3 # Copyright (C) The Arvados Authors. All rights reserved.
5 # SPDX-License-Identifier: CC-BY-SA-3.0
7 # If you want to test arvados in a single host, you can run this script, which
8 # will install it using salt masterless
9 # This script is run by the Vagrant file when you run it with
16 # capture the directory that the script is running from
17 SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
21 echo >&2 "Usage: ${0} [-h] [-h]"
23 echo >&2 "${0} options:"
24 echo >&2 " -d, --debug Run salt installation in debug mode"
25 echo >&2 " -c <local.params>, --config <local.params> Path to the local.params config file"
26 echo >&2 " -t, --test Test installation running a CWL workflow"
27 echo >&2 " -r, --roles List of Arvados roles to apply to the host, comma separated"
28 echo >&2 " Possible values are:"
30 echo >&2 " controller"
31 echo >&2 " dispatcher"
39 echo >&2 " workbench2"
40 echo >&2 " Defaults to applying them all"
41 echo >&2 " -h, --help Display this help and exit"
42 echo >&2 " --dump-config <dest_dir> Dumps the pillars and states to a directory"
43 echo >&2 " This parameter does not perform any installation at all. It's"
44 echo >&2 " intended to give you a parsed sot of configuration files so"
45 echo >&2 " you can inspect them or use them in you Saltstack infrastructure."
47 echo >&2 " - parses the pillar and states templates,"
48 echo >&2 " - downloads the helper formulas with their desired versions,"
49 echo >&2 " - prepares the 'top.sls' files both for pillars and states"
50 echo >&2 " for the selected role/s"
51 echo >&2 " - writes the resulting files into <dest_dir>"
52 echo >&2 " -v, --vagrant Run in vagrant and use the /vagrant shared dir"
57 # NOTE: This requires GNU getopt (part of the util-linux package on Debian-based distros).
58 if ! which getopt > /dev/null; then
59 echo >&2 "GNU getopt is required to run this script. Please install it and re-reun it"
63 TEMP=$(getopt -o c:dhp:r:tv \
64 --long config:,debug,dump-config:,help,roles:,test,vagrant \
68 then echo "Please check the parameters you entered and re-run again"
71 # Note the quotes around `$TEMP': they are essential!
74 while [ ${#} -ge 1 ]; do
86 if [[ ${2} = /* ]]; then
87 DUMP_SALT_CONFIG_DIR=${2}
89 DUMP_SALT_CONFIG_DIR=${PWD}/${2}
92 S_DIR="${DUMP_SALT_CONFIG_DIR}/salt"
94 F_DIR="${DUMP_SALT_CONFIG_DIR}/formulas"
96 P_DIR="${DUMP_SALT_CONFIG_DIR}/pillars"
98 T_DIR="${DUMP_SALT_CONFIG_DIR}/tests"
105 # Verify the role exists
106 if [[ ! "database,api,controller,keepstore,websocket,keepweb,workbench2,webshell,keepproxy,shell,workbench,dispatcher" == *"$i"* ]]; then
107 echo "The role '${i}' is not a valid role"
111 ROLES="${ROLES} ${i}"
135 CONFIG_FILE="${SCRIPT_DIR}/local.params"
136 CONFIG_DIR="local_config_dir"
139 CONTROLLER_EXT_SSL_PORT=443
145 # Hostnames/IPs used for single-host deploys
147 HOSTNAME_INT="127.0.1.1"
151 INITIAL_USER_EMAIL=""
152 INITIAL_USER_PASSWORD=""
154 CONTROLLER_EXT_SSL_PORT=8000
155 KEEP_EXT_SSL_PORT=25101
156 # Both for collections and downloads
157 KEEPWEB_EXT_SSL_PORT=9002
158 WEBSHELL_EXT_SSL_PORT=4202
159 WEBSOCKET_EXT_SSL_PORT=8002
160 WORKBENCH1_EXT_SSL_PORT=443
161 WORKBENCH2_EXT_SSL_PORT=3001
163 ## These are ARVADOS-related parameters
164 # For a stable release, change RELEASE "production" and VERSION to the
165 # package version (including the iteration, e.g. X.Y.Z-1) of the
170 # These are arvados-formula-related parameters
171 # An arvados-formula tag. For a stable release, this should be a
172 # branch name (e.g. X.Y-dev) or tag for the release.
