[salt][provision] when using SnakeOil certs, Arvados needs a CA or some components won't work correctly
(Total: 0.00 h)
As discussed in gitter, the provision installer needs to create a CA which can then be installed by the user, or Arvados' won't work correctly: self-signed certificates are silently discarded by some libraries.
Updated by Lucas Di Pentima over 1 year ago
- On the sls files, there’re commented
letsencrypt.confsnippets entries, I think we could get rid of them if they aren’t used (following our own code style standards of not keeping commented out code).
- Got some error when trying to start it with vagrant (as a new instance)
... arvados: Rendering SLS 'base:docker.software.package.repo.install' failed: Jinja variable 'null' is undefined arvados: Removing .psql file arvados: + '[' xyes = xyes ']' arvados: + echo 'Removing .psql file' arvados: + rm /root/.psqlrc arvados: Copying the Arvados CA certificate to the installer dir, so you can import it arvados: + '[' x = xyes ']' arvados: + echo 'Copying the Arvados CA certificate to the installer dir, so you can import it' arvados: + '[' xyes = xyes ']' arvados: + cp /etc/ssl/certs/arvados-snakeoil-ca.pem /vagrant arvados: cp: arvados: cannot stat '/etc/ssl/certs/arvados-snakeoil-ca.pem' arvados: : No such file or directory arvados: Adding the vagrant user to the docker group arvados: + echo 'Adding the vagrant user to the docker group' arvados: + usermod -a -G docker vagrant arvados: usermod: group 'docker' does not exist arvados: + '[' xyes = xyes ']' arvados: + cd /tmp/cluster_tests arvados: + ./run-test.sh arvados: The Arvados CA was not correctly installed. Although some components will work, arvados: others won't. Please verify that the CA cert file was installed correctly and arvados: retry running these tests. The SSH command responded with a non-zero exit status. Vagrant assumes that this means the command failed. The output for this command should be in the log above. Please read the output to determine what went wrong.