tools/arvbox/lib/arvbox/docker/cluster-config.sh

   1 #!/bin/bash
   2 # Copyright (C) The Arvados Authors. All rights reserved.
   3 #
   4 # SPDX-License-Identifier: AGPL-3.0
   5
   6 exec 2>&1
   7 set -ex -o pipefail
   8
   9 export ARVADOS_CONTAINER_PATH=/var/lib/arvados-arvbox
  10
  11 if [[ -s /etc/arvados/config.yml ]] && [[ $ARVADOS_CONTAINER_PATH/cluster_config.yml.override -ot /etc/arvados/config.yml ]] ; then
  12    exit
  13 fi
  14
  15 . /usr/local/lib/arvbox/common.sh
  16
  17 set -u
  18
  19 if ! test -s $ARVADOS_CONTAINER_PATH/api_uuid_prefix ; then
  20   ruby -e 'puts "x#{rand(2**64).to_s(36)[0,4]}"' > $ARVADOS_CONTAINER_PATH/api_uuid_prefix
  21 fi
  22 uuid_prefix=$(cat $ARVADOS_CONTAINER_PATH/api_uuid_prefix)
  23
  24 if ! test -s $ARVADOS_CONTAINER_PATH/api_secret_token ; then
  25     ruby -e 'puts rand(2**400).to_s(36)' > $ARVADOS_CONTAINER_PATH/api_secret_token
  26 fi
  27 secret_token=$(cat $ARVADOS_CONTAINER_PATH/api_secret_token)
  28
  29 if ! test -s $ARVADOS_CONTAINER_PATH/blob_signing_key ; then
  30     ruby -e 'puts rand(2**400).to_s(36)' > $ARVADOS_CONTAINER_PATH/blob_signing_key
  31 fi
  32 blob_signing_key=$(cat $ARVADOS_CONTAINER_PATH/blob_signing_key)
  33
  34 if ! test -s $ARVADOS_CONTAINER_PATH/management_token ; then
  35     ruby -e 'puts rand(2**400).to_s(36)' > $ARVADOS_CONTAINER_PATH/management_token
  36 fi
  37 management_token=$(cat $ARVADOS_CONTAINER_PATH/management_token)
  38
  39 if ! test -s $ARVADOS_CONTAINER_PATH/system_root_token ; then
  40     ruby -e 'puts rand(2**400).to_s(36)' > $ARVADOS_CONTAINER_PATH/system_root_token
  41 fi
  42 system_root_token=$(cat $ARVADOS_CONTAINER_PATH/system_root_token)
  43
  44 if ! test -s $ARVADOS_CONTAINER_PATH/vm-uuid ; then
  45     echo $uuid_prefix-2x53u-$(ruby -e 'puts rand(2**400).to_s(36)[0,15]') > $ARVADOS_CONTAINER_PATH/vm-uuid
  46 fi
  47 vm_uuid=$(cat $ARVADOS_CONTAINER_PATH/vm-uuid)
  48
  49 if ! test -f $ARVADOS_CONTAINER_PATH/api_database_pw ; then
  50     ruby -e 'puts rand(2**128).to_s(36)' > $ARVADOS_CONTAINER_PATH/api_database_pw
  51 fi
  52 database_pw=$(cat $ARVADOS_CONTAINER_PATH/api_database_pw)
  53
  54 if ! (psql postgres -c "\du" | grep "^ arvados ") >/dev/null ; then
  55     psql postgres -c "create user arvados with password '$database_pw'"
  56 fi
  57 psql postgres -c "ALTER USER arvados WITH SUPERUSER;"
  58
  59 if ! test -s $ARVADOS_CONTAINER_PATH/workbench_secret_token ; then
  60   ruby -e 'puts rand(2**400).to_s(36)' > $ARVADOS_CONTAINER_PATH/workbench_secret_token
  61 fi
  62 workbench_secret_key_base=$(cat $ARVADOS_CONTAINER_PATH/workbench_secret_token)
  63
  64 if test -s $ARVADOS_CONTAINER_PATH/api_rails_env ; then
  65   database_env=$(cat $ARVADOS_CONTAINER_PATH/api_rails_env)
  66 else
  67   database_env=development
  68 fi
  69
  70 cat >$ARVADOS_CONTAINER_PATH/cluster_config.yml <<EOF
  71 Clusters:
  72   ${uuid_prefix}:
  73     SystemRootToken: $system_root_token
  74     ManagementToken: $management_token
  75     Services:
  76       RailsAPI:
  77         InternalURLs:
  78           "http://localhost:${services[api]}": {}
  79       Workbench1:
  80         ExternalURL: "https://$localip:${services[workbench]}"
  81       Workbench2:
  82         ExternalURL: "https://$localip:${services[workbench2-ssl]}"
  83       Keepproxy:
  84         ExternalURL: "https://$localip:${services[keepproxy-ssl]}"
  85         InternalURLs:
  86           "http://localhost:${services[keepproxy]}": {}
  87       Keepstore:
  88         InternalURLs:
  89           "http://localhost:${services[keepstore0]}": {}
  90           "http://localhost:${services[keepstore1]}": {}
  91       Websocket:
  92         ExternalURL: "wss://$localip:${services[websockets-ssl]}/websocket"
  93         InternalURLs:
  94           "http://localhost:${services[websockets]}": {}
  95       GitSSH:
  96         ExternalURL: "ssh://git@$localip:"
  97       GitHTTP:
