3 # Copyright (C) The Arvados Authors. All rights reserved.
5 # SPDX-License-Identifier: CC-BY-SA-3.0
7 # If you want to test arvados in a single host, you can run this script, which
8 # will install it using salt masterless
9 # This script is run by the Vagrant file when you run it with
15 # capture the directory that the script is running from
16 SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
20 echo >&2 "Usage: ${0} [-h] [-h]"
22 echo >&2 "${0} options:"
23 echo >&2 " -d, --debug Run salt installation in debug mode"
24 echo >&2 " -p <N>, --ssl-port <N> SSL port to use for the web applications"
25 echo >&2 " -c <local.params>, --config <local.params> Path to the local.params config file"
26 echo >&2 " -t, --test Test installation running a CWL workflow"
27 echo >&2 " -r, --roles List of Arvados roles to apply to the host, comma separated"
28 echo >&2 " Possible values are:"
30 echo >&2 " controller"
31 echo >&2 " dispatcher"
39 echo >&2 " workbench2"
40 echo >&2 " Defaults to applying them all"
41 echo >&2 " -h, --help Display this help and exit"
42 echo >&2 " -v, --vagrant Run in vagrant and use the /vagrant shared dir"
47 # NOTE: This requires GNU getopt (part of the util-linux package on Debian-based distros).
48 TEMP=$(getopt -o c:dhp:r:tv \
49 --long config:,debug,help,ssl-port:,roles:,test,vagrant \
52 if [ ${?} != 0 ] ; then echo "GNU getopt missing? Use -h for help"; exit 1 ; fi
53 # Note the quotes around `$TEMP': they are essential!
56 while [ ${#} -ge 1 ]; do
67 CONTROLLER_EXT_SSL_PORT=${2}
73 # Verify the role exists
74 if [[ ! "database,api,controller,keepstore,websocket,keepweb,workbench2,webshell,keepproxy,shell,workbench,dispatcher" == *"$i"* ]]; then
75 echo "The role '${i}' is not a valid role"
103 CONFIG_FILE="${SCRIPT_DIR}/local.params"
104 CONFIG_DIR="local_config_dir"
106 CONTROLLER_EXT_SSL_PORT=443
112 # Hostnames/IPs used for single-host deploys
114 HOSTNAME_INT="127.0.1.1"
118 INITIAL_USER_EMAIL=""
119 INITIAL_USER_PASSWORD=""
121 CONTROLLER_EXT_SSL_PORT=8000
122 KEEP_EXT_SSL_PORT=25101
123 # Both for collections and downloads
124 KEEPWEB_EXT_SSL_PORT=9002
125 WEBSHELL_EXT_SSL_PORT=4202
126 WEBSOCKET_EXT_SSL_PORT=8002
127 WORKBENCH1_EXT_SSL_PORT=443
128 WORKBENCH2_EXT_SSL_PORT=3001
130 # For a stable release, change RELEASE "production" and VERSION to the
131 # package version (including the iteration, e.g. X.Y.Z-1) of the
133 RELEASE="development"
136 # The arvados-formula version. For a stable release, this should be a
137 # branch name (e.g. X.Y-dev) or tag for the release.
140 # Other formula versions we depend on
141 POSTGRES_TAG="v0.41.6"
142 NGINX_TAG="temp-fix-missing-statements-in-pillar"
145 LETSENCRYPT_TAG="v2.1.0"
151 F_DIR="/srv/formulas"
157 if [ -s ${CONFIG_FILE} ]; then
158 source ${CONFIG_FILE}
160 echo >&2 "Please create a '${CONFIG_FILE}' file with initial values, as described in"
161 echo >&2 " * https://doc.arvados.org/install/salt-single-host.html#single_host, or"
162 echo >&2 " * https://doc.arvados.org/install/salt-multi-host.html#multi_host_multi_hostnames"
166 if [ ! -d ${CONFIG_DIR} ]; then
167 echo >&2 "Please create a '${CONFIG_DIR}' with initial values, as described in"
168 echo >&2 " * https://doc.arvados.org/install/salt-single-host.html#single_host, or"
169 echo >&2 " * https://doc.arvados.org/install/salt-multi-host.html#multi_host_multi_hostnames"
173 if grep -q 'fixme_or_this_wont_work' ${CONFIG_FILE} ; then
174 echo >&2 "The config file ${CONFIG_FILE} has some parameters that need to be modified."
175 echo >&2 "Please, fix them and re-run the provision script."
