Allow to use a single-host/single-hostname or single-host/multiple-hostnames setup
refs #17246
Arvados-DCO-1.1-Signed-off-by: Javier Bértoli <jbertoli@curii.com>
config.ssh.insert_key = false
config.ssh.forward_x11 = true
- config.vm.define "arvados" do |arv|
+ # A single_host multiple_hostnames example
+ config.vm.define "arvados-sh-mn" do |arv|
arv.vm.box = "bento/debian-10"
- arv.vm.hostname = "vagrant.local"
+ arv.vm.hostname = "harpo.local"
# CPU/RAM
config.vm.provider :virtualbox do |v|
v.memory = 2048
end
# Networking
+ # WEBUI PORT
arv.vm.network "forwarded_port", guest: 8443, host: 8443
- arv.vm.network "forwarded_port", guest: 25100, host: 25100
+ # KEEPPROXY
+ arv.vm.network "forwarded_port", guest: 25101, host: 25101
+ # KEEPWEB
arv.vm.network "forwarded_port", guest: 9002, host: 9002
- arv.vm.network "forwarded_port", guest: 9000, host: 9000
- arv.vm.network "forwarded_port", guest: 8900, host: 8900
+ # WEBSOCKET
arv.vm.network "forwarded_port", guest: 8002, host: 8002
- arv.vm.network "forwarded_port", guest: 8001, host: 8001
- arv.vm.network "forwarded_port", guest: 8000, host: 8000
- arv.vm.network "forwarded_port", guest: 3001, host: 3001
+ arv.vm.provision "shell",
+ inline: "sed 's#fixme#harpo#g;
+ s#CONTROLLER_EXT_SSL_PORT=443#CONTROLLER_EXT_SSL_PORT=8443#g' \
+ /vagrant/local.params.example > /vagrant/local.params.single_host_multiple_hostnames"
arv.vm.provision "shell",
path: "provision.sh",
args: [
# "--debug",
- "--config /vagrant/local.params",
+ "--config /vagrant/local.params.single_host_multiple_hostnames",
"--test",
- "--vagrant",
- "--ssl-port=8443"
+ "--vagrant"
].join(" ")
end
+
+ ## # A single_host single_hostname example
+ ## config.vm.define "arvados-sh-sn" do |arv|
+ ## arv.vm.box = "bento/debian-10"
+ ## arv.vm.hostname = "zeppo.local"
+ ## # CPU/RAM
+ ## config.vm.provider :virtualbox do |v|
+ ## v.memory = 2048
+ ## v.cpus = 2
+ ## end
+
+ ## # Networking
+ ## arv.vm.network "forwarded_port", guest: 9443, host: 9443
+ ## arv.vm.network "forwarded_port", guest: 9444, host: 9444
+ ## arv.vm.network "forwarded_port", guest: 9445, host: 9445
+ ## arv.vm.network "forwarded_port", guest: 35101, host: 35101
+ ## arv.vm.network "forwarded_port", guest: 10002, host: 10002
+ ## arv.vm.network "forwarded_port", guest: 14202, host: 14202
+ ## arv.vm.network "forwarded_port", guest: 18002, host: 18002
+ ## arv.vm.provision "shell",
+ ## inline: "sed 's#HOSTNAME_EXT=\"\"#HOSTNAME_EXT=\"zeppo.local.cluster\"#g;
+ ## s#CLUSTER=\"fixme\"#CLUSTER=\"zeppo\"#g;
+ ## s#DOMAIN=\"some.domain\"#DOMAIN=\"local.cluster\"#g;
+ ## s#CONFIG_DIR=\"config_examples/single_host/multiple_hostnames\"#CONFIG_DIR=\"config_examples/single_host/single_hostname\"#g;
+ ## s#CONTROLLER_EXT_SSL_PORT=443#CONTROLLER_EXT_SSL_PORT=9443#g;
+ ## s#KEEP_EXT_SSL_PORT=25101#KEEP_EXT_SSL_PORT=35101#g;
+ ## s#KEEPWEB_EXT_SSL_PORT=9002#KEEPWEB_EXT_SSL_PORT=11002#g;
+ ## s#WEBSHELL_EXT_SSL_PORT=4202#WEBSHELL_EXT_SSL_PORT=14202#g;
+ ## s#WEBSOCKET_EXT_SSL_PORT=8002#WEBSOCKET_EXT_SSL_PORT=18002#g;
+ ## s#WORKBENCH1_EXT_SSL_PORT=443#WORKBENCH1_EXT_SSL_PORT=9444#g;
+ ## s#WORKBENCH2_EXT_SSL_PORT=3001#WORKBENCH2_EXT_SSL_PORT=9445#g;' \
+ ## /vagrant/local.params.example > /vagrant/local.params.single_host_single_hostname"
+ ## arv.vm.provision "shell",
+ ## path: "provision.sh",
+ ## args: [
+ ## # "--debug",
+ ## "--config /vagrant/local.params.single_host_single_hostname",
+ ## "--test",
+ ## "--vagrant"
+ ## ].join(" ")
+ ## end
end
--- /dev/null
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: AGPL-3.0
+
+# Vagrantfile API/syntax version. Don"t touch unless you know what you"re doing!
