-
Notifications
You must be signed in to change notification settings - Fork 6
/
pavics-compose.sh
executable file
·197 lines (169 loc) · 5.9 KB
/
pavics-compose.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
#!/bin/sh
YELLOW=$(tput setaf 3)
RED=$(tput setaf 1)
NORMAL=$(tput sgr0)
# list of all variables to be substituted in templates
VARS='
$PAVICS_FQDN
$DOC_URL
$MAGPIE_SECRET
$MAGPIE_ADMIN_USERNAME
$MAGPIE_ADMIN_PASSWORD
$TWITCHER_PROTECTED_PATH
$PHOENIX_PASSWORD
$PHOENIX_PASSWORD_HASH
$TOMCAT_NCWMS_PASSWORD
$SUPPORT_EMAIL
$CMIP5_THREDDS_ROOT
$JUPYTERHUB_ADMIN_USERS
$CATALOG_USERNAME
$CATALOG_PASSWORD
$CATALOG_THREDDS_SERVICE
$POSTGRES_PAVICS_USERNAME
$POSTGRES_PAVICS_PASSWORD
$POSTGRES_MAGPIE_USERNAME
$POSTGRES_MAGPIE_PASSWORD
$ALERTMANAGER_ADMIN_EMAIL_RECEIVER
$SMTP_SERVER
'
# list of vars to be substituted in template but they do not have to be set in
# env.local
OPTIONAL_VARS='
$PAVICS_FQDN_PUBLIC
$INCLUDE_FOR_PORT_80
$ENABLE_JUPYTERHUB_MULTI_NOTEBOOKS
$EXTRA_PYWPS_CONFIG
$THREDDS_ORGANIZATION
$GITHUB_CLIENT_ID
$GITHUB_CLIENT_SECRET
$MAGPIE_DB_NAME
$VERIFY_SSL
$JUPYTER_DEMO_USER
$JUPYTER_LOGIN_BANNER_TOP_SECTION
$JUPYTER_LOGIN_BANNER_BOTTOM_SECTION
$AUTODEPLOY_EXTRA_REPOS_AS_DOCKER_VOLUMES
$AUTODEPLOY_PLATFORM_FREQUENCY
$AUTODEPLOY_NOTEBOOK_FREQUENCY
$AUTODEPLOY_EXTRA_SCHEDULER_JOBS
$GENERIC_BIRD_PORT
$GENERIC_BIRD_NAME
$ALERTMANAGER_EXTRA_GLOBAL
$ALERTMANAGER_EXTRA_ROUTES
$ALERTMANAGER_EXTRA_INHIBITION
$ALERTMANAGER_EXTRA_RECEIVERS
'
# we switch to the real directory of the script, so it still works when used from $PATH
# tip: ln -s /path/to/pavics-compose.sh ~/bin/
cd $(dirname $(readlink -f $0 || realpath $0))
. ./common.env
# we source local configs, if present
# we don't use usual .env filename, because docker-compose uses it
[ -f env.local ] && . ./env.local
for i in ${VARS}
do
v="${i}"
if [ -z "`eval "echo ${v}"`" ]
then
echo "${RED}Error${NORMAL}: Required variable $v is not set. Check env.local file."