  98         InternalURLs:
  99           "http://localhost:${services[arv-git-httpd]}/": {}
 100         ExternalURL: "https://$localip:${services[arv-git-httpd-ssl]}/"
 101       WebDAV:
 102         InternalURLs:
 103           "http://localhost:${services[keep-web]}/": {}
 104         ExternalURL: "https://$localip:${services[keep-web-ssl]}/"
 105       WebDAVDownload:
 106         InternalURLs:
 107           "http://localhost:${services[keep-web]}/": {}
 108         ExternalURL: "https://$localip:${services[keep-web-dl-ssl]}/"
 109       Composer:
 110         ExternalURL: "https://$localip:${services[composer]}"
 111       Controller:
 112         ExternalURL: "https://$localip:${services[controller-ssl]}"
 113         InternalURLs:
 114           "http://localhost:${services[controller]}": {}
 115       WebShell:
 116         InternalURLs: {}
 117         ExternalURL: "https://$localip:${services[webshell-ssl]}"
 118     PostgreSQL:
 119       ConnectionPool: 32 # max concurrent connections per arvados server daemon
 120       Connection:
 121         # All parameters here are passed to the PG client library in a connection string;
 122         # see https://www.postgresql.org/docs/current/static/libpq-connect.html#LIBPQ-PARAMKEYWORDS
 123         host: localhost
 124         user: arvados
 125         password: ${database_pw}
 126         dbname: arvados_${database_env}
 127         client_encoding: utf8
 128     API:
 129       RailsSessionSecretToken: $secret_token
 130     Collections:
 131       BlobSigningKey: $blob_signing_key
 132       DefaultReplication: 1
 133       TrustAllContent: true
 134     Login:
 135       Test:
 136         Enable: true
 137     Users:
 138       NewUsersAreActive: true
 139       AutoAdminFirstUser: true
 140       AutoSetupNewUsers: true
 141       AutoSetupNewUsersWithVmUUID: $vm_uuid
 142       AutoSetupNewUsersWithRepository: true
 143     Workbench:
 144       SecretKeyBase: $workbench_secret_key_base
 145       ArvadosDocsite: http://$localip:${services[doc]}/
 146     Git:
 147       GitCommand: /usr/share/gitolite3/gitolite-shell
 148       GitoliteHome: $ARVADOS_CONTAINER_PATH/git
 149       Repositories: $ARVADOS_CONTAINER_PATH/git/repositories
 150     Volumes:
 151       ${uuid_prefix}-nyw5e-000000000000000:
 152         Driver: Directory
 153         DriverParameters:
 154           Root: $ARVADOS_CONTAINER_PATH/keep0
 155         AccessViaHosts:
 156           "http://localhost:${services[keepstore0]}": {}
 157       ${uuid_prefix}-nyw5e-111111111111111:
 158         Driver: Directory
 159         DriverParameters:
 160           Root: $ARVADOS_CONTAINER_PATH/keep1
 161         AccessViaHosts:
 162           "http://localhost:${services[keepstore1]}": {}
 163 EOF
 164
 165 /usr/local/lib/arvbox/yml_override.py $ARVADOS_CONTAINER_PATH/cluster_config.yml
 166
 167 cp $ARVADOS_CONTAINER_PATH/cluster_config.yml /etc/arvados/config.yml
 168
 169 # Do not abort if certain optional files don't exist (e.g. cluster_config.yml.override)
 170 set +e
 171 chmod og-rw \
 172       $ARVADOS_CONTAINER_PATH/cluster_config.yml.override \
 173       $ARVADOS_CONTAINER_PATH/cluster_config.yml \
 174       /etc/arvados/config.yml \
 175       $ARVADOS_CONTAINER_PATH/api_secret_token \
 176       $ARVADOS_CONTAINER_PATH/blob_signing_key \
 177       $ARVADOS_CONTAINER_PATH/management_token \
 178       $ARVADOS_CONTAINER_PATH/system_root_token \
 179       $ARVADOS_CONTAINER_PATH/api_database_pw \
 180       $ARVADOS_CONTAINER_PATH/workbench_secret_token \
 181       $ARVADOS_CONTAINER_PATH/superuser_token \
 182 set -e
 183
 184 mkdir -p $ARVADOS_CONTAINER_PATH/run_tests
 185 cat >$ARVADOS_CONTAINER_PATH/run_tests/config.yml <<EOF
 186 Clusters:
 187   zzzzz:
 188     PostgreSQL:
 189       Connection:
 190         host: localhost
 191         user: arvados
 192         password: ${database_pw}
 193         dbname: arvados_test
 194         client_encoding: utf8
 195 EOF