From f0b2b5cc38b7acd9e1809f19663d8ed45f186856 Mon Sep 17 00:00:00 2001 From: Denys Havrysh Date: Sat, 13 Aug 2016 18:58:38 +0300 Subject: [PATCH 01/28] Configure `salt-api` service, but do not attempt to start it on all OS --- bootstrap-salt.sh | 235 ++++++++++++++++++++++++---------------------- 1 file changed, 122 insertions(+), 113 deletions(-) diff --git a/bootstrap-salt.sh b/bootstrap-salt.sh index fba69197d..8b45698fd 100755 --- a/bootstrap-salt.sh +++ b/bootstrap-salt.sh @@ -2581,14 +2581,13 @@ install_ubuntu_stable_post() { return 0 fi - for fname in minion master syndic api; do - # Skip if not meant to be installed + for fname in api master minion syndic; do # Skip salt-api since the service should be opt-in and not necessarily started on boot [ $fname = "api" ] && continue + # Skip if not meant to be installed [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "master" ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && continue - #[ $fname = "api" ] && ([ "$_INSTALL_MASTER" -eq $BS_FALSE ] || ! __check_command_exists "salt-${fname}") && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue if [ -f /bin/systemctl ]; then @@ -2604,13 +2603,14 @@ install_ubuntu_stable_post() { fi done } -install_ubuntu_git_post() { - for fname in minion master syndic api; do +install_ubuntu_git_post() { + for fname in api master minion syndic; do # Skip if not meant to be installed - [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue + [ $fname = "api" ] && \ + ([ "$_INSTALL_MASTER" -eq $BS_FALSE ] || ! __check_command_exists "salt-${fname}") && continue [ $fname = "master" ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && continue - [ $fname = "api" ] && ([ "$_INSTALL_MASTER" -eq $BS_FALSE ] || ! __check_command_exists "salt-${fname}") && continue + [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue if [ -f /bin/systemctl ] && [ "$DISTRO_MAJOR_VERSION" -ge 15 ]; then @@ -2663,14 +2663,14 @@ install_ubuntu_restart_daemons() { elif [ -f /sbin/initctl ]; then /sbin/initctl reload-configuration fi - for fname in minion master syndic api; do + + for fname in api master minion syndic; do # Skip salt-api since the service should be opt-in and not necessarily started on boot [ $fname = "api" ] && continue # Skip if not meant to be installed - [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "master" ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && continue - #[ $fname = "api" ] && ([ "$_INSTALL_MASTER" -eq $BS_FALSE ] || ! __check_command_exists "salt-${fname}") && continue + [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue if [ -f /bin/systemctl ] && [ "$DISTRO_MAJOR_VERSION" -ge 15 ]; then @@ -2708,14 +2708,13 @@ install_ubuntu_restart_daemons() { } install_ubuntu_check_services() { - for fname in minion master syndic api; do + for fname in api master minion syndic; do # Skip salt-api since the service should be opt-in and not necessarily started on boot [ $fname = "api" ] && continue # Skip if not meant to be installed [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "master" ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && continue - #[ $fname = "api" ] && ([ "$_INSTALL_MASTER" -eq $BS_FALSE ] || ! __check_command_exists "salt-${fname}") && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue if [ -f /bin/systemctl ] && [ "$DISTRO_MAJOR_VERSION" -ge 15 ]; then @@ -2726,6 +2725,7 @@ install_ubuntu_check_services() { __check_services_debian salt-$fname || return 1 fi done + return 0 } # @@ -3088,7 +3088,7 @@ install_debian_8_git() { } install_debian_git_post() { - for fname in minion master syndic api; do + for fname in api master minion syndic; do # Skip if not meant to be installed [ "$fname" = "api" ] && \ ([ "$_INSTALL_MASTER" -eq $BS_FALSE ] || ! __check_command_exists "salt-${fname}") && continue @@ -3138,22 +3138,21 @@ install_debian_git_post() { update-rc.d "salt-${fname}" defaults fi - done } install_debian_restart_daemons() { [ "$_START_DAEMONS" -eq $BS_FALSE ] && return 0 - for fname in minion master syndic api; do + for fname in api master minion syndic; do # Skip salt-api since the service should be opt-in and not necessarily started on boot [ $fname = "api" ] && continue # Skip if not meant to be installed - [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "master" ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && continue - #[ $fname = "api" ] && ([ "$_INSTALL_MASTER" -eq $BS_FALSE ] || [ ! -f "/etc/init.d/salt-$fname" ]) && continue + [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue + if [ -f /bin/systemctl ]; then # Debian 8 uses systemd /bin/systemctl stop salt-$fname > /dev/null 2>&1 @@ -3167,7 +3166,7 @@ install_debian_restart_daemons() { } install_debian_check_services() { - for fname in minion master syndic api; do + for fname in api master minion syndic; do # Skip salt-api since the service should be opt-in and not necessarily started on boot [ $fname = "api" ] && continue @@ -3261,7 +3260,7 @@ install_fedora_stable() { } install_fedora_stable_post() { - for fname in minion master syndic api; do + for fname in api master minion syndic; do # Skip salt-api since the service should be opt-in and not necessarily started on boot [ $fname = "api" ] && continue @@ -3335,12 +3334,12 @@ install_fedora_git() { } install_fedora_git_post() { - for fname in minion master syndic api; do - + for fname in api master minion syndic; do # Skip if not meant to be installed - [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue + [ $fname = "api" ] && \ + ([ "$_INSTALL_MASTER" -eq $BS_FALSE ] || ! __check_command_exists "salt-${fname}") && continue [ $fname = "master" ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && continue - [ $fname = "api" ] && ([ "$_INSTALL_MASTER" -eq $BS_FALSE ] || ! __check_command_exists "salt-${fname}") && continue + [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue __copyfile "${_SALT_GIT_CHECKOUT_DIR}/pkg/rpm/salt-${fname}.service" "/lib/systemd/system/salt-${fname}.service" @@ -3357,14 +3356,13 @@ install_fedora_git_post() { install_fedora_restart_daemons() { [ $_START_DAEMONS -eq $BS_FALSE ] && return - for fname in minion master syndic api; do + for fname in api master minion syndic; do # Skip salt-api since the service should be opt-in and not necessarily started on boot [ $fname = "api" ] && continue # Skip if not meant to be installed - [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "master" ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && continue - #[ $fname = "api" ] && ([ "$_INSTALL_MASTER" -eq $BS_FALSE ] || ! __check_command_exists "salt-${fname}") && continue + [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue systemctl stop salt-$fname > /dev/null 2>&1 @@ -3373,17 +3371,18 @@ install_fedora_restart_daemons() { } install_fedora_check_services() { - for fname in minion master syndic api; do + for fname in api master minion syndic; do # Skip salt-api since the service should be opt-in and not necessarily started on boot [ $fname = "api" ] && continue # Skip if not meant to be installed - [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "master" ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && continue - #[ $fname = "api" ] && ([ "$_INSTALL_MASTER" -eq $BS_FALSE ] || ! __check_command_exists "salt-${fname}") && continue + [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue + __check_services_systemd salt-$fname || return 1 done + return 0 } # @@ -4317,12 +4316,12 @@ install_arch_linux_git() { } install_arch_linux_post() { - for fname in minion master syndic api; do - + for fname in api master minion syndic; do # Skip if not meant to be installed - [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue + [ $fname = "api" ] && \ + ([ "$_INSTALL_MASTER" -eq $BS_FALSE ] || ! __check_command_exists "salt-${fname}") && continue [ $fname = "master" ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && continue - [ $fname = "api" ] && ([ "$_INSTALL_MASTER" -eq $BS_FALSE ] || ! __check_command_exists "salt-${fname}") && continue + [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue # Since Arch's pacman renames configuration files @@ -4352,13 +4351,12 @@ install_arch_linux_post() { } install_arch_linux_git_post() { - for fname in minion master syndic api; do - + for fname in api master minion syndic; do # Skip if not meant to be installed - [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue - [ $fname = "master" ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && continue [ $fname = "api" ] && \ ([ "$_INSTALL_MASTER" -eq $BS_FALSE ] || ! __check_command_exists "salt-${fname}") && continue + [ $fname = "master" ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && continue + [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue if [ -f /usr/bin/systemctl ]; then @@ -4385,7 +4383,7 @@ install_arch_linux_git_post() { install_arch_linux_restart_daemons() { [ $_START_DAEMONS -eq $BS_FALSE ] && return - for fname in minion master syndic api; do + for fname in api master minion syndic; do # Skip salt-api since the service should be opt-in and not necessarily started on boot [ $fname = "api" ] && continue @@ -4399,6 +4397,7 @@ install_arch_linux_restart_daemons() { /usr/bin/systemctl start salt-$fname.service continue fi + /etc/rc.d/salt-$fname stop > /dev/null 2>&1 /etc/rc.d/salt-$fname start done @@ -4410,7 +4409,7 @@ install_arch_check_services() { return 0 fi - for fname in minion master syndic api; do + for fname in api master minion syndic; do # Skip salt-api since the service should be opt-in and not necessarily started on boot [ $fname = "api" ] && continue @@ -4421,6 +4420,7 @@ install_arch_check_services() { __check_services_systemd salt-$fname || return 1 done + return 0 } # @@ -4676,15 +4676,13 @@ install_freebsd_git() { } install_freebsd_9_stable_post() { - for fname in minion master syndic api; do - + for fname in api master minion syndic; do # Skip salt-api since the service should be opt-in and not necessarily started on boot [ $fname = "api" ] && continue # Skip if not meant to be installed [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "master" ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && continue - [ $fname = "api" ] && ([ "$_INSTALL_MASTER" -eq $BS_FALSE ] || ! __check_command_exists "salt-${fname}") && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue enable_string="salt_${fname}_enable=\"YES\"" @@ -4695,7 +4693,6 @@ install_freebsd_9_stable_post() { grep "salt_minion_paths" /etc/rc.conf >/dev/null 2>&1 [ $? -eq 1 ] && echo "salt_minion_paths=\"/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin\"" >> /etc/rc.conf fi - done } @@ -4715,14 +4712,13 @@ install_freebsd_git_post() { install_freebsd_restart_daemons() { [ $_START_DAEMONS -eq $BS_FALSE ] && return - for fname in minion master syndic api; do + for fname in api master minion syndic; do # Skip salt-api since the service should be opt-in and not necessarily started on boot [ $fname = "api" ] && continue # Skip if not meant to be installed - [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "master" ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && continue - #[ $fname = "api" ] && ([ "$_INSTALL_MASTER" -eq $BS_FALSE ] || ! __check_command_exists "salt-${fname}") && continue + [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue service salt_$fname stop > /dev/null 2>&1 @@ -4800,13 +4796,13 @@ install_openbsd_deps() { _TEMP_CONFIG_DIR="/tmp" CONFIG_SALT_FUNC="config_salt" - for fname in minion master syndic api; do + for fname in api master minion syndic; do + # Skip salt-api since there is no example config for it in the Salt git repo + [ $fname = "api" ] && continue + # Skip if not meant to be installed - [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "master" ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && continue - [ $fname = "api" ] && \ - ([ "$_INSTALL_MASTER" -eq $BS_FALSE ] || __check_command_exists "salt-${fname}") && \ - continue + [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue # Let's download, since they were not provided, the default configuration files @@ -4816,6 +4812,7 @@ install_openbsd_deps() { fi done fi + if [ "${_EXTRA_PACKAGES}" != "" ]; then echoinfo "Installing the following extra packages as requested: ${_EXTRA_PACKAGES}" # shellcheck disable=SC2086 @@ -4860,7 +4857,6 @@ install_openbsd_git() { return 0 } - install_openbsd_post() { # # Install rc.d files. @@ -4877,7 +4873,8 @@ install_openbsd_post() { _TEMP_CONFIG_DIR="/tmp" for fname in api master minion syndic; do # Skip if not meant to be installed - [ $fname = "api" ] || ! __check_command_exists "salt-${fname}" && continue + [ $fname = "api" ] && \ + ([ "$_INSTALL_MASTER" -eq $BS_FALSE ] || ! __check_command_exists "salt-${fname}") && continue [ $fname = "master" ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && continue [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && continue @@ -4894,6 +4891,8 @@ install_openbsd_post() { fi fi done + + return 0 } install_openbsd_check_services() { @@ -4914,7 +4913,6 @@ install_openbsd_check_services() { return 0 } - install_openbsd_restart_daemons() { [ $_START_DAEMONS -eq $BS_FALSE ] && return @@ -4926,13 +4924,15 @@ install_openbsd_restart_daemons() { [ $fname = "master" ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && continue [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue + if [ -f "/etc/rc.d/salt_${fname}" ]; then /etc/rc.d/salt_${fname} stop > /dev/null 2>&1 /etc/rc.d/salt_${fname} start fi done -} + return 0 +} # # Ended OpenBSD Install Functions @@ -5026,9 +5026,9 @@ install_smartos_git() { install_smartos_post() { smf_dir="/opt/custom/smf" - # Install manifest files if needed. - for fname in minion master syndic api; do + # Install manifest files if needed. + for fname in api master minion syndic; do # Skip if not meant to be installed [ $fname = "api" ] && \ ([ "$_INSTALL_MASTER" -eq $BS_FALSE ] || ! __check_command_exists "salt-${fname}") && continue @@ -5054,17 +5054,20 @@ install_smartos_post() { fi fi done + + return 0 } install_smartos_git_post() { smf_dir="/opt/custom/smf" - # Install manifest files if needed. - for fname in minion master syndic api; do + # Install manifest files if needed. + for fname in api master minion syndic; do # Skip if not meant to be installed - [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue + [ $fname = "api" ] && \ + ([ "$_INSTALL_MASTER" -eq $BS_FALSE ] || ! __check_command_exists "salt-${fname}") && continue [ $fname = "master" ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && continue - [ $fname = "api" ] && ([ "$_INSTALL_MASTER" -eq $BS_FALSE ] || ! __check_command_exists "salt-${fname}") && continue + [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue svcs "network/salt-$fname" > /dev/null 2>&1 @@ -5080,25 +5083,28 @@ install_smartos_git_post() { fi fi done + + return 0 } install_smartos_restart_daemons() { [ $_START_DAEMONS -eq $BS_FALSE ] && return - for fname in minion master syndic api; do + for fname in api master minion syndic; do # Skip salt-api since the service should be opt-in and not necessarily started on boot [ $fname = "api" ] && continue # Skip if not meant to be installed - [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "master" ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && continue - #[ $fname = "api" ] && ([ "$_INSTALL_MASTER" -eq $BS_FALSE ] || ! __check_command_exists "salt-${fname}") && continue + [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue # Stop if running && Start service svcadm disable salt-$fname > /dev/null 2>&1 svcadm enable salt-$fname done + + return 0 } # # Ended SmartOS Install Functions @@ -5270,14 +5276,13 @@ install_opensuse_git() { } install_opensuse_stable_post() { - for fname in minion master syndic api; do + for fname in api master minion syndic; do # Skip salt-api since the service should be opt-in and not necessarily started on boot [ $fname = "api" ] && continue # Skip if not meant to be installed - [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "master" ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && continue - #[ $fname = "api" ] && ([ "$_INSTALL_MASTER" -eq $BS_FALSE ] || ! __check_command_exists "salt-${fname}") && continue + [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue if [ -f /bin/systemctl ]; then @@ -5289,21 +5294,23 @@ install_opensuse_stable_post() { /sbin/chkconfig --add salt-$fname /sbin/chkconfig salt-$fname on - done + + return 0 } install_opensuse_git_post() { - for fname in minion master syndic api; do - + for fname in api master minion syndic; do # Skip if not meant to be installed - [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue + [ $fname = "api" ] && \ + ([ "$_INSTALL_MASTER" -eq $BS_FALSE ] || ! __check_command_exists "salt-${fname}") && continue [ $fname = "master" ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && continue - [ $fname = "api" ] && ([ "$_INSTALL_MASTER" -eq $BS_FALSE ] || ! __check_command_exists "salt-${fname}") && continue + [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue if [ -f /bin/systemctl ]; then use_usr_lib=$BS_FALSE + if [ "${DISTRO_MAJOR_VERSION}" -gt 13 ] || ([ "${DISTRO_MAJOR_VERSION}" -eq 13 ] && [ "${DISTRO_MINOR_VERSION}" -ge 2 ]); then use_usr_lib=$BS_TRUE fi @@ -5317,28 +5324,29 @@ install_opensuse_git_post() { else __copyfile "${_SALT_GIT_CHECKOUT_DIR}/pkg/salt-${fname}.service" "/lib/systemd/system/salt-${fname}.service" fi + continue fi __copyfile "${_SALT_GIT_CHECKOUT_DIR}/pkg/rpm/salt-$fname" "/etc/init.d/salt-$fname" chmod +x /etc/init.d/salt-$fname - done - install_opensuse_stable_post + install_opensuse_stable_post || return 1 + + return 0 } install_opensuse_restart_daemons() { [ $_START_DAEMONS -eq $BS_FALSE ] && return - for fname in minion master syndic api; do + for fname in api master minion syndic; do # Skip salt-api since the service should be opt-in and not necessarily started on boot [ $fname = "api" ] && continue # Skip if not meant to be installed - [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "master" ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && continue - #[ $fname = "api" ] && ([ "$_INSTALL_MASTER" -eq $BS_FALSE ] || ! __check_command_exists "salt-${fname}") && continue + [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue if [ -f /bin/systemctl ]; then @@ -5358,17 +5366,18 @@ install_opensuse_check_services() { return 0 fi - for fname in minion master syndic api; do + for fname in api master minion syndic; do # Skip salt-api since the service should be opt-in and not necessarily started on boot [ $fname = "api" ] && continue # Skip if not meant to be installed - [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "master" ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && continue - #[ $fname = "api" ] && ([ "$_INSTALL_MASTER" -eq $BS_FALSE ] || ! __check_command_exists "salt-${fname}") && continue + [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue + __check_services_systemd salt-$fname > /dev/null 2>&1 || __check_services_systemd salt-$fname.service > /dev/null 2>&1 || return 1 done + return 0 } # @@ -5447,12 +5456,13 @@ install_suse_12_stable_deps() { _TEMP_CONFIG_DIR="/tmp" CONFIG_SALT_FUNC="config_salt" - for fname in minion master syndic api; do + for fname in api master minion syndic; do + # Skip salt-api since there is no example config for it in the Salt git repo + [ $fname = "api" ] && continue # Skip if not meant to be installed - [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "master" ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && continue - [ $fname = "api" ] && ([ "$_INSTALL_MASTER" -eq $BS_FALSE ] || ! __check_command_exists "salt-${fname}") && continue + [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue # Syndic uses the same configuration file as the master @@ -5533,12 +5543,12 @@ install_suse_12_stable_post() { if [ "$SUSE_PATCHLEVEL" -gt 1 ]; then install_opensuse_stable_post || return 1 else - for fname in minion master syndic api; do - + for fname in api master minion syndic; do # Skip if not meant to be installed - [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue + [ $fname = "api" ] && \ + ([ "$_INSTALL_MASTER" -eq $BS_FALSE ] || ! __check_command_exists "salt-${fname}") && continue [ $fname = "master" ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && continue - [ $fname = "api" ] && ([ "$_INSTALL_MASTER" -eq $BS_FALSE ] || ! __check_command_exists "salt-${fname}") && continue + [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue if [ -f /bin/systemctl ]; then @@ -5548,20 +5558,17 @@ install_suse_12_stable_post() { continue fi - ## shellcheck disable=SC2086 - #curl $_CURL_ARGS -L "https://github.com/saltstack/salt/raw/develop/pkg/rpm/salt-$fname" \ - # -o "/etc/init.d/salt-$fname" || return 1 - #chmod +x "/etc/init.d/salt-$fname" + # Skip salt-api since the service should be opt-in and not necessarily started on boot + [ $fname = "api" ] && continue if [ -f /bin/systemctl ]; then systemctl is-enabled salt-$fname.service || (systemctl preset salt-$fname.service && systemctl enable salt-$fname.service) sleep 0.1 systemctl daemon-reload - continue fi - done fi + return 0 } @@ -5641,12 +5648,13 @@ install_suse_11_stable_deps() { _TEMP_CONFIG_DIR="/tmp" CONFIG_SALT_FUNC="config_salt" - for fname in minion master syndic api; do + for fname in api master minion syndic; do + # Skip salt-api since there is no example config for it in the Salt git repo + [ $fname = "api" ] && continue # Skip if not meant to be installed - [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "master" ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && continue - [ $fname = "api" ] && ([ "$_INSTALL_MASTER" -eq $BS_FALSE ] || ! __check_command_exists "salt-${fname}") && continue + [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue # Syndic uses the same configuration file as the master @@ -5726,12 +5734,12 @@ install_suse_11_stable_post() { if [ "$SUSE_PATCHLEVEL" -gt 1 ]; then install_opensuse_stable_post || return 1 else - for fname in minion master syndic api; do - + for fname in api master minion syndic; do # Skip if not meant to be installed - [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue + [ $fname = "api" ] && \ + ([ "$_INSTALL_MASTER" -eq $BS_FALSE ] || ! __check_command_exists "salt-${fname}") && continue [ $fname = "master" ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && continue - [ $fname = "api" ] && ([ "$_INSTALL_MASTER" -eq $BS_FALSE ] || ! __check_command_exists "salt-${fname}") && continue + [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue if [ -f /bin/systemctl ]; then @@ -5778,17 +5786,18 @@ install_suse_check_services() { return 0 fi - for fname in minion master syndic api; do + for fname in api master minion syndic; do # Skip salt-api since the service should be opt-in and not necessarily started on boot [ $fname = "api" ] && continue # Skip if not meant to be installed - [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "master" ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && continue - #[ $fname = "api" ] && ([ "$_INSTALL_MASTER" -eq $BS_FALSE ] || ! __check_command_exists "salt-${fname}") && continue + [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue + __check_services_systemd salt-$fname || return 1 done + return 0 } @@ -5877,14 +5886,13 @@ install_gentoo_git() { } install_gentoo_post() { - for fname in minion master syndic api; do + for fname in api master minion syndic; do # Skip salt-api since the service should be opt-in and not necessarily started on boot [ $fname = "api" ] && continue # Skip if not meant to be installed - [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "master" ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && continue - #[ $fname = "api" ] && ([ "$_INSTALL_MASTER" -eq $BS_FALSE ] || ! __check_command_exists "salt-${fname}") && continue + [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue if [ -d "/run/systemd/system" ]; then @@ -5900,14 +5908,13 @@ install_gentoo_post() { install_gentoo_restart_daemons() { [ $_START_DAEMONS -eq $BS_FALSE ] && return - for fname in minion master syndic api; do + for fname in api master minion syndic; do # Skip salt-api since the service should be opt-in and not necessarily started on boot [ $fname = "api" ] && continue # Skip if not meant to be installed [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "master" ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && continue - #[ $fname = "api" ] && ([ "$_INSTALL_MASTER" -eq $BS_FALSE ] || ! __check_command_exists "salt-${fname}") && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue if [ -d "/run/systemd/system" ]; then @@ -5926,17 +5933,18 @@ install_gentoo_check_services() { return 0 fi - for fname in minion master syndic api; do + for fname in api master minion syndic; do # Skip salt-api since the service should be opt-in and not necessarily started on boot [ $fname = "api" ] && continue # Skip if not meant to be installed [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "master" ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && continue - #[ $fname = "api" ] && ([ "$_INSTALL_MASTER" -eq $BS_FALSE ] || ! __check_command_exists "salt-${fname}") && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue + __check_services_systemd salt-$fname || return 1 done + return 0 } # @@ -6148,7 +6156,7 @@ daemons_running() { [ "$_START_DAEMONS" -eq $BS_FALSE ] && return 0 FAILED_DAEMONS=0 - for fname in minion master syndic api; do + for fname in api master minion syndic; do # Skip salt-api since the service should be opt-in and not necessarily started on boot [ $fname = "api" ] && continue @@ -6168,6 +6176,7 @@ daemons_running() { FAILED_DAEMONS=$((FAILED_DAEMONS + 1)) fi done + return $FAILED_DAEMONS } # @@ -6448,13 +6457,13 @@ if [ "$DAEMONS_RUNNING_FUNC" != "null" ] && [ ${_START_DAEMONS} -eq $BS_TRUE ]; if [ $? -ne 0 ]; then echoerror "Failed to run ${DAEMONS_RUNNING_FUNC}()!!!" - for fname in minion master syndic api; do + for fname in api master minion syndic; do # Skip salt-api since the service should be opt-in and not necessarily started on boot [ $fname = "api" ] && continue # Skip if not meant to be installed - [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "master" ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && continue + [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue if [ "$_ECHO_DEBUG" -eq $BS_FALSE ]; then From f081b05a9723e347d480c37b3c3236010465c705 Mon Sep 17 00:00:00 2001 From: Denys Havrysh Date: Mon, 15 Aug 2016 16:46:18 +0300 Subject: [PATCH 02/28] Add workaround when `__camelcase_split` doesn't work. Fixes #918 --- bootstrap-salt.sh | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/bootstrap-salt.sh b/bootstrap-salt.sh index fba69197d..0d055d9d9 100755 --- a/bootstrap-salt.sh +++ b/bootstrap-salt.sh @@ -850,15 +850,15 @@ __derive_debian_numeric_version() { # DESCRIPTION: Strip single or double quotes from the provided string. #---------------------------------------------------------------------------------------------------------------------- __unquote_string() { - echo "${@}" | sed "s/^\([\"']\)\(.