3 # Copyright (C) The Arvados Authors. All rights reserved.
5 # SPDX-License-Identifier: CC-BY-SA-3.0
7 # If you want to test arvados in a single host, you can run this script, which
8 # will install it using salt masterless
9 # This script is run by the Vagrant file when you run it with
15 # capture the directory that the script is running from
16 SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
20 echo >&2 "Usage: ${0} [-h] [-h]"
22 echo >&2 "${0} options:"
23 echo >&2 " -d, --debug Run salt installation in debug mode"
24 echo >&2 " -p <N>, --ssl-port <N> SSL port to use for the web applications"
25 echo >&2 " -c <local.params>, --config <local.params> Path to the local.params config file"
26 echo >&2 " -t, --test Test installation running a CWL workflow"
27 echo >&2 " -r, --roles List of Arvados roles to apply to the host, comma separated"
28 echo >&2 " Possible values are:"
30 echo >&2 " controller"
34 echo >&2 " workbench2"
38 echo >&2 " dispatcher"
39 echo >&2 " Defaults to applying them all"
40 echo >&2 " -h, --help Display this help and exit"
41 echo >&2 " -v, --vagrant Run in vagrant and use the /vagrant shared dir"
46 # NOTE: This requires GNU getopt (part of the util-linux package on Debian-based distros).
47 TEMP=$(getopt -o c:dhp:r:tv \
48 --long config:,debug,help,ssl-port:,roles:,test,vagrant \
51 if [ ${?} != 0 ] ; then echo "GNU getopt missing? Use -h for help"; exit 1 ; fi
52 # Note the quotes around `$TEMP': they are essential!
55 while [ ${#} -ge 1 ]; do
72 # Verify the role exists
73 if [[ ! "database,api,controller,keepstore,websocket,keepweb,workbench2,keepproxy,shell,workbench,dispatcher" == *"$i"* ]]; then
74 echo "The role '${i}' is not a valid role"
102 CONFIG="${SCRIPT_DIR}/local.params"
103 CONFIG_DIR="config_examples/single_host/multiple_hostnames"
111 HOSTNAME_INT="127.0.1.1"
113 INITIAL_USER_EMAIL=""
114 INITIAL_USER_PASSWORD=""
116 CONTROLLER_EXT_SSL_PORT=8000
117 KEEP_EXT_SSL_PORT=25101
118 # Both for collections and downloads
119 KEEPWEB_EXT_SSL_PORT=9002
120 WEBSHELL_EXT_SSL_PORT=4202
121 WEBSOCKET_EXT_SSL_PORT=8002
122 WORKBENCH1_EXT_SSL_PORT=443
123 WORKBENCH2_EXT_SSL_PORT=3001
128 POSTGRES_TAG="v0.41.3"
135 if [ -s ${CONFIG} ]; then
138 echo >&2 "Please create a '${CONFIG}' file with initial values, as described in FIXME_URL_TO_DESCR"
142 if ! grep -E '^[[:alnum:]]{5}$' <<<${CLUSTER} ; then
143 echo >&2 "ERROR: <CLUSTER> must be exactly 5 alphanumeric characters long"
144 echo >&2 "Fix the cluster name in the 'local.params' file and re-run the provision script"
152 F_DIR="/srv/formulas"
157 apt-get install -y curl git jq
159 dpkg -l |grep salt-minion
160 if [ ${?} -eq 0 ]; then
161 echo "Salt already installed"
163 curl -L https://bootstrap.saltstack.com -o /tmp/bootstrap_salt.sh
164 sh /tmp/bootstrap_salt.sh -XUdfP -x python3
165 /bin/systemctl disable salt-minion.service
168 # Set salt to masterless mode
169 cat > /etc/salt/minion << EOFSM
175 - ${F_DIR}/*/test/salt/states/examples
182 mkdir -p ${S_DIR} ${F_DIR} ${P_DIR}
185 cat > ${S_DIR}/top.sls << EOFTSLS
188 # - single_host.host_entries
189 # - single_host.snakeoil_certs
193 # If we want specific roles for a node, just add the desired states
194 # and its dependencies
195 if [ -z "${ROLES}" ]; then
196 echo ' - nginx.passenger' >> ${S_DIR}/top.sls
197 echo ' - postgres' >> ${S_DIR}/top.sls
