-
Notifications
You must be signed in to change notification settings - Fork 551
/
Copy pathbootstrap-salt.sh
executable file
·8509 lines (7017 loc) · 308 KB
/
bootstrap-salt.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
#!/bin/sh
# WARNING: Changes to this file in the salt repo will be overwritten!
# Please submit pull requests against the salt-bootstrap repo:
# https://github.com/saltstack/salt-bootstrap
# shellcheck disable=SC2317
# shellcheck disable=SC2086
# shellcheck disable=SC2329
#
#======================================================================================================================
# vim: softtabstop=4 shiftwidth=4 expandtab fenc=utf-8 spell spelllang=en cc=120
#======================================================================================================================
#
# FILE: bootstrap-salt.sh
#
# DESCRIPTION: Bootstrap Salt installation for various systems/distributions
#
# BUGS: https://github.com/saltstack/salt-bootstrap/issues
#
# COPYRIGHT: (c) 2012-2024 by the SaltStack Team, see AUTHORS.rst for more
# details.
#
# LICENSE: Apache 2.0
# ORGANIZATION: SaltStack (saltproject.io)
# CREATED: 10/15/2012 09:49:37 PM WEST
#======================================================================================================================
set -o nounset # Treat unset variables as an error
__ScriptVersion="2024.12.12"
__ScriptName="bootstrap-salt.sh"
__ScriptFullName="$0"
__ScriptArgs="$*"
#======================================================================================================================
# Environment variables taken into account.
#----------------------------------------------------------------------------------------------------------------------
# * BS_COLORS: If 0 disables colour support
# * BS_PIP_ALLOWED: If 1 enable pip based installations(if needed)
# * BS_PIP_ALL: If 1 enable all python packages to be installed via pip instead of apt, requires setting virtualenv
# * BS_VIRTUALENV_DIR: The virtualenv to install salt into (shouldn't exist yet)
# * BS_ECHO_DEBUG: If 1 enable debug echo which can also be set by -D
# * BS_SALT_ETC_DIR: Defaults to /etc/salt (Only tweak'able on git based installations)
# * BS_SALT_CACHE_DIR: Defaults to /var/cache/salt (Only tweak'able on git based installations)
# * BS_KEEP_TEMP_FILES: If 1, don't move temporary files, instead copy them
# * BS_FORCE_OVERWRITE: Force overriding copied files(config, init.d, etc)
# * BS_UPGRADE_SYS: If 1 and an option, upgrade system. Default 0.
# * BS_GENTOO_USE_BINHOST: If 1 add `--getbinpkg` to gentoo's emerge
# * BS_SALT_MASTER_ADDRESS: The IP or DNS name of the salt-master the minion should connect to
# * BS_SALT_GIT_CHECKOUT_DIR: The directory where to clone Salt on git installations
#======================================================================================================================
# Bootstrap script truth values
BS_TRUE=1
BS_FALSE=0
# Default sleep time used when waiting for daemons to start, restart and checking for these running
__DEFAULT_SLEEP=3
#--- FUNCTION -------------------------------------------------------------------------------------------------------
# NAME: __detect_color_support
# DESCRIPTION: Try to detect color support.
#----------------------------------------------------------------------------------------------------------------------
_COLORS=${BS_COLORS:-$(tput colors 2>/dev/null || echo 0)}
__detect_color_support() {
# shellcheck disable=SC2181
if [ $? -eq 0 ] && [ "$_COLORS" -gt 2 ]; then
RC='\033[1;31m'
GC='\033[1;32m'
BC='\033[1;34m'
YC='\033[1;33m'
EC='\033[0m'
else
RC=""
GC=""
BC=""
YC=""
EC=""
fi
}
__detect_color_support
#--- FUNCTION -------------------------------------------------------------------------------------------------------
# NAME: echoerr
# DESCRIPTION: Echo errors to stderr.
#----------------------------------------------------------------------------------------------------------------------
echoerror() {
printf "${RC} * ERROR${EC}: %s\\n" "$@" 1>&2;
}
#--- FUNCTION -------------------------------------------------------------------------------------------------------
# NAME: echoinfo
# DESCRIPTION: Echo information to stdout.
#----------------------------------------------------------------------------------------------------------------------
echoinfo() {
printf "${GC} * INFO${EC}: %s\\n" "$@";
}
#--- FUNCTION -------------------------------------------------------------------------------------------------------
# NAME: echowarn
# DESCRIPTION: Echo warning information to stdout.
#----------------------------------------------------------------------------------------------------------------------
echowarn() {
printf "${YC} * WARN${EC}: %s\\n" "$@";
}
#--- FUNCTION -------------------------------------------------------------------------------------------------------
# NAME: echodebug
# DESCRIPTION: Echo debug information to stdout.
#----------------------------------------------------------------------------------------------------------------------
echodebug() {
if [ "$_ECHO_DEBUG" -eq $BS_TRUE ]; then
printf "${BC} * DEBUG${EC}: %s\\n" "$@";
