3 # Copyright (C) The Arvados Authors. All rights reserved.
5 # SPDX-License-Identifier: CC-BY-SA-3.0
7 # If you want to test arvados in a single host, you can run this script, which
8 # will install it using salt masterless
9 # This script is run by the Vagrant file when you run it with
15 # capture the directory that the script is running from
16 SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
20 echo >&2 "Usage: ${0} [-h] [-h]"
22 echo >&2 "${0} options:"
23 echo >&2 " -d, --debug Run salt installation in debug mode"
24 echo >&2 " -c <local.params>, --config <local.params> Path to the local.params config file"
25 echo >&2 " -t, --test Test installation running a CWL workflow"
26 echo >&2 " -r, --roles List of Arvados roles to apply to the host, comma separated"
27 echo >&2 " Possible values are:"
29 echo >&2 " controller"
30 echo >&2 " dispatcher"
38 echo >&2 " workbench2"
39 echo >&2 " Defaults to applying them all"
40 echo >&2 " -h, --help Display this help and exit"
41 echo >&2 " --dump-config <dest_dir> Dumps the pillars and states to a directory"
42 echo >&2 " This parameter does not perform any installation at all. It's"
43 echo >&2 " intended to give you a parsed sot of configuration files so"
44 echo >&2 " you can inspect them or use them in you Saltstack infrastructure."
46 echo >&2 " - parses the pillar and states templates,"
47 echo >&2 " - downloads the helper formulas with their desired versions,"
48 echo >&2 " - prepares the 'top.sls' files both for pillars and states"
49 echo >&2 " for the selected role/s"
50 echo >&2 " - writes the resulting files into <dest_dir>"
51 echo >&2 " -v, --vagrant Run in vagrant and use the /vagrant shared dir"
56 # NOTE: This requires GNU getopt (part of the util-linux package on Debian-based distros).
57 if ! which getopt > /dev/null; then
58 echo >&2 "GNU getopt is required to run this script. Please install it and re-reun it"
62 TEMP=$(getopt -o c:dhp:r:tv \
63 --long config:,debug,dump-config:,help,roles:,test,vagrant \
67 then echo "Please check the parameters you entered and re-run again"
70 # Note the quotes around `$TEMP': they are essential!
73 while [ ${#} -ge 1 ]; do
85 if [[ ${2} = /* ]]; then
86 DUMP_SALT_CONFIG_DIR=${2}
88 DUMP_SALT_CONFIG_DIR=${PWD}/${2}
91 S_DIR="${DUMP_SALT_CONFIG_DIR}/salt"
93 F_DIR="${DUMP_SALT_CONFIG_DIR}/formulas"
95 P_DIR="${DUMP_SALT_CONFIG_DIR}/pillars"
97 T_DIR="${DUMP_SALT_CONFIG_DIR}/tests"
104 # Verify the role exists
105 if [[ ! "database,api,controller,keepstore,websocket,keepweb,workbench2,webshell,keepproxy,shell,workbench,dispatcher" == *"$i"* ]]; then
106 echo "The role '${i}' is not a valid role"
110 ROLES="${ROLES} ${i}"
134 CONFIG_FILE="${SCRIPT_DIR}/local.params"
135 CONFIG_DIR="local_config_dir"
138 CONTROLLER_EXT_SSL_PORT=443
144 # Hostnames/IPs used for single-host deploys
146 HOSTNAME_INT="127.0.1.1"
150 INITIAL_USER_EMAIL=""
151 INITIAL_USER_PASSWORD=""
153 CONTROLLER_EXT_SSL_PORT=8000
154 KEEP_EXT_SSL_PORT=25101
155 # Both for collections and downloads
156 KEEPWEB_EXT_SSL_PORT=9002
157 WEBSHELL_EXT_SSL_PORT=4202
158 WEBSOCKET_EXT_SSL_PORT=8002
159 WORKBENCH1_EXT_SSL_PORT=443
160 WORKBENCH2_EXT_SSL_PORT=3001
162 ## These are ARVADOS-related parameters
163 # For a stable release, change RELEASE "production" and VERSION to the
164 # package version (including the iteration, e.g. X.Y.Z-1) of the
169 # These are arvados-formula-related parameters
170 # An arvados-formula tag. For a stable release, this should be a
171 # branch name (e.g. X.Y-dev) or tag for the release.
