From: Javier Bértoli Date: Thu, 17 Mar 2022 18:19:06 +0000 (-0300) Subject: Merge branch '18681-install-passenger-only-when-required' X-Git-Tag: 2.4.0~41 X-Git-Url: https://git.arvados.org/arvados.git/commitdiff_plain/9a11b502e406202db58fb6751f3448aa30288062?hp=-c Merge branch '18681-install-passenger-only-when-required' closes #18681 Arvados-DCO-1.1-Signed-off-by: Javier Bértoli --- 9a11b502e406202db58fb6751f3448aa30288062 diff --combined tools/salt-install/provision.sh index 2d33cac57b,07bc63c11d..0f3c9a1411 --- a/tools/salt-install/provision.sh +++ b/tools/salt-install/provision.sh @@@ -165,6 -165,8 +165,8 @@@ LOG_LEVEL="info CONTROLLER_EXT_SSL_PORT=443 TESTS_DIR="tests" + NGINX_INSTALL_SOURCE="install_from_repo" + CLUSTER="" DOMAIN="" @@@ -206,8 -208,8 +208,8 @@@ VERSION="latest # Other formula versions we depend on POSTGRES_TAG="v0.44.0" - NGINX_TAG="v2.8.0" - DOCKER_TAG="v2.4.0" + NGINX_TAG="v2.8.1" + DOCKER_TAG="v2.4.2" LOCALE_TAG="v0.3.4" LETSENCRYPT_TAG="v2.1.0" @@@ -261,7 -263,7 +263,7 @@@ if [ ! -z "${HOSTNAME_EXT}" ] ; the # Make sure that the value configured as IP_INT is a real IP on the system. # If we don't error out early here when there is a mismatch, the formula will # fail with hard to interpret nginx errors later on. - ip addr list |grep -q " ${IP_INT}/" + ip addr list |grep -q "${IP_INT}/" if [[ $? -ne 0 ]]; then echo "Unable to find the IP_INT address '${IP_INT}' on the system, please correct the value in local.params. Exiting..." exit 1 @@@ -284,7 -286,7 +286,7 @@@ els case ${OS_ID} in "centos") echo "WARNING! Disabling SELinux, see https://dev.arvados.org/issues/18019" - sed -i 's/SELINUX=enforcing/SELINUX=permissive' /etc/sysconfig/selinux + sed -i 's/SELINUX=enforcing/SELINUX=permissive/g' /etc/sysconfig/selinux setenforce permissive yum install -y curl git jq ;; @@@ -474,6 -476,7 +476,7 @@@ if [ -d "${SOURCE_STATES_DIR}" ]; the s#__WORKBENCH2_INT_IP__#${WORKBENCH2_INT_IP}#g; s#__DATABASE_INT_IP__#${DATABASE_INT_IP}#g; s#__WEBSHELL_EXT_SSL_PORT__#${WEBSHELL_EXT_SSL_PORT}#g; + s#__SHELL_INT_IP__#${SHELL_INT_IP}#g; s#__WEBSOCKET_EXT_SSL_PORT__#${WEBSOCKET_EXT_SSL_PORT}#g; s#__WORKBENCH1_EXT_SSL_PORT__#${WORKBENCH1_EXT_SSL_PORT}#g; s#__WORKBENCH2_EXT_SSL_PORT__#${WORKBENCH2_EXT_SSL_PORT}#g; @@@ -558,6 -561,10 +561,10 @@@ if [ -z "${ROLES}" ]; the echo " - nginx_workbench_configuration" >> ${P_DIR}/top.sls echo " - postgresql" >> ${P_DIR}/top.sls + # We need to tweak the Nginx's pillar depending whether we want plan nginx or nginx+passenger + NGINX_INSTALL_SOURCE="install_from_phusionpassenger" + sed -i "s/__NGINX_INSTALL_SOURCE__/${NGINX_INSTALL_SOURCE}/g" ${P_DIR}/nginx_passenger.sls + if [ "${SSL_MODE}" = "lets-encrypt" ]; then if [ "${USE_LETSENCRYPT_ROUTE53}" = "yes" ]; then grep -q "aws_credentials" ${P_DIR}/top.sls || echo " - aws_credentials" >> ${P_DIR}/top.sls @@@ -627,10 -634,13 +634,13 @@@ els # States # FIXME: https://dev.arvados.org/issues/17352 grep -q "postgres.client" ${S_DIR}/top.sls || echo " - postgres.client" >> ${S_DIR}/top.sls - grep -q "nginx.passenger" ${S_DIR}/top.sls || echo " - nginx.passenger" >> ${S_DIR}/top.sls + if grep -q " - nginx.*$" ${S_DIR}/top.sls; then + sed -i s/"^ - nginx.