X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/2de2c96925cc3439305f16dced7f89bd9124853d..3bcfed8f2e06d8e957afe8a342dee3c5b935734c:/tools/salt-install/installer.sh

diff --git a/tools/salt-install/installer.sh b/tools/salt-install/installer.sh
index 21f36faace..c86e9b02c3 100755
--- a/tools/salt-install/installer.sh
+++ b/tools/salt-install/installer.sh
@@ -43,6 +43,10 @@ declare DEPLOY_USER
 # This will be populated by loadconfig()
 declare GITTARGET
 
+# The public host used as an SSH jump host
+# This will be populated by loadconfig()
+declare USE_SSH_JUMPHOST
+
 checktools() {
     local MISSING=''
     for a in git ip ; do
@@ -56,6 +60,13 @@ checktools() {
     fi
 }
 
+cleanup() {
+    local NODE=$1
+    local SSH=`ssh_cmd "$NODE"`
+    # Delete the old repository
+    $SSH $DEPLOY_USER@$NODE rm -rf ${GITTARGET}.git ${GITTARGET}
+}
+
 sync() {
     local NODE=$1
     local BRANCH=$2
@@ -64,31 +75,26 @@ sync() {
     # each node, pushing our branch, and updating the checkout.
 
     if [[ "$NODE" != localhost ]] ; then
-	if ! ssh $DEPLOY_USER@$NODE test -d ${GITTARGET}.git ; then
-
-	    # Initialize the git repository (1st time case).  We're
-	    # actually going to make two repositories here because git
-	    # will complain if you try to push to a repository with a
-	    # checkout. So we're going to create a "bare" repository
-	    # and then clone a regular repository (with a checkout)
-	    # from that.
-
-	    ssh $DEPLOY_USER@$NODE git init --bare --shared=0600 ${GITTARGET}.git
-	    if ! git remote add $NODE $DEPLOY_USER@$NODE:${GITTARGET}.git ; then
-			git remote set-url $NODE $DEPLOY_USER@$NODE:${GITTARGET}.git
-	    fi
-	    git push $NODE $BRANCH
-	    ssh $DEPLOY_USER@$NODE "umask 0077 && git clone ${GITTARGET}.git ${GITTARGET}"
+	SSH=`ssh_cmd "$NODE"`
+	GIT="eval `git_cmd $NODE`"
+
+	cleanup $NODE
+
+	# Update the git remote for the remote repository.
+	if ! $GIT remote add $NODE $DEPLOY_USER@$NODE:${GITTARGET}.git ; then
+	    $GIT remote set-url $NODE $DEPLOY_USER@$NODE:${GITTARGET}.git
 	fi
 
-	# The update case.
-	#
-	# Push to the bare repository on the remote node, then in the
-	# remote node repository with the checkout, pull the branch
-	# from the bare repository.
+	# Initialize the git repository.  We're
+	# actually going to make two repositories here because git
+	# will complain if you try to push to a repository with a
+	# checkout. So we're going to create a "bare" repository
+	# and then clone a regular repository (with a checkout)
+	# from that.
 
-	git push $NODE $BRANCH
-	ssh $DEPLOY_USER@$NODE "git -C ${GITTARGET} checkout ${BRANCH} && git -C ${GITTARGET} pull"
+	$SSH $DEPLOY_USER@$NODE git init --bare --shared=0600 ${GITTARGET}.git
+	$GIT push $NODE $BRANCH
+	$SSH $DEPLOY_USER@$NODE "umask 0077 && git clone -s ${GITTARGET}.git ${GITTARGET} && git -C ${GITTARGET} checkout ${BRANCH}"
     fi
 }
 
@@ -100,32 +106,48 @@ deploynode() {
     # the appropriate roles.
 
     if [[ -z "$ROLES" ]] ; then
-	echo "No roles specified for $NODE, will deploy all roles"
+		echo "No roles specified for $NODE, will deploy all roles"
     else
-	ROLES="--roles ${ROLES}"
+		ROLES="--roles ${ROLES}"
     fi
 
     logfile=deploy-${NODE}-$(date -Iseconds).log
+    SSH=`ssh_cmd "$NODE"`
 
     if [[ "$NODE" = localhost ]] ; then
 	    SUDO=''
-	if [[ $(whoami) != 'root' ]] ; then
-	    SUDO=sudo
-	fi
-	$SUDO ./provision.sh --config ${CONFIG_FILE} ${ROLES} 2>&1 | tee $logfile
+		if [[ $(whoami) != 'root' ]] ; then
+			SUDO=sudo
+		fi
+		$SUDO ./provision.sh --config ${CONFIG_FILE} ${ROLES} 2>&1 | tee $logfile
     else
-	ssh $DEPLOY_USER@$NODE "cd ${GITTARGET} && sudo ./provision.sh --config ${CONFIG_FILE} ${ROLES}" 2>&1 | tee $logfile
+	    $SSH $DEPLOY_USER@$NODE "cd ${GITTARGET} && git log -n1 HEAD && sudo ./provision.sh --config ${CONFIG_FILE} ${ROLES}" 2>&1 | tee $logfile
+	    cleanup $NODE
     fi
 }
 
 loadconfig() {
     if [[ ! -s $CONFIG_FILE ]] ; then
-	echo "Must be run from initialized setup dir, maybe you need to 'initialize' first?"
+		echo "Must be run from initialized setup dir, maybe you need to 'initialize' first?"
     fi
     source ${CONFIG_FILE}
     GITTARGET=arvados-deploy-config-${CLUSTER}
 }
 