179 if ! grep -E '^[[:alnum:]]{5}$' <<<${CLUSTER} ; then
180 echo >&2 "ERROR: <CLUSTER> must be exactly 5 alphanumeric characters long"
181 echo >&2 "Fix the cluster name in the 'local.params' file and re-run the provision script"
185 # Only used in single_host/single_name deploys
186 if [ "x${HOSTNAME_EXT}" = "x" ] ; then
187 HOSTNAME_EXT="${CLUSTER}.${DOMAIN}"
191 apt-get install -y curl git jq
193 if which salt-call; then
194 echo "Salt already installed"
196 curl -L https://bootstrap.saltstack.com -o /tmp/bootstrap_salt.sh
197 sh /tmp/bootstrap_salt.sh -XdfP -x python3
198 /bin/systemctl stop salt-minion.service
199 /bin/systemctl disable salt-minion.service
202 # Set salt to masterless mode
203 cat > /etc/salt/minion << EOFSM
215 mkdir -p ${S_DIR} ${F_DIR} ${P_DIR}
217 # Get the formula and dependencies
218 cd ${F_DIR} || exit 1
219 git clone --branch "${ARVADOS_TAG}" https://git.arvados.org/arvados-formula.git
220 git clone --branch "${DOCKER_TAG}" https://github.com/saltstack-formulas/docker-formula.git
221 git clone --branch "${LOCALE_TAG}" https://github.com/saltstack-formulas/locale-formula.git
222 # git clone --branch "${NGINX_TAG}" https://github.com/saltstack-formulas/nginx-formula.git
223 git clone --branch "${NGINX_TAG}" https://github.com/netmanagers/nginx-formula.git
224 git clone --branch "${POSTGRES_TAG}" https://github.com/saltstack-formulas/postgres-formula.git
225 git clone --branch "${LETSENCRYPT_TAG}" https://github.com/saltstack-formulas/letsencrypt-formula.git
227 # If we want to try a specific branch of the formula
228 if [ "x${BRANCH}" != "x" ]; then
229 cd ${F_DIR}/arvados-formula || exit 1
230 git checkout -t origin/"${BRANCH}" -b "${BRANCH}"
234 if [ "x${VAGRANT}" = "xyes" ]; then
235 EXTRA_STATES_DIR="/home/vagrant/${CONFIG_DIR}/states"
236 SOURCE_PILLARS_DIR="/home/vagrant/${CONFIG_DIR}/pillars"
237 SOURCE_TESTS_DIR="/home/vagrant/${TESTS_DIR}"
239 EXTRA_STATES_DIR="${SCRIPT_DIR}/${CONFIG_DIR}/states"
240 SOURCE_PILLARS_DIR="${SCRIPT_DIR}/${CONFIG_DIR}/pillars"
241 SOURCE_TESTS_DIR="${SCRIPT_DIR}/${TESTS_DIR}"
244 SOURCE_STATES_DIR="${EXTRA_STATES_DIR}"
246 # Replace variables (cluster, domain, etc) in the pillars, states and tests
247 # to ease deployment for newcomers
248 if [ ! -d "${SOURCE_PILLARS_DIR}" ]; then
249 echo "${SOURCE_PILLARS_DIR} does not exist or is not a directory. Exiting."
