Also, some documentation fixes.
Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas.dipentima@curii.com>
The script expects cert/key files with these basenames (matching the role except for <i>keepweb</i>, which is split in both <i>download / collections</i>):
+# @balancer@ -- Optional on multi-node installations
+# @collections@ -- Part of keepweb, must be a wildcard for @*.collections.${DOMAIN}@
# @controller@
-# @websocket@ -- note: corresponds to default domain @ws.${DOMAIN}@
-# @keepproxy@ -- note: corresponds to default domain @keep.${DOMAIN}@
# @download@ -- Part of keepweb
-# @collections@ -- Part of keepweb, must be a wildcard for @*.collections.${DOMAIN}@
+# @grafana@ -- Service available by default on multi-node installations
+# @keepproxy@ -- Corresponds to default domain @keep.${DOMAIN}@
+# @prometheus@ -- Service available by default on multi-node installations
+# @webshell@
+# @websocket@ -- Corresponds to default domain @ws.${DOMAIN}@
# @workbench@
# @workbench2@
-# @webshell@
For example, for the @keepproxy@ service the script will expect to find this certificate:
h3. Parameters from @local.params@:
-# Set @CLUSTER@ to the 5-character cluster identifier (e.g "xarv1")
-# Set @DOMAIN@ to the base DNS domain of the environment, e.g. "xarv1.example.com"
+# Set @CLUSTER@ to the 5-character cluster identifier. (e.g. "xarv1")
+# Set @DOMAIN@ to the base DNS domain of the environment. (e.g. "xarv1.example.com")
# Set the @*_INT_IP@ variables with the internal (private) IP addresses of each host. Since services share hosts, some hosts are the same. See "note about /etc/hosts":#etchosts
# Edit @CLUSTER_INT_CIDR@, this should be the CIDR of the private network that Arvados is running on, e.g. the VPC. If you used terraform, this is emitted as @cluster_int_cidr@.
_CIDR stands for "Classless Inter-Domain Routing" and describes which portion of the IP address that refers to the network. For example 192.168.3.0/24 means that the first 24 bits are the network (192.168.3) and the last 8 bits are a specific host on that network._
...
)
</code></pre>
-# In @local.params@, set @DATABASE_INT_IP@ to the database endpoint (can be a hostname, does not have to be an IP address).
-<pre><code>DATABASE_INT_IP=...
+# In @local.params@, set @DATABASE_INT_IP@ to empty string and @DATABASE_EXTERNAL_SERVICE_HOST_OR_IP@ to the database endpoint (can be a hostname, does not have to be an IP address).
+<pre><code>DATABASE_INT_IP=""
+...
+DATABASE_EXTERNAL_SERVICE_HOST_OR_IP="arvados.xxxxxxx.eu-east-1.rds.amazonaws.com"
</code></pre>
-# In @local.params@, set @DATABASE_PASSWORD@ to the correct value. "See the previous section describing correct quoting":#localparams
-# In @local_config_dir/pillars/arvados.sls@ you may need to adjust the database name and user. This can be found in the section @arvados.cluster.database@.
+# In @local.params.secrets@, set @DATABASE_PASSWORD@ to the correct value. "See the previous section describing correct quoting":#localparams
+# In @local.params@ you may need to adjust the database name and user.
h2(#further_customization). Further customization of the installation (optional)
fi
}
+checkcert() {
+ local CERTNAME=$1
+ local CERTPATH="${CONFIG_DIR}/certs/${CERTNAME}"
+ if [[ ! -f "${CERTPATH}.crt" || ! -e "${CERTPATH}.key" ]]; then
+ echo "Missing ${CERTPATH}.crt or ${CERTPATH}.key files"
+ exit 1
+ fi
+}
+
loadconfig() {
if ! [[ -s ${CONFIG_FILE} && -s ${CONFIG_FILE}.secrets ]]; then
echo "Must be run from initialized setup dir, maybe you need to 'initialize' first?"
exit 1
fi
+ if [[ ${SSL_MODE} == "bring-your-own" ]]; then
+ if [[ ! -z "${ROLE2NODES['balancer']:-}" ]]; then
+ checkcert balancer
+ fi
+ if [[ ! -z "${ROLE2NODES['controller']:-}" ]]; then
+ checkcert controller
+ fi
+ if [[ ! -z "${ROLE2NODES['keepproxy']:-}" ]]; then
+ checkcert keepproxy
+ fi
+ if [[ ! -z "${ROLE2NODES['keepweb']:-}" ]]; then
+ checkcert collections
+ checkcert download
+ fi
+ if [[ ! -z "${ROLE2NODES['monitoring']:-}" ]]; then
+ checkcert grafana
+ checkcert prometheus
+ fi
+ if [[ ! -z "${ROLE2NODES['webshell']:-}" ]]; then
+ checkcert webshell
+ fi
+ if [[ ! -z "${ROLE2NODES['websocket']:-}" ]]; then
+ checkcert websocket
+ fi
+ if [[ ! -z "${ROLE2NODES['workbench']:-}" ]]; then
+ checkcert workbench
+ fi
+ if [[ ! -z "${ROLE2NODES['workbench2']:-}" ]]; then
+ checkcert workbench2
+ fi
+ fi
+
BRANCH=$(git rev-parse --abbrev-ref HEAD)
set -x