luxolus/open-nomad
2
0
Fork 0
Code Issues 1 Pull requests Packages Releases Wiki Activity
open-nomad/e2e/terraform/packer/ubuntu-bionic-amd64/provision.sh

191 lines
5.4 KiB
Bash
Raw Normal View History

E2E: move Nomad installation to script on remote hosts (#8706) This changeset moves the installation of Nomad binaries out of the provisioning framework and into scripts that are installed on the remote host during AMI builds. This provides a few advantages: * The provisioning framework can be reduced in scope (with the goal of moving most of it into the Terraform stack entirely). * The scripts can be arbitrarily complex if we don't have to stuff them into ssh commands, so it's easier to make them idempotent. In this changeset, the scripts check the version of the existing binary and don't re-download when using the `--nomad_sha` or `--nomad_version` flags. * The scripts can be OS/distro specific, which helps in building new test targets.
2020-08-20 20:10:00 +00:00
#!/bin/bash
set -o errexit
set -o nounset
set +x
usage() {
cat <<EOF
e2e: minor rename and cleanup (#8824)
2020-09-04 12:51:22 +00:00
Usage: provision.sh [options...]
E2E: move Nomad installation to script on remote hosts (#8706) This changeset moves the installation of Nomad binaries out of the provisioning framework and into scripts that are installed on the remote host during AMI builds. This provides a few advantages: * The provisioning framework can be reduced in scope (with the goal of moving most of it into the Terraform stack entirely). * The scripts can be arbitrarily complex if we don't have to stuff them into ssh commands, so it's easier to make them idempotent. In this changeset, the scripts check the version of the existing binary and don't re-download when using the `--nomad_sha` or `--nomad_version` flags. * The scripts can be OS/distro specific, which helps in building new test targets.
2020-08-20 20:10:00 +00:00
Options (use one of the following):
--nomad_sha SHA full git sha to install from S3
docs: update scripts to 0.12.4
2020-09-09 22:22:37 +00:00
--nomad_version VERSION release version number (ex. 0.12.4+ent)
E2E: move Nomad installation to script on remote hosts (#8706) This changeset moves the installation of Nomad binaries out of the provisioning framework and into scripts that are installed on the remote host during AMI builds. This provides a few advantages: * The provisioning framework can be reduced in scope (with the goal of moving most of it into the Terraform stack entirely). * The scripts can be arbitrarily complex if we don't have to stuff them into ssh commands, so it's easier to make them idempotent. In this changeset, the scripts check the version of the existing binary and don't re-download when using the `--nomad_sha` or `--nomad_version` flags. * The scripts can be OS/distro specific, which helps in building new test targets.
2020-08-20 20:10:00 +00:00
--nomad_binary FILEPATH path to file on host
e2e: provision cluster entirely through Terraform (#8748) Have Terraform run the target-specific `provision.sh`/`provision.ps1` script rather than the test runner code which needs to be customized for each distro. Use Terraform's detection of variable value changes so that we can re-run the provisioning without having to re-install Nomad on those specific hosts that need it changed. Allow the configuration "profile" (well-known directory) to be set by a Terraform variable. The default configurations are installed during Packer build time, and symlinked into the live configuration directory by the provision script. Detect changes in the file contents so that we only upload custom configuration files that have changed between Terraform runs
2020-09-18 15:27:24 +00:00
Options for configuration:
--config_profile FILEPATH path to config profile directory
--role ROLE role within config profile directory
--index INDEX count of instance, for profiles with per-instance config
--nostart do not start or restart Nomad
e2e: add flags for provisioning Nomad Enterprise (#8929)
2020-09-23 14:39:04 +00:00
--enterprise if nomad_sha is passed, use the ENT version
e2e: add flag to bootstrap Nomad ACLs (#8961) Adds a `nomad_acls` flag to our Terraform stack that bootstraps Nomad ACLs via a `local-exec` provider. There's no way to set the `NOMAD_TOKEN` in the Nomad TF provider if we're bootstrapping in the same Terraform stack, so instead of using `resource.nomad_acl_token`, we also bootstrap a wide-open anonymous policy. The resulting management token is exported as an environment var with `$(terraform output environment)` and tests that want stricter ACLs will be able to write them using that token. This should also provide a basis to do similar work with Consul ACLs in the future.
