3 # Copyright (C) The Arvados Authors. All rights reserved.
5 # SPDX-License-Identifier: CC-BY-SA-3.0
7 # If you want to test arvados in a single host, you can run this script, which
8 # will install it using salt masterless
9 # This script is run by the Vagrant file when you run it with
15 # capture the directory that the script is running from
16 SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
20 echo >&2 "Usage: ${0} [-h] [-h]"
22 echo >&2 "${0} options:"
23 echo >&2 " -d, --debug Run salt installation in debug mode"
24 echo >&2 " -p <N>, --ssl-port <N> SSL port to use for the web applications"
25 echo >&2 " -c <local.params>, --config <local.params> Path to the local.params config file"
26 echo >&2 " -t, --test Test installation running a CWL workflow"
27 echo >&2 " -r, --roles List of Arvados roles to apply to the host, comma separated"
28 echo >&2 " Possible values are:"
30 echo >&2 " controller"
34 echo >&2 " workbench2"
38 echo >&2 " dispatcher"
39 echo >&2 " Defaults to applying them all"
40 echo >&2 " -h, --help Display this help and exit"
41 echo >&2 " -v, --vagrant Run in vagrant and use the /vagrant shared dir"
46 # NOTE: This requires GNU getopt (part of the util-linux package on Debian-based distros).
47 TEMP=$(getopt -o c:dhp:r:tv \
48 --long config:,debug,help,ssl-port:,roles:,test,vagrant \
51 if [ ${?} != 0 ] ; then echo "GNU getopt missing? Use -h for help"; exit 1 ; fi
52 # Note the quotes around `$TEMP': they are essential!
55 while [ ${#} -ge 1 ]; do
72 # Verify the role exists
73 if [[ ! "api,controller,keepstore,websocket,keepweb,workbench2,keepproxy,shell,workbench,dispatcher" == *"$i"* ]]; then
74 echo "The role '${i}' is not a valid role"
102 CONFIG="${SCRIPT_DIR}/local.params"
103 CONFIG_DIR="config_examples/single_host/multiple_hostnames"
111 HOSTNAME_INT="127.0.1.1"
113 INITIAL_USER_EMAIL=""
114 INITIAL_USER_PASSWORD=""
116 CONTROLLER_EXT_SSL_PORT=8000
117 KEEP_EXT_SSL_PORT=25101
118 # Both for collections and downloads
119 KEEPWEB_EXT_SSL_PORT=9002
120 WEBSHELL_EXT_SSL_PORT=4202
121 WEBSOCKET_EXT_SSL_PORT=8002
122 WORKBENCH1_EXT_SSL_PORT=443
123 WORKBENCH2_EXT_SSL_PORT=3001
128 POSTGRES_TAG="v0.41.3"
135 if [ -s ${CONFIG} ]; then
138 echo >&2 "Please create a '${CONFIG}' file with initial values, as described in FIXME_URL_TO_DESCR"
146 F_DIR="/srv/formulas"
151 apt-get install -y curl git jq
153 dpkg -l |grep salt-minion
154 if [ ${?} -eq 0 ]; then
155 echo "Salt already installed"
157 curl -L https://bootstrap.saltstack.com -o /tmp/bootstrap_salt.sh
158 sh /tmp/bootstrap_salt.sh -XUdfP -x python3
159 /bin/systemctl disable salt-minion.service
162 # Set salt to masterless mode
163 cat > /etc/salt/minion << EOFSM
169 - ${F_DIR}/*/test/salt/states/examples
176 mkdir -p ${S_DIR} ${F_DIR} ${P_DIR}
179 cat > ${S_DIR}/top.sls << EOFTSLS
182 - single_host.host_entries
183 - single_host.snakeoil_certs
190 # If we want specific roles for a node, just add those states
191 if [ -z "${ROLES}" ]; then
192 echo ' - arvados' >> ${S_DIR}/top.sls
