2 # Copyright (C) The Arvados Authors. All rights reserved.
4 # SPDX-License-Identifier: AGPL-3.0
9 export ARVADOS_CONTAINER_PATH=/var/lib/arvados-arvbox
11 if [[ -s /etc/arvados/config.yml ]] && [[ $ARVADOS_CONTAINER_PATH/cluster_config.yml.override -ot /etc/arvados/config.yml ]] ; then
15 . /usr/local/lib/arvbox/common.sh
19 if ! test -s $ARVADOS_CONTAINER_PATH/api_uuid_prefix ; then
20 ruby -e 'puts "x#{rand(2**64).to_s(36)[0,4]}"' > $ARVADOS_CONTAINER_PATH/api_uuid_prefix
22 uuid_prefix=$(cat $ARVADOS_CONTAINER_PATH/api_uuid_prefix)
24 if ! test -s $ARVADOS_CONTAINER_PATH/api_secret_token ; then
25 ruby -e 'puts rand(2**400).to_s(36)' > $ARVADOS_CONTAINER_PATH/api_secret_token
27 secret_token=$(cat $ARVADOS_CONTAINER_PATH/api_secret_token)
29 if ! test -s $ARVADOS_CONTAINER_PATH/blob_signing_key ; then
30 ruby -e 'puts rand(2**400).to_s(36)' > $ARVADOS_CONTAINER_PATH/blob_signing_key
32 blob_signing_key=$(cat $ARVADOS_CONTAINER_PATH/blob_signing_key)
34 if ! test -s $ARVADOS_CONTAINER_PATH/management_token ; then
35 ruby -e 'puts rand(2**400).to_s(36)' > $ARVADOS_CONTAINER_PATH/management_token
37 management_token=$(cat $ARVADOS_CONTAINER_PATH/management_token)
39 if ! test -s $ARVADOS_CONTAINER_PATH/system_root_token ; then
40 ruby -e 'puts rand(2**400).to_s(36)' > $ARVADOS_CONTAINER_PATH/system_root_token
42 system_root_token=$(cat $ARVADOS_CONTAINER_PATH/system_root_token)
44 if ! test -s $ARVADOS_CONTAINER_PATH/vm-uuid ; then
45 echo $uuid_prefix-2x53u-$(ruby -e 'puts rand(2**400).to_s(36)[0,15]') > $ARVADOS_CONTAINER_PATH/vm-uuid
47 vm_uuid=$(cat $ARVADOS_CONTAINER_PATH/vm-uuid)
49 if ! test -f $ARVADOS_CONTAINER_PATH/api_database_pw ; then
50 ruby -e 'puts rand(2**128).to_s(36)' > $ARVADOS_CONTAINER_PATH/api_database_pw
52 database_pw=$(cat $ARVADOS_CONTAINER_PATH/api_database_pw)
54 if ! (psql postgres -c "\du" | grep "^ arvados ") >/dev/null ; then
55 psql postgres -c "create user arvados with password '$database_pw'"
57 psql postgres -c "ALTER USER arvados WITH SUPERUSER;"
59 if ! test -s $ARVADOS_CONTAINER_PATH/workbench_secret_token ; then
60 ruby -e 'puts rand(2**400).to_s(36)' > $ARVADOS_CONTAINER_PATH/workbench_secret_token
62 workbench_secret_key_base=$(cat $ARVADOS_CONTAINER_PATH/workbench_secret_token)
64 if test -s $ARVADOS_CONTAINER_PATH/api_rails_env ; then
65 database_env=$(cat $ARVADOS_CONTAINER_PATH/api_rails_env)
67 database_env=development
70 cat >$ARVADOS_CONTAINER_PATH/cluster_config.yml <<EOF
73 SystemRootToken: $system_root_token
74 ManagementToken: $management_token
78 "http://localhost:${services[api]}": {}
80 ExternalURL: "https://$localip:${services[workbench]}"
82 ExternalURL: "https://$localip:${services[workbench2-ssl]}"
84 ExternalURL: "https://$localip:${services[keepproxy-ssl]}"
86 "http://localhost:${services[keepproxy]}": {}
89 "http://localhost:${services[keepstore0]}": {}
