3 # Copyright (C) The Arvados Authors. All rights reserved.
5 # SPDX-License-Identifier: CC-BY-SA-3.0
7 # If you want to test arvados in a single host, you can run this script, which
8 # will install it using salt masterless
9 # This script is run by the Vagrant file when you run it with
15 # capture the directory that the script is running from
16 SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
20 echo >&2 "Usage: ${0} [-h] [-h]"
22 echo >&2 "${0} options:"
23 echo >&2 " -d, --debug Run salt installation in debug mode"
24 echo >&2 " -p <N>, --ssl-port <N> SSL port to use for the web applications"
25 echo >&2 " -c <local.params>, --config <local.params> Path to the local.params config file"
26 echo >&2 " -t, --test Test installation running a CWL workflow"
27 echo >&2 " -r, --roles List of Arvados roles to apply to the host, comma separated"
28 echo >&2 " Possible values are:"
30 echo >&2 " controller"
34 echo >&2 " workbench2"
38 echo >&2 " dispatcher"
39 echo >&2 " Defaults to applying them all"
40 echo >&2 " -h, --help Display this help and exit"
41 echo >&2 " -v, --vagrant Run in vagrant and use the /vagrant shared dir"
46 # NOTE: This requires GNU getopt (part of the util-linux package on Debian-based distros).
47 TEMP=$(getopt -o c:dhp:r:tv \
48 --long config:,debug,help,ssl-port:,roles:,test,vagrant \
51 if [ ${?} != 0 ] ; then echo "GNU getopt missing? Use -h for help"; exit 1 ; fi
52 # Note the quotes around `$TEMP': they are essential!
55 while [ ${#} -ge 1 ]; do
66 CONTROLLER_EXT_SSL_PORT=${2}
72 # Verify the role exists
73 if [[ ! "database,api,controller,keepstore,websocket,keepweb,workbench2,keepproxy,shell,workbench,dispatcher" == *"$i"* ]]; then
74 echo "The role '${i}' is not a valid role"
102 CONFIG_FILE="${SCRIPT_DIR}/local.params"
103 CONFIG_DIR="local_config_dir"
105 CONTROLLER_EXT_SSL_PORT=443
111 # Hostnames/IPs used for single-host deploys
113 HOSTNAME_INT="127.0.1.1"
117 INITIAL_USER_EMAIL=""
118 INITIAL_USER_PASSWORD=""
120 CONTROLLER_EXT_SSL_PORT=8000
121 KEEP_EXT_SSL_PORT=25101
122 # Both for collections and downloads
123 KEEPWEB_EXT_SSL_PORT=9002
124 WEBSHELL_EXT_SSL_PORT=4202
125 WEBSOCKET_EXT_SSL_PORT=8002
126 WORKBENCH1_EXT_SSL_PORT=443
127 WORKBENCH2_EXT_SSL_PORT=3001
129 # For a stable release, change RELEASE "production" and VERSION to the
130 # package version (including the iteration, e.g. X.Y.Z-1) of the
132 RELEASE="development"
135 # The arvados-formula version. For a stable release, this should be a
136 # branch name (e.g. X.Y-dev) or tag for the release.
139 # Other formula versions we depend on
140 POSTGRES_TAG="v0.41.6"
141 NGINX_TAG="temp-fix-missing-statements-in-pillar"
144 LETSENCRYPT_TAG="v2.1.0"
150 F_DIR="/srv/formulas"
156 if [ -s ${CONFIG_FILE} ]; then
157 source ${CONFIG_FILE}
159 echo >&2 "Please create a '${CONFIG_FILE}' file with initial values, as described in"
160 echo >&2 " * https://doc.arvados.org/install/salt-single-host.html#single_host, or"
161 echo >&2 " * https://doc.arvados.org/install/salt-multi-host.html#multi_host_multi_hostnames"
165 if [ ! -d ${CONFIG_DIR} ]; then
166 echo >&2 "Please create a '${CONFIG_DIR}' with initial values, as described in"
167 echo >&2 " * https://doc.arvados.org/install/salt-single-host.html#single_host, or"
168 echo >&2 " * https://doc.arvados.org/install/salt-multi-host.html#multi_host_multi_hostnames"
172 if grep -q 'fixme_or_this_wont_work' ${CONFIG_FILE} ; then
173 echo >&2 "The config file ${CONFIG_FILE} has some parameters that need to be modified."
174 echo >&2 "Please, fix them and re-run the provision script."
