projects / arvados.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4ac2b36)
20610: Removes the need to directly edit the arvados.sls pillar.
authorLucas Di Pentima <lucas.dipentima@curii.com>
Wed, 26 Jul 2023 13:51:25 +0000 (10:51 -0300)
committerLucas Di Pentima <lucas.dipentima@curii.com>
Wed, 26 Jul 2023 13:51:25 +0000 (10:51 -0300)
All params are now in local.params.* files.

Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas.dipentima@curii.com>

tools/salt-install/config_examples/multi_host/aws/pillars/arvados.sls patch | blob | history
tools/salt-install/local.params.example.multiple_hosts patch | blob | history
tools/salt-install/local.params.secrets.example patch | blob | history
tools/salt-install/provision.sh patch | blob | history

diff --git a/tools/salt-install/config_examples/multi_host/aws/pillars/arvados.sls b/tools/salt-install/config_examples/multi_host/aws/pillars/arvados.sls
index b3b4d447aaa474bd05c566b44e4add2fd01b42f9..2672bf88b90a10795d9d3d1c43a4b7420b3e01dc 100644 (file)
--- a/tools/salt-install/config_examples/multi_host/aws/pillars/arvados.sls
+++ b/tools/salt-install/config_examples/multi_host/aws/pillars/arvados.sls
@@ -122,15 +122,15 @@ arvados:
         ResourceTags:
           Name: __CLUSTER__-compute-node
         BootProbeCommand: 'systemctl is-system-running'
-        ImageID: ami-FIXMEFIXMEFIXMEFI
+        ImageID: __COMPUTE_AMI__
         Driver: ec2
         DriverParameters:
-          Region: FIXME
+          Region: __COMPUTE_AWS_REGION__
           EBSVolumeType: gp3
-          AdminUsername: FIXME
+          AdminUsername: __COMPUTE_USER__
           ### This SG should allow SSH from the dispatcher to the compute nodes
-          SecurityGroupIDs: ['sg-FIXMEFIXMEFIXMEFI']
-          SubnetID: subnet-FIXMEFIXMEFIXMEFI
+          SecurityGroupIDs: ['__COMPUTE_SG__']
+          SubnetID: __COMPUTE_SUBNET__
           IAMInstanceProfile: __CLUSTER__-compute-node-00-iam-role
       DispatchPrivateKey: {{ dispatcher_ssh_privkey|yaml_dquote }}
 
@@ -145,7 +145,7 @@ arvados:
         DriverParameters:
           Bucket: __CLUSTER__-nyw5e-000000000000000-volume
           IAMRole: __CLUSTER__-keepstore-00-iam-role
-          Region: FIXME
+          Region: __KEEP_AWS_REGION__
 
     Users:
       NewUsersAreActive: true
@@ -163,7 +163,7 @@ arvados:
           'http://__DISPATCHER_INT_IP__:9006': {}
       Keepbalance:
         InternalURLs:
-          'http://__CONTROLLER_INT_IP__:9005': {}
+          'http://__KEEPBALANCE_INT_IP__:9005': {}
       Keepproxy:
         ExternalURL: 'https://keep.__DOMAIN__:__KEEP_EXT_SSL_PORT__'
         InternalURLs:
diff --git a/tools/salt-install/local.params.example.multiple_hosts b/tools/salt-install/local.params.example.multiple_hosts
index 50d3d0ca8283754068c7a5a49eada216988ddf21..d1aab048c1ac0de6ff69faf65acfc287b3cd1bc0 100644 (file)
--- a/tools/salt-install/local.params.example.multiple_hosts
+++ b/tools/salt-install/local.params.example.multiple_hosts
@@ -28,6 +28,8 @@ INITIAL_USER_EMAIL="admin@cluster_fixme_or_this_wont_work.domain_fixme_or_this_w
 # Comment out to disable.
 USE_SSH_JUMPHOST="controller.${DOMAIN}"
 
+AWS_REGION="fixme_or_this_wont_work"
+
 # SSL CERTIFICATES
 # Arvados requires SSL certificates to work correctly. This installer supports these options:
 # * self-signed: let the installer create self-signed certificate(s)
@@ -42,7 +44,17 @@ USE_LETSENCRYPT_ROUTE53="yes"
 # For that reason, you'll need to provide AWS credentials with permissions to manage
 # RRs in the route53 zone for the cluster.
 # WARNING!: If AWS credentials files already exist in the hosts, they won't be replaced.
-LE_AWS_REGION="us-east-1"
+LE_AWS_REGION="${AWS_REGION}"
+
+# Compute node configurations
+COMPUTE_AMI="ami_id_fixme_or_this_wont_work"
+COMPUTE_SG="security_group_fixme_or_this_wont_work"
+COMPUTE_SUBNET="subnet_fixme_or_this_wont_work"
+COMPUTE_AWS_REGION="${AWS_REGION}"
+COMPUTE_USER="${DEPLOY_USER}"
+
+# Keep S3 backend region
+KEEP_AWS_REGION="${AWS_REGION}"
 
