X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/12ae5bb1f2169c130693e02f6cd745e1a80e4cab..e640f5fc23f320839a60e80179c013e5b9df711e:/lib/install/init.go

diff --git a/lib/install/init.go b/lib/install/init.go
index 80fa35cc48..d9b74f6a06 100644
--- a/lib/install/init.go
+++ b/lib/install/init.go
@@ -38,19 +38,26 @@ import (
 var InitCommand cmd.Handler = &initCommand{}
 
 type initCommand struct {
-	ClusterID          string
-	Domain             string
-	PostgreSQLPassword string
-	Login              string
-	TLS                string
-	AdminEmail         string
-	Start              bool
+	ClusterID  string
+	Domain     string
+	CreateDB   bool
+	Login      string
+	TLS        string
+	AdminEmail string
+	Start      bool
 
+	PostgreSQL struct {
+		Host     string
+		User     string
+		Password string
+		DB       string
+	}
 	LoginPAM                bool
 	LoginTest               bool
 	LoginGoogle             bool
 	LoginGoogleClientID     string
 	LoginGoogleClientSecret string
+	TLSDir                  string
 }
 
 func (initcmd *initCommand) RunCommand(prog string, args []string, stdin io.Reader, stdout, stderr io.Writer) int {
@@ -76,10 +83,11 @@ func (initcmd *initCommand) RunCommand(prog string, args []string, stdin io.Read
 	flags.SetOutput(stderr)
 	versionFlag := flags.Bool("version", false, "Write version information to stdout and exit 0")
 	flags.StringVar(&initcmd.ClusterID, "cluster-id", "", "cluster `id`, like x1234 for a dev cluster")
+	flags.BoolVar(&initcmd.CreateDB, "create-db", true, "create an 'arvados' postgresql role and database using 'sudo -u postgres psql ...' (if false, use existing database specified by POSTGRES_HOST, POSTGRES_USER, POSTGRES_PASSWORD, and POSTGRES_DB env vars, and assume 'CREATE EXTENSION IF NOT EXISTS pg_trgm' has already been done)")
 	flags.StringVar(&initcmd.Domain, "domain", hostname, "cluster public DNS `name`, like x1234.arvadosapi.com")
 	flags.StringVar(&initcmd.Login, "login", "", "login `backend`: test, pam, 'google {client-id} {client-secret}', or ''")
 	flags.StringVar(&initcmd.AdminEmail, "admin-email", "", "give admin privileges to user with given `email`")
-	flags.StringVar(&initcmd.TLS, "tls", "none", "tls certificate `source`: acme, auto, insecure, or none")
+	flags.StringVar(&initcmd.TLS, "tls", "none", "tls certificate `source`: acme, insecure, none, or /path/to/dir containing privkey and cert files")
 	flags.BoolVar(&initcmd.Start, "start", true, "start systemd service after creating config")
 	if ok, code := cmd.ParseFlags(flags, prog, args, "", stderr); !ok {
 		return code
@@ -108,6 +116,16 @@ func (initcmd *initCommand) RunCommand(prog string, args []string, stdin io.Read
 		return 1
 	}
 
+	switch initcmd.TLS {
+	case "none", "acme", "insecure":
+	default:
+		if !strings.HasPrefix(initcmd.TLS, "/") {
+			err = fmt.Errorf("invalid argument to -tls: %q; see %s -help", initcmd.TLS, prog)
+			return 1
+		}
+		initcmd.TLSDir = initcmd.TLS
+	}
+
 	confdir := "/etc/arvados"
 	conffile := confdir + "/config.yml"
 	if _, err = os.Stat(conffile); err == nil {
@@ -115,31 +133,51 @@ func (initcmd *initCommand) RunCommand(prog string, args []string, stdin io.Read
 		return 1
 	}
 
-	err = initcmd.checkPort(ctx, "4440")
-	err = initcmd.checkPort(ctx, "443")
-	if initcmd.TLS == "auto" {
-		err = initcmd.checkPort(ctx, "80")
+	ports := []int{443}
+	for i := 4440; i < 4460; i++ {
+		ports = append(ports, i)
+	}
+	if initcmd.TLS == "acme" {
+		ports = append(ports, 80)
+	}
+	for _, port := range ports {
+		err = initcmd.checkPort(ctx, fmt.Sprintf("%d", port))
 		if err != nil {
 			return 1
 		}
 	}
 
