CONTROLLER_EXT_SSL_PORT=443
TESTS_DIR="tests"
+ NGINX_INSTALL_SOURCE="install_from_repo"
+
CLUSTER=""
DOMAIN=""
# Other formula versions we depend on
POSTGRES_TAG="v0.44.0"
- NGINX_TAG="v2.8.0"
- DOCKER_TAG="v2.4.0"
+ NGINX_TAG="v2.8.1"
+ DOCKER_TAG="v2.4.2"
LOCALE_TAG="v0.3.4"
LETSENCRYPT_TAG="v2.1.0"
# Make sure that the value configured as IP_INT is a real IP on the system.
# If we don't error out early here when there is a mismatch, the formula will
# fail with hard to interpret nginx errors later on.
- ip addr list |grep -q " ${IP_INT}/"
+ ip addr list |grep -q "${IP_INT}/"
if [[ $? -ne 0 ]]; then
echo "Unable to find the IP_INT address '${IP_INT}' on the system, please correct the value in local.params. Exiting..."
exit 1
case ${OS_ID} in
"centos")
echo "WARNING! Disabling SELinux, see https://dev.arvados.org/issues/18019"
- sed -i 's/SELINUX=enforcing/SELINUX=permissive' /etc/sysconfig/selinux
+ sed -i 's/SELINUX=enforcing/SELINUX=permissive/g' /etc/sysconfig/selinux
setenforce permissive
yum install -y curl git jq
;;
s#__WORKBENCH2_INT_IP__#${WORKBENCH2_INT_IP}#g;
s#__DATABASE_INT_IP__#${DATABASE_INT_IP}#g;
s#__WEBSHELL_EXT_SSL_PORT__#${WEBSHELL_EXT_SSL_PORT}#g;
+ s#__SHELL_INT_IP__#${SHELL_INT_IP}#g;
s#__WEBSOCKET_EXT_SSL_PORT__#${WEBSOCKET_EXT_SSL_PORT}#g;
s#__WORKBENCH1_EXT_SSL_PORT__#${WORKBENCH1_EXT_SSL_PORT}#g;
s#__WORKBENCH2_EXT_SSL_PORT__#${WORKBENCH2_EXT_SSL_PORT}#g;
echo " - nginx_workbench_configuration" >> ${P_DIR}/top.sls
echo " - postgresql" >> ${P_DIR}/top.sls
+ # We need to tweak the Nginx's pillar depending whether we want plan nginx or nginx+passenger
+ NGINX_INSTALL_SOURCE="install_from_phusionpassenger"
+ sed -i "s/__NGINX_INSTALL_SOURCE__/${NGINX_INSTALL_SOURCE}/g" ${P_DIR}/nginx_passenger.sls
+
if [ "${SSL_MODE}" = "lets-encrypt" ]; then
if [ "${USE_LETSENCRYPT_ROUTE53}" = "yes" ]; then
grep -q "aws_credentials" ${P_DIR}/top.sls || echo " - aws_credentials" >> ${P_DIR}/top.sls
# States
# FIXME: https://dev.arvados.org/issues/17352
grep -q "postgres.client" ${S_DIR}/top.sls || echo " - postgres.client" >> ${S_DIR}/top.sls
- grep -q "nginx.passenger" ${S_DIR}/top.sls || echo " - nginx.passenger" >> ${S_DIR}/top.sls
+ if grep -q " - nginx.*$" ${S_DIR}/top.sls; then
+ sed -i s/"^ - nginx.*$"/" - nginx.passenger"/g ${S_DIR}/top.sls
+ else
+ echo " - nginx.passenger" >> ${S_DIR}/top.sls
+ fi
### If we don't install and run LE before arvados-api-server, it fails and breaks everything
### after it. So we add this here as we are, after all, sharing the host for api and controller
- # Currently, only available on config_examples/multi_host/aws
if [ "${SSL_MODE}" = "lets-encrypt" ]; then
if [ "${USE_LETSENCRYPT_ROUTE53}" = "yes" ]; then
grep -q "aws_credentials" ${S_DIR}/top.sls || echo " - aws_credentials" >> ${S_DIR}/top.sls
grep -q "postgresql" ${P_DIR}/top.sls || echo " - postgresql" >> ${P_DIR}/top.sls
grep -q "nginx_passenger" ${P_DIR}/top.sls || echo " - nginx_passenger" >> ${P_DIR}/top.sls