198 echo ' - docker' >> ${S_DIR}/top.sls
199 echo ' - arvados' >> ${S_DIR}/top.sls
201 # If we add individual roles, make sure we add the repo first
202 echo " - arvados.repo" >> ${S_DIR}/top.sls
203 for R in ${ROLES}; do
206 echo " - postgres" >> ${S_DIR}/top.sls
208 "api","workbench","workbench2","keepweb","keepproxy")
209 grep -q "nginx.passenger" ${S_DIR}/top.sls || echo " - nginx.passenger" >> ${S_DIR}/top.sls
210 echo " - arvados.${R}" >> ${S_DIR}/top.sls
212 "shell","dispatcher")
213 grep -q "docker" ${S_DIR}/top.sls || echo " - docker" >> ${S_DIR}/top.sls
214 echo " - arvados.${R}" >> ${S_DIR}/top.sls
217 echo " - arvados.${R}" >> ${S_DIR}/top.sls
224 cat > ${P_DIR}/top.sls << EOFPSLS
230 - nginx_api_configuration
231 - nginx_controller_configuration
232 - nginx_keepproxy_configuration
233 - nginx_keepweb_configuration
235 - nginx_websocket_configuration
236 - nginx_webshell_configuration
237 - nginx_workbench2_configuration
238 - nginx_workbench_configuration
242 # Get the formula and dependencies
243 cd ${F_DIR} || exit 1
244 git clone --branch "${ARVADOS_TAG}" https://github.com/arvados/arvados-formula.git
245 git clone --branch "${DOCKER_TAG}" https://github.com/saltstack-formulas/docker-formula.git
246 git clone --branch "${LOCALE_TAG}" https://github.com/saltstack-formulas/locale-formula.git
247 git clone --branch "${NGINX_TAG}" https://github.com/saltstack-formulas/nginx-formula.git
248 git clone --branch "${POSTGRES_TAG}" https://github.com/saltstack-formulas/postgres-formula.git
250 if [ "x${BRANCH}" != "x" ]; then
251 cd ${F_DIR}/arvados-formula || exit 1
252 git checkout -t origin/"${BRANCH}"
256 if [ "x${VAGRANT}" = "xyes" ]; then
257 SOURCE_PILLARS_DIR="/vagrant/${CONFIG_DIR}/pillars"
258 SOURCE_STATES_DIR="/vagrant/${CONFIG_DIR}/states"
259 TESTS_DIR="/vagrant/${TESTS_DIR}"
261 SOURCE_PILLARS_DIR="${SCRIPT_DIR}/${CONFIG_DIR}/pillars"
262 SOURCE_STATES_DIR="${SCRIPT_DIR}/${CONFIG_DIR}/states"
263 TESTS_DIR="${SCRIPT_DIR}/${TESTS_DIR}"
266 # Replace cluster and domain name in the example pillars
267 for f in "${SOURCE_PILLARS_DIR}"/*; do
268 sed "s/__CLUSTER__/${CLUSTER}/g;
269 s/__DOMAIN__/${DOMAIN}/g;
270 s/__RELEASE__/${RELEASE}/g;
271 s/__CONTROLLER_EXT_SSL_PORT__/${CONTROLLER_EXT_SSL_PORT}/g;
272 s/__KEEP_EXT_SSL_PORT__/${KEEP_EXT_SSL_PORT}/g;
273 s/__WEBSHELL_EXT_SSL_PORT__/${WEBSHELL_EXT_SSL_PORT}/g;
274 s/__WORKBENCH1_EXT_SSL_PORT__/${WORKBENCH1_EXT_SSL_PORT}/g;
275 s/__WORKBENCH2_EXT_SSL_PORT__/${WORKBENCH2_EXT_SSL_PORT}/g;
276 s/__WEBSOCKET_EXT_SSL_PORT__/${WEBSOCKET_EXT_SSL_PORT}/g;
277 s/__HOSTNAME_EXT__/${HOSTNAME_EXT}/g;
278 s/__HOSTNAME_INT__/${HOSTNAME_INT}/g;
279 s/__KEEPWEB_EXT_SSL_PORT__/${KEEPWEB_EXT_SSL_PORT}/g;
280 s/__HOST_SSL_PORT__/${HOST_SSL_PORT}/g;
281 s/__INITIAL_USER__/${INITIAL_USER}/g;
282 s/__INITIAL_USER_EMAIL__/${INITIAL_USER_EMAIL}/g;
283 s/__INITIAL_USER_PASSWORD__/${INITIAL_USER_PASSWORD}/g;
284 s/__BLOB_SIGNING_KEY__/${BLOB_SIGNING_KEY}/g;
285 s/__MANAGEMENT_TOKEN__/${MANAGEMENT_TOKEN}/g;
286 s/__SYSTEM_ROOT_TOKEN__/${SYSTEM_ROOT_TOKEN}/g;
287 s/__RAILS_SECRET_TOKEN__/${RAILS_SECRET_TOKEN}/g;
288 s/__ANONYMOUS_USER_TOKEN__/${ANONYMOUS_USER_TOKEN}/g;
289 s/__WORKBENCH_SECRET_KEY__/${WORKBENCH_SECRET_KEY}/g;
290 s/__VERSION__/${VERSION}/g" \
291 "${f}" > "${P_DIR}"/$(basename "${f}")
294 mkdir -p /tmp/cluster_tests
295 # Replace cluster and domain name in the test files
