Project

General

Profile

Actions

Story #17344

open

[boot] Make arvados-server-easy package suitable for demo use case

Added by Tom Clegg over 1 year ago. Updated about 16 hours ago.

Status:
In Progress
Priority:
Normal
Assigned To:
Category:
-
Target version:
Start date:
07/15/2022
Due date:
% Done:

100%

Estimated time:
(Total: 0.00 h)
Story points:
-

Description

Resolve outstanding issues:
  • Install arv-mount so a-d-c loopback driver can use it
  • Avoid leaving system in inconvenient state if arvados-server init doesn't go well
  • Save a docker image (alpine linux? hello world?) during "init", and use it instead of arvados/jobs in diagnostics
  • Document firewall / accessible port requirements
  • Sanity-check dns/firewall early in arvados-server init
  • Remove setup roadblocks (e.g., use PAM instead of Google API keys)
  • Fix internal/external client detection so remote clients don't try to connect to keepstore at 0.0.0.0:9010
  • Link "next steps" section to relevant doc pages
  • Add "make an admin user" to next steps
  • Review/remove obsolete package dependencies (libpython2.7, *-dev?)

Subtasks 1 (0 open1 closed)

Task #19244: Review 17344-easy-demoResolvedTom Clegg07/15/2022

Actions

Related issues

Related to Arvados - Story #16306: [install] Build all-in-one server package using arvados-server install/boot in production modeResolvedTom Clegg09/22/2020

Actions
Related to Arvados Epics - Story #15941: arvados-bootIn Progress07/01/202210/31/2022

Actions
Related to Arvados Epics - Story #18337: Easy install via OS packageNew09/01/202212/31/2022

Actions
Actions #1

Updated by Tom Clegg over 1 year ago

  • Related to Story #16306: [install] Build all-in-one server package using arvados-server install/boot in production mode added
Actions #2

Updated by Tom Clegg over 1 year ago

Actions #3

Updated by Peter Amstutz about 1 year ago

  • Target version deleted (Arvados Future Sprints)
Actions #4

Updated by Peter Amstutz about 1 month ago

  • Target version set to 2022-07-20
Actions #5

Updated by Tom Clegg about 1 month ago

  • Related to Story #18337: Easy install via OS package added
Actions #6

Updated by Tom Clegg about 1 month ago

  • Description updated (diff)
Actions #7

Updated by Tom Clegg about 1 month ago

  • Status changed from New to In Progress
  • Description updated (diff)
Actions #8

Updated by Tom Clegg about 1 month ago

  • Description updated (diff)
Actions #10

Updated by Tom Clegg about 1 month ago

  • Description updated (diff)
Actions #11

Updated by Lucas Di Pentima 30 days ago

Sorry for the delay, here're some comments:

  • The ticket mentions a "demo" mode, is the "single-host production" auto install also the demo? I think the "demo mode" could be configured to set the first user as an admin, and also auto-activate new users.
  • Could we add the postgresql & docker.io packages as dependencies so it gets auto-installed when necessary? If we aim to do a single node install, those dependencies are needed on the same host, or do you think of another possibility?
  • In lib/install/deps.go:L647 Do you think we could use a dynamic amount of parallel jobs depending on the available cpu cores? I think it would be beneficial if we then decide to use a high CPU worker for the package build pipeline.
  • Question: The version number selected for the package is "2.1.0", is this due to the branch being created from 16652's branch that was started on March?
  • While thinking about ways how we can get the diagnostics tool to be usable anywhere, I thought about 2 ideas:
    • Given that the alpine docker image is so small (5.6 MB) we could somehow embed it on our arvados-client so that it can upload it to keep if necessary.
    • If we don't want binary blobs inside our own binary, we could use a tool like skopeo (https://github.com/containers/skopeo) to download it to the local filesystem instead of needing the docker daemon.
      • Although it's a interesting project, I guess having to install it (and its dependencies) would be as annoying as installing docker to get the same effect? Not sure if it can be used as a library just for the purpose of downloading docker images from the registry.
  • In lib/install/init.go:L118-125, shouldn't be better to iterate over a list of port numbers? AFAICT, if ports 4440 & 443 are already taken, the current code doesn't fail.
  • After initialization, the message is: "Setup complete, you can access wb at xxxx"... do you think it would be useful to also suggest the admin to do a diagnostics run? Or maybe execute it automatically before the "setup complete" message?
  • The docs say that the user should be setup by username, but when I tried I got this (lack of --user on the docs' example):
    root@debian-s-4vcpu-8gb-nyc3-01:~# arv sudo user setup lucas
    Top level ::CompositeIO is deprecated, require 'multipart/post' and use `Multipart::Post::CompositeReadIO` instead!
    Top level ::Parts is deprecated, require 'multipart/post' and use `Multipart::Post::Parts` instead!
    Error: //railsapi.internal/arvados/v1/users/setup: 422 Unprocessable Entity: #<ArgumentError: Required uuid or user> (req-1s86olhxcvhrlap8h424)
    
