#
set -eu
+set -o pipefail
# The parameter file
declare CONFIG_FILE=local.params
# and then clone a regular repository (with a checkout)
# from that.
- ssh $DEPLOY_USER@$NODE git init --bare ${GITTARGET}.git
+ ssh $DEPLOY_USER@$NODE git init --bare --shared=0600 ${GITTARGET}.git
if ! git remote add $NODE $DEPLOY_USER@$NODE:${GITTARGET}.git ; then
git remote set-url $NODE $DEPLOY_USER@$NODE:${GITTARGET}.git
fi
git push $NODE $BRANCH
- ssh $DEPLOY_USER@$NODE git clone ${GITTARGET}.git ${GITTARGET}
+ ssh $DEPLOY_USER@$NODE "umask 0077 && git clone ${GITTARGET}.git ${GITTARGET}"
fi
# The update case.
logfile=deploy-${NODE}-$(date -Iseconds).log
if [[ "$NODE" = localhost ]] ; then
- SUDO=''
+ SUDO=''
if [[ $(whoami) != 'root' ]] ; then
SUDO=sudo
fi
SETUPDIR=$1
PARAMS=$2
SLS=$3
+ TERRAFORM=$4
set -u
err=
fi
echo "Initializing $SETUPDIR"
- git init $SETUPDIR
+ git init --shared=0600 $SETUPDIR
cp -r *.sh tests $SETUPDIR
cp local.params.example.$PARAMS $SETUPDIR/${CONFIG_FILE}
cp -r config_examples/$SLS $SETUPDIR/${CONFIG_DIR}
+ if [[ -n "$TERRAFORM" ]] ; then
+ mkdir $SETUPDIR/terraform
+ cp -r $TERRAFORM/* $SETUPDIR/terraform/
+ fi
+
cd $SETUPDIR
echo '*.log' > .gitignore
git add *.sh ${CONFIG_FILE} ${CONFIG_DIR} tests .gitignore
git commit -m"initial commit"
- echo "setup directory initialized, now go to $SETUPDIR, edit '${CONFIG_FILE}' and '${CONFIG_DIR}' as needed, then run 'installer.sh deploy'"
+ echo
+ echo "Setup directory $SETUPDIR initialized."
+ if [[ -n "$TERRAFORM" ]] ; then
+ (cd $SETUPDIR/terraform/vpc && terraform init)
+ (cd $SETUPDIR/terraform/data-storage && terraform init)
+ (cd $SETUPDIR/terraform/services && terraform init)
+ echo "Now go to $SETUPDIR, customize 'terraform/vpc/terraform.tfvars' as needed, then run 'installer.sh terraform'"
+ else
+ echo "Now go to $SETUPDIR, customize '${CONFIG_FILE}' and '${CONFIG_DIR}' as needed, then run 'installer.sh deploy'"
+ fi
+ ;;
+
+ terraform)
+ logfile=terraform-$(date -Iseconds).log
+ (cd terraform/vpc && terraform apply) 2>&1 | tee -a $logfile
+ (cd terraform/data-storage && terraform apply) 2>&1 | tee -a $logfile
+ (cd terraform/services && terraform apply) 2>&1 | grep -v letsencrypt_iam_secret_access_key | tee -a $logfile
+ (cd terraform/services && echo -n 'letsencrypt_iam_secret_access_key = ' && terraform output letsencrypt_iam_secret_access_key) 2>&1 | tee -a $logfile
+ ;;
+
+ generate-tokens)
+ for i in BLOB_SIGNING_KEY MANAGEMENT_TOKEN SYSTEM_ROOT_TOKEN ANONYMOUS_USER_TOKEN WORKBENCH_SECRET_KEY DATABASE_PASSWORD; do
+ echo ${i}=$(tr -dc A-Za-z0-9 </dev/urandom | head -c 32 ; echo '')
+ done
;;
+
deploy)
set +u
NODE=$1
echo "Completed deploy, run 'installer.sh diagnostics' to verify the install"
;;
+
diagnostics)
loadconfig
arvados-client diagnostics $LOCATION
;;
+
*)
echo "Arvados installer"
echo ""
- echo "initialize initialize the setup directory for configuration"
- echo "deploy deploy the configuration from the setup directory"
- echo "diagnostics check your install using diagnostics"
+ echo "initialize initialize the setup directory for configuration"
+ echo "terraform create cloud resources using terraform"
+ echo "generate-tokens generate random values for tokens"
+ echo "deploy deploy the configuration from the setup directory"
+ echo "diagnostics check your install using diagnostics"
;;
esac