194 for R in ${ROLES}; do
195 echo " - arvados.${R}" >> ${S_DIR}/top.sls
200 cat > ${P_DIR}/top.sls << EOFPSLS
206 - nginx_api_configuration
207 - nginx_controller_configuration
208 - nginx_keepproxy_configuration
209 - nginx_keepweb_configuration
211 - nginx_websocket_configuration
212 - nginx_webshell_configuration
213 - nginx_workbench2_configuration
214 - nginx_workbench_configuration
218 # Get the formula and dependencies
219 cd ${F_DIR} || exit 1
220 git clone --branch "${ARVADOS_TAG}" https://github.com/arvados/arvados-formula.git
221 git clone --branch "${DOCKER_TAG}" https://github.com/saltstack-formulas/docker-formula.git
222 git clone --branch "${LOCALE_TAG}" https://github.com/saltstack-formulas/locale-formula.git
223 git clone --branch "${NGINX_TAG}" https://github.com/saltstack-formulas/nginx-formula.git
224 git clone --branch "${POSTGRES_TAG}" https://github.com/saltstack-formulas/postgres-formula.git
226 if [ "x${BRANCH}" != "x" ]; then
227 cd ${F_DIR}/arvados-formula || exit 1
228 git checkout -t origin/"${BRANCH}"
232 if [ "x${VAGRANT}" = "xyes" ]; then
233 SOURCE_PILLARS_DIR="/vagrant/${CONFIG_DIR}/pillars"
234 SOURCE_STATES_DIR="/vagrant/${CONFIG_DIR}/states"
235 TESTS_DIR="/vagrant/${TESTS_DIR}"
237 SOURCE_PILLARS_DIR="${SCRIPT_DIR}/${CONFIG_DIR}/pillars"
238 SOURCE_STATES_DIR="${SCRIPT_DIR}/${CONFIG_DIR}/states"
239 TESTS_DIR="${SCRIPT_DIR}/${TESTS_DIR}"
242 # Replace cluster and domain name in the example pillars
243 for f in "${SOURCE_PILLARS_DIR}"/*; do
244 sed "s/__CLUSTER__/${CLUSTER}/g;
245 s/__DOMAIN__/${DOMAIN}/g;
246 s/__RELEASE__/${RELEASE}/g;
247 s/__CONTROLLER_EXT_SSL_PORT__/${CONTROLLER_EXT_SSL_PORT}/g;
248 s/__KEEP_EXT_SSL_PORT__/${KEEP_EXT_SSL_PORT}/g;
249 s/__WEBSHELL_EXT_SSL_PORT__/${WEBSHELL_EXT_SSL_PORT}/g;
250 s/__WORKBENCH1_EXT_SSL_PORT__/${WORKBENCH1_EXT_SSL_PORT}/g;
251 s/__WORKBENCH2_EXT_SSL_PORT__/${WORKBENCH2_EXT_SSL_PORT}/g;
252 s/__WEBSOCKET_EXT_SSL_PORT__/${WEBSOCKET_EXT_SSL_PORT}/g;
253 s/__HOSTNAME_EXT__/${HOSTNAME_EXT}/g;
254 s/__HOSTNAME_INT__/${HOSTNAME_INT}/g;
255 s/__KEEPWEB_EXT_SSL_PORT__/${KEEPWEB_EXT_SSL_PORT}/g;
256 s/__HOST_SSL_PORT__/${HOST_SSL_PORT}/g;
257 s/__INITIAL_USER__/${INITIAL_USER}/g;
258 s/__INITIAL_USER_EMAIL__/${INITIAL_USER_EMAIL}/g;
259 s/__INITIAL_USER_PASSWORD__/${INITIAL_USER_PASSWORD}/g;
260 s/__BLOB_SIGNING_KEY__/${BLOB_SIGNING_KEY}/g;
261 s/__MANAGEMENT_TOKEN__/${MANAGEMENT_TOKEN}/g;
262 s/__SYSTEM_ROOT_TOKEN__/${SYSTEM_ROOT_TOKEN}/g;
263 s/__RAILS_SECRET_TOKEN__/${RAILS_SECRET_TOKEN}/g;
264 s/__ANONYMOUS_USER_TOKEN__/${ANONYMOUS_USER_TOKEN}/g;
265 s/__WORKBENCH_SECRET_KEY__/${WORKBENCH_SECRET_KEY}/g;
266 s/__VERSION__/${VERSION}/g" \
267 "${f}" > "${P_DIR}"/$(basename "${f}")
270 mkdir -p /tmp/cluster_tests
271 # Replace cluster and domain name in the test files
272 for f in "${TESTS_DIR}"/*; do
273 sed "s/__CLUSTER__/${CLUSTER}/g;
274 s/__DOMAIN__/${DOMAIN}/g;
275 s/__HOSTNAME_INT__/${HOSTNAME_INT}/g;
276 s/__HOST_SSL_PORT__/${HOST_SSL_PORT}/g;
277 s/__CONTROLLER_EXT_SSL_PORT__/${CONTROLLER_EXT_SSL_PORT}/g;
