tools/arvbox/lib/arvbox/docker/cluster-config.sh

   1 #!/bin/bash
   2 # Copyright (C) The Arvados Authors. All rights reserved.
   3 #
   4 # SPDX-License-Identifier: AGPL-3.0
   5
   6 exec 2>&1
   7 set -ex -o pipefail
   8
   9 if [[ -s /etc/arvados/config.yml ]] && [[ /var/lib/arvados/cluster_config.yml.override -ot /etc/arvados/config.yml ]] ; then
  10    exit
  11 fi
  12
  13 . /usr/local/lib/arvbox/common.sh
  14
  15 set -u
  16
  17 if ! test -s /var/lib/arvados/api_uuid_prefix ; then
  18   ruby -e 'puts "x#{rand(2**64).to_s(36)[0,4]}"' > /var/lib/arvados/api_uuid_prefix
  19 fi
  20 uuid_prefix=$(cat /var/lib/arvados/api_uuid_prefix)
  21
  22 if ! test -s /var/lib/arvados/api_secret_token ; then
  23     ruby -e 'puts rand(2**400).to_s(36)' > /var/lib/arvados/api_secret_token
  24 fi
  25 secret_token=$(cat /var/lib/arvados/api_secret_token)
  26
  27 if ! test -s /var/lib/arvados/blob_signing_key ; then
  28     ruby -e 'puts rand(2**400).to_s(36)' > /var/lib/arvados/blob_signing_key
  29 fi
  30 blob_signing_key=$(cat /var/lib/arvados/blob_signing_key)
  31
  32 if ! test -s /var/lib/arvados/management_token ; then
  33     ruby -e 'puts rand(2**400).to_s(36)' > /var/lib/arvados/management_token
  34 fi
  35 management_token=$(cat /var/lib/arvados/management_token)
  36
  37 if ! test -s /var/lib/arvados/system_root_token ; then
  38     ruby -e 'puts rand(2**400).to_s(36)' > /var/lib/arvados/system_root_token
  39 fi
  40 system_root_token=$(cat /var/lib/arvados/system_root_token)
  41
  42 if ! test -s /var/lib/arvados/sso_app_secret ; then
  43     ruby -e 'puts rand(2**400).to_s(36)' > /var/lib/arvados/sso_app_secret
  44 fi
  45 sso_app_secret=$(cat /var/lib/arvados/sso_app_secret)
  46
  47 if ! test -s /var/lib/arvados/vm-uuid ; then
  48     echo $uuid_prefix-2x53u-$(ruby -e 'puts rand(2**400).to_s(36)[0,15]') > /var/lib/arvados/vm-uuid
  49 fi
  50 vm_uuid=$(cat /var/lib/arvados/vm-uuid)
  51
  52 if ! test -f /var/lib/arvados/api_database_pw ; then
  53     ruby -e 'puts rand(2**128).to_s(36)' > /var/lib/arvados/api_database_pw
  54 fi
  55 database_pw=$(cat /var/lib/arvados/api_database_pw)
  56
  57 if ! (psql postgres -c "\du" | grep "^ arvados ") >/dev/null ; then
  58     psql postgres -c "create user arvados with password '$database_pw'"
  59 fi
  60 psql postgres -c "ALTER USER arvados WITH SUPERUSER;"
  61
  62 if ! test -s /var/lib/arvados/workbench_secret_token ; then
  63   ruby -e 'puts rand(2**400).to_s(36)' > /var/lib/arvados/workbench_secret_token
  64 fi
  65 workbench_secret_key_base=$(cat /var/lib/arvados/workbench_secret_token)
  66
  67 if test -s /var/lib/arvados/api_rails_env ; then
  68   database_env=$(cat /var/lib/arvados/api_rails_env)
  69 else
  70   database_env=development
  71 fi
  72
  73 cat >/var/lib/arvados/cluster_config.yml <<EOF
  74 Clusters:
  75   ${uuid_prefix}:
  76     SystemRootToken: $system_root_token
  77     ManagementToken: $management_token
  78     Services:
  79       RailsAPI:
  80         InternalURLs:
  81           "http://localhost:${services[api]}": {}
  82       Workbench1:
  83         ExternalURL: "https://$localip:${services[workbench]}"
  84       Workbench2:
  85         ExternalURL: "https://$localip:${services[workbench2-ssl]}"
  86       SSO:
  87         ExternalURL: "https://$localip:${services[sso]}"
  88       Keepproxy:
  89         ExternalURL: "https://$localip:${services[keepproxy-ssl]}"
  90         InternalURLs:
  91           "http://localhost:${services[keepproxy]}": {}
  92       Keepstore:
  93         InternalURLs:
  94           "http://localhost:${services[keepstore0]}": {}
  95           "http://localhost:${services[keepstore1]}": {}