+VAGRANTFILE_API_VERSION = "2".freeze
+
+Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
+ config.ssh.insert_key = false
+ config.ssh.forward_x11 = true
+
+ # A single_host multiple_hostnames example
+ config.vm.define "arvados-sh-mn" do |arv|
+ arv.vm.box = "bento/debian-10"
+ arv.vm.hostname = "harpo.local"
+ # CPU/RAM
+ config.vm.provider :virtualbox do |v|
+ v.memory = 2048
+ v.cpus = 2
+ end
+
+ # Networking
+ # WEBUI PORT
+ arv.vm.network "forwarded_port", guest: 8443, host: 8443
+ # KEEPPROXY
+ arv.vm.network "forwarded_port", guest: 25101, host: 25101
+ # KEEPWEB
+ arv.vm.network "forwarded_port", guest: 9002, host: 9002
+ # WEBSOCKET
+ arv.vm.network "forwarded_port", guest: 8002, host: 8002
+ arv.vm.provision "shell",
+ inline: "sed 's#fixme#harpo#g;
+ s#CONTROLLER_EXT_SSL_PORT=443#CONTROLLER_EXT_SSL_PORT=8443#g' \
+ /vagrant/local.params.example > /vagrant/local.params.single_host_multiple_hostnames"
+ arv.vm.provision "shell",
+ path: "provision.sh",
+ args: [
+ # "--debug",
+ "--config /vagrant/local.params.single_host_multiple_hostnames",
+ "--test",
+ "--vagrant"
+ ].join(" ")
+ end
+
+ ## # A single_host single_hostname example
+ ## config.vm.define "arvados-sh-sn" do |arv|
+ ## arv.vm.box = "bento/debian-10"
+ ## arv.vm.hostname = "zeppo.local"
+ ## # CPU/RAM
+ ## config.vm.provider :virtualbox do |v|
+ ## v.memory = 2048
+ ## v.cpus = 2
+ ## end
+
+ ## # Networking
+ ## arv.vm.network "forwarded_port", guest: 9443, host: 9443
+ ## arv.vm.network "forwarded_port", guest: 9444, host: 9444
+ ## arv.vm.network "forwarded_port", guest: 9445, host: 9445
+ ## arv.vm.network "forwarded_port", guest: 35101, host: 35101
+ ## arv.vm.network "forwarded_port", guest: 10002, host: 10002
+ ## arv.vm.network "forwarded_port", guest: 14202, host: 14202
+ ## arv.vm.network "forwarded_port", guest: 18002, host: 18002
+ ## arv.vm.provision "shell",
+ ## inline: "sed 's#HOSTNAME_EXT=\"\"#HOSTNAME_EXT=\"zeppo.local.cluster\"#g;
+ ## s#CLUSTER=\"fixme\"#CLUSTER=\"zeppo\"#g;
+ ## s#DOMAIN=\"some.domain\"#DOMAIN=\"local.cluster\"#g;
+ ## s#CONFIG_DIR=\"config_examples/single_host/multiple_hostnames\"#CONFIG_DIR=\"config_examples/single_host/single_hostname\"#g;
+ ## s#CONTROLLER_EXT_SSL_PORT=443#CONTROLLER_EXT_SSL_PORT=9443#g;
+ ## s#KEEP_EXT_SSL_PORT=25101#KEEP_EXT_SSL_PORT=35101#g;
+ ## s#KEEPWEB_EXT_SSL_PORT=9002#KEEPWEB_EXT_SSL_PORT=11002#g;
+ ## s#WEBSHELL_EXT_SSL_PORT=4202#WEBSHELL_EXT_SSL_PORT=14202#g;
+ ## s#WEBSOCKET_EXT_SSL_PORT=8002#WEBSOCKET_EXT_SSL_PORT=18002#g;
+ ## s#WORKBENCH1_EXT_SSL_PORT=443#WORKBENCH1_EXT_SSL_PORT=9444#g;
+ ## s#WORKBENCH2_EXT_SSL_PORT=3001#WORKBENCH2_EXT_SSL_PORT=9445#g;' \
+ ## /vagrant/local.params.example > /vagrant/local.params.single_host_single_hostname"
+ ## arv.vm.provision "shell",
+ ## path: "provision.sh",
+ ## args: [
+ ## # "--debug",
+ ## "--config /vagrant/local.params.single_host_single_hostname",
+ ## "--test",
+ ## "--vagrant"
+ ## ].join(" ")
+ ## end
+end
Services:
Controller:
- ExternalURL: 'https://__CLUSTER__.__DOMAIN__:__HOST_SSL_PORT__'
+ ExternalURL: 'https://__CLUSTER__.__DOMAIN__:__CONTROLLER_EXT_SSL_PORT__'
