X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/75d050ab135619fcefecbfa32aaad4dab33e7588..51fd368253a0b61c58f62bea829446109bf6af3a:/lib/install/init.go diff --git a/lib/install/init.go b/lib/install/init.go index ca8d4da924..f65eae54c3 100644 --- a/lib/install/init.go +++ b/lib/install/init.go @@ -18,6 +18,7 @@ import ( "os/user" "regexp" "strconv" + "strings" "text/template" "git.arvados.org/arvados.git/lib/cmd" @@ -33,6 +34,15 @@ type initCommand struct { ClusterID string Domain string PostgreSQLPassword string + Login string + TLS string + Start bool + + LoginPAM bool + LoginTest bool + LoginGoogle bool + LoginGoogleClientID string + LoginGoogleClientSecret string } func (initcmd *initCommand) RunCommand(prog string, args []string, stdin io.Reader, stdout, stderr io.Writer) int { @@ -59,22 +69,40 @@ func (initcmd *initCommand) RunCommand(prog string, args []string, stdin io.Read versionFlag := flags.Bool("version", false, "Write version information to stdout and exit 0") flags.StringVar(&initcmd.ClusterID, "cluster-id", "", "cluster `id`, like x1234 for a dev cluster") flags.StringVar(&initcmd.Domain, "domain", hostname, "cluster public DNS `name`, like x1234.arvadosapi.com") - err = flags.Parse(args) - if err == flag.ErrHelp { - err = nil - return 0 - } else if err != nil { - return 2 + flags.StringVar(&initcmd.Login, "login", "", "login `backend`: test, pam, 'google {client-id} {client-secret}', or ''") + flags.StringVar(&initcmd.TLS, "tls", "none", "tls certificate `source`: acme, auto, insecure, or none") + flags.BoolVar(&initcmd.Start, "start", true, "start systemd service after creating config") + if ok, code := cmd.ParseFlags(flags, prog, args, "", stderr); !ok { + return code } else if *versionFlag { return cmd.Version.RunCommand(prog, args, stdin, stdout, stderr) - } else if len(flags.Args()) > 0 { - err = fmt.Errorf("unrecognized command line arguments: %v", flags.Args()) - return 2 } else if !regexp.MustCompile(`^[a-z][a-z0-9]{4}`).MatchString(initcmd.ClusterID) { err = fmt.Errorf("cluster ID %q is invalid; must be an ASCII letter followed by 4 alphanumerics (try -help)", initcmd.ClusterID) return 1 } + if fields := strings.Fields(initcmd.Login); len(fields) == 3 && fields[0] == "google" { + initcmd.LoginGoogle = true + initcmd.LoginGoogleClientID = fields[1] + initcmd.LoginGoogleClientSecret = fields[2] + } else if initcmd.Login == "test" { + initcmd.LoginTest = true + } else if initcmd.Login == "pam" { + initcmd.LoginPAM = true + } else if initcmd.Login == "" { + // none; login will show an error page + } else { + err = fmt.Errorf("invalid argument to -login: %q: should be 'test', 'pam', 'google {client-id} {client-secret}', or empty") + return 1 + } + + confdir := "/etc/arvados" + conffile := confdir + "/config.yml" + if _, err = os.Stat(conffile); err == nil { + err = fmt.Errorf("config file %s already exists; delete it first if you really want to start over", conffile) + return 1 + } + wwwuser, err := user.Lookup("www-data") if err != nil { err = fmt.Errorf("user.Lookup(%q): %w", "www-data", err) @@ -93,15 +121,19 @@ func (initcmd *initCommand) RunCommand(prog string, args []string, stdin io.Read } fmt.Fprintln(stderr, "created /var/lib/arvados/keep") - err = os.Mkdir("/etc/arvados", 0750) + err = os.Mkdir(confdir, 0750) if err != nil && !os.IsExist(err) { - err = fmt.Errorf("mkdir /etc/arvados: %w", err) + err = fmt.Errorf("mkdir %s: %w", confdir, err) return 1 } - err = os.Chown("/etc/arvados", 0, wwwgid) - f, err := os.OpenFile("/etc/arvados/config.yml", os.O_CREATE|os.O_EXCL|os.O_WRONLY, 0644) + err = os.Chown(confdir, 0, wwwgid) if err != nil { - err = fmt.Errorf("open /etc/arvados/config.yml: %w", err) + err = fmt.Errorf("chown 0:%d %s: %w", wwwgid, confdir, err) + return 1 + } + f, err := os.OpenFile(conffile, os.O_CREATE|os.O_EXCL|os.O_WRONLY, 0644) + if err != nil { + err = fmt.Errorf("open %s: %w", conffile, err) return 1 } tmpl, err := template.New("config").Parse(`Clusters: @@ -109,59 +141,63 @@ func (initcmd *initCommand) RunCommand(prog string, args []string, stdin io.Read Services: Controller: InternalURLs: - "http://0.0.0.0:8003/": {} - ExternalURL: {{printf "%q" ( print "https://" .Domain "/" ) }} + "http://0.0.0.0:9000/": {} + ExternalURL: {{printf "%q" ( print "https://" .Domain ":4440/" ) }} RailsAPI: InternalURLs: - "http://0.0.0.0:8004/": {} + "http://0.0.0.0:9001/": {} Websocket: InternalURLs: "http://0.0.0.0:8005/": {} - ExternalURL: {{printf "%q" ( print "wss://ws." .Domain "/" ) }} + ExternalURL: {{printf "%q" ( print "wss://" .Domain ":4436/" ) }} Keepbalance: InternalURLs: - "http://0.0.0.0:9005/": {} + "http://0.0.0.0:9019/": {} GitHTTP: InternalURLs: - "http://0.0.0.0:9001/": {} - ExternalURL: {{printf "%q" ( print "https://git." .Domain "/" ) }} + "http://0.0.0.0:9005/": {} + ExternalURL: {{printf "%q" ( print "https://" .Domain ":4445/" ) }} DispatchCloud: InternalURLs: "http://0.0.0.0:9006/": {} Keepproxy: InternalURLs: - "http://0.0.0.0:25108/": {} - ExternalURL: {{printf "%q" ( print "https://keep." .Domain "/" ) }} + "http://0.0.0.0:9007/": {} + ExternalURL: {{printf "%q" ( print "https://" .Domain ":4447/" ) }} WebDAV: InternalURLs: - "http://0.0.0.0:9002/": {} - ExternalURL: {{printf "%q" ( print "https://*.collections." .Domain "/" ) }} + "http://0.0.0.0:9008/": {} + ExternalURL: {{printf "%q" ( print "https://" .Domain ":4448/" ) }} WebDAVDownload: InternalURLs: - "http://0.0.0.0:8004/": {} - ExternalURL: {{printf "%q" ( print "https://download." .Domain "/" ) }} + "http://0.0.0.0:9009/": {} + ExternalURL: {{printf "%q" ( print "https://" .Domain ":4449/" ) }} Keepstore: InternalURLs: - "http://0.0.0.0:25107/": {} + "http://0.0.0.0:9010/": {} Composer: - ExternalURL: {{printf "%q" ( print "https://workbench." .Domain "/composer" ) }} + ExternalURL: {{printf "%q" ( print "https://" .Domain ":4459/composer" ) }} Workbench1: InternalURLs: - "http://0.0.0.0:8001/": {} - ExternalURL: {{printf "%q" ( print "https://workbench." .Domain "/" ) }} + "http://0.0.0.0:9002/": {} + ExternalURL: {{printf "%q" ( print "https://" .Domain ":4442/" ) }} Workbench2: InternalURLs: - "http://0.0.0.0:8002/": {} - ExternalURL: {{printf "%q" ( print "https://workbench2." .Domain "/" ) }} + "http://0.0.0.0:9003/": {} + ExternalURL: {{printf "%q" ( print "https://" .Domain "/" ) }} Health: InternalURLs: - "http://0.0.0.0:9007/": {} - API: - RailsSessionSecretToken: {{printf "%q" ( .RandomHex 50 )}} + "http://0.0.0.0:9011/": {} Collections: BlobSigningKey: {{printf "%q" ( .RandomHex 50 )}} + {{if eq .TLS "insecure"}} + TrustAllContent: true + {{end}} Containers: DispatchPrivateKey: {{printf "%q" .GenerateSSHPrivateKey}} + CloudVMs: + Enable: true + Driver: loopback ManagementToken: {{printf "%q" ( .RandomHex 50 )}} PostgreSQL: Connection: @@ -171,34 +207,68 @@ func (initcmd *initCommand) RunCommand(prog string, args []string, stdin io.Read password: {{printf "%q" .PostgreSQLPassword}} SystemRootToken: {{printf "%q" ( .RandomHex 50 )}} TLS: + {{if eq .TLS "insecure"}} Insecure: true + {{else if eq .TLS "auto"}} + Automatic: true + {{else if eq .TLS "acme"}} + Certificate: {{printf "%q" (print "/var/lib/acme/live/" .Domain "/cert")}} + Key: {{printf "%q" (print "/var/lib/acme/live/" .Domain "/privkey")}} + {{else}} + {} + {{end}} Volumes: {{.ClusterID}}-nyw5e-000000000000000: Driver: Directory DriverParameters: Root: /var/lib/arvados/keep Replication: 2 + Workbench: + SecretKeyBase: {{printf "%q" ( .RandomHex 50 )}} + {{if .LoginPAM}} + Login: + PAM: + Enable: true + {{else if .LoginTest}} + Login: + Test: + Enable: true + Users: + admin: + Email: admin@example.com + Password: admin + {{else if .LoginGoogle}} + Login: + Google: + Enable: true + ClientID: {{printf "%q" .LoginGoogleClientID}} + ClientSecret: {{printf "%q" .LoginGoogleClientSecret}} + {{end}} + {{if .LoginTest}} + Users: + AutoAdminUserWithEmail: admin@example.com + {{end}} `) if err != nil { return 1 } err = tmpl.Execute(f, initcmd) if err != nil { - err = fmt.Errorf("/etc/arvados/config.yml: tmpl.Execute: %w", err) + err = fmt.Errorf("%s: tmpl.Execute: %w", conffile, err) return 1 } err = f.Close() if err != nil { - err = fmt.Errorf("/etc/arvados/config.yml: close: %w", err) + err = fmt.Errorf("%s: close: %w", conffile, err) return 1 } - fmt.Fprintln(stderr, "created /etc/arvados/config.yml") + fmt.Fprintln(stderr, "created", conffile) ldr := config.NewLoader(nil, logger) ldr.SkipLegacy = true cfg, err := ldr.Load() if err != nil { - err = fmt.Errorf("/etc/arvados/config.yml: %w", err) + err = fmt.Errorf("%s: %w", conffile, err) return 1 } cluster, err := cfg.GetCluster("") @@ -217,11 +287,24 @@ func (initcmd *initCommand) RunCommand(prog string, args []string, stdin io.Read cmd.Stderr = stderr err = cmd.Run() if err != nil { - err = fmt.Errorf("rake db:setup: %w", err) + err = fmt.Errorf("rake db:setup failed: %w", err) return 1 } fmt.Fprintln(stderr, "initialized database") + if initcmd.Start { + fmt.Fprintln(stderr, "starting systemd service") + cmd := exec.CommandContext(ctx, "systemctl", "start", "--no-block", "arvados") + cmd.Dir = "/" + cmd.Stdout = stderr + cmd.Stderr = stderr + err = cmd.Run() + if err != nil { + err = fmt.Errorf("%v: %w", cmd.Args, err) + return 1 + } + } + return 0 }