-
Notifications
You must be signed in to change notification settings - Fork 21
/
esg-autoinstall
executable file
·346 lines (335 loc) · 11 KB
/
esg-autoinstall
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
#!/usr/bin/expect -f
# -*- mode:shell-script -*-
#
# Expect script for automatically building an ESGF node
#
# To use, copy the file esg-autoinstall.template (either in
# /usr/local/etc from the boostrapper or from the Git repository) to
# /usr/local/etc/esg-autoinstall.conf and edit it to reflect your site
# settings, then run 'esg-autoinstall'
#
source /usr/local/etc/esg-autoinstall.conf
### Expect script begins here ###
set install_local_certs 0
set install_keypair 0
if { $argc > 0 } {
foreach opt $argv {
if { $opt eq "--install-local-certs" } {
set install_local_certs 1
} elseif { $opt eq "--install-keypair" } {
set install_keypair 1
}
}
spawn ${ESGNODESCRIPT} --type ${NODETYPE} {*}$argv
} else {
spawn ${ESGNODESCRIPT} --type ${NODETYPE} --install ${INSTALLFLAGS}
}
expect {
# Error messages cause instant abort
# ERROR and FATAL are found even in working installs
# "ERROR:" { exit 1 }
"could not change directory to" { exit 1 }
"No space left on device" { exit 1 }
"Permission denied" { exit 1 }
"This action did not complete successfully" { exit 1 }
# Actual script responses
"Enter local mirror url:" {
send ${LOCMIRRORURL}\n ; exp_continue
}
"You entered ${LOCMIRRORURL}. Is this correct?(Y/n)" {
send y\n ; exp_continue
}
"Please select the ESGF distribution mirror for this installation" {
send \n ; exp_continue
}
"Are you ready to begin the installation?" {
send y\n ; exp_continue
}
"Please select the IP address to use for this installation" {
send 0\n ; exp_continue
}
"What is the fully qualified domain name of this node?" {
send ${FQDN}\n ; exp_continue
}
"What is the admin password to use for this installation?" {
send ${ADMINPASS}\n ; exp_continue
}
"Please re-enter password:" {
send ${ADMINPASS}\n ; exp_continue
}
"What is the name of your organization?" {
send ${ORGNAME}\n ; exp_continue
}
"Please give this node a \"short\" name" {
send ${SHORTNAME}\n ; exp_continue
}
"Please give this node a more descriptive \"long\" name" {
send ${LONGNAME}\n ; exp_continue
}
"What is the namespace to use for this node?" {
send ${NAMESPACE}\n ; exp_continue
}
"What peer group(s) will this node participate in?" {
send ${PEERGROUP}\n ; exp_continue
}
"What is the hostname of the index node you plan to publish to?" {
send ${PUBLISHNODE}\n ; exp_continue
}
"What email address should notifications be sent as?" {
send ${ADMINEMAIL}\n ; exp_continue
}
"Is the database external to this node?" {
send \n ; exp_continue
}
"What is the database connection string?" {
send ${DBSTRING}\n ; exp_continue
}
"Is the database external to this node?" {
send ${DBEXTERNAL}\n ; exp_continue
}
"What is the (low priv) db account for publisher?" {
send ${DBLOWUSER}\n ; exp_continue
}
"What is the db password for publisher user" {
send ${DBLOWPASS}\n ; exp_continue
}
"Enter password for postgres user dbsuper:" {
send ${ADMINPASS}\n ; exp_continue
}
"Re-enter password for postgres user dbsuper:" {
send ${ADMINPASS}\n ; exp_continue
}
"Please Enter PostgreSQL port number" {
send ${PGPORT}\n ; exp_continue
}
"Would you like a \"system\" or \"user\" publisher configuration" {
send \n ; exp_continue
}
"Is this correct?" {
send Y\n ; exp_continue
}
"What is your organization's id?" {
send ${ORGNAME}\n ; exp_continue
}
"Do you want to continue with Tomcat installation and setup?" {
send \n ; exp_continue
}
"Do you want to continue with Java installation and setup?" {
send \n ; exp_continue
}
"Do you want to continue with Ant installation and setup?" {
send \n ; exp_continue
}
"Do you want to continue with CDAT installation and setup?" {
send ${UPGRADECDAT}\n ; exp_continue
}
"Do you want to continue with esgcet installation and setup?" {
send ${UPGRADECDAT}\n ; exp_continue
}
"Do you want to continue with thredds installation and setup?" {
send ${THREDDS}\n ; exp_continue
}
"Do you want to continue with ESGF Dashboard IP installation and setup?" {
send \n ; exp_continue
}
"Would you like to install the \"COMPUTE\" configuration to support this ?" {
send N\n ; exp_continue
}
"Do you want to continue with LAS installation and setup?" {
send \n ; exp_continue
}
"Would you like to use the DN: (OU=ESGF.ORG, O=ESGF)" {
send \n ; exp_continue
}
"Please set the password for this keystore" {
send ${ADMINPASS}\n ; exp_continue
}
"Please enter the password for this keystore" {
send ${ADMINPASS}\n ; exp_continue
}
"Please re-enter the password for this keystore" {
send ${ADMINPASS}\n ; exp_continue
}
"Please enter your Certificate Authority's certificate chain file(s)" {
send ${CACERTCHAIN}\n\n ; exp_continue
}
"Is the above information correct?" {
send Y\n ; exp_continue
}
"Enter a single ip address which would be cleared to access admin restricted pages." {