fi
}
#--- FUNCTION -------------------------------------------------------------------------------------------------------
# NAME: __check_command_exists
# DESCRIPTION: Check if a command exists.
#----------------------------------------------------------------------------------------------------------------------
__check_command_exists() {
command -v "$1" > /dev/null 2>&1
}
#--- FUNCTION -------------------------------------------------------------------------------------------------------
# NAME: __check_services_systemd_functional
# DESCRIPTION: Set _SYSTEMD_FUNCTIONAL = BS_TRUE or BS_FALSE case where systemd is functional (for example: container may not have systemd)
#----------------------------------------------------------------------------------------------------------------------
__check_services_systemd_functional() {
# check if systemd is functional, having systemctl present is insufficient
if [ "$_SYSTEMD_FUNCTIONAL" -eq $BS_FALSE ]; then
# already determined systemd is not functional, default is 1
return
fi
if __check_command_exists systemctl; then
# shellcheck disable=SC2034
_SYSTEMD_HELP="$(systemctl --help)"
else
_SYSTEMD_FUNCTIONAL=$BS_FALSE
echoerror "systemctl: command not found, assume systemd not implemented, _SYSTEMD_FUNCTIONAL $_SYSTEMD_FUNCTIONAL"
fi
} # ---------- end of function __check_services_systemd_functional ----------
#--- FUNCTION -------------------------------------------------------------------------------------------------------
# NAME: __check_pip_allowed
# DESCRIPTION: Simple function to let the users know that -P needs to be used.
#----------------------------------------------------------------------------------------------------------------------
__check_pip_allowed() {
_PIP_ALLOWED_ERROR_MSG="pip based installations were not allowed. Retry using '-P'"
if [ "$_PIP_ALLOWED" -eq $BS_FALSE ]; then
echoerror "$_PIP_ALLOWED_ERROR_MSG"
__usage
exit 1
fi
}
#--- FUNCTION -------------------------------------------------------------------------------------------------------
# NAME: __check_config_dir
# DESCRIPTION: Checks the config directory, retrieves URLs if provided.
#----------------------------------------------------------------------------------------------------------------------
__check_config_dir() {
CC_DIR_NAME="$1"
CC_DIR_BASE=$(basename "${CC_DIR_NAME}")
case "$CC_DIR_NAME" in
http://*|https://*)
__fetch_url "/tmp/${CC_DIR_BASE}" "${CC_DIR_NAME}"
CC_DIR_NAME="/tmp/${CC_DIR_BASE}"
;;
ftp://*)
__fetch_url "/tmp/${CC_DIR_BASE}" "${CC_DIR_NAME}"
CC_DIR_NAME="/tmp/${CC_DIR_BASE}"
;;
*://*)
echoerror "Unsupported URI scheme for $CC_DIR_NAME"
echo "null"
return
;;
*)
if [ ! -e "${CC_DIR_NAME}" ]; then
echoerror "The configuration directory or archive $CC_DIR_NAME does not exist."
echo "null"
return
fi
;;
esac
case "$CC_DIR_NAME" in
*.tgz|*.tar.gz)
tar -zxf "${CC_DIR_NAME}" -C /tmp
CC_DIR_BASE=$(basename "${CC_DIR_BASE}" ".tgz")
CC_DIR_BASE=$(basename "${CC_DIR_BASE}" ".tar.gz")
CC_DIR_NAME="/tmp/${CC_DIR_BASE}"
;;
*.tbz|*.tar.bz2)
tar -xjf "${CC_DIR_NAME}" -C /tmp
CC_DIR_BASE=$(basename "${CC_DIR_BASE}" ".tbz")
CC_DIR_BASE=$(basename "${CC_DIR_BASE}" ".tar.bz2")
CC_DIR_NAME="/tmp/${CC_DIR_BASE}"
;;
*.txz|*.tar.xz)
tar -xJf "${CC_DIR_NAME}" -C /tmp
CC_DIR_BASE=$(basename "${CC_DIR_BASE}" ".txz")
CC_DIR_BASE=$(basename "${CC_DIR_BASE}" ".tar.xz")
CC_DIR_NAME="/tmp/${CC_DIR_BASE}"
;;
esac
echo "${CC_DIR_NAME}"
}
#--- FUNCTION -------------------------------------------------------------------------------------------------------
# NAME: __check_unparsed_options
# DESCRIPTION: Checks the placed after the install arguments
#----------------------------------------------------------------------------------------------------------------------
__check_unparsed_options() {
shellopts="$1"
# grep alternative for SunOS
if [ -f /usr/xpg4/bin/grep ]; then
grep='/usr/xpg4/bin/grep'
else
grep='grep'
fi
unparsed_options=$( echo "$shellopts" | ${grep} -E '(^|[[:space:]])[-]+[[:alnum:]]' )
if [ "$unparsed_options" != "" ]; then
__usage
echo
echoerror "options are only allowed before install arguments"
echo
exit 1
fi
}
#----------------------------------------------------------------------------------------------------------------------
# Handle command line arguments
#----------------------------------------------------------------------------------------------------------------------
_KEEP_TEMP_FILES=${BS_KEEP_TEMP_FILES:-$BS_FALSE}