178 if ! grep -E '^[[:alnum:]]{5}$' <<<${CLUSTER} ; then
179 echo >&2 "ERROR: <CLUSTER> must be exactly 5 alphanumeric characters long"
180 echo >&2 "Fix the cluster name in the 'local.params' file and re-run the provision script"
184 # Only used in single_host/single_name deploys
185 if [ "x${HOSTNAME_EXT}" = "x" ] ; then
186 HOSTNAME_EXT="${CLUSTER}.${DOMAIN}"
190 apt-get install -y curl git jq
192 if which salt-call; then
193 echo "Salt already installed"
195 curl -L https://bootstrap.saltstack.com -o /tmp/bootstrap_salt.sh
196 sh /tmp/bootstrap_salt.sh -XdfP -x python3
197 /bin/systemctl stop salt-minion.service
198 /bin/systemctl disable salt-minion.service
201 # Set salt to masterless mode
202 cat > /etc/salt/minion << EOFSM
214 mkdir -p ${S_DIR} ${F_DIR} ${P_DIR}
216 # Get the formula and dependencies
217 cd ${F_DIR} || exit 1
218 git clone --branch "${ARVADOS_TAG}" https://github.com/arvados/arvados-formula.git
219 git clone --branch "${DOCKER_TAG}" https://github.com/saltstack-formulas/docker-formula.git
220 git clone --branch "${LOCALE_TAG}" https://github.com/saltstack-formulas/locale-formula.git
221 # git clone --branch "${NGINX_TAG}" https://github.com/saltstack-formulas/nginx-formula.git
222 git clone --branch "${NGINX_TAG}" https://github.com/netmanagers/nginx-formula.git
223 git clone --branch "${POSTGRES_TAG}" https://github.com/saltstack-formulas/postgres-formula.git
224 git clone --branch "${LETSENCRYPT_TAG}" https://github.com/saltstack-formulas/letsencrypt-formula.git
226 # If we want to try a specific branch of the formula
227 if [ "x${BRANCH}" != "x" ]; then
228 cd ${F_DIR}/arvados-formula || exit 1
229 git checkout -t origin/"${BRANCH}" -b "${BRANCH}"
233 if [ "x${VAGRANT}" = "xyes" ]; then
234 EXTRA_STATES_DIR="/home/vagrant/${CONFIG_DIR}/states"
235 SOURCE_PILLARS_DIR="/home/vagrant/${CONFIG_DIR}/pillars"
236 SOURCE_TESTS_DIR="/home/vagrant/${TESTS_DIR}"
238 EXTRA_STATES_DIR="${SCRIPT_DIR}/${CONFIG_DIR}/states"
239 SOURCE_PILLARS_DIR="${SCRIPT_DIR}/${CONFIG_DIR}/pillars"
240 SOURCE_TESTS_DIR="${SCRIPT_DIR}/${TESTS_DIR}"
243 SOURCE_STATES_DIR="${EXTRA_STATES_DIR}"
245 # Replace variables (cluster, domain, etc) in the pillars, states and tests
246 # to ease deployment for newcomers
247 if [ ! -d "${SOURCE_PILLARS_DIR}" ]; then
248 echo "${SOURCE_PILLARS_DIR} does not exist or is not a directory. Exiting."