252 for f in $(ls "${SOURCE_PILLARS_DIR}"/*); do
253 sed "s#__ANONYMOUS_USER_TOKEN__#${ANONYMOUS_USER_TOKEN}#g;
254 s#__BLOB_SIGNING_KEY__#${BLOB_SIGNING_KEY}#g;
255 s#__CONTROLLER_EXT_SSL_PORT__#${CONTROLLER_EXT_SSL_PORT}#g;
256 s#__CLUSTER__#${CLUSTER}#g;
257 s#__DOMAIN__#${DOMAIN}#g;
258 s#__HOSTNAME_EXT__#${HOSTNAME_EXT}#g;
259 s#__HOSTNAME_INT__#${HOSTNAME_INT}#g;
260 s#__INITIAL_USER_EMAIL__#${INITIAL_USER_EMAIL}#g;
261 s#__INITIAL_USER_PASSWORD__#${INITIAL_USER_PASSWORD}#g;
262 s#__INITIAL_USER__#${INITIAL_USER}#g;
263 s#__LE_AWS_REGION__#${LE_AWS_REGION}#g;
264 s#__LE_AWS_SECRET_ACCESS_KEY__#${LE_AWS_SECRET_ACCESS_KEY}#g;
265 s#__LE_AWS_ACCESS_KEY_ID__#${LE_AWS_ACCESS_KEY_ID}#g;
266 s#__DATABASE_PASSWORD__#${DATABASE_PASSWORD}#g;
267 s#__KEEPWEB_EXT_SSL_PORT__#${KEEPWEB_EXT_SSL_PORT}#g;
268 s#__KEEP_EXT_SSL_PORT__#${KEEP_EXT_SSL_PORT}#g;
269 s#__MANAGEMENT_TOKEN__#${MANAGEMENT_TOKEN}#g;
270 s#__RELEASE__#${RELEASE}#g;
271 s#__SYSTEM_ROOT_TOKEN__#${SYSTEM_ROOT_TOKEN}#g;
272 s#__VERSION__#${VERSION}#g;
273 s#__WEBSHELL_EXT_SSL_PORT__#${WEBSHELL_EXT_SSL_PORT}#g;
274 s#__WEBSOCKET_EXT_SSL_PORT__#${WEBSOCKET_EXT_SSL_PORT}#g;
275 s#__WORKBENCH1_EXT_SSL_PORT__#${WORKBENCH1_EXT_SSL_PORT}#g;
276 s#__WORKBENCH2_EXT_SSL_PORT__#${WORKBENCH2_EXT_SSL_PORT}#g;
277 s#__CLUSTER_INT_CIDR__#${CLUSTER_INT_CIDR}#g;
278 s#__CONTROLLER_INT_IP__#${CONTROLLER_INT_IP}#g;
279 s#__WEBSOCKET_INT_IP__#${WEBSOCKET_INT_IP}#g;
280 s#__KEEP_INT_IP__#${KEEP_INT_IP}#g;
281 s#__KEEPSTORE0_INT_IP__#${KEEPSTORE0_INT_IP}#g;
282 s#__KEEPSTORE1_INT_IP__#${KEEPSTORE1_INT_IP}#g;
283 s#__KEEPWEB_INT_IP__#${KEEPWEB_INT_IP}#g;
284 s#__WEBSHELL_INT_IP__#${WEBSHELL_INT_IP}#g;
285 s#__SHELL_INT_IP__#${SHELL_INT_IP}#g;
286 s#__WORKBENCH1_INT_IP__#${WORKBENCH1_INT_IP}#g;
287 s#__WORKBENCH2_INT_IP__#${WORKBENCH2_INT_IP}#g;
288 s#__DATABASE_INT_IP__#${DATABASE_INT_IP}#g;
289 s#__WORKBENCH_SECRET_KEY__#${WORKBENCH_SECRET_KEY}#g" \
290 "${f}" > "${P_DIR}"/$(basename "${f}")
293 if [ "x${TEST}" = "xyes" ] && [ ! -d "${SOURCE_TESTS_DIR}" ]; then
294 echo "You requested to run tests, but ${SOURCE_TESTS_DIR} does not exist or is not a directory. Exiting."
297 mkdir -p /tmp/cluster_tests
298 # Replace cluster and domain name in the test files
299 for f in $(ls "${SOURCE_TESTS_DIR}"/*); do
300 sed "s#__CLUSTER__#${CLUSTER}#g;
301 s#__CONTROLLER_EXT_SSL_PORT__#${CONTROLLER_EXT_SSL_PORT}#g;
302 s#__DOMAIN__#${DOMAIN}#g;
303 s#__HOSTNAME_INT__#${HOSTNAME_INT}#g;
304 s#__INITIAL_USER_EMAIL__#${INITIAL_USER_EMAIL}#g;
305 s#__INITIAL_USER_PASSWORD__#${INITIAL_USER_PASSWORD}#g
306 s#__INITIAL_USER__#${INITIAL_USER}#g;
307 s#__DATABASE_PASSWORD__#${DATABASE_PASSWORD}#g;
308 s#__SYSTEM_ROOT_TOKEN__#${SYSTEM_ROOT_TOKEN}#g" \
309 "${f}" > "/tmp/cluster_tests"/$(basename "${f}")
311 chmod 755 /tmp/cluster_tests/run-test.sh
313 # Replace helper state files that differ from the formula's examples
314 if [ -d "${SOURCE_STATES_DIR}" ]; then
315 mkdir -p "${F_DIR}"/extra/extra