_TEMP_CONFIG_DIR="null"
_SALTSTACK_REPO_URL="https://github.com/saltstack/salt.git"
_SALT_REPO_URL=${_SALTSTACK_REPO_URL}
_TEMP_KEYS_DIR="null"
_SLEEP="${__DEFAULT_SLEEP}"
_INSTALL_MASTER=$BS_FALSE
_INSTALL_SYNDIC=$BS_FALSE
_INSTALL_SALT_API=$BS_FALSE
_INSTALL_MINION=$BS_TRUE
_INSTALL_CLOUD=$BS_FALSE
_VIRTUALENV_DIR=${BS_VIRTUALENV_DIR:-"null"}
_START_DAEMONS=$BS_TRUE
_DISABLE_SALT_CHECKS=$BS_FALSE
_ECHO_DEBUG=${BS_ECHO_DEBUG:-$BS_FALSE}
_CONFIG_ONLY=$BS_FALSE
_PIP_ALLOWED=${BS_PIP_ALLOWED:-$BS_FALSE}
_PIP_ALL=${BS_PIP_ALL:-$BS_FALSE}
_SALT_ETC_DIR=${BS_SALT_ETC_DIR:-/etc/salt}
_SALT_CACHE_DIR=${BS_SALT_CACHE_DIR:-/var/cache/salt}
_PKI_DIR=${_SALT_ETC_DIR}/pki
_FORCE_OVERWRITE=${BS_FORCE_OVERWRITE:-$BS_FALSE}
_GENTOO_USE_BINHOST=${BS_GENTOO_USE_BINHOST:-$BS_FALSE}
_EPEL_REPO=${BS_EPEL_REPO:-epel}
_EPEL_REPOS_INSTALLED=$BS_FALSE
_UPGRADE_SYS=${BS_UPGRADE_SYS:-$BS_FALSE}
_INSECURE_DL=${BS_INSECURE_DL:-$BS_FALSE}
_CURL_ARGS=${BS_CURL_ARGS:-}
_FETCH_ARGS=${BS_FETCH_ARGS:-}
_GPG_ARGS=${BS_GPG_ARGS:-}
_WGET_ARGS=${BS_WGET_ARGS:-}
_SALT_MASTER_ADDRESS=${BS_SALT_MASTER_ADDRESS:-null}
_SALT_MINION_ID="null"
# _SIMPLIFY_VERSION is mostly used in Solaris based distributions
_SIMPLIFY_VERSION=$BS_TRUE
_LIBCLOUD_MIN_VERSION="0.14.0"
_EXTRA_PACKAGES=""
_HTTP_PROXY=""
_SALT_GIT_CHECKOUT_DIR=${BS_SALT_GIT_CHECKOUT_DIR:-/tmp/git/salt}
_NO_DEPS=$BS_FALSE
_FORCE_SHALLOW_CLONE=$BS_FALSE
_DISABLE_SSL=$BS_FALSE
_DISABLE_REPOS=$BS_FALSE
_CUSTOM_REPO_URL="null"
_CUSTOM_MASTER_CONFIG="null"
_CUSTOM_MINION_CONFIG="null"
_QUIET_GIT_INSTALLATION=$BS_FALSE
_REPO_URL="packages.broadcom.com/artifactory"
_PY_EXE="python3"
_MINIMUM_PIP_VERSION="9.0.1"
_MINIMUM_SETUPTOOLS_VERSION="65.6.3"
_MAXIMUM_SETUPTOOLS_VERSION="69.0"
_PIP_INSTALL_ARGS="--prefix=/usr"
_PIP_DOWNLOAD_ARGS=""
_QUICK_START="$BS_FALSE"
_AUTO_ACCEPT_MINION_KEYS="$BS_FALSE"
_SYSTEMD_FUNCTIONAL=$BS_TRUE
# Defaults for install arguments
ITYPE="stable"
#--- FUNCTION -------------------------------------------------------------------------------------------------------
# NAME: __usage
# DESCRIPTION: Display usage information.
#----------------------------------------------------------------------------------------------------------------------
__usage() {
cat << EOT
Usage : ${__ScriptName} [options] <install-type> [install-type-args]
Installation types:
- stable Install latest stable release. This is the default
install type
- stable [branch] Install latest version on a branch. Only supported
for packages available at packages.broadcom.com
- stable [version] Install a specific version. Only supported for
packages available at packages.broadcom.com
To pin a 3xxx minor version, specify it as 3xxx.0
- testing RHEL-family specific: configure EPEL testing repo
- git Install from the head of the master branch
- git [ref] Install from any git ref (such as a branch, tag, or
commit)
- onedir Install latest onedir release.
- onedir [version] Install a specific version. Only supported for
onedir packages available at packages.broadcom.com
- onedir_rc Install latest onedir RC release.
- onedir_rc [version] Install a specific version. Only supported for
onedir RC packages available at packages.broadcom.com
Examples:
- ${__ScriptName}
- ${__ScriptName} stable
- ${__ScriptName} stable 3006
- ${__ScriptName} stable 3006.1
- ${__ScriptName} testing
- ${__ScriptName} git
- ${__ScriptName} git 3006.7
- ${__ScriptName} git v3006.8
- ${__ScriptName} git 3007.1
- ${__ScriptName} git v3007.1
- ${__ScriptName} git 06f249901a2e2f1ed310d58ea3921a129f214358
- ${__ScriptName} onedir
- ${__ScriptName} onedir 3006
- ${__ScriptName} onedir_rc
- ${__ScriptName} onedir_rc 3008
Options:
-a Pip install all Python pkg dependencies for Salt. Requires -V to install
all pip pkgs into the virtualenv.
(Only available for Ubuntu based distributions)
-A Pass the salt-master DNS name or IP. This will be stored under
\${BS_SALT_ETC_DIR}/minion.d/99-master-address.conf
-b Assume that dependencies are already installed and software sources are
set up. If git is selected, git tree is still checked out as dependency
step.
-c Temporary configuration directory
-C Only run the configuration function. Implies -F (forced overwrite).
To overwrite Master, Syndic or Api configs, -M,-S or -W, respectively, must
also be specified. Salt installation will be ommitted, but some of the
dependencies could be installed to write configuration with -j or -J.