173 ARVADOS_TAG="2.2-dev"
175 # Other formula versions we depend on
176 POSTGRES_TAG="v0.41.6"
177 NGINX_TAG="temp-fix-missing-statements-in-pillar"
180 LETSENCRYPT_TAG="v2.1.0"
183 DUMP_SALT_CONFIG_DIR=""
187 F_DIR="/srv/formulas"
191 T_DIR="/tmp/cluster_tests"
195 if [ -s ${CONFIG_FILE} ]; then
196 source ${CONFIG_FILE}
198 echo >&2 "You don't seem to have a config file with initial values."
199 echo >&2 "Please create a '${CONFIG_FILE}' file as described in"
200 echo >&2 " * https://doc.arvados.org/install/salt-single-host.html#single_host, or"
201 echo >&2 " * https://doc.arvados.org/install/salt-multi-host.html#multi_host_multi_hostnames"
205 if [ ! -d ${CONFIG_DIR} ]; then
206 echo >&2 "You don't seem to have a config directory with pillars and states."
207 echo >&2 "Please create a '${CONFIG_DIR}' directory (as configured in your '${CONFIG_FILE}'). Please see"
208 echo >&2 " * https://doc.arvados.org/install/salt-single-host.html#single_host, or"
209 echo >&2 " * https://doc.arvados.org/install/salt-multi-host.html#multi_host_multi_hostnames"
213 if grep -q 'fixme_or_this_wont_work' ${CONFIG_FILE} ; then
214 echo >&2 "The config file ${CONFIG_FILE} has some parameters that need to be modified."
215 echo >&2 "Please, fix them and re-run the provision script."
219 if ! grep -qE '^[[:alnum:]]{5}$' <<<${CLUSTER} ; then
220 echo >&2 "ERROR: <CLUSTER> must be exactly 5 alphanumeric characters long"
221 echo >&2 "Fix the cluster name in the 'local.params' file and re-run the provision script"
225 # Only used in single_host/single_name deploys
226 if [ "x${HOSTNAME_EXT}" = "x" ] ; then
227 HOSTNAME_EXT="${CLUSTER}.${DOMAIN}"
230 if [ "${DUMP_CONFIG}" = "yes" ]; then
231 echo "The provision installer will just dump a config under ${DUMP_SALT_CONFIG_DIR} and exit"
233 # Install a few dependency packages
234 # First, let's figure out the OS we're working on
235 OS_ID=$(grep ^ID= /etc/os-release |cut -f 2 -d \")
236 echo "Detected distro: ${OS_ID}"
240 PREINSTALL_CMD="/bin/true"
241 INSTALL_CMD="yum install -y"
244 PREINSTALL_CMD="DEBIAN_FRONTEND=noninteractive apt update"
245 INSTALL_CMD="DEBIAN_FRONTEND=noninteractive apt install -y"
250 ${INSTALL_CMD} curl git jq
252 if which salt-call; then
253 echo "Salt already installed"
255 curl -L https://bootstrap.saltstack.com -o /tmp/bootstrap_salt.sh
256 sh /tmp/bootstrap_salt.sh -XdfP -x python3
257 /bin/systemctl stop salt-minion.service
258 /bin/systemctl disable salt-minion.service
261 # Set salt to masterless mode
262 cat > /etc/salt/minion << EOFSM
277 mkdir -p ${S_DIR} ${F_DIR} ${P_DIR} ${T_DIR}
279 # Get the formula and dependencies
280 cd ${F_DIR} || exit 1
282 echo "Cloning formulas"
283 rm -rf ${F_DIR}/* || exit 1
285 git clone --branch "${ARVADOS_TAG}" https://git.arvados.org/arvados-formula.git