172 ARVADOS_TAG="2.2-dev"
174 # Other formula versions we depend on
175 POSTGRES_TAG="v0.41.6"
176 NGINX_TAG="temp-fix-missing-statements-in-pillar"
179 LETSENCRYPT_TAG="v2.1.0"
182 DUMP_SALT_CONFIG_DIR=""
186 F_DIR="/srv/formulas"
190 T_DIR="/tmp/cluster_tests"
194 if [ -s ${CONFIG_FILE} ]; then
195 source ${CONFIG_FILE}
197 echo >&2 "You don't seem to have a config file with initial values."
198 echo >&2 "Please create a '${CONFIG_FILE}' file as described in"
199 echo >&2 " * https://doc.arvados.org/install/salt-single-host.html#single_host, or"
200 echo >&2 " * https://doc.arvados.org/install/salt-multi-host.html#multi_host_multi_hostnames"
204 if [ ! -d ${CONFIG_DIR} ]; then
205 echo >&2 "You don't seem to have a config directory with pillars and states."
206 echo >&2 "Please create a '${CONFIG_DIR}' directory (as configured in your '${CONFIG_FILE}'). Please see"
207 echo >&2 " * https://doc.arvados.org/install/salt-single-host.html#single_host, or"
208 echo >&2 " * https://doc.arvados.org/install/salt-multi-host.html#multi_host_multi_hostnames"
212 if grep -q 'fixme_or_this_wont_work' ${CONFIG_FILE} ; then
213 echo >&2 "The config file ${CONFIG_FILE} has some parameters that need to be modified."
214 echo >&2 "Please, fix them and re-run the provision script."
218 if ! grep -qE '^[[:alnum:]]{5}$' <<<${CLUSTER} ; then
219 echo >&2 "ERROR: <CLUSTER> must be exactly 5 alphanumeric characters long"
220 echo >&2 "Fix the cluster name in the 'local.params' file and re-run the provision script"
224 # Only used in single_host/single_name deploys
225 if [ "x${HOSTNAME_EXT}" = "x" ] ; then
226 HOSTNAME_EXT="${CLUSTER}.${DOMAIN}"
229 if [ "${DUMP_CONFIG}" = "yes" ]; then
230 echo "The provision installer will just dump a config under ${DUMP_SALT_CONFIG_DIR} and exit"
233 apt-get install -y curl git jq
235 if which salt-call; then
236 echo "Salt already installed"
238 curl -L https://bootstrap.saltstack.com -o /tmp/bootstrap_salt.sh
239 sh /tmp/bootstrap_salt.sh -XdfP -x python3
240 /bin/systemctl stop salt-minion.service
241 /bin/systemctl disable salt-minion.service
244 # Set salt to masterless mode
245 cat > /etc/salt/minion << EOFSM
258 mkdir -p ${S_DIR} ${F_DIR} ${P_DIR} ${T_DIR}
260 # Get the formula and dependencies
261 cd ${F_DIR} || exit 1
262 echo "Cloning formulas"
263 rm -rf ${F_DIR}/* || exit 1
264 git clone --quiet https://github.com/saltstack-formulas/docker-formula.git ${F_DIR}/docker
265 ( cd docker && git checkout --quiet tags/"${DOCKER_TAG}" -b "${DOCKER_TAG}" )
267 git clone --quiet https://github.com/saltstack-formulas/locale-formula.git ${F_DIR}/locale
268 ( cd locale && git checkout --quiet tags/"${LOCALE_TAG}" -b "${LOCALE_TAG}" )