-	// Do the "create extension" thing early. This way, if there's
-	// no local postgresql server (a likely failure mode), we can
-	// bail out without any side effects, and the user can start
-	// over easily.
-	fmt.Fprintln(stderr, "installing pg_trgm postgresql extension...")
-	cmd := exec.CommandContext(ctx, "sudo", "-u", "postgres", "psql", "--quiet",
-		"-c", `CREATE EXTENSION IF NOT EXISTS pg_trgm`)
-	cmd.Dir = "/"
-	cmd.Stdout = stdout
-	cmd.Stderr = stderr
-	err = cmd.Run()
-	if err != nil {
-		err = fmt.Errorf("error preparing postgresql server: %w", err)
-		return 1
+	if initcmd.CreateDB {
+		// Do the "create extension" thing early. This way, if
+		// there's no local postgresql server (a likely
+		// failure mode), we can bail out without any side
+		// effects, and the user can start over easily.
+		fmt.Fprintln(stderr, "installing pg_trgm postgresql extension...")
+		cmd := exec.CommandContext(ctx, "sudo", "-u", "postgres", "psql", "--quiet",
+			"-c", `CREATE EXTENSION IF NOT EXISTS pg_trgm`)
+		cmd.Dir = "/"
+		cmd.Stdout = stdout
+		cmd.Stderr = stderr
+		err = cmd.Run()
+		if err != nil {
+			err = fmt.Errorf("error preparing postgresql server: %w", err)
+			return 1
+		}
+		fmt.Fprintln(stderr, "...done")
+		initcmd.PostgreSQL.Host = "localhost"
+		initcmd.PostgreSQL.User = "arvados"
+		initcmd.PostgreSQL.Password = initcmd.RandomHex(32)
+		initcmd.PostgreSQL.DB = "arvados"
+	} else {
+		initcmd.PostgreSQL.Host = os.Getenv("POSTGRES_HOST")
+		initcmd.PostgreSQL.User = os.Getenv("POSTGRES_USER")
+		initcmd.PostgreSQL.Password = os.Getenv("POSTGRES_PASSWORD")
+		initcmd.PostgreSQL.DB = os.Getenv("POSTGRES_DB")
+		if initcmd.PostgreSQL.Host == "" || initcmd.PostgreSQL.User == "" || initcmd.PostgreSQL.Password == "" || initcmd.PostgreSQL.DB == "" {
+			err = fmt.Errorf("missing $POSTGRES_* env var(s) for -create-db=false; see %s -help", prog)
+			return 1
+		}
 	}
-	fmt.Fprintln(stderr, "...done")
 
 	wwwuser, err := user.Lookup("www-data")
 	if err != nil {
@@ -150,7 +188,6 @@ func (initcmd *initCommand) RunCommand(prog string, args []string, stdin io.Read
 	if err != nil {
 		return 1
 	}
-	initcmd.PostgreSQLPassword = initcmd.RandomHex(32)
 