286 git clone --branch "${DOCKER_TAG}" https://github.com/saltstack-formulas/docker-formula.git
287 git clone --branch "${LOCALE_TAG}" https://github.com/saltstack-formulas/locale-formula.git
288 # git clone --branch "${NGINX_TAG}" https://github.com/saltstack-formulas/nginx-formula.git
289 git clone --branch "${NGINX_TAG}" https://github.com/netmanagers/nginx-formula.git
290 git clone --branch "${POSTGRES_TAG}" https://github.com/saltstack-formulas/postgres-formula.git
291 git clone --branch "${LETSENCRYPT_TAG}" https://github.com/saltstack-formulas/letsencrypt-formula.git
293 # If we want to try a specific branch of the formula
294 if [ "x${BRANCH}" != "x" ]; then
295 ( cd ${F_DIR}/arvados && git checkout --quiet -t origin/"${BRANCH}" -b "${BRANCH}" )
296 elif [ "x${ARVADOS_TAG}" != "x" ]; then
297 ( cd ${F_DIR}/arvados && git checkout --quiet tags/"${ARVADOS_TAG}" -b "${ARVADOS_TAG}" )
300 if [ "x${VAGRANT}" = "xyes" ]; then
301 EXTRA_STATES_DIR="/home/vagrant/${CONFIG_DIR}/states"
302 SOURCE_PILLARS_DIR="/home/vagrant/${CONFIG_DIR}/pillars"
303 SOURCE_TESTS_DIR="/home/vagrant/${TESTS_DIR}"
305 EXTRA_STATES_DIR="${SCRIPT_DIR}/${CONFIG_DIR}/states"
306 SOURCE_PILLARS_DIR="${SCRIPT_DIR}/${CONFIG_DIR}/pillars"
307 SOURCE_TESTS_DIR="${SCRIPT_DIR}/${TESTS_DIR}"
310 SOURCE_STATES_DIR="${EXTRA_STATES_DIR}"
312 echo "Writing pillars and states"
314 # Replace variables (cluster, domain, etc) in the pillars, states and tests
315 # to ease deployment for newcomers
316 if [ ! -d "${SOURCE_PILLARS_DIR}" ]; then
317 echo "${SOURCE_PILLARS_DIR} does not exist or is not a directory. Exiting."
320 for f in $(ls "${SOURCE_PILLARS_DIR}"/*); do
321 sed "s#__ANONYMOUS_USER_TOKEN__#${ANONYMOUS_USER_TOKEN}#g;
322 s#__BLOB_SIGNING_KEY__#${BLOB_SIGNING_KEY}#g;
323 s#__CONTROLLER_EXT_SSL_PORT__#${CONTROLLER_EXT_SSL_PORT}#g;
324 s#__CLUSTER__#${CLUSTER}#g;
325 s#__DOMAIN__#${DOMAIN}#g;
326 s#__HOSTNAME_EXT__#${HOSTNAME_EXT}#g;
327 s#__HOSTNAME_INT__#${HOSTNAME_INT}#g;
328 s#__INITIAL_USER_EMAIL__#${INITIAL_USER_EMAIL}#g;
329 s#__INITIAL_USER_PASSWORD__#${INITIAL_USER_PASSWORD}#g;
330 s#__INITIAL_USER__#${INITIAL_USER}#g;
331 s#__LE_AWS_REGION__#${LE_AWS_REGION}#g;
332 s#__LE_AWS_SECRET_ACCESS_KEY__#${LE_AWS_SECRET_ACCESS_KEY}#g;
333 s#__LE_AWS_ACCESS_KEY_ID__#${LE_AWS_ACCESS_KEY_ID}#g;
334 s#__DATABASE_PASSWORD__#${DATABASE_PASSWORD}#g;
335 s#__KEEPWEB_EXT_SSL_PORT__#${KEEPWEB_EXT_SSL_PORT}#g;
336 s#__KEEP_EXT_SSL_PORT__#${KEEP_EXT_SSL_PORT}#g;
337 s#__MANAGEMENT_TOKEN__#${MANAGEMENT_TOKEN}#g;
338 s#__RELEASE__#${RELEASE}#g;
339 s#__SYSTEM_ROOT_TOKEN__#${SYSTEM_ROOT_TOKEN}#g;
340 s#__VERSION__#${VERSION}#g;
341 s#__WEBSHELL_EXT_SSL_PORT__#${WEBSHELL_EXT_SSL_PORT}#g;
342 s#__WEBSOCKET_EXT_SSL_PORT__#${WEBSOCKET_EXT_SSL_PORT}#g;