-d Disables checking if Salt services are enabled to start on system boot.
You can also do this by touching /tmp/disable_salt_checks on the target
host. Default: \${BS_FALSE}
-D Show debug output
-f Force shallow cloning for git installations.
This may result in an "n/a" in the version number.
-F Allow copied files to overwrite existing (config, init.d, etc)
-g Salt Git repository URL. Default: ${_SALTSTACK_REPO_URL}
-h Display this message
-H Use the specified HTTP proxy for all download URLs (including https://).
For example: http://myproxy.example.com:3128
-i Pass the salt-minion id. This will be stored under
\${BS_SALT_ETC_DIR}/minion_id
-I If set, allow insecure connections while downloading any files. For
example, pass '--no-check-certificate' to 'wget' or '--insecure' to
'curl'. On Debian and Ubuntu, using this option with -U allows obtaining
GnuPG archive keys insecurely if distro has changed release signatures.
-j Replace the Minion config file with data passed in as a JSON string. If
a Minion config file is found, a reasonable effort will be made to save
the file with a ".bak" extension. If used in conjunction with -C or -F,
no ".bak" file will be created as either of those options will force
a complete overwrite of the file.
-J Replace the Master config file with data passed in as a JSON string. If
a Master config file is found, a reasonable effort will be made to save
the file with a ".bak" extension. If used in conjunction with -C or -F,
no ".bak" file will be created as either of those options will force
a complete overwrite of the file.
-k Temporary directory holding the minion keys which will pre-seed
the master.
-K If set, keep the temporary files in the temporary directories specified
with -c and -k
-l Disable ssl checks. When passed, switches "https" calls to "http" where
possible.
-L Also install salt-cloud and required python-libcloud package
-M Also install salt-master
-n No colours
-N Do not install salt-minion
-p Extra-package to install while installing Salt dependencies. One package
per -p flag. You are responsible for providing the proper package name.
-P Allow pip based installations. On some distributions the required salt
packages or its dependencies are not available as a package for that
distribution. Using this flag allows the script to use pip as a last
resort method. NOTE: This only works for functions which actually
implement pip based installations.
-q Quiet salt installation from git (setup.py install -q)
-Q Quickstart, install the Salt master and the Salt minion.
And automatically accept the minion key.
-R Specify a custom repository URL. Assumes the custom repository URL
points to a repository that mirrors Salt packages located at
packages.broadcom.com. The option passed with -R replaces the
"packages.broadcom.com". If -R is passed, -r is also set. Currently only
works on CentOS/RHEL and Debian based distributions and macOS.
-s Sleep time used when waiting for daemons to start, restart and when
checking for the services running. Default: ${__DEFAULT_SLEEP}
-S Also install salt-syndic
-r Disable all repository configuration performed by this script. This
option assumes all necessary repository configuration is already present
on the system.
-U If set, fully upgrade the system prior to bootstrapping Salt
-v Display script version
-V Install Salt into virtualenv
(only available for Ubuntu based distributions)
-W Also install salt-api
-x Changes the Python version used to install Salt (default: Python 3).
Python 2.7 is no longer supported.
-X Do not start daemons after installation
EOT
} # ---------- end of function __usage ----------
while getopts ':hvnDc:g:Gx:k:s:MSWNXCPFUKIA:i:Lp:dH:bflV:J:j:rR:aqQ' opt
do
case "${opt}" in
h ) __usage; exit 0 ;;
v ) echo "$0 -- Version $__ScriptVersion"; exit 0 ;;
n ) _COLORS=0; __detect_color_support ;;
D ) _ECHO_DEBUG=$BS_TRUE ;;
c ) _TEMP_CONFIG_DIR="$OPTARG" ;;
g ) _SALT_REPO_URL=$OPTARG ;;
G ) echowarn "The '-G' option is DEPRECATED and will be removed in the future stable release!"
echowarn "Bootstrap will always use 'https' protocol to clone from SaltStack GitHub repo."
echowarn "No need to provide this option anymore, now it is a default behavior."
