aboutsummaryrefslogtreecommitdiffstats
path: root/lava-master/entrypoint.d/01_setup.sh
blob: ad840728e5bd279636e2667a33e923ee6fcf9b0d (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
#!/bin/bash

# always reset the lavaserver user, since its password could have been reseted in a "docker build --nocache"
if [ ! -s /root/pg_lava_password ];then
	echo "DEBUG: Generating a random LAVA password"
	< /dev/urandom tr -dc A-Za-z0-9 | head -c16 > /root/pg_lava_password
else
	echo "DEBUG: use the given LAVA password"
fi
sudo -u postgres psql -c "ALTER USER lavaserver WITH PASSWORD '$(cat /root/pg_lava_password)';" || exit $?
if [ -e /etc/lava-server/instance.conf ];then
	# pre 2020.05
	sed -i "s,^LAVA_DB_PASSWORD=.*,LAVA_DB_PASSWORD='$(cat /root/pg_lava_password)'," /etc/lava-server/instance.conf || exit $?
else
	# 2020.05+
	sed -i "s,PASSWORD:.*,PASSWORD: '$(cat /root/pg_lava_password)'," /etc/lava-server/settings.d/00-database.yaml || exit $?
fi

# verify that the backup was not already applied in case of persistent_db
if [ ! -e "/var/lib/postgresql/lava-docker.backup_done" ];then
	if [ -e /root/backup/db_lavaserver.gz ];then
		gunzip /root/backup/db_lavaserver.gz || exit $?
	fi

	if [ -e /root/backup/db_lavaserver ];then
		echo "Restore database from backup"
		sudo -u postgres psql < /root/backup/db_lavaserver || exit $?
		yes yes | lava-server manage migrate || exit $?
		echo "Restore jobs output from backup"
		rm -r /var/lib/lava-server/default/media/job-output/*

	        # allow using different folder for tar operations (/tmp by default)
		TMPDIR=${TMPDIR:-/tmp}

		tar xzf /root/backup/joboutput.tar.gz || exit $?
		chown -R lavaserver:lavaserver /var/lib/lava-server/default/media/job-output/
		touch /var/lib/postgresql/lava-docker.backup_done
	fi
	if [ -e /root/backup/devices.tar.gz ];then
		echo "INFO: Restoring devices files"
		tar xzf /root/backup/devices.tar.gz
		chown -R lavaserver:lavaserver /etc/lava-server/dispatcher-config/devices
	fi
else
	echo "DEBUG: backup already applied"
fi

lava-server manage makemigrations
yes yes | lava-server manage migrate || exit $?

# default site is set as example.com
if [ -e /root/lava_http_fqdn ];then
	sudo -u postgres psql lavaserver -c "UPDATE django_site SET name = '$(cat /root/lava_http_fqdn)'" || exit $?
	sudo -u postgres psql lavaserver -c "UPDATE django_site SET domain = '$(cat /root/lava_http_fqdn)'" || exit $?
fi

if [ -e /root/lava-users ];then
	for ut in $(ls /root/lava-users)
	do
		# User is the filename
		USER=$ut
		USER_OPTION=""
		STAFF=0
		SUPERUSER=0
		TOKEN=""
		. /root/lava-users/$ut
		if [ -z "$PASSWORD" -o "$PASSWORD" = "$TOKEN" ];then
			echo "Generating password..."
			#Could be very long, should be avoided
			PASSWORD=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)
		fi
		if [ $STAFF -eq 1 ];then
			USER_OPTION="$USER_OPTION --staff"
		fi
		if [ $SUPERUSER -eq 1 ];then
			USER_OPTION="$USER_OPTION --superuser"
		fi
		lava-server manage users list --all > /tmp/allusers
		if [ $? -ne 0 ];then
			echo "ERROR: cannot generate user list"
			exit 1
		fi
		#filter first name/last name (enclose by "()")
		sed -i 's,[[:space:]](.*$,,' /tmp/allusers
		grep -q "[[:space:]]${USER}$" /tmp/allusers
		if [ $? -eq 0 ];then
			echo "Skip already existing $USER DEBUG(with $TOKEN / $PASSWORD / $USER_OPTION)"
		else
			echo "Adding username $USER DEBUG(with $TOKEN / $PASSWORD / $USER_OPTION)"
			lava-server manage users add --passwd $PASSWORD $USER_OPTION $USER
			if [ $? -ne 0 ];then
				echo "ERROR: Adding user $USER"
				cat /tmp/allusers
				exit 1
			fi
			if [ ! -z "$TOKEN" ];then
				echo "Adding token to user $USER"
				lava-server manage tokens add --user $USER --secret $TOKEN || exit 1
			fi
			if [ ! -z "$EMAIL" ];then
				echo "Adding email to user $USER"
				lava-server manage users update --email $EMAIL $USER || exit 1
			fi
		fi
	done
fi