*$"/" - nginx.passenger"/g ${S_DIR}/top.sls + else + echo " - nginx.passenger" >> ${S_DIR}/top.sls + fi ### If we don't install and run LE before arvados-api-server, it fails and breaks everything ### after it. So we add this here as we are, after all, sharing the host for api and controller - # Currently, only available on config_examples/multi_host/aws if [ "${SSL_MODE}" = "lets-encrypt" ]; then if [ "${USE_LETSENCRYPT_ROUTE53}" = "yes" ]; then grep -q "aws_credentials" ${S_DIR}/top.sls || echo " - aws_credentials" >> ${S_DIR}/top.sls @@@ -649,11 -659,23 +659,23 @@@ grep -q "postgresql" ${P_DIR}/top.sls || echo " - postgresql" >> ${P_DIR}/top.sls grep -q "nginx_passenger" ${P_DIR}/top.sls || echo " - nginx_passenger" >> ${P_DIR}/top.sls grep -q "nginx_${R}_configuration" ${P_DIR}/top.sls || echo " - nginx_${R}_configuration" >> ${P_DIR}/top.sls + + # We need to tweak the Nginx's pillar depending whether we want plain nginx or nginx+passenger + NGINX_INSTALL_SOURCE="install_from_phusionpassenger" + sed -i "s/__NGINX_INSTALL_SOURCE__/${NGINX_INSTALL_SOURCE}/g" ${P_DIR}/nginx_passenger.sls ;; "controller" | "websocket" | "workbench" | "workbench2" | "webshell" | "keepweb" | "keepproxy") # States - grep -q "nginx.passenger" ${S_DIR}/top.sls || echo " - nginx.passenger" >> ${S_DIR}/top.sls - # Currently, only available on config_examples/multi_host/aws + if [ "${R}" = "workbench" ]; then + NGINX_INSTALL_SOURCE="install_from_phusionpassenger" + if grep -q " - nginx$" ${S_DIR}/top.sls; then + sed -i s/"^ - nginx.*$"/" - nginx.passenger"/g ${S_DIR}/top.sls + else + echo " - nginx.passenger" >> ${S_DIR}/top.sls + fi + else + grep -q "nginx" ${S_DIR}/top.sls || echo " - nginx" >> ${S_DIR}/top.sls + fi if [ "${SSL_MODE}" = "lets-encrypt" ]; then if [ "x${USE_LETSENCRYPT_ROUTE53}" = "xyes" ]; then grep -q "aws_credentials" ${S_DIR}/top.sls || echo " - aws_credentials" >> ${S_DIR}/top.sls @@@ -685,7 -707,6 +707,6 @@@ grep -q "nginx_collections_configuration" ${P_DIR}/top.sls || echo " - nginx_collections_configuration" >> ${P_DIR}/top.sls fi - # Currently, only available on config_examples/multi_host/aws if [ "${SSL_MODE}" = "lets-encrypt" ]; then if [ "${USE_LETSENCRYPT_ROUTE53}" = "yes" ]; then grep -q "aws_credentials" ${P_DIR}/top.sls || echo " - aws_credentials" >> ${P_DIR}/top.sls @@@ -727,6 -748,8 +748,8 @@@ grep -q ${R} ${P_DIR}/extra_custom_certs.sls || echo " - ${R}" >> ${P_DIR}/extra_custom_certs.sls fi fi + # We need to tweak the Nginx's pillar depending whether we want plain nginx or nginx+passenger + sed -i "s/__NGINX_INSTALL_SOURCE__/${NGINX_INSTALL_SOURCE}/g" ${P_DIR}/nginx_passenger.sls ;; "shell") # States @@@ -754,6 -777,19 +777,6 @@@ if [ "${DUMP_CONFIG}" = "yes" ]; the exit 0 fi -# FIXME! #16992 Temporary fix for psql call in arvados-api-server -if [ -e /root/.psqlrc ]; then - if ! ( grep 'pset pager off' /root/.psqlrc ); then - RESTORE_PSQL="yes" - cp /root/.psqlrc /root/.psqlrc.provision.backup - fi -else - DELETE_PSQL="yes" -fi - -echo '\pset pager off' >> /root/.psqlrc -# END FIXME! #16992 Temporary fix for psql call in arvados-api-server - # Now run the install salt-call --local state.apply -l ${LOG_LEVEL} @@@ -763,6 -799,18 +786,6 @@@ if [ -d /etc/cloud/cloud.cfg.d ]; the sed -i 's/^manage_etc_hosts: true/#manage_etc_hosts: true/g' /etc/cloud/cloud.cfg.d/* fi -# FIXME! #16992 Temporary fix for psql call in arvados-api-server -if [ "x${DELETE_PSQL}" = "xyes" ]; then - echo "Removing .psql file" - rm /root/.psqlrc -fi - -if [ "x${RESTORE_PSQL}" = "xyes" ]; then - echo "Restoring .psql file" - mv -v /root/.psqlrc.provision.backup /root/.psqlrc -fi -# END FIXME! #16992 Temporary fix for psql call in arvados-api-server - # Leave a copy of the Arvados CA so the user can copy it where it's required if [ "$DEV_MODE" = "yes" ]; then echo "Copying the Arvados CA certificate to the installer dir, so you can import it"