270 git clone --quiet https://github.com/netmanagers/nginx-formula.git ${F_DIR}/nginx
271 ( cd nginx && git checkout --quiet tags/"${NGINX_TAG}" -b "${NGINX_TAG}" )
273 git clone --quiet https://github.com/saltstack-formulas/postgres-formula.git ${F_DIR}/postgres
274 ( cd postgres && git checkout --quiet tags/"${POSTGRES_TAG}" -b "${POSTGRES_TAG}" )
276 git clone --quiet https://github.com/saltstack-formulas/letsencrypt-formula.git ${F_DIR}/letsencrypt
277 ( cd letsencrypt && git checkout --quiet tags/"${LETSENCRYPT_TAG}" -b "${LETSENCRYPT_TAG}" )
279 git clone --quiet https://git.arvados.org/arvados-formula.git ${F_DIR}/arvados
281 # If we want to try a specific branch of the formula
282 if [ "x${BRANCH}" != "x" ]; then
283 ( cd ${F_DIR}/arvados && git checkout --quiet -t origin/"${BRANCH}" -b "${BRANCH}" )
284 elif [ "x${ARVADOS_TAG}" != "x" ]; then
285 ( cd ${F_DIR}/arvados && git checkout --quiet tags/"${ARVADOS_TAG}" -b "${ARVADOS_TAG}" )
288 if [ "x${VAGRANT}" = "xyes" ]; then
289 EXTRA_STATES_DIR="/home/vagrant/${CONFIG_DIR}/states"
290 SOURCE_PILLARS_DIR="/home/vagrant/${CONFIG_DIR}/pillars"
291 SOURCE_TESTS_DIR="/home/vagrant/${TESTS_DIR}"
293 EXTRA_STATES_DIR="${SCRIPT_DIR}/${CONFIG_DIR}/states"
294 SOURCE_PILLARS_DIR="${SCRIPT_DIR}/${CONFIG_DIR}/pillars"
295 SOURCE_TESTS_DIR="${SCRIPT_DIR}/${TESTS_DIR}"
298 SOURCE_STATES_DIR="${EXTRA_STATES_DIR}"
300 echo "Writing pillars and states"
302 # Replace variables (cluster, domain, etc) in the pillars, states and tests
303 # to ease deployment for newcomers
304 if [ ! -d "${SOURCE_PILLARS_DIR}" ]; then
305 echo "${SOURCE_PILLARS_DIR} does not exist or is not a directory. Exiting."
308 for f in $(ls "${SOURCE_PILLARS_DIR}"/*); do
309 sed "s#__ANONYMOUS_USER_TOKEN__#${ANONYMOUS_USER_TOKEN}#g;
310 s#__BLOB_SIGNING_KEY__#${BLOB_SIGNING_KEY}#g;
311 s#__CONTROLLER_EXT_SSL_PORT__#${CONTROLLER_EXT_SSL_PORT}#g;
312 s#__CLUSTER__#${CLUSTER}#g;
313 s#__DOMAIN__#${DOMAIN}#g;
314 s#__HOSTNAME_EXT__#${HOSTNAME_EXT}#g;
315 s#__HOSTNAME_INT__#${HOSTNAME_INT}#g;
316 s#__INITIAL_USER_EMAIL__#${INITIAL_USER_EMAIL}#g;
317 s#__INITIAL_USER_PASSWORD__#${INITIAL_USER_PASSWORD}#g;
318 s#__INITIAL_USER__#${INITIAL_USER}#g;
319 s#__LE_AWS_REGION__#${LE_AWS_REGION}#g;
320 s#__LE_AWS_SECRET_ACCESS_KEY__#${LE_AWS_SECRET_ACCESS_KEY}#g;
321 s#__LE_AWS_ACCESS_KEY_ID__#${LE_AWS_ACCESS_KEY_ID}#g;
322 s#__DATABASE_PASSWORD__#${DATABASE_PASSWORD}#g;
323 s#__KEEPWEB_EXT_SSL_PORT__#${KEEPWEB_EXT_SSL_PORT}#g;
324 s#__KEEP_EXT_SSL_PORT__#${KEEP_EXT_SSL_PORT}#g;
325 s#__MANAGEMENT_TOKEN__#${MANAGEMENT_TOKEN}#g;
326 s#__RELEASE__#${RELEASE}#g;
327 s#__SYSTEM_ROOT_TOKEN__#${SYSTEM_ROOT_TOKEN}#g;
328 s#__VERSION__#${VERSION}#g;
329 s#__WEBSHELL_EXT_SSL_PORT__#${WEBSHELL_EXT_SSL_PORT}#g;
