#!/bin/bash
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: AGPL-3.0
+
DEBUG=0
+SSH_PORT=22
+PUPPET_CONCURRENCY=5
+
+read -d] -r SCOPES <<EOF
+--scopes
+'["GET /arvados/v1/virtual_machines",\n
+"GET /arvados/v1/keep_services",\n
+"GET /arvados/v1/keep_services/",\n
+"GET /arvados/v1/groups",\n
+"GET /arvados/v1/groups/",\n
+"GET /arvados/v1/links",\n
+"GET /arvados/v1/collections",\n
+"POST /arvados/v1/collections",\n
+"POST /arvados/v1/links",\n
+"GET /arvados/v1/users/current",\n
+"POST /arvados/v1/users/current",\n
+"GET /arvados/v1/jobs",\n
+"POST /arvados/v1/jobs",\n
+"GET /arvados/v1/pipeline_instances",\n
+"POST /arvados/v1/pipeline_instances",\n
+"PUT /arvados/v1/pipeline_instances/",\n
+"GET /arvados/v1/collections/",\n
+"POST /arvados/v1/collections/",\n
+"GET /arvados/v1/logs"]'
+EOF
function usage {
echo >&2
echo >&2 " <identifier> Arvados cluster name"
echo >&2
echo >&2 "$0 options:"
+ echo >&2 " -p, --port <ssh port> SSH port to use (default 22)"
+ echo >&2 " -c, --concurrency <max> Maximum concurrency for puppet runs (default 5)"
echo >&2 " -d, --debug Enable debug output"
echo >&2 " -h, --help Display this help and exit"
echo >&2
echo >&2 "Note: this script requires an arvados token created with these permissions:"
echo >&2 ' arv api_client_authorization create_system_auth \'
- echo >&2 ' --scopes "[\"GET /arvados/v1/virtual_machines\",'
- echo >&2 ' \"GET /arvados/v1/keep_services\",'
- echo >&2 ' \"GET /arvados/v1/keep_services/\",'
- echo >&2 ' \"GET /arvados/v1/groups\",'
- echo >&2 ' \"GET /arvados/v1/groups/\",'
- echo >&2 ' \"GET /arvados/v1/links\",'
- echo >&2 ' \"GET /arvados/v1/collections\",'
- echo >&2 ' \"POST /arvados/v1/collections\",'
- echo >&2 ' \"POST /arvados/v1/links\"]"'
+ echo -e $SCOPES"]'" >&2
echo >&2
}
+
# NOTE: This requires GNU getopt (part of the util-linux package on Debian-based distros).
-TEMP=`getopt -o hd \
- --long help,debug \
+TEMP=`getopt -o hdp:c: \
+ --long help,debug,port:,concurrency: \
-n "$0" -- "$@"`
if [ $? != 0 ] ; then echo "Use -h for help"; exit 1 ; fi
while [ $# -ge 1 ]
do
case $1 in
+ -p | --port)
+ SSH_PORT="$2"; shift 2
+ ;;
+ -c | --concurrency)
+ PUPPET_CONCURRENCY="$2"; shift 2
+ ;;
-d | --debug)
DEBUG=1
shift
COLUMNS=80
+PUPPET_AGENT='
+now() { date +%s; }
+let endtime="$(now) + 600"
+while [ "$endtime" -gt "$(now)" ]; do
+ puppet agent --test --detailed-exitcodes
+ agent_exitcode=$?
+ if [ 0 = "$agent_exitcode" ] || [ 2 = "$agent_exitcode" ]; then
+ break
+ else
+ sleep 10s
+ fi
+done
+exit ${agent_exitcode:-99}
+'
+
title () {
date=`date +'%Y-%m-%d %H:%M:%S'`
printf "$date $1\n"
function run_puppet() {
node=$1
- return_var=$2
title "Running puppet on $node"
+ sleep $[ $RANDOM / 6000 ].$[ $RANDOM / 1000 ]
TMP_FILE=`mktemp`
if [[ "$DEBUG" != "0" ]]; then
- ssh -t -p2222 -o "StrictHostKeyChecking no" -o "ConnectTimeout 5" root@$node -C "/usr/bin/puppet agent -t" | tee $TMP_FILE
+ ssh -t -p$SSH_PORT -o "StrictHostKeyChecking no" -o "ConnectTimeout 5" root@$node -C bash -c "'$PUPPET_AGENT'" | tee $TMP_FILE
else
- ssh -t -p2222 -o "StrictHostKeyChecking no" -o "ConnectTimeout 5" root@$node -C "/usr/bin/puppet agent -t" > $TMP_FILE 2>&1
+ ssh -t -p$SSH_PORT -o "StrictHostKeyChecking no" -o "ConnectTimeout 5" root@$node -C bash -c "'$PUPPET_AGENT'" > $TMP_FILE 2>&1
fi
- ECODE=$?