343 s#__WORKBENCH1_EXT_SSL_PORT__#${WORKBENCH1_EXT_SSL_PORT}#g;
344 s#__WORKBENCH2_EXT_SSL_PORT__#${WORKBENCH2_EXT_SSL_PORT}#g;
345 s#__CLUSTER_INT_CIDR__#${CLUSTER_INT_CIDR}#g;
346 s#__CONTROLLER_INT_IP__#${CONTROLLER_INT_IP}#g;
347 s#__WEBSOCKET_INT_IP__#${WEBSOCKET_INT_IP}#g;
348 s#__KEEP_INT_IP__#${KEEP_INT_IP}#g;
349 s#__KEEPSTORE0_INT_IP__#${KEEPSTORE0_INT_IP}#g;
350 s#__KEEPSTORE1_INT_IP__#${KEEPSTORE1_INT_IP}#g;
351 s#__KEEPWEB_INT_IP__#${KEEPWEB_INT_IP}#g;
352 s#__WEBSHELL_INT_IP__#${WEBSHELL_INT_IP}#g;
353 s#__SHELL_INT_IP__#${SHELL_INT_IP}#g;
354 s#__WORKBENCH1_INT_IP__#${WORKBENCH1_INT_IP}#g;
355 s#__WORKBENCH2_INT_IP__#${WORKBENCH2_INT_IP}#g;
356 s#__DATABASE_INT_IP__#${DATABASE_INT_IP}#g;
357 s#__WORKBENCH_SECRET_KEY__#${WORKBENCH_SECRET_KEY}#g" \
358 "${f}" > "${P_DIR}"/$(basename "${f}")
361 if [ "x${TEST}" = "xyes" ] && [ ! -d "${SOURCE_TESTS_DIR}" ]; then
362 echo "You requested to run tests, but ${SOURCE_TESTS_DIR} does not exist or is not a directory. Exiting."
366 # Replace cluster and domain name in the test files
367 for f in $(ls "${SOURCE_TESTS_DIR}"/*); do
368 sed "s#__CLUSTER__#${CLUSTER}#g;
369 s#__CONTROLLER_EXT_SSL_PORT__#${CONTROLLER_EXT_SSL_PORT}#g;
370 s#__DOMAIN__#${DOMAIN}#g;
371 s#__HOSTNAME_INT__#${HOSTNAME_INT}#g;
372 s#__INITIAL_USER_EMAIL__#${INITIAL_USER_EMAIL}#g;
373 s#__INITIAL_USER_PASSWORD__#${INITIAL_USER_PASSWORD}#g
374 s#__INITIAL_USER__#${INITIAL_USER}#g;
375 s#__DATABASE_PASSWORD__#${DATABASE_PASSWORD}#g;
376 s#__SYSTEM_ROOT_TOKEN__#${SYSTEM_ROOT_TOKEN}#g" \
377 "${f}" > ${T_DIR}/$(basename "${f}")
379 chmod 755 ${T_DIR}/run-test.sh
381 # Replace helper state files that differ from the formula's examples
382 if [ -d "${SOURCE_STATES_DIR}" ]; then
383 mkdir -p "${F_DIR}"/extra/extra
385 for f in $(ls "${SOURCE_STATES_DIR}"/*); do
386 sed "s#__ANONYMOUS_USER_TOKEN__#${ANONYMOUS_USER_TOKEN}#g;
387 s#__CLUSTER__#${CLUSTER}#g;
388 s#__BLOB_SIGNING_KEY__#${BLOB_SIGNING_KEY}#g;
389 s#__CONTROLLER_EXT_SSL_PORT__#${CONTROLLER_EXT_SSL_PORT}#g;
390 s#__DOMAIN__#${DOMAIN}#g;
391 s#__HOSTNAME_EXT__#${HOSTNAME_EXT}#g;
392 s#__HOSTNAME_INT__#${HOSTNAME_INT}#g;
393 s#__INITIAL_USER_EMAIL__#${INITIAL_USER_EMAIL}#g;
394 s#__INITIAL_USER_PASSWORD__#${INITIAL_USER_PASSWORD}#g;
395 s#__INITIAL_USER__#${INITIAL_USER}#g;
396 s#__DATABASE_PASSWORD__#${DATABASE_PASSWORD}#g;
397 s#__KEEPWEB_EXT_SSL_PORT__#${KEEPWEB_EXT_SSL_PORT}#g;
398 s#__KEEP_EXT_SSL_PORT__#${KEEP_EXT_SSL_PORT}#g;
399 s#__MANAGEMENT_TOKEN__#${MANAGEMENT_TOKEN}#g;
400 s#__RELEASE__#${RELEASE}#g;
401 s#__SYSTEM_ROOT_TOKEN__#${SYSTEM_ROOT_TOKEN}#g;
402 s#__VERSION__#${VERSION}#g;
403 s#__CLUSTER_INT_CIDR__#${CLUSTER_INT_CIDR}#g;
404 s#__CONTROLLER_INT_IP__#${CONTROLLER_INT_IP}#g;
