3 # Copyright (C) The Arvados Authors. All rights reserved.
5 # SPDX-License-Identifier: CC-BY-SA-3.0
10 # Helps manage the configuration in a git repository, and then deploy
11 # nodes by pushing a copy of the git repository to each node and
12 # running the provision script to do the actual installation and
20 declare CONFIG_FILE=local.params
22 # The salt template directory
23 declare CONFIG_DIR=local_config_dir
25 # The 5-character Arvados cluster id
26 # This will be populated by loadconfig()
29 # The parent domain (not including the cluster id)
30 # This will be populated by loadconfig()
33 # A bash associative array listing each node and mapping to the roles
34 # that should be provisioned on those nodes.
35 # This will be populated by loadconfig()
38 # The ssh user we'll use
39 # This will be populated by loadconfig()
42 # The git repository that we'll push to on all the nodes
43 # This will be populated by loadconfig()
53 if [[ -n "$MISSING" ]] ; then
54 echo "Some tools are missing, please make sure you have the 'git' and 'iproute2' packages installed"
63 # Synchronizes the configuration by creating a git repository on
64 # each node, pushing our branch, and updating the checkout.
66 if [[ "$NODE" != localhost ]] ; then
67 if ! ssh $DEPLOY_USER@$NODE test -d ${GITTARGET}.git ; then
69 # Initialize the git repository (1st time case). We're
70 # actually going to make two repositories here because git
71 # will complain if you try to push to a repository with a
72 # checkout. So we're going to create a "bare" repository
73 # and then clone a regular repository (with a checkout)
76 ssh $DEPLOY_USER@$NODE git init --bare ${GITTARGET}.git
77 ssh $DEPLOY_USER@$NODE chmod 700 ${GITTARGET}.git
78 if ! git remote add $NODE $DEPLOY_USER@$NODE:${GITTARGET}.git ; then
79 git remote set-url $NODE $DEPLOY_USER@$NODE:${GITTARGET}.git
81 git push $NODE $BRANCH
82 ssh $DEPLOY_USER@$NODE git clone ${GITTARGET}.git ${GITTARGET}
83 ssh $DEPLOY_USER@$NODE chmod 700 ${GITTARGET}
88 # Push to the bare repository on the remote node, then in the
89 # remote node repository with the checkout, pull the branch
90 # from the bare repository.
92 git push $NODE $BRANCH
93 ssh $DEPLOY_USER@$NODE "git -C ${GITTARGET} checkout ${BRANCH} && git -C ${GITTARGET} pull"
101 # Deploy a node. This runs the provision script on the node, with
102 # the appropriate roles.
104 if [[ -z "$ROLES" ]] ; then
105 echo "No roles specified for $NODE, will deploy all roles"
107 ROLES="--roles ${ROLES}"
110 logfile=deploy-${NODE}-$(date -Iseconds).log
112 if [[ "$NODE" = localhost ]] ; then
114 if [[ $(whoami) != 'root' ]] ; then
117 $SUDO ./provision.sh --config ${CONFIG_FILE} ${ROLES} 2>&1 | tee $logfile
119 ssh $DEPLOY_USER@$NODE "cd ${GITTARGET} && sudo ./provision.sh --config ${CONFIG_FILE} ${ROLES}" 2>&1 | tee $logfile
124 if [[ ! -s $CONFIG_FILE ]] ; then
125 echo "Must be run from initialized setup dir, maybe you need to 'initialize' first?"
127 source ${CONFIG_FILE}
128 GITTARGET=arvados-deploy-config-${CLUSTER}
135 if [[ -n "$subcmd" ]] ; then
140 if [[ ! -f provision.sh ]] ; then
141 echo "Must be run from arvados/tools/salt-install"
155 if [[ -z "$PARAMS" || ! -f local.params.example.$PARAMS ]] ; then
156 echo "Not found: local.params.example.$PARAMS"
157 echo "Expected one of multiple_hosts, single_host_multiple_hostnames, single_host_single_hostname"
161 if [[ -z "$SLS" || ! -d config_examples/$SLS ]] ; then
162 echo "Not found: config_examples/$SLS"
163 echo "Expected one of multi_host/aws, single_host/multiple_hostnames, single_host/single_hostname"
167 if [[ -z "$SETUPDIR" || -z "$PARAMS" || -z "$SLS" ]]; then
168 echo "installer.sh <setup dir to initialize> <params template> <config template>"
172 if [[ -n "$err" ]] ; then
176 echo "Initializing $SETUPDIR"
179 cp -r *.sh tests $SETUPDIR
181 cp local.params.example.$PARAMS $SETUPDIR/${CONFIG_FILE}
182 cp -r config_examples/$SLS $SETUPDIR/${CONFIG_DIR}
184 if [[ -n "$TERRAFORM" ]] ; then
185 mkdir $SETUPDIR/terraform
186 cp -r $TERRAFORM/* $SETUPDIR/terraform/
190 echo '*.log' > .gitignore
192 git add *.sh ${CONFIG_FILE} ${CONFIG_DIR} tests .gitignore
193 git commit -m"initial commit"
196 echo "Setup directory $SETUPDIR initialized."