+ ECODE=${PIPESTATUS[0]}
RESULT=$(cat $TMP_FILE)
if [[ "$ECODE" != "255" && ! ("$RESULT" =~ 'already in progress') && "$ECODE" != "2" && "$ECODE" != "0" ]]; then
if [[ "$ECODE" == "2" ]]; then
ECODE=0
fi
- rm -f $TMP_FILE
- eval "$return_var=$ECODE"
+
+ if [[ "$ECODE" == "0" ]]; then
+ rm -f $TMP_FILE
+ echo $node successfully updates
+ else
+ echo $node exit code: $ECODE see $TMP_FILE for details
+ fi
}
function run_command() {
title "Running '$command' on $node"
TMP_FILE=`mktemp`
if [[ "$DEBUG" != "0" ]]; then
- ssh -t -p2222 -o "StrictHostKeyChecking no" -o "ConnectTimeout 5" root@$node -C "$command" | tee $TMP_FILE
+ ssh -t -p$SSH_PORT -o "StrictHostKeyChecking no" -o "ConnectTimeout 125" root@$node -C "$command" | tee $TMP_FILE
else
- ssh -t -p2222 -o "StrictHostKeyChecking no" -o "ConnectTimeout 5" root@$node -C "$command" > $TMP_FILE 2>&1
+ ssh -t -p$SSH_PORT -o "StrictHostKeyChecking no" -o "ConnectTimeout 125" root@$node -C "$command" > $TMP_FILE 2>&1
fi
ECODE=$?
SUM_ECODE=0
run_puppet $IDENTIFIER.arvadosapi.com ECODE
SUM_ECODE=$(($SUM_ECODE + $ECODE))
-run_command $IDENTIFIER.arvadosapi.com ECODE "/usr/local/bin/arvados-api-server-upgrade.sh"
-SUM_ECODE=$(($SUM_ECODE + $ECODE))
-run_command $IDENTIFIER.arvadosapi.com ECODE "dpkg -L arvados-mailchimp-plugin 2>/dev/null && apt-get install arvados-mailchimp-plugin --reinstall || echo"
-SUM_ECODE=$(($SUM_ECODE + $ECODE))
if [[ "$SUM_ECODE" != "0" ]]; then
title "ERROR: Updating API server FAILED"
exit 1
fi
+title "Gathering list of shell and Keep nodes"
+SHELL_NODES=`ARVADOS_API_HOST=$ARVADOS_API_HOST ARVADOS_API_TOKEN=$ARVADOS_API_TOKEN rvm-exec default arv virtual_machine list |jq .items[].hostname -r`
+KEEP_NODES=`ARVADOS_API_HOST=$ARVADOS_API_HOST ARVADOS_API_TOKEN=$ARVADOS_API_TOKEN rvm-exec default arv keep_service list |jq .items[].service_host -r`
+
+nodes=""
+for n in workbench manage switchyard $SHELL_NODES $KEEP_NODES; do
+ ECODE=0
+ if [[ $n =~ $ARVADOS_API_HOST$ ]]; then
+ # e.g. keep.qr1hi.arvadosapi.com
+ node=$n
+ else
+ # e.g. shell
+ node=$n.$ARVADOS_API_HOST
+ fi
+ # e.g. keep.qr1hi
+ nodes="$nodes ${node%.arvadosapi.com}"
+done
+
+## at this point nodes should be an array containing
+## manage.qr1hi, keep.qr1hi, etc
+## that should be defined in the .ssh/config file
+title "Updating in parallel: $nodes"
+export -f run_puppet
+export -f title
+export SSH_PORT
+export PUPPET_AGENT
+echo $nodes|xargs -d " " -n 1 -P $PUPPET_CONCURRENCY -I {} bash -c "run_puppet {}"
+
title "Locating Arvados Standard Docker images project"
JSON_FILTER="[[\"name\", \"=\", \"Arvados Standard Docker Images\"], [\"owner_uuid\", \"=\", \"$IDENTIFIER-tpzed-000000000000000\"]]"
fi
title "Found Arvados Standard Docker Images project with uuid $DOCKER_IMAGES_PROJECT"
-GIT_COMMIT=`ssh -o "StrictHostKeyChecking no" $IDENTIFIER cat /usr/local/arvados/src/git-commit.version`
