projects / arvados.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
20482: Makes installer.sh compatible with older (Ubuntu 18.04) git versions.
[arvados.git] / tools / salt-install / installer.sh
diff --git a/tools/salt-install/installer.sh b/tools/salt-install/installer.sh
index 0cb4b6e09e9c57ca8131dafa2a7e8d45e990cc3d..5a55e337da3248e22c335f5ac7d9be3e020d9ae6 100755 (executable)
--- a/tools/salt-install/installer.sh
+++ b/tools/salt-install/installer.sh
@@ -43,6 +43,10 @@ declare DEPLOY_USER
 # This will be populated by loadconfig()
 declare GITTARGET
 
 # This will be populated by loadconfig()
 declare GITTARGET
 
+# The public host used as an SSH jump host
+# This will be populated by loadconfig()
+declare USE_SSH_JUMPHOST
+
 checktools() {
     local MISSING=''
     for a in git ip ; do
 checktools() {
     local MISSING=''
     for a in git ip ; do
@@ -64,31 +68,33 @@ sync() {
     # each node, pushing our branch, and updating the checkout.
 
     if [[ "$NODE" != localhost ]] ; then
     # each node, pushing our branch, and updating the checkout.
 
     if [[ "$NODE" != localhost ]] ; then
-       if ! ssh $DEPLOY_USER@$NODE test -d ${GITTARGET}.git ; then
-
-           # Initialize the git repository (1st time case).  We're
-           # actually going to make two repositories here because git
-           # will complain if you try to push to a repository with a
-           # checkout. So we're going to create a "bare" repository
-           # and then clone a regular repository (with a checkout)
-           # from that.
-
-           ssh $DEPLOY_USER@$NODE git init --bare ${GITTARGET}.git
-           if ! git remote add $NODE $DEPLOY_USER@$NODE:${GITTARGET}.git ; then
-                       git remote set-url $NODE $DEPLOY_USER@$NODE:${GITTARGET}.git
-           fi
-           git push $NODE $BRANCH
-           ssh $DEPLOY_USER@$NODE git clone ${GITTARGET}.git ${GITTARGET}
-       fi
+               SSH=`ssh_cmd "$NODE"`
+               GIT="eval `git_cmd $NODE`"
+               if ! $SSH $DEPLOY_USER@$NODE test -d ${GITTARGET}.git ; then
+
+                       # Initialize the git repository (1st time case).  We're
+                       # actually going to make two repositories here because git
+                       # will complain if you try to push to a repository with a
+                       # checkout. So we're going to create a "bare" repository
+                       # and then clone a regular repository (with a checkout)
+                       # from that.
+
+                       $SSH $DEPLOY_USER@$NODE git init --bare --shared=0600 ${GITTARGET}.git
+                       if ! $GIT remote add $NODE $DEPLOY_USER@$NODE:${GITTARGET}.git ; then
+                               $GIT remote set-url $NODE $DEPLOY_USER@$NODE:${GITTARGET}.git
+                       fi
+                       $GIT push $NODE $BRANCH
+                       $SSH $DEPLOY_USER@$NODE "umask 0077 && git clone ${GITTARGET}.git ${GITTARGET}"
+               fi
 
 
-       # The update case.
-       #
-       # Push to the bare repository on the remote node, then in the
-       # remote node repository with the checkout, pull the branch
-       # from the bare repository.
+               # The update case.
+               #
+               # Push to the bare repository on the remote node, then in the
+               # remote node repository with the checkout, pull the branch
+               # from the bare repository.
 
