X-Git-Url: https://git.arvados.org/arvados-dev.git/blobdiff_plain/d3f13c19bdc7b2efe160c66116461faf865fed4e..HEAD:/jenkins/run-deploy.sh diff --git a/jenkins/run-deploy.sh b/jenkins/run-deploy.sh index 4953659..bae4299 100755 --- a/jenkins/run-deploy.sh +++ b/jenkins/run-deploy.sh @@ -1,6 +1,38 @@ #!/bin/bash +# Copyright (C) The Arvados Authors. All rights reserved. +# +# SPDX-License-Identifier: AGPL-3.0 + +set -e + DEBUG=0 +UNMANAGED=0 +SSH_PORT=22 +PUPPET_CONCURRENCY=5 + +read -d] -r SCOPES <&2 @@ -9,26 +41,23 @@ function usage { echo >&2 " Arvados cluster name" echo >&2 echo >&2 "$0 options:" + echo >&2 " -n, --node Single machine to deploy, use fqdn, optional" + echo >&2 " -p, --port SSH port to use (default 22)" + echo >&2 " -c, --concurrency Maximum concurrency for puppet runs (default 5)" + echo >&2 " -u, --unmanaged Deploy to unmanaged node/cluster" echo >&2 " -d, --debug Enable debug output" echo >&2 " -h, --help Display this help and exit" echo >&2 echo >&2 "Note: this script requires an arvados token created with these permissions:" echo >&2 ' arv api_client_authorization create_system_auth \' - echo >&2 ' --scopes "[\"GET /arvados/v1/virtual_machines\",' - echo >&2 ' \"GET /arvados/v1/keep_services\",' - echo >&2 ' \"GET /arvados/v1/keep_services/\",' - echo >&2 ' \"GET /arvados/v1/groups\",' - echo >&2 ' \"GET /arvados/v1/groups/\",' - echo >&2 ' \"GET /arvados/v1/links\",' - echo >&2 ' \"GET /arvados/v1/collections\",' - echo >&2 ' \"POST /arvados/v1/collections\",' - echo >&2 ' \"POST /arvados/v1/links\"]"' + echo -e $SCOPES"]'" >&2 echo >&2 } + # NOTE: This requires GNU getopt (part of the util-linux package on Debian-based distros). -TEMP=`getopt -o hd \ - --long help,debug \ +TEMP=`getopt -o hudp:c:n: \ + --long help,unmanaged,debug,port:,concurrency:,node: \ -n "$0" -- "$@"` if [ $? != 0 ] ; then echo "Use -h for help"; exit 1 ; fi @@ -38,8 +67,22 @@ eval set -- "$TEMP" while [ $# -ge 1 ] do case $1 in + -n | --node) + NODE="$2"; shift 2 + ;; + -p | --port) + SSH_PORT="$2"; shift 2 + ;; + -c | --concurrency) + PUPPET_CONCURRENCY="$2"; shift 2 + ;; + -u | --unmanaged) + UNMANAGED=1 + shift + ;; -d | --debug) DEBUG=1 + set -x shift ;; --) @@ -64,32 +107,72 @@ EXITCODE=0 COLUMNS=80 +PUPPET_AGENT=' +if [[ -e "/usr/local/rvm/scripts/rvm" ]]; then + source /usr/local/rvm/scripts/rvm + __rvm_unload +fi +now() { date +%s; } +let endtime="$(now) + 600" +while [ "$endtime" -gt "$(now)" ]; do + puppet agent --test --detailed-exitcodes + agent_exitcode=$? + if [ 0 = "$agent_exitcode" ] || [ 2 = "$agent_exitcode" ]; then + break + else + sleep 10s + fi +done +exit ${agent_exitcode:-99} +' + +APT_AGENT=' +now() { date +%s; } +let endtime="$(now) + 600" +while [ "$endtime" -gt "$(now)" ]; do + apt-get update + DEBIAN_FRONTEND=noninteractive apt-get -y upgrade + apt_exitcode=$? + if [ 0 = "$apt_exitcode" ]; then + break + else + sleep 10s + fi +done +exit ${apt_exitcode:-99} +' + title () { date=`date +'%Y-%m-%d %H:%M:%S'` printf "$date $1\n" } -function run_puppet() { +function update_node() { + if [[ $UNMANAGED -ne 0 ]]; then + run_apt $@ + else + run_puppet $@ + fi +} + +function run_apt() { node=$1 - return_var=$2 - title "Running puppet on $node" + title "Running apt on $node" + sleep $[ $RANDOM / 6000 ].$[ $RANDOM / 1000 ] TMP_FILE=`mktemp` if [[ "$DEBUG" != "0" ]]; then - ssh -t -p2222 -o "StrictHostKeyChecking no" -o "ConnectTimeout 5" root@$node -C "/usr/bin/puppet agent -t" | tee $TMP_FILE + ssh -t -p$SSH_PORT -o "StrictHostKeyChecking no" -o "ConnectTimeout 5" root@$node -C bash -c "'$APT_AGENT'" 2>&1 | sed 's/^/['"${node}"'] /' | tee $TMP_FILE else - ssh -t -p2222 -o "StrictHostKeyChecking no" -o "ConnectTimeout 5" root@$node -C "/usr/bin/puppet agent -t" > $TMP_FILE 2>&1 + ssh -t -p$SSH_PORT -o "StrictHostKeyChecking no" -o "ConnectTimeout 5" root@$node -C bash -c "'$APT_AGENT'" 2>&1 | sed 's/^/['"${node}"'] /' > $TMP_FILE 2>&1 fi - ECODE=$? + ECODE=${PIPESTATUS[0]} RESULT=$(cat $TMP_FILE) - if [[ "$ECODE" != "255" && ! ("$RESULT" =~ 'already in progress') && "$ECODE" != "2" && "$ECODE" != "0" ]]; then + if [[ "$ECODE" != "255" && "$ECODE" != "0" ]]; then # Ssh exits 255 if the connection timed out. Just ignore that. - # Puppet exits 2 if there are changes. For real! - # Puppet prints 'Notice: Run of Puppet configuration client already in progress' if another puppet process - # was already running - echo "ERROR running puppet on $node: exit code $ECODE" + echo "ERROR running apt on $node: exit code $ECODE" if [[ "$DEBUG" == "0" ]]; then title "Command output follows:" echo $RESULT @@ -99,33 +182,36 @@ function run_puppet() { title "Connection timed out" ECODE=0 fi - if [[ "$ECODE" == "2" ]]; then - ECODE=0 + + if [[ "$ECODE" == "0" ]]; then + rm -f $TMP_FILE + title "$node successfully updated" + else + title "$node exit code: $ECODE see $TMP_FILE for details" fi - rm -f $TMP_FILE - eval "$return_var=$ECODE" } -function run_command() { +function run_puppet() { node=$1 - return_var=$2 - command=$3 - title "Running '$command' on $node" + title "Running puppet on $node" + sleep $[ $RANDOM / 6000 ].