InternalURLs:
'http://controller.internal:8003': {}
DispatchCloud:
InternalURLs:
'http://__CLUSTER__.__DOMAIN__:9005': {}
Keepproxy:
- ExternalURL: 'https://keep.__CLUSTER__.__DOMAIN__:__HOST_SSL_PORT__'
+ ExternalURL: 'https://keep.__CLUSTER__.__DOMAIN__:__CONTROLLER_EXT_SSL_PORT__'
InternalURLs:
'http://keep.internal:25100': {}
Keepstore:
InternalURLs:
'http://api.internal:8004': {}
WebDAV:
- ExternalURL: 'https://collections.__CLUSTER__.__DOMAIN__:__HOST_SSL_PORT__'
+ ExternalURL: 'https://collections.__CLUSTER__.__DOMAIN__:__CONTROLLER_EXT_SSL_PORT__'
InternalURLs:
'http://collections.internal:9002': {}
WebDAVDownload:
- ExternalURL: 'https://download.__CLUSTER__.__DOMAIN__:__HOST_SSL_PORT__'
+ ExternalURL: 'https://download.__CLUSTER__.__DOMAIN__:__CONTROLLER_EXT_SSL_PORT__'
WebShell:
- ExternalURL: 'https://webshell.__CLUSTER__.__DOMAIN__:__HOST_SSL_PORT__'
+ ExternalURL: 'https://webshell.__CLUSTER__.__DOMAIN__:__CONTROLLER_EXT_SSL_PORT__'
Websocket:
ExternalURL: 'wss://ws.__CLUSTER__.__DOMAIN__/websocket'
InternalURLs:
'http://ws.internal:8005': {}
Workbench1:
- ExternalURL: 'https://workbench.__CLUSTER__.__DOMAIN__:__HOST_SSL_PORT__'
+ ExternalURL: 'https://workbench.__CLUSTER__.__DOMAIN__:__CONTROLLER_EXT_SSL_PORT__'
Workbench2:
- ExternalURL: 'https://workbench2.__CLUSTER__.__DOMAIN__:__HOST_SSL_PORT__'
+ ExternalURL: 'https://workbench2.__CLUSTER__.__DOMAIN__:__CONTROLLER_EXT_SSL_PORT__'
- server:
- server_name: __CLUSTER__.__DOMAIN__
- listen:
- - __HOST_SSL_PORT__ http2 ssl
+ - __CONTROLLER_EXT_SSL_PORT__ http2 ssl
- index: index.html index.htm
- location /:
- proxy_pass: 'http://controller_upstream'
- server:
- server_name: keep.__CLUSTER__.__DOMAIN__
- listen:
- - __HOST_SSL_PORT__ http2 ssl
+ - __CONTROLLER_EXT_SSL_PORT__ http2 ssl
- index: index.html index.htm
- location /:
- proxy_pass: 'http://keepproxy_upstream'
- server:
- server_name: collections.__CLUSTER__.__DOMAIN__ download.__CLUSTER__.__DOMAIN__
- listen:
- - __HOST_SSL_PORT__ http2 ssl
+ - __CONTROLLER_EXT_SSL_PORT__ http2 ssl
- index: index.html index.htm
- location /:
- proxy_pass: 'http://collections_downloads_upstream'
- server:
- server_name: webshell.__CLUSTER__.__DOMAIN__
- listen:
- - __HOST_SSL_PORT__ http2 ssl
+ - __CONTROLLER_EXT_SSL_PORT__ http2 ssl
- index: index.html index.htm
- location /shell.__CLUSTER__.__DOMAIN__:
- proxy_pass: 'http://webshell_upstream'
- server:
- server_name: ws.__CLUSTER__.__DOMAIN__
- listen:
- - __HOST_SSL_PORT__ http2 ssl
+ - __CONTROLLER_EXT_SSL_PORT__ http2 ssl
- index: index.html index.htm
- location /:
- proxy_pass: 'http://websocket_upstream'
- server:
- server_name: workbench2.__CLUSTER__.__DOMAIN__
- listen:
- - __HOST_SSL_PORT__ http2 ssl
+ - __CONTROLLER_EXT_SSL_PORT__ http2 ssl
- index: index.html index.htm
- location /:
- root: /var/www/arvados-workbench2/workbench2
- 'if (-f $document_root/maintenance.html)':
- return: 503
- location /config.json:
- - return: {{ "200 '" ~ '{"API_HOST":"__CLUSTER__.__DOMAIN__:__HOST_SSL_PORT__"}' ~ "'" }}
+ - return: {{ "200 '" ~ '{"API_HOST":"__CLUSTER__.__DOMAIN__:__CONTROLLER_EXT_SSL_PORT__"}' ~ "'" }}