 
-       git push $NODE $BRANCH
-       ssh $DEPLOY_USER@$NODE "git -C ${GITTARGET} checkout ${BRANCH} && git -C ${GITTARGET} pull"
+               $GIT push $NODE $BRANCH
+               $SSH $DEPLOY_USER@$NODE "git -C ${GITTARGET} checkout ${BRANCH} && git -C ${GITTARGET} pull"
     fi
 }
 
     fi
 }
 
@@ -100,32 +106,47 @@ deploynode() {
     # the appropriate roles.
 
     if [[ -z "$ROLES" ]] ; then
     # the appropriate roles.
 
     if [[ -z "$ROLES" ]] ; then
-       echo "No roles specified for $NODE, will deploy all roles"
+               echo "No roles specified for $NODE, will deploy all roles"
     else
     else
-       ROLES="--roles ${ROLES}"
+               ROLES="--roles ${ROLES}"
     fi
 
     logfile=deploy-${NODE}-$(date -Iseconds).log
     fi
 
     logfile=deploy-${NODE}-$(date -Iseconds).log
+       SSH=`ssh_cmd "$NODE"`
 
     if [[ "$NODE" = localhost ]] ; then
 
     if [[ "$NODE" = localhost ]] ; then
-       SUDO=''
-       if [[ $(whoami) != 'root' ]] ; then
-           SUDO=sudo
-       fi
-       $SUDO ./provision.sh --config ${CONFIG_FILE} ${ROLES} 2>&1 | tee $logfile
-    else
-       ssh $DEPLOY_USER@$NODE "cd ${GITTARGET} && sudo ./provision.sh --config ${CONFIG_FILE} ${ROLES}" 2>&1 | tee $logfile
+           SUDO=''
+               if [[ $(whoami) != 'root' ]] ; then
+                       SUDO=sudo
+               fi
+               $SUDO ./provision.sh --config ${CONFIG_FILE} ${ROLES} 2>&1 | tee $logfile
+       else
+               $SSH $DEPLOY_USER@$NODE "cd ${GITTARGET} && sudo ./provision.sh --config ${CONFIG_FILE} ${ROLES}" 2>&1 | tee $logfile
     fi
 }
 
 loadconfig() {
     if [[ ! -s $CONFIG_FILE ]] ; then
     fi
 }
 
 loadconfig() {
     if [[ ! -s $CONFIG_FILE ]] ; then
-       echo "Must be run from initialized setup dir, maybe you need to 'initialize' first?"
+               echo "Must be run from initialized setup dir, maybe you need to 'initialize' first?"
     fi
     source ${CONFIG_FILE}
     GITTARGET=arvados-deploy-config-${CLUSTER}
 }
 
     fi
     source ${CONFIG_FILE}
     GITTARGET=arvados-deploy-config-${CLUSTER}
 }
 
+ssh_cmd() {
+       local NODE=$1
+       if [ -z "${USE_SSH_JUMPHOST}" -o "${NODE}" == "${USE_SSH_JUMPHOST}" -o "${NODE}" == "localhost" ]; then
+               echo "ssh"
+       else
+               echo "ssh -J ${DEPLOY_USER}@${USE_SSH_JUMPHOST}"
+       fi
+}
+
+git_cmd() {
+       local NODE=$1
+       echo "GIT_SSH_COMMAND=\"`ssh_cmd ${NODE}`\" git"
+}
+
 set +u
 subcmd="$1"
 set -u
 set +u
 subcmd="$1"
 set -u
@@ -172,7 +193,7 @@ case "$subcmd" in
        fi
 
        echo "Initializing $SETUPDIR"
        fi
 
        echo "Initializing $SETUPDIR"
-       git init $SETUPDIR
+       git init --shared=0600 $SETUPDIR
        cp -r *.sh tests $SETUPDIR
 
        cp local.params.example.$PARAMS $SETUPDIR/${CONFIG_FILE}
        cp -r *.sh tests $SETUPDIR
 
        cp local.params.example.$PARAMS $SETUPDIR/${CONFIG_FILE}
@@ -185,6 +206,12 @@ case "$subcmd" in
 
        cd $SETUPDIR
        echo '*.log' > .gitignore
 
        cd $SETUPDIR
        echo '*.log' > .gitignore
+       echo '**/.terraform' >> .gitignore
+       echo '**/.infracost' >> .gitignore
+
+       if [[ -n "$TERRAFORM" ]] ; then
+               git add terraform
+       fi
 