 # If you going to provide your own certificates for Arvados, the provision script can
 # help you deploy them. In order to do that, you need to set `SSL_MODE=bring-your-own` above,
@@ -72,11 +84,10 @@ LE_AWS_REGION="us-east-1"
 # a custom AWS secret name for each node to retrieve the password.
 SSL_KEY_ENCRYPTED="no"
 SSL_KEY_AWS_SECRET_NAME="${CLUSTER}-arvados-ssl-privkey-password"
-SSL_KEY_AWS_REGION="us-east-1"
+SSL_KEY_AWS_REGION="${AWS_REGION}"
 
 # Customize Prometheus & Grafana web UI access credentials
 MONITORING_USERNAME=${INITIAL_USER}
-MONITORING_PASSWORD=${INITIAL_USER_PASSWORD}
 MONITORING_EMAIL=${INITIAL_USER_EMAIL}
 # Sets the directory for Grafana dashboards
 # GRAFANA_DASHBOARDS_DIR="${SCRIPT_DIR}/local_config_dir/dashboards"
@@ -111,6 +122,7 @@ CLUSTER_INT_CIDR=10.1.0.0/16
 # https://doc.arvados.org/main/install/salt-multi-host.html
 CONTROLLER_INT_IP=10.1.1.11
 DISPATCHER_INT_IP=${CONTROLLER_INT_IP}
+KEEPBALANCE_INT_IP=${CONTROLLER_INT_IP}
 WEBSOCKET_INT_IP=${CONTROLLER_INT_IP}
 DATABASE_INT_IP=${CONTROLLER_INT_IP}
 WORKBENCH1_INT_IP=10.1.1.15
diff --git a/tools/salt-install/local.params.secrets.example b/tools/salt-install/local.params.secrets.example
index bec56e00be6e88d645093f884c95eb4e5eed0d0a..36cdb57b877462f26a9fc4b9eaae1acdf0e05787 100644 (file)
--- a/tools/salt-install/local.params.secrets.example
+++ b/tools/salt-install/local.params.secrets.example
@@ -6,6 +6,7 @@
 # These are the security-sensitive parameters to configure the installation
 
 INITIAL_USER_PASSWORD="fixme"
+MONITORING_PASSWORD=${INITIAL_USER_PASSWORD}
 
 # YOU SHOULD CHANGE THESE TO SOME RANDOM STRINGS
 BLOB_SIGNING_KEY=fixmeblobsigningkeymushaveatleast32characters
diff --git a/tools/salt-install/provision.sh b/tools/salt-install/provision.sh
index 60837c50a9131f971b357756fd11adc0b26b5c6e..52a7f70ad3d20e368c73ce9f5cfa1bf3cbc32612 100755 (executable)
--- a/tools/salt-install/provision.sh
+++ b/tools/salt-install/provision.sh
@@ -466,7 +466,14 @@ for f in $(ls "${SOURCE_PILLARS_DIR}"/*); do
        s#__ENABLE_BALANCER__#${ENABLE_BALANCER}#g;
        s#__BALANCER_NODENAME__#${BALANCER_NODENAME}#g;
        s#__BALANCER_BACKENDS__#${BALANCER_BACKENDS}#g;
-       s#__DISPATCHER_INT_IP__#${DISPATCHER_INT_IP}#g" \
+       s#__DISPATCHER_INT_IP__#${DISPATCHER_INT_IP}#g;
+       s#__KEEPBALANCE_INT_IP__#${KEEPBALANCE_INT_IP}#g;
+       s#__COMPUTE_AMI__#${COMPUTE_AMI}#g;
+       s#__COMPUTE_SG__#${COMPUTE_SG}#g;
+       s#__COMPUTE_SUBNET__#${COMPUTE_SUBNET}#g;
+       s#__COMPUTE_AWS_REGION__#${COMPUTE_AWS_REGION}#g;
+       s#__COMPUTE_USER__#${COMPUTE_USER}#g;
+       s#__KEEP_AWS_REGION__#${KEEP_AWS_REGION}#g" \
   "${f}" > "${P_DIR}"/$(basename "${f}")
 done
 
@@ -550,7 +557,14 @@ if [ -d "${SOURCE_STATES_DIR}" ]; then
          s#__ENABLE_BALANCER__#${ENABLE_BALANCER}#g;
          s#__BALANCER_NODENAME__#${BALANCER_NODENAME}#g;
          s#__BALANCER_BACKENDS__#${BALANCER_BACKENDS}#g;
-         s#__DISPATCHER_INT_IP__#${DISPATCHER_INT_IP}#g" \
+         s#__DISPATCHER_INT_IP__#${DISPATCHER_INT_IP}#g;
+         s#__KEEPBALANCE_INT_IP__#${KEEPBALANCE_INT_IP}#g;
+         s#__COMPUTE_AMI__#${COMPUTE_AMI}#g;
+         s#__COMPUTE_SG__#${COMPUTE_SG}#g;
+         s#__COMPUTE_SUBNET__#${COMPUTE_SUBNET}#g;
+         s#__COMPUTE_AWS_REGION__#${COMPUTE_AWS_REGION}#g;
+         s#__COMPUTE_USER__#${COMPUTE_USER}#g;
+         s#__KEEP_AWS_REGION__#${KEEP_AWS_REGION}#g" \
     "${f}" > "${F_DIR}/extra/extra"/$(basename "${f}")
   done
 fi