- include: 'snippets/arvados-snakeoil.conf'
- access_log: /var/log/nginx/workbench2.__CLUSTER__.__DOMAIN__.access.log combined
- error_log: /var/log/nginx/workbench2.__CLUSTER__.__DOMAIN__.error.log
- server:
- server_name: workbench.__CLUSTER__.__DOMAIN__
- listen:
- - __HOST_SSL_PORT__ http2 ssl
+ - __CONTROLLER_EXT_SSL_PORT__ http2 ssl
- index: index.html index.htm
- location /:
- proxy_pass: 'http://workbench_upstream'
overwrite: true
config:
- server:
- - server_name: __HOSTNAME__EXT__
+ - server_name: __HOSTNAME_EXT__
- listen:
- __WEBSHELL_EXT_SSL_PORT__ http2 ssl
- index: index.html index.htm
- - location /__HOSTNAME__:
+ - location /__HOSTNAME_EXT__:
- proxy_pass: 'http://webshell_upstream'
- proxy_read_timeout: 90
- proxy_connect_timeout: 90
- 'if (-f $document_root/maintenance.html)':
- return: 503
- location /config.json:
- - return: {{ "200 '" ~ '{"API_HOST":"__HOSTNAME__:__CONTROLLER_EXT_SSL_PORT__"}' ~ "'" }}
+ - return: {{ "200 '" ~ '{"API_HOST":"__HOSTNAME_EXT__:__CONTROLLER_EXT_SSL_PORT__"}' ~ "'" }}
- include: 'snippets/arvados-snakeoil.conf'
- access_log: /var/log/nginx/workbench2.__CLUSTER__.__DOMAIN__.access.log combined
- error_log: /var/log/nginx/workbench2.__CLUSTER__.__DOMAIN__.error.log
# the EXTERNAL/PUBLIC hostname for the instance.
# If empty, the INTERNAL HOST IP will be used
HOSTNAME_EXT=""
-# The internal hostname for the host
+# The internal hostname for the host. In the example files, only used in the
+# single_host/single_hostname example
HOSTNAME_INT="127.0.1.1"
-CONTROLLER_EXT_SSL_PORT=8000
+# Host SSL port where you want to point your browser to access Arvados
+# Defaults to 443 for regular runs, and to 8443 when called in Vagrant.
+# You can point it to another port if desired
+# In Vagrant, make sure it matches what you set in the Vagrantfile (8443)
+CONTROLLER_EXT_SSL_PORT=443
KEEP_EXT_SSL_PORT=25101
# Both for collections and downloads
KEEPWEB_EXT_SSL_PORT=9002
ANONYMOUS_USER_TOKEN=anonymoususertokenmushaveatleast32characters
WORKBENCH_SECRET_KEY=workbenchsecretkeymushaveatleast32characters
-# The example config files you want to use. There are a few examples
-# under 'config_examples'
-CONFIG_DIR="config_examples/single_host/single_hostname"
+# The directory to check for the config files (pillars, states) you want to use.
+# There are a few examples under 'config_examples'. If you don't change this
+# variable, the single_host, multiple_hostnames config will be used
+# CONFIG_DIR="config_examples/single_host/single_hostname"
+CONFIG_DIR="config_examples/single_host/multiple_hostnames"
+# Extra states to pply. iIf you use your own subdir, change this value accordingly
+EXTRA_STATES_DIR="${F_DIR}/arvados-formula/test/salt/states/examples/single_host"
+
+# When using the single_host/single_hostname example, change to this one
+# EXTRA_STATES_DIR="${CONFIG_DIR}/states"
# Which release of Arvados repo you want to use
RELEASE="production"
# in the desired repo
VERSION="latest"
-# Host SSL port where you want to point your browser to access Arvados
-# Defaults to 443 for regular runs, and to 8443 when called in Vagrant.