330 s#__WEBSOCKET_EXT_SSL_PORT__#${WEBSOCKET_EXT_SSL_PORT}#g;
331 s#__WORKBENCH1_EXT_SSL_PORT__#${WORKBENCH1_EXT_SSL_PORT}#g;
332 s#__WORKBENCH2_EXT_SSL_PORT__#${WORKBENCH2_EXT_SSL_PORT}#g;
333 s#__CLUSTER_INT_CIDR__#${CLUSTER_INT_CIDR}#g;
334 s#__CONTROLLER_INT_IP__#${CONTROLLER_INT_IP}#g;
335 s#__WEBSOCKET_INT_IP__#${WEBSOCKET_INT_IP}#g;
336 s#__KEEP_INT_IP__#${KEEP_INT_IP}#g;
337 s#__KEEPSTORE0_INT_IP__#${KEEPSTORE0_INT_IP}#g;
338 s#__KEEPSTORE1_INT_IP__#${KEEPSTORE1_INT_IP}#g;
339 s#__KEEPWEB_INT_IP__#${KEEPWEB_INT_IP}#g;
340 s#__WEBSHELL_INT_IP__#${WEBSHELL_INT_IP}#g;
341 s#__SHELL_INT_IP__#${SHELL_INT_IP}#g;
342 s#__WORKBENCH1_INT_IP__#${WORKBENCH1_INT_IP}#g;
343 s#__WORKBENCH2_INT_IP__#${WORKBENCH2_INT_IP}#g;
344 s#__DATABASE_INT_IP__#${DATABASE_INT_IP}#g;
345 s#__WORKBENCH_SECRET_KEY__#${WORKBENCH_SECRET_KEY}#g" \
346 "${f}" > "${P_DIR}"/$(basename "${f}")
349 if [ "x${TEST}" = "xyes" ] && [ ! -d "${SOURCE_TESTS_DIR}" ]; then
350 echo "You requested to run tests, but ${SOURCE_TESTS_DIR} does not exist or is not a directory. Exiting."
354 # Replace cluster and domain name in the test files
355 for f in $(ls "${SOURCE_TESTS_DIR}"/*); do
356 sed "s#__CLUSTER__#${CLUSTER}#g;
357 s#__CONTROLLER_EXT_SSL_PORT__#${CONTROLLER_EXT_SSL_PORT}#g;
358 s#__DOMAIN__#${DOMAIN}#g;
359 s#__HOSTNAME_INT__#${HOSTNAME_INT}#g;
360 s#__INITIAL_USER_EMAIL__#${INITIAL_USER_EMAIL}#g;
361 s#__INITIAL_USER_PASSWORD__#${INITIAL_USER_PASSWORD}#g
362 s#__INITIAL_USER__#${INITIAL_USER}#g;
363 s#__DATABASE_PASSWORD__#${DATABASE_PASSWORD}#g;
364 s#__SYSTEM_ROOT_TOKEN__#${SYSTEM_ROOT_TOKEN}#g" \
365 "${f}" > ${T_DIR}/$(basename "${f}")
367 chmod 755 ${T_DIR}/run-test.sh
369 # Replace helper state files that differ from the formula's examples
370 if [ -d "${SOURCE_STATES_DIR}" ]; then
371 mkdir -p "${F_DIR}"/extra/extra
373 for f in $(ls "${SOURCE_STATES_DIR}"/*); do
374 sed "s#__ANONYMOUS_USER_TOKEN__#${ANONYMOUS_USER_TOKEN}#g;
375 s#__CLUSTER__#${CLUSTER}#g;
376 s#__BLOB_SIGNING_KEY__#${BLOB_SIGNING_KEY}#g;
377 s#__CONTROLLER_EXT_SSL_PORT__#${CONTROLLER_EXT_SSL_PORT}#g;
378 s#__DOMAIN__#${DOMAIN}#g;
379 s#__HOSTNAME_EXT__#${HOSTNAME_EXT}#g;
380 s#__HOSTNAME_INT__#${HOSTNAME_INT}#g;
381 s#__INITIAL_USER_EMAIL__#${INITIAL_USER_EMAIL}#g;
382 s#__INITIAL_USER_PASSWORD__#${INITIAL_USER_PASSWORD}#g;
383 s#__INITIAL_USER__#${INITIAL_USER}#g;
384 s#__DATABASE_PASSWORD__#${DATABASE_PASSWORD}#g;
385 s#__KEEPWEB_EXT_SSL_PORT__#${KEEPWEB_EXT_SSL_PORT}#g;
386 s#__KEEP_EXT_SSL_PORT__#${KEEP_EXT_SSL_PORT}#g;
387 s#__MANAGEMENT_TOKEN__#${MANAGEMENT_TOKEN}#g;
388 s#__RELEASE__#${RELEASE}#g;
389 s#__SYSTEM_ROOT_TOKEN__#${SYSTEM_ROOT_TOKEN}#g;
390 s#__VERSION__#${VERSION}#g;
391 s#__CLUSTER_INT_CIDR__#${CLUSTER_INT_CIDR}#g;
