+ "monitoring")
+ ### Support files ###
+ GRAFANA_DASHBOARDS_DEST_DIR=/srv/salt/dashboards
+ mkdir -p "${GRAFANA_DASHBOARDS_DEST_DIR}"
+ rm -f "${GRAFANA_DASHBOARDS_DEST_DIR}"/*
+ # "ArvadosPromDataSource" is the hardcoded UID for Prometheus' datasource
+ # in Grafana.
+ for f in $(ls "${GRAFANA_DASHBOARDS_DIR}"/*.json); do
+ sed 's#${DS_PROMETHEUS}#ArvadosPromDataSource#g' \
+ "${f}" > "${GRAFANA_DASHBOARDS_DEST_DIR}"/$(basename "${f}")
+ done
+
+ ### States ###
+ grep -q "\- nginx$" ${STATES_TOP} || echo " - nginx" >> ${STATES_TOP}
+ grep -q "extra.nginx_prometheus_configuration" ${STATES_TOP} || echo " - extra.nginx_prometheus_configuration" >> ${STATES_TOP}
+
+ grep -q "\- grafana$" ${STATES_TOP} || echo " - grafana" >> ${STATES_TOP}
+ grep -q "extra.grafana_datasource" ${STATES_TOP} || echo " - extra.grafana_datasource" >> ${STATES_TOP}
+ grep -q "extra.grafana_dashboards" ${STATES_TOP} || echo " - extra.grafana_dashboards" >> ${STATES_TOP}
+ grep -q "extra.grafana_admin_user" ${STATES_TOP} || echo " - extra.grafana_admin_user" >> ${STATES_TOP}
+
+ if [ "${SSL_MODE}" = "lets-encrypt" ]; then
+ grep -q "letsencrypt" ${STATES_TOP} || echo " - letsencrypt" >> ${STATES_TOP}
+ if [ "x${USE_LETSENCRYPT_ROUTE53:-}" = "xyes" ]; then
+ grep -q "aws_credentials" ${STATES_TOP} || echo " - aws_credentials" >> ${STATES_TOP}
+ fi
+ elif [ "${SSL_MODE}" = "bring-your-own" ]; then
+ for SVC in grafana prometheus; do
+ copy_custom_cert ${CUSTOM_CERTS_DIR} ${SVC}
+ done
+ fi
+ ### Pillars ###
+ grep -q "prometheus_server" ${PILLARS_TOP} || echo " - prometheus_server" >> ${PILLARS_TOP}
+ grep -q "grafana" ${PILLARS_TOP} || echo " - grafana" >> ${PILLARS_TOP}
+ for SVC in grafana prometheus; do
+ grep -q "nginx_${SVC}_configuration" ${PILLARS_TOP} || echo " - nginx_${SVC}_configuration" >> ${PILLARS_TOP}
+ done
+ if [ "${SSL_MODE}" = "lets-encrypt" ]; then
+ grep -q "letsencrypt" ${PILLARS_TOP} || echo " - letsencrypt" >> ${PILLARS_TOP}
+ for SVC in grafana prometheus; do
+ grep -q "letsencrypt_${SVC}_configuration" ${PILLARS_TOP} || echo " - letsencrypt_${SVC}_configuration" >> ${PILLARS_TOP}
+ sed -i "s/__CERT_REQUIRES__/cmd: create-initial-cert-${SVC}.${DOMAIN}*/g;
+ s#__CERT_PEM__#/etc/letsencrypt/live/${SVC}.${DOMAIN}/fullchain.pem#g;
+ s#__CERT_KEY__#/etc/letsencrypt/live/${SVC}.${DOMAIN}/privkey.pem#g" \
+ ${P_DIR}/nginx_${SVC}_configuration.sls
+ done
+ if [ "${USE_LETSENCRYPT_ROUTE53}" = "yes" ]; then
+ grep -q "aws_credentials" ${PILLARS_TOP} || echo " - aws_credentials" >> ${PILLARS_TOP}
+ fi
+ elif [ "${SSL_MODE}" = "bring-your-own" ]; then
+ grep -q "ssl_key_encrypted" ${PILLARS_TOP} || echo " - ssl_key_encrypted" >> ${PILLARS_TOP}
