppo.local\"#g; + 's#IP_INT=\"ip_int_fixme_or_this_wont_work\"#IP_INT=\"127.0.0.1\"#g; s#cluster_fixme_or_this_wont_work#zeppo#g; s#domain_fixme_or_this_wont_work#local#g;' \ /vagrant/local.params.example.single_host_single_hostname > /tmp/local.params.single_host_single_hostname" diff --git a/tools/salt-install/config_examples/single_host/single_hostname/pillars/arvados.sls b/tools/salt-install/config_examples/single_host/single_hostname/pillars/arvados.sls index 334edb946b..8b8e4f7f9e 100644 --- a/tools/salt-install/config_examples/single_host/single_hostname/pillars/arvados.sls +++ b/tools/salt-install/config_examples/single_host/single_hostname/pillars/arvados.sls @@ -1,3 +1,5 @@ +# -*- coding: utf-8 -*- +# vim: ft=yaml --- # Copyright (C) The Arvados Authors. All rights reserved. # @@ -67,8 +69,15 @@ arvados: host: 127.0.0.1 password: "__DATABASE_PASSWORD__" user: __CLUSTER___arvados - encoding: en_US.utf8 - client_encoding: UTF8 + extra_conn_params: + client_encoding: UTF8 + # Centos7 does not enable SSL by default, so we disable + # it here just for testing of the formula purposes only. + # You should not do this in production, and should + # configure Postgres certificates correctly + {%- if grains.os_family in ('RedHat',) %} + sslmode: disable + {%- endif %} tls: # certificate: '' @@ -76,6 +85,13 @@ arvados: # When using arvados-snakeoil certs set insecure: true insecure: true + resources: + virtual_machines: + shell: + name: webshell + backend: 127.0.1.1 + port: 4200 + ### TOKENS tokens: system_root: __SYSTEM_ROOT_TOKEN__ diff --git a/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_api_configuration.sls b/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_api_configuration.sls index ac3ba99f16..04195ae5b9 100644 --- a/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_api_configuration.sls +++ b/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_api_configuration.sls @@ -3,10 +3,16 @@ # # SPDX-License-Identifier: AGPL-3.0 +{%- if grains.os_family in ('RedHat',) %} + {%- set group = 'nginx' %} +{%- else %} + {%- set group = 'www-data' %} +{%- endif %} + ### ARVADOS arvados: config: - group: www-data + group: {{ group }} ### NGINX nginx: diff --git a/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_workbench2_configuration.sls b/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_workbench2_configuration.sls index 8e4b9b4aa1..d28fe80278 100644 --- a/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_workbench2_configuration.sls +++ b/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_workbench2_configuration.sls @@ -1,18 +1,38 @@ --- # Copyright (C) The Arvados Authors. All rights reserved. # -# SPDX-License-Identifier: AGPL-3.0 +# SPDX-License-Identifier: Apache-2.0 + +{%- if grains.os_family in ('RedHat',) %} + {%- set group = 'nginx' %} +{%- else %} + {%- set group = 'www-data' %} +{%- endif %} ### ARVADOS arvados: config: - group: www-data + group: {{ group }} ### NGINX nginx: ### SITES servers: managed: + ### DEFAULT + arvados_workbench2_default.conf: + enabled: true + overwrite: true + config: + - server: + - server_name: workbench2.__CLUSTER__.__DOMAIN__ + - listen: + - 80 + - location /.well-known: + - root: /var/www + - location /: + - return: '301 https://$host$request_uri' + arvados_workbench2_ssl.conf: enabled: true overwrite: true diff --git a/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_workbench_configuration.sls b/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_workbench_configuration.sls index 3477c02750..59fb43e57a 100644 --- a/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_workbench_configuration.sls +++ b/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_workbench_configuration.sls @@ -3,10 +3,16 @@ # # SPDX-License-Identifier: AGPL-3.0 +{%- if grains.os_family in ('RedHat',) %} + {%- set group = 'nginx' %} +{%- else %} + {%- set group = 'www-data' %} +{%- endif %} + ### ARVADOS arvados: config: - group: www-data + group: {{ group }} ### NGINX nginx: @@ -22,6 +28,20 @@ nginx: ### SITES servers: managed: + ### DEFAULT + arvados_workbench_default.conf: + enabled: true + overwrite: true + config: + - server: + - server_name: workbench.__CLUSTER__.__DOMAIN__ + - listen: + - 80 + - location /.well-known: + - root: /var/www + - location /: + - return: '301 https://$host$request_uri' + arvados_workbench_ssl.conf: enabled: true overwrite: true -- 2.30.2