+ssh_cmd() {
+	local NODE=$1
+	if [ -z "${USE_SSH_JUMPHOST}" -o "${NODE}" == "${USE_SSH_JUMPHOST}" -o "${NODE}" == "localhost" ]; then
+		echo "ssh"
+	else
+		echo "ssh -J ${DEPLOY_USER}@${USE_SSH_JUMPHOST}"
+	fi
+}
+
+git_cmd() {
+	local NODE=$1
+	echo "GIT_SSH_COMMAND=\"`ssh_cmd ${NODE}`\" git"
+}
+
 set +u
 subcmd="$1"
 set -u
@@ -185,6 +207,12 @@ case "$subcmd" in
 
 	cd $SETUPDIR
 	echo '*.log' > .gitignore
+	echo '**/.terraform' >> .gitignore
+	echo '**/.infracost' >> .gitignore
+
+	if [[ -n "$TERRAFORM" ]] ; then
+		git add terraform
+	fi
 
 	git add *.sh ${CONFIG_FILE} ${CONFIG_DIR} tests .gitignore
 	git commit -m"initial commit"
@@ -203,12 +231,19 @@ case "$subcmd" in
 
     terraform)
 	logfile=terraform-$(date -Iseconds).log
-	(cd terraform/vpc && terraform apply) 2>&1 | tee -a $logfile
-	(cd terraform/data-storage && terraform apply) 2>&1 | tee -a $logfile
-	(cd terraform/services && terraform apply) 2>&1 | grep -v letsencrypt_iam_secret_access_key | tee -a $logfile
+	(cd terraform/vpc && terraform apply -auto-approve) 2>&1 | tee -a $logfile
+	(cd terraform/data-storage && terraform apply -auto-approve) 2>&1 | tee -a $logfile
+	(cd terraform/services && terraform apply -auto-approve) 2>&1 | grep -v letsencrypt_iam_secret_access_key | tee -a $logfile
 	(cd terraform/services && echo -n 'letsencrypt_iam_secret_access_key = ' && terraform output letsencrypt_iam_secret_access_key) 2>&1 | tee -a $logfile
 	;;
 
+    terraform-destroy)
+	logfile=terraform-$(date -Iseconds).log
+	(cd terraform/services && terraform destroy) 2>&1 | tee -a $logfile
+	(cd terraform/data-storage && terraform destroy) 2>&1 | tee -a $logfile
+	(cd terraform/vpc && terraform destroy) 2>&1 | tee -a $logfile
+	;;
+
     generate-tokens)
 	for i in BLOB_SIGNING_KEY MANAGEMENT_TOKEN SYSTEM_ROOT_TOKEN ANONYMOUS_USER_TOKEN WORKBENCH_SECRET_KEY DATABASE_PASSWORD; do
 	    echo ${i}=$(tr -dc A-Za-z0-9 </dev/urandom | head -c 32 ; echo '')
@@ -230,7 +265,7 @@ case "$subcmd" in
 	    exit 1
 	fi
 
-	BRANCH=$(git branch --show-current)
+	BRANCH=$(git rev-parse --abbrev-ref HEAD)
 
 	set -x
 
@@ -275,7 +310,7 @@ case "$subcmd" in
 	else
 	    # Just deploy the node that was supplied on the command line.
 	    sync $NODE $BRANCH
-	    deploynode $NODE ""
+	    deploynode $NODE "${NODES[$NODE]}"
 	fi
 
 	set +x
@@ -304,7 +339,7 @@ case "$subcmd" in
 	    exit 1
 	fi
 
-	export ARVADOS_API_HOST="${CLUSTER}.${DOMAIN}:${CONTROLLER_EXT_SSL_PORT}"
+	export ARVADOS_API_HOST="${DOMAIN}:${CONTROLLER_EXT_SSL_PORT}"
 	export ARVADOS_API_TOKEN="$SYSTEM_ROOT_TOKEN"
 
 	arvados-client diagnostics $LOCATION
@@ -315,6 +350,7 @@ case "$subcmd" in
 	echo ""
 	echo "initialize        initialize the setup directory for configuration"
 	echo "terraform         create cloud resources using terraform"
+	echo "terraform-destroy destroy cloud resources created by terraform"
 	echo "generate-tokens   generate random values for tokens"
 	echo "deploy            deploy the configuration from the setup directory"
 	echo "diagnostics       check your install using diagnostics"