  96       Websocket:
  97         ExternalURL: "wss://$localip:${services[websockets-ssl]}/websocket"
  98         InternalURLs:
  99           "http://localhost:${services[websockets]}": {}
 100       GitSSH:
 101         ExternalURL: "ssh://git@$localip:"
 102       GitHTTP:
 103         InternalURLs:
 104           "http://localhost:${services[arv-git-httpd]}/": {}
 105         ExternalURL: "https://$localip:${services[arv-git-httpd-ssl]}/"
 106       WebDAV:
 107         InternalURLs:
 108           "http://localhost:${services[keep-web]}/": {}
 109         ExternalURL: "https://$localip:${services[keep-web-ssl]}/"
 110       WebDAVDownload:
 111         InternalURLs:
 112           "http://localhost:${services[keep-web]}/": {}
 113         ExternalURL: "https://$localip:${services[keep-web-ssl]}/"
 114         InternalURLs:
 115           "http://localhost:${services[keep-web]}/": {}
 116       Composer:
 117         ExternalURL: "https://$localip:${services[composer]}"
 118       Controller:
 119         ExternalURL: "https://$localip:${services[controller-ssl]}"
 120         InternalURLs:
 121           "http://localhost:${services[controller]}": {}
 122       RailsAPI:
 123         InternalURLs:
 124           "http://localhost:${services[api]}/": {}
 125     PostgreSQL:
 126       ConnectionPool: 32 # max concurrent connections per arvados server daemon
 127       Connection:
 128         # All parameters here are passed to the PG client library in a connection string;
 129         # see https://www.postgresql.org/docs/current/static/libpq-connect.html#LIBPQ-PARAMKEYWORDS
 130         host: localhost
 131         user: arvados
 132         password: ${database_pw}
 133         dbname: arvados_${database_env}
 134         client_encoding: utf8
 135     API:
 136       RailsSessionSecretToken: $secret_token
 137     Collections:
 138       BlobSigningKey: $blob_signing_key
 139       DefaultReplication: 1
 140       TrustAllContent: true
 141     Login:
 142       SSO:
 143         Enable: true
 144         ProviderAppSecret: $sso_app_secret
 145         ProviderAppID: arvados-server
 146     Users:
 147       NewUsersAreActive: true
 148       AutoAdminFirstUser: true
 149       AutoSetupNewUsers: true
 150       AutoSetupNewUsersWithVmUUID: $vm_uuid
 151       AutoSetupNewUsersWithRepository: true
 152     Workbench:
 153       SecretKeyBase: $workbench_secret_key_base
 154       ArvadosDocsite: http://$localip:${services[doc]}/
 155     Git:
 156       GitCommand: /usr/share/gitolite3/gitolite-shell
 157       GitoliteHome: /var/lib/arvados/git
 158       Repositories: /var/lib/arvados/git/repositories
 159     Volumes:
 160       ${uuid_prefix}-nyw5e-000000000000000:
 161         Driver: Directory
 162         DriverParameters:
 163           Root: /var/lib/arvados/keep0
 164         AccessViaHosts:
 165           "http://localhost:${services[keepstore0]}": {}
 166       ${uuid_prefix}-nyw5e-111111111111111:
 167         Driver: Directory
 168         DriverParameters:
 169           Root: /var/lib/arvados/keep1
 170         AccessViaHosts:
 171           "http://localhost:${services[keepstore1]}": {}
 172 EOF
 173
 174 /usr/local/lib/arvbox/yml_override.py /var/lib/arvados/cluster_config.yml
 175
 176 cp /var/lib/arvados/cluster_config.yml /etc/arvados/config.yml
 177
 178 mkdir -p /var/lib/arvados/run_tests
 179 cat >/var/lib/arvados/run_tests/config.yml <<EOF
 180 Clusters:
 181   zzzzz:
 182     PostgreSQL:
 183       Connection:
 184         host: localhost
 185         user: arvados
 186         password: ${database_pw}
 187         dbname: arvados_test
 188         client_encoding: utf8
 189 EOF