317 for f in $(ls "${SOURCE_STATES_DIR}"/*); do
318 sed "s#__ANONYMOUS_USER_TOKEN__#${ANONYMOUS_USER_TOKEN}#g;
319 s#__CLUSTER__#${CLUSTER}#g;
320 s#__BLOB_SIGNING_KEY__#${BLOB_SIGNING_KEY}#g;
321 s#__CONTROLLER_EXT_SSL_PORT__#${CONTROLLER_EXT_SSL_PORT}#g;
322 s#__DOMAIN__#${DOMAIN}#g;
323 s#__HOSTNAME_EXT__#${HOSTNAME_EXT}#g;
324 s#__HOSTNAME_INT__#${HOSTNAME_INT}#g;
325 s#__INITIAL_USER_EMAIL__#${INITIAL_USER_EMAIL}#g;
326 s#__INITIAL_USER_PASSWORD__#${INITIAL_USER_PASSWORD}#g;
327 s#__INITIAL_USER__#${INITIAL_USER}#g;
328 s#__DATABASE_PASSWORD__#${DATABASE_PASSWORD}#g;
329 s#__KEEPWEB_EXT_SSL_PORT__#${KEEPWEB_EXT_SSL_PORT}#g;
330 s#__KEEP_EXT_SSL_PORT__#${KEEP_EXT_SSL_PORT}#g;
331 s#__MANAGEMENT_TOKEN__#${MANAGEMENT_TOKEN}#g;
332 s#__RELEASE__#${RELEASE}#g;
333 s#__SYSTEM_ROOT_TOKEN__#${SYSTEM_ROOT_TOKEN}#g;
334 s#__VERSION__#${VERSION}#g;
335 s#__CLUSTER_INT_CIDR__#${CLUSTER_INT_CIDR}#g;
336 s#__CONTROLLER_INT_IP__#${CONTROLLER_INT_IP}#g;
337 s#__WEBSOCKET_INT_IP__#${WEBSOCKET_INT_IP}#g;
338 s#__KEEP_INT_IP__#${KEEP_INT_IP}#g;
339 s#__KEEPSTORE0_INT_IP__#${KEEPSTORE0_INT_IP}#g;
340 s#__KEEPSTORE1_INT_IP__#${KEEPSTORE1_INT_IP}#g;
341 s#__KEEPWEB_INT_IP__#${KEEPWEB_INT_IP}#g;
342 s#__WEBSHELL_INT_IP__#${WEBSHELL_INT_IP}#g;
343 s#__WORKBENCH1_INT_IP__#${WORKBENCH1_INT_IP}#g;
344 s#__WORKBENCH2_INT_IP__#${WORKBENCH2_INT_IP}#g;
345 s#__DATABASE_INT_IP__#${DATABASE_INT_IP}#g;
346 s#__WEBSHELL_EXT_SSL_PORT__#${WEBSHELL_EXT_SSL_PORT}#g;
347 s#__WEBSOCKET_EXT_SSL_PORT__#${WEBSOCKET_EXT_SSL_PORT}#g;
348 s#__WORKBENCH1_EXT_SSL_PORT__#${WORKBENCH1_EXT_SSL_PORT}#g;
349 s#__WORKBENCH2_EXT_SSL_PORT__#${WORKBENCH2_EXT_SSL_PORT}#g;
350 s#__WORKBENCH_SECRET_KEY__#${WORKBENCH_SECRET_KEY}#g" \
351 "${f}" > "${F_DIR}/extra/extra"/$(basename "${f}")
355 # Now, we build the SALT states/pillars trees
356 # As we need to separate both states and pillars in case we want specific
357 # roles, we iterate on both at the same time
360 cat > ${S_DIR}/top.sls << EOFTSLS
367 cat > ${P_DIR}/top.sls << EOFPSLS
374 # States, extra states
375 if [ -d "${F_DIR}"/extra/extra ]; then
376 for f in $(ls "${F_DIR}"/extra/extra/*.sls); do
377 echo " - extra.$(basename ${f} | sed 's/.sls$//g')" >> ${S_DIR}/top.sls
381 # If we want specific roles for a node, just add the desired states
382 # and its dependencies
383 if [ -z "${ROLES}" ]; then
385 echo " - nginx.passenger" >> ${S_DIR}/top.sls
386 # Currently, only available on config_examples/multi_host/aws
387 if [ "x${USE_LETSENCRYPT}" = "xyes" ]; then
388 if [ "x${USE_LETSENCRYPT_IAM_USER}" = "xyes" ]; then
389 grep -q "aws_credentials" ${S_DIR}/top.sls || echo " - aws_credentials" >> ${S_DIR}/top.sls
391 grep -q "letsencrypt" ${S_DIR}/top.sls || echo " - letsencrypt" >> ${S_DIR}/top.sls
393 echo " - postgres" >> ${S_DIR}/top.sls
394 echo " - docker.software" >> ${S_DIR}/top.sls
395 echo " - arvados" >> ${S_DIR}/top.sls
398 echo " - docker" >> ${P_DIR}/top.sls
399 echo " - nginx_api_configuration" >> ${P_DIR}/top.sls