-# You can point it to another port if desired
-# In Vagrant, make sure it matches what you set in the Vagrantfile
-HOST_SSL_PORT=443
-
# This is an arvados-formula setting.
# If branch is set, the script will switch to it before running salt
# Usually not needed, only used for testing
-#!/bin/bash
+#!/bin/bash -x
# Copyright (C) The Arvados Authors. All rights reserved.
#
while [ ${#} -ge 1 ]; do
case ${1} in
-c | --config)
- CONFIG=${2}
+ CONFIG_FILE=${2}
shift 2
;;
-d | --debug)
shift
;;
-p | --ssl-port)
- HOST_SSL_PORT=${2}
+ CONTROLLER_EXT_SSL_PORT=${2}
shift 2
;;
-r | --roles)
CONFIG="${SCRIPT_DIR}/local.params"
CONFIG_DIR="config_examples/single_host/multiple_hostnames"
LOG_LEVEL="info"
-HOST_SSL_PORT=443
+CONTROLLER_EXT_SSL_PORT=443
TESTS_DIR="tests"
CLUSTER=""
DOCKER_TAG="v1.0.0"
LOCALE_TAG="v0.3.4"
+# Salt's dir
+## states
+S_DIR="/srv/salt"
+## formulas
+F_DIR="/srv/formulas"
+##pillars
+P_DIR="/srv/pillars"
+
arguments ${@}
-if [ -s ${CONFIG} ]; then
- source ${CONFIG}
+if [ -s ${CONFIG_FILE} ]; then
+ source ${CONFIG_FILE}
else
- echo >&2 "Please create a '${CONFIG}' file with initial values, as described in FIXME_URL_TO_DESCR"
+ echo >&2 "Please create a '${CONFIG_FILE}' file with initial values, as described in FIXME_URL_TO_DESCR"
exit 1
fi
exit 1
fi
-# Salt's dir
-## states
-S_DIR="/srv/salt"
-## formulas
-F_DIR="/srv/formulas"
-##pillars
-P_DIR="/srv/pillars"
-
apt-get update
apt-get install -y curl git jq
echo "Salt already installed"
else
curl -L https://bootstrap.saltstack.com -o /tmp/bootstrap_salt.sh
- sh /tmp/bootstrap_salt.sh -XUdfP -x python3
+ sh /tmp/bootstrap_salt.sh -XdfP -x python3
/bin/systemctl disable salt-minion.service
fi
base:
- ${S_DIR}
- ${F_DIR}/*
- - ${F_DIR}/*/test/salt/states/examples
pillar_roots:
base:
mkdir -p ${S_DIR} ${F_DIR} ${P_DIR}
-# States
-cat > ${S_DIR}/top.sls << EOFTSLS
-base:
- '*':
- # - single_host.host_entries
- # - single_host.snakeoil_certs
- - locale
-EOFTSLS
-
-# If we want specific roles for a node, just add the desired states
-# and its dependencies
-if [ -z "${ROLES}" ]; then
- echo ' - nginx.passenger' >> ${S_DIR}/top.sls
- echo ' - postgres' >> ${S_DIR}/top.sls
- echo ' - docker' >> ${S_DIR}/top.sls
- echo ' - arvados' >> ${S_DIR}/top.sls
-else
- # If we add individual roles, make sure we add the repo first
- echo " - arvados.repo" >> ${S_DIR}/top.sls
- for R in ${ROLES}; do
- case "${R}" in
- "database")
- echo " - postgres" >> ${S_DIR}/top.sls
- ::
- "api","workbench","workbench2","keepweb","keepproxy")
- grep -q "nginx.passenger" ${S_DIR}/top.sls || echo " - nginx.passenger" >> ${S_DIR}/top.sls
- echo " - arvados.${R}" >> ${S_DIR}/top.sls
- ;;
- "shell","dispatcher")
- grep -q "docker" ${S_DIR}/top.sls || echo " - docker" >> ${S_DIR}/top.sls
- echo " - arvados.${R}" >> ${S_DIR}/top.sls
- ;;
- *)
- echo " - arvados.${R}" >> ${S_DIR}/top.sls
- ::
- esac
- done
-fi
-
-# Pillars