$[ $RANDOM / 1000 ] TMP_FILE=`mktemp` if [[ "$DEBUG" != "0" ]]; then - ssh -t -p2222 -o "StrictHostKeyChecking no" -o "ConnectTimeout 5" root@$node -C "$command" | tee $TMP_FILE + ssh -t -p$SSH_PORT -o "StrictHostKeyChecking no" -o "ConnectTimeout 5" root@$node -C bash -c "'$PUPPET_AGENT'" 2>&1 | sed 's/^/['"${node}"'] /' | tee $TMP_FILE else - ssh -t -p2222 -o "StrictHostKeyChecking no" -o "ConnectTimeout 5" root@$node -C "$command" > $TMP_FILE 2>&1 + ssh -t -p$SSH_PORT -o "StrictHostKeyChecking no" -o "ConnectTimeout 5" root@$node -C bash -c "'$PUPPET_AGENT'" 2>&1 | sed 's/^/['"${node}"'] /' > $TMP_FILE 2>&1 fi - ECODE=$? + ECODE=${PIPESTATUS[0]} RESULT=$(cat $TMP_FILE) - if [[ "$ECODE" != "255" && "$ECODE" != "0" ]]; then - # Ssh exists 255 if the connection timed out. Just ignore that, it's possible that this node is - # a shell node that is down. - title "ERROR running command on $node: exit code $ECODE" + if [[ "$ECODE" != "255" && ! ("$RESULT" =~ 'already in progress') && "$ECODE" != "2" && "$ECODE" != "0" ]]; then + # Ssh exits 255 if the connection timed out. Just ignore that. + # Puppet exits 2 if there are changes. For real! + # Puppet prints 'Notice: Run of Puppet configuration client already in progress' if another puppet process + # was already running + echo "ERROR running puppet on $node: exit code $ECODE" if [[ "$DEBUG" == "0" ]]; then title "Command output follows:" echo $RESULT @@ -135,26 +221,34 @@ function run_command() { title "Connection timed out" ECODE=0 fi - rm -f $TMP_FILE - eval "$return_var=$ECODE" + if [[ "$ECODE" == "2" ]]; then + ECODE=0 + fi + + if [[ "$ECODE" == "0" ]]; then + rm -f $TMP_FILE + echo $node successfully updated + else + echo $node exit code: $ECODE see $TMP_FILE for details + fi } -title "Updating API server" -SUM_ECODE=0 -run_puppet $IDENTIFIER.arvadosapi.com ECODE -SUM_ECODE=$(($SUM_ECODE + $ECODE)) -run_command $IDENTIFIER.arvadosapi.com ECODE "/usr/local/rvm/bin/rvm-exec /usr/local/bin/arvados-api-server-upgrade.sh" -SUM_ECODE=$(($SUM_ECODE + $ECODE)) -if [ ! "$IDENTIFIER" = "c97qk" ] -then - run_command $IDENTIFIER.arvadosapi.com ECODE "dpkg -L arvados-mailchimp-plugin 2>/dev/null && apt-get install arvados-mailchimp-plugin --reinstall || echo" +if [[ "$NODE" == "" ]] || [[ "$NODE" == "$IDENTIFIER.arvadosapi.com" ]]; then + title "Updating API server" + SUM_ECODE=0 + update_node $IDENTIFIER.arvadosapi.com ECODE SUM_ECODE=$(($SUM_ECODE + $ECODE)) + + if [[ "$SUM_ECODE" != "0" ]]; then + title "ERROR: Updating API server FAILED" + EXITCODE=$(($EXITCODE + $SUM_ECODE)) + exit $EXITCODE + fi fi -if [[ "$SUM_ECODE" != "0" ]]; then - title "ERROR: Updating API server FAILED" - EXITCODE=$(($EXITCODE + $SUM_ECODE)) - exit $EXITCODE +if [[ "$NODE" == "$IDENTIFIER.arvadosapi.com" ]]; then + # we are done + exit 0 fi title "Loading ARVADOS_API_HOST and ARVADOS_API_TOKEN" @@ -168,67 +262,18 @@ if [[ "$ARVADOS_API_HOST" == "" ]] || [[ "$ARVADOS_API_TOKEN" == "" ]]; then exit 1 fi -title "Locating Arvados Standard Docker images project" - -JSON_FILTER="[[\"name\", \"=\", \"Arvados Standard Docker Images\"], [\"owner_uuid\", \"=\", \"$IDENTIFIER-tpzed-000000000000000\"]]" -DOCKER_IMAGES_PROJECT=`ARVADOS_API_HOST=$ARVADOS_API_HOST