405 s#__WEBSOCKET_INT_IP__#${WEBSOCKET_INT_IP}#g;
406 s#__KEEP_INT_IP__#${KEEP_INT_IP}#g;
407 s#__KEEPSTORE0_INT_IP__#${KEEPSTORE0_INT_IP}#g;
408 s#__KEEPSTORE1_INT_IP__#${KEEPSTORE1_INT_IP}#g;
409 s#__KEEPWEB_INT_IP__#${KEEPWEB_INT_IP}#g;
410 s#__WEBSHELL_INT_IP__#${WEBSHELL_INT_IP}#g;
411 s#__WORKBENCH1_INT_IP__#${WORKBENCH1_INT_IP}#g;
412 s#__WORKBENCH2_INT_IP__#${WORKBENCH2_INT_IP}#g;
413 s#__DATABASE_INT_IP__#${DATABASE_INT_IP}#g;
414 s#__WEBSHELL_EXT_SSL_PORT__#${WEBSHELL_EXT_SSL_PORT}#g;
415 s#__WEBSOCKET_EXT_SSL_PORT__#${WEBSOCKET_EXT_SSL_PORT}#g;
416 s#__WORKBENCH1_EXT_SSL_PORT__#${WORKBENCH1_EXT_SSL_PORT}#g;
417 s#__WORKBENCH2_EXT_SSL_PORT__#${WORKBENCH2_EXT_SSL_PORT}#g;
418 s#__WORKBENCH_SECRET_KEY__#${WORKBENCH_SECRET_KEY}#g" \
419 "${f}" > "${F_DIR}/extra/extra"/$(basename "${f}")
423 # Now, we build the SALT states/pillars trees
424 # As we need to separate both states and pillars in case we want specific
425 # roles, we iterate on both at the same time
428 cat > ${S_DIR}/top.sls << EOFTSLS
435 cat > ${P_DIR}/top.sls << EOFPSLS
442 # States, extra states
443 if [ -d "${F_DIR}"/extra/extra ]; then
444 for f in $(ls "${F_DIR}"/extra/extra/*.sls); do
445 echo " - extra.$(basename ${f} | sed 's/.sls$//g')" >> ${S_DIR}/top.sls
449 # If we want specific roles for a node, just add the desired states
450 # and its dependencies
451 if [ -z "${ROLES}" ]; then
453 echo " - nginx.passenger" >> ${S_DIR}/top.sls
454 # Currently, only available on config_examples/multi_host/aws
455 if [ "x${USE_LETSENCRYPT}" = "xyes" ]; then
456 if [ "x${USE_LETSENCRYPT_IAM_USER}" = "xyes" ]; then
457 grep -q "aws_credentials" ${S_DIR}/top.sls || echo " - aws_credentials" >> ${S_DIR}/top.sls
459 grep -q "letsencrypt" ${S_DIR}/top.sls || echo " - letsencrypt" >> ${S_DIR}/top.sls
461 echo " - postgres" >> ${S_DIR}/top.sls
462 echo " - docker.software" >> ${S_DIR}/top.sls
463 echo " - arvados" >> ${S_DIR}/top.sls
466 echo " - docker" >> ${P_DIR}/top.sls
467 echo " - nginx_api_configuration" >> ${P_DIR}/top.sls
468 echo " - nginx_controller_configuration" >> ${P_DIR}/top.sls
469 echo " - nginx_keepproxy_configuration" >> ${P_DIR}/top.sls
470 echo " - nginx_keepweb_configuration" >> ${P_DIR}/top.sls
471 echo " - nginx_passenger" >> ${P_DIR}/top.sls
472 echo " - nginx_websocket_configuration" >> ${P_DIR}/top.sls
473 echo " - nginx_webshell_configuration" >> ${P_DIR}/top.sls
474 echo " - nginx_workbench2_configuration" >> ${P_DIR}/top.sls
475 echo " - nginx_workbench_configuration" >> ${P_DIR}/top.sls
476 echo " - postgresql" >> ${P_DIR}/top.sls
477 # Currently, only available on config_examples/multi_host/aws
478 if [ "x${USE_LETSENCRYPT}" = "xyes" ]; then
479 if [ "x${USE_LETSENCRYPT_IAM_USER}" = "xyes" ]; then