+ for SVC in grafana prometheus; do
+ sed -i "s/__CERT_REQUIRES__/file: extra_custom_certs_${SVC}_cert_file_copy/g;
+ s#__CERT_PEM__#/etc/nginx/ssl/arvados-${SVC}.pem#g;
+ s#__CERT_KEY__#/etc/nginx/ssl/arvados-${SVC}.key#g" \
+ ${P_DIR}/nginx_${SVC}_configuration.sls
+ grep -q ${SVC} ${P_DIR}/extra_custom_certs.sls || echo " - ${SVC}" >> ${P_DIR}/extra_custom_certs.sls
+ done
+ fi
+ ;;
+ "balancer")
+ ### States ###
+ grep -q "\- nginx$" ${STATES_TOP} || echo " - nginx" >> ${STATES_TOP}
+
+ if [ "${SSL_MODE}" = "lets-encrypt" ]; then
+ grep -q "letsencrypt" ${STATES_TOP} || echo " - letsencrypt" >> ${STATES_TOP}
+ if [ "x${USE_LETSENCRYPT_ROUTE53:-}" = "xyes" ]; then
+ grep -q "aws_credentials" ${STATES_TOP} || echo " - aws_credentials" >> ${STATES_TOP}
+ fi
+ elif [ "${SSL_MODE}" = "bring-your-own" ]; then
+ copy_custom_cert ${CUSTOM_CERTS_DIR} ${R}
+ fi
+
+ ### Pillars ###
+ grep -q "nginx_${R}_configuration" ${PILLARS_TOP} || echo " - nginx_${R}_configuration" >> ${PILLARS_TOP}
+
+ if [ "${SSL_MODE}" = "lets-encrypt" ]; then
+ grep -q "letsencrypt" ${PILLARS_TOP} || echo " - letsencrypt" >> ${PILLARS_TOP}
+
+ grep -q "letsencrypt_${R}_configuration" ${PILLARS_TOP} || echo " - letsencrypt_${R}_configuration" >> ${PILLARS_TOP}
+ sed -i "s/__CERT_REQUIRES__/cmd: create-initial-cert-${ROLE2NODES['balancer']}*/g;
+ s#__CERT_PEM__#/etc/letsencrypt/live/${ROLE2NODES['balancer']}/fullchain.pem#g;
+ s#__CERT_KEY__#/etc/letsencrypt/live/${ROLE2NODES['balancer']}/privkey.pem#g" \
+ ${P_DIR}/nginx_${R}_configuration.sls
+
+ if [ "${USE_LETSENCRYPT_ROUTE53}" = "yes" ]; then
+ grep -q "aws_credentials" ${PILLARS_TOP} || echo " - aws_credentials" >> ${PILLARS_TOP}
+ fi
+ elif [ "${SSL_MODE}" = "bring-your-own" ]; then
+ grep -q "ssl_key_encrypted" ${PILLARS_TOP} || echo " - ssl_key_encrypted" >> ${PILLARS_TOP}
+ sed -i "s/__CERT_REQUIRES__/file: extra_custom_certs_${R}_cert_file_copy/g;
+ s#__CERT_PEM__#/etc/nginx/ssl/arvados-${R}.pem#g;
+ s#__CERT_KEY__#/etc/nginx/ssl/arvados-${R}.key#g" \
+ ${P_DIR}/nginx_${R}_configuration.sls
+ grep -q "${R}" ${P_DIR}/extra_custom_certs.sls || echo " - ${R}" >> ${P_DIR}/extra_custom_certs.sls
+ fi
+ ;;
+ "controller")
+ ### States ###
+ grep -q " - logrotate" ${STATES_TOP} || echo " - logrotate" >> ${STATES_TOP}
+ if grep -q " - nginx.*$" ${STATES_TOP}; then
+ sed -i s/"^ - nginx.*$"/" - nginx.passenger"/g ${STATES_TOP}
+ else
+ echo " - nginx.passenger" >> ${STATES_TOP}
+ fi
+ echo " - extra.passenger_rvm" >> ${STATES_TOP}
+ grep -q "^ - postgres\\.client$" ${STATES_TOP} || echo " - postgres.client" >> ${STATES_TOP}
+