ARVADOS_API_TOKEN=$ARVADOS_API_TOKEN arv --format=uuid group list --filters="$JSON_FILTER"` - -if [[ "$DOCKER_IMAGES_PROJECT" == "" ]]; then - title "Warning: Arvados Standard Docker Images project not found. Creating it." - - DOCKER_IMAGES_PROJECT=`ARVADOS_API_HOST=$ARVADOS_API_HOST ARVADOS_API_TOKEN=$ARVADOS_API_TOKEN arv --format=uuid group create --group "{\"owner_uuid\":\"$IDENTIFIER-tpzed-000000000000000\", \"name\":\"Arvados Standard Docker Images\", \"group_class\":\"project\"}"` - ARVADOS_API_HOST=$ARVADOS_API_HOST ARVADOS_API_TOKEN=$ARVADOS_API_TOKEN arv link create --link "{\"tail_uuid\":\"$IDENTIFIER-j7d0g-fffffffffffffff\", \"head_uuid\":\"$DOCKER_IMAGES_PROJECT\", \"link_class\":\"permission\", \"name\":\"can_read\" }" - if [[ "$?" != "0" ]]; then - title "ERROR: could not create standard Docker images project Please create it, cf. http://doc.arvados.org/install/create-standard-objects.html" - exit 1 - fi +title "Gathering list of nodes" +start_nodes="workbench" +if [[ "$IDENTIFIER" != "ce8i5" ]] && [[ "$IDENTIFIER" != "tordo" ]]; then + start_nodes="$start_nodes manage switchyard" fi - -title "Found Arvados Standard Docker Images project with uuid $DOCKER_IMAGES_PROJECT" -GIT_COMMIT=`ssh -o "StrictHostKeyChecking no" $IDENTIFIER cat /usr/local/arvados/src/git-commit.version` - -if [[ "$?" != "0" ]] || [[ "$GIT_COMMIT" == "" ]]; then - title "ERROR: unable to get arvados/jobs Docker image git revision" - exit 1 -else - title "Found git commit for arvados/jobs Docker image: $GIT_COMMIT" -fi - -run_command shell.$IDENTIFIER ECODE "ARVADOS_API_HOST=$ARVADOS_API_HOST ARVADOS_API_TOKEN=$ARVADOS_API_TOKEN /usr/local/rvm/bin/rvm-exec default arv keep docker" |grep -q $GIT_COMMIT - -if [[ "$?" == "0" ]]; then - title "Found latest arvados/jobs Docker image, nothing to upload" -else - title "Installing latest arvados/jobs Docker image" - ssh -o "StrictHostKeyChecking no" shell.$IDENTIFIER "ARVADOS_API_HOST=$ARVADOS_API_HOST ARVADOS_API_TOKEN=$ARVADOS_API_TOKEN /usr/local/rvm/bin/rvm-exec default arv keep docker --pull --project-uuid=$DOCKER_IMAGES_PROJECT arvados/jobs $GIT_COMMIT" - if [[ "$?" -ne 0 ]]; then - title "'git pull' failed exiting..." - exit 1 - fi -fi - -title "Gathering list of shell and Keep nodes" SHELL_NODES=`ARVADOS_API_HOST=$ARVADOS_API_HOST ARVADOS_API_TOKEN=$ARVADOS_API_TOKEN arv virtual_machine list |jq .items[].hostname -r` KEEP_NODES=`ARVADOS_API_HOST=$ARVADOS_API_HOST ARVADOS_API_TOKEN=$ARVADOS_API_TOKEN arv keep_service list |jq .items[].service_host -r` +SHELL_NODE_FOR_ARV_KEEPDOCKER="shell.$IDENTIFIER" +start_nodes="$start_nodes $SHELL_NODES $KEEP_NODES" -title "Updating workbench" -SUM_ECODE=0 -if [[ `host workbench.