|
| 1 | +#!/bin/bash |
| 2 | +# |
| 3 | +# This script can be submitted as a contianerInit hook script to do the following, |
| 4 | +# |
| 5 | +# - Install nextflow software and its dependencies |
| 6 | +# - If running as admin, a 'nextflow' admin user is added with /home/nextflow home directory |
| 7 | +# - If running as a non-admin user, the user is created with the same UID as the MM Cloud user with /home/$USER home directory |
| 8 | +# - Makes the FSx and EFS directories writable by all users |
| 9 | +# |
| 10 | +# Running as admin can cause Nextflow to fail with permission denied errors |
| 11 | +# |
| 12 | +# Following parameters can be passed in as environment variables: |
| 13 | +# |
| 14 | +# OPCENTER_PASSWORD_SECRET: The name of the OPCentre secret passed as '{secret:<Secret name>}'. |
| 15 | +# FSX_MOUNT_PATH: The mount path for FSx. Default is '/mnt/fsx'. |
| 16 | +# EFS_MOUNT_PATH: The mount path for EFS. Default is '/mnt/efs'. |
| 17 | + |
| 18 | +#set -x |
| 19 | +OPCENTER_PASSWORD_SECRET=${OPCENTER_PASSWORD_SECRET:-'{secret:OPCENTER_PASSWORD}'} |
| 20 | +FSX_MOUNT_PATH=${FSX_MOUNT_PATH:-'/mnt/fsx'} |
| 21 | +EFS_MOUNT_PATH=${EFS_MOUNT_PATH:-'/mnt/efs'} |
| 22 | + |
| 23 | +export PATH=$PATH:/usr/bin:/usr/local/bin:/opt/memverge/bin |
| 24 | +export HOME=/root |
| 25 | +export HOME_DIR="/home" |
| 26 | +export NF_ROOT_HOME="$HOME_DIR/nextflow" |
| 27 | + |
| 28 | +LOG_FILE=$FLOAT_JOB_PATH/container-init.log |
| 29 | +touch $LOG_FILE |
| 30 | +exec >$LOG_FILE 2>&1 |
| 31 | + |
| 32 | +function log() { |
| 33 | + if [[ -f ${LOG_FILE_PATH} ]]; then |
| 34 | + echo $(date): "$@" >>${LOG_FILE_PATH} |
| 35 | + fi |
| 36 | + echo $(date): "$@" |
| 37 | +} |
| 38 | + |
| 39 | +function error() { |
| 40 | + log "[ERROR] $1" |
| 41 | +} |
| 42 | + |
| 43 | +function die() { |
| 44 | + error "$1" |
| 45 | + podman kill -a 2>&1 >/dev/null |
| 46 | + exit 1 |
| 47 | +} |
| 48 | + |
| 49 | +function trim_quotes() { |
| 50 | + : "${1//\'/}" |
| 51 | + printf '%s\n' "${_//\"/}" |
| 52 | +} |
| 53 | + |
| 54 | +function assure_root() { |
| 55 | + if [[ ${EUID} -ne 0 ]]; then |
| 56 | + die "Please run with root or sudo privilege." |
| 57 | + fi |
| 58 | +} |
| 59 | + |
| 60 | +function echolower { |
| 61 | + tr [:upper:] [:lower:] <<<"${*}" |
| 62 | +} |
| 63 | + |
| 64 | +function get_secret { |
| 65 | + input_string=$1 |
| 66 | + |
| 67 | + pattern='^\{secret:(.*)\}$' |
| 68 | + |
| 69 | + if [[ $input_string =~ $pattern ]]; then |
| 70 | + # Matched, return the secret name string |
| 71 | + matched_string="${BASH_REMATCH[1]}" |
| 72 | + secret_value=$(float secret get $matched_string -a $FLOAT_ADDR) |
| 73 | + if [[ $? -eq 0 ]]; then |
| 74 | + # Have this secret, will use the secret value |
| 75 | + echo $secret_value |
| 76 | + return |
| 77 | + else |
| 78 | + # Don't have this secret, will still use the input string |
| 79 | + echo $1 |
| 80 | + fi |
| 81 | + else |
| 82 | + # Not matched, return the input string |
| 83 | + echo $1 |
| 84 | + fi |
| 85 | +} |
| 86 | + |
| 87 | +function set_secret { |
| 88 | + file_name=$1 |
| 89 | + secret_name=${FLOAT_JOB_ID}_SSHKEY |
| 90 | + float secret set $secret_name --file $file_name -a $FLOAT_ADDR |
| 91 | + if [[ $? -ne 0 ]]; then |
| 92 | + die "Set secret $secret_name failed" |
| 93 | + fi |
| 94 | +} |
| 95 | + |
| 96 | +function install_java() { |
| 97 | + java_path=$(which java) |
| 98 | + if [[ $? -eq 0 ]]; then |
| 99 | + log "Java is already installed at $java_path" |
| 100 | + return |
| 101 | + fi |
| 102 | + log "Install java" |
| 103 | + yum install -y --quiet java |
| 104 | + if [[ $? -ne 0 ]]; then |
| 105 | + die "Install java failed" |
| 106 | + fi |
| 107 | +} |
| 108 | + |
| 109 | +function install_git() { |
| 110 | + git_path=$(which git) |
| 111 | + if [[ $? -eq 0 ]]; then |
| 112 | + log "Git is already installed at $git_path" |