2020-09-28 13:22:36 +00:00
--nomad_acls write Nomad ACL configuration
E2E: move Nomad installation to script on remote hosts (#8706) This changeset moves the installation of Nomad binaries out of the provisioning framework and into scripts that are installed on the remote host during AMI builds. This provides a few advantages: * The provisioning framework can be reduced in scope (with the goal of moving most of it into the Terraform stack entirely). * The scripts can be arbitrarily complex if we don't have to stuff them into ssh commands, so it's easier to make them idempotent. In this changeset, the scripts check the version of the existing binary and don't re-download when using the `--nomad_sha` or `--nomad_version` flags. * The scripts can be OS/distro specific, which helps in building new test targets.
2020-08-20 20:10:00 +00:00
EOF
exit 2
}
INSTALL_DIR=/usr/local/bin
INSTALL_PATH="${INSTALL_DIR}/nomad"
PLATFORM=linux_amd64
START=1
install_fn=
e2e: provision cluster entirely through Terraform (#8748) Have Terraform run the target-specific `provision.sh`/`provision.ps1` script rather than the test runner code which needs to be customized for each distro. Use Terraform's detection of variable value changes so that we can re-run the provisioning without having to re-install Nomad on those specific hosts that need it changed. Allow the configuration "profile" (well-known directory) to be set by a Terraform variable. The default configurations are installed during Packer build time, and symlinked into the live configuration directory by the provision script. Detect changes in the file contents so that we only upload custom configuration files that have changed between Terraform runs
2020-09-18 15:27:24 +00:00
NOMAD_PROFILE=
NOMAD_ROLE=
NOMAD_INDEX=
e2e: add flags for provisioning Nomad Enterprise (#8929)
2020-09-23 14:39:04 +00:00
BUILD_FOLDER="builds-oss"
e2e: add flag to bootstrap Nomad ACLs (#8961) Adds a `nomad_acls` flag to our Terraform stack that bootstraps Nomad ACLs via a `local-exec` provider. There's no way to set the `NOMAD_TOKEN` in the Nomad TF provider if we're bootstrapping in the same Terraform stack, so instead of using `resource.nomad_acl_token`, we also bootstrap a wide-open anonymous policy. The resulting management token is exported as an environment var with `$(terraform output environment)` and tests that want stricter ACLs will be able to write them using that token. This should also provide a basis to do similar work with Consul ACLs in the future.
2020-09-28 13:22:36 +00:00
ACLS=0
e2e: provision cluster entirely through Terraform (#8748) Have Terraform run the target-specific `provision.sh`/`provision.ps1` script rather than the test runner code which needs to be customized for each distro. Use Terraform's detection of variable value changes so that we can re-run the provisioning without having to re-install Nomad on those specific hosts that need it changed. Allow the configuration "profile" (well-known directory) to be set by a Terraform variable. The default configurations are installed during Packer build time, and symlinked into the live configuration directory by the provision script. Detect changes in the file contents so that we only upload custom configuration files that have changed between Terraform runs
2020-09-18 15:27:24 +00:00
E2E: move Nomad installation to script on remote hosts (#8706) This changeset moves the installation of Nomad binaries out of the provisioning framework and into scripts that are installed on the remote host during AMI builds. This provides a few advantages: * The provisioning framework can be reduced in scope (with the goal of moving most of it into the Terraform stack entirely). * The scripts can be arbitrarily complex if we don't have to stuff them into ssh commands, so it's easier to make them idempotent. In this changeset, the scripts check the version of the existing binary and don't re-download when using the `--nomad_sha` or `--nomad_version` flags. * The scripts can be OS/distro specific, which helps in building new test targets.