$ARVADOS_API_HOST |cut -f4 -d' '` != `host $ARVADOS_API_HOST |cut -f4 -d' '` ]]; then - # Workbench runs on a separate host. We need to run puppet there too. - run_puppet workbench.$IDENTIFIER ECODE - SUM_ECODE=$(($SUM_ECODE + $ECODE)) -fi - -run_command workbench.$IDENTIFIER ECODE "/usr/local/rvm/bin/rvm-exec /usr/local/bin/arvados-workbench-upgrade.sh" -SUM_ECODE=$(($SUM_ECODE + $ECODE)) - -if [[ "$SUM_ECODE" != "0" ]]; then - title "ERROR: Updating workbench FAILED" - EXITCODE=$(($EXITCODE + $SUM_ECODE)) - exit $EXITCODE -fi - -for n in manage switchyard $SHELL_NODES $KEEP_NODES; do +nodes="" +for n in $start_nodes; do ECODE=0 if [[ $n =~ $ARVADOS_API_HOST$ ]]; then # e.g. keep.qr1hi.arvadosapi.com @@ -237,15 +282,98 @@ for n in manage switchyard $SHELL_NODES $KEEP_NODES; do # e.g. shell node=$n.$ARVADOS_API_HOST fi + if [[ "$NODE" == "" ]] || [[ "$NODE" == "$node" ]]; then + # e.g. keep.qr1hi + nodes="$nodes ${node%.arvadosapi.com}" + fi +done - # e.g. keep.qr1hi - node=${node%.arvadosapi.com} +if [[ "$nodes" != "" ]]; then + ## at this point nodes should be an array containing + ## manage.qr1hi, keep.qr1hi, etc + ## that should be defined in the .ssh/config file + title "Updating in parallel:$nodes" + export -f update_node + export -f run_puppet + export -f run_apt + export -f title + export SSH_PORT + export PUPPET_AGENT + export APT_AGENT + export UNMANAGED + echo $nodes|xargs -d " " -n 1 -P $PUPPET_CONCURRENCY -I {} bash -c "update_node {}" +fi - title "Updating $node" - run_puppet $node ECODE - if [[ "$ECODE" != "0" ]]; then - title "ERROR: Updating $node node FAILED: exit code $ECODE" - EXITCODE=$(($EXITCODE + $ECODE)) - exit $EXITCODE +if [[ "$NODE" == "" ]]; then + title "Locating Arvados Standard Docker images project" + + JSON_FILTER="[[\"name\", \"=\", \"Arvados Standard Docker Images\"], [\"owner_uuid\", \"=\", \"$IDENTIFIER-tpzed-000000000000000\"]]" + DOCKER_IMAGES_PROJECT=`ARVADOS_API_HOST=$ARVADOS_API_HOST ARVADOS_API_TOKEN=$ARVADOS_API_TOKEN arv --format=uuid group list --filters="$JSON_FILTER"` + + if [[ "$DOCKER_IMAGES_PROJECT" == "" ]]; then + title "Warning: Arvados Standard Docker Images project not found. Creating it." + + DOCKER_IMAGES_PROJECT=`ARVADOS_API_HOST=$ARVADOS_API_HOST ARVADOS_API_TOKEN=$ARVADOS_API_TOKEN arv --format=uuid group create --group "{\"owner_uuid\":\"$IDENTIFIER-tpzed-000000000000000\", \"name\":\"Arvados Standard Docker Images\", \"group_class\":\"project\"}"` + ARVADOS_API_HOST=$ARVADOS_API_HOST ARVADOS_API_TOKEN=$ARVADOS_API_TOKEN arv link create --link "{\"tail_uuid\":\"$IDENTIFIER-j7d0g-fffffffffffffff\", \"head_uuid\":\"$DOCKER_IMAGES_PROJECT\", \"link_class\":\"permission\", \"name\":\"can_read\" }" + if [[ "$?" != "0" ]]; then + title "ERROR: could not create standard