X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/766d2d7ca8dbb5522a8b7de6409c83fbba4a36ca..7f8fa5edc5175ffda9fdfaa28081f799ae485ec0:/tools/salt-install/provision.sh diff --git a/tools/salt-install/provision.sh b/tools/salt-install/provision.sh index eb09dddf2c..edecc761c8 100755 --- a/tools/salt-install/provision.sh +++ b/tools/salt-install/provision.sh @@ -23,7 +23,8 @@ usage() { echo >&2 "${0} options:" echo >&2 " -d, --debug Run salt installation in debug mode" echo >&2 " -c , --config Path to the local.params config file" - echo >&2 " -t, --test Test installation running a CWL workflow" + echo >&2 " -t, --test Test cluster by running \`arvados-client diagnostics\`" + echo >&2 " and a simple workflow" echo >&2 " -r, --roles List of Arvados roles to apply to the host, comma separated" echo >&2 " Possible values are:" echo >&2 " balancer" @@ -284,17 +285,15 @@ VERSION="latest" # We pin the salt version to avoid potential incompatibilities when a new # stable version is released. -SALT_VERSION="3004" +SALT_VERSION="3006" # Other formula versions we depend on -#POSTGRES_TAG="v0.44.0" -#POSTGRES_URL="https://github.com/saltstack-formulas/postgres-formula.git" -POSTGRES_TAG="0.45.0-bugfix327" -POSTGRES_URL="https://github.com/arvados/postgres-formula.git" +POSTGRES_TAG="7529300c287b1c288af0f494ca668c2217bd1c5d" +POSTGRES_URL="https://github.com/saltstack-formulas/postgres-formula.git" NGINX_TAG="v2.8.1" DOCKER_TAG="v2.4.2" -LOCALE_TAG="v0.3.4" -LETSENCRYPT_TAG="v2.1.0" +LOCALE_TAG="v0.3.5" +LETSENCRYPT_TAG="v3.2.0" LOGROTATE_TAG="v0.14.0" PROMETHEUS_TAG="v5.6.5" GRAFANA_TAG="v3.1.3" @@ -362,32 +361,34 @@ fi if [ "${DUMP_CONFIG}" = "yes" ]; then echo "The provision installer will just dump a config under ${DUMP_SALT_CONFIG_DIR} and exit" else - # Install a few dependency packages - # First, let's figure out the OS we're working on - OS_ID=$(grep ^ID= /etc/os-release |cut -f 2 -d= |cut -f 2 -d \") - echo "Detected distro: ${OS_ID}" - - case ${OS_ID} in - "centos") - echo "WARNING! Disabling SELinux, see https://dev.arvados.org/issues/18019" - sed -i 's/SELINUX=enforcing/SELINUX=permissive/g' /etc/sysconfig/selinux - setenforce permissive - yum install -y curl git jq - ;; - "debian"|"ubuntu") - # Wait 2 minutes for any apt locks to clear - # This option is supported from apt 1.9.1 and ignored in older apt versions. - # Cf. https://blog.sinjakli.co.uk/2021/10/25/waiting-for-apt-locks-without-the-hacky-bash-scripts/ - DEBIAN_FRONTEND=noninteractive apt -o DPkg::Lock::Timeout=120 update - DEBIAN_FRONTEND=noninteractive apt install -y curl git jq - ;; - esac + OS_IDS="$(. /etc/os-release && echo "${ID:-} ${ID_LIKE:-}")" + echo "Detected distro families: $OS_IDS" + + # Several of our formulas use the cron module, which requires the crontab + # command. We install systemd-cron to ensure we have that. + # The rest of these packages are required by the rest of the script. + for OS_ID in $OS_IDS; do + case "$OS_ID" in + rhel) + echo "WARNING! Disabling SELinux, see https://dev.arvados.org/issues/18019" + sed -i 's/SELINUX=enforcing/SELINUX=permissive/g' /etc/sysconfig/selinux + setenforce permissive + yum install -y curl git jq systemd-cron + break + ;; + debian) + DEBIAN_FRONTEND=noninteractive apt -o DPkg::Lock::Timeout=120 update + DEBIAN_FRONTEND=noninteractive apt install -y curl git jq systemd-cron + break + ;; + esac + done if which salt-call; then echo "Salt already installed" else curl -L https://bootstrap.saltstack.com -o /tmp/bootstrap_salt.sh - sh /tmp/bootstrap_salt.sh -XdfP -x python3 old-stable ${SALT_VERSION} + sh /tmp/bootstrap_salt.sh -XdfP -x python3 stable ${SALT_VERSION} /bin/systemctl stop salt-minion.service /bin/systemctl disable salt-minion.service fi @@ -430,7 +431,7 @@ test -d nginx && ( cd nginx && git fetch ) \ echo "...postgres" test -d postgres && ( cd postgres && git fetch ) \ || git clone --quiet ${POSTGRES_URL} ${F_DIR}/postgres -( cd postgres && git checkout --quiet tags/"${POSTGRES_TAG}" ) +( cd postgres && git checkout --quiet "${POSTGRES_TAG}" ) echo "...prometheus" test -d prometheus && ( cd prometheus && git fetch ) \ @@ -614,10 +615,12 @@ if [ -z "${ROLES:-}" ]; then echo " - extra.shell_sudo_passwordless" >> ${STATES_TOP} echo " - extra.shell_cron_add_login_sync" >> ${STATES_TOP} echo " - extra.passenger_rvm" >> ${STATES_TOP} + echo " - extra.workbench1_uninstall" >> ${STATES_TOP} # Pillars echo " - docker" >> ${PILLARS_TOP} echo " - nginx_api_configuration" >> ${PILLARS_TOP} + echo " - logrotate" >> ${PILLARS_TOP} echo " - logrotate_api" >> ${PILLARS_TOP} echo " - nginx_controller_configuration" >> ${PILLARS_TOP} echo " - nginx_keepproxy_configuration" >> ${PILLARS_TOP} @@ -853,6 +856,7 @@ else grep -q "arvados.controller" ${STATES_TOP} || echo " - arvados.controller" >> ${STATES_TOP} ### Pillars ### + grep -q "logrotate" ${PILLARS_TOP} || echo " - logrotate" >> ${PILLARS_TOP} grep -q "logrotate_api" ${PILLARS_TOP} || echo " - logrotate_api" >> ${PILLARS_TOP} grep -q "aws_credentials" ${PILLARS_TOP} || echo " - aws_credentials" >> ${PILLARS_TOP} grep -q "postgresql" ${PILLARS_TOP} || echo " - postgresql" >> ${PILLARS_TOP} @@ -914,6 +918,10 @@ else if [[ "${R}" != "webshell" && "${R}" != "workbench" ]]; then grep -q "arvados.${R}" ${STATES_TOP} || echo " - arvados.${R}" >> ${STATES_TOP} fi + # Make sure wb1's package get uninstalled + if [[ "${R}" == "workbench" ]]; then + grep -q "workbench1_uninstall" ${STATES_TOP} || echo " - extra.workbench1_uninstall" >> ${STATES_TOP} + fi ### Pillars ### grep -q "nginx_${R}_configuration" ${PILLARS_TOP} || echo " - nginx_${R}_configuration" >> ${PILLARS_TOP}