  • The initial user wasn't set up as an admin user, so I think the docs could also say how to set a user as admin via the CLI?
  • In the docs section about customizing the cluster, maybe we can have some of those bulletpoints linked to sections of the documentation about manual install/config?
Actions #12

Updated by Tom Clegg 29 days ago

  • Description updated (diff)
Actions #13

Updated by Tom Clegg 29 days ago

  • Description updated (diff)
Actions #14

Updated by Tom Clegg 29 days ago

I haven't been thinking of this as a separate "demo mode" per se -- rather, getting the single-node production install far enough along to use as a demo, but not necessarily functional enough to recommend for production yet (e.g., doesn't handle database migrations yet).

Activation/admin setup could definitely be made smoother/easier. If possible I'd like to solve this in the secure/private case, rather than lean on insecure/open settings for the sake of convenience. Ideas:
  • make a command more like arv sudo user setup [--admin] $username
  • make arv sudo user setup $username work even if it's run before the user's first login (we made a system for this so we could pre-approve people based on their Google account address, but I'm not sure whether it works in the PAM case)
  • option to auto-activate + auto-admin when using PAM and user is in a specified group (like "sudo" or "adm")
  • an arv sudo ... command that [creates a new user] and prints a https://wb2/token?api_token=... link to log you in right away

postgresql & docker.io packages as dependencies so it gets auto-installed when necessary

Both postgresql server and docker daemon seem a bit much to install where they're not needed. Depending on how you define "single-node install", postgresql server might be on a different host, or a cloud service. Docker isn't needed on server nodes in normal usage, only for the sake of diagnostics. (Also, although we're not there yet, my intent is to make a multi-node cluster something like "on each host, install arvados-server-easy, then do this "join" command".)

I was even wondering if we can remove the gitolite dependency (and its annoying interactive prompt during package install) and automatically disabling the git features if it's not installed.

How about making the install instructions say "apt install postgresql docker.io arvados-server-easy", with notes about omitting them (or removing them afterward) if not needed?

dynamic amount of parallel jobs depending on the available cpu cores

Oh yeah, good catch. Done.

version number selected for the package is "2.1.0"

Yes, it uses the same rules as the existing package scripts: for real published packages the caller should be specifying the version (arvados-package build -package-version=2.4.1), otherwise we use source:build/version-at-commit.sh to guess something based on the git history.

embed alpine docker image

Hm, I kinda like this idea. Is there an even lighter image that would be useful for testing? It really doesn't need to do much. Yes! there is https://hub.docker.com/_/hello-world -- "docker save" makes a 24064 byte .tar file.

better to iterate over a list of port numbers? AFAICT, if ports 4440 & 443 are already taken, the current code doesn't fail

Oops, yes. Fixed. And now it tests all of 4440-4460, not just 4440.

suggest the admin to do a diagnostics run? Or maybe execute it automatically before the "setup complete" message?

Suggesting seems good -- added. I'm not sure about doing it automatically. I like the idea of teaching the user to use 'arv sudo diagnostics' themself early in the game.

arv sudo user setup lucas

Oh yeah. I wrote that in the docs because it would be nice if it really looked that way. Currently I think you need to say --uuid {paste_uuid_here} and getting the UUID was too annoying to document.

In the docs section about customizing the cluster, maybe we can have some of those bulletpoints linked

Added some links. The existing doc pages aren't exactly right for this context (e.g., telling you to install arvados-dispatch-cloud) but it's a start.

17344-easy-demo @ a2d23c038780134c812249e74d9e6d1b7cad69b6 -- developer-run-tests: #3240

Actions #15

Updated by Tom Clegg 29 days ago

17344-easy-demo @ d15f485909cf84aeda62c0a843f384cb218e0125 -- developer-run-tests: #3241

Removes some dev-only/outdated package dependencies

Actions #16

Updated by Tom Clegg 28 days ago

17344-easy-demo @ c966970d64c21d7adaf1c3c8b737aa9e7c166f0e

Adds -create-db=false option, with connection info accepted from POSTGRES_HOST/USER/DB/PASSWORD env vars

Actions #17

Updated by Lucas Di Pentima 28 days ago

This LGTM, thanks!

Actions #18

Updated by Tom Clegg 28 days ago

  • Target version changed from 2022-07-20 to 2022-08-03 Sprint
Actions #19

Updated by Tom Clegg 27 days ago

  • Description updated (diff)
Actions #20

Updated by Peter Amstutz 15 days ago

  • Target version changed from 2022-08-03 Sprint to 2022-08-17 sprint
Actions #21

Updated by Peter Amstutz about 16 hours ago

  • Target version changed from 2022-08-17 sprint to 2022-08-31 sprint
Actions

Also available in: Atom PDF