400 echo " - nginx_controller_configuration" >> ${P_DIR}/top.sls
401 echo " - nginx_keepproxy_configuration" >> ${P_DIR}/top.sls
402 echo " - nginx_keepweb_configuration" >> ${P_DIR}/top.sls
403 echo " - nginx_passenger" >> ${P_DIR}/top.sls
404 echo " - nginx_websocket_configuration" >> ${P_DIR}/top.sls
405 echo " - nginx_webshell_configuration" >> ${P_DIR}/top.sls
406 echo " - nginx_workbench2_configuration" >> ${P_DIR}/top.sls
407 echo " - nginx_workbench_configuration" >> ${P_DIR}/top.sls
408 echo " - postgresql" >> ${P_DIR}/top.sls
409 # Currently, only available on config_examples/multi_host/aws
410 if [ "x${USE_LETSENCRYPT}" = "xyes" ]; then
411 if [ "x${USE_LETSENCRYPT_IAM_USER}" = "xyes" ]; then
412 grep -q "aws_credentials" ${P_DIR}/top.sls || echo " - aws_credentials" >> ${P_DIR}/top.sls
414 grep -q "letsencrypt" ${P_DIR}/top.sls || echo " - letsencrypt" >> ${P_DIR}/top.sls
417 # If we add individual roles, make sure we add the repo first
418 echo " - arvados.repo" >> ${S_DIR}/top.sls
419 for R in ${ROLES}; do
423 echo " - postgres" >> ${S_DIR}/top.sls
425 echo ' - postgresql' >> ${P_DIR}/top.sls
429 # FIXME: https://dev.arvados.org/issues/17352
430 grep -q "postgres.client" ${S_DIR}/top.sls || echo " - postgres.client" >> ${S_DIR}/top.sls
431 grep -q "nginx.passenger" ${S_DIR}/top.sls || echo " - nginx.passenger" >> ${S_DIR}/top.sls
432 ### If we don't install and run LE before arvados-api-server, it fails and breaks everything
433 ### after it so we add this here, as we are, after all, sharing the host for api and controller
434 # Currently, only available on config_examples/multi_host/aws
435 if [ "x${USE_LETSENCRYPT}" = "xyes" ]; then
436 if [ "x${USE_LETSENCRYPT_IAM_USER}" = "xyes" ]; then
437 grep -q "aws_credentials" ${S_DIR}/top.sls || echo " - aws_credentials" >> ${S_DIR}/top.sls
439 grep -q "letsencrypt" ${S_DIR}/top.sls || echo " - letsencrypt" >> ${S_DIR}/top.sls
441 grep -q "arvados.${R}" ${S_DIR}/top.sls || echo " - arvados.${R}" >> ${S_DIR}/top.sls
443 grep -q "aws_credentials" ${P_DIR}/top.sls || echo " - aws_credentials" >> ${P_DIR}/top.sls
444 grep -q "docker" ${P_DIR}/top.sls || echo " - docker" >> ${P_DIR}/top.sls
445 grep -q "postgresql" ${P_DIR}/top.sls || echo " - postgresql" >> ${P_DIR}/top.sls
446 grep -q "nginx_passenger" ${P_DIR}/top.sls || echo " - nginx_passenger" >> ${P_DIR}/top.sls
447 grep -q "nginx_${R}_configuration" ${P_DIR}/top.sls || echo " - nginx_${R}_configuration" >> ${P_DIR}/top.sls
449 "controller" | "websocket" | "workbench" | "workbench2" | "webshell" | "keepweb" | "keepproxy")
451 grep -q "nginx.passenger" ${S_DIR}/top.sls || echo " - nginx.passenger" >> ${S_DIR}/top.sls
452 # Currently, only available on config_examples/multi_host/aws
453 if [ "x${USE_LETSENCRYPT}" = "xyes" ]; then
454 if [ "x${USE_LETSENCRYPT_IAM_USER}" = "xyes" ]; then
455 grep -q "aws_credentials" ${S_DIR}/top.sls || echo " - aws_credentials" >> ${S_DIR}/top.sls
457 grep -q "letsencrypt" ${S_DIR}/top.sls || echo " - letsencrypt" >> ${S_DIR}/top.sls