*\)\1\$/\2/g" + echo "$*" | sed -e "s/^\([\"']\)\(.*\)\1\$/\2/g" } #--- FUNCTION ------------------------------------------------------------------------------------------------------- # NAME: __camelcase_split -# DESCRIPTION: Convert CamelCased strings to Camel_Cased +# DESCRIPTION: Convert 'CamelCased' strings to 'Camel Cased' #---------------------------------------------------------------------------------------------------------------------- __camelcase_split() { - echo "${@}" | sed -r 's/([^A-Z-])([A-Z])/\1 \2/g' + echo "$*" | sed -e 's/\([^A-Z-]\)\([A-Z]\)/\1 \2/g' } #--- FUNCTION ------------------------------------------------------------------------------------------------------- @@ -866,7 +866,7 @@ __camelcase_split() { # DESCRIPTION: Strip duplicate strings #---------------------------------------------------------------------------------------------------------------------- __strip_duplicates() { - echo "${@}" | tr -s '[:space:]' '\n' | awk '!x[$0]++' + echo "$*" | tr -s '[:space:]' '\n' | awk '!x[$0]++' } #--- FUNCTION ------------------------------------------------------------------------------------------------------- @@ -924,9 +924,12 @@ __gather_linux_system_info() { DISTRO_NAME=$(lsb_release -si) if [ "${DISTRO_NAME}" = "Scientific" ]; then DISTRO_NAME="Scientific Linux" - elif [ "$(echo "$DISTRO_NAME" | grep RedHat)" != "" ]; then - # Let's convert CamelCase to Camel Case - DISTRO_NAME=$(__camelcase_split "$DISTRO_NAME") + elif [ "$(echo "$DISTRO_NAME" | grep ^RedHat)" != "" ]; then + # Let's convert 'CamelCased' to 'Camel Cased' + n=$(__camelcase_split "$DISTRO_NAME") + # Skip setting DISTRO_NAME this time, splitting CamelCase has failed. + # See https://github.com/saltstack/salt-bootstrap/issues/918 + [ "$n" = "$DISTRO_NAME" ] && DISTRO_NAME="" || DISTRO_NAME="$n" elif [ "${DISTRO_NAME}" = "openSUSE project" ]; then # lsb_release -si returns "openSUSE project" on openSUSE 12.3 DISTRO_NAME="opensuse" From 171e9e0d117a16ecea75b78566d8ccd18bded19c Mon Sep 17 00:00:00 2001 From: Denys Havrysh Date: Wed, 17 Aug 2016 10:28:48 +0300 Subject: [PATCH 03/28] Fix locale issues: use POSIX character classes instead of ranges --- bootstrap-salt.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bootstrap-salt.sh b/bootstrap-salt.sh index 0d055d9d9..9b5a649d3 100755 --- a/bootstrap-salt.sh +++ b/bootstrap-salt.sh @@ -858,7 +858,7 @@ __unquote_string() { # DESCRIPTION: Convert 'CamelCased' strings to 'Camel Cased' #---------------------------------------------------------------------------------------------------------------------- __camelcase_split() { - echo "$*" | sed -e 's/\([^A-Z-]\)\([A-Z]\)/\1 \2/g' + echo "$*" | sed -e 's/\([^[:upper:][:punct:]]\)\([[:upper:]]\)/\1 \2/g' } #--- FUNCTION ------------------------------------------------------------------------------------------------------- From 0e45ba1c72c674562c9336716d6bc741ad649227 Mon Sep 17 00:00:00 2001 From: Denys Havrysh Date: Thu, 18 Aug 2016 17:39:11 +0300 Subject: [PATCH 04/28] Use `apt-key` to retrieve GPG pubic keys on Debian and Ubuntu --- bootstrap-salt.sh | 263 +++++++++++++++++++++++----------------------- 1 file changed, 130 insertions(+), 133 deletions(-) diff --git a/bootstrap-salt.sh b/bootstrap-salt.sh index 4b9483610..311e3b92b 100755 --- a/bootstrap-salt.sh +++ b/bootstrap-salt.sh @@ -218,9 +218,10 @@ _EPEL_REPO=${BS_EPEL_REPO:-epel} _EPEL_REPOS_INSTALLED=$BS_FALSE _UPGRADE_SYS=${BS_UPGRADE_SYS:-$BS_FALSE} _INSECURE_DL=${BS_INSECURE_DL:-$BS_FALSE} -_WGET_ARGS=${BS_WGET_ARGS:-} _CURL_ARGS=${BS_CURL_ARGS:-} _FETCH_ARGS=${BS_FETCH_ARGS:-} +_GPG_ARGS=${BS_GPG_ARGS:-} +_WGET_ARGS=${BS_WGET_ARGS:-} _ENABLE_EXTERNAL_ZMQ_REPOS=${BS_ENABLE_EXTERNAL_ZMQ_REPOS:-$BS_FALSE} _SALT_MASTER_ADDRESS=${BS_SALT_MASTER_ADDRESS:-null} _SALT_MINION_ID="null" @@ -544,11 +545,11 @@ fi # -a and -V only work from git if [ "$ITYPE" != "git" ]; then if [ $_PIP_ALL -eq $BS_TRUE ]; then - echoerror "Pip installing all python packages with -a is only possible when installing salt via git" + echoerror "Pip installing all python packages with -a is only possible when installing Salt via git" exit 1 fi if [ "$_VIRTUALENV_DIR" != "null" ]; then - echoerror "Virtualenv installs via -V is only possible when installing salt via git" + echoerror "Virtualenv installs via -V is only possible when installing Salt via git" exit 1 fi fi @@ -569,14 +570,14 @@ if [ "$#" -gt 0 ]; then fi # Check the _DISABLE_SSL value and set HTTP or HTTPS. -if [ "$_DISABLE_SSL" -eq "${BS_TRUE}" ]; then +if [ "$_DISABLE_SSL" -eq $BS_TRUE ]; then HTTP_VAL="http" else HTTP_VAL="https" fi # Check the _QUIET_GIT_INSTALLATION value and set SETUP_PY_INSTALL_ARGS. -if [ "$_QUIET_GIT_INSTALLATION" -eq "${BS_TRUE}" ]; then +if [ "$_QUIET_GIT_INSTALLATION" -eq $BS_TRUE ]; then SETUP_PY_INSTALL_ARGS="-q" else SETUP_PY_INSTALL_ARGS="" @@ -723,8 +724,11 @@ exec 2>"$LOGPIPE" # Handle the insecure flags if [ "$_INSECURE_DL" -eq $BS_TRUE ]; then _CURL_ARGS="${_CURL_ARGS} --insecure" - _WGET_ARGS="${_WGET_ARGS} --no-check-certificate" _FETCH_ARGS="${_FETCH_ARGS} --no-verify-peer" + _GPG_ARGS="${_GPG_ARGS} --keyserver-options no-check-cert" + _WGET_ARGS="${_WGET_ARGS} --no-check-certificate" +else + _GPG_ARGS="${_GPG_ARGS} --keyserver-options ca-cert-file=/etc/ssl/certs/ca-certificates.crt" fi #--- FUNCTION ------------------------------------------------------------------------------------------------------- @@ -733,11 +737,11 @@ fi #---------------------------------------------------------------------------------------------------------------------- __fetch_url() { # shellcheck disable=SC2086 - curl $_CURL_ARGS -L -s -o "$1" "$2" >/dev/null 2>&1 || - wget $_WGET_ARGS -q -O "$1" "$2" >/dev/null 2>&1 || - fetch $_FETCH_ARGS -q -o "$1" "$2" >/dev/null 2>&1 || - fetch -q -o "$1" "$2" >/dev/null 2>&1 || # Pre FreeBSD 10 - ftp -o "$1" "$2" >/dev/null 2>&1 # OpenBSD + curl $_CURL_ARGS -L -s -o "$1" "$2" >/dev/null 2>&1 || + wget $_WGET_ARGS -q -O "$1" "$2" >/dev/null 2>&1 || + fetch $_FETCH_ARGS -q -o "$1" "$2" >/dev/null 2>&1 || # FreeBSD + fetch -q -o "$1" "$2" >/dev/null 2>&1 || # Pre FreeBSD 10 + ftp -o "$1" "$2" >/dev/null 2>&1 # OpenBSD } #--- FUNCTION ------------------------------------------------------------------------------------------------------- @@ -1237,7 +1241,6 @@ __ubuntu_derivatives_translation() { #---------------------------------------------------------------------------------------------------------------------- # shellcheck disable=SC2034 __ubuntu_codename_translation() { - case $DISTRO_MINOR_VERSION in "04") _april="yes" @@ -1318,21 +1321,6 @@ __debian_derivatives_translation() { fi } -#--- FUNCTION ------------------------------------------------------------------------------------------------------- -# NAME: __set_suse_pkg_repo -# DESCRIPTION: Set SUSE_PKG_URL to either the upstream SaltStack repo or the -# downstream SUSE repo -#---------------------------------------------------------------------------------------------------------------------- -__set_suse_pkg_repo() { - suse_pkg_url_path="${DISTRO_REPO}/systemsmanagement:saltstack.repo" - if [ "$_DOWNSTREAM_PKG_REPO" -eq $BS_TRUE ]; then - # FIXME: cleartext download over unsecure protocol (HTTP) - suse_pkg_url_base="http://download.opensuse.org/repositories/systemsmanagement:saltstack" - else - suse_pkg_url_base="${HTTP_VAL}://repo.saltstack.com/opensuse" - fi - SUSE_PKG_URL="$suse_pkg_url_base/$suse_pkg_url_path" -} __gather_system_info @@ -1445,6 +1433,7 @@ if ([ "${DISTRO_NAME_L}" != "ubuntu" ] && [ $_PIP_ALL -eq $BS_TRUE ]);then echoerror "${DISTRO_NAME} does not have -a support" exit 1 fi + #--- FUNCTION ------------------------------------------------------------------------------------------------------- # NAME: __function_defined # DESCRIPTION: Checks if a function is defined within this scripts scope @@ -1462,6 +1451,89 @@ __function_defined() { } +#--- FUNCTION ------------------------------------------------------------------------------------------------------- +# NAME: __apt_get_install_noinput +# DESCRIPTION: (DRY) apt-get install with noinput options +# PARAMETERS: packages +#---------------------------------------------------------------------------------------------------------------------- +__apt_get_install_noinput() { + apt-get install -y -o DPkg::Options::=--force-confold "${@}"; return $? +} # ---------- end of function __apt_get_install_noinput ---------- + + +#--- FUNCTION ------------------------------------------------------------------------------------------------------- +# NAME: __apt_get_upgrade_noinput +# DESCRIPTION: (DRY) apt-get upgrade with noinput options +#---------------------------------------------------------------------------------------------------------------------- +__apt_get_upgrade_noinput() { + apt-get upgrade -y -o DPkg::Options::=--force-confold; return $? +} # ---------- end of function __apt_get_upgrade_noinput ---------- + + +#--- FUNCTION ------------------------------------------------------------------------------------------------------- +# NAME: __apt_key_fetch +# DESCRIPTION: Download and import GPG public key for "apt-secure" +# PARAMETERS: url +#---------------------------------------------------------------------------------------------------------------------- +__apt_key_fetch() { + url=$1 + + __apt_get_install_noinput gnupg-curl || return 1 + + # shellcheck disable=SC2086 + apt-key adv ${_GPG_ARGS} --fetch-keys "$url"; return $? +} # ---------- end of function __apt_get_upgrade_noinput ---------- + + +#--- FUNCTION ------------------------------------------------------------------------------------------------------- +# NAME: __rpm_import_gpg +# DESCRIPTION: Download and import GPG public key to rpm database +# PARAMETERS: url +#---------------------------------------------------------------------------------------------------------------------- +__rpm_import_gpg() { + url=$1 + + if __check_command_exists mktemp; then + tempfile="$(mktemp /tmp/salt-gpg-XXXXXXXX.pub 2>/dev/null)" + + if [ -z "$tempfile" ]; then + echoerror "Failed to create temporary file in /tmp" + return 1 + fi + else + tempfile="/tmp/salt-gpg-$$.pub" + fi + + __fetch_url "$tempfile" "$url" || return 1 + rpm --import "$tempfile" || return 1 + rm -f "$tempfile" + + return 0 +} # ---------- end of function __rpm_import_gpg ---------- + + +#--- FUNCTION ------------------------------------------------------------------------------------------------------- +# NAME: __yum_install_noinput +# DESCRIPTION: (DRY) apt-get install with noinput options +#---------------------------------------------------------------------------------------------------------------------- +__yum_install_noinput() { + + ENABLE_EPEL_CMD="" + if [ $_DISABLE_REPOS -eq $BS_TRUE ]; then + ENABLE_EPEL_CMD="--enablerepo=${_EPEL_REPO}" + fi + + if [ "$DISTRO_NAME_L" = "oracle_linux" ]; then + # We need to install one package at a time because --enablerepo=X disables ALL OTHER REPOS!!!! + for package in "${@}"; do + yum -y install "${package}" || yum -y install "${package}" ${ENABLE_EPEL_CMD} || return $? + done + else + yum -y install "${@}" ${ENABLE_EPEL_CMD} || return $? + fi +} + + #--- FUNCTION ------------------------------------------------------------------------------------------------------- # NAME: __git_clone_and_checkout # DESCRIPTION: (DRY) Helper function to clone and checkout salt to a @@ -1579,46 +1651,6 @@ __git_clone_and_checkout() { } -#--- FUNCTION ------------------------------------------------------------------------------------------------------- -# NAME: __apt_get_install_noinput -# DESCRIPTION: (DRY) apt-get install with noinput options -#---------------------------------------------------------------------------------------------------------------------- -__apt_get_install_noinput() { - apt-get install -y -o DPkg::Options::=--force-confold "${@}"; return $? -} - - -#--- FUNCTION ------------------------------------------------------------------------------------------------------- -# NAME: __apt_get_upgrade_noinput -# DESCRIPTION: (DRY) apt-get upgrade with noinput options -#---------------------------------------------------------------------------------------------------------------------- -__apt_get_upgrade_noinput() { - apt-get upgrade -y -o DPkg::Options::=--force-confold; return $? -} - - -#--- FUNCTION ------------------------------------------------------------------------------------------------------- -# NAME: __yum_install_noinput -# DESCRIPTION: (DRY) apt-get install with noinput options -#---------------------------------------------------------------------------------------------------------------------- -__yum_install_noinput() { - - ENABLE_EPEL_CMD="" - if [ $_DISABLE_REPOS -eq $BS_TRUE ]; then - ENABLE_EPEL_CMD="--enablerepo=${_EPEL_REPO}" - fi - - if [ "$DISTRO_NAME_L" = "oracle_linux" ]; then - # We need to install one package at a time because --enablerepo=X disables ALL OTHER REPOS!!!! - for package in "${@}"; do - yum -y install "${package}" || yum -y install "${package}" ${ENABLE_EPEL_CMD} || return $? - done - else - yum -y install "${@}" ${ENABLE_EPEL_CMD} || return $? - fi -} - - #--- FUNCTION ------------------------------------------------------------------------------------------------------- # NAME: __check_end_of_life_versions # DESCRIPTION: Check for end of life distribution versions @@ -1934,33 +1966,6 @@ __overwriteconfig() { } -#--- FUNCTION ------------------------------------------------------------------------------------------------------- -# NAME: __rpm_import_gpg -# DESCRIPTION: Download and import GPG public key to rpm database -# PARAMETERS: url -#---------------------------------------------------------------------------------------------------------------------- -__rpm_import_gpg() { - url="$1" - - if __check_command_exists mktemp; then - tempfile="$(mktemp /tmp/salt-gpg-XXXXXXXX.pub 2>/dev/null)" - - if [ -z "$tempfile" ]; then - echoerror "Failed to create temporary file in /tmp" - return 1 - fi - else - tempfile="/tmp/salt-gpg-$$.pub" - fi - - __fetch_url "$tempfile" "$url" || return 1 - rpm --import "$tempfile" || return 1 - rm -f "$tempfile" - - return 0 -} - - #--- FUNCTION ------------------------------------------------------------------------------------------------------- # NAME: __check_services_systemd # DESCRIPTION: Return 0 or 1 in case the service is enabled or not @@ -2134,7 +2139,7 @@ __activate_virtualenv() { #--- FUNCTION ------------------------------------------------------------------------------------------------------- # NAME: __install_pip_deps # DESCRIPTION: Return 0 or 1 if successfully able to install pip packages via requirements file -# PARAMETERS: requirements_files +# PARAMETERS: requirements_file #---------------------------------------------------------------------------------------------------------------------- __install_pip_deps() { # Install virtualenv to system pip before activating virtualenv if thats going to be used @@ -2164,7 +2169,7 @@ __install_pip_deps() { # shellcheck disable=SC2086,SC2090 pip install -U -r ${requirements_file} ${__PIP_PACKAGES} -} +} # ---------- end of function __install_pip_deps ---------- ####################################################################################################################### @@ -2273,8 +2278,6 @@ __enable_universe_repository() { } install_ubuntu_deps() { - apt-get update - if [ "$DISTRO_MAJOR_VERSION" -gt 12 ] || ([ "$DISTRO_MAJOR_VERSION" -eq 12 ] && [ "$DISTRO_MINOR_VERSION" -eq 10 ]); then # Above Ubuntu 12.04 add-apt-repository is in a different package __apt_get_install_noinput software-properties-common || return 1 @@ -2365,7 +2368,6 @@ install_ubuntu_stable_deps() { if [ $_DISABLE_REPOS -eq $BS_FALSE ]; then __get_dpkg_architecture || return 1 - __REPO_ARCH="$DPKG_ARCHITECTURE" if [ "$DPKG_ARCHITECTURE" = "i386" ]; then @@ -2395,26 +2397,14 @@ install_ubuntu_stable_deps() { # SaltStack's stable Ubuntu repository: SALTSTACK_UBUNTU_URL="${HTTP_VAL}://repo.saltstack.com/apt/ubuntu/${UBUNTU_VERSION}/${__REPO_ARCH}/${STABLE_REV}" - - apt-get update + echo "deb $SALTSTACK_UBUNTU_URL $UBUNTU_CODENAME main" > /etc/apt/sources.list.d/saltstack.list # Make sure https transport is available if [ "$HTTP_VAL" = "https" ] ; then - __apt_get_install_noinput ca-certificates apt-transport-https || return 1 - fi - - # Make sure wget is available - __apt_get_install_noinput wget - - if [ "$(grep -ER 'latest .+ main' /etc/apt)" = "" ]; then - set +o nounset - echo "deb $SALTSTACK_UBUNTU_URL $UBUNTU_CODENAME main" > "/etc/apt/sources.list.d/saltstack.list" - set -o nounset + __apt_get_install_noinput apt-transport-https ca-certificates || return 1 fi - # shellcheck disable=SC2086 - wget $_WGET_ARGS -q $SALTSTACK_UBUNTU_URL/SALTSTACK-GPG-KEY.pub -O - | apt-key add - || return 1 - + __apt_key_fetch "$SALTSTACK_UBUNTU_URL/SALTSTACK-GPG-KEY.pub" || return 1 else # Alternate PPAs: salt16, salt17, salt2014-1, salt2014-7 if [ ! "$(echo "$STABLE_REV" | egrep '^(1\.6|1\.7)$')" = "" ]; then @@ -2432,6 +2422,8 @@ install_ubuntu_stable_deps() { add-apt-repository "ppa:$STABLE_PPA" || return 1 fi fi + + apt-get update fi install_ubuntu_deps || return 1 @@ -2776,10 +2768,7 @@ install_debian_7_deps() { apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 8B48AD6246925553 || return 1 fi - # Make sure wget is available - __apt_get_install_noinput wget || return 1 - - if [ $_DISABLE_REPOS -eq $BS_FALSE ]; then + if [ "$_DISABLE_REPOS" -eq $BS_FALSE ]; then __get_dpkg_architecture || return 1 __REPO_ARCH="$DPKG_ARCHITECTURE" @@ -2805,22 +2794,21 @@ install_debian_7_deps() { echo "deb $SALTSTACK_DEBIAN_URL wheezy main" > "/etc/apt/sources.list.d/saltstack.list" if [ "$HTTP_VAL" = "https" ] ; then - __apt_get_install_noinput ca-certificates apt-transport-https || return 1 + __apt_get_install_noinput apt-transport-https ca-certificates || return 1 fi - # shellcheck disable=SC2086 - wget $_WGET_ARGS -q "$SALTSTACK_DEBIAN_URL/SALTSTACK-GPG-KEY.pub" -O - | apt-key add - || return 1 + __apt_key_fetch "$SALTSTACK_DEBIAN_URL/SALTSTACK-GPG-KEY.pub" || return 1 elif [ -n "$STABLE_REV" ]; then echoerror "Installation of Salt ${STABLE_REV#*/} packages not supported by ${__ScriptName} ${__ScriptVersion} on Debian $DISTRO_MAJOR_VERSION." return 1 fi + + apt-get update else echowarn "Packages from repo.saltstack.com are required to install Salt version 2015.8 or higher on Debian $DISTRO_MAJOR_VERSION." fi - apt-get update || return 1 - # Additionally install procps and pciutils which allows for Docker bootstraps. See 366#issuecomment-39666813 __PACKAGES='procps pciutils' @@ -2858,9 +2846,6 @@ install_debian_8_deps() { apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 7638D0442B90D010 || return 1 fi - # Make sure wget is available - __apt_get_install_noinput wget || return 1 - if [ $_DISABLE_REPOS -eq $BS_FALSE ]; then __get_dpkg_architecture || return 1 @@ -2889,19 +2874,18 @@ install_debian_8_deps() { echo "deb $SALTSTACK_DEBIAN_URL jessie main" > "/etc/apt/sources.list.d/saltstack.list" if [ "$HTTP_VAL" = "https" ] ; then - __apt_get_install_noinput ca-certificates apt-transport-https || return 1 + __apt_get_install_noinput apt-transport-https ca-certificates || return 1 fi - # shellcheck disable=SC2086 - wget $_WGET_ARGS -q "$SALTSTACK_DEBIAN_URL/SALTSTACK-GPG-KEY.pub" -O - | apt-key add - || return 1 + __apt_key_fetch "$SALTSTACK_DEBIAN_URL/SALTSTACK-GPG-KEY.pub" || return 1 elif [ -n "$STABLE_REV" ]; then echoerror "Installation of Salt ${STABLE_REV#*/} packages not supported by ${__ScriptName} ${__ScriptVersion} on Debian $DISTRO_MAJOR_VERSION." return 1 fi - fi - apt-get update || return 1 + apt-get update + fi # Additionally install procps and pciutils which allows for Docker bootstraps. See 366#issuecomment-39666813 __PACKAGES='procps pciutils' @@ -3095,12 +3079,14 @@ install_debian_git_post() { SYSTEMD_RELOAD=$BS_TRUE # Install initscripts for Debian 7 "Wheezy" - elif [ ! -f /etc/init.d/salt-$fname ] || \ - ([ -f /etc/init.d/salt-$fname ] && [ $_FORCE_OVERWRITE -eq $BS_TRUE ]); then + elif [ ! -f "/etc/init.d/salt-$fname" ] || \ + ([ -f "/etc/init.d/salt-$fname" ] && [ "$_FORCE_OVERWRITE" -eq $BS_TRUE ]); then if [ -f "${_SALT_GIT_CHECKOUT_DIR}/pkg/deb/salt-$fname.init" ]; then __copyfile "${_SALT_GIT_CHECKOUT_DIR}/pkg/deb/salt-${fname}.init" "/etc/init.d/salt-${fname}" __copyfile "${_SALT_GIT_CHECKOUT_DIR}/pkg/deb/salt-${fname}.environment" "/etc/default/salt-${fname}" else + # Make sure wget is available + __check_command_exists wget || __apt_get_install_noinput wget || return 1 __fetch_url "/etc/init.d/salt-${fname}" "${HTTP_VAL}://anonscm.debian.org/cgit/pkg-salt/salt.git/plain/debian/salt-${fname}.init" fi @@ -5095,6 +5081,17 @@ install_smartos_restart_daemons() { # __ZYPPER_REQUIRES_REPLACE_FILES=-1 +__set_suse_pkg_repo() { + suse_pkg_url_path="${DISTRO_REPO}/systemsmanagement:saltstack.repo" + if [ "$_DOWNSTREAM_PKG_REPO" -eq $BS_TRUE ]; then + # FIXME: cleartext download over unsecure protocol (HTTP) + suse_pkg_url_base="http://download.opensuse.org/repositories/systemsmanagement:saltstack" + else + suse_pkg_url_base="${HTTP_VAL}://repo.saltstack.com/opensuse" + fi + SUSE_PKG_URL="$suse_pkg_url_base/$suse_pkg_url_path" +} + __version_lte() { if ! __check_command_exists python; then zypper zypper --non-interactive install --replacefiles --auto-agree-with-licenses python || \ From f5236516683bb5165433f6dd20cb509dcc92ae36 Mon Sep 17 00:00:00 2001 From: Denys Havrysh Date: Fri, 19 Aug 2016 11:14:58 +0300 Subject: [PATCH 05/28] On Debian and Ubuntu allow to obtain GnuPG archive keys insecurely --- bootstrap-salt.sh | 86 ++++++++++++++++++++++++----------------------- 1 file changed, 44 insertions(+), 42 deletions(-) diff --git a/bootstrap-salt.sh b/bootstrap-salt.sh index 311e3b92b..b65895dd9 100755 --- a/bootstrap-salt.sh +++ b/bootstrap-salt.sh @@ -300,21 +300,22 @@ __usage() { -d Disables checking if Salt services are enabled to start on system boot. You can also do this by touching /tmp/disable_salt_checks on the target host. Default: \${BS_FALSE} - -C Only run the configuration function. This option automatically bypasses - any installation. Implies -F (forced overwrite). To overwrite master or - syndic configs, -M or -S, respectively, must also be specified. -P Allow pip based installations. On some distributions the required salt packages or its dependencies are not available as a package for that distribution. Using this flag allows the script to use pip as a last resort method. NOTE: This only works for functions which actually implement pip based installations. - -F Allow copied files to overwrite existing (config, init.d, etc) -U If set, fully upgrade the system prior to bootstrapping Salt - -K If set, keep the temporary files in the temporary directories specified - with -c and -k -I If set, allow insecure connections while downloading any files. For example, pass '--no-check-certificate' to 'wget' or '--insecure' to - 'curl' + 'curl'. On Debian and Ubuntu, using this option with -U allows to obtain + GnuPG archive keys insecurely if distro has changed release signatures. + -F Allow copied files to overwrite existing (config, init.d, etc) + -K If set, keep the temporary files in the temporary directories specified + with -c and -k + -C Only run the configuration function. This option automatically bypasses + any installation. Implies -F (forced overwrite). To overwrite master or + syndic configs, -M or -S, respectively, must also be specified. -A Pass the salt-master DNS name or IP. This will be stored under \${BS_SALT_ETC_DIR}/minion.d/99-master-address.conf -i Pass the salt-minion id. This will be stored under @@ -1482,7 +1483,7 @@ __apt_key_fetch() { # shellcheck disable=SC2086 apt-key adv ${_GPG_ARGS} --fetch-keys "$url"; return $? -} # ---------- end of function __apt_get_upgrade_noinput ---------- +} # ---------- end of function __apt_key_fetch ---------- #--- FUNCTION ------------------------------------------------------------------------------------------------------- @@ -1514,7 +1515,7 @@ __rpm_import_gpg() { #--- FUNCTION ------------------------------------------------------------------------------------------------------- # NAME: __yum_install_noinput -# DESCRIPTION: (DRY) apt-get install with noinput options +# DESCRIPTION: (DRY) yum install with noinput options #---------------------------------------------------------------------------------------------------------------------- __yum_install_noinput() { @@ -1531,7 +1532,7 @@ __yum_install_noinput() { else yum -y install "${@}" ${ENABLE_EPEL_CMD} || return $? fi -} +} # ---------- end of function __yum_install_noinput ---------- #--- FUNCTION ------------------------------------------------------------------------------------------------------- @@ -2330,10 +2331,6 @@ install_ubuntu_deps() { # Additionally install procps and pciutils which allows for Docker bootstraps. See 366#issuecomment-39666813 __PACKAGES="${__PACKAGES} procps pciutils" - if [ "$_UPGRADE_SYS" -eq $BS_TRUE ]; then - __apt_get_upgrade_noinput || return 1 - fi - # shellcheck disable=SC2086,SC2090 __apt_get_install_noinput ${__PACKAGES} || return 1 @@ -2363,8 +2360,13 @@ install_ubuntu_stable_deps() { apt-get update - # Install Keys - __apt_get_install_noinput debian-archive-keyring && apt-get update + if [ "${_UPGRADE_SYS}" -eq $BS_TRUE ]; then + if [ "${_INSECURE_DL}" -eq $BS_TRUE ]; then + __apt_get_install_noinput --allow-unauthenticated debian-archive-keyring && apt-get update + fi + + __apt_get_upgrade_noinput || return 1 + fi if [ $_DISABLE_REPOS -eq $BS_FALSE ]; then __get_dpkg_architecture || return 1 @@ -2717,8 +2719,14 @@ install_debian_deps() { apt-get update - # Install Keys - __apt_get_install_noinput debian-archive-keyring && apt-get update + if [ "${_UPGRADE_SYS}" -eq $BS_TRUE ]; then + # Try to update GPG keys first if allowed + if [ "${_INSECURE_DL}" -eq $BS_TRUE ]; then + __apt_get_install_noinput --allow-unauthenticated debian-archive-keyring && apt-get update + fi + + __apt_get_upgrade_noinput || return 1 + fi # Install procps and pciutils which allows for Docker bootstraps. See #366#issuecomment-39666813 __PACKAGES="procps pciutils" @@ -2727,6 +2735,12 @@ install_debian_deps() { # shellcheck disable=SC2086 __apt_get_install_noinput ${__PACKAGES} || return 1 + if [ "${_EXTRA_PACKAGES}" != "" ]; then + echoinfo "Installing the following extra packages as requested: ${_EXTRA_PACKAGES}" + # shellcheck disable=SC2086 + __apt_get_install_noinput ${_EXTRA_PACKAGES} || return 1 + fi + if [ "$_INSTALL_CLOUD" -eq $BS_TRUE ]; then # shellcheck disable=SC2089 __PIP_PACKAGES="${__PIP_PACKAGES} 'apache-libcloud>=$_LIBCLOUD_MIN_VERSION'" @@ -2737,16 +2751,6 @@ install_debian_deps() { pip install -U ${__PIP_PACKAGES} || return 1 fi - if [ "$_UPGRADE_SYS" -eq $BS_TRUE ]; then - __apt_get_upgrade_noinput || return 1 - fi - - if [ "${_EXTRA_PACKAGES}" != "" ]; then - echoinfo "Installing the following extra packages as requested: ${_EXTRA_PACKAGES}" - # shellcheck disable=SC2086 - __apt_get_install_noinput ${_EXTRA_PACKAGES} || return 1 - fi - return 0 } @@ -2760,12 +2764,13 @@ install_debian_7_deps() { apt-get update - # Install Keys - __apt_get_install_noinput debian-archive-keyring && apt-get update + if [ "${_UPGRADE_SYS}" -eq $BS_TRUE ]; then + # Try to update GPG keys first if allowed + if [ "${_INSECURE_DL}" -eq $BS_TRUE ]; then + __apt_get_install_noinput --allow-unauthenticated debian-archive-keyring && apt-get update + fi - # Install Debian Archive Automatic Signing Key (7.0/wheezy), see #557 - if [ "$(apt-key finger | grep 'A1BD 8E9D 78F7 FE5C 3E65 D8AF 8B48 AD62 4692 5553')" = "" ]; then - apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 8B48AD6246925553 || return 1 + __apt_get_upgrade_noinput || return 1 fi if [ "$_DISABLE_REPOS" -eq $BS_FALSE ]; then @@ -2815,10 +2820,6 @@ install_debian_7_deps() { # shellcheck disable=SC2086 __apt_get_install_noinput ${__PACKAGES} || return 1 - if [ "$_UPGRADE_SYS" -eq $BS_TRUE ]; then - __apt_get_upgrade_noinput || return 1 - fi - if [ "${_EXTRA_PACKAGES}" != "" ]; then echoinfo "Installing the following extra packages as requested: ${_EXTRA_PACKAGES}" # shellcheck disable=SC2086 @@ -2838,12 +2839,13 @@ install_debian_8_deps() { apt-get update - # Install Keys - __apt_get_install_noinput debian-archive-keyring && apt-get update + if [ "${_UPGRADE_SYS}" -eq $BS_TRUE ]; then + # Try to update GPG keys first if allowed + if [ "${_INSECURE_DL}" -eq $BS_TRUE ]; then + __apt_get_install_noinput --allow-unauthenticated debian-archive-keyring && apt-get update + fi - # Install Debian Archive Automatic Signing Key (8/jessie), see #557 - if [ "$(apt-key finger | grep '126C 0D24 BD8A 2942 CC7D F8AC 7638 D044 2B90 D010')" = "" ]; then - apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 7638D0442B90D010 || return 1 + __apt_get_upgrade_noinput || return 1 fi if [ $_DISABLE_REPOS -eq $BS_FALSE ]; then From caadc0931ec53611b0dfdc5660c710b3a44168c3 Mon Sep 17 00:00:00 2001 From: Denys Havrysh Date: Fri, 26 Aug 2016 10:36:29 +0300 Subject: [PATCH 06/28] Debian/Ubuntu: update the local keyring with the archive keyring --- bootstrap-salt.sh | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/bootstrap-salt.sh b/bootstrap-salt.sh index b65895dd9..017d3542e 100755 --- a/bootstrap-salt.sh +++ b/bootstrap-salt.sh @@ -2362,13 +2362,14 @@ install_ubuntu_stable_deps() { if [ "${_UPGRADE_SYS}" -eq $BS_TRUE ]; then if [ "${_INSECURE_DL}" -eq $BS_TRUE ]; then - __apt_get_install_noinput --allow-unauthenticated debian-archive-keyring && apt-get update + __apt_get_install_noinput --allow-unauthenticated debian-archive-keyring && + apt-key update && apt-get update fi __apt_get_upgrade_noinput || return 1 fi - if [ $_DISABLE_REPOS -eq $BS_FALSE ]; then + if [ ${_DISABLE_REPOS} -eq $BS_FALSE ]; then __get_dpkg_architecture || return 1 __REPO_ARCH="$DPKG_ARCHITECTURE" @@ -2722,7 +2723,8 @@ install_debian_deps() { if [ "${_UPGRADE_SYS}" -eq $BS_TRUE ]; then # Try to update GPG keys first if allowed if [ "${_INSECURE_DL}" -eq $BS_TRUE ]; then - __apt_get_install_noinput --allow-unauthenticated debian-archive-keyring && apt-get update + __apt_get_install_noinput --allow-unauthenticated debian-archive-keyring && + apt-key update && apt-get update fi __apt_get_upgrade_noinput || return 1 @@ -2767,13 +2769,14 @@ install_debian_7_deps() { if [ "${_UPGRADE_SYS}" -eq $BS_TRUE ]; then # Try to update GPG keys first if allowed if [ "${_INSECURE_DL}" -eq $BS_TRUE ]; then - __apt_get_install_noinput --allow-unauthenticated debian-archive-keyring && apt-get update + __apt_get_install_noinput --allow-unauthenticated debian-archive-keyring && + apt-key update && apt-get update fi __apt_get_upgrade_noinput || return 1 fi - if [ "$_DISABLE_REPOS" -eq $BS_FALSE ]; then + if [ "${_DISABLE_REPOS}" -eq $BS_FALSE ]; then __get_dpkg_architecture || return 1 __REPO_ARCH="$DPKG_ARCHITECTURE" @@ -2842,13 +2845,14 @@ install_debian_8_deps() { if [ "${_UPGRADE_SYS}" -eq $BS_TRUE ]; then # Try to update GPG keys first if allowed if [ "${_INSECURE_DL}" -eq $BS_TRUE ]; then - __apt_get_install_noinput --allow-unauthenticated debian-archive-keyring && apt-get update + __apt_get_install_noinput --allow-unauthenticated debian-archive-keyring && + apt-key update && apt-get update fi __apt_get_upgrade_noinput || return 1 fi - if [ $_DISABLE_REPOS -eq $BS_FALSE ]; then + if [ ${_DISABLE_REPOS} -eq $BS_FALSE ]; then __get_dpkg_architecture || return 1 __REPO_ARCH="$DPKG_ARCHITECTURE" From cdef85919fcabbbd1769929df59cec59e6ba26ab Mon Sep 17 00:00:00 2001 From: Denys Havrysh Date: Sat, 27 Aug 2016 23:40:56 +0300 Subject: [PATCH 07/28] Deprecate `-G` option: use `https` scheme for GitHub by default --- README.rst | 10 +++++----- bootstrap-salt.sh | 19 +++---------------- tests/bootstrap/test_install.py | 2 +- 3 files changed, 9 insertions(+), 22 deletions(-) diff --git a/README.rst b/README.rst index 33e7763c9..951f9e000 100644 --- a/README.rst +++ b/README.rst @@ -66,7 +66,7 @@ If you want to install a specific release version (based on the Git tags): .. code:: console curl -o bootstrap_salt.sh -L https://bootstrap.saltstack.com - sudo sh bootstrap_salt.sh git v2015.8.8 + sudo sh bootstrap_salt.sh git v2016.3.2 To install a specific branch from a Git fork: @@ -88,7 +88,7 @@ If your host has Internet access only via HTTP proxy: PROXY='http://user:password@myproxy.example.com:3128' curl -o bootstrap_salt.sh -L -x "$PROXY" https://bootstrap.saltstack.com - sudo sh bootstrap_salt.sh -G -H "$PROXY" git + sudo sh bootstrap_salt.sh -H "$PROXY" git Install using wget @@ -106,7 +106,7 @@ Installing a specific version from git using ``wget``: .. code:: console wget -O bootstrap_salt.sh https://bootstrap.saltstack.com - sudo sh bootstrap_salt.sh -P git v2015.8.7 + sudo sh bootstrap_salt.sh -P git v2015.8.11 .. note:: @@ -548,8 +548,8 @@ Salt is ready and working in the Docker container with Minion authenticated on M .. _`pre-accepted Minion key`: https://docs.saltstack.com/en/latest/topics/tutorials/preseed_key.html -.. vim: fenc=utf-8 spell spl=en cc=100 tw=99 fo=want sts=2 sw=2 et - .. |windows_build| image:: https://ci.appveyor.com/api/projects/status/github/saltstack/salt-bootstrap?branch=develop&svg=true :target: https://ci.appveyor.com/project/saltstack-public/salt-bootstrap :alt: Build status of the develop branch on Windows + +.. vim: fenc=utf-8 spell spl=en cc=100 tw=99 fo=want sts=2 sw=2 et diff --git a/bootstrap-salt.sh b/bootstrap-salt.sh index 4b9483610..e9c4a416a 100755 --- a/bootstrap-salt.sh +++ b/bootstrap-salt.sh @@ -193,7 +193,7 @@ __check_config_dir() { #---------------------------------------------------------------------------------------------------------------------- _KEEP_TEMP_FILES=${BS_KEEP_TEMP_FILES:-$BS_FALSE} _TEMP_CONFIG_DIR="null" -_SALTSTACK_REPO_URL="git://github.com/saltstack/salt.git" +_SALTSTACK_REPO_URL="https://github.com/saltstack/salt.git" _SALT_REPO_URL=${_SALTSTACK_REPO_URL} _DOWNSTREAM_PKG_REPO=$BS_FALSE _TEMP_KEYS_DIR="null" @@ -280,10 +280,6 @@ __usage() { -D Show debug output -c Temporary configuration directory -g Salt Git repository URL. Default: ${_SALTSTACK_REPO_URL} - -G Instead of cloning from ${_SALTSTACK_REPO_URL}, clone from - https://${_SALTSTACK_REPO_URL#*://} - (usually necessary on systems which have the regular git protocol port - blocked, where https usually is not) -w Install packages from downstream package repository rather than upstream, saltstack package repository. This is currently only implemented for SUSE. @@ -360,7 +356,7 @@ EOT } # ---------- end of function __usage ---------- -while getopts ":hvnDc:Gg:wk:s:MSNXCPFUKIA:i:Lp:dH:ZbflV:J:j:rR:aq" opt +while getopts ":hvnDc:g:wk:s:MSNXCPFUKIA:i:Lp:dH:ZbflV:J:j:rR:aq" opt do case "${opt}" in @@ -383,14 +379,6 @@ do g ) _SALT_REPO_URL=$OPTARG ;; - G ) if [ "${_SALT_REPO_URL}" = "${_SALTSTACK_REPO_URL}" ]; then - _SALTSTACK_REPO_URL="https://github.com/saltstack/salt.git" - _SALT_REPO_URL=${_SALTSTACK_REPO_URL} - else - _SALTSTACK_REPO_URL="https://github.com/saltstack/salt.git" - fi - ;; - w ) _DOWNSTREAM_PKG_REPO=$BS_TRUE ;; k ) _TEMP_KEYS_DIR="$OPTARG" @@ -1553,8 +1541,7 @@ __git_clone_and_checkout() { # shellcheck disable=SC2164 cd "${_SALT_GIT_CHECKOUT_DIR}" - if ! echo "$_SALT_REPO_URL" | \ - grep -q -x '\(\(git\|https\)://github\.com/\|git@github\.com:\)saltstack/salt\.git'; then + if ! echo "$_SALT_REPO_URL" | grep -q -F -w "${_SALTSTACK_REPO_URL#*://}"; then # We need to add the saltstack repository as a remote and fetch tags for proper versioning echoinfo "Adding SaltStack's Salt repository as a remote" git remote add upstream "$_SALTSTACK_REPO_URL" || return 1 diff --git a/tests/bootstrap/test_install.py b/tests/bootstrap/test_install.py index 0b34ec888..3195c2e86 100644 --- a/tests/bootstrap/test_install.py +++ b/tests/bootstrap/test_install.py @@ -605,7 +605,7 @@ def test_install_from_git_on_checked_out_repository(self): 0, self.run_script( script=None, - args=('git', 'clone', 'git://github.com/saltstack/salt.git'), + args=('git', 'clone', 'https://github.com/saltstack/salt.git'), cwd='/tmp/git', timeout=15 * 60, stream_stds=True From c978acd0bcd4656fc4e6c79d6dafc462d1b831a7 Mon Sep 17 00:00:00 2001 From: rallytime Date: Mon, 29 Aug 2016 16:58:53 -0600 Subject: [PATCH 08/28] Add /etc/portage/package.accept_keywords to CONFIG_PROTECT_MASK Refs #876 --- bootstrap-salt.