+GIT_COMMIT=`ssh -o "StrictHostKeyChecking no" shell.$IDENTIFIER "python -c 'import arvados_cwl ; print arvados_cwl.__version__'" 2>&1 |grep -v INFO:rdflib:RDFLib`
if [[ "$?" != "0" ]] || [[ "$GIT_COMMIT" == "" ]]; then
title "ERROR: unable to get arvados/jobs Docker image git revision"
if [[ "$?" == "0" ]]; then
title "Found latest arvados/jobs Docker image, nothing to upload"
+ # Just in case it isn't yet, tag the image as latest
+ ssh -o "StrictHostKeyChecking no" shell.$IDENTIFIER "ARVADOS_API_HOST=$ARVADOS_API_HOST ARVADOS_API_TOKEN=$ARVADOS_API_TOKEN arv-keepdocker arvados/jobs latest"
else
title "Installing latest arvados/jobs Docker image"
ssh -o "StrictHostKeyChecking no" shell.$IDENTIFIER "ARVADOS_API_HOST=$ARVADOS_API_HOST ARVADOS_API_TOKEN=$ARVADOS_API_TOKEN /usr/local/rvm/bin/rvm-exec default arv keep docker --pull --project-uuid=$DOCKER_IMAGES_PROJECT arvados/jobs $GIT_COMMIT"
+ ssh -o "StrictHostKeyChecking no" shell.$IDENTIFIER docker tag --force >/dev/null 2>&1
+ # docker 1.13 no longer supports --force. Sigh.
+ if [[ "$?" == "125" ]]; then
+ FORCE_TAG=""
+ else
+ FORCE_TAG="--force"
+ fi
+ ## adding latest tag too refs 9254
+ ssh -o "StrictHostKeyChecking no" shell.$IDENTIFIER docker tag $FORCE_TAG arvados/jobs:$GIT_COMMIT arvados/jobs:latest
+ ssh -o "StrictHostKeyChecking no" shell.$IDENTIFIER "ARVADOS_API_HOST=$ARVADOS_API_HOST ARVADOS_API_TOKEN=$ARVADOS_API_TOKEN arv-keepdocker --project-uuid=$DOCKER_IMAGES_PROJECT arvados/jobs latest"
if [[ "$?" -ne 0 ]]; then
title "'git pull' failed exiting..."
exit 1
fi
fi
-
-title "Gathering list of shell and Keep nodes"
-SHELL_NODES=`ARVADOS_API_HOST=$ARVADOS_API_HOST ARVADOS_API_TOKEN=$ARVADOS_API_TOKEN arv virtual_machine list |jq .items[].hostname -r`
-KEEP_NODES=`ARVADOS_API_HOST=$ARVADOS_API_HOST ARVADOS_API_TOKEN=$ARVADOS_API_TOKEN arv keep_service list |jq .items[].service_host -r`
-
-title "Updating workbench"
-SUM_ECODE=0
-if [[ `host workbench.$ARVADOS_API_HOST |cut -f4 -d' '` != `host $ARVADOS_API_HOST |cut -f4 -d' '` ]]; then
- # Workbench runs on a separate host. We need to run puppet there too.
- run_puppet workbench.$IDENTIFIER ECODE
- SUM_ECODE=$(($SUM_ECODE + $ECODE))
-fi
-
-run_command workbench.$IDENTIFIER ECODE "/usr/local/bin/arvados-workbench-upgrade.sh"
-SUM_ECODE=$(($SUM_ECODE + $ECODE))
-
-if [[ "$SUM_ECODE" != "0" ]]; then
- title "ERROR: Updating workbench FAILED"
- EXITCODE=$(($EXITCODE + $SUM_ECODE))
- exit $EXITCODE
-fi
-
-for n in manage switchyard $SHELL_NODES $KEEP_NODES; do
- ECODE=0
- if [[ $n =~ $ARVADOS_API_HOST$ ]]; then
- # e.g. keep.qr1hi.arvadosapi.com
- node=$n
- else
- # e.g. shell
- node=$n.$ARVADOS_API_HOST
- fi
-
- # e.g. keep.qr1hi
- node=${node%.arvadosapi.com}
-
- title "Updating $node"
- run_puppet $node ECODE
- if [[ "$ECODE" != "0" ]]; then
- title "ERROR: Updating $node node FAILED: exit code $ECODE"
- EXITCODE=$(($EXITCODE + $ECODE))
- exit $EXITCODE
- fi
-done