2020-08-20 20:10:00 +00:00
install_from_s3() {
# check that we don't already have this version
if [ "$(command -v nomad)" ]; then
nomad -version | grep -q "${NOMAD_SHA}" \
e2e: documentation and minor tweaks to configs (#8912) * remove outdated references to envchain in documentation * add new host volume locations in userdata * don't exit the entire script during provisioning, just return
2020-09-17 13:20:18 +00:00
&& echo "$NOMAD_SHA already installed" && return
E2E: move Nomad installation to script on remote hosts (#8706) This changeset moves the installation of Nomad binaries out of the provisioning framework and into scripts that are installed on the remote host during AMI builds. This provides a few advantages: * The provisioning framework can be reduced in scope (with the goal of moving most of it into the Terraform stack entirely). * The scripts can be arbitrarily complex if we don't have to stuff them into ssh commands, so it's easier to make them idempotent. In this changeset, the scripts check the version of the existing binary and don't re-download when using the `--nomad_sha` or `--nomad_version` flags. * The scripts can be OS/distro specific, which helps in building new test targets.
2020-08-20 20:10:00 +00:00
fi
e2e: add flags for provisioning Nomad Enterprise (#8929)
2020-09-23 14:39:04 +00:00
S3_URL="s3://nomad-team-dev-test-binaries/${BUILD_FOLDER}/nomad_${PLATFORM}_${NOMAD_SHA}.tar.gz"
E2E: move Nomad installation to script on remote hosts (#8706) This changeset moves the installation of Nomad binaries out of the provisioning framework and into scripts that are installed on the remote host during AMI builds. This provides a few advantages: * The provisioning framework can be reduced in scope (with the goal of moving most of it into the Terraform stack entirely). * The scripts can be arbitrarily complex if we don't have to stuff them into ssh commands, so it's easier to make them idempotent. In this changeset, the scripts check the version of the existing binary and don't re-download when using the `--nomad_sha` or `--nomad_version` flags. * The scripts can be OS/distro specific, which helps in building new test targets.
2020-08-20 20:10:00 +00:00
aws s3 cp --quiet "$S3_URL" nomad.tar.gz
sudo tar -zxvf nomad.tar.gz -C "$INSTALL_DIR"
set_ownership
}
install_from_uploaded_binary() {
e2e: provision cluster entirely through Terraform (#8748) Have Terraform run the target-specific `provision.sh`/`provision.ps1` script rather than the test runner code which needs to be customized for each distro. Use Terraform's detection of variable value changes so that we can re-run the provisioning without having to re-install Nomad on those specific hosts that need it changed. Allow the configuration "profile" (well-known directory) to be set by a Terraform variable. The default configurations are installed during Packer build time, and symlinked into the live configuration directory by the provision script. Detect changes in the file contents so that we only upload custom configuration files that have changed between Terraform runs
2020-09-18 15:27:24 +00:00
# we don't need to check for reinstallation here because we do it at the
# user's end so that we're not copying it up if we don't have to
E2E: move Nomad installation to script on remote hosts (#8706) This changeset moves the installation of Nomad binaries out of the provisioning framework and into scripts that are installed on the remote host during AMI builds. This provides a few advantages: * The provisioning framework can be reduced in scope (with the goal of moving most of it into the Terraform stack entirely). * The scripts can be arbitrarily complex if we don't have to stuff them into ssh commands, so it's easier to make them idempotent. In this changeset, the scripts check the version of the existing binary and don't re-download when using the `--nomad_sha` or `--nomad_version` flags. * The scripts can be OS/distro specific, which helps in building new test targets.