if [ -e /root/lava-groups ];then
	echo "======================================================"
	echo "Handle groups"
	echo "======================================================"
	GROUP_CURRENT_LIST=/tmp/group.list
	lava-server manage groups list > ${GROUP_CURRENT_LIST}.raw || exit 1
	grep '^\*' ${GROUP_CURRENT_LIST}.raw > ${GROUP_CURRENT_LIST}
	for group in $(ls /root/lava-groups/*group)
	do
		GROUPNAME=""
		SUBMIT=0
		OPTION_SUBMIT=""
		. $group
		grep -q $GROUPNAME $GROUP_CURRENT_LIST
		if [ $? -eq 0 ];then
			echo "DEBUG: SKIP creation of $GROUPNAME which already exists"
		else
			if [ $SUBMIT -eq 1 ];then
				echo "DEBUG: $GROUPNAME can submit jobs"
				OPTION_SUBMIT="--submitting"
			fi
			echo "DEBUG: Add group $GROUPNAME"
			lava-server manage groups add $OPTION_SUBMIT $GROUPNAME || exit 1
		fi
		if [ -e ${group}.list ];then
			echo "DEBUG: Found ${group}.list"
			while read username
			do
				echo "DEBUG: Add user $username to group $GROUPNAME"
				lava-server manage groups update --username $username $GROUPNAME || exit 1
			done < ${group}.list
		fi
	done
fi

if [ -e /root/lava-callback-tokens ];then
	for ct in $(ls /root/lava-callback-tokens)
	do
		. /root/lava-callback-tokens/$ct
		if [ -z "$USER" ];then
			echo "Missing USER"
			exit 1
		fi
		if [ -z "$TOKEN" ];then
			echo "Missing TOKEN for $USER"
			exit 1
		fi
		if [ -z "$DESCRIPTION" ];then
			echo "Missing DESCRIPTION for $USER"
			exit 1
		fi
		lava-server manage tokens list --user $USER |grep -q $TOKEN
		if [ $? -eq 0 ];then
			echo "SKIP already present token for $USER"
		else
			echo "Adding $USER ($DESCRIPTION) DEBUG($TOKEN)"
			lava-server manage tokens add --user $USER --secret $TOKEN --description "$DESCRIPTION" || exit 1
		fi
	done
fi

# This directory is used for storing device-types already added
mkdir -p /root/.lavadocker/
if [ -e /root/device-types ];then
	for i in $(ls /root/device-types/*jinja2)
	do
		if [ -e /etc/lava-server/dispatcher-config/device-types/$(basename $i) ];then
			echo "WARNING: overwriting device-type $i"
			diff -u "/etc/lava-server/dispatcher-config/device-types/$(basename $i)" $i
		fi
		cp $i /etc/lava-server/dispatcher-config/device-types/
		chown lavaserver:lavaserver /etc/lava-server/dispatcher-config/device-types/$(basename $i)
		devicetype=$(basename $i |sed 's,.jinja2,,')
		lava-server manage device-types list | grep -q "[[:space:]]$devicetype[[:space:]]"
		if [ $? -eq 0 ];then
			echo "Skip already known $devicetype"
		else
			echo "Adding custom $devicetype"
			lava-server manage device-types add $devicetype || exit $?
			touch /root/.lavadocker/devicetype-$devicetype
		fi
	done
fi

for worker in $(ls /root/devices/)
do
	echo "Adding worker $worker"
	lava-server manage workers add $worker || exit $?
	for device in $(ls /root/devices/$worker/)
	do
		devicename=$(echo $device | sed 's,.jinja2,,')
		devicetype=$(grep -h extends /root/devices/$worker/$device| grep -o '[a-zA-Z0-9_-]*.jinja2' | sed 's,.jinja2,,')
		if [ -e /root/.lavadocker/devicetype-$devicetype ];then
			echo "Skip devicetype $devicetype"
		else
			echo "Add devicetype $devicetype"
			lava-server manage device-types add $devicetype || exit $?
			touch /root/.lavadocker/devicetype-$devicetype
		fi
		echo "Add device $devicename on $worker"
		cp /root/devices/$worker/$device /etc/lava-server/dispatcher-config/devices/ || exit $?
		lava-server manage devices add --device-type $devicetype --worker $worker $devicename || exit $?
	done
done

if [ -e /etc/lava-dispatcher/certificates.d/$(hostname).key ];then
	echo "INFO: Enabling encryption"
	sed -i 's,.*ENCRYPT=.*,ENCRYPT="--encrypt",' /etc/lava-server/lava-master || exit $?
	sed -i 's,.*MASTER_CERT=.*,MASTER_CERT="--master-cert /etc/lava-dispatcher/certificates.d/$(hostname).key_secret",' /etc/lava-server/lava-master || exit $?
	sed -i 's,.*ENCRYPT=.*,ENCRYPT="--encrypt",' /etc/lava-server/lava-logs || exit $?
	sed -i 's,.*MASTER_CERT=.*,MASTER_CERT="--master-cert /etc/lava-dispatcher/certificates.d/$(hostname).key_secret",' /etc/lava-server/lava-logs || exit $?
fi

echo "DEBUG: fix owning rights on /etc/lava-server/dispatcher-config"
chown -Rc lavaserver:lavaserver /etc/lava-server/dispatcher-config
exit 0