create a token secured cluster with ACL for validation

Signed-off-by: Jorge Aguilera <jorge@edn.es>
nextflow-io · Jul 3, 2024 · fa2b3e3 · fa2b3e3
1 parent 09a9e68
commit fa2b3e3
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 5 deletions.
diff --git a/validation/README.md b/validation/README.md
@@ -21,6 +21,9 @@ sudo ./start-nomad.sh
 Basically this command create a `nomad_temp` folder, run a server and a client, and mount `nomad_temp/scratchdir` as a `local` volume
 , so all pipelines can/must use it as working dir 
 
+Use `--secure` argument if you want to create a secured cluster. The script will bootstrap an ACL and a NOMAD_TOKEN
+will be generated (see the output of the script)
+
 ## Run pipelines examples
 
 open another terminal and execute:

diff --git a/validation/start-nomad.sh b/validation/start-nomad.sh
@@ -1,8 +1,11 @@
 #!/bin/bash
-set -uex
+set -ue
 
-export NOMAD_VERSION="1.8.1"
-export NOMAD_PLATFORM="linux_amd64"
+NOMAD_VERSION="1.8.1"
+NOMAD_PLATFORM="linux_amd64"
+
+SECURE=0
+[[ "$@" =~ '--secure' ]] && SECURE=1
 
 if [ ! -f ./nomad ]; then
   curl -O "https://releases.hashicorp.com/nomad/${NOMAD_VERSION}/nomad_${NOMAD_VERSION}_${NOMAD_PLATFORM}.zip"
@@ -23,6 +26,14 @@ cat >server-custom.conf <<EOL
 data_dir  = "${CURRENT_DIR}/server"
 EOL
 
+if [ "$SECURE" == 1 ]; then
+cat >>server-custom.conf <<EOL
+acl {
+  enabled = true
+}
+EOL
+fi
+
 rm -f client-custom.conf
 cat >client-custom.conf <<EOL
 data_dir  = "${CURRENT_DIR}/client"
@@ -37,4 +48,18 @@ EOL
 
 cp ../server.conf .
 cp ../client.conf .
-../nomad agent -config server.conf -config client.conf -config server-custom.conf -config client-custom.conf
+
+if [ "$SECURE" == 0 ]; then
+  # basic nomad cluter
+  ../nomad agent -config server.conf -config client.conf -config server-custom.conf -config client-custom.conf
+else
+  # secured nomad cluster
+../nomad agent -config server.conf -config client.conf -config server-custom.conf -config client-custom.conf &
+cd ..
+./wait-nomad.sh
+sleep 3
+NOMAD_TOKEN=$(nomad acl bootstrap | awk '/^Secret ID/ {print $4}')
+export NOMAD_TOKEN
+echo New super token generated.
+echo export NOMAD_TOKEN=$NOMAD_TOKEN
+fi
diff --git a/validation/wait-nomad.sh b/validation/wait-nomad.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-until curl --output /dev/null --silent --head --fail http://localhost:4646; do
+until curl --output /dev/null --silent --fail http://localhost:4646/v1/status/leader; do
     printf '.'
     sleep 5
 done