send ${ADMINIP}\n ; exp_continue
}
"Do you wish to allow further ips?" {
send n\n ; exp_continue
}
"Please enter username for tomcat" {
send \n ; exp_continue
}
"Please enter password for user, " {
send \n ; exp_continue
}
"Would you like to add another user?" {
send \n ; exp_continue
}
"Do you wish to setup the redirect to the esgf-node-manager's page?" {
send \n ; exp_continue
}
"(RETURN if same as keystore password)" {
send \n ; exp_continue
}
"Do you wish to generate a Certificate Signing Request at this time?" {
send \n ; exp_continue
}
"Please Enter the IP address of this host" {
send \n ; exp_continue
}
"Please Enter the public (i.e. routable) IP address of this host" {
send \n ; exp_continue
}
"Do you wish to use an external IDP peer?" {
send ${EXTERNALIDP}\n ; exp_continue
}
"Please specify your IDP peer node's FQDN:" {
send ${IDPPEER}\n ; exp_continue
}
"Enter certificate to add to trusted keystore" {
send \n ; exp_continue
}
"Would you like to configure this node for CMIP6 publishing" {
send Y\n ; exp_continue
}
"Would you like to install the SLCS OAuth server on this node" {
send Y\n ; exp_continue
}
# For --type all, Globus is set up twice, once as a gateway, and
# once as a datanode. Unfortunately, on the second pass of this
# the prompt defaults to N because it detects the installation of
# the previous type, so we have to always force it to Y, or key
# packages will not be installed and the globus user will be
# missing.
#
# This means that it will always be forcibly reinstalled upon
# upgrade even if it doesn't need to be, but there is no way
# around that at this time without changing the detection in the
# esg-node script.
"Do you want to continue with the Globus installation and setup?" {
send ${GLOBUS}\n ; exp_continue
}
"Do you want to make a back up of the existing Globus distribution (datanode)?" {
send \n ; exp_continue
}
"Do you want to register the GridFTP server with Globus?" {
send ${REGISTERGLOBUS}\n ; exp_continue
}
"Do you want to register the MyProxy server with Globus?" {
send ${REGISTERGLOBUS}\n ; exp_continue
}
"Please provide a Globus username" {
send ${GLOBUSUSER}\n ; exp_continue
}
"Globus password" {
send ${GLOBUSPASS}\n ; exp_continue
}
"Globus Username:" {
send ${GLOBUSUSER}\n ; exp_continue
}
"Globus Password:" {
send ${GLOBUSPASS}\n ; exp_continue
}
"Enter password for new role:" {
send ${ADMINPASS}\n ; exp_continue
}
"Enter it again:" {
send ${ADMINPASS}\n ; exp_continue
}
# This prompt is causing problems -- apparently it's either not a real
# stopping point, or there is an errant \n before this prompt is
# reached. Removing it fixes a known installation problem, however.
# "Is this ok" {
# send Y\n ; exp_continue
# }
"Add new line:" {
send \n ; exp_continue
}
"Do you still wish to continue?" {
send Y\n ; exp_continue
}
"Do you want to continue with openid relying party installation and setup?" {
send \n ; exp_continue
}
"Do you want to make a back up of the existing distribution?" {
send Y\n ; exp_continue
}
"Do you want to continue with security services installation and setup?" {
send \n ; exp_continue
}
"Do you want to continue with idp services installation and setup?" {
send \n ; exp_continue
}
"Do you want to continue with search services installation and setup?" {
send \n ; exp_continue
}
"Do you want to continue with security schema setup?" {
send \n ; exp_continue
}
"Do you want to make a back up of the existing database schema" {
send \n ; exp_continue
}
"Do you still wish to (re)GENERATE self signed certs (and usurp what is present)?" {
send \n ; exp_continue
}
"Do you want to overwrite this CA?" {
send \n ; exp_continue
}
"Enter (simple) CA's certificate password" {
send ${CACERTPASS}\n ; exp_continue
}
"Do you want to make a back up of the existing MyProxy SimpleCA (gateway)?" {
send Y\n ; exp_continue
}
# This prompt in theory should only appear if you in fact already
# have a simple CA, and the default will be 'N', correct for
# upgrades.
"Do you wish to install a simple CA?" {
send \n ; exp_continue
}
"Would you like to remove the current CA setup?" {
send \n ; exp_continue
}
"Do you want to keep this as the CA subject" {
send Y\n ; exp_continue
}
"Enter the email of the CA" {
send ${ADMINEMAIL}\n ; exp_continue
}
"default: 5 years" {
send \n ; exp_continue
}
"Enter PEM pass phrase:" {
send ${CACERTPASS}\n ; exp_continue
}
"please enter the password for the CA key" {
send ${CACERTPASS}\n ; exp_continue
}
"Enter (simple) CA's certificate password" {
send ${CACERTPASS}\n ; exp_continue
}
"Are you sure you wish to add a NEW replica index" {
send ${SOLRREINDEX}\n ; exp_continue
}
"Automatic peer with super-node" {
send N\n ; exp_continue
}
# Victory conditions
"Node installation is complete." {
exit 0
}
"Local installation of certs complete" {
if { $install_local_certs == 1 } { exit 0 }
exp_continue
}
"Please restart this node for keys to take effect" {
if { $install_keypair == 1 } { exit 0 }
exp_continue
}
}