;;
k ) _TEMP_KEYS_DIR="$OPTARG" ;;
s ) _SLEEP=$OPTARG ;;
M ) _INSTALL_MASTER=$BS_TRUE ;;
S ) _INSTALL_SYNDIC=$BS_TRUE ;;
W ) _INSTALL_SALT_API=$BS_TRUE ;;
N ) _INSTALL_MINION=$BS_FALSE ;;
X ) _START_DAEMONS=$BS_FALSE ;;
C ) _CONFIG_ONLY=$BS_TRUE ;;
P ) _PIP_ALLOWED=$BS_TRUE ;;
F ) _FORCE_OVERWRITE=$BS_TRUE ;;
U ) _UPGRADE_SYS=$BS_TRUE ;;
K ) _KEEP_TEMP_FILES=$BS_TRUE ;;
I ) _INSECURE_DL=$BS_TRUE ;;
A ) _SALT_MASTER_ADDRESS=$OPTARG ;;
i ) _SALT_MINION_ID=$OPTARG ;;
L ) _INSTALL_CLOUD=$BS_TRUE ;;
p ) _EXTRA_PACKAGES="$_EXTRA_PACKAGES $OPTARG" ;;
d ) _DISABLE_SALT_CHECKS=$BS_TRUE ;;
H ) _HTTP_PROXY="$OPTARG" ;;
b ) _NO_DEPS=$BS_TRUE ;;
f ) _FORCE_SHALLOW_CLONE=$BS_TRUE ;;
l ) _DISABLE_SSL=$BS_TRUE ;;
V ) _VIRTUALENV_DIR="$OPTARG" ;;
a ) _PIP_ALL=$BS_TRUE ;;
r ) _DISABLE_REPOS=$BS_TRUE ;;
R ) _CUSTOM_REPO_URL=$OPTARG ;;
J ) _CUSTOM_MASTER_CONFIG=$OPTARG ;;
j ) _CUSTOM_MINION_CONFIG=$OPTARG ;;
q ) _QUIET_GIT_INSTALLATION=$BS_TRUE ;;
Q ) _QUICK_START=$BS_TRUE ;;
x ) _PY_EXE="$OPTARG" ;;
\?) echo
echoerror "Option does not exist : $OPTARG"
__usage
exit 1
;;
esac # --- end of case ---
done
shift $((OPTIND-1))
# Define our logging file and pipe paths
LOGFILE="/tmp/$( echo "$__ScriptName" | sed s/.sh/.log/g )"
LOGPIPE="/tmp/$( echo "$__ScriptName" | sed s/.sh/.logpipe/g )"
# Ensure no residual pipe exists
rm "$LOGPIPE" 2>/dev/null
# Create our logging pipe
# On FreeBSD we have to use mkfifo instead of mknod
if ! (mknod "$LOGPIPE" p >/dev/null 2>&1 || mkfifo "$LOGPIPE" >/dev/null 2>&1); then
echoerror "Failed to create the named pipe required to log"
exit 1
fi
# What ever is written to the logpipe gets written to the logfile
tee < "$LOGPIPE" "$LOGFILE" &
# Close STDOUT, reopen it directing it to the logpipe
exec 1>&-
exec 1>"$LOGPIPE"
# Close STDERR, reopen it directing it to the logpipe
exec 2>&-
exec 2>"$LOGPIPE"
#--- FUNCTION -------------------------------------------------------------------------------------------------------
# NAME: __exit_cleanup
# DESCRIPTION: Cleanup any leftovers after script has ended
#
#
# http://www.unix.com/man-page/POSIX/1posix/trap/
#
# Signal Number Signal Name
# 1 SIGHUP
# 2 SIGINT
# 3 SIGQUIT
# 6 SIGABRT
# 9 SIGKILL
# 14 SIGALRM
# 15 SIGTERM
#----------------------------------------------------------------------------------------------------------------------
APT_ERR=$(mktemp /tmp/apt_error.XXXXXX)
__exit_cleanup() {
EXIT_CODE=$?
if [ "$ITYPE" = "git" ] && [ -d "${_SALT_GIT_CHECKOUT_DIR}" ]; then
if [ $_KEEP_TEMP_FILES -eq $BS_FALSE ]; then
# Clean up the checked out repository
echodebug "Cleaning up the Salt Temporary Git Repository"
# shellcheck disable=SC2164
cd "${__SALT_GIT_CHECKOUT_PARENT_DIR}"
rm -fR "${_SALT_GIT_CHECKOUT_DIR}"
#rm -fR "${_SALT_GIT_CHECKOUT_DIR}/deps"
else
echowarn "Not cleaning up the Salt Temporary git repository on request"
echowarn "Note that if you intend to re-run this script using the git approach, you might encounter some issues"
fi
fi
# Remove the logging pipe when the script exits
if [ -p "$LOGPIPE" ]; then
echodebug "Removing the logging pipe $LOGPIPE"
rm -f "$LOGPIPE"
fi
# Remove the temporary apt error file when the script exits
if [ -f "$APT_ERR" ]; then
echodebug "Removing the temporary apt error file $APT_ERR"
rm -f "$APT_ERR"
fi
# Kill tee when exiting, CentOS, at least requires this
# shellcheck disable=SC2009
TEE_PID=$(ps ax | grep tee | grep "$LOGFILE" | awk '{print $1}')
[ "$TEE_PID" = "" ] && exit $EXIT_CODE
echodebug "Killing logging pipe tee's with pid(s): $TEE_PID"
# We need to trap errors since killing tee will cause a 127 errno
# We also do this as late as possible so we don't "mis-catch" other errors
__trap_errors() {
echoinfo "Errors Trapped: $EXIT_CODE"
# Exit with the "original" exit code, not the trapped code
exit $EXIT_CODE
}
trap "__trap_errors" INT ABRT QUIT TERM
# Now we're "good" to kill tee
kill -s TERM "$TEE_PID"
# In case the 127 errno is not triggered, exit with the "original" exit code
exit $EXIT_CODE
}
trap "__exit_cleanup" EXIT INT
# Let's discover how we're being called
# shellcheck disable=SC2009
CALLER=$(ps -a -o pid,args | grep $$ | grep -v grep | tr -s ' ' | cut -d ' ' -f 3)
if [ "${CALLER}x" = "${0}x" ]; then
CALLER="shell pipe"
fi
echoinfo "Running version: ${__ScriptVersion}"
echoinfo "Executed by: ${CALLER}"
echoinfo "Command line: '${__ScriptFullName} ${__ScriptArgs}'"
# Defaults
STABLE_REV="latest"
ONEDIR_REV="latest"
_ONEDIR_REV="latest"
YUM_REPO_FILE="/etc/yum.repos.d/salt.repo"
# check if systemd is functional
__check_services_systemd_functional
# Define installation type
if [ "$#" -gt 0 ];then
__check_unparsed_options "$*"
ITYPE=$1
shift
fi
# Check installation type
if [ "$(echo "$ITYPE" | grep -E '(latest|default|stable|testing|git|onedir|onedir_rc)')" = "" ]; then
echoerror "Installation type \"$ITYPE\" is not known..."