251 for f in $(ls "${SOURCE_PILLARS_DIR}"/*); do
252 sed "s#__ANONYMOUS_USER_TOKEN__#${ANONYMOUS_USER_TOKEN}#g;
253 s#__BLOB_SIGNING_KEY__#${BLOB_SIGNING_KEY}#g;
254 s#__CONTROLLER_EXT_SSL_PORT__#${CONTROLLER_EXT_SSL_PORT}#g;
255 s#__CLUSTER__#${CLUSTER}#g;
256 s#__DOMAIN__#${DOMAIN}#g;
257 s#__HOSTNAME_EXT__#${HOSTNAME_EXT}#g;
258 s#__HOSTNAME_INT__#${HOSTNAME_INT}#g;
259 s#__INITIAL_USER_EMAIL__#${INITIAL_USER_EMAIL}#g;
260 s#__INITIAL_USER_PASSWORD__#${INITIAL_USER_PASSWORD}#g;
261 s#__INITIAL_USER__#${INITIAL_USER}#g;
262 s#__LE_AWS_REGION__#${LE_AWS_REGION}#g;
263 s#__LE_AWS_SECRET_ACCESS_KEY__#${LE_AWS_SECRET_ACCESS_KEY}#g;
264 s#__LE_AWS_ACCESS_KEY_ID__#${LE_AWS_ACCESS_KEY_ID}#g;
265 s#__DATABASE_PASSWORD__#${DATABASE_PASSWORD}#g;
266 s#__KEEPWEB_EXT_SSL_PORT__#${KEEPWEB_EXT_SSL_PORT}#g;
267 s#__KEEP_EXT_SSL_PORT__#${KEEP_EXT_SSL_PORT}#g;
268 s#__MANAGEMENT_TOKEN__#${MANAGEMENT_TOKEN}#g;
269 s#__RELEASE__#${RELEASE}#g;
270 s#__SYSTEM_ROOT_TOKEN__#${SYSTEM_ROOT_TOKEN}#g;
271 s#__VERSION__#${VERSION}#g;
272 s#__WEBSHELL_EXT_SSL_PORT__#${WEBSHELL_EXT_SSL_PORT}#g;
273 s#__WEBSOCKET_EXT_SSL_PORT__#${WEBSOCKET_EXT_SSL_PORT}#g;
274 s#__WORKBENCH1_EXT_SSL_PORT__#${WORKBENCH1_EXT_SSL_PORT}#g;
275 s#__WORKBENCH2_EXT_SSL_PORT__#${WORKBENCH2_EXT_SSL_PORT}#g;
276 s#__CLUSTER_INT_CIDR__#${CLUSTER_INT_CIDR}#g;
277 s#__CONTROLLER_INT_IP__#${CONTROLLER_INT_IP}#g;
278 s#__WEBSOCKET_INT_IP__#${WEBSOCKET_INT_IP}#g;
279 s#__KEEP_INT_IP__#${KEEP_INT_IP}#g;
280 s#__KEEPSTORE0_INT_IP__#${KEEPSTORE0_INT_IP}#g;
281 s#__KEEPSTORE1_INT_IP__#${KEEPSTORE1_INT_IP}#g;
282 s#__KEEPWEB_INT_IP__#${KEEPWEB_INT_IP}#g;
283 s#__WEBSHELL_INT_IP__#${WEBSHELL_INT_IP}#g;
284 s#__WORKBENCH1_INT_IP__#${WORKBENCH1_INT_IP}#g;
285 s#__WORKBENCH2_INT_IP__#${WORKBENCH2_INT_IP}#g;
286 s#__DATABASE_INT_IP__#${DATABASE_INT_IP}#g;
287 s#__WORKBENCH_SECRET_KEY__#${WORKBENCH_SECRET_KEY}#g" \
288 "${f}" > "${P_DIR}"/$(basename "${f}")
291 if [ "x${TEST}" = "xyes" ] && [ ! -d "${SOURCE_TESTS_DIR}" ]; then
292 echo "You requested to run tests, but ${SOURCE_TESTS_DIR} does not exist or is not a directory. Exiting."
295 mkdir -p /tmp/cluster_tests
296 # Replace cluster and domain name in the test files
297 for f in $(ls "${SOURCE_TESTS_DIR}"/*); do
298 sed "s#__CLUSTER__#${CLUSTER}#g;
299 s#__CONTROLLER_EXT_SSL_PORT__#${CONTROLLER_EXT_SSL_PORT}#g;
300 s#__DOMAIN__#${DOMAIN}#g;
301 s#__HOSTNAME_INT__#${HOSTNAME_INT}#g;
302 s#__INITIAL_USER_EMAIL__#${INITIAL_USER_EMAIL}#g;
303 s#__INITIAL_USER_PASSWORD__#${INITIAL_USER_PASSWORD}#g
304 s#__INITIAL_USER__#${INITIAL_USER}#g;
305 s#__DATABASE_PASSWORD__#${DATABASE_PASSWORD}#g;
306 s#__SYSTEM_ROOT_TOKEN__#${SYSTEM_ROOT_TOKEN}#g" \
307 "${f}" > "/tmp/cluster_tests"/$(basename "${f}")
309 chmod 755 /tmp/cluster_tests/run-test.sh
311 # Replace helper state files that differ from the formula's examples
312 if [ -d "${SOURCE_STATES_DIR}" ]; then
313 mkdir -p "${F_DIR}"/extra/extra
315 for f in $(ls "${SOURCE_STATES_DIR}"/*); do