-cat > ${P_DIR}/top.sls << EOFPSLS
-base:
- '*':
- - arvados
- - docker
- - locale
- - nginx_api_configuration
- - nginx_controller_configuration
- - nginx_keepproxy_configuration
- - nginx_keepweb_configuration
- - nginx_passenger
- - nginx_websocket_configuration
- - nginx_webshell_configuration
- - nginx_workbench2_configuration
- - nginx_workbench_configuration
- - postgresql
-EOFPSLS
-
# Get the formula and dependencies
cd ${F_DIR} || exit 1
git clone --branch "${ARVADOS_TAG}" https://github.com/arvados/arvados-formula.git
if [ "x${VAGRANT}" = "xyes" ]; then
SOURCE_PILLARS_DIR="/vagrant/${CONFIG_DIR}/pillars"
- SOURCE_STATES_DIR="/vagrant/${CONFIG_DIR}/states"
TESTS_DIR="/vagrant/${TESTS_DIR}"
else
SOURCE_PILLARS_DIR="${SCRIPT_DIR}/${CONFIG_DIR}/pillars"
- SOURCE_STATES_DIR="${SCRIPT_DIR}/${CONFIG_DIR}/states"
TESTS_DIR="${SCRIPT_DIR}/${TESTS_DIR}"
fi
-# Replace cluster and domain name in the example pillars
+SOURCE_STATES_DIR="${EXTRA_STATES_DIR}"
+
+# Replace variables (cluster, domain, etc) in the pillars, states and tests
+# to ease deployment for newcomers
for f in "${SOURCE_PILLARS_DIR}"/*; do
- sed "s/__CLUSTER__/${CLUSTER}/g;
- s/__DOMAIN__/${DOMAIN}/g;
- s/__RELEASE__/${RELEASE}/g;
+ sed "s/__ANONYMOUS_USER_TOKEN__/${ANONYMOUS_USER_TOKEN}/g;
+ s/__BLOB_SIGNING_KEY__/${BLOB_SIGNING_KEY}/g;
s/__CONTROLLER_EXT_SSL_PORT__/${CONTROLLER_EXT_SSL_PORT}/g;
- s/__KEEP_EXT_SSL_PORT__/${KEEP_EXT_SSL_PORT}/g;
- s/__WEBSHELL_EXT_SSL_PORT__/${WEBSHELL_EXT_SSL_PORT}/g;
- s/__WORKBENCH1_EXT_SSL_PORT__/${WORKBENCH1_EXT_SSL_PORT}/g;
- s/__WORKBENCH2_EXT_SSL_PORT__/${WORKBENCH2_EXT_SSL_PORT}/g;
- s/__WEBSOCKET_EXT_SSL_PORT__/${WEBSOCKET_EXT_SSL_PORT}/g;
+ s/__CLUSTER__/${CLUSTER}/g;
+ s/__DOMAIN__/${DOMAIN}/g;
s/__HOSTNAME_EXT__/${HOSTNAME_EXT}/g;
s/__HOSTNAME_INT__/${HOSTNAME_INT}/g;
- s/__KEEPWEB_EXT_SSL_PORT__/${KEEPWEB_EXT_SSL_PORT}/g;
- s/__HOST_SSL_PORT__/${HOST_SSL_PORT}/g;
- s/__INITIAL_USER__/${INITIAL_USER}/g;
s/__INITIAL_USER_EMAIL__/${INITIAL_USER_EMAIL}/g;
s/__INITIAL_USER_PASSWORD__/${INITIAL_USER_PASSWORD}/g;
- s/__BLOB_SIGNING_KEY__/${BLOB_SIGNING_KEY}/g;
+ s/__INITIAL_USER__/${INITIAL_USER}/g;
+ s/__KEEPWEB_EXT_SSL_PORT__/${KEEPWEB_EXT_SSL_PORT}/g;
+ s/__KEEP_EXT_SSL_PORT__/${KEEP_EXT_SSL_PORT}/g;
s/__MANAGEMENT_TOKEN__/${MANAGEMENT_TOKEN}/g;
- s/__SYSTEM_ROOT_TOKEN__/${SYSTEM_ROOT_TOKEN}/g;
s/__RAILS_SECRET_TOKEN__/${RAILS_SECRET_TOKEN}/g;
- s/__ANONYMOUS_USER_TOKEN__/${ANONYMOUS_USER_TOKEN}/g;
- s/__WORKBENCH_SECRET_KEY__/${WORKBENCH_SECRET_KEY}/g;
- s/__VERSION__/${VERSION}/g" \
+ s/__RELEASE__/${RELEASE}/g;
+ s/__SYSTEM_ROOT_TOKEN__/${SYSTEM_ROOT_TOKEN}/g;
+ s/__VERSION__/${VERSION}/g;
+ s/__WEBSHELL_EXT_SSL_PORT__/${WEBSHELL_EXT_SSL_PORT}/g;
+ s/__WEBSOCKET_EXT_SSL_PORT__/${WEBSOCKET_EXT_SSL_PORT}/g;
+ s/__WORKBENCH1_EXT_SSL_PORT__/${WORKBENCH1_EXT_SSL_PORT}/g;
+ s/__WORKBENCH2_EXT_SSL_PORT__/${WORKBENCH2_EXT_SSL_PORT}/g;