480 grep -q "aws_credentials" ${P_DIR}/top.sls || echo " - aws_credentials" >> ${P_DIR}/top.sls
482 grep -q "letsencrypt" ${P_DIR}/top.sls || echo " - letsencrypt" >> ${P_DIR}/top.sls
485 # If we add individual roles, make sure we add the repo first
486 echo " - arvados.repo" >> ${S_DIR}/top.sls
487 for R in ${ROLES}; do
491 echo " - postgres" >> ${S_DIR}/top.sls
493 echo ' - postgresql' >> ${P_DIR}/top.sls
497 # FIXME: https://dev.arvados.org/issues/17352
498 grep -q "postgres.client" ${S_DIR}/top.sls || echo " - postgres.client" >> ${S_DIR}/top.sls
499 grep -q "nginx.passenger" ${S_DIR}/top.sls || echo " - nginx.passenger" >> ${S_DIR}/top.sls
500 ### If we don't install and run LE before arvados-api-server, it fails and breaks everything
501 ### after it so we add this here, as we are, after all, sharing the host for api and controller
502 # Currently, only available on config_examples/multi_host/aws
503 if [ "x${USE_LETSENCRYPT}" = "xyes" ]; then
504 if [ "x${USE_LETSENCRYPT_IAM_USER}" = "xyes" ]; then
505 grep -q "aws_credentials" ${S_DIR}/top.sls || echo " - aws_credentials" >> ${S_DIR}/top.sls
507 grep -q "letsencrypt" ${S_DIR}/top.sls || echo " - letsencrypt" >> ${S_DIR}/top.sls
509 grep -q "arvados.${R}" ${S_DIR}/top.sls || echo " - arvados.${R}" >> ${S_DIR}/top.sls
511 grep -q "aws_credentials" ${P_DIR}/top.sls || echo " - aws_credentials" >> ${P_DIR}/top.sls
512 grep -q "docker" ${P_DIR}/top.sls || echo " - docker" >> ${P_DIR}/top.sls
513 grep -q "postgresql" ${P_DIR}/top.sls || echo " - postgresql" >> ${P_DIR}/top.sls
514 grep -q "nginx_passenger" ${P_DIR}/top.sls || echo " - nginx_passenger" >> ${P_DIR}/top.sls
515 grep -q "nginx_${R}_configuration" ${P_DIR}/top.sls || echo " - nginx_${R}_configuration" >> ${P_DIR}/top.sls
517 "controller" | "websocket" | "workbench" | "workbench2" | "webshell" | "keepweb" | "keepproxy")
519 grep -q "nginx.passenger" ${S_DIR}/top.sls || echo " - nginx.passenger" >> ${S_DIR}/top.sls
520 # Currently, only available on config_examples/multi_host/aws
521 if [ "x${USE_LETSENCRYPT}" = "xyes" ]; then
522 if [ "x${USE_LETSENCRYPT_IAM_USER}" = "xyes" ]; then
523 grep -q "aws_credentials" ${S_DIR}/top.sls || echo " - aws_credentials" >> ${S_DIR}/top.sls
525 grep -q "letsencrypt" ${S_DIR}/top.sls || echo " - letsencrypt" >> ${S_DIR}/top.sls
527 # webshell role is just a nginx vhost, so it has no state
528 if [ "${R}" != "webshell" ]; then
529 grep -q "arvados.${R}" ${S_DIR}/top.sls || echo " - arvados.${R}" >> ${S_DIR}/top.sls
532 grep -q "nginx_passenger" ${P_DIR}/top.sls || echo " - nginx_passenger" >> ${P_DIR}/top.sls
533 grep -q "nginx_${R}_configuration" ${P_DIR}/top.sls || echo " - nginx_${R}_configuration" >> ${P_DIR}/top.sls
534 # Currently, only available on config_examples/multi_host/aws