316 sed "s#__ANONYMOUS_USER_TOKEN__#${ANONYMOUS_USER_TOKEN}#g;
317 s#__CLUSTER__#${CLUSTER}#g;
318 s#__BLOB_SIGNING_KEY__#${BLOB_SIGNING_KEY}#g;
319 s#__CONTROLLER_EXT_SSL_PORT__#${CONTROLLER_EXT_SSL_PORT}#g;
320 s#__DOMAIN__#${DOMAIN}#g;
321 s#__HOSTNAME_EXT__#${HOSTNAME_EXT}#g;
322 s#__HOSTNAME_INT__#${HOSTNAME_INT}#g;
323 s#__INITIAL_USER_EMAIL__#${INITIAL_USER_EMAIL}#g;
324 s#__INITIAL_USER_PASSWORD__#${INITIAL_USER_PASSWORD}#g;
325 s#__INITIAL_USER__#${INITIAL_USER}#g;
326 s#__DATABASE_PASSWORD__#${DATABASE_PASSWORD}#g;
327 s#__KEEPWEB_EXT_SSL_PORT__#${KEEPWEB_EXT_SSL_PORT}#g;
328 s#__KEEP_EXT_SSL_PORT__#${KEEP_EXT_SSL_PORT}#g;
329 s#__MANAGEMENT_TOKEN__#${MANAGEMENT_TOKEN}#g;
330 s#__RELEASE__#${RELEASE}#g;
331 s#__SYSTEM_ROOT_TOKEN__#${SYSTEM_ROOT_TOKEN}#g;
332 s#__VERSION__#${VERSION}#g;
333 s#__CLUSTER_INT_CIDR__#${CLUSTER_INT_CIDR}#g;
334 s#__CONTROLLER_INT_IP__#${CONTROLLER_INT_IP}#g;
335 s#__WEBSOCKET_INT_IP__#${WEBSOCKET_INT_IP}#g;
336 s#__KEEP_INT_IP__#${KEEP_INT_IP}#g;
337 s#__KEEPSTORE0_INT_IP__#${KEEPSTORE0_INT_IP}#g;
338 s#__KEEPSTORE1_INT_IP__#${KEEPSTORE1_INT_IP}#g;
339 s#__KEEPWEB_INT_IP__#${KEEPWEB_INT_IP}#g;
340 s#__WEBSHELL_INT_IP__#${WEBSHELL_INT_IP}#g;
341 s#__WORKBENCH1_INT_IP__#${WORKBENCH1_INT_IP}#g;
342 s#__WORKBENCH2_INT_IP__#${WORKBENCH2_INT_IP}#g;
343 s#__DATABASE_INT_IP__#${DATABASE_INT_IP}#g;
344 s#__WEBSHELL_EXT_SSL_PORT__#${WEBSHELL_EXT_SSL_PORT}#g;
345 s#__WEBSOCKET_EXT_SSL_PORT__#${WEBSOCKET_EXT_SSL_PORT}#g;
346 s#__WORKBENCH1_EXT_SSL_PORT__#${WORKBENCH1_EXT_SSL_PORT}#g;
347 s#__WORKBENCH2_EXT_SSL_PORT__#${WORKBENCH2_EXT_SSL_PORT}#g;
348 s#__WORKBENCH_SECRET_KEY__#${WORKBENCH_SECRET_KEY}#g" \
349 "${f}" > "${F_DIR}/extra/extra"/$(basename "${f}")
353 # Now, we build the SALT states/pillars trees
354 # As we need to separate both states and pillars in case we want specific
355 # roles, we iterate on both at the same time
358 cat > ${S_DIR}/top.sls << EOFTSLS
365 cat > ${P_DIR}/top.sls << EOFPSLS
372 # States, extra states
373 if [ -d "${F_DIR}"/extra/extra ]; then
374 for f in $(ls "${F_DIR}"/extra/extra/*.sls); do
375 echo " - extra.$(basename ${f} | sed 's/.sls$//g')" >> ${S_DIR}/top.sls
379 # If we want specific roles for a node, just add the desired states
380 # and its dependencies
381 if [ -z "${ROLES}" ]; then
383 echo " - nginx.passenger" >> ${S_DIR}/top.sls
384 # Currently, only available on config_examples/multi_host/aws
385 if [ "x${USE_LETSENCRYPT}" = "xyes" ]; then
386 if [ "x${USE_LETSENCRYPT_IAM_USER}" = "xyes" ]; then
387 grep -q "aws_credentials" ${S_DIR}/top.sls || echo " - aws_credentials" >> ${S_DIR}/top.sls
389 grep -q "letsencrypt" ${S_DIR}/top.sls || echo " - letsencrypt" >> ${S_DIR}/top.sls
391 echo " - postgres" >> ${S_DIR}/top.sls
392 echo " - docker.software" >> ${S_DIR}/top.sls
393 echo " - arvados" >> ${S_DIR}/top.sls
396 echo " - docker" >> ${P_DIR}/top.sls
397 echo " - nginx_api_configuration" >> ${P_DIR}/top.sls
398 echo " - nginx_controller_configuration" >> ${P_DIR}/top.sls