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bootstrap-salt.sh b/bootstrap-salt.sh index e9c4a416a..b6829b916 100755 --- a/bootstrap-salt.sh +++ b/bootstrap-salt.sh @@ -5788,7 +5788,7 @@ __gentoo_config_protection() { # this point, manually merge the changes using etc-update/dispatch-conf/ # cfg-update and then restart the bootstrapping script, so instead we allow # at this point to modify certain config files directly - export CONFIG_PROTECT_MASK="${CONFIG_PROTECT_MASK:-} /etc/portage/package.keywords /etc/portage/package.unmask /etc/portage/package.use /etc/portage/package.license" + export CONFIG_PROTECT_MASK="${CONFIG_PROTECT_MASK:-} /etc/portage/package.accept_keywords /etc/portage/package.keywords /etc/portage/package.license /etc/portage/package.unmask /etc/portage/package.use" } __gentoo_pre_dep() { From ac982819f88755244280b045640bdfb33464e2a0 Mon Sep 17 00:00:00 2001 From: Denys Havrysh Date: Thu, 1 Sep 2016 17:45:15 +0300 Subject: [PATCH 09/28] Update .gitignore with more generic pattern for VIM swap files --- .gitignore | 3 +-- bootstrap-salt.sh | 8 ++++---- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/.gitignore b/.gitignore index a4b29eb47..212000897 100644 --- a/.gitignore +++ b/.gitignore @@ -1,7 +1,6 @@ /.project -*.swp +*.sw? .vagrant # Pycharm .idea - diff --git a/bootstrap-salt.sh b/bootstrap-salt.sh index 017d3542e..eb9fb92e5 100755 --- a/bootstrap-salt.sh +++ b/bootstrap-salt.sh @@ -592,7 +592,7 @@ else fi # Root permissions are required to run this script -if [ "$(${whoami})" != "root" ]; then +if [ "$($whoami)" != "root" ]; then echoerror "Salt requires root privileges to install. Please re-run this script as root." exit 1 fi @@ -612,14 +612,14 @@ if [ "${CALLER}x" = "${0}x" ]; then fi # Work around for 'Docker + salt-bootstrap failure' https://github.com/saltstack/salt-bootstrap/issues/394 -if [ ${_DISABLE_SALT_CHECKS} -eq $BS_FALSE ] && [ -f /tmp/disable_salt_checks ]; then +if [ "${_DISABLE_SALT_CHECKS}" -eq $BS_FALSE ] && [ -f /tmp/disable_salt_checks ]; then # shellcheck disable=SC2016 echowarn 'Found file: /tmp/disable_salt_checks, setting _DISABLE_SALT_CHECKS=$BS_TRUE' _DISABLE_SALT_CHECKS=$BS_TRUE fi # Because -a can only be installed into virtualenv -if ([ $_PIP_ALL -eq $BS_TRUE ] && [ "$_VIRTUALENV_DIR" = "null" ]); then +if [ "${_PIP_ALL}" -eq $BS_TRUE ] && [ "${_VIRTUALENV_DIR}" = "null" ]; then usage # Could possibly set up a default virtualenv location when -a flag is passed echoerror "Using -a requires -V because pip pkgs should be siloed from python system pkgs" @@ -627,7 +627,7 @@ if ([ $_PIP_ALL -eq $BS_TRUE ] && [ "$_VIRTUALENV_DIR" = "null" ]); then fi # Make sure virtualenv directory does not already exist -if [ -d "$_VIRTUALENV_DIR" ]; then +if [ -d "${_VIRTUALENV_DIR}" ]; then echoerror "The directory ${_VIRTUALENV_DIR} for virtualenv already exists" exit 1 fi From 76f4d20dbed9c3d6cd94afebe5857cb422f1246b Mon Sep 17 00:00:00 2001 From: rallytime Date: Fri, 2 Sep 2016 11:28:20 -0600 Subject: [PATCH 10/28] Add python-futures package to install_centos_git_deps --- bootstrap-salt.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bootstrap-salt.sh b/bootstrap-salt.sh index b6829b916..2d0e39eb5 100755 --- a/bootstrap-salt.sh +++ b/bootstrap-salt.sh @@ -3581,7 +3581,7 @@ install_centos_git_deps() { __PACKAGES="${__PACKAGES} python26-PyYAML python26-m2crypto m2crypto python26 python26-requests" __PACKAGES="${__PACKAGES} python26-crypto python26-jinja2 python26-msgpack python26-tornado python26-zmq" else - __PACKAGES="${__PACKAGES} PyYAML m2crypto python-crypto python-msgpack python-zmq python-jinja2" + __PACKAGES="${__PACKAGES} PyYAML m2crypto python-crypto python-futures python-msgpack python-zmq python-jinja2" __PACKAGES="${__PACKAGES} python-requests python-tornado" fi From 01597bcfa0323a835be4f0b6b7dd621856cf2fd0 Mon Sep 17 00:00:00 2001 From: rallytime Date: Thu, 8 Sep 2016 15:32:38 -0600 Subject: [PATCH 11/28] Try to install SP4 packages on SLE 11 when SP version is older Fixes #941 If we detect an older service pack when installing Salt on SLES, we should warn the user that we'll attempt to install SP4 Salt packages, and then attempt to do so. repo.saltstack.com pegs the SLE 11 repo at SP4, as does SUSE, so we should attempt to install those instead of failing like this: ``` File '/opensuse/SLE_11_SP3/systemsmanagement:saltstack.repo' not found on medium 'https://repo.saltstack.com/' ``` --- bootstrap-salt.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/bootstrap-salt.sh b/bootstrap-salt.sh index 2d0e39eb5..446810714 100755 --- a/bootstrap-salt.sh +++ b/bootstrap-salt.sh @@ -5560,7 +5560,11 @@ install_suse_12_restart_daemons() { install_suse_11_stable_deps() { SUSE_PATCHLEVEL=$(awk '/PATCHLEVEL/ {print $3}' /etc/SuSE-release ) if [ "${SUSE_PATCHLEVEL}" != "" ]; then - DISTRO_PATCHLEVEL="_SP${SUSE_PATCHLEVEL}" + if [ "${SUSE_PATCHLEVEL}" != "4" ]; then + echowarn "Salt packages for SLE 11 are only build for SP4." + echowarn "Attempting to install SP4 packages on SP${SUSE_PATCHLEVEL}." + fi + DISTRO_PATCHLEVEL="_SP4" fi DISTRO_REPO="SLE_${DISTRO_MAJOR_VERSION}${DISTRO_PATCHLEVEL}" From f6087d7bd2b0561a4d04438c9df5876f13df4b86 Mon Sep 17 00:00:00 2001 From: rallytime Date: Thu, 8 Sep 2016 17:08:05 -0600 Subject: [PATCH 12/28] Remove m2crypto package installs M2Crypto was removed as a hard dependency in Salt starting with the 2015.8 releases. We don't need to install this during a bootstrap run anymore. --- bootstrap-salt.sh | 26 +++++++++----------------- 1 file changed, 9 insertions(+), 17 deletions(-) diff --git a/bootstrap-salt.sh b/bootstrap-salt.sh index 2d0e39eb5..b13b7c859 100755 --- a/bootstrap-salt.sh +++ b/bootstrap-salt.sh @@ -2478,7 +2478,7 @@ install_ubuntu_git_deps() { else install_ubuntu_stable_deps || return 1 - __PACKAGES="${__PACKAGES} python-crypto python-jinja2 python-m2crypto python-msgpack python-requests" + __PACKAGES="${__PACKAGES} python-crypto python-jinja2 python-msgpack python-requests" __PACKAGES="${__PACKAGES} python-tornado python-yaml python-zmq" if [ "$_INSTALL_CLOUD" -eq $BS_TRUE ]; then @@ -2917,7 +2917,7 @@ install_debian_git_deps() { __git_clone_and_checkout || return 1 __PACKAGES="libzmq3 libzmq3-dev lsb-release python-apt python-backports.ssl-match-hostname python-crypto" - __PACKAGES="${__PACKAGES} python-jinja2 python-m2crypto python-msgpack python-requests python-tornado" + __PACKAGES="${__PACKAGES} python-jinja2 python-msgpack python-requests python-tornado" __PACKAGES="${__PACKAGES} python-tornado python-yaml python-zmq" if [ "$_INSTALL_CLOUD" -eq $BS_TRUE ]; then @@ -2953,7 +2953,7 @@ install_debian_8_git_deps() { __git_clone_and_checkout || return 1 - __PACKAGES='libzmq3 libzmq3-dev lsb-release python-apt python-crypto python-jinja2 python-m2crypto python-msgpack python-requests python-yaml python-zmq' + __PACKAGES='libzmq3 libzmq3-dev lsb-release python-apt python-crypto python-jinja2 python-msgpack python-requests python-yaml python-zmq' if [ "$_INSTALL_CLOUD" -eq $BS_TRUE ]; then # Install python-libcloud if asked to @@ -3177,7 +3177,7 @@ install_fedora_deps() { __install_saltstack_copr_salt_repository || return 1 fi - __PACKAGES="yum-utils PyYAML libyaml m2crypto python-crypto python-jinja2 python-zmq" + __PACKAGES="yum-utils PyYAML libyaml python-crypto python-jinja2 python-zmq" if [ "$DISTRO_MAJOR_VERSION" -ge 23 ]; then __PACKAGES="${__PACKAGES} python2-msgpack python2-requests" @@ -3578,10 +3578,10 @@ install_centos_git_deps() { __PACKAGES="" if [ "$DISTRO_MAJOR_VERSION" -eq 5 ]; then - __PACKAGES="${__PACKAGES} python26-PyYAML python26-m2crypto m2crypto python26 python26-requests" + __PACKAGES="${__PACKAGES} python26-PyYAML python26 python26-requests" __PACKAGES="${__PACKAGES} python26-crypto python26-jinja2 python26-msgpack python26-tornado python26-zmq" else - __PACKAGES="${__PACKAGES} PyYAML m2crypto python-crypto python-futures python-msgpack python-zmq python-jinja2" + __PACKAGES="${__PACKAGES} PyYAML python-crypto python-futures python-msgpack python-zmq python-jinja2" __PACKAGES="${__PACKAGES} python-requests python-tornado" fi @@ -4094,7 +4094,7 @@ _eof fi fi - __PACKAGES="PyYAML m2crypto python-crypto python-msgpack python-zmq python26-ordereddict python-jinja2 python-requests" + __PACKAGES="PyYAML python-crypto python-msgpack python-zmq python26-ordereddict python-jinja2 python-requests" # shellcheck disable=SC2086 yum -y install ${__PACKAGES} ${ENABLE_EPEL_CMD} || return 1 @@ -4236,7 +4236,7 @@ install_arch_linux_git_deps() { fi pacman -R --noconfirm python2-distribute pacman -Sy --noconfirm --needed python2-crypto python2-setuptools python2-jinja \ - python2-m2crypto python2-markupsafe python2-msgpack python2-psutil python2-yaml \ + python2-markupsafe python2-msgpack python2-psutil python2-yaml \ python2-pyzmq zeromq python2-requests python2-systemd || return 1 __git_clone_and_checkout || return 1 @@ -4909,7 +4909,7 @@ install_openbsd_restart_daemons() { # SmartOS Install Functions # install_smartos_deps() { - pkgin -y install zeromq py27-m2crypto py27-crypto py27-msgpack py27-yaml py27-jinja2 py27-zmq py27-requests || return 1 + pkgin -y install zeromq py27-crypto py27-msgpack py27-yaml py27-jinja2 py27-zmq py27-requests || return 1 # Set _SALT_ETC_DIR to SmartOS default if they didn't specify _SALT_ETC_DIR=${BS_SALT_ETC_DIR:-/opt/local/etc/salt} @@ -5401,10 +5401,6 @@ install_suse_12_stable_deps() { __PACKAGES="${__PACKAGES} python-apache-libcloud" fi - # SLES 11 SP3 ships with both python-M2Crypto-0.22.* and python-m2crypto-0.21 and we will be asked which - # we want to install, even with --non-interactive. - # Let's try to install the higher version first and then the lower one in case of failure - __zypper_install 'python-M2Crypto>=0.22' || __zypper_install 'python-M2Crypto>=0.21' || return 1 # shellcheck disable=SC2086,SC2090 __zypper_install ${__PACKAGES} || return 1 @@ -5593,10 +5589,6 @@ install_suse_11_stable_deps() { __PACKAGES="${__PACKAGES} python-PyYAML" fi - # SLES 11 SP3 ships with both python-M2Crypto-0.22.* and python-m2crypto-0.21 and we will be asked which - # we want to install, even with --non-interactive. - # Let's try to install the higher version first and then the lower one in case of failure - __zypper_install 'python-M2Crypto>=0.22' || __zypper_install 'python-M2Crypto>=0.21' || return 1 # shellcheck disable=SC2086,SC2090 __zypper_install ${__PACKAGES} || return 1 From 3388e470b8b31d16f130dcc3bcaa35f31fff6153 Mon Sep 17 00:00:00 2001 From: Ivan Kadochnikov Date: Tue, 13 Sep 2016 03:33:27 +1000 Subject: [PATCH 13/28] Minimize python use when replacing configs --- bootstrap-salt.sh | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/bootstrap-salt.sh b/bootstrap-salt.sh index b13b7c859..a3d6cd870 100755 --- a/bootstrap-salt.sh +++ b/bootstrap-salt.sh @@ -1901,17 +1901,14 @@ __overwriteconfig() { # Convert json string to a yaml string and write it to config file. Output is dumped into tempfile. python -c "import json; import yaml; jsn=json.loads('$json'); yml=yaml.safe_dump(jsn, line_break='\n', default_flow_style=False); config_file=open('$target', 'w'); config_file.write(yml); config_file.close();" 2>$tempfile - # Check if there were any errors output to the tempfile - filesize=$(python -c "import os; print os.stat('$tempfile').st_size;") - # No python errors output to the tempfile - if [ "$filesize" -eq 0 ]; then + if [ ! -s "$tempfile" ]; then rm -f "$tempfile" return 0 fi - # Errors are present in the tempfile - let's expose the that to the user. - fullerror=$(python -c "tmp_file=open('$tempfile'); print tmp_file.read(); tmp_file.close()") + # Errors are present in the tempfile - let's expose them to the user. + fullerror=$(cat "$tempfile") echodebug "$fullerror" echoerror "Python error encountered. This is likely due to passing in a malformed JSON string. Please use -D to see stacktrace." From 7206d7304362ea0f143db76cacada288a89abff9 Mon Sep 17 00:00:00 2001 From: Ivan Kadochnikov Date: Tue, 13 Sep 2016 03:35:20 +1000 Subject: [PATCH 14/28] Test python for yaml when replacing configs --- bootstrap-salt.sh | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/bootstrap-salt.sh b/bootstrap-salt.sh index a3d6cd870..be52c770c 100755 --- a/bootstrap-salt.sh +++ b/bootstrap-salt.sh @@ -1898,8 +1898,15 @@ __overwriteconfig() { tempfile="/tmp/salt-config-$$" fi + # If python does not have yaml installed we're on Arch and should use python2 + if python -c "import yaml" 2> /dev/null; then + good_python=python + else + good_python=python2 + fi + # Convert json string to a yaml string and write it to config file. Output is dumped into tempfile. - python -c "import json; import yaml; jsn=json.loads('$json'); yml=yaml.safe_dump(jsn, line_break='\n', default_flow_style=False); config_file=open('$target', 'w'); config_file.write(yml); config_file.close();" 2>$tempfile + $good_python -c "import json; import yaml; jsn=json.loads('$json'); yml=yaml.safe_dump(jsn, line_break='\n', default_flow_style=False); config_file=open('$target', 'w'); config_file.write(yml); config_file.close();" 2>$tempfile # No python errors output to the tempfile if [ ! -s "$tempfile" ]; then From e6e07c63b7a6ffa7bfc1520073121753137ce850 Mon Sep 17 00:00:00 2001 From: Justin Anderson Date: Mon, 12 Sep 2016 12:07:30 -0600 Subject: [PATCH 15/28] Allow correct salt paths to be used when -c is passed --- bootstrap-salt.sh | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/bootstrap-salt.sh b/bootstrap-salt.sh index be52c770c..998760cd3 100755 --- a/bootstrap-salt.sh +++ b/bootstrap-salt.sh @@ -4563,15 +4563,16 @@ install_freebsd_git_deps() { fi echodebug "Finished patching" + # Set _SALT_ETC_DIR to ports default + _SALT_ETC_DIR=${BS_SALT_ETC_DIR:-/usr/local/etc/salt} + # We also need to redefine the PKI directory + _PKI_DIR=${_SALT_ETC_DIR}/pki + # Let's trigger config_salt() if [ "$_TEMP_CONFIG_DIR" = "null" ]; then _TEMP_CONFIG_DIR="${_SALT_GIT_CHECKOUT_DIR}/conf/" - CONFIG_SALT_FUNC="config_salt" + CONFIG_SALT_FUNC="config_freebsd_salt" - # Set _SALT_ETC_DIR to ports default - _SALT_ETC_DIR=${BS_SALT_ETC_DIR:-/usr/local/etc/salt} - # We also need to redefine the PKI directory - _PKI_DIR=${_SALT_ETC_DIR}/pki fi return 0 From a7160623d00793eb78c507001d11140fd693daef Mon Sep 17 00:00:00 2001 From: Justin Anderson Date: Mon, 12 Sep 2016 15:46:25 -0600 Subject: [PATCH 16/28] We no longer need a specific config_freebsd_salt function --- bootstrap-salt.sh | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/bootstrap-salt.sh b/bootstrap-salt.sh index 998760cd3..6075b48e4 100755 --- a/bootstrap-salt.sh +++ b/bootstrap-salt.sh @@ -4401,10 +4401,6 @@ install_arch_check_services() { # # FreeBSD Install Functions # -config_freebsd_salt() { - _SALT_ETC_DIR=${BS_SALT_ETC_DIR:-/usr/local/etc/salt} - config_salt -} __freebsd_get_packagesite() { if [ "$CPU_ARCH_L" = "amd64" ]; then @@ -4571,7 +4567,7 @@ install_freebsd_git_deps() { # Let's trigger config_salt() if [ "$_TEMP_CONFIG_DIR" = "null" ]; then _TEMP_CONFIG_DIR="${_SALT_GIT_CHECKOUT_DIR}/conf/" - CONFIG_SALT_FUNC="config_freebsd_salt" + CONFIG_SALT_FUNC="config_salt" fi From 9d8b3bed9343eaf73c2ee63298b917866326b8dd Mon Sep 17 00:00:00 2001 From: Denys Havrysh Date: Tue, 13 Sep 2016 14:38:21 +0300 Subject: [PATCH 17/28] Display warning message about deprecating the `-G` option --- bootstrap-salt.sh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/bootstrap-salt.sh b/bootstrap-salt.sh index b13b7c859..f15e9d4f3 100755 --- a/bootstrap-salt.sh +++ b/bootstrap-salt.sh @@ -356,7 +356,7 @@ EOT } # ---------- end of function __usage ---------- -while getopts ":hvnDc:g:wk:s:MSNXCPFUKIA:i:Lp:dH:ZbflV:J:j:rR:aq" opt +while getopts ':hvnDc:g:Gwk:s:MSNXCPFUKIA:i:Lp:dH:ZbflV:J:j:rR:aq' opt do case "${opt}" in @@ -379,6 +379,11 @@ do g ) _SALT_REPO_URL=$OPTARG ;; + G ) echowarn "The '-G' option is DEPRECATED and will be removed in the future stable release!" + echowarn "Bootstrap will always use 'https' protocol to clone from SaltStack GitHub repo." + echowarn "No need to provide this option anymore, now it is a default behavior." + ;; + w ) _DOWNSTREAM_PKG_REPO=$BS_TRUE ;; k ) _TEMP_KEYS_DIR="$OPTARG" From 1f88e3a1b92254987868be4029e072f20cf53c94 Mon Sep 17 00:00:00 2001 From: Vyacheslav Spiridonov Date: Fri, 23 Sep 2016 12:20:55 +0300 Subject: [PATCH 18/28] Fix detection of EPEL repository with not-expired metadata --- bootstrap-salt.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bootstrap-salt.sh b/bootstrap-salt.sh index 7ff82ed7d..c99903cd6 100755 --- a/bootstrap-salt.sh +++ b/bootstrap-salt.sh @@ -3374,7 +3374,7 @@ __install_epel_repository() { fi # Check if epel repo is already enabled and flag it accordingly - yum repolist | grep -q "^[!]${_EPEL_REPO}/" + yum repolist | grep -q "^[!]\?${_EPEL_REPO}/" if [ $? -eq 0 ]; then _EPEL_REPOS_INSTALLED=$BS_TRUE return 0 From e0cffd7855ea957a06245fa7bfa44f1c274b9c70 Mon Sep 17 00:00:00 2001 From: rallytime Date: Tue, 27 Sep 2016 11:19:32 -0600 Subject: [PATCH 19/28] SUSE: Refactor systemsmanagement_saltstack repo checks to be DRY Also, relax the search for systemsmanagement_saltstack before attempting to add and refresh the zypper repo list. When running the bootstrap script on a Suse machine that already had the repo present, we were failing the strict check, and then attempting to add the repo even though it already existed. This would cause the bootstrap script to exit and you couldn't try to install Salt at a different version or try to run the script again. Fixes #962 --- bootstrap-salt.sh | 36 +++++++++++++++++++++--------------- 1 file changed, 21 insertions(+), 15 deletions(-) diff --git a/bootstrap-salt.sh b/bootstrap-salt.sh index c99903cd6..fd589a808 100755 --- a/bootstrap-salt.sh +++ b/bootstrap-salt.sh @@ -1327,6 +1327,21 @@ __set_suse_pkg_repo() { SUSE_PKG_URL="$suse_pkg_url_base/$suse_pkg_url_path" } +#--- FUNCTION ------------------------------------------------------------------------------------------------------- +# NAME: __check_and_refresh_suse_pkg_repo +# DESCRIPTION: Check if zypper knows about systemsmanagement_saltstack repo yet. +# If it doesn't, add the repo and refresh with the SUSE_PKG_URL. +#---------------------------------------------------------------------------------------------------------------------- +__check_and_refresh_suse_pkg_repo() { + # Check to see if systemsmanagement_saltstack exists + __zypper repos | grep systemsmanagement_saltstack >/dev/null 2>&1 + + if [ $? -eq 1 ]; then + # zypper does not yet know anything about systemsmanagement_saltstack + __zypper addrepo --refresh "${SUSE_PKG_URL}" || return 1 + fi +} + __gather_system_info echo @@ -5131,11 +5146,8 @@ install_opensuse_stable_deps() { if [ $_DISABLE_REPOS -eq $BS_FALSE ]; then # Is the repository already known __set_suse_pkg_repo - __zypper repos --details | grep "${SUSE_PKG_URL}" >/dev/null 2>&1 - if [ $? -eq 1 ]; then - # zypper does not yet know anything about systemsmanagement_saltstack - __zypper addrepo --refresh "${SUSE_PKG_URL}" || return 1 - fi + # Check zypper repos and refresh if necessary + __check_and_refresh_suse_pkg_repo fi __zypper --gpg-auto-import-keys refresh @@ -5377,11 +5389,8 @@ install_suse_12_stable_deps() { if [ $_DISABLE_REPOS -eq $BS_FALSE ]; then # Is the repository already known __set_suse_pkg_repo - __zypper repos | grep "${SUSE_PKG_URL}" >/dev/null 2>&1 - if [ $? -eq 1 ]; then - # zypper does not yet know nothing about systemsmanagement_saltstack - __zypper addrepo --refresh "${SUSE_PKG_URL}" || return 1 - fi + # Check zypper repos and refresh if necessary + __check_and_refresh_suse_pkg_repo fi __zypper --gpg-auto-import-keys refresh || return 1 @@ -5573,11 +5582,8 @@ install_suse_11_stable_deps() { if [ $_DISABLE_REPOS -eq $BS_FALSE ]; then # Is the repository already known __set_suse_pkg_repo - __zypper repos | grep "${SUSE_PKG_URL}" >/dev/null 2>&1 - if [ $? -eq 1 ]; then - # zypper does not yet know nothing about systemsmanagement_saltstack - __zypper addrepo --refresh "${SUSE_PKG_URL}" || return 1 - fi + # Check zypper repos and refresh if necessary + __check_and_refresh_suse_pkg_repo fi __zypper --gpg-auto-import-keys refresh || return 1 From bc06d20a20992fb03c4b0950ac3c5f63a4feb0f6 Mon Sep 17 00:00:00 2001 From: rallytime Date: Tue, 27 Sep 2016 11:40:53 -0600 Subject: [PATCH 20/28] Change /pkg/rpm/ to /pkg/deb/ in install_ubuntu_git_post func Fixes #956 --- bootstrap-salt.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bootstrap-salt.sh b/bootstrap-salt.sh index fd589a808..8482fc6e5 100755 --- a/bootstrap-salt.sh +++ b/bootstrap-salt.sh @@ -2603,7 +2603,7 @@ install_ubuntu_git_post() { [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue if [ -f /bin/systemctl ] && [ "$DISTRO_MAJOR_VERSION" -ge 15 ]; then - __copyfile "${_SALT_GIT_CHECKOUT_DIR}/pkg/rpm/salt-${fname}.service" "/lib/systemd/system/salt-${fname}.service" + __copyfile "${_SALT_GIT_CHECKOUT_DIR}/pkg/deb/salt-${fname}.service" "/lib/systemd/system/salt-${fname}.service" # Skip salt-api since the service should be opt-in and not necessarily started on boot [ $fname = "api" ] && continue From 73a6bb99152192323d863f934bdd1167ee476335 Mon Sep 17 00:00:00 2001 From: rallytime Date: Tue, 27 Sep 2016 14:35:55 -0600 Subject: [PATCH 21/28] Run "pip install -U futures" for SmartOS git install Fixes #764 When installing salt via git on SmartOS, salt commands would fail because the required version of python futures wasn't installed. We need to add a "pip install -U futures" call (triggered by passing in -P) to the SmartOS git installation like we do for the required version of tornado. --- bootstrap-salt.sh | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/bootstrap-salt.sh b/bootstrap-salt.sh index fd589a808..d2a553236 100755 --- a/bootstrap-salt.sh +++ b/bootstrap-salt.sh @@ -4977,15 +4977,27 @@ install_smartos_git_deps() { fi if [ -f "${_SALT_GIT_CHECKOUT_DIR}/requirements/base.txt" ]; then - # We're on the develop branch, install whichever tornado is on the requirements file + # Install whichever tornado is in the requirements file __REQUIRED_TORNADO="$(grep tornado "${_SALT_GIT_CHECKOUT_DIR}/requirements/base.txt")" __check_pip_allowed "You need to allow pip based installations (-P) in order to install the python package '${__REQUIRED_TORNADO}'" + + # Install whichever futures is in the requirements file + __REQUIRED_FUTURES="$(grep futures "${_SALT_GIT_CHECKOUT_DIR}/requirements/base.txt")" + __check_pip_allowed "You need to allow pip based installations (-P) in order to install the python package '${__REQUIRED_FUTURES}'" + if [ "${__REQUIRED_TORNADO}" != "" ]; then if ! __check_command_exists pip; then pkgin -y install py27-pip fi pip install -U "${__REQUIRED_TORNADO}" fi + + if [ "${__REQUIRED_FUTURES}" != "" ]; then + if ! __check_command_exists pip; then + pkgin -y install py27-pip + fi + pip install -U "${__REQUIRED_FUTURES}" + fi fi __git_clone_and_checkout || return 1 From 178c862d1f9f974fcc350c2fa6777483053069ed Mon Sep 17 00:00:00 2001 From: Pete Lumbis Date: Tue, 4 Oct 2016 11:19:30 -0400 Subject: [PATCH 22/28] adds supports for Cumulus Linux this change adds Cumulus Linux 2.x and 3.x as proper Debian derivatives. Cumulus Linux maintains a separate repo that does not contain all of the salt dependencies. The user will still be required to point their system to a global Debian repo for this to execute successfully. --- bootstrap-salt.sh | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/bootstrap-salt.sh b/bootstrap-salt.sh index d2a553236..23e398d48 100755 --- a/bootstrap-salt.sh +++ b/bootstrap-salt.sh @@ -947,6 +947,8 @@ __gather_linux_system_info() { return elif [ "${DISTRO_NAME}" = "Raspbian" ]; then DISTRO_NAME="Debian" + elif [ "${DISTRO_NAME}" = "Cumulus Linux" ]; then + DISTRO_NAME="Debian" fi rv=$(lsb_release -sr) [ "${rv}" != "" ] && DISTRO_VERSION=$(__parse_version_string "$rv") @@ -1278,12 +1280,14 @@ __debian_derivatives_translation() { # If the file does not exist, return [ ! -f /etc/os-release ] && return - DEBIAN_DERIVATIVES="(kali|linuxmint)" + DEBIAN_DERIVATIVES="(kali|linuxmint|cumulus-linux)" # Mappings kali_1_debian_base="7.0" linuxmint_1_debian_base="8.0" + cumulus_2_debian_base="7.0" + cumulus_3_debian_base="8.0" - # Detect derivates, Kali and LinuxMint *only* for now + # Detect derivates, Cumulus Linux, Kali and LinuxMint *only* for now rv=$(grep ^ID= /etc/os-release | sed -e 's/.*=//') # Translate Debian derivatives to their base Debian version @@ -1299,6 +1303,10 @@ __debian_derivatives_translation() { _major=$(echo "$DISTRO_VERSION" | sed 's/^\([0-9]*\).*/\1/g') _debian_derivative="linuxmint" ;; + cumulus-linux) + _major=$(echo "$DISTRO_VERSION" | sed 's/^\([0-9]*\).*/\1/g') + _debian_derivative="cumulus" + ;; esac _debian_version=$(eval echo "\$${_debian_derivative}_${_major}_debian_base") From e94aaf3084eef411823a6613b853549d70cb93a0 Mon Sep 17 00:00:00 2001 From: Eric Radman Date: Sun, 9 Oct 2016 03:29:29 -0400 Subject: [PATCH 23/28] Update OpenBSD 6.0+ provisioning This change makes provisioning OpenBSD 6.0-release fully functional using salt-cloud. Mirror Selection ---------------- * Address fixme: use mirrors from /etc/examples/pkg.conf instead of fetching a web page * Bugfix: return an answer if the first mirror is the fastest * Bugfix: avoid manually formatting package source path Service Management ------------------ * Cleanup: rely on rc.d files installed by the salt package * Cleanup: no longer any reason to run sed on rc.d files * Modernize: use rcctl to check existing configuration * Modernize: use rcctl to enable and start services Package Installation -------------------- * Cleanup: use salt package maintained by OpenBSD project * Bugfix: eliminate package conflicts introduced by `pip install` --- AUTHORS.rst | 1 + bootstrap-salt.sh | 133 +++++++++------------------------------------- 2 files changed, 26 insertions(+), 108 deletions(-) diff --git a/AUTHORS.rst b/AUTHORS.rst index 1df5846e9..17e98121f 100644 --- a/AUTHORS.rst +++ b/AUTHORS.rst @@ -37,6 +37,7 @@ Diego Woitasen diegows diego@flugel.it Elias Probst eliasp eliezerlp eliezerlp Emiel Kollof ekollof +Eric Radman eradman ericshane@eradman.com Erik Ankrom erikankrom Erik Johnson terminalmage erik@saltstack.com EYJ eyj diff --git a/bootstrap-salt.sh b/bootstrap-salt.sh index b9b5a0ac5..ad9c2c242 100755 --- a/bootstrap-salt.sh +++ b/bootstrap-salt.sh @@ -2105,12 +2105,12 @@ __check_services_openbsd() { echodebug "Checking if service ${servicename} is enabled" # shellcheck disable=SC2086,SC2046,SC2144 - if [ -f /etc/rc.d/${servicename} ] && [ $(grep ${servicename} /etc/rc.conf.local) -ne "" ] ; then + if rcctl get ${servicename} status; then echodebug "Service ${servicename} is enabled" return 0 else echodebug "Service ${servicename} is NOT enabled" - # return 1 + return 1 fi } # ---------- end of function __check_services_openbsd ---------- @@ -4730,82 +4730,33 @@ install_freebsd_restart_daemons() { # __choose_openbsd_mirror() { - # FIXME: cleartext download over unsecure protocol (HTTP) - MIRRORS_LIST_URL=http://www.openbsd.org/ftp.html - MIRROR_LIST_FILE=/tmp/openbsd-mirrors.html OPENBSD_REPO='' MINTIME='' + MIRROR_LIST=$(awk -F= '/installpath = / {print $2}' /etc/examples/pkg.conf) - __fetch_url "$MIRROR_LIST_FILE" "$MIRRORS_LIST_URL" || return 1 - MIRRORS_LIST=$(grep href "$MIRROR_LIST_FILE" | grep http | grep pub | awk -F \" '{ print $2 }') - [ -n "$MIRRORS_LIST" ] && rm -f "$MIRROR_LIST_FILE" - - echoinfo "Getting list of mirrors from $MIRRORS_LIST_URL" - for MIRROR in $MIRRORS_LIST; do - MIRROR_HOST=$(echo "$MIRROR" | awk -F / '{ print $3 }') - TIME=$(ping -c 1 -q "$MIRROR_HOST" | grep round-trip | awk -F / '{ print $5 }') + for MIRROR in $MIRROR_LIST; do + MIRROR_HOST=$(echo "$MIRROR" | sed -e 's|.