+ s/__WORKBENCH_SECRET_KEY__/${WORKBENCH_SECRET_KEY}/g" \
"${f}" > "${P_DIR}"/$(basename "${f}")
done
# Replace cluster and domain name in the test files
for f in "${TESTS_DIR}"/*; do
sed "s/__CLUSTER__/${CLUSTER}/g;
+ s/__CONTROLLER_EXT_SSL_PORT__/${CONTROLLER_EXT_SSL_PORT}/g;
s/__DOMAIN__/${DOMAIN}/g;
s/__HOSTNAME_INT__/${HOSTNAME_INT}/g;
- s/__HOST_SSL_PORT__/${HOST_SSL_PORT}/g;
- s/__CONTROLLER_EXT_SSL_PORT__/${CONTROLLER_EXT_SSL_PORT}/g;
- s/__SYSTEM_ROOT_TOKEN__/${SYSTEM_ROOT_TOKEN}/g;
- s/__INITIAL_USER__/${INITIAL_USER}/g;
s/__INITIAL_USER_EMAIL__/${INITIAL_USER_EMAIL}/g;
- s/__INITIAL_USER_PASSWORD__/${INITIAL_USER_PASSWORD}/g" \
+ s/__INITIAL_USER_PASSWORD__/${INITIAL_USER_PASSWORD}/g
+ s/__INITIAL_USER__/${INITIAL_USER}/g;
+ s/__SYSTEM_ROOT_TOKEN__/${SYSTEM_ROOT_TOKEN}/g" \
"${f}" > "/tmp/cluster_tests"/$(basename "${f}")
done
chmod 755 /tmp/cluster_tests/run-test.sh
# Replace helper state files that differ from the formula's examples
-if -d "${SOURCE_STATES_DIR}"; then
+if [ -d "${SOURCE_STATES_DIR}" ]; then
+ mkdir -p "${F_DIR}"/extra/extra
+
for f in "${SOURCE_STATES_DIR}"/*; do
- sed "s/__CLUSTER__/${CLUSTER}/g;
- s/__DOMAIN__/${DOMAIN}/g;
- s/__RELEASE__/${RELEASE}/g;
+ sed "s/__ANONYMOUS_USER_TOKEN__/${ANONYMOUS_USER_TOKEN}/g;
+ s/__CLUSTER__/${CLUSTER}/g;
+ s/__BLOB_SIGNING_KEY__/${BLOB_SIGNING_KEY}/g;
s/__CONTROLLER_EXT_SSL_PORT__/${CONTROLLER_EXT_SSL_PORT}/g;
- s/__KEEP_EXT_SSL_PORT__/${KEEP_EXT_SSL_PORT}/g;
- s/__WEBSHELL_EXT_SSL_PORT__/${WEBSHELL_EXT_SSL_PORT}/g;
- s/__WORKBENCH1_EXT_SSL_PORT__/${WORKBENCH1_EXT_SSL_PORT}/g;
- s/__WORKBENCH2_EXT_SSL_PORT__/${WORKBENCH2_EXT_SSL_PORT}/g;
- s/__WEBSOCKET_EXT_SSL_PORT__/${WEBSOCKET_EXT_SSL_PORT}/g;
+ s/__DOMAIN__/${DOMAIN}/g;
s/__HOSTNAME_EXT__/${HOSTNAME_EXT}/g;
s/__HOSTNAME_INT__/${HOSTNAME_INT}/g;
- s/__KEEPWEB_EXT_SSL_PORT__/${KEEPWEB_EXT_SSL_PORT}/g;
- s/__HOST_SSL_PORT__/${HOST_SSL_PORT}/g;
- s/__INITIAL_USER__/${INITIAL_USER}/g;
s/__INITIAL_USER_EMAIL__/${INITIAL_USER_EMAIL}/g;
s/__INITIAL_USER_PASSWORD__/${INITIAL_USER_PASSWORD}/g;
- s/__BLOB_SIGNING_KEY__/${BLOB_SIGNING_KEY}/g;
+ s/__INITIAL_USER__/${INITIAL_USER}/g;
+ s/__KEEPWEB_EXT_SSL_PORT__/${KEEPWEB_EXT_SSL_PORT}/g;
+ s/__KEEP_EXT_SSL_PORT__/${KEEP_EXT_SSL_PORT}/g;
s/__MANAGEMENT_TOKEN__/${MANAGEMENT_TOKEN}/g;
- s/__SYSTEM_ROOT_TOKEN__/${SYSTEM_ROOT_TOKEN}/g;
s/__RAILS_SECRET_TOKEN__/${RAILS_SECRET_TOKEN}/g;
- s/__ANONYMOUS_USER_TOKEN__/${ANONYMOUS_USER_TOKEN}/g;
- s/__WORKBENCH_SECRET_KEY__/${WORKBENCH_SECRET_KEY}/g;
- s/__VERSION__/${VERSION}/g" \
- "${f}" > "${F_DIR}/arvados-formula/test/salt/states/examples/single_host"/$(basename "${f}")
+ s/__RELEASE__/${RELEASE}/g;
+ s/__SYSTEM_ROOT_TOKEN__/${SYSTEM_ROOT_TOKEN}/g;
+ s/__VERSION__/${VERSION}/g;
+ s/__WEBSHELL_EXT_SSL_PORT__/${WEBSHELL_EXT_SSL_PORT}/g;
+ s/__WEBSOCKET_EXT_SSL_PORT__/${WEBSOCKET_EXT_SSL_PORT}/g;
+ s/__WORKBENCH1_EXT_SSL_PORT__/${WORKBENCH1_EXT_SSL_PORT}/g;