| 113 | + return |
| 114 | + fi |
| 115 | + log "Install git" |
| 116 | + yum install -y --quiet git |
| 117 | + if [[ $? -ne 0 ]]; then |
| 118 | + die "Install git failed" |
| 119 | + fi |
| 120 | +} |
| 121 | + |
| 122 | +function install_tmux() { |
| 123 | + tmux_path=$(which tmux) |
| 124 | + if [[ $? -eq 0 ]]; then |
| 125 | + log "Tmux is already installed at $tmux_path" |
| 126 | + return |
| 127 | + fi |
| 128 | + log "Install Tmux" |
| 129 | + yum install -y --quiet tmux |
| 130 | + if [[ $? -ne 0 ]]; then |
| 131 | + die "Install Tmux failed" |
| 132 | + fi |
| 133 | +} |
| 134 | + |
| 135 | +function install_nextflow() { |
| 136 | + export PATH=$PATH:/usr/bin |
| 137 | + nf_path=$(which nextflow) |
| 138 | + if [[ $? -eq 0 ]]; then |
| 139 | + log "Nextflow is already installed at $nf_path" |
| 140 | + return |
| 141 | + fi |
| 142 | + log "Install nextflow" |
| 143 | + curl -s https://get.nextflow.io | bash |
| 144 | + if [[ $? -ne 0 ]]; then |
| 145 | + die "Install nextflow failed" |
| 146 | + fi |
| 147 | + mv nextflow /usr/local/bin |
| 148 | + chmod 755 /usr/local/bin/nextflow |
| 149 | +} |
| 150 | + |
| 151 | +function prepare_user_env { |
| 152 | + if [[ $FLOAT_USER_ID -eq 0 ]]; then |
| 153 | + /usr/sbin/useradd -m -d $NF_ROOT_HOME -s /bin/bash nextflow |
| 154 | + su - nextflow -c "ssh-keygen -t rsa -N '' -f ~/.ssh/id_rsa > /dev/null" |
| 155 | + su - nextflow -c "mv ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys" |
| 156 | + set_secret $NF_ROOT_HOME/.ssh/id_rsa |
| 157 | + rm -f $NF_ROOT_HOME/.ssh/id_rsa |
| 158 | + USER_PROFILE=$NF_ROOT_HOME/.bash_profile |
| 159 | + echo "nextflow ALL=(ALL:ALL) NOPASSWD: ALL" | tee -a /etc/sudoers.d/nextflow |
| 160 | + else |
| 161 | + systemctl stop munge |
| 162 | + /usr/sbin/userdel slurm |
| 163 | + /usr/sbin/userdel munge |
| 164 | + id $FLOAT_USER_ID > /dev/null 2>&1 |
| 165 | + if [[ $? -eq 0 ]]; then |
| 166 | + old_name=`getent passwd $FLOAT_USER_ID | cut -d: -f1` |
| 167 | + /usr/sbin/userdel $old_name |
| 168 | + fi |
| 169 | + FLOAT_USER_HOME="$HOME_DIR/$FLOAT_USER" |
| 170 | + /usr/sbin/useradd -u $FLOAT_USER_ID -m -d $FLOAT_USER_HOME -s /bin/bash $FLOAT_USER |
| 171 | + su - $FLOAT_USER -c "ssh-keygen -t rsa -N '' -f ~/.ssh/id_rsa > /dev/null" |
| 172 | + su - $FLOAT_USER -c "mv ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys" |
| 173 | + set_secret $FLOAT_USER_HOME/.ssh/id_rsa |
| 174 | + rm -f $FLOAT_USER_HOME/.ssh/id_rsa |
| 175 | + USER_PROFILE=$FLOAT_USER_HOME/.bash_profile |
| 176 | + fi |
| 177 | +} |
| 178 | + |
| 179 | +function make_fsx_efs_writable { |
| 180 | + |
| 181 | + if [ -d $FSX_MOUNT_PATH ]; then |
| 182 | + chmod 777 $FSX_MOUNT_PATH |
| 183 | + log "Made FSx at $FSX_MOUNT_PATH writable" |
| 184 | + fi |
| 185 | + |
| 186 | + if [ -d $EFS_MOUNT_PATH ]; then |
| 187 | + chmod 777 $EFS_MOUNT_PATH |
| 188 | + log "Made EFS at $EFS_MOUNT_PATH writable" |
| 189 | + fi |
| 190 | +} |
| 191 | + |
| 192 | +function login_to_mmc { |
| 193 | + log "Login to MMC" |
| 194 | + if [[ $FLOAT_USER_ID -eq 0 ]]; then |
| 195 | + log "su - nextflow -c float login -a $FLOAT_ADDR -u $FLOAT_USER -p ****" |
| 196 | + su - nextflow -c "float login -a $FLOAT_ADDR -u $FLOAT_USER -p $(get_secret $OPCENTER_PASSWORD_SECRET)" |
| 197 | + else |
| 198 | + log "su - $FLOAT_USER -c float login -a $FLOAT_ADDR -u $FLOAT_USER -p ****" |
| 199 | + su - $FLOAT_USER -c "float login -a $FLOAT_ADDR -u $FLOAT_USER -p $(get_secret $OPCENTER_PASSWORD_SECRET)" |
| 200 | + fi |
| 201 | +} |
| 202 | + |
| 203 | +#env |
| 204 | + |
| 205 | +assure_root |
| 206 | + |
| 207 | +install_tmux |
| 208 | +install_java |
| 209 | +install_git |
| 210 | +install_nextflow |
| 211 | + |
| 212 | +prepare_user_env |
| 213 | +make_fsx_efs_writable |
| 214 | +login_to_mmc |
| 215 | + |
| 216 | +exit 0 |
0 commit comments