*//||' -e 's|+*/.*$||') + TIME=$(ping -c 1 -w 1 -q "$MIRROR_HOST" | awk -F/ '/round-trip/ { print $5 }') [ -z "$TIME" ] && continue - echodebug "ping time for $MIRROR is $TIME" - [ -z "$MINTIME" ] && MINTIME=$TIME - - FASTER_MIRROR=$(echo "$TIME < $MINTIME" | bc) + echodebug "ping time for $MIRROR_HOST is $TIME" + if [ -z "$MINTIME" ]; then + FASTER_MIRROR=1 + else + FASTER_MIRROR=$(echo "$TIME < $MINTIME" | bc) + fi if [ "$FASTER_MIRROR" -eq 1 ]; then MINTIME=$TIME - OPENBSD_REPO=$MIRROR - else - continue + OPENBSD_REPO="$MIRROR" fi done } - install_openbsd_deps() { __choose_openbsd_mirror || return 1 - [ -n "$OPENBSD_REPO" ] || return 1 echoinfo "setting package repository to $OPENBSD_REPO with ping time of $MINTIME" - echo "installpath = ${OPENBSD_REPO}${OS_VERSION}/packages/${CPU_ARCH_L}/" >/etc/pkg.conf || return 1 - pkg_add -I -v lsof || return 1 - pkg_add -I -v py-pip || return 1 - __linkfile /usr/local/bin/pip2.* /usr/local/bin/pip $BS_TRUE || return 1 - __linkfile /usr/local/bin/pydoc2* /usr/local/bin/pydoc $BS_TRUE || return 1 - __linkfile /usr/local/bin/python2.[0-9] /usr/local/bin/python $BS_TRUE || return 1 - __linkfile /usr/local/bin/python2.[0-9]*to3 /usr/local/bin/2to3 $BS_TRUE || return 1 - __linkfile /usr/local/bin/python2.[0-9]*-config /usr/local/bin/python-config $BS_TRUE || return 1 - pkg_add -I -v swig || return 1 - pkg_add -I -v py-zmq || return 1 - pkg_add -I -v py-requests || return 1 - pkg_add -I -v py-M2Crypto || return 1 - pkg_add -I -v py-raet || return 1 - pkg_add -I -v py-libnacl || return 1 - if [ "$_UPGRADE_SYS" -eq $BS_TRUE ]; then - /usr/local/bin/pip install --upgrade pip || return 1 - fi - # - # PIP based installs need to copy configuration files "by hand". - # Let's trigger config_salt() - # - if [ "$_TEMP_CONFIG_DIR" = "null" ]; then - # Let's set the configuration directory to /tmp - _TEMP_CONFIG_DIR="/tmp" - CONFIG_SALT_FUNC="config_salt" - - for fname in api master minion syndic; do - # Skip salt-api since there is no example config for it in the Salt git repo - [ $fname = "api" ] && continue - - # Skip if not meant to be installed - [ $fname = "master" ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && continue - [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue - [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - - # Let's download, since they were not provided, the default configuration files - if [ ! -f "$_SALT_ETC_DIR/$fname" ] && [ ! -f "$_TEMP_CONFIG_DIR/$fname" ]; then - ftp -o "$_TEMP_CONFIG_DIR/$fname" \ - "https://raw.githubusercontent.com/saltstack/salt/develop/conf/$fname" || return 1 - fi - done - fi + [ -n "$OPENBSD_REPO" ] || return 1 + echo "installpath += ${OPENBSD_REPO}" >>/etc/pkg.conf || return 1 if [ "${_EXTRA_PACKAGES}" != "" ]; then echoinfo "Installing the following extra packages as requested: ${_EXTRA_PACKAGES}" @@ -4829,17 +4780,6 @@ install_openbsd_git_deps() { return 0 } -install_openbsd_stable() { - -# pkg_add -r -I -v salt || return 1 - __check_pip_allowed || return 1 - /usr/local/bin/pip install salt || return 1 - if [ "$_UPGRADE_SYS" -eq $BS_TRUE ]; then - /usr/local/bin/pip install --upgrade salt || return 1 - fi - return 0 -} - install_openbsd_git() { # # Install from git @@ -4851,39 +4791,19 @@ install_openbsd_git() { return 0 } -install_openbsd_post() { - # - # Install rc.d files. - # - ## below workaround for /etc/rc.d/rc.subr in OpenBSD >= 5.8 - ## is needed for salt services to start/stop properly from /etc/rc.d - ## reference: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/etc/rc.d/rc.subr.diff?r1=1.98&r2=1.99 - ## - if grep -q '\-xf' /etc/rc.d/rc.subr; then - cp -p /etc/rc.d/rc.subr /etc/rc.d/rc.subr - sed -i."$(date +%F)".saltinstall -e 's:-xf:-f:g' /etc/rc.d/rc.subr - fi +install_openbsd_stable() { + pkg_add -r -I -v salt || return 1 + return 0 +} - _TEMP_CONFIG_DIR="/tmp" +install_openbsd_post() { for fname in api master minion syndic; do - # Skip if not meant to be installed - [ $fname = "api" ] && \ - ([ "$_INSTALL_MASTER" -eq $BS_FALSE ] || ! __check_command_exists "salt-${fname}") && continue - [ $fname = "master" ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && continue + [ $fname = "api" ] && continue [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue - [ $fname = "syndic" ] && continue + [ $fname = "master" ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && continue + [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - if [ $? -eq 1 ]; then - if [ ! -f "$_TEMP_CONFIG_DIR/salt-$fname" ]; then - ftp -o "$_TEMP_CONFIG_DIR/salt-$fname" \ - "https://raw.githubusercontent.com/saltstack/salt/develop/pkg/openbsd/salt-${fname}.rc-d" - if [ ! -f "/etc/rc.d/salt_${fname}" ] && [ "$(grep salt_${fname} /etc/rc.conf.local)" -eq "" ]; then - __copyfile "$_TEMP_CONFIG_DIR/salt-$fname" "/etc/rc.d/salt_${fname}" && chmod +x "/etc/rc.d/salt_${fname}" || return 1 - echo salt_${fname}_enable="YES" >> /etc/rc.conf.local - echo salt_${fname}_paths=\"/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin\" >>/etc/rc.conf.local - fi - fi - fi + rcctl enable salt_$fname done return 0 @@ -4919,10 +4839,7 @@ install_openbsd_restart_daemons() { [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - if [ -f "/etc/rc.d/salt_${fname}" ]; then - /etc/rc.d/salt_${fname} stop > /dev/null 2>&1 - /etc/rc.d/salt_${fname} start - fi + rcctl restart salt_${fname} done return 0 From d58c8492c6de047f4f95e7d256ec043b17f03a6a Mon Sep 17 00:00:00 2001 From: Eric Radman Date: Fri, 14 Oct 2016 10:07:27 -0400 Subject: [PATCH 24/28] FreeBSD: set _SALT_ETC_DIR directory to match ports FreeBSD packages use `/usr/local/etc/salt`. Modify the Salt `etc/` location early so that all config is written to the correct location. Tested using the following DigitalOcean images: freebsd-11-0-x64 freebsd-10-3-x64 freebsd-10-1-x64 --- bootstrap-salt.sh | 14 ++------------ 1 file changed, 2 insertions(+), 12 deletions(-) diff --git a/bootstrap-salt.sh b/bootstrap-salt.sh index b9b5a0ac5..bd2fcf641 100755 --- a/bootstrap-salt.sh +++ b/bootstrap-salt.sh @@ -4497,6 +4497,8 @@ __configure_freebsd_pkg_details() { } install_freebsd_9_stable_deps() { + _SALT_ETC_DIR=${BS_SALT_ETC_DIR:-/usr/local/etc/salt} + _PKI_DIR=${_SALT_ETC_DIR}/pki if [ $_DISABLE_REPOS -eq $BS_FALSE ]; then #make variables available even if pkg already installed @@ -4587,11 +4589,6 @@ install_freebsd_git_deps() { fi echodebug "Finished patching" - # Set _SALT_ETC_DIR to ports default - _SALT_ETC_DIR=${BS_SALT_ETC_DIR:-/usr/local/etc/salt} - # We also need to redefine the PKI directory - _PKI_DIR=${_SALT_ETC_DIR}/pki - # Let's trigger config_salt() if [ "$_TEMP_CONFIG_DIR" = "null" ]; then _TEMP_CONFIG_DIR="${_SALT_GIT_CHECKOUT_DIR}/conf/" @@ -4619,13 +4616,6 @@ install_freebsd_11_stable() { # shellcheck disable=SC2086 /usr/local/sbin/pkg install ${FROM_FREEBSD} -y sysutils/py-salt || return 1 -# -# setting _SALT_ETC_DIR to match paths from FreeBSD ports: -# - _SALT_ETC_DIR=${BS_SALT_ETC_DIR:-/usr/local/etc/salt} - if [ ! -d /etc/salt ]; then - ln -sf "${_SALT_ETC_DIR}" /etc/salt - fi return 0 } From 6931863007f13f94c5d045b714478433fd91ff46 Mon Sep 17 00:00:00 2001 From: Lubomir Host Date: Sun, 23 Oct 2016 19:04:28 +0200 Subject: [PATCH 25/28] Let's start detecting the upcoming Debian 9 (Stretch) --- bootstrap-salt.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/bootstrap-salt.sh b/bootstrap-salt.sh index 599c19881..3bfbc350c 100755 --- a/bootstrap-salt.sh +++ b/bootstrap-salt.sh @@ -828,8 +828,10 @@ __derive_debian_numeric_version() { # I've found an EC2 wheezy image which did not tell its version NUMERIC_VERSION=$(__parse_version_string "7.0") elif [ "$INPUT_VERSION" = "jessie/sid" ]; then - # Let's start detecting the upcoming Debian 8 (Jessie) NUMERIC_VERSION=$(__parse_version_string "8.0") + elif [ "$INPUT_VERSION" = "stretch/sid" ]; then + # Let's start detecting the upcoming Debian 9 (Stretch) + NUMERIC_VERSION=$(__parse_version_string "9.0") else echowarn "Unable to parse the Debian Version (codename: '$INPUT_VERSION')" fi From 308b4296fa90ddeb26504c433098f3b9a3fc1c0d Mon Sep 17 00:00:00 2001 From: rallytime Date: Mon, 24 Oct 2016 15:02:36 -0600 Subject: [PATCH 26/28] Update AUTHORS.rst with new contributors --- AUTHORS.rst | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/AUTHORS.rst b/AUTHORS.rst index 17e98121f..b96b08f5c 100644 --- a/AUTHORS.rst +++ b/AUTHORS.rst @@ -20,6 +20,7 @@ Brad Thurber bradthurber Brandon Clifford brandon099 brandon.clifford@vivint.com Bret Fisher BretFisher bret@fishbrains.com bruce-one bruce-one +Вячеслав Спиридонов sp1r C. R. Oldham cro cr@saltstack.com Cam camereonsparr Chris Rebert cvrebert chris.rebert@hulu.com @@ -41,6 +42,7 @@ Eric Radman eradman ericshane@eradman.com Erik Ankrom erikankrom Erik Johnson terminalmage erik@saltstack.com EYJ eyj +fizmat fizmat Forrest Alvarez gravyboat Fred Reimer freimer freimer@freimer.org Geoff Garside geoffgarside geoff@geoffgarside.co.uk @@ -56,12 +58,13 @@ Jared E Stroud jaredestroud jaredestroud@gmail.com Jeff Hui jeffh jeff@jeffhui.net Jeff Strunk jstrunk Juan A. Moyano wincus wincus.public@gmail.com -Justin Anderson jtand janderson@saltstack.com +Justin Anderson justinta justin.ta@outlook.com Justin Findlay jfindlay jfindlay@gmail.com Karl Grzeszczak karlgrz Kenneth Wilke KennethWilke lomeroe lomeroe Liu Xiaohui oreh herolxh@gmail.com +Lubomir Host lhost Marc Vieira-Cardinal marccadinal Mark Lee malept Marcus Furlong furlongm furlongm@gmail.com @@ -87,6 +90,7 @@ Paul Brian lifeisstillgood paul@mikadosoftware.com Pavel Snagovsky paha Pedro Algarvio s0undt3ch pedro@algarvio.me Pedro Paulo pedropaulovc +Pete Lumbis plumbis Peter Tripp notpeter Petr Michalec epcim Prayag Verma pra85 prayag.verma@gmail.com From c9842f6432db6748c80168c47b3bd9f7094c9634 Mon Sep 17 00:00:00 2001 From: rallytime Date: Tue, 25 Oct 2016 15:42:16 -0600 Subject: [PATCH 27/28] Update ChangeLog with PRs merged since last release --- ChangeLog | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 62f6b9c1b..785189dc0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,24 @@ -Version 2106.08.16: +Version 2016.10.25: + * Update AUTHORS.rst with new contributors (rallytime) #978 + * Let's start detecting the upcoming Debian 9 (Stretch) (lhost) #975 + * FreeBSD: set _SALT_ETC_DIR directory to match ports (eradman) #970 + * Update OpenBSD 6.0+ provisioning (eradman) #969 + * adds supports for Cumulus Linux (plumbis) #967 + * Run "pip install -U futures" for SmartOS git install (rallytime) #966 + * Change /pkg/rpm/ to /pkg/deb/ in install_ubuntu_git_post func (rallytime) #965 + * SUSE: Refactor systemsmanagement_saltstack repo checks to be DRY (rallytime) #964 + * Fix detection of EPEL repository with not-expired metadata (sp1r) #963 + * Display warning message about deprecating the `-G` option (vutny) #958 + * Allow correct salt paths to be used when -c is passed (justinta) #955 + * Fix issues with replacing configs when python3 is default in os. (fizmat) #954 + * Remove m2crypto package installs (rallytime) #951 + * Try to install SP4 packages on SLE 11 when SP version is older (rallytime) #950 + * Add python-futures package to install_centos_git_deps (rallytime) #948 + * Add /etc/portage/package.accept_keywords to CONFIG_PROTECT_MASK (rallytime) #947 + * Deprecate `-G` option: use `https` scheme for GitHub by default (vutny) #945 + * [SECURITY] Properly handle GnuPG keys for APT repositories (vutny) #940 + +Version 2016.08.16: * Ubuntu git mode: install all deps from SaltStack corp repo by default. (vutny) #936 Version 2016.08.15: From 290e7ce2f3fcba622fe2345110c5c8b239148eff Mon Sep 17 00:00:00 2001 From: rallytime Date: Tue, 25 Oct 2016 15:43:17 -0600 Subject: [PATCH 28/28] Update script version --- bootstrap-salt.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bootstrap-salt.sh b/bootstrap-salt.sh index a74702144..7bb9dd5a7 100755 --- a/bootstrap-salt.sh +++ b/bootstrap-salt.sh @@ -18,7 +18,7 @@ #====================================================================================================================== set -o nounset # Treat unset variables as an error -__ScriptVersion="2016.08.16" +__ScriptVersion="2016.10.25" __ScriptName="bootstrap-salt.sh" __ScriptFullName="$0"