exit 1
fi
## allows GitHub Actions CI/CD easier handling of latest and default
if [ "$ITYPE" = "latest" ] || [ "$ITYPE" = "default" ]; then
STABLE_REV="latest"
ONEDIR_REV="latest"
_ONEDIR_REV="latest"
ITYPE="onedir"
if [ "$#" -gt 0 ];then
shift
fi
echodebug "using ITYPE onedir for input 'latest' or 'default', cmd args left ,$#,"
# If doing a git install, check what branch/tag/sha will be checked out
elif [ "$ITYPE" = "git" ]; then
if [ "$#" -eq 0 ];then
GIT_REV="master"
else
GIT_REV="$1"
shift
fi
# Disable shell warning about unbound variable during git install
STABLE_REV="latest"
# If doing stable install, check if version specified
elif [ "$ITYPE" = "stable" ]; then
if [ "$#" -eq 0 ];then
STABLE_REV="latest"
ONEDIR_REV="latest"
_ONEDIR_REV="latest"
ITYPE="onedir"
else
if [ "$(echo "$1" | grep -E '^(latest|3006|3007)$')" != "" ]; then
STABLE_REV="$1"
ONEDIR_REV="$1"
_ONEDIR_REV="$1"
ITYPE="onedir"
shift
elif [ "$(echo "$1" | grep -E '^([3-9][0-5]{2}[6-9](\.[0-9]*)?)')" != "" ]; then
STABLE_REV="$1"
ONEDIR_REV="$1"
_ONEDIR_REV="$1"
ITYPE="onedir"
shift
else
echo "Unknown stable version: $1 (valid: 3006, 3007, latest), versions older than 3006 are not available"
exit 1
fi
fi
elif [ "$ITYPE" = "onedir" ]; then
if [ "$#" -eq 0 ];then
ONEDIR_REV="latest"
STABLE_REV="latest"
else
if [ "$(echo "$1" | grep -E '^(latest|3006|3007)$')" != "" ]; then
ONEDIR_REV="$1"
STABLE_REV="$1"
shift
elif [ "$(echo "$1" | grep -E '^([3-9][0-9]{3}(\.[0-9]*)?)')" != "" ]; then
ONEDIR_REV="$1"
STABLE_REV="$1"
shift
else
echo "Unknown onedir version: $1 (valid: 3006, 3007, latest), versions older than 3006 are not available"
exit 1
fi
fi
elif [ "$ITYPE" = "onedir_rc" ]; then
echoerror "RC Releases are not supported at this time"
## # Change the _ONEDIR_DIR to be the location for the RC packages
## _ONEDIR_DIR="salt_rc/salt"
##
## # Change ITYPE to onedir so we use the regular onedir functions
## ITYPE="onedir"
##
## if [ "$#" -eq 0 ];then
## ONEDIR_REV="latest"
## else
## if [ "$(echo "$1" | grep -E '^(latest)$')" != "" ]; then
## ONEDIR_REV="$1"
## shift
## elif [ "$(echo "$1" | grep -E '^([3-9][0-9]{3}?rc[0-9]-[0-9]$)')" != "" ]; then
## # Handle the 3xxx.0 version as 3xxx archive (pin to minor) and strip the fake ".0" suffix
## #ONEDIR_REV=$(echo "$1" | sed -E 's/^([3-9][0-9]{3})\.0$/\1/')
## ## ONEDIR_REV="minor/$1" don't have minor directory anymore
## ONEDIR_REV="$1"
## shift
## elif [ "$(echo "$1" | grep -E '^([3-9][0-9]{3}\.[0-9]?rc[0-9]$)')" != "" ]; then
## # Handle the 3xxx.0 version as 3xxx archive (pin to minor) and strip the fake ".0" suffix
## #ONEDIR_REV=$(echo "$1" | sed -E 's/^([3-9][0-9]{3})\.0$/\1/')
## ## ONEDIR_REV="minor/$1" don't have minor directory anymore
## ONEDIR_REV="$1"
## shift
## else
## echo "Unknown onedir_rc version: $1 (valid: 3006-8, 3007-1, latest)"
## exit 1
## fi
## fi
fi
# Doing a quick start, so install master
# set master address to 127.0.0.1
if [ "$_QUICK_START" -eq "$BS_TRUE" ]; then
# make install type is stable
ITYPE="stable"
# make sure the revision is latest
STABLE_REV="latest"
ONEDIR_REV="latest"
# make sure we're installing the master
_INSTALL_MASTER=$BS_TRUE
# override incase install minion
# is set to false
_INSTALL_MINION=$BS_TRUE
# Set master address to loopback IP
_SALT_MASTER_ADDRESS="127.0.0.1"
# Auto accept the minion key
# when the install is done.
_AUTO_ACCEPT_MINION_KEYS=$BS_TRUE
fi
# Check for any unparsed arguments. Should be an error.
if [ "$#" -gt 0 ]; then
__usage
echo
echoerror "Too many arguments."
exit 1
fi
# whoami alternative for SunOS
if [ -f /usr/xpg4/bin/id ]; then
whoami='/usr/xpg4/bin/id -un'
else
whoami='whoami'
fi
# Root permissions are required to run this script
if [ "$($whoami)" != "root" ]; then
echoerror "Salt requires root privileges to install. Please re-run this script as root."
