Bug #17604

[deployment][provision][arvados-formula] remove @*--collections@ and use @*.collections@

Added by Javier Bértoli 9 months ago. Updated 8 months ago.

Status:
Resolved
Priority:
Normal
Assigned To:
Category:
Deployment
Target version:
Start date:
05/18/2021
Due date:
% Done:

100%

Estimated time:
(Total: 0.00 h)
Story points:
-
Release relationship:
Auto

Description

As part of a deployment we found out that the format *--collections is hard to implement in DNS, as wildcards in DNS need to replace a whole label or will be considered literals (see RFC 4592 , Wikipedia , or DNS providers for more details).

To avoid adding confusion, we should do deployments using the *.collections format.

As the wildcard certificate through Letsencrypt can only be obtained using the DNS method, the provision script should consider it, document it or fail.


Subtasks

Task #17643: Review #17604 commit ef0df12da@arvados, branch 17604-change-collections-urlsResolvedLucas Di Pentima


Related issues

Blocks Arvados - Story #17512: Release Arvados 2.2Resolved05/03/2021

Blocked by Arvados - Bug #17605: [deployment][provision] letsencrypt credentials when using route53Resolved05/28/2021

Associated revisions

Revision ef0df12d (diff)
Added by Javier Bértoli 8 months ago

feat(provision): use LE wildcard cert for *.collections

refs #17604
Arvados-DCO-1.1-Signed-off-by: Javier Bértoli <>

Revision 9a06772d (diff)
Added by Javier Bértoli 8 months ago

fix(provision): some more changes to collections urls

refs #17604
Arvados-DCO-1.1-Signed-off-by: Javier Bértoli <>

Revision 65d25630 (diff)
Added by Javier Bértoli 8 months ago

feat(provision): use LE wildcard cert for *.collections

refs #17604
Arvados-DCO-1.1-Signed-off-by: Javier Bértoli <>

Revision c33ff9b8
Added by Javier Bértoli 8 months ago

Merge branch '17604-change-collections-urls'

closes #17604
Arvados-DCO-1.1-Signed-off-by: Javier Bértoli <>

History

#1 Updated by Peter Amstutz 9 months ago

#2 Updated by Peter Amstutz 9 months ago

  • Target version changed from 2021-05-12 sprint to 2021-05-26 sprint

#3 Updated by Peter Amstutz 9 months ago

  • Release set to 38

#4 Updated by Javier Bértoli 8 months ago

  • Blocked by Bug #17605: [deployment][provision] letsencrypt credentials when using route53 added

#5 Updated by Javier Bértoli 8 months ago

  • Status changed from New to Feedback

Should be fixed in commit ef0df12da@arvados, branch 17604-change-collections-urls

#6 Updated by Lucas Di Pentima 8 months ago

Some comments:

  • File tools/salt-install/config_examples/multi_host/aws/certs/README.md may need updating.
  • File tools/salt-install/config_examples/multi_host/aws/pillars/nginx_keepweb_configuration.sls have mentions of the .*--domain form at lines 24 & 38, should those be updated too?

#7 Updated by Javier Bértoli 8 months ago

Lucas Di Pentima wrote:

Some comments:

  • File tools/salt-install/config_examples/multi_host/aws/certs/README.md may need updating.
  • File tools/salt-install/config_examples/multi_host/aws/pillars/nginx_keepweb_configuration.sls have mentions of the .*--domain form at lines 24 & 38, should those be updated too?

Addresses in 9a06772d7

#8 Updated by Lucas Di Pentima 8 months ago

LGTM

#9 Updated by Javier Bértoli 8 months ago

Merged

#10 Updated by Javier Bértoli 8 months ago

  • Status changed from Feedback to Resolved

Also available in: Atom PDF