grep -q "nginx_${R}_configuration" ${P_DIR}/top.sls || echo " - nginx_${R}_configuration" >> ${P_DIR}/top.sls
+
+ # We need to tweak the Nginx's pillar depending whether we want plain nginx or nginx+passenger
+ NGINX_INSTALL_SOURCE="install_from_phusionpassenger"
+ sed -i "s/__NGINX_INSTALL_SOURCE__/${NGINX_INSTALL_SOURCE}/g" ${P_DIR}/nginx_passenger.sls
;;
"controller" | "websocket" | "workbench" | "workbench2" | "webshell" | "keepweb" | "keepproxy")
# States
- grep -q "nginx.passenger" ${S_DIR}/top.sls || echo " - nginx.passenger" >> ${S_DIR}/top.sls
- # Currently, only available on config_examples/multi_host/aws
+ if [ "${R}" = "workbench" ]; then
+ NGINX_INSTALL_SOURCE="install_from_phusionpassenger"
+ if grep -q " - nginx$" ${S_DIR}/top.sls; then
+ sed -i s/"^ - nginx.*$"/" - nginx.passenger"/g ${S_DIR}/top.sls
+ else
+ echo " - nginx.passenger" >> ${S_DIR}/top.sls
+ fi
+ else
+ grep -q "nginx" ${S_DIR}/top.sls || echo " - nginx" >> ${S_DIR}/top.sls
+ fi
if [ "${SSL_MODE}" = "lets-encrypt" ]; then
if [ "x${USE_LETSENCRYPT_ROUTE53}" = "xyes" ]; then
grep -q "aws_credentials" ${S_DIR}/top.sls || echo " - aws_credentials" >> ${S_DIR}/top.sls
grep -q "nginx_collections_configuration" ${P_DIR}/top.sls || echo " - nginx_collections_configuration" >> ${P_DIR}/top.sls
fi
- # Currently, only available on config_examples/multi_host/aws
if [ "${SSL_MODE}" = "lets-encrypt" ]; then
if [ "${USE_LETSENCRYPT_ROUTE53}" = "yes" ]; then
grep -q "aws_credentials" ${P_DIR}/top.sls || echo " - aws_credentials" >> ${P_DIR}/top.sls
grep -q ${R} ${P_DIR}/extra_custom_certs.sls || echo " - ${R}" >> ${P_DIR}/extra_custom_certs.sls
fi
fi
+ # We need to tweak the Nginx's pillar depending whether we want plain nginx or nginx+passenger
+ sed -i "s/__NGINX_INSTALL_SOURCE__/${NGINX_INSTALL_SOURCE}/g" ${P_DIR}/nginx_passenger.sls
;;
"shell")
# States
exit 0
fi
-# FIXME! #16992 Temporary fix for psql call in arvados-api-server
-if [ -e /root/.psqlrc ]; then
- if ! ( grep 'pset pager off' /root/.psqlrc ); then
- RESTORE_PSQL="yes"
- cp /root/.psqlrc /root/.psqlrc.provision.backup
- fi
-else
- DELETE_PSQL="yes"
-fi
-
-echo '\pset pager off' >> /root/.psqlrc
-# END FIXME! #16992 Temporary fix for psql call in arvados-api-server
-
# Now run the install
salt-call --local state.apply -l ${LOG_LEVEL}
sed -i 's/^manage_etc_hosts: true/#manage_etc_hosts: true/g' /etc/cloud/cloud.cfg.d/*
fi
-# FIXME! #16992 Temporary fix for psql call in arvados-api-server
-if [ "x${DELETE_PSQL}" = "xyes" ]; then
- echo "Removing .psql file"
- rm /root/.psqlrc
-fi
-
-if [ "x${RESTORE_PSQL}" = "xyes" ]; then
- echo "Restoring .psql file"
- mv -v /root/.psqlrc.provision.backup /root/.psqlrc
-fi
-# END FIXME! #16992 Temporary fix for psql call in arvados-api-server
-
# Leave a copy of the Arvados CA so the user can copy it where it's required
if [ "$DEV_MODE" = "yes" ]; then
echo "Copying the Arvados CA certificate to the installer dir, so you can import it"