392 s#__CONTROLLER_INT_IP__#${CONTROLLER_INT_IP}#g;
393 s#__WEBSOCKET_INT_IP__#${WEBSOCKET_INT_IP}#g;
394 s#__KEEP_INT_IP__#${KEEP_INT_IP}#g;
395 s#__KEEPSTORE0_INT_IP__#${KEEPSTORE0_INT_IP}#g;
396 s#__KEEPSTORE1_INT_IP__#${KEEPSTORE1_INT_IP}#g;
397 s#__KEEPWEB_INT_IP__#${KEEPWEB_INT_IP}#g;
398 s#__WEBSHELL_INT_IP__#${WEBSHELL_INT_IP}#g;
399 s#__WORKBENCH1_INT_IP__#${WORKBENCH1_INT_IP}#g;
400 s#__WORKBENCH2_INT_IP__#${WORKBENCH2_INT_IP}#g;
401 s#__DATABASE_INT_IP__#${DATABASE_INT_IP}#g;
402 s#__WEBSHELL_EXT_SSL_PORT__#${WEBSHELL_EXT_SSL_PORT}#g;
403 s#__WEBSOCKET_EXT_SSL_PORT__#${WEBSOCKET_EXT_SSL_PORT}#g;
404 s#__WORKBENCH1_EXT_SSL_PORT__#${WORKBENCH1_EXT_SSL_PORT}#g;
405 s#__WORKBENCH2_EXT_SSL_PORT__#${WORKBENCH2_EXT_SSL_PORT}#g;
406 s#__WORKBENCH_SECRET_KEY__#${WORKBENCH_SECRET_KEY}#g" \
407 "${f}" > "${F_DIR}/extra/extra"/$(basename "${f}")
411 # Now, we build the SALT states/pillars trees
412 # As we need to separate both states and pillars in case we want specific
413 # roles, we iterate on both at the same time
416 cat > ${S_DIR}/top.sls << EOFTSLS
423 cat > ${P_DIR}/top.sls << EOFPSLS
430 # States, extra states
431 if [ -d "${F_DIR}"/extra/extra ]; then
432 for f in $(ls "${F_DIR}"/extra/extra/*.sls); do
433 echo " - extra.$(basename ${f} | sed 's/.sls$//g')" >> ${S_DIR}/top.sls
437 # If we want specific roles for a node, just add the desired states
438 # and its dependencies
439 if [ -z "${ROLES}" ]; then
441 echo " - nginx.passenger" >> ${S_DIR}/top.sls
442 # Currently, only available on config_examples/multi_host/aws
443 if [ "x${USE_LETSENCRYPT}" = "xyes" ]; then
444 if [ "x${USE_LETSENCRYPT_IAM_USER}" = "xyes" ]; then
445 grep -q "aws_credentials" ${S_DIR}/top.sls || echo " - aws_credentials" >> ${S_DIR}/top.sls
447 grep -q "letsencrypt" ${S_DIR}/top.sls || echo " - letsencrypt" >> ${S_DIR}/top.sls
449 echo " - postgres" >> ${S_DIR}/top.sls
450 echo " - docker.software" >> ${S_DIR}/top.sls
451 echo " - arvados" >> ${S_DIR}/top.sls
454 echo " - docker" >> ${P_DIR}/top.sls
455 echo " - nginx_api_configuration" >> ${P_DIR}/top.sls
456 echo " - nginx_controller_configuration" >> ${P_DIR}/top.sls
457 echo " - nginx_keepproxy_configuration" >> ${P_DIR}/top.sls
458 echo " - nginx_keepweb_configuration" >> ${P_DIR}/top.sls
459 echo " - nginx_passenger" >> ${P_DIR}/top.sls
460 echo " - nginx_websocket_configuration" >> ${P_DIR}/top.sls
461 echo " - nginx_webshell_configuration" >> ${P_DIR}/top.sls
462 echo " - nginx_workbench2_configuration" >> ${P_DIR}/top.sls
463 echo " - nginx_workbench_configuration" >> ${P_DIR}/top.sls
464 echo " - postgresql" >> ${P_DIR}/top.sls
465 # Currently, only available on config_examples/multi_host/aws