exit 1
fi
# Check that we're actually installing one of minion/master/syndic
if [ "$_INSTALL_MINION" -eq $BS_FALSE ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && [ "$_INSTALL_SALT_API" -eq $BS_FALSE ] && [ "$_CONFIG_ONLY" -eq $BS_FALSE ]; then
echowarn "Nothing to install or configure"
exit 1
fi
# Check that we're installing a minion if we're being passed a master address
if [ "$_INSTALL_MINION" -eq $BS_FALSE ] && [ "$_SALT_MASTER_ADDRESS" != "null" ]; then
echoerror "Don't pass a master address (-A) if no minion is going to be bootstrapped."
exit 1
fi
# Check that we're installing a minion if we're being passed a minion id
if [ "$_INSTALL_MINION" -eq $BS_FALSE ] && [ "$_SALT_MINION_ID" != "null" ]; then
echoerror "Don't pass a minion id (-i) if no minion is going to be bootstrapped."
exit 1
fi
# Check that we're installing or configuring a master if we're being passed a master config json dict
if [ "$_CUSTOM_MASTER_CONFIG" != "null" ]; then
if [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && [ "$_CONFIG_ONLY" -eq $BS_FALSE ]; then
echoerror "Don't pass a master config JSON dict (-J) if no master is going to be bootstrapped or configured."
exit 1
fi
fi
# Check that we're installing or configuring a minion if we're being passed a minion config json dict
if [ "$_CUSTOM_MINION_CONFIG" != "null" ]; then
if [ "$_INSTALL_MINION" -eq $BS_FALSE ] && [ "$_CONFIG_ONLY" -eq $BS_FALSE ]; then
echoerror "Don't pass a minion config JSON dict (-j) if no minion is going to be bootstrapped or configured."
exit 1
fi
fi
# Default to Python 3, no longer support for Python 2
PY_PKG_VER=3
_PY_PKG_VER="python3"
_PY_MAJOR_VERSION="3"
# Check if we're installing via a different Python executable and set major version variables
if [ -n "$_PY_EXE" ]; then
if [ "$(uname)" = "Darwin" ]; then
_PY_PKG_VER=$(echo "$_PY_EXE" | sed "s/\\.//g")
else
_PY_PKG_VER=$(echo "$_PY_EXE" | sed -E "s/\\.//g")
fi
TEST_PY_MAJOR_VERSION=$(echo "$_PY_PKG_VER" | cut -c 7)
if [ "$TEST_PY_MAJOR_VERSION" -eq 2 ]; then
echoerror "Python 2 is no longer supported, only Python 3"
return 1
fi
if [ "$TEST_PY_MAJOR_VERSION" != 3 ]; then
echoerror "Detected -x option, but Python major version is not 3."
echoerror "The -x option must be passed as python3, python38, or python3.8 (use the Python '3' versions of examples)."
exit 1
fi
if [ "$_PY_EXE" != "python3" ]; then
echoinfo "Detected -x option. Using $_PY_EXE to install Salt."
fi
fi
# If the configuration directory or archive does not exist, error out
if [ "$_TEMP_CONFIG_DIR" != "null" ]; then
_TEMP_CONFIG_DIR="$(__check_config_dir "$_TEMP_CONFIG_DIR")"
[ "$_TEMP_CONFIG_DIR" = "null" ] && exit 1
fi
# If the pre-seed keys directory does not exist, error out
if [ "$_TEMP_KEYS_DIR" != "null" ] && [ ! -d "$_TEMP_KEYS_DIR" ]; then
echoerror "The pre-seed keys directory ${_TEMP_KEYS_DIR} does not exist."
exit 1
fi
# -a and -V only work from git
if [ "$ITYPE" != "git" ]; then
if [ "$_PIP_ALL" -eq $BS_TRUE ]; then
echoerror "Pip installing all python packages with -a is only possible when installing Salt via git"
exit 1
fi
if [ "$_VIRTUALENV_DIR" != "null" ]; then
echoerror "Virtualenv installs via -V is only possible when installing Salt via git"
exit 1
fi
fi
# Set the _REPO_URL value based on if -R was passed or not. Defaults to packages.broadcom.com/artifactory
if [ "$_CUSTOM_REPO_URL" != "null" ]; then
_REPO_URL="$_CUSTOM_REPO_URL"
# Check for -r since -R is being passed. Set -r with a warning.
if [ "$_DISABLE_REPOS" -eq $BS_FALSE ]; then
echowarn "Detected -R option. No other repositories will be configured when -R is used. Setting -r option to True."