2020-08-20 20:10:00 +00:00
sudo cp "$NOMAD_UPLOADED_BINARY" "$INSTALL_PATH"
set_ownership
}
install_from_release() {
# check that we don't already have this version
if [ "$(command -v nomad)" ]; then
nomad -version | grep -v 'dev' | grep -q "${NOMAD_VERSION}" \
e2e: documentation and minor tweaks to configs (#8912) * remove outdated references to envchain in documentation * add new host volume locations in userdata * don't exit the entire script during provisioning, just return
2020-09-17 13:20:18 +00:00
&& echo "$NOMAD_VERSION already installed" && return
E2E: move Nomad installation to script on remote hosts (#8706) This changeset moves the installation of Nomad binaries out of the provisioning framework and into scripts that are installed on the remote host during AMI builds. This provides a few advantages: * The provisioning framework can be reduced in scope (with the goal of moving most of it into the Terraform stack entirely). * The scripts can be arbitrarily complex if we don't have to stuff them into ssh commands, so it's easier to make them idempotent. In this changeset, the scripts check the version of the existing binary and don't re-download when using the `--nomad_sha` or `--nomad_version` flags. * The scripts can be OS/distro specific, which helps in building new test targets.
2020-08-20 20:10:00 +00:00
fi
RELEASE_URL="https://releases.hashicorp.com/nomad/${NOMAD_VERSION}/nomad_${NOMAD_VERSION}_${PLATFORM}.zip"
curl -sL --fail -o /tmp/nomad.zip "$RELEASE_URL"
sudo unzip -o /tmp/nomad.zip -d "$INSTALL_DIR"
set_ownership
}
set_ownership() {
sudo chmod 0755 "$INSTALL_PATH"
sudo chown root:root "$INSTALL_PATH"
}
e2e: provision cluster entirely through Terraform (#8748) Have Terraform run the target-specific `provision.sh`/`provision.ps1` script rather than the test runner code which needs to be customized for each distro. Use Terraform's detection of variable value changes so that we can re-run the provisioning without having to re-install Nomad on those specific hosts that need it changed. Allow the configuration "profile" (well-known directory) to be set by a Terraform variable. The default configurations are installed during Packer build time, and symlinked into the live configuration directory by the provision script. Detect changes in the file contents so that we only upload custom configuration files that have changed between Terraform runs
2020-09-18 15:27:24 +00:00
sym() {
find "$1" -maxdepth 1 -type f -name "$2" 2>/dev/null \
| sudo xargs -I % ln -fs % "$3"
}
install_config_profile() {
if [ -d /tmp/custom ]; then
rm -rf /opt/config/custom
sudo mv /tmp/custom /opt/config/
fi
# we're removing the whole directory and recreating to avoid
# any quirks around dotfiles that might show up here.
sudo rm -rf /etc/nomad.d
sudo rm -rf /etc/consul.d
sudo rm -rf /etc/vault.d
sudo mkdir -p /etc/nomad.d
sudo mkdir -p /etc/consul.d
sudo mkdir -p /etc/vault.d
sym "${NOMAD_PROFILE}/nomad/" '*' /etc/nomad.d
sym "${NOMAD_PROFILE}/consul/" '*' /etc/consul.d
sym "${NOMAD_PROFILE}/vault/" '*' /etc/vault.d
if [ -n "$NOMAD_ROLE" ]; then
sym "${NOMAD_PROFILE}/nomad/${NOMAD_ROLE}/" '*' /etc/nomad.d
sym "${NOMAD_PROFILE}/consul/${NOMAD_ROLE}/" '*' /etc/consul.d
sym "${NOMAD_PROFILE}/vault/${NOMAD_ROLE}/" '*' /etc/vault.d
fi
if [ -n "$NOMAD_INDEX" ]; then
sym "${NOMAD_PROFILE}/nomad/${NOMAD_ROLE}/indexed/" "*${NOMAD_INDEX}*" /etc/nomad.d
sym "${NOMAD_PROFILE}/consul/${NOMAD_ROLE}/indexed/" "*${NOMAD_INDEX}*" /etc/consul.d
sym "${NOMAD_PROFILE}/vault/${NOMAD_ROLE}/indexed/" "*${NOMAD_INDEX}*" /etc/vault.d
fi
e2e: add flag to bootstrap Nomad ACLs (#8961) Adds a `nomad_acls` flag to our Terraform stack that bootstraps Nomad ACLs via a `local-exec` provider. There's no way to set the `NOMAD_TOKEN` in the Nomad TF provider if we're bootstrapping in the same Terraform stack, so instead of using `resource.nomad_acl_token`, we also bootstrap a wide-open anonymous policy. The resulting management token is exported as an environment var with `$(terraform output environment)` and tests that want stricter ACLs will be able to write them using that token. This should also provide a basis to do similar work with Consul ACLs in the future.