exit 1
fi
done
if [ ! -f docker-compose.yml ]
then
echo "Error, this script must be ran from the folder containing the docker-compose.yml file"
exit 1
fi
## check fails when root access is required to access this file.. workaround possible by going through docker daemon... but
# will add delay
# if [ ! -f $SSL_CERTIFICATE ]
# then
# echo "Error, SSL certificate file $SSL_CERTIFICATE is missing"
# exit 1
# fi
TIMEWAIT_REUSE=$(/sbin/sysctl -n net.ipv4.tcp_tw_reuse)
if [ ${TIMEWAIT_REUSE} -eq 0 ]
then
echo "${YELLOW}Warning:${NORMAL} the sysctl net.ipv4.tcp_tw_reuse is not enabled"
echo " It it suggested to set it to 1, otherwise the pavicscrawler may fail"
fi
if [ -z "$PAVICS_FQDN_PUBLIC" ]; then
# default value before instantiating template configs
export PAVICS_FQDN_PUBLIC="$PAVICS_FQDN"
fi
if [ x"$ALLOW_UNSECURE_HTTP" = x"True" ]; then
export INCLUDE_FOR_PORT_80="include /etc/nginx/conf.d/all-services.include;"
else
export INCLUDE_FOR_PORT_80="include /etc/nginx/conf.d/redirect-to-https.include;"
fi
if [ -z "$THREDDS_ORGANIZATION" ]; then
# default value before instantiating template configs
export THREDDS_ORGANIZATION="Birdhouse"
fi
if [ -z "$MAGPIE_DB_NAME" ]; then
# default value before instantiating template configs
export MAGPIE_DB_NAME="magpiedb"
fi
if [ -z "$VERIFY_SSL" ]; then
# default value before instantiating template configs
export VERIFY_SSL="true"
fi
export AUTODEPLOY_EXTRA_REPOS_AS_DOCKER_VOLUMES=""
for adir in $AUTODEPLOY_EXTRA_REPOS; do
# 4 spaces in front of '--volume' is important
AUTODEPLOY_EXTRA_REPOS_AS_DOCKER_VOLUMES="$AUTODEPLOY_EXTRA_REPOS_AS_DOCKER_VOLUMES
--volume ${adir}:${adir}:rw"
done
export AUTODEPLOY_EXTRA_REPOS_AS_DOCKER_VOLUMES
# we apply all the templates
find ./config ./components ./optional-components $EXTRA_CONF_DIRS -name '*.template' |
while read FILE
do
DEST=${FILE%.template}
cat ${FILE} | envsubst "$VARS" | envsubst "$OPTIONAL_VARS" > ${DEST}
done
if [ x"$1" = x"up" ]; then
# this is external in docker-compose.yml so have to create here
# no error if already exist, just an error message
docker network create jupyterhub_network
# no error if already exist
# create externally so nothing will delete these data volume automatically
docker volume create jupyterhub_data_persistence # jupyterhub db and cookie secret
docker volume create thredds_persistence # logs, cache
docker volume create prometheus_persistence # metrics db
docker volume create grafana_persistence # dashboard and config db
docker volume create alertmanager_persistence # storage
fi
COMPOSE_CONF_LIST="-f docker-compose.yml"
for adir in ${EXTRA_CONF_DIRS}; do
if [ -f "$adir/docker-compose-extra.yml" ]; then
COMPOSE_CONF_LIST="${COMPOSE_CONF_LIST} -f $adir/docker-compose-extra.yml"
fi
done
echo "COMPOSE_CONF_LIST=${COMPOSE_CONF_LIST}"
# the PROXY_SECURE_PORT is a little trick to make the compose file invalid without the usage of this wrapper script
PROXY_SECURE_PORT=443 HOSTNAME=${PAVICS_FQDN} docker-compose ${COMPOSE_CONF_LIST} $*
ERR=$?
# execute post-compose function if exists and no error occurred
type post-compose 2>&1 | grep 'post-compose is a function' > /dev/null
if [ $? -eq 0 ]
then
[ ${ERR} -gt 0 ] && { echo "Error occurred with docker-compose, not running post-compose"; exit $?; }
post-compose $*
fi
while [ $# -gt 0 ]
do
if [ x"$1" = x"up" ]; then
# we restart the proxy after an up to make sure nginx continue to work if any container IP address changes
PROXY_SECURE_PORT=443 HOSTNAME=${PAVICS_FQDN} docker-compose restart proxy
# run postgres post-startup setup script
postgres_id=$(PROXY_SECURE_PORT=443 HOSTNAME=${PAVICS_FQDN} docker-compose ${COMPOSE_CONF_LIST} ps -q postgres)
if [ ! -z "$postgres_id" ]; then
docker exec ${postgres_id} /postgres-setup.sh
fi
# Note: This command should stay last, as it can take a while depending on network and drive speeds
# immediately cache the new notebook image for faster startup by JupyterHub
docker pull ${DOCKER_NOTEBOOK_IMAGE}
fi
shift
done
# vi: tabstop=8 expandtab shiftwidth=2 softtabstop=2