278 s/__SYSTEM_ROOT_TOKEN__/${SYSTEM_ROOT_TOKEN}/g;
279 s/__INITIAL_USER__/${INITIAL_USER}/g;
280 s/__INITIAL_USER_EMAIL__/${INITIAL_USER_EMAIL}/g;
281 s/__INITIAL_USER_PASSWORD__/${INITIAL_USER_PASSWORD}/g" \
282 ${f} > /tmp/cluster_tests/$(basename ${f})
284 chmod 755 /tmp/cluster_tests/run-test.sh
286 # Replace helper state files that differ from the formula's examples
287 for f in "${SOURCE_STATES_DIR}"/*; do
288 sed "s/__CLUSTER__/${CLUSTER}/g;
289 s/__DOMAIN__/${DOMAIN}/g;
290 s/__RELEASE__/${RELEASE}/g;
291 s/__CONTROLLER_EXT_SSL_PORT__/${CONTROLLER_EXT_SSL_PORT}/g;
292 s/__KEEP_EXT_SSL_PORT__/${KEEP_EXT_SSL_PORT}/g;
293 s/__WEBSHELL_EXT_SSL_PORT__/${WEBSHELL_EXT_SSL_PORT}/g;
294 s/__WORKBENCH1_EXT_SSL_PORT__/${WORKBENCH1_EXT_SSL_PORT}/g;
295 s/__WORKBENCH2_EXT_SSL_PORT__/${WORKBENCH2_EXT_SSL_PORT}/g;
296 s/__WEBSOCKET_EXT_SSL_PORT__/${WEBSOCKET_EXT_SSL_PORT}/g;
297 s/__HOSTNAME_EXT__/${HOSTNAME_EXT}/g;
298 s/__HOSTNAME_INT__/${HOSTNAME_INT}/g;
299 s/__KEEPWEB_EXT_SSL_PORT__/${KEEPWEB_EXT_SSL_PORT}/g;
300 s/__HOST_SSL_PORT__/${HOST_SSL_PORT}/g;
301 s/__INITIAL_USER__/${INITIAL_USER}/g;
302 s/__INITIAL_USER_EMAIL__/${INITIAL_USER_EMAIL}/g;
303 s/__INITIAL_USER_PASSWORD__/${INITIAL_USER_PASSWORD}/g;
304 s/__BLOB_SIGNING_KEY__/${BLOB_SIGNING_KEY}/g;
305 s/__MANAGEMENT_TOKEN__/${MANAGEMENT_TOKEN}/g;
306 s/__SYSTEM_ROOT_TOKEN__/${SYSTEM_ROOT_TOKEN}/g;
307 s/__RAILS_SECRET_TOKEN__/${RAILS_SECRET_TOKEN}/g;
308 s/__ANONYMOUS_USER_TOKEN__/${ANONYMOUS_USER_TOKEN}/g;
309 s/__WORKBENCH_SECRET_KEY__/${WORKBENCH_SECRET_KEY}/g;
310 s/__VERSION__/${VERSION}/g" \
311 "${f}" > "${F_DIR}"/arvados-formula/test/salt/states/examples/single_host/$(basename "${f}")
314 # FIXME! #16992 Temporary fix for psql call in arvados-api-server
315 if [ -e /root/.psqlrc ]; then
316 if ! ( grep 'pset pager off' /root/.psqlrc ); then
318 cp /root/.psqlrc /root/.psqlrc.provision.backup
324 echo '\pset pager off' >> /root/.psqlrc
325 # END FIXME! #16992 Temporary fix for psql call in arvados-api-server
327 # Now run the install
328 salt-call --local state.apply -l ${LOG_LEVEL}
330 # FIXME! #16992 Temporary fix for psql call in arvados-api-server
331 if [ "x${DELETE_PSQL}" = "xyes" ]; then
332 echo "Removing .psql file"
336 if [ "x${RESTORE_PSQL}" = "xyes" ]; then
337 echo "Restoring .psql file"
338 mv -v /root/.psqlrc.provision.backup /root/.psqlrc
340 # END FIXME! #16992 Temporary fix for psql call in arvados-api-server
342 # Leave a copy of the Arvados CA so the user can copy it where it's required
343 echo "Copying the Arvados CA certificate to the installer dir, so you can import it"
344 # If running in a vagrant VM, also add default user to docker group
345 if [ "x${VAGRANT}" = "xyes" ]; then
346 cp /etc/ssl/certs/arvados-snakeoil-ca.pem /vagrant
348 echo "Adding the vagrant user to the docker group"
349 usermod -a -G docker vagrant
351 cp /etc/ssl/certs/arvados-snakeoil-ca.pem ${SCRIPT_DIR}
354 # Test that the installation finished correctly
355 if [ "x${TEST}" = "xyes" ]; then
356 cd /tmp/cluster_tests