#!/usr/bin/expect -f # -*- mode:shell-script -*- # # Expect script for automatically building an ESGF node # # To use, copy the file esg-autoinstall.template (either in # /usr/local/etc from the boostrapper or from the Git repository) to # /usr/local/etc/esg-autoinstall.conf and edit it to reflect your site # settings, then run 'esg-autoinstall' # source /usr/local/etc/esg-autoinstall.conf ### Expect script begins here ### set install_local_certs 0 set install_keypair 0 if { $argc > 0 } { foreach opt $argv { if { $opt eq "--install-local-certs" } { set install_local_certs 1 } elseif { $opt eq "--install-keypair" } { set install_keypair 1 } } spawn ${ESGNODESCRIPT} --type ${NODETYPE} {*}$argv } else { spawn ${ESGNODESCRIPT} --type ${NODETYPE} --install ${INSTALLFLAGS} } expect { # Error messages cause instant abort # ERROR and FATAL are found even in working installs # "ERROR:" { exit 1 } "could not change directory to" { exit 1 } "No space left on device" { exit 1 } "Permission denied" { exit 1 } "This action did not complete successfully" { exit 1 } # Actual script responses "Enter local mirror url:" { send ${LOCMIRRORURL}\n ; exp_continue } "You entered ${LOCMIRRORURL}. Is this correct?(Y/n)" { send y\n ; exp_continue } "Please select the ESGF distribution mirror for this installation" { send \n ; exp_continue } "Are you ready to begin the installation?" { send y\n ; exp_continue } "Please select the IP address to use for this installation" { send 0\n ; exp_continue } "What is the fully qualified domain name of this node?" { send ${FQDN}\n ; exp_continue } "What is the admin password to use for this installation?" { send ${ADMINPASS}\n ; exp_continue } "Please re-enter password:" { send ${ADMINPASS}\n ; exp_continue } "What is the name of your organization?" { send ${ORGNAME}\n ; exp_continue } "Please give this node a \"short\" name" { send ${SHORTNAME}\n ; exp_continue } "Please give this node a more descriptive \"long\" name" { send ${LONGNAME}\n ; exp_continue } "What is the namespace to use for this node?" { send ${NAMESPACE}\n ; exp_continue } "What peer group(s) will this node participate in?" { send ${PEERGROUP}\n ; exp_continue } "What is the hostname of the index node you plan to publish to?" { send ${PUBLISHNODE}\n ; exp_continue } "What email address should notifications be sent as?" { send ${ADMINEMAIL}\n ; exp_continue } "Is the database external to this node?" { send \n ; exp_continue } "What is the database connection string?" { send ${DBSTRING}\n ; exp_continue } "Is the database external to this node?" { send ${DBEXTERNAL}\n ; exp_continue } "What is the (low priv) db account for publisher?" { send ${DBLOWUSER}\n ; exp_continue } "What is the db password for publisher user" { send ${DBLOWPASS}\n ; exp_continue } "Enter password for postgres user dbsuper:" { send ${ADMINPASS}\n ; exp_continue } "Re-enter password for postgres user dbsuper:" { send ${ADMINPASS}\n ; exp_continue } "Please Enter PostgreSQL port number" { send ${PGPORT}\n ; exp_continue } "Would you like a \"system\" or \"user\" publisher configuration" { send \n ; exp_continue } "Is this correct?" { send Y\n ; exp_continue } "What is your organization's id?" { send ${ORGNAME}\n ; exp_continue } "Do you want to continue with Tomcat installation and setup?" { send \n ; exp_continue } "Do you want to continue with Java installation and setup?" { send \n ; exp_continue } "Do you want to continue with Ant installation and setup?" { send \n ; exp_continue } "Do you want to continue with CDAT installation and setup?" { send ${UPGRADECDAT}\n ; exp_continue } "Do you want to continue with esgcet installation and setup?" { send ${UPGRADECDAT}\n ; exp_continue } "Do you want to continue with thredds installation and setup?" { send ${THREDDS}\n ; exp_continue } "Do you want to continue with ESGF Dashboard IP installation and setup?" { send \n ; exp_continue } "Would you like to install the \"COMPUTE\" configuration to support this ?" { send N\n ; exp_continue } "Do you want to continue with LAS installation and setup?" { send \n ; exp_continue } "Would you like to use the DN: (OU=ESGF.ORG, O=ESGF)" { send \n ; exp_continue } "Please set the password for this keystore" { send ${ADMINPASS}\n ; exp_continue } "Please enter the password for this keystore" { send ${ADMINPASS}\n ; exp_continue } "Please re-enter the password for this keystore" { send ${ADMINPASS}\n ; exp_continue } "Please enter your Certificate Authority's certificate chain file(s)" { send ${CACERTCHAIN}\n\n ; exp_continue } "Is the above information correct?" { send Y\n ; exp_continue } "Enter a single ip address which would be cleared to access admin restricted pages." { send ${ADMINIP}\n ; exp_continue } "Do you wish to allow further ips?" { send n\n ; exp_continue } "Please enter username for