Arvados

Some progress on 22613-http-proxy-docs

• config.yml
• nginx config
• DNS
• certificates

Just one observation:

doc/_includes/_multi_host_install_custom_certificates.liquid might need some updating, too.

The rest LGTM, thanks

I merged 22613-http-proxy-docs.

I started to update doc/_includes/_multi_host_install_custom_certificates.liquid but then I wasn't sure we should update the "salt installer expects X" stuff without also updating the salt installer to use X. I left some edits on a separate branch so we can do that.

22613-update-salt @ e2121b115612bfb7fa0c2c7abc560397491dc787

22613-update-salt @ 923bd1900732645c66cefc12a1439f8f6e04a2bb

Code LGTM, but when I tried to test everything by deploying a multi node cluster in our sandbox account I realized that Terraform needed some updating too.

Commit c7e6f14aaf updates Terraform variables so that the new DNS record is created in Route53.

Also, when I tried to do the deployment, I got an unrelated error:

----------
          ID: postgresql-repo-keyring
    Function: pkg.installed
      Result: False
     Comment: An error was encountered while installing package(s): Error: HTTP 404: Not Found reading /pub/repos/apt/pool/main/p/pgdg-keyring/pgdg-keyring_2018.2_all.deb
     Started: 14:04:08.304756
    Duration: 41.785 ms
     Changes:   

I did some research last night but couldn´t yet find a probable cause for this. On one hand, it seems that they messed up the package repo by removing the pgdg-keyring package, but OTOH it seems that this package was going on its way out (See: https://www.postgresql.org/message-id/Y25%2BRkZxiZKBOKio%40msg.df7cb.de). The odd thing is that I haven't found any notice warning that this would happen, and removing it for older PG packages seems a bad move, so that's why I still think it might not be on purpose.

Not sure what do you want to do, should we merge this and make another ticket to solve the PG package issue?

Unblocked myself by following Brett's advice of setting use_upstream_repo: false on the postgresql.sls pillar.
Now I've found some issues with the saltstack code regarding certificates for the new names, so I'm working on fixing that on the test cluster I've deployed in the sandbox account.

Updates at 244068ae - 22613-update-salt branch (arvados repo)
Updates at commit 15c23c2c - 22613-container-web-services branch (arvados-formula repo)

• Disables the use of upstream packages for PostgreSQL installation to workaround an issue with the pgdg-keyring package from postgresql.org.
• Fixes LetsEncrypt config for the *.containers... subdomain in the salt installer.
• Adds support for ContainerWebServices config on arvados-formula.
• Updates provision.sh script to use the new arvados-formula version.

I'm not sure how to test this new set of configurations, do we have a service container somewhere I could use on the test cluster?

Updates LGTM.

Branches merged. Not sure if this ticket requires further work, I'm thinking it doesn't but just in case I leave it open.