2020-09-28 13:22:36 +00:00
if [ $ACLS == "1" ]; then
sudo ln -fs /opt/config/shared/nomad-acl.hcl /etc/nomad.d/acl.hcl
fi
e2e: provision cluster entirely through Terraform (#8748) Have Terraform run the target-specific `provision.sh`/`provision.ps1` script rather than the test runner code which needs to be customized for each distro. Use Terraform's detection of variable value changes so that we can re-run the provisioning without having to re-install Nomad on those specific hosts that need it changed. Allow the configuration "profile" (well-known directory) to be set by a Terraform variable. The default configurations are installed during Packer build time, and symlinked into the live configuration directory by the provision script. Detect changes in the file contents so that we only upload custom configuration files that have changed between Terraform runs
2020-09-18 15:27:24 +00:00
}
E2E: move Nomad installation to script on remote hosts (#8706) This changeset moves the installation of Nomad binaries out of the provisioning framework and into scripts that are installed on the remote host during AMI builds. This provides a few advantages: * The provisioning framework can be reduced in scope (with the goal of moving most of it into the Terraform stack entirely). * The scripts can be arbitrarily complex if we don't have to stuff them into ssh commands, so it's easier to make them idempotent. In this changeset, the scripts check the version of the existing binary and don't re-download when using the `--nomad_sha` or `--nomad_version` flags. * The scripts can be OS/distro specific, which helps in building new test targets.
2020-08-20 20:10:00 +00:00
while [[ $# -gt 0 ]]
do
opt="$1"
case $opt in
--nomad_sha)
if [ -z "$2" ]; then echo "Missing sha parameter"; usage; fi
NOMAD_SHA="$2"
install_fn=install_from_s3
shift 2
;;
--nomad_release | --nomad_version)
if [ -z "$2" ]; then echo "Missing version parameter"; usage; fi
NOMAD_VERSION="$2"
install_fn=install_from_release
shift 2
;;
--nomad_binary)
if [ -z "$2" ]; then echo "Missing file parameter"; usage; fi
NOMAD_UPLOADED_BINARY="$2"
install_fn=install_from_uploaded_binary
shift 2
;;
e2e: provision cluster entirely through Terraform (#8748) Have Terraform run the target-specific `provision.sh`/`provision.ps1` script rather than the test runner code which needs to be customized for each distro. Use Terraform's detection of variable value changes so that we can re-run the provisioning without having to re-install Nomad on those specific hosts that need it changed. Allow the configuration "profile" (well-known directory) to be set by a Terraform variable. The default configurations are installed during Packer build time, and symlinked into the live configuration directory by the provision script. Detect changes in the file contents so that we only upload custom configuration files that have changed between Terraform runs
2020-09-18 15:27:24 +00:00
--config_profile)
if [ -z "$2" ]; then echo "Missing profile parameter"; usage; fi
NOMAD_PROFILE="/opt/config/${2}"
shift 2
;;
--role)
if [ -z "$2" ]; then echo "Missing role parameter"; usage; fi
NOMAD_ROLE="$2"
shift 2
;;
--index)
if [ -z "$2" ]; then echo "Missing index parameter"; usage; fi
NOMAD_INDEX="$2"
shift 2
;;
E2E: move Nomad installation to script on remote hosts (#8706) This changeset moves the installation of Nomad binaries out of the provisioning framework and into scripts that are installed on the remote host during AMI builds. This provides a few advantages: * The provisioning framework can be reduced in scope (with the goal of moving most of it into the Terraform stack entirely). * The scripts can be arbitrarily complex if we don't have to stuff them into ssh commands, so it's easier to make them idempotent. In this changeset, the scripts check the version of the existing binary and don't re-download when using the `--nomad_sha` or `--nomad_version` flags. * The scripts can be OS/distro specific, which helps in building new test targets.
