X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/7a2e9199172a3c102e8a6c7b723fd44bc031bda4..refs/heads/main:/tools/salt-install/provision.sh diff --git a/tools/salt-install/provision.sh b/tools/salt-install/provision.sh index bb95b2702a..af48c367c2 100755 --- a/tools/salt-install/provision.sh +++ b/tools/salt-install/provision.sh @@ -23,7 +23,8 @@ usage() { echo >&2 "${0} options:" echo >&2 " -d, --debug Run salt installation in debug mode" echo >&2 " -c , --config Path to the local.params config file" - echo >&2 " -t, --test Test installation running a CWL workflow" + echo >&2 " -t, --test Test cluster by running \`arvados-client diagnostics\`" + echo >&2 " and a simple workflow" echo >&2 " -r, --roles List of Arvados roles to apply to the host, comma separated" echo >&2 " Possible values are:" echo >&2 " balancer" @@ -284,17 +285,15 @@ VERSION="latest" # We pin the salt version to avoid potential incompatibilities when a new # stable version is released. -SALT_VERSION="3004" +SALT_VERSION="3007" # Other formula versions we depend on -#POSTGRES_TAG="v0.44.0" -#POSTGRES_URL="https://github.com/saltstack-formulas/postgres-formula.git" -POSTGRES_TAG="0.45.0-bugfix327" +POSTGRES_TAG="a809e03bad115bbdf24ad347e2dc9a52e144c31f" POSTGRES_URL="https://github.com/arvados/postgres-formula.git" NGINX_TAG="v2.8.1" DOCKER_TAG="v2.4.2" -LOCALE_TAG="v0.3.4" -LETSENCRYPT_TAG="v2.1.0" +LOCALE_TAG="v0.3.5" +LETSENCRYPT_TAG="v3.2.0" LOGROTATE_TAG="v0.14.0" PROMETHEUS_TAG="v5.6.5" GRAFANA_TAG="v3.1.3" @@ -362,38 +361,60 @@ fi if [ "${DUMP_CONFIG}" = "yes" ]; then echo "The provision installer will just dump a config under ${DUMP_SALT_CONFIG_DIR} and exit" else - # Install a few dependency packages - # First, let's figure out the OS we're working on - OS_IDS="$(. /etc/os-release && echo "${ID:-} ${ID_LIKE:-}")" - echo "Detected distro families: $OS_IDS" - - for OS_ID in $OS_IDS; do + # Read the variables of /etc/os-release but prefix their names with `_OS_` + # to avoid name conflicts. + eval "$(awk '(/^[A-Z_]+=/) { print "_OS_" $0 }' /etc/os-release)" + echo "Detected distro families: ${_OS_ID:-} ${_OS_ID_LIKE:-}" + + # Several of our formulas use the cron module, which requires the crontab + # command. We install systemd-cron to ensure we have that. + # The rest of these packages are required by the rest of the script. + for OS_ID in ${_OS_ID:-} ${_OS_ID_LIKE:-}; do case "$OS_ID" in rhel) echo "WARNING! Disabling SELinux, see https://dev.arvados.org/issues/18019" sed -i 's/SELINUX=enforcing/SELINUX=permissive/g' /etc/sysconfig/selinux setenforce permissive - yum install -y curl git jq + yum install -y curl git jq systemd-cron + if command -v salt-call >/dev/null; then + echo "Salt already installed" + break + fi + curl -L https://bootstrap.saltstack.com -o /tmp/bootstrap_salt.sh + sh /tmp/bootstrap_salt.sh -XdfP -x python3 stable ${SALT_VERSION} break ;; debian) - DEBIAN_FRONTEND=noninteractive apt -o DPkg::Lock::Timeout=120 update - DEBIAN_FRONTEND=noninteractive apt install -y curl git jq + DEBIAN_FRONTEND=noninteractive apt-get -o DPkg::Lock::Timeout=120 update + # This list includes our own dependencies, plus depdencies necessary + # to retrieve the Salt apt repository. + DEBIAN_FRONTEND=noninteractive apt-get install -y \ + apt-transport-https ca-certificates curl git gnupg jq systemd-cron + if command -v salt-call >/dev/null; then + echo "Salt already installed" + break + fi + salt_apt_url="https://repo.saltproject.io/salt/py3/$_OS_ID/$_OS_VERSION_ID/$(dpkg --print-architecture)" + salt_apt_key=SALT-PROJECT-GPG-PUBKEY-2023.gpg + install -d -m 755 /etc/apt/keyrings + curl -fsSL -o "/etc/apt/keyrings/$salt_apt_key" "$salt_apt_url/$salt_apt_key" + chmod go+r "/etc/apt/keyrings/$salt_apt_key" + install -b -m 644 /dev/stdin "/etc/apt/sources.list.d/salt$SALT_VERSION.sources" < /etc/salt/minion << EOFSM failhard: "True" @@ -431,7 +452,7 @@ test -d nginx && ( cd nginx && git fetch ) \ echo "...postgres" test -d postgres && ( cd postgres && git fetch ) \ || git clone --quiet ${POSTGRES_URL} ${F_DIR}/postgres -( cd postgres && git checkout --quiet tags/"${POSTGRES_TAG}" ) +( cd postgres && git checkout --quiet "${POSTGRES_TAG}" ) echo "...prometheus" test -d prometheus && ( cd prometheus && git fetch ) \ @@ -615,10 +636,12 @@ if [ -z "${ROLES:-}" ]; then echo " - extra.shell_sudo_passwordless" >> ${STATES_TOP} echo " - extra.shell_cron_add_login_sync" >> ${STATES_TOP} echo " - extra.passenger_rvm" >> ${STATES_TOP} + echo " - extra.workbench1_uninstall" >> ${STATES_TOP} # Pillars echo " - docker" >> ${PILLARS_TOP} echo " - nginx_api_configuration" >> ${PILLARS_TOP} + echo " - logrotate" >> ${PILLARS_TOP} echo " - logrotate_api" >> ${PILLARS_TOP} echo " - nginx_controller_configuration" >> ${PILLARS_TOP} echo " - nginx_keepproxy_configuration" >> ${PILLARS_TOP} @@ -719,6 +742,10 @@ else for R in ${ROLES:-}; do case "${R}" in "database") + # Skip if using an external service + if [[ "${DATABASE_EXTERNAL_SERVICE_HOST_OR_IP:-}" != "" ]]; then + continue + fi # States grep -q "\- postgres$" ${STATES_TOP} || echo " - postgres" >> ${STATES_TOP} grep -q "extra.prometheus_pg_exporter" ${STATES_TOP} || echo " - extra.prometheus_pg_exporter" >> ${STATES_TOP} @@ -836,6 +863,9 @@ else fi echo " - extra.passenger_rvm" >> ${STATES_TOP} grep -q "^ - postgres\\.client$" ${STATES_TOP} || echo " - postgres.client" >> ${STATES_TOP} + if [[ "${DATABASE_EXTERNAL_SERVICE_HOST_OR_IP:-}" != "" ]]; then + grep -q " - extra.postgresql_external" ${STATES_TOP} || echo " - extra.postgresql_external" >> ${STATES_TOP} + fi ### If we don't install and run LE before arvados-api-server, it fails and breaks everything ### after it. So we add this here as we are, after all, sharing the host for api and controller @@ -854,6 +884,7 @@ else grep -q "arvados.controller" ${STATES_TOP} || echo " - arvados.controller" >> ${STATES_TOP} ### Pillars ### + grep -q "logrotate" ${PILLARS_TOP} || echo " - logrotate" >> ${PILLARS_TOP} grep -q "logrotate_api" ${PILLARS_TOP} || echo " - logrotate_api" >> ${PILLARS_TOP} grep -q "aws_credentials" ${PILLARS_TOP} || echo " - aws_credentials" >> ${PILLARS_TOP} grep -q "postgresql" ${PILLARS_TOP} || echo " - postgresql" >> ${PILLARS_TOP} @@ -862,6 +893,10 @@ else grep -q "nginx_api_configuration" ${PILLARS_TOP} || echo " - nginx_api_configuration" >> ${PILLARS_TOP} grep -q "nginx_controller_configuration" ${PILLARS_TOP} || echo " - nginx_controller_configuration" >> ${PILLARS_TOP} + if [[ "${DATABASE_EXTERNAL_SERVICE_HOST_OR_IP:-}" != "" ]]; then + grep -q " - postgresql_external" ${PILLARS_TOP} || echo " - postgresql_external" >> ${PILLARS_TOP} + fi + if [ "${ENABLE_BALANCER}" == "no" ]; then if [ "${SSL_MODE}" = "lets-encrypt" ]; then if [ "${USE_LETSENCRYPT_ROUTE53}" = "yes" ]; then @@ -915,6 +950,10 @@ else if [[ "${R}" != "webshell" && "${R}" != "workbench" ]]; then grep -q "arvados.${R}" ${STATES_TOP} || echo " - arvados.${R}" >> ${STATES_TOP} fi + # Make sure wb1's package get uninstalled + if [[ "${R}" == "workbench" ]]; then + grep -q "workbench1_uninstall" ${STATES_TOP} || echo " - extra.workbench1_uninstall" >> ${STATES_TOP} + fi ### Pillars ### grep -q "nginx_${R}_configuration" ${PILLARS_TOP} || echo " - nginx_${R}_configuration" >> ${PILLARS_TOP}