Bug #17177
closed
[salt][provision] when using SnakeOil certs, Arvados needs a CA or some components won't work correctly
Added by Javier Bértoli about 4 years ago.
Updated over 3 years ago.
Estimated time:
(Total: 0.00 h)
Release relationship:
Auto
Description
As discussed in gitter, the provision installer needs to create a CA which can then be installed by the user, or Arvados' won't work correctly: self-signed certificates are silently discarded by some libraries.
- Target version changed from 2020-12-02 Sprint to 2020-12-16 Sprint
- % Done changed from 0 to 100
Submitted an arvados-formula's PR and updated the provision.sh script and docs (commit 7b009edfb, branch 17177-use-newly-created-ca). Added a curl test to verify the cert is valid.
- On the sls files, there’re commented
letsencrypt.conf snippets entries, I think we could get rid of them if they aren’t used (following our own code style standards of not keeping commented out code).
- Got some error when trying to start it with vagrant (as a new instance)
...
arvados: Rendering SLS 'base:docker.software.package.repo.install' failed: Jinja variable 'null' is undefined
arvados: Removing .psql file
arvados: + '[' xyes = xyes ']'
arvados: + echo 'Removing .psql file'
arvados: + rm /root/.psqlrc
arvados: Copying the Arvados CA certificate to the installer dir, so you can import it
arvados: + '[' x = xyes ']'
arvados: + echo 'Copying the Arvados CA certificate to the installer dir, so you can import it'
arvados: + '[' xyes = xyes ']'
arvados: + cp /etc/ssl/certs/arvados-snakeoil-ca.pem /vagrant
arvados: cp:
arvados: cannot stat '/etc/ssl/certs/arvados-snakeoil-ca.pem'
arvados: : No such file or directory
arvados: Adding the vagrant user to the docker group
arvados: + echo 'Adding the vagrant user to the docker group'
arvados: + usermod -a -G docker vagrant
arvados: usermod: group 'docker' does not exist
arvados: + '[' xyes = xyes ']'
arvados: + cd /tmp/cluster_tests
arvados: + ./run-test.sh
arvados: The Arvados CA was not correctly installed. Although some components will work,
arvados: others won't. Please verify that the CA cert file was installed correctly and
arvados: retry running these tests.
The SSH command responded with a non-zero exit status. Vagrant
assumes that this means the command failed. The output for this command
should be in the log above. Please read the output to determine what
went wrong.
Added a few more commits, commit ebd40412f@arvados, branch 17177-use-newly-created-ca
Tested locally and both the WB2-UI and CLI work.
- Status changed from In Progress to Resolved
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by