_DISABLE_REPOS=$BS_TRUE
fi
fi
# Check the _DISABLE_SSL value and set HTTP or HTTPS.
if [ "$_DISABLE_SSL" -eq $BS_TRUE ]; then
HTTP_VAL="http"
else
HTTP_VAL="https"
fi
# Check the _QUIET_GIT_INSTALLATION value and set SETUP_PY_INSTALL_ARGS.
if [ "$_QUIET_GIT_INSTALLATION" -eq $BS_TRUE ]; then
SETUP_PY_INSTALL_ARGS="-q"
else
SETUP_PY_INSTALL_ARGS=""
fi
# Handle the insecure flags
if [ "$_INSECURE_DL" -eq $BS_TRUE ]; then
_CURL_ARGS="${_CURL_ARGS} --insecure"
_FETCH_ARGS="${_FETCH_ARGS} --no-verify-peer"
_GPG_ARGS="${_GPG_ARGS} --keyserver-options no-check-cert"
_WGET_ARGS="${_WGET_ARGS} --no-check-certificate"
else
_GPG_ARGS="${_GPG_ARGS} --keyserver-options ca-cert-file=/etc/ssl/certs/ca-certificates.crt"
fi
# Export the http_proxy configuration to our current environment
if [ "${_HTTP_PROXY}" != "" ]; then
export http_proxy="${_HTTP_PROXY}"
export https_proxy="${_HTTP_PROXY}"
# Using "deprecated" option here, but that appears the only way to make it work.
# See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=818802
# and https://bugs.launchpad.net/ubuntu/+source/gnupg2/+bug/1625848
_GPG_ARGS="${_GPG_ARGS},http-proxy=${_HTTP_PROXY}"
fi
# Work around for 'Docker + salt-bootstrap failure' https://github.com/saltstack/salt-bootstrap/issues/394
if [ "${_DISABLE_SALT_CHECKS}" -eq $BS_FALSE ] && [ -f /tmp/disable_salt_checks ]; then
# shellcheck disable=SC2016
echowarn 'Found file: /tmp/disable_salt_checks, setting _DISABLE_SALT_CHECKS=$BS_TRUE'
_DISABLE_SALT_CHECKS=$BS_TRUE
fi
# Because -a can only be installed into virtualenv
if [ "${_PIP_ALL}" -eq $BS_TRUE ] && [ "${_VIRTUALENV_DIR}" = "null" ]; then
usage
# Could possibly set up a default virtualenv location when -a flag is passed
echoerror "Using -a requires -V because pip pkgs should be siloed from python system pkgs"
exit 1
fi
# Make sure virtualenv directory does not already exist
if [ -d "${_VIRTUALENV_DIR}" ]; then
echoerror "The directory ${_VIRTUALENV_DIR} for virtualenv already exists"
exit 1
fi
#--- FUNCTION -------------------------------------------------------------------------------------------------------
# NAME: __fetch_url
# DESCRIPTION: Retrieves a URL and writes it to a given path
#----------------------------------------------------------------------------------------------------------------------
__fetch_url() {
# shellcheck disable=SC2086
curl $_CURL_ARGS -L -s -f -o "$1" "$2" >/dev/null 2>&1 ||
wget $_WGET_ARGS -q -O "$1" "$2" >/dev/null 2>&1 ||
fetch $_FETCH_ARGS -q -o "$1" "$2" >/dev/null 2>&1 || # FreeBSD
fetch -q -o "$1" "$2" >/dev/null 2>&1 || # Pre FreeBSD 10
ftp -o "$1" "$2" >/dev/null 2>&1 || # OpenBSD
(echoerror "$2 failed to download to $1"; exit 1)
}
#--- FUNCTION -------------------------------------------------------------------------------------------------------
# NAME: __fetch_verify
# DESCRIPTION: Retrieves a URL, verifies its content and writes it to standard output
#----------------------------------------------------------------------------------------------------------------------
__fetch_verify() {
fetch_verify_url="$1"
fetch_verify_sum="$2"
fetch_verify_size="$3"
fetch_verify_tmpf=$(mktemp) && \
__fetch_url "$fetch_verify_tmpf" "$fetch_verify_url" && \
test "$(stat --format=%s "$fetch_verify_tmpf")" -eq "$fetch_verify_size" && \
test "$(md5sum "$fetch_verify_tmpf" | awk '{ print $1 }')" = "$fetch_verify_sum" && \
cat "$fetch_verify_tmpf" && \
if rm -f "$fetch_verify_tmpf"; then
return 0
fi
echo "Failed verification of $fetch_verify_url"
return 1
}
#--- FUNCTION -------------------------------------------------------------------------------------------------------
# NAME: __check_url_exists
# DESCRIPTION: Checks if a URL exists
#----------------------------------------------------------------------------------------------------------------------
__check_url_exists() {
_URL="$1"
if curl --output /dev/null --silent --fail "${_URL}"; then
return 0
else
return 1
fi
}
#--- FUNCTION -------------------------------------------------------------------------------------------------------
# NAME: __gather_hardware_info
# DESCRIPTION: Discover hardware information
#----------------------------------------------------------------------------------------------------------------------
__gather_hardware_info() {
if [ -f /proc/cpuinfo ]; then
CPU_VENDOR_ID=$(awk '/vendor_id|Processor/ {sub(/-.*$/,"",$3); print $3; exit}' /proc/cpuinfo )
elif [ -f /usr/bin/kstat ]; then
# SmartOS.
# Solaris!?
# This has only been tested for a GenuineIntel CPU
CPU_VENDOR_ID=$(/usr/bin/kstat -p cpu_info:0:cpu_info0:vendor_id | awk '{print $2}')
else
CPU_VENDOR_ID=$( sysctl -n hw.model )
fi
# shellcheck disable=SC2034
CPU_VENDOR_ID_L=$( echo "$CPU_VENDOR_ID" | tr '[:upper:]' '[:lower:]' )
CPU_ARCH=$(uname -m 2>/dev/null || uname -p 2>/dev/null || echo "unknown")
CPU_ARCH_L=$( echo "$CPU_ARCH" | tr '[:upper:]' '[:lower:]' )
}
__gather_hardware_info