459 # webshell role is just a nginx vhost, so it has no state
460 if [ "${R}" != "webshell" ]; then
461 grep -q "arvados.${R}" ${S_DIR}/top.sls || echo " - arvados.${R}" >> ${S_DIR}/top.sls
464 grep -q "nginx_passenger" ${P_DIR}/top.sls || echo " - nginx_passenger" >> ${P_DIR}/top.sls
465 grep -q "nginx_${R}_configuration" ${P_DIR}/top.sls || echo " - nginx_${R}_configuration" >> ${P_DIR}/top.sls
466 # Currently, only available on config_examples/multi_host/aws
467 if [ "x${USE_LETSENCRYPT}" = "xyes" ]; then
468 if [ "x${USE_LETSENCRYPT_IAM_USER}" = "xyes" ]; then
469 grep -q "aws_credentials" ${P_DIR}/top.sls || echo " - aws_credentials" >> ${P_DIR}/top.sls
471 grep -q "letsencrypt" ${P_DIR}/top.sls || echo " - letsencrypt" >> ${P_DIR}/top.sls
472 grep -q "letsencrypt_${R}_configuration" ${P_DIR}/top.sls || echo " - letsencrypt_${R}_configuration" >> ${P_DIR}/top.sls
477 grep -q "docker" ${S_DIR}/top.sls || echo " - docker.software" >> ${S_DIR}/top.sls
478 grep -q "arvados.${R}" ${S_DIR}/top.sls || echo " - arvados.${R}" >> ${S_DIR}/top.sls
480 grep -q "" ${P_DIR}/top.sls || echo " - docker" >> ${P_DIR}/top.sls
484 grep -q "docker" ${S_DIR}/top.sls || echo " - docker.software" >> ${S_DIR}/top.sls
485 grep -q "arvados.${R}" ${S_DIR}/top.sls || echo " - arvados.${R}" >> ${S_DIR}/top.sls
487 # ATM, no specific pillar needed
491 grep -q "arvados.${R}" ${S_DIR}/top.sls || echo " - arvados.${R}" >> ${S_DIR}/top.sls
493 # ATM, no specific pillar needed
496 echo "Unknown role ${R}"
503 # FIXME! #16992 Temporary fix for psql call in arvados-api-server
504 if [ -e /root/.psqlrc ]; then
505 if ! ( grep 'pset pager off' /root/.psqlrc ); then
507 cp /root/.psqlrc /root/.psqlrc.provision.backup
513 echo '\pset pager off' >> /root/.psqlrc
514 # END FIXME! #16992 Temporary fix for psql call in arvados-api-server
516 # Now run the install
517 salt-call --local state.apply -l ${LOG_LEVEL}
519 # FIXME! #16992 Temporary fix for psql call in arvados-api-server
520 if [ "x${DELETE_PSQL}" = "xyes" ]; then
521 echo "Removing .psql file"
525 if [ "x${RESTORE_PSQL}" = "xyes" ]; then
526 echo "Restoring .psql file"
527 mv -v /root/.psqlrc.provision.backup /root/.psqlrc
529 # END FIXME! #16992 Temporary fix for psql call in arvados-api-server
531 # Leave a copy of the Arvados CA so the user can copy it where it's required
532 echo "Copying the Arvados CA certificate to the installer dir, so you can import it"
533 # If running in a vagrant VM, also add default user to docker group
534 if [ "x${VAGRANT}" = "xyes" ]; then
535 cp /etc/ssl/certs/arvados-snakeoil-ca.pem /vagrant/${CLUSTER}.${DOMAIN}-arvados-snakeoil-ca.pem
537 echo "Adding the vagrant user to the docker group"
538 usermod -a -G docker vagrant
540 cp /etc/ssl/certs/arvados-snakeoil-ca.pem ${SCRIPT_DIR}/${CLUSTER}.${DOMAIN}-arvados-snakeoil-ca.pem
543 # Test that the installation finished correctly
544 if [ "x${TEST}" = "xyes" ]; then
545 cd /tmp/cluster_tests