399 echo " - nginx_keepproxy_configuration" >> ${P_DIR}/top.sls
400 echo " - nginx_keepweb_configuration" >> ${P_DIR}/top.sls
401 echo " - nginx_passenger" >> ${P_DIR}/top.sls
402 echo " - nginx_websocket_configuration" >> ${P_DIR}/top.sls
403 echo " - nginx_webshell_configuration" >> ${P_DIR}/top.sls
404 echo " - nginx_workbench2_configuration" >> ${P_DIR}/top.sls
405 echo " - nginx_workbench_configuration" >> ${P_DIR}/top.sls
406 echo " - postgresql" >> ${P_DIR}/top.sls
407 # Currently, only available on config_examples/multi_host/aws
408 if [ "x${USE_LETSENCRYPT}" = "xyes" ]; then
409 if [ "x${USE_LETSENCRYPT_IAM_USER}" = "xyes" ]; then
410 grep -q "aws_credentials" ${P_DIR}/top.sls || echo " - aws_credentials" >> ${P_DIR}/top.sls
412 grep -q "letsencrypt" ${P_DIR}/top.sls || echo " - letsencrypt" >> ${P_DIR}/top.sls
415 # If we add individual roles, make sure we add the repo first
416 echo " - arvados.repo" >> ${S_DIR}/top.sls
417 for R in ${ROLES}; do
421 echo " - postgres" >> ${S_DIR}/top.sls
423 echo ' - postgresql' >> ${P_DIR}/top.sls
427 # FIXME: https://dev.arvados.org/issues/17352
428 grep -q "postgres.client" ${S_DIR}/top.sls || echo " - postgres.client" >> ${S_DIR}/top.sls
429 grep -q "nginx.passenger" ${S_DIR}/top.sls || echo " - nginx.passenger" >> ${S_DIR}/top.sls
430 ### If we don't install and run LE before arvados-api-server, it fails and breaks everything
431 ### after it so we add this here, as we are, after all, sharing the host for api and controller
432 # Currently, only available on config_examples/multi_host/aws
433 if [ "x${USE_LETSENCRYPT}" = "xyes" ]; then
434 if [ "x${USE_LETSENCRYPT_IAM_USER}" = "xyes" ]; then
435 grep -q "aws_credentials" ${S_DIR}/top.sls || echo " - aws_credentials" >> ${S_DIR}/top.sls
437 grep -q "letsencrypt" ${S_DIR}/top.sls || echo " - letsencrypt" >> ${S_DIR}/top.sls
439 grep -q "arvados.${R}" ${S_DIR}/top.sls || echo " - arvados.${R}" >> ${S_DIR}/top.sls
441 grep -q "aws_credentials" ${P_DIR}/top.sls || echo " - aws_credentials" >> ${P_DIR}/top.sls
442 grep -q "docker" ${P_DIR}/top.sls || echo " - docker" >> ${P_DIR}/top.sls
443 grep -q "postgresql" ${P_DIR}/top.sls || echo " - postgresql" >> ${P_DIR}/top.sls
444 grep -q "nginx_passenger" ${P_DIR}/top.sls || echo " - nginx_passenger" >> ${P_DIR}/top.sls
445 grep -q "nginx_${R}_configuration" ${P_DIR}/top.sls || echo " - nginx_${R}_configuration" >> ${P_DIR}/top.sls
447 "controller" | "websocket" | "workbench" | "workbench2" | "keepweb" | "keepproxy")
449 grep -q "nginx.passenger" ${S_DIR}/top.sls || echo " - nginx.passenger" >> ${S_DIR}/top.sls
450 # Currently, only available on config_examples/multi_host/aws
451 if [ "x${USE_LETSENCRYPT}" = "xyes" ]; then
452 if [ "x${USE_LETSENCRYPT_IAM_USER}" = "xyes" ]; then
453 grep -q "aws_credentials" ${S_DIR}/top.sls || echo " - aws_credentials" >> ${S_DIR}/top.sls
455 grep -q "letsencrypt" ${S_DIR}/top.sls || echo " - letsencrypt" >> ${S_DIR}/top.sls