197 if [[ -n "$TERRAFORM" ]] ; then
198 (cd $SETUPDIR/terraform/vpc && terraform init)
199 (cd $SETUPDIR/terraform/data-storage && terraform init)
200 (cd $SETUPDIR/terraform/services && terraform init)
201 echo "Now go to $SETUPDIR, customize 'terraform/vpc/terraform.tfvars' as needed, then run 'installer.sh terraform'"
203 echo "Now go to $SETUPDIR, customize '${CONFIG_FILE}' and '${CONFIG_DIR}' as needed, then run 'installer.sh deploy'"
208 logfile=terraform-$(date -Iseconds).log
209 (cd terraform/vpc && terraform apply) 2>&1 | tee -a $logfile
210 (cd terraform/data-storage && terraform apply) 2>&1 | tee -a $logfile
211 (cd terraform/services && terraform apply) 2>&1 | grep -v letsencrypt_iam_secret_access_key | tee -a $logfile
212 (cd terraform/services && echo -n 'letsencrypt_iam_secret_access_key = ' && terraform output letsencrypt_iam_secret_access_key) 2>&1 | tee -a $logfile
216 for i in BLOB_SIGNING_KEY MANAGEMENT_TOKEN SYSTEM_ROOT_TOKEN ANONYMOUS_USER_TOKEN WORKBENCH_SECRET_KEY DATABASE_PASSWORD; do
217 echo ${i}=$(tr -dc A-Za-z0-9 </dev/urandom | head -c 32 ; echo '')
230 if grep -rni 'fixme' ${CONFIG_FILE} ${CONFIG_DIR} ; then
232 echo "Some parameters still need to be updated. Please fix them and then re-run deploy."
236 BRANCH=$(git branch --show-current)
241 if ! git diff --cached --exit-code ; then
242 git commit -m"prepare for deploy"
245 if [[ -z "$NODE" ]]; then
246 for NODE in "${!NODES[@]}"
248 # First, push the git repo to each node. This also
249 # confirms that we have git and can log into each
254 for NODE in "${!NODES[@]}"
256 # Do 'database' role first,
257 if [[ "${NODES[$NODE]}" =~ database ]] ; then
258 deploynode $NODE "${NODES[$NODE]}"
263 for NODE in "${!NODES[@]}"
265 # then 'api' or 'controller' roles
266 if [[ "${NODES[$NODE]}" =~ (api|controller) ]] ; then
267 deploynode $NODE "${NODES[$NODE]}"
272 for NODE in "${!NODES[@]}"
274 # Everything else (we removed the nodes that we
275 # already deployed from the list)
276 deploynode $NODE "${NODES[$NODE]}"
279 # Just deploy the node that was supplied on the command line.
286 echo "Completed deploy, run 'installer.sh diagnostics' to verify the install"
297 if ! which arvados-client ; then
298 echo "arvados-client not found, install 'arvados-client' package with 'apt-get' or 'yum'"
302 if [[ -z "$LOCATION" ]] ; then
303 echo "Need to provide '-internal-client' or '-external-client'"
305 echo "-internal-client You are running this on the same private network as the Arvados cluster (e.g. on one of the Arvados nodes)"
306 echo "-external-client You are running this outside the private network of the Arvados cluster (e.g. your workstation)"
310 export ARVADOS_API_HOST="${CLUSTER}.${DOMAIN}:${CONTROLLER_EXT_SSL_PORT}"
311 export ARVADOS_API_TOKEN="$SYSTEM_ROOT_TOKEN"
313 arvados-client diagnostics $LOCATION
317 echo "Arvados installer"
319 echo "initialize initialize the setup directory for configuration"
320 echo "terraform create cloud resources using terraform"
321 echo "generate-tokens generate random values for tokens"
322 echo "deploy deploy the configuration from the setup directory"
323 echo "diagnostics check your install using diagnostics"