466 if [ "x${USE_LETSENCRYPT}" = "xyes" ]; then
467 if [ "x${USE_LETSENCRYPT_IAM_USER}" = "xyes" ]; then
468 grep -q "aws_credentials" ${P_DIR}/top.sls || echo " - aws_credentials" >> ${P_DIR}/top.sls
470 grep -q "letsencrypt" ${P_DIR}/top.sls || echo " - letsencrypt" >> ${P_DIR}/top.sls
473 # If we add individual roles, make sure we add the repo first
474 echo " - arvados.repo" >> ${S_DIR}/top.sls
475 for R in ${ROLES}; do
479 echo " - postgres" >> ${S_DIR}/top.sls
481 echo ' - postgresql' >> ${P_DIR}/top.sls
485 # FIXME: https://dev.arvados.org/issues/17352
486 grep -q "postgres.client" ${S_DIR}/top.sls || echo " - postgres.client" >> ${S_DIR}/top.sls
487 grep -q "nginx.passenger" ${S_DIR}/top.sls || echo " - nginx.passenger" >> ${S_DIR}/top.sls
488 ### If we don't install and run LE before arvados-api-server, it fails and breaks everything
489 ### after it so we add this here, as we are, after all, sharing the host for api and controller
490 # Currently, only available on config_examples/multi_host/aws
491 if [ "x${USE_LETSENCRYPT}" = "xyes" ]; then
492 if [ "x${USE_LETSENCRYPT_IAM_USER}" = "xyes" ]; then
493 grep -q "aws_credentials" ${S_DIR}/top.sls || echo " - aws_credentials" >> ${S_DIR}/top.sls
495 grep -q "letsencrypt" ${S_DIR}/top.sls || echo " - letsencrypt" >> ${S_DIR}/top.sls
497 grep -q "arvados.${R}" ${S_DIR}/top.sls || echo " - arvados.${R}" >> ${S_DIR}/top.sls
499 grep -q "aws_credentials" ${P_DIR}/top.sls || echo " - aws_credentials" >> ${P_DIR}/top.sls
500 grep -q "docker" ${P_DIR}/top.sls || echo " - docker" >> ${P_DIR}/top.sls
501 grep -q "postgresql" ${P_DIR}/top.sls || echo " - postgresql" >> ${P_DIR}/top.sls
502 grep -q "nginx_passenger" ${P_DIR}/top.sls || echo " - nginx_passenger" >> ${P_DIR}/top.sls
503 grep -q "nginx_${R}_configuration" ${P_DIR}/top.sls || echo " - nginx_${R}_configuration" >> ${P_DIR}/top.sls
505 "controller" | "websocket" | "workbench" | "workbench2" | "webshell" | "keepweb" | "keepproxy")
507 grep -q "nginx.passenger" ${S_DIR}/top.sls || echo " - nginx.passenger" >> ${S_DIR}/top.sls
508 # Currently, only available on config_examples/multi_host/aws
509 if [ "x${USE_LETSENCRYPT}" = "xyes" ]; then
510 if [ "x${USE_LETSENCRYPT_IAM_USER}" = "xyes" ]; then
511 grep -q "aws_credentials" ${S_DIR}/top.sls || echo " - aws_credentials" >> ${S_DIR}/top.sls
513 grep -q "letsencrypt" ${S_DIR}/top.sls || echo " - letsencrypt" >> ${S_DIR}/top.sls
515 # webshell role is just a nginx vhost, so it has no state
516 if [ "${R}" != "webshell" ]; then
517 grep -q "arvados.${R}" ${S_DIR}/top.sls || echo " - arvados.${R}" >> ${S_DIR}/top.sls
520 grep -q "nginx_passenger" ${P_DIR}/top.sls || echo " - nginx_passenger" >> ${P_DIR}/top.sls