Docker images project Please create it, cf. http://doc.arvados.org/install/create-standard-objects.html" + exit 1 + fi fi -done + + title "Found Arvados Standard Docker Images project with uuid $DOCKER_IMAGES_PROJECT" + + if [[ "$SHELL_NODE_FOR_ARV_KEEPDOCKER" == "" ]]; then + VERSION=`ssh -t -p$SSH_PORT -o "StrictHostKeyChecking no" -o "ConnectTimeout 125" -o "LogLevel QUIET" $IDENTIFIER apt-cache policy python3-arvados-cwl-runner|grep Candidate` + VERSION=`echo $VERSION|cut -f2 -d' '|cut -f1 -d-` + + if [[ "$?" != "0" ]] || [[ "$VERSION" == "" ]]; then + title "ERROR: unable to get python3-arvados-cwl-runner version" + exit 1 + else + title "Found version for python3-arvados-cwl-runner: $VERSION" + fi + + set +e + CLEAN_VERSION=`echo $VERSION | sed s/~dev/.dev/g | sed s/~rc/rc/g` + ARVADOS_API_HOST=$ARVADOS_API_HOST ARVADOS_API_TOKEN=$ARVADOS_API_TOKEN arv-keepdocker |grep -qP "arvados/jobs +$CLEAN_VERSION " + if [[ $? -eq 0 ]]; then + set -e + title "Found arvados/jobs Docker image version $CLEAN_VERSION, nothing to upload" + else + set -e + title "Installing arvados/jobs Docker image version $CLEAN_VERSION" + ARVADOS_API_HOST=$ARVADOS_API_HOST ARVADOS_API_TOKEN=$ARVADOS_API_TOKEN arv-keepdocker --pull --project-uuid=$DOCKER_IMAGES_PROJECT arvados/jobs $CLEAN_VERSION + if [[ $? -ne 0 ]]; then + title "'arv-keepdocker' failed..." + exit 1 + fi + fi + else + VERSION=`ssh -t -p$SSH_PORT -o "StrictHostKeyChecking no" -o "ConnectTimeout 125" -o "LogLevel QUIET" $SHELL_NODE_FOR_ARV_KEEPDOCKER apt-cache policy python3-arvados-cwl-runner|grep Candidate` + VERSION=`echo $VERSION|cut -f2 -d' '|cut -f1 -d-` + + if [[ "$?" != "0" ]] || [[ "$VERSION" == "" ]]; then + title "ERROR: unable to get python3-arvados-cwl-runner version" + exit 1 + else + title "Found version for python3-arvados-cwl-runner: $VERSION" + fi + + set +e + CLEAN_VERSION=`echo $VERSION | sed s/~dev/.dev/g | sed s/~rc/rc/g` + ssh -t -p$SSH_PORT -o "StrictHostKeyChecking no" -o "ConnectTimeout 125" -o "LogLevel QUIET" $SHELL_NODE_FOR_ARV_KEEPDOCKER "ARVADOS_API_HOST=$ARVADOS_API_HOST ARVADOS_API_TOKEN=$ARVADOS_API_TOKEN arv-keepdocker" |grep -qP "arvados/jobs +$CLEAN_VERSION " + if [[ $? -eq 0 ]]; then + set -e + title "Found arvados/jobs Docker image version $CLEAN_VERSION, nothing to upload" + else + set -e + title "Installing arvados/jobs Docker image version $CLEAN_VERSION" + ssh -t -p$SSH_PORT -o "StrictHostKeyChecking no" -o "ConnectTimeout 125" -o "LogLevel QUIET" $SHELL_NODE_FOR_ARV_KEEPDOCKER "ARVADOS_API_HOST=$ARVADOS_API_HOST ARVADOS_API_TOKEN=$ARVADOS_API_TOKEN arv-keepdocker --pull --project-uuid=$DOCKER_IMAGES_PROJECT arvados/jobs $CLEAN_VERSION" + if [[ $? -ne 0 ]]; then + title "'arv-keepdocker' failed..." + exit 1 + fi + fi + fi +fi