457 grep -q "arvados.${R}" ${S_DIR}/top.sls || echo " - arvados.${R}" >> ${S_DIR}/top.sls
459 grep -q "nginx_passenger" ${P_DIR}/top.sls || echo " - nginx_passenger" >> ${P_DIR}/top.sls
460 grep -q "nginx_${R}_configuration" ${P_DIR}/top.sls || echo " - nginx_${R}_configuration" >> ${P_DIR}/top.sls
461 # Currently, only available on config_examples/multi_host/aws
462 if [ "x${USE_LETSENCRYPT}" = "xyes" ]; then
463 if [ "x${USE_LETSENCRYPT_IAM_USER}" = "xyes" ]; then
464 grep -q "aws_credentials" ${P_DIR}/top.sls || echo " - aws_credentials" >> ${P_DIR}/top.sls
466 grep -q "letsencrypt" ${P_DIR}/top.sls || echo " - letsencrypt" >> ${P_DIR}/top.sls
467 grep -q "letsencrypt_${R}_configuration" ${P_DIR}/top.sls || echo " - letsencrypt_${R}_configuration" >> ${P_DIR}/top.sls
472 grep -q "docker" ${S_DIR}/top.sls || echo " - docker.software" >> ${S_DIR}/top.sls
473 grep -q "arvados.${R}" ${S_DIR}/top.sls || echo " - arvados.${R}" >> ${S_DIR}/top.sls
475 grep -q "" ${P_DIR}/top.sls || echo " - docker" >> ${P_DIR}/top.sls
476 grep -q "nginx_webshell_configuration" ${P_DIR}/top.sls || echo " - nginx_webshell_configuration" >> ${P_DIR}/top.sls
480 grep -q "docker" ${S_DIR}/top.sls || echo " - docker.software" >> ${S_DIR}/top.sls
481 grep -q "arvados.${R}" ${S_DIR}/top.sls || echo " - arvados.${R}" >> ${S_DIR}/top.sls
483 # ATM, no specific pillar needed
487 grep -q "arvados.${R}" ${S_DIR}/top.sls || echo " - arvados.${R}" >> ${S_DIR}/top.sls
489 # ATM, no specific pillar needed
492 echo "Unknown role ${R}"
499 # FIXME! #16992 Temporary fix for psql call in arvados-api-server
500 if [ -e /root/.psqlrc ]; then
501 if ! ( grep 'pset pager off' /root/.psqlrc ); then
503 cp /root/.psqlrc /root/.psqlrc.provision.backup
509 echo '\pset pager off' >> /root/.psqlrc
510 # END FIXME! #16992 Temporary fix for psql call in arvados-api-server
512 # Now run the install
513 salt-call --local state.apply -l ${LOG_LEVEL}
515 # FIXME! #16992 Temporary fix for psql call in arvados-api-server
516 if [ "x${DELETE_PSQL}" = "xyes" ]; then
517 echo "Removing .psql file"
521 if [ "x${RESTORE_PSQL}" = "xyes" ]; then
522 echo "Restoring .psql file"
523 mv -v /root/.psqlrc.provision.backup /root/.psqlrc
525 # END FIXME! #16992 Temporary fix for psql call in arvados-api-server
527 # Leave a copy of the Arvados CA so the user can copy it where it's required
528 echo "Copying the Arvados CA certificate to the installer dir, so you can import it"
529 # If running in a vagrant VM, also add default user to docker group
530 if [ "x${VAGRANT}" = "xyes" ]; then
531 cp /etc/ssl/certs/arvados-snakeoil-ca.pem /vagrant/${CLUSTER}.${DOMAIN}-arvados-snakeoil-ca.pem
533 echo "Adding the vagrant user to the docker group"
534 usermod -a -G docker vagrant
536 cp /etc/ssl/certs/arvados-snakeoil-ca.pem ${SCRIPT_DIR}/${CLUSTER}.${DOMAIN}-arvados-snakeoil-ca.pem
539 # Test that the installation finished correctly
540 if [ "x${TEST}" = "xyes" ]; then
541 cd /tmp/cluster_tests