521 grep -q "nginx_${R}_configuration" ${P_DIR}/top.sls || echo " - nginx_${R}_configuration" >> ${P_DIR}/top.sls
522 # Currently, only available on config_examples/multi_host/aws
523 if [ "x${USE_LETSENCRYPT}" = "xyes" ]; then
524 if [ "x${USE_LETSENCRYPT_IAM_USER}" = "xyes" ]; then
525 grep -q "aws_credentials" ${P_DIR}/top.sls || echo " - aws_credentials" >> ${P_DIR}/top.sls
527 grep -q "letsencrypt" ${P_DIR}/top.sls || echo " - letsencrypt" >> ${P_DIR}/top.sls
528 grep -q "letsencrypt_${R}_configuration" ${P_DIR}/top.sls || echo " - letsencrypt_${R}_configuration" >> ${P_DIR}/top.sls
533 grep -q "docker" ${S_DIR}/top.sls || echo " - docker.software" >> ${S_DIR}/top.sls
534 grep -q "arvados.${R}" ${S_DIR}/top.sls || echo " - arvados.${R}" >> ${S_DIR}/top.sls
536 grep -q "" ${P_DIR}/top.sls || echo " - docker" >> ${P_DIR}/top.sls
540 grep -q "docker" ${S_DIR}/top.sls || echo " - docker.software" >> ${S_DIR}/top.sls
541 grep -q "arvados.${R}" ${S_DIR}/top.sls || echo " - arvados.${R}" >> ${S_DIR}/top.sls
543 # ATM, no specific pillar needed
547 grep -q "arvados.${R}" ${S_DIR}/top.sls || echo " - arvados.${R}" >> ${S_DIR}/top.sls
549 # ATM, no specific pillar needed
552 echo "Unknown role ${R}"
559 if [ "${DUMP_CONFIG}" = "yes" ]; then
560 # We won't run the rest of the script because we're just dumping the config
564 # FIXME! #16992 Temporary fix for psql call in arvados-api-server
565 if [ -e /root/.psqlrc ]; then
566 if ! ( grep 'pset pager off' /root/.psqlrc ); then
568 cp /root/.psqlrc /root/.psqlrc.provision.backup
574 echo '\pset pager off' >> /root/.psqlrc
575 # END FIXME! #16992 Temporary fix for psql call in arvados-api-server
577 # Now run the install
578 salt-call --local state.apply -l ${LOG_LEVEL}
580 # FIXME! #16992 Temporary fix for psql call in arvados-api-server
581 if [ "x${DELETE_PSQL}" = "xyes" ]; then
582 echo "Removing .psql file"
586 if [ "x${RESTORE_PSQL}" = "xyes" ]; then
587 echo "Restoring .psql file"
588 mv -v /root/.psqlrc.provision.backup /root/.psqlrc
590 # END FIXME! #16992 Temporary fix for psql call in arvados-api-server
592 # Leave a copy of the Arvados CA so the user can copy it where it's required
593 echo "Copying the Arvados CA certificate to the installer dir, so you can import it"
594 # If running in a vagrant VM, also add default user to docker group
595 if [ "x${VAGRANT}" = "xyes" ]; then
596 cp /etc/ssl/certs/arvados-snakeoil-ca.pem /vagrant/${CLUSTER}.${DOMAIN}-arvados-snakeoil-ca.pem
598 echo "Adding the vagrant user to the docker group"
599 usermod -a -G docker vagrant
601 cp /etc/ssl/certs/arvados-snakeoil-ca.pem ${SCRIPT_DIR}/${CLUSTER}.${DOMAIN}-arvados-snakeoil-ca.pem
604 # Test that the installation finished correctly
605 if [ "x${TEST}" = "xyes" ]; then