296 for f in "${TESTS_DIR}"/*; do
297 sed "s/__CLUSTER__/${CLUSTER}/g;
298 s/__DOMAIN__/${DOMAIN}/g;
299 s/__HOSTNAME_INT__/${HOSTNAME_INT}/g;
300 s/__HOST_SSL_PORT__/${HOST_SSL_PORT}/g;
301 s/__CONTROLLER_EXT_SSL_PORT__/${CONTROLLER_EXT_SSL_PORT}/g;
302 s/__SYSTEM_ROOT_TOKEN__/${SYSTEM_ROOT_TOKEN}/g;
303 s/__INITIAL_USER__/${INITIAL_USER}/g;
304 s/__INITIAL_USER_EMAIL__/${INITIAL_USER_EMAIL}/g;
305 s/__INITIAL_USER_PASSWORD__/${INITIAL_USER_PASSWORD}/g" \
306 "${f}" > "/tmp/cluster_tests"/$(basename "${f}")
308 chmod 755 /tmp/cluster_tests/run-test.sh
310 # Replace helper state files that differ from the formula's examples
311 if -d "${SOURCE_STATES_DIR}"; then
312 for f in "${SOURCE_STATES_DIR}"/*; do
313 sed "s/__CLUSTER__/${CLUSTER}/g;
314 s/__DOMAIN__/${DOMAIN}/g;
315 s/__RELEASE__/${RELEASE}/g;
316 s/__CONTROLLER_EXT_SSL_PORT__/${CONTROLLER_EXT_SSL_PORT}/g;
317 s/__KEEP_EXT_SSL_PORT__/${KEEP_EXT_SSL_PORT}/g;
318 s/__WEBSHELL_EXT_SSL_PORT__/${WEBSHELL_EXT_SSL_PORT}/g;
319 s/__WORKBENCH1_EXT_SSL_PORT__/${WORKBENCH1_EXT_SSL_PORT}/g;
320 s/__WORKBENCH2_EXT_SSL_PORT__/${WORKBENCH2_EXT_SSL_PORT}/g;
321 s/__WEBSOCKET_EXT_SSL_PORT__/${WEBSOCKET_EXT_SSL_PORT}/g;
322 s/__HOSTNAME_EXT__/${HOSTNAME_EXT}/g;
323 s/__HOSTNAME_INT__/${HOSTNAME_INT}/g;
324 s/__KEEPWEB_EXT_SSL_PORT__/${KEEPWEB_EXT_SSL_PORT}/g;
325 s/__HOST_SSL_PORT__/${HOST_SSL_PORT}/g;
326 s/__INITIAL_USER__/${INITIAL_USER}/g;
327 s/__INITIAL_USER_EMAIL__/${INITIAL_USER_EMAIL}/g;
328 s/__INITIAL_USER_PASSWORD__/${INITIAL_USER_PASSWORD}/g;
329 s/__BLOB_SIGNING_KEY__/${BLOB_SIGNING_KEY}/g;
330 s/__MANAGEMENT_TOKEN__/${MANAGEMENT_TOKEN}/g;
331 s/__SYSTEM_ROOT_TOKEN__/${SYSTEM_ROOT_TOKEN}/g;
332 s/__RAILS_SECRET_TOKEN__/${RAILS_SECRET_TOKEN}/g;
333 s/__ANONYMOUS_USER_TOKEN__/${ANONYMOUS_USER_TOKEN}/g;
334 s/__WORKBENCH_SECRET_KEY__/${WORKBENCH_SECRET_KEY}/g;
335 s/__VERSION__/${VERSION}/g" \
336 "${f}" > "${F_DIR}/arvados-formula/test/salt/states/examples/single_host"/$(basename "${f}")
340 # FIXME! #16992 Temporary fix for psql call in arvados-api-server
341 if [ -e /root/.psqlrc ]; then
342 if ! ( grep 'pset pager off' /root/.psqlrc ); then
344 cp /root/.psqlrc /root/.psqlrc.provision.backup
350 echo '\pset pager off' >> /root/.psqlrc
351 # END FIXME! #16992 Temporary fix for psql call in arvados-api-server
353 # Now run the install
354 salt-call --local state.apply -l ${LOG_LEVEL}
356 # FIXME! #16992 Temporary fix for psql call in arvados-api-server
357 if [ "x${DELETE_PSQL}" = "xyes" ]; then
358 echo "Removing .psql file"
362 if [ "x${RESTORE_PSQL}" = "xyes" ]; then
363 echo "Restoring .psql file"
364 mv -v /root/.psqlrc.provision.backup /root/.psqlrc
366 # END FIXME! #16992 Temporary fix for psql call in arvados-api-server
368 # Leave a copy of the Arvados CA so the user can copy it where it's required
369 echo "Copying the Arvados CA certificate to the installer dir, so you can import it"
370 # If running in a vagrant VM, also add default user to docker group
371 if [ "x${VAGRANT}" = "xyes" ]; then
372 cp /etc/ssl/certs/arvados-snakeoil-ca.pem /vagrant
374 echo "Adding the vagrant user to the docker group"
375 usermod -a -G docker vagrant
377 cp /etc/ssl/certs/arvados-snakeoil-ca.pem ${SCRIPT_DIR}
380 # Test that the installation finished correctly
381 if [ "x${TEST}" = "xyes" ]; then
382 cd /tmp/cluster_tests