tomcat" { send \n ; exp_continue } "Please enter password for user, " { send \n ; exp_continue } "Would you like to add another user?" { send \n ; exp_continue } "Do you wish to setup the redirect to the esgf-node-manager's page?" { send \n ; exp_continue } "(RETURN if same as keystore password)" { send \n ; exp_continue } "Do you wish to generate a Certificate Signing Request at this time?" { send \n ; exp_continue } "Please Enter the IP address of this host" { send \n ; exp_continue } "Please Enter the public (i.e. routable) IP address of this host" { send \n ; exp_continue } "Do you wish to use an external IDP peer?" { send ${EXTERNALIDP}\n ; exp_continue } "Please specify your IDP peer node's FQDN:" { send ${IDPPEER}\n ; exp_continue } "Enter certificate to add to trusted keystore" { send \n ; exp_continue } "Would you like to configure this node for CMIP6 publishing" { send Y\n ; exp_continue } "Would you like to install the SLCS OAuth server on this node" { send Y\n ; exp_continue } # For --type all, Globus is set up twice, once as a gateway, and # once as a datanode. Unfortunately, on the second pass of this # the prompt defaults to N because it detects the installation of # the previous type, so we have to always force it to Y, or key # packages will not be installed and the globus user will be # missing. # # This means that it will always be forcibly reinstalled upon # upgrade even if it doesn't need to be, but there is no way # around that at this time without changing the detection in the # esg-node script. "Do you want to continue with the Globus installation and setup?" { send ${GLOBUS}\n ; exp_continue } "Do you want to make a back up of the existing Globus distribution (datanode)?" { send \n ; exp_continue } "Do you want to register the GridFTP server with Globus?" { send ${REGISTERGLOBUS}\n ; exp_continue } "Do you want to register the MyProxy server with Globus?" { send ${REGISTERGLOBUS}\n ; exp_continue } "Please provide a Globus username" { send ${GLOBUSUSER}\n ; exp_continue } "Globus password" { send ${GLOBUSPASS}\n ; exp_continue } "Globus Username:" { send ${GLOBUSUSER}\n ; exp_continue } "Globus Password:" { send ${GLOBUSPASS}\n ; exp_continue } "Enter password for new role:" { send ${ADMINPASS}\n ; exp_continue } "Enter it again:" { send ${ADMINPASS}\n ; exp_continue } # This prompt is causing problems -- apparently it's either not a real # stopping point, or there is an errant \n before this prompt is # reached. Removing it fixes a known installation problem, however. # "Is this ok" { # send Y\n ; exp_continue # } "Add new line:" { send \n ; exp_continue } "Do you still wish to continue?" { send Y\n ; exp_continue } "Do you want to continue with openid relying party installation and setup?" { send \n ; exp_continue } "Do you want to make a back up of the existing distribution?" { send Y\n ; exp_continue } "Do you want to continue with security services installation and setup?" { send \n ; exp_continue } "Do you want to continue with idp services installation and setup?" { send \n ; exp_continue } "Do you want to continue with search services installation and setup?" { send \n ; exp_continue } "Do you want to continue with security schema setup?" { send \n ; exp_continue } "Do you want to make a back up of the existing database schema" { send \n ; exp_continue } "Do you still wish to (re)GENERATE self signed certs (and usurp what is present)?" { send \n ; exp_continue } "Do you want to overwrite this CA?" { send \n ; exp_continue } "Enter (simple) CA's certificate password" { send ${CACERTPASS}\n ; exp_continue } "Do you want to make a back up of the existing MyProxy SimpleCA (gateway)?" { send Y\n ; exp_continue } # This prompt in theory should only appear if you in fact already # have a simple CA, and the default will be 'N', correct for # upgrades. "Do you wish to install a simple CA?" { send \n ; exp_continue } "Would you like to remove the current CA setup?" { send \n ; exp_continue } "Do you want to keep this as the CA subject" { send Y\n ; exp_continue } "Enter the email of the CA" { send ${ADMINEMAIL}\n ; exp_continue } "default: 5 years" { send \n ; exp_continue } "Enter PEM pass phrase:" { send ${CACERTPASS}\n ; exp_continue } "please enter the password for the CA key" { send ${CACERTPASS}\n ; exp_continue } "Enter (simple) CA's certificate password" { send ${CACERTPASS}\n ; exp_continue } "Are you sure you wish to add a NEW replica index" { send ${SOLRREINDEX}\n ; exp_continue } "Automatic peer with super-node" { send N\n ; exp_continue } # Victory conditions "Node installation is complete." { exit 0 } "Local installation of certs complete" { if { $install_local_certs == 1 } { exit 0 } exp_continue } "Please restart this node for keys to take effect" { if { $install_keypair == 1 } { exit 0 } exp_continue } }