90 "http://localhost:${services[keepstore1]}": {}
92 ExternalURL: "wss://$localip:${services[websockets-ssl]}/websocket"
94 "http://localhost:${services[websockets]}": {}
96 ExternalURL: "ssh://git@$localip:"
99 "http://localhost:${services[arv-git-httpd]}/": {}
100 ExternalURL: "https://$localip:${services[arv-git-httpd-ssl]}/"
103 "http://localhost:${services[keep-web]}/": {}
104 ExternalURL: "https://$localip:${services[keep-web-ssl]}/"
107 "http://localhost:${services[keep-web]}/": {}
108 ExternalURL: "https://$localip:${services[keep-web-dl-ssl]}/"
110 ExternalURL: "https://$localip:${services[composer]}"
112 ExternalURL: "https://$localip:${services[controller-ssl]}"
114 "http://localhost:${services[controller]}": {}
117 ExternalURL: "https://$localip:${services[webshell-ssl]}"
119 ConnectionPool: 32 # max concurrent connections per arvados server daemon
121 # All parameters here are passed to the PG client library in a connection string;
122 # see https://www.postgresql.org/docs/current/static/libpq-connect.html#LIBPQ-PARAMKEYWORDS
125 password: ${database_pw}
126 dbname: arvados_${database_env}
127 client_encoding: utf8
129 RailsSessionSecretToken: $secret_token
131 BlobSigningKey: $blob_signing_key
132 DefaultReplication: 1
133 TrustAllContent: true
138 NewUsersAreActive: true
139 AutoAdminFirstUser: true
140 AutoSetupNewUsers: true
141 AutoSetupNewUsersWithVmUUID: $vm_uuid
142 AutoSetupNewUsersWithRepository: true
144 SecretKeyBase: $workbench_secret_key_base
145 ArvadosDocsite: http://$localip:${services[doc]}/
147 GitCommand: /usr/share/gitolite3/gitolite-shell
148 GitoliteHome: $ARVADOS_CONTAINER_PATH/git
149 Repositories: $ARVADOS_CONTAINER_PATH/git/repositories
151 ${uuid_prefix}-nyw5e-000000000000000:
154 Root: $ARVADOS_CONTAINER_PATH/keep0
156 "http://localhost:${services[keepstore0]}": {}
157 ${uuid_prefix}-nyw5e-111111111111111:
160 Root: $ARVADOS_CONTAINER_PATH/keep1
162 "http://localhost:${services[keepstore1]}": {}
165 /usr/local/lib/arvbox/yml_override.py $ARVADOS_CONTAINER_PATH/cluster_config.yml
167 cp $ARVADOS_CONTAINER_PATH/cluster_config.yml /etc/arvados/config.yml
169 # Do not abort if certain optional files don't exist (e.g. cluster_config.yml.override)
172 $ARVADOS_CONTAINER_PATH/cluster_config.yml.override \
173 $ARVADOS_CONTAINER_PATH/cluster_config.yml \
174 /etc/arvados/config.yml \
175 $ARVADOS_CONTAINER_PATH/api_secret_token \
176 $ARVADOS_CONTAINER_PATH/blob_signing_key \
177 $ARVADOS_CONTAINER_PATH/management_token \
178 $ARVADOS_CONTAINER_PATH/system_root_token \
179 $ARVADOS_CONTAINER_PATH/api_database_pw \
180 $ARVADOS_CONTAINER_PATH/workbench_secret_token \
181 $ARVADOS_CONTAINER_PATH/superuser_token \
184 mkdir -p $ARVADOS_CONTAINER_PATH/run_tests
185 cat >$ARVADOS_CONTAINER_PATH/run_tests/config.yml <<EOF
192 password: ${database_pw}
194 client_encoding: utf8