+ s/__WORKBENCH2_EXT_SSL_PORT__/${WORKBENCH2_EXT_SSL_PORT}/g;
+ s/__WORKBENCH_SECRET_KEY__/${WORKBENCH_SECRET_KEY}/g" \
+ "${f}" > "${F_DIR}/extra/extra"/$(basename "${f}")
+ done
+fi
+
+# Now, we build the SALT states/pillars trees
+# States
+cat > ${S_DIR}/top.sls << EOFTSLS
+base:
+ '*':
+ - locale
+EOFTSLS
+
+if [ -d "${SOURCE_STATES_DIR}" ]; then
+ for f in "${F_DIR}"/extra/extra/*.sls; do
+ echo " - extra.$(basename ${f} | sed 's/.sls$//g')" >> ${S_DIR}/top.sls
+ done
+fi
+
+# If we want specific roles for a node, just add the desired states
+# and its dependencies
+if [ -z "${ROLES}" ]; then
+ echo ' - nginx.passenger' >> ${S_DIR}/top.sls
+ echo ' - postgres' >> ${S_DIR}/top.sls
+ echo ' - docker' >> ${S_DIR}/top.sls
+ echo ' - arvados' >> ${S_DIR}/top.sls
+else
+ # If we add individual roles, make sure we add the repo first
+ echo " - arvados.repo" >> ${S_DIR}/top.sls
+ for R in ${ROLES}; do
+ case "${R}" in
+ "database")
+ echo " - postgres" >> ${S_DIR}/top.sls
+ ;;
+ "api","workbench","workbench2","keepweb","keepproxy")
+ grep -q "nginx.passenger" ${S_DIR}/top.sls || echo " - nginx.passenger" >> ${S_DIR}/top.sls
+ echo " - arvados.${R}" >> ${S_DIR}/top.sls
+ ;;
+ "shell","dispatcher")
+ grep -q "docker" ${S_DIR}/top.sls || echo " - docker" >> ${S_DIR}/top.sls
+ echo " - arvados.${R}" >> ${S_DIR}/top.sls
+ ;;
+ *)
+ echo " - arvados.${R}" >> ${S_DIR}/top.sls
+ ;;
+ esac
done
fi
+# Pillars
+cat > ${P_DIR}/top.sls << EOFPSLS
+base:
+ '*':
+ - arvados
+ - docker
+ - locale
+ - nginx_api_configuration
+ - nginx_controller_configuration
+ - nginx_keepproxy_configuration
+ - nginx_keepweb_configuration
+ - nginx_passenger
+ - nginx_websocket_configuration
+ - nginx_webshell_configuration
+ - nginx_workbench2_configuration
+ - nginx_workbench_configuration
+ - postgresql
+EOFPSLS
+
# FIXME! #16992 Temporary fix for psql call in arvados-api-server
if [ -e /root/.psqlrc ]; then
if ! ( grep 'pset pager off' /root/.psqlrc ); then
echo "Copying the Arvados CA certificate to the installer dir, so you can import it"
# If running in a vagrant VM, also add default user to docker group
if [ "x${VAGRANT}" = "xyes" ]; then
- cp /etc/ssl/certs/arvados-snakeoil-ca.pem /vagrant
+ cp /etc/ssl/certs/arvados-snakeoil-ca.pem /vagrant/${CLUSTER}.${DOMAIN}-arvados-snakeoil-ca.pem
echo "Adding the vagrant user to the docker group"
usermod -a -G docker vagrant
else
- cp /etc/ssl/certs/arvados-snakeoil-ca.pem ${SCRIPT_DIR}
+ cp /etc/ssl/certs/arvados-snakeoil-ca.pem ${SCRIPT_DIR}/${CLUSTER}.${DOMAIN}-arvados-snakeoil-ca.pem
fi
# Test that the installation finished correctly
# SPDX-License-Identifier: Apache-2.0
export ARVADOS_API_TOKEN=__SYSTEM_ROOT_TOKEN__
-export ARVADOS_API_HOST=__HOSTNAME_INT__:__CONTROLLER_EXT_SSL_PORT__
+export ARVADOS_API_HOST=__CLUSTER__.__DOMAIN__:__CONTROLLER_EXT_SSL_PORT__
export ARVADOS_API_HOST_INSECURE=true
set -o pipefail