2020-08-20 20:10:00 +00:00
--nostart)
# for initial packer builds, we don't want to start Nomad
START=0
shift
;;
e2e: add flags for provisioning Nomad Enterprise (#8929)
2020-09-23 14:39:04 +00:00
--enterprise)
BUILD_FOLDER="builds-ent"
shift
;;
e2e: add flag to bootstrap Nomad ACLs (#8961) Adds a `nomad_acls` flag to our Terraform stack that bootstraps Nomad ACLs via a `local-exec` provider. There's no way to set the `NOMAD_TOKEN` in the Nomad TF provider if we're bootstrapping in the same Terraform stack, so instead of using `resource.nomad_acl_token`, we also bootstrap a wide-open anonymous policy. The resulting management token is exported as an environment var with `$(terraform output environment)` and tests that want stricter ACLs will be able to write them using that token. This should also provide a basis to do similar work with Consul ACLs in the future.
2020-09-28 13:22:36 +00:00
--nomad_acls)
ACLS=1
shift
;;
E2E: move Nomad installation to script on remote hosts (#8706) This changeset moves the installation of Nomad binaries out of the provisioning framework and into scripts that are installed on the remote host during AMI builds. This provides a few advantages: * The provisioning framework can be reduced in scope (with the goal of moving most of it into the Terraform stack entirely). * The scripts can be arbitrarily complex if we don't have to stuff them into ssh commands, so it's easier to make them idempotent. In this changeset, the scripts check the version of the existing binary and don't re-download when using the `--nomad_sha` or `--nomad_version` flags. * The scripts can be OS/distro specific, which helps in building new test targets.
2020-08-20 20:10:00 +00:00
*) usage ;;
esac
done
e2e: provision cluster entirely through Terraform (#8748) Have Terraform run the target-specific `provision.sh`/`provision.ps1` script rather than the test runner code which needs to be customized for each distro. Use Terraform's detection of variable value changes so that we can re-run the provisioning without having to re-install Nomad on those specific hosts that need it changed. Allow the configuration "profile" (well-known directory) to be set by a Terraform variable. The default configurations are installed during Packer build time, and symlinked into the live configuration directory by the provision script. Detect changes in the file contents so that we only upload custom configuration files that have changed between Terraform runs
2020-09-18 15:27:24 +00:00
# call the appropriate installation function
if [ -n "$install_fn" ]; then
$install_fn
fi
if [ -n "$NOMAD_PROFILE" ]; then
install_config_profile
fi
if [ $START == "1" ]; then
e2e: bootstrap vault and provision Nomad with vault tokens (#9010) Provisions vault with the policies described in the Nomad Vault integration guide, and drops a configuration file for Nomad vault server configuration with its token. The vault root token is exposed to the E2E runner so that tests can write additional policies to vault.
2020-10-05 13:28:37 +00:00
if [ "$NOMAD_ROLE" == "server" ]; then
sudo systemctl restart vault
fi
e2e: provision cluster entirely through Terraform (#8748) Have Terraform run the target-specific `provision.sh`/`provision.ps1` script rather than the test runner code which needs to be customized for each distro. Use Terraform's detection of variable value changes so that we can re-run the provisioning without having to re-install Nomad on those specific hosts that need it changed. Allow the configuration "profile" (well-known directory) to be set by a Terraform variable. The default configurations are installed during Packer build time, and symlinked into the live configuration directory by the provision script. Detect changes in the file contents so that we only upload custom configuration files that have changed between Terraform runs
2020-09-18 15:27:24 +00:00
sudo systemctl restart consul
sudo systemctl restart nomad
fi
Reference in a new issue Copy permalink