 	fmt.Fprintln(stderr, "creating data storage directory /var/lib/arvados/keep ...")
 	err = os.Mkdir("/var/lib/arvados/keep", 0600)
@@ -241,19 +278,20 @@ func (initcmd *initCommand) RunCommand(prog string, args []string, stdin io.Read
     ManagementToken: {{printf "%q" ( .RandomHex 50 )}}
     PostgreSQL:
       Connection:
-        dbname: arvados
-        host: localhost
-        user: arvados
-        password: {{printf "%q" .PostgreSQLPassword}}
+        dbname: {{printf "%q" .PostgreSQL.DB}}
+        host: {{printf "%q" .PostgreSQL.Host}}
+        user: {{printf "%q" .PostgreSQL.User}}
+        password: {{printf "%q" .PostgreSQL.Password}}
     SystemRootToken: {{printf "%q" ( .RandomHex 50 )}}
     TLS:
       {{if eq .TLS "insecure"}}
       Insecure: true
-      {{else if eq .TLS "auto"}}
-      Automatic: true
       {{else if eq .TLS "acme"}}
-      Certificate: {{printf "%q" (print "/var/lib/acme/live/" .Domain "/cert")}}
-      Key: {{printf "%q" (print "/var/lib/acme/live/" .Domain "/privkey")}}
+      ACME:
+        Server: LE
+      {{else if ne .TLSDir ""}}
+      Certificate: {{printf "%q" (print .TLSDir "/cert")}}
+      Key: {{printf "%q" (print .TLSDir "/privkey")}}
       {{else}}
       {}
       {{end}}
@@ -263,8 +301,6 @@ func (initcmd *initCommand) RunCommand(prog string, args []string, stdin io.Read
         DriverParameters:
           Root: /var/lib/arvados/keep
         Replication: 2
-    Workbench:
-      SecretKeyBase: {{printf "%q" ( .RandomHex 50 )}}
     {{if .LoginPAM}}
     Login:
       PAM:
@@ -328,7 +364,7 @@ func (initcmd *initCommand) RunCommand(prog string, args []string, stdin io.Read
 	fmt.Fprintln(stderr, "...done")
 
 	fmt.Fprintln(stderr, "initializing database...")
-	cmd = exec.CommandContext(ctx, "sudo", "-u", "www-data", "-E", "HOME=/var/www", "PATH=/var/lib/arvados/bin:"+os.Getenv("PATH"), "/var/lib/arvados/bin/bundle", "exec", "rake", "db:setup")
+	cmd := exec.CommandContext(ctx, "sudo", "-u", "www-data", "-E", "HOME=/var/www", "PATH=/var/lib/arvados/bin:"+os.Getenv("PATH"), "/var/lib/arvados/bin/bundle", "exec", "rake", "db:setup")
 	cmd.Dir = "/var/lib/arvados/railsapi"
 	cmd.Stdout = stderr
 	cmd.Stderr = stderr
@@ -364,30 +400,12 @@ func (initcmd *initCommand) RunCommand(prog string, args []string, stdin io.Read
 		fmt.Fprintln(stderr, "...looks good")
 	}
 
-	if out, err := exec.CommandContext(ctx, "docker", "version").CombinedOutput(); err == nil && strings.Contains(string(out), "\nServer:\n") {
-		fmt.Fprintln(stderr, "loading alpine docker image for diagnostics...")
-		cmd := exec.CommandContext(ctx, "docker", "pull", "alpine")
-		cmd.Stdout = stderr
-		cmd.Stderr = stderr
-		err = cmd.Run()
-		if err != nil {
-			err = fmt.Errorf("%v: %w", cmd.Args, err)
-			return 1
-		}
-		cmd = exec.CommandContext(ctx, "arv", "root", "keep", "docker", "alpine")
-		cmd.Stdout = stderr
-		cmd.Stderr = stderr
-		err = cmd.Run()
-		if err != nil {
-			err = fmt.Errorf("%v: %w", cmd.Args, err)
-			return 1
-		}
-		fmt.Fprintln(stderr, "...done")
-	} else {
-		fmt.Fprintln(stderr, "docker is not installed -- skipping step of downloading 'alpine' image")
-	}
-
-	fmt.Fprintln(stderr, "Setup complete. You should now be able to log in to workbench2 at", cluster.Services.Workbench2.ExternalURL.String())
+	fmt.Fprintf(stderr, `
+Setup complete. Next steps:
+* run 'arv sudo diagnostics'
+* log in to workbench2 at %s
+* see documentation at https://doc.arvados.org/install/automatic.html
+`, cluster.Services.Workbench2.ExternalURL.String())
 
 	return 0
 }
@@ -494,6 +512,9 @@ func (initcmd *initCommand) checkPortOnce(ctx context.Context, port string) erro
 		return err
 	}
 	resp, err := http.DefaultClient.Do(req)
+	if err == nil {
+		defer resp.Body.Close()
+	}
 	if errServe, _ := errServe.Load().(error); errServe != nil {
 		// If server already exited, return that error
 		// (probably "can't listen"), not the request error.