535 if [ "x${USE_LETSENCRYPT}" = "xyes" ]; then
536 if [ "x${USE_LETSENCRYPT_IAM_USER}" = "xyes" ]; then
537 grep -q "aws_credentials" ${P_DIR}/top.sls || echo " - aws_credentials" >> ${P_DIR}/top.sls
539 grep -q "letsencrypt" ${P_DIR}/top.sls || echo " - letsencrypt" >> ${P_DIR}/top.sls
540 grep -q "letsencrypt_${R}_configuration" ${P_DIR}/top.sls || echo " - letsencrypt_${R}_configuration" >> ${P_DIR}/top.sls
545 grep -q "docker" ${S_DIR}/top.sls || echo " - docker.software" >> ${S_DIR}/top.sls
546 grep -q "arvados.${R}" ${S_DIR}/top.sls || echo " - arvados.${R}" >> ${S_DIR}/top.sls
548 grep -q "" ${P_DIR}/top.sls || echo " - docker" >> ${P_DIR}/top.sls
552 grep -q "docker" ${S_DIR}/top.sls || echo " - docker.software" >> ${S_DIR}/top.sls
553 grep -q "arvados.${R}" ${S_DIR}/top.sls || echo " - arvados.${R}" >> ${S_DIR}/top.sls
555 # ATM, no specific pillar needed
559 grep -q "arvados.${R}" ${S_DIR}/top.sls || echo " - arvados.${R}" >> ${S_DIR}/top.sls
561 # ATM, no specific pillar needed
564 echo "Unknown role ${R}"
571 if [ "${DUMP_CONFIG}" = "yes" ]; then
572 # We won't run the rest of the script because we're just dumping the config
576 # FIXME! #16992 Temporary fix for psql call in arvados-api-server
577 if [ -e /root/.psqlrc ]; then
578 if ! ( grep 'pset pager off' /root/.psqlrc ); then
580 cp /root/.psqlrc /root/.psqlrc.provision.backup
586 echo '\pset pager off' >> /root/.psqlrc
587 # END FIXME! #16992 Temporary fix for psql call in arvados-api-server
589 # Now run the install
590 salt-call --local state.apply -l ${LOG_LEVEL}
592 # FIXME! #16992 Temporary fix for psql call in arvados-api-server
593 if [ "x${DELETE_PSQL}" = "xyes" ]; then
594 echo "Removing .psql file"
598 if [ "x${RESTORE_PSQL}" = "xyes" ]; then
599 echo "Restoring .psql file"
600 mv -v /root/.psqlrc.provision.backup /root/.psqlrc
602 # END FIXME! #16992 Temporary fix for psql call in arvados-api-server
604 # Leave a copy of the Arvados CA so the user can copy it where it's required
605 echo "Copying the Arvados CA certificate to the installer dir, so you can import it"
606 # If running in a vagrant VM, also add default user to docker group
607 if [ "x${VAGRANT}" = "xyes" ]; then
608 cp /etc/ssl/certs/arvados-snakeoil-ca.pem /vagrant/${CLUSTER}.${DOMAIN}-arvados-snakeoil-ca.pem
610 echo "Adding the vagrant user to the docker group"
611 usermod -a -G docker vagrant
613 cp /etc/ssl/certs/arvados-snakeoil-ca.pem ${SCRIPT_DIR}/${CLUSTER}.${DOMAIN}-arvados-snakeoil-ca.pem
616 # Test that the installation finished correctly
617 if [ "x${TEST}" = "xyes" ]; then
619 # If we use RVM, we need to run this with it, or most ruby commands will fail
621 if [ -x /usr/local/rvm/bin/rvm-exec ]; then
622 RVM_EXEC="/usr/local/rvm/bin/rvm-exec"
624 ${RVM_EXEC} ./run-test.sh