        git add *.sh ${CONFIG_FILE} ${CONFIG_DIR} tests .gitignore
        git commit -m"initial commit"
 
        git add *.sh ${CONFIG_FILE} ${CONFIG_DIR} tests .gitignore
        git commit -m"initial commit"
@@ -203,12 +230,19 @@ case "$subcmd" in
 
     terraform)
        logfile=terraform-$(date -Iseconds).log
 
     terraform)
        logfile=terraform-$(date -Iseconds).log
-       (cd terraform/vpc && terraform apply) 2>&1 | tee -a $logfile
-       (cd terraform/data-storage && terraform apply) 2>&1 | tee -a $logfile
-       (cd terraform/services && terraform apply) 2>&1 | grep -v letsencrypt_iam_secret_access_key | tee -a $logfile
+       (cd terraform/vpc && terraform apply -auto-approve) 2>&1 | tee -a $logfile
+       (cd terraform/data-storage && terraform apply -auto-approve) 2>&1 | tee -a $logfile
+       (cd terraform/services && terraform apply -auto-approve) 2>&1 | grep -v letsencrypt_iam_secret_access_key | tee -a $logfile
        (cd terraform/services && echo -n 'letsencrypt_iam_secret_access_key = ' && terraform output letsencrypt_iam_secret_access_key) 2>&1 | tee -a $logfile
        ;;
 
        (cd terraform/services && echo -n 'letsencrypt_iam_secret_access_key = ' && terraform output letsencrypt_iam_secret_access_key) 2>&1 | tee -a $logfile
        ;;
 
+    terraform-destroy)
+       logfile=terraform-$(date -Iseconds).log
+       (cd terraform/services && terraform destroy) 2>&1 | tee -a $logfile
+       (cd terraform/data-storage && terraform destroy) 2>&1 | tee -a $logfile
+       (cd terraform/vpc && terraform destroy) 2>&1 | tee -a $logfile
+       ;;
+
     generate-tokens)
        for i in BLOB_SIGNING_KEY MANAGEMENT_TOKEN SYSTEM_ROOT_TOKEN ANONYMOUS_USER_TOKEN WORKBENCH_SECRET_KEY DATABASE_PASSWORD; do
            echo ${i}=$(tr -dc A-Za-z0-9 </dev/urandom | head -c 32 ; echo '')
     generate-tokens)
        for i in BLOB_SIGNING_KEY MANAGEMENT_TOKEN SYSTEM_ROOT_TOKEN ANONYMOUS_USER_TOKEN WORKBENCH_SECRET_KEY DATABASE_PASSWORD; do
            echo ${i}=$(tr -dc A-Za-z0-9 </dev/urandom | head -c 32 ; echo '')
@@ -230,7 +264,7 @@ case "$subcmd" in
            exit 1
        fi
 
            exit 1
        fi
 
-       BRANCH=$(git branch --show-current)
+       BRANCH=$(git rev-parse --abbrev-ref HEAD)
 
        set -x
 
 
        set -x
 
@@ -275,7 +309,7 @@ case "$subcmd" in
        else
            # Just deploy the node that was supplied on the command line.
            sync $NODE $BRANCH
        else
            # Just deploy the node that was supplied on the command line.
            sync $NODE $BRANCH
-           deploynode $NODE ""
+           deploynode $NODE "${NODES[$NODE]}"
        fi
 
        set +x
        fi
 
        set +x
@@ -315,6 +349,7 @@ case "$subcmd" in
        echo ""
        echo "initialize        initialize the setup directory for configuration"
        echo "terraform         create cloud resources using terraform"
        echo ""
        echo "initialize        initialize the setup directory for configuration"
        echo "terraform         create cloud resources using terraform"
+       echo "terraform-destroy destroy cloud resources created by terraform"
        echo "generate-tokens   generate random values for tokens"
        echo "deploy            deploy the configuration from the setup directory"
        echo "diagnostics       check your install using diagnostics"
        echo "generate-tokens   generate random values for tokens"
        echo "deploy